WESTMAN Sp. z o.o.

The administrator of personal data is Aegger Sp. z o.o. Św. Marcin 29/8 61-806 Poznań – Poland VAT ID: PL7773228631 REGON 364225932 KRS 0000613586 EORI Nr. PL782262002800000, and contact with the Administrator is possible:

by phone: +48 61 111 02 07
by email: mail@aegger.eu
by mail: Aegger Sp. z o.o. Św. Marcin 29/8 61-806 Poznań – Poland

The Administrator places great emphasis on the privacy of customers, contractors, and subcontractors. Therefore, in the scope of its activities, it has introduced requirements provided by GDPR, including according to art. 25 and 32 of the GDPR, also implementing this document.
If you do not accept the rules described in the Privacy Policy, please do not use the services of the Administrator.

Purpose, Legal Basis, and Retention of Personal Data
Purpose:

Execution of a contract between the Administrator and the Customer for the sale of goods or provision of services by the Administrator.
Fulfillment of rights and obligations resulting from contracts concluded between the Administrator and Contractors/Subcontractors.
Legal basis: Art. 6 sec. 1 lit. b and c of the GDPR and Art. 6 sec. 1 lit. a, b, and c of the GDPR.

Extent of consent: Necessary to perform a contract to which the Customer is a party. Voluntary.

Processing period: During the mandatory period of contract execution and the period necessary for fulfilling related accounting or tax obligations and the potential need to pursue claims arising from the contract, as determined in accordance with separate regulations. The personal data processed based on the obtained consent will be processed until it is revoked.

III. Categories of Personal Data Recipients
Type of Personal Data transferred:

Customer data.
Contractor data.
Types of Recipients:

Administrator and its contractors;
entities providing accounting, IT, intermediary, and marketing services on behalf of the Administrator;
contractors/subcontractors of the Administrator who provide construction services necessary to execute the contract;
the competent tax authority;
contractors/subcontractors of the Administrator and its Contractors and Customers – to the extent necessary to execute the services of the Administrator;
occupational health centers, competent tax authorities, and the relevant branch of the Social Insurance Institution;
entities providing accounting and IT services on behalf of the Administrator;
Customers of the Administrator – to the extent necessary to execute the services of the Administrator;
Purpose:

Sale of goods or provision of services.
Fulfillment of contracts and obligations arising from them.
Sale of goods or provision of services.
Data of Contractors/Executors/Subcontractors.

The principles of processing Personal Data and ways of their storage
Personal Data of Customers provided in the course of implementing offers or sales agreements are processed through a computer program used by the Administrator for settlements, preparing reports, or developing offers or agreements. In paper form, they are collected only as documents necessary to carry out the sale of real estate or other services offered by the Administrator and to settle with them.

Personal data of Contractors/Suppliers/Subcontractors are collected in paper form, i.e., contracts or other documents concluded with them or necessary to execute the contract concluded with them by the Administrator, and in electronic form, they are processed only to the extent necessary for settlement and payroll and tax obligations. In connection with this cooperation, personal data is transferred in electronic or paper form for the purpose of executing the contract.

Documentation collected in paper form is stored in suitable premises/lockers/drawers, locked with a key or access card by an authorized person. Personal data in electronic form is secured with passwords and logins appropriate to the degree of importance and access to systems where they are stored, for persons authorized by the Administrator for this purpose.

Rights of the person whose Personal Data is being processed
The person providing their Personal Data is entitled to:
a) the right to access the content of this Personal Data and the right to correct, update, correct, delete in whole or in part, limit processing, the right to data portability; the right to object to the processing of Personal Data; the right to access this Personal Data and the right to accurate information on the purpose for which they are used and for how long they will be stored; the right to precise information on whom and on what basis the Administrator provided this Personal Data; the right to transfer this Personal Data to another entity;
b) if it is considered that the processing of Personal Data has violated the GDPR provisions, the person whose Personal Data is concerned has the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), and if there are any doubts, they always have the right to demand information on the above Personal Data and the entities to which they were made available;
c) if the processing is based on consent, the person providing their Personal Data always has the right to withdraw voluntary consent;
d) the person whose Personal Data is being processed may exercise the right to be forgotten.
The Administrator shall provide information requested based on the rights indicated in paragraph 1 of this section without undue delay, but no later than within one month. However, if due to the complex nature of the operation it will not be possible, the Administrator will provide information on the possible deadline after extending the one-month deadline, and such extension may be for a maximum of one more month. In any case, the Administrator will inform the person whose Personal Data are concerned about the exercise of the right.

In the event that any security incident occurs in connection with the processing of Personal Data, which affects the security of Personal Data and may cause a high risk of infringement of rights or freedoms, the Administrator shall inform the person whose Personal Data are concerned about such incident without undue delay, but no later than within 96 hours from the identification of the breach.

In exceptional situations provided for by law, the Administrator may refuse to delete Personal Data.
The Cookie Policy states that to use the Administrator’s website properly, it is necessary to enable cookies in the web browser, which can be subsequently deleted using the appropriate options in the browser or other software. The Administrator may use the following types of cookies in the website:

a) Session (temporary) cookies – stored on the User’s end device until logging out, leaving the website, or turning off the software (web browser);
b) Persistent cookies – stored on the User’s end device for the time specified in the parameters of a given file or until they are deleted by the User;
c) Necessary cookies – required to use the services within the website;
d) Secure cookies – aimed at ensuring the security of the website and the processed Personal Data;
e) Marketing cookies – creating the possibility of providing the User with offers and other advertising and marketing materials, including those tailored to their preferences;
f) Performance cookies – allowing the collection of information on how the User uses the website;
g) Functional cookies – allowing the User’s chosen settings and interface personalization to be remembered, e.g., regarding the selected language or region from which the User comes, font size, website appearance, etc.

The Administrator uses cookies for the following purposes:
a) Functional – improving the usability and configuration of the website;
b) Analytical – creating statistics to show how Users use the website and other web pages, which, in turn, allows for improving their structure and content;
c) Security – preventing abuse on the website and other unwanted actions that threaten the security of User data;
d) Continuity – maintaining the User’s session after logging in;
e) Marketing – providing Users with offers or other advertising and marketing materials, taking into account their preferences, and determining the User’s profile regarding their preferences within the aforementioned offers or materials.
The user can independently and at any time change the settings regarding cookies, specifying the conditions for their storage and access by cookies to the end device. These settings can be changed, in particular, to block the automatic handling of cookies in the web browser settings or to inform about their placement on the end device each time. Detailed information on the possibilities and methods of handling cookies is available in the software settings (web browser) used by the user.

The user has the option to disable or restore the option of collecting cookies by changing the settings in the web browser at any time. Failure to change these cookie settings means that the Administrator places them on the user’s end device and has access to them. Disabling, limiting, or resigning from cookies may cause irregularities in using the Service, including disabling or limiting or violating some of its functionalities.