PRIVACY POLICY
PRIVACY POLICY (https://baltics.totalenergies.com/en)
This Privacy Policy aims to explain the processing of your personal data and provides information on your basic rights in relation to the processing of your personal data.
1. Personal data controller
The controller of your personal data is TotalEnergies Marketing Polska sp. z o. o. with its registered office in Warsaw, Al. Jana Pawła II 80 (00-175 Warsaw), entered into the Register of Entrepreneurs of the National Court Register under KRS no. 0000019835, NIP 5220100798, REGON: 010013868 (hereinafter also "TEMP").
2. Contact
You can contact the Controller by post at al. Jana Pawła II 80, 00-175 Warsaw.
If you have any questions regarding the processing of your personal data, we kindly ask you to contact us via e - mail at [email protected].
3. Personal data
Personal data is information about a natural person identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet identifier and information collected through cookies and other similar technology.
When collecting and using personal data, we wish to be transparent about the basis and manner of processing.
Personal data shall be processed by the Controller in accordance with the principles defined in the data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" - and Polish regulations issued in connection with GDPR, including the Act of 10 May 2018 on the protection of personal data.
TEMP takes the security of all the data we hold very seriously, keeping personal data confidential and securing it from unauthorised access by third parties, in accordance with the principles indicated in the aforementioned legislation.
4. Aims and legal basis for personal data processing
The controller, in the course of its business activities, processes personal data for the following purposes depending on the specific facts:
Purpose of processing |
Legal basis and data retention period |
If you contact us - the staff will ask you about this within the contact forms available on the Website. |
Article 6(1)(f) GDPR as the fulfilment of the Controller's legitimate interest in responding to requests and enquiries. |
If you have entered into a contract with us or are preparing to enter into a contract with us - the conclusion and execution of a contract with a client or contractor. |
Article 6(1)(b) GDPR - processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract. |
If you are an employee, collaborator of our contractor or supplier and your data has been made available to us in connection with the conclusion or performance of a contract. |
Article 6(1)(f) GDPR as the fulfilment of the Controller's legitimate interest in servicing the contract. |
If you wish to make a complaint. |
Article 6(1)(f) GDPR - as the fulfilment of the Controller's legitimate interest in investigating a complaint from a Controller’s supplier concerning, in particular, an unpaid invoice and taking the necessary action following a complaint. |
If you visit our social media, you interact with us, for example by sending a message or leaving a comment. |
Article 6(1)(f) GDPR as the fulfilment of the Controller's legitimate interest to communicate with social network users. |
If we are conducting a dispute or enforcing a claim. |
Article 6(1)(f) GDPR as the fulfilment of the Controller's legitimate interest to assert or defend against claims. |
If you enter our premises, i.e. access control, including monitoring on the data controller's premises for the purposes of increasing the security of the persons on the premises and the protection of property and the confidentiality of information. |
Article 6(1)(f) GDPR as the fulfilment of the Controller's legitimate interest in carrying out access control for persons on the Controller's premises. |
If you take part in competitions and promotional activities, as well as in events organised by us. |
Article 6(1)(f) GDPR as the fulfilment of the Controller's legitimate interest in running competitions and promotional campaigns, as well as organising events. |
If you are taking part in the recruitment |
Article 6(1)(c) GDPR as the fulfilment of TEMP's legal obligations - in the case of employee recruitment. |
If you are our employee |
Article 6(1)(b) GDPR, i.e. the processing is necessary for the performance of the employment contract (purpose of conclusion and performance), |
5. Information on your rights
To the extent provided for by law, persons whose data we process have the right to access their personal data, to request rectification, erasure or restriction of processing, as well as the right to object to processing and the right to data portability, and the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection (Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw).
If your personal data is processed on the basis of consent, you have the right to withdraw it by any means, at any time, which does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.
6. Recipients of personal data
The recipients of your personal data, i.e. the entities to which the Controller may transfer personal data, may be as follows:
- state authorities or other entities authorised to access the data to the extent and for the purpose specified in specific legislation,
- Polish Post and courier companies,
- banks when settlements are required,
- entities providing the Controller with services supporting its functioning within the scope of the provided services, i.e., among others, IT service providers, auditing entities, entities providing accounting services, entities providing services supporting the recruitment process, entities providing marketing services - whereby such entities process data on the basis of an entrustment agreement and only in accordance with the Controller's instructions,
7. Transfers of data outside the EEA
The Controller transfers Personal Data outside the European Economic Area (EEA) only when necessary and with an adequate degree of protection, primarily by:
- cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued as to whether an adequate level of personal data protection is ensured;
- the use of standard contractual clauses issued by the European Commission;
- the application of binding corporate rules approved by the competent supervisory authority.
8. Final provisions
We recognise that transparency is an ongoing obligation, so we will regularly review and update this document. Any changes we make to the Privacy Policy in the future will be published on the Website.
Last updated: 16 February 2024.