We would like to hereby inform you of the processing of your personal data during the visit to our website according to the General Data Protection Regulation, art. 13 (1) and (2) of EU Regulation 2016/679, later referred to as GDPR.
I. Name and contact details of responsible party
The responsible party in accordance with GDPR and further national data protection laws of the EU-member states as well as all other data protection provisions is:
GuD Offshore Wind Polska Sp. z o.o.
ul. Starowiejska 41-43 / LU 8 B
81-363 Gdynia
Poland
Managing Director
Dr.-Ing. Fabian Kirsch
Phone: +49 30 - 78 90 89 - 0
II. Data protection officer
We are not legally obliged to appoint a data protection officer and have not done so. If you have any issues on data security, please contact the person in charge (mentioned under I).
III. General information on data processing
1. Scope of personal data processing
Statistics on personal data are only compiled in case this is required for proper operation our website as well as for the running of our content and services. Personal data is only processed if the processing is permitted by legal regulations or if the user has consented to the processing.
2. Legal basis for processing personal data
In order to deliver the content of our website and to offer you services related to our portfolio, we process personal data based on the following legal decree.
- Consent: Insofar as we obtain the data subject’s power of attorney for processing operations involving personal data, art. 6 (1) a) GDPR serves as a legal basis.
- Fulfilment of a contract: When the fulfilment of a contract calls for consent to data processing by the contractor, art. 6 (1) (b) GDPR serves as a legal basis. This also applies to data processing which is mandatory for the performance of pre-contractual negotiations.
- Legal obligation: If our company is bound to fulfil a legal obligation to process personalised data, art. 6 (1) c) GDPR serves as a legal basis.
- Balance of interests: If data processing is necessary to protect a legitimate concern of our company or of a third party and on the contrary the user’s interests, fundamental rights and civil freedom do not outweigh the company’s or third party’s interests, art. 6 (1) f) GDPR serves as a legal basis for processing data entries.
If the user had once given consent to the collection of personal data, the consent can be withdrawn at any time with immediate, permanent effect.
If data is being processed due to a balance of interests, the user can submit any concerns, as far as the right to object to the processing of the personal data is given and the requirements of art. 21 GDPR, are met.
3. Data deletion and storage period
We delete personalised data if there is no demand for further storage but demand may exist in particular if the data is still of interest with respect to the fulfilment of contractual obligations or in order to check, grant or ward off warranty or possible guarantee claims. In the case of date storage that is legally binding, data deletion will only be considered after the obligation to store it has expired.
4. Data tracking and transfer
Any data transmitted by a user of the website is generally not transferred to third parties. In particular, your data will not be passed on for advertising purposes to third parties. However, we do use service providers for the operation of these internet pages as well as for our products and services in general. It may happen that a service provider obtains knowledge of personalised data. We select our service providers carefully - especially with regard to data protection and data security - and we hold on to required standards of data protection and data processing.
5. Data processing outside the European Union
In case personal data is processed outside the EU, information is provided in the following paragraphs.
IV. Running of the website and generating log files
1. Description and scope of data processing
Each time our website is accessed, our server automatically collects data from the accessing device.
The following data is being collected:
- anonymised IP address
- date and time of access
- access of files
- status code of the server
- transferred data amount
- web page that referred the user to our website
- technical information on the data client: browser, operating system, CPU, user interface, language, version
- alternative domain entered initially, if applicable
The data mentioned above is stored in our log files as well. No additional personalised data storage occurs.
2. Purpose of data processing
The server temporarily stores your IP address which is necessary for opening the website in your browser. For this purpose, the IP address remains in our system’s storage for the duration of the web-session. Temporary data storage in log files positively contributes to the performance of our website. Furthermore, data analysis can thus improve the running of the website and protects our IT system. An evaluation of data for marketing purposes does not take place in this context.
3. Legal basis for data processing
Your IP address and browser data are processed when surfing our website. This data processing serves the purpose to provide you with valuable information on our website.The storage of log files is based on a balancing of interests for the purpose of ensuring the confidentiality and integrity of the personalised data processed by our IT system.
4. Storage duration, the possibility of objection and data deletion
The data is deleted as soon as the purpose for which it had been collected has been achieved. Data that had been collected during the web session is deleted after the respective session has ended. Data stored in log files is deleted within seven days. The storage duration can be excelled. In this case, the user’s IP addresses are deleted or alienated, so that an assignment of the calling client is no longer possible. The compilation of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
V. E-mail contact
1. Description and scope of data processing
If you send us a message to the e-mail address mentioned above, personalised data transmitted by e-mail will be stored. We hereby point out the fact that unencrypted e-mails can possibly be accessed by unauthorized third parties if a number of circumstances apply. Confidential messages should therefore not be transmitted by e-mail. Data obtained in this context will not be passed on to third parties. The data will be exclusively used for following up the conversation.
2. Purpose of data processing
Processing personalised data that has been transmitted by filling in the contact form or by sending an e-mail is used for contact reasons only. All other personalised data that is generated during the transmission of the contact form serves to prevent improper usage of the website as well as to guarantee the proper functioning of our IT system in general.
3. Legal basis for processing data
Inquiries in the run-up of closing a contract or for initiating a contract make data processing necessary. Data transmitted in a message which is not aimed at the conclusion of a contract is processed according to a balance of interests, which legitimises the necessary data processing that serves such a purpose (mentioned under 2.).
4. Storage duration, veto power and data deletion
E-Mails that contain personalised data will be deleted within three months after the transmitted inquiry has been accomplished and communicational interchange is finished so that no further need to store the messages is given. A communication is finished when a content-related reference indicates that the issue is closed but data storage is particularly important in case the data is still needed whether for fulfilling contractual services or to check, grant or ward off warranty and, if applicable, guarantee claims. In the case data storage being legally binding, data deletion will be considered after the obligatory storage period has expired.
The option to object to the storage of personalised data by sending an e-mail to the e-mail address indicated above (please refer to chapter I, Name and address of the persons in charge/controller) exists within legal frameworks. After the objection has been successfully claimed, the line of communication will not be continued. Any personalised data that had been stored within the course of the communicational interchange will be deleted.
VI. Legal framework for affected individuals
If personalised data is being processed and your personal concerns are disregarded, GDPR guidelines regulate the lawfulness and serve as a framework. The following legal regulations cover the individual’s and the company’s liabilities:
1. The company’s obligation to provide information
The data subject has the right to require a statement that personalised data has been processed by the company. In case the respective data has been indeed processed, the data subject has a right of being informed which specific data has been stored. Any written request for information makes it necessary for us to ensure that the individual who has transmitted the inquiry can legitimately verify his or her identity.
2. Claiming a revision of a data entry
You have a right to correction and/or completion if the processed personal data concerning you is incorrect or incomplete, by submitting the correct details to the data protection officer.
3. Claiming the deletion and/or restricted usage of stored data
If an immediate deletion of personalised data is being legitimately claimed and the deletion asked for is justifiable, the data protection officer is legally obliged to manage an instantaneous data removal. Within the existing legal framework a restricted data processing of personalised data can be demanded.
4. Right to data portability
According to current law, the data protection officer has the duty to provide the data subject with the requested personalised data in a structured, common, digital file without delay, so that the data can be moved to another data officer who the data subject chose instead. The transfer has to be performed in a way that excludes mutual hindrances/obstructions between the data officers.
5. Right to object to data processing
According to art. 6, chapter 1 lit. f) GDPR, the data subject has the right to disapprove the processing of personal data if a particular situation causes him/her to do so. The data processing has to be cancelled immediately afterwards. As a result, the company is not legitimated any longer to process the personalised data, unless compelling reasons for further processing exist which overpower the individual’s rights and freedoms or further processing serves the purpose of asserting, exercising or defending legal claims. If your personal data is processed for direct marketing purposes, the right to object permanently exists. If you withdraw your consent to data processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
6. Right to withdraw consent
GDPR regulates your permanent right to withdraw consent to data processing, leaving the consent given earlier legally untouched until the withdrawal has finally come into force. The withdrawal of consent does not affect the lawfulness of the processing carried out on basis of the consent until the revocation.
7. Complaining before a supervisory board
If the usage of personalised data is suspected to be in contrary to GDPR guidelines, the individual has the right to lodge an administrative or juridical complaint which does not negate the right to additionally complain before a supervisory board of one’s choice that is specifically handling data security claims. This includes the data protection supervisory authority responsible for data control as well:
Biuro Generalnego Inspektora Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warszawa
Phone Nr. +48 22 53 10 440
E-Mail: kancelaria@giodo.gov.pl
We also welcome you to contact the data controller if you believe that we unlawfully process your personalised data. The company’s contact details are shown under chapter I as well as the name and of the person responsible for data security questions.
VII. Amendment of this data protection information
The data protection information is reviewed when the website is updated as well as if GDPR rules have changed. The most recent version of the data protection information is provided.
Latest review: June. 15th, 2022