GTF S.A. with its registered office in Kosów, 54R, 26-624 Kowala-Stępocina, registered in the National Court Register (KRS) maintained by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Department of the National Court Register under the KRS number 0000986536, REGON 522818038, NIP 701-110-10-79, hereinafter referred to as the Company.
Personal data is collected and processed in accordance with the principles set forth in this Privacy Policy.
In the Company, we attach great importance to the protection of the privacy of our customers, contractors, and employees. One of its key aspects is the protection of the rights and freedoms of individuals in connection with the processing of their personal data.
We ensure that the processing of your data complies with the provisions of the General Data Protection Regulation 2016/679/EU (hereinafter "GDPR"), the Personal Data Protection Act, as well as specific regulations (including those in labor law or the accounting act).
The Company is the data controller within the meaning of Article 4(7) of the GDPR and also uses the services of data processors referred to in Article 4(8) of the GDPR – entities processing personal data on behalf of the controller (such as IT companies, security, occupational health clinics, etc.).
The Company implements appropriate technical and organizational measures to ensure a level of security corresponding to the risk of violation of the rights or freedoms of natural persons of varying likelihood and severity.
We also develop policies and procedures, as well as organize regular training to enhance the knowledge and skills of our employees in this area.
As an employer, we process the data of employees and individuals who cooperate with us on a basis other than employment. Contact details obtained from contractors (e.g., their employees) are used for the conclusion and efficient implementation of contracts. We also engage in marketing activities, aiming to reach the widest possible audience to provide them with up-to-date information about our products and services.
We disclose your data to third parties with your consent or when required by applicable law.
We take due care to protect the interests of individuals whose data we process, and in particular, we ensure that this data is:
We usually process your data based on consent, which can be withdrawn at any time. Another situation is when the processing of your data is necessary for the performance of a contract of which you are a party or for taking steps at your request before entering into a contract.
In some situations, processing is necessary to fulfill a legal obligation incumbent on us as the data controller. Such obligations arise, for example, from labor law or the accounting act.
Processing may also be necessary for purposes arising from our legitimate interests, an example of which is the pursuit of claims arising from our business activities.
We take appropriate measures to provide, in a concise, transparent, intelligible, and easily accessible form, using clear and plain language, all relevant information and to communicate with you on all matters related to the processing of personal data in connection with the exercise of your right to:
To contact us regarding the exercise of a specific right, send a message to biuro@gtfenergy.eu.
We provide information in writing or by other means, including electronically when appropriate. If requested, we can provide information orally, provided that we confirm your identity by other means. If you submit your request electronically, to the extent possible, information will also be provided electronically unless you specify another preferred form of communication.
We strive to provide information without undue delay – generally within one month of receiving the request. If necessary, this period may be extended by an additional two months due to the complex nature of the request or the number of requests. However, in any case, within one month of receiving the request, we will inform you of the actions taken and (where applicable) of the extension, stating the reasons for such a delay.
If we cooperate with entities that process personal data on our behalf, we only use the services of such data processors that provide sufficient guarantees to implement appropriate technical and organizational measures to meet the requirements of the GDPR and protect the rights of the individuals whose data is concerned.
We thoroughly examine the entities to whom we entrust the processing of your data. We enter into detailed agreements with them and periodically verify the compliance of processing operations with the content of such agreements and legal regulations.
We regularly review and update our documentation to demonstrate compliance with legal requirements, following the accountability principle formulated in the GDPR. Additionally, we strive to incorporate best market practices into our documentation, taking into account the interests of the individuals whose data is processed.
We store personal data in a form that allows the identification of the data subject for no longer than is necessary for the purposes for which the data is processed. After this period, we anonymize the data (depriving them of features allowing the identification of a particular person) or delete them. The deletion of personal data is complete and permanent. In the retention procedure, we ensure:
We determine the data processing period primarily based on legal regulations (e.g., the retention period for employee documentation, accounting documents), as well as the legitimate interest of the data controller (e.g., marketing activities). The retention policy covers both paper and electronic data processing.
We ensure that each person acting on our behalf and having access to your personal data processes them only on our instructions, unless other requirements arise from EU law or the law of a Member State.
Cookies are small files stored on your computer that contain settings and other information used on the websites you visit. Cookies may contain website settings or be used to track user
We commit to regularly reviewing this Privacy Policy and making changes when necessary or desirable due to new legal regulations, guidelines from authorities responsible for supervising personal data protection processes, and best practices applied in the field of personal data protection. We also reserve the right to change this Privacy Policy in the event of changes in the technologies used for processing personal data (provided that such a change affects the wording of this document) and in case of changes in the methods, purposes, or legal bases for processing personal data by us.
