Personal data

Information Notice from Technical Ship Management sp. z o.o. for individuals who are parties to the contract, business owners, members of statutory bodies, authorized representatives of the contracting party, as well as their employees who are designated as contact persons for the contract or who are involved in the conclusion and performance of the contract.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), Technical Ship Management sp. z o. o., with its registered office in Gdańsk (80-758) at ul. Stary Dwór 9, hereby informs you that:

1. The controller of your personal data (hereinafter referred to as the “Controller”) is Technical Ship Management sp. z o.o., with its registered office at ul. Stary Dwór 9, 80-758 Gdańsk. Mailing address: Technical Ship Management sp. z o. o., ul. Stary Dwór 9, 80-758 Gdańsk.

2. The DPO has appointed a Data Protection Officer, who can be contacted via email at iod.tsmanagement@energa.pl regarding any matter related to the processing of personal data.

3. The Data Controller received your personal data directly from you or from a business entity

with which the Data Controller cooperates under a contract, or from publicly available databases.

4. Depending on the nature of the cooperation, the data provided constitutes information necessary for representing a legal entity, establishing contact, or verifying qualifications or experience.

5. Your personal data will be processed in connection with the conclusion and performance of the contract for the following purposes:

a. determining/confirming the authority of the persons designated to represent the parties,

b. determining/confirming the authority to perform/carry out the provisions of the Agreement,

c. reporting on, monitoring the performance of, and settling the Agreement,

d. maintaining business contacts and exchanging correspondence,

e. matters related to the determination, pursuit, or defense of any claims or damages,

f.  sending, archiving, or destroying documentation,

g. maintaining confidentiality,

h. fulfilling the obligations imposed on the Data Controller by law.

6. The legal basis for the processing of personal data is:

a. Article 6(1)(b) of the GDPR—for the purpose of taking steps necessary to enter into and perform a contract to which the data subject is a party, or to take action at the data subject’s request prior to entering into a contract;

b. Article 6(1)(f) of the GDPR – for the purposes of the legitimate interests pursued by the data controller or a third party, and for the performance of the contract. The data controller’s legitimate interests include, among others, establishing and pursuing claims under applicable law, applying internal procedures to monitor legal compliance, ensuring the protection of persons and property, fulfilling the terms of the contract, and ensuring the exercise of the rights of parent companies within corporate groups;

c. Article 6(1)(c) – to fulfill the legal obligations incumbent upon the Data Controller under applicable laws, including, among others, tax regulations, the Accounting Act, the Act on Counteracting Money Laundering and Terrorist Financing, regulations on access to public information, occupational health and safety regulations aimed at protecting life and health, and regulations aimed at protecting the environment; to ensure that employees with appropriate qualifications or licenses are hired for specific jobs; and to ensure safety on the premises and during the performance of work.

7. Scope of personal data processed by the Data Controller:

a. identification data (first and last name): of members of governing bodies, representatives, and employees of the contractor, subcontractors, and other persons identified in documents submitted during the performance of the Agreement,

b. contact information (work email address, work phone number, job title or position) of the aforementioned persons, if necessary for the performance of the Agreement and as provided for in the Agreement,

c. data on professional licenses and qualifications, to the extent that the Agreement requires the provision of such data,

d. identification and address data, including the PESEL number of natural persons, sole proprietors, members of governing bodies, representatives, and authorized agents

8. The recipients of personal data may include:

a. The parent company of the Orlen Group and other entities within the Orlen Group, pursuant to agreements binding these entities and for the purpose of exercising their rights,

b. entities providing legal services,

c. external auditors, certified public accountants, legal advisors, and tax advisors,

d. entities delivering mail,

e. entities providing IT services related to the maintenance of systems used by the Data Controller, including email,

f.  entities providing maintenance and technical support services for equipment used by the Data Controller,

g. entities providing document destruction services,

h. public authorities or entities authorized to obtain data pursuant to applicable law, e.g., courts, law enforcement agencies, or government institutions, when they submit a request based on an appropriate legal basis.

9. The Data Controller may entrust personal data to service or product providers acting on its behalf under a personal data processing agreement, requiring such entities to perform activities in accordance with the Data Controller’s documented instructions, provided that they maintain confidentiality and ensure the protection of privacy and the security of personal data.

10. Personal data will not be transferred to third countries.

11. Personal data will be processed for the period necessary to achieve the purposes specified in point 5 or until your objection to the processing of your data is upheld.

12. With regard to the processing of personal data, decisions concerning your data will not be made by automated means.

13. The period for which personal data will be processed will also be determined based on the following criteria:

a. the time necessary to maintain business contact with you in connection with the performance of the Agreement,

b. the term of the Agreement,

c. the retention period for documentation related to the performance of the Agreement,

d. reporting and archiving of documentation;

e. the time necessary to establish, pursue, or defend claims arising from legal provisions.

14. We hereby inform you of your right to:

a. access your personal data and request a copy of it,

b. rectify (correct) your personal data,

c. request the restriction of the processing of your personal data,

d. erasure of personal data, provided that none of the exceptions listed in Article 17(3) of the GDPR apply,

e. to object to the processing of personal data.

You may exercise these rights by contacting the Data Controller or the Data Protection Officer in writing (see point 1 or point 2).

15. Please be advised that you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Contact

Sebastian Osmański

Data Protection Officer