Information Obligation

Below you will find all the necessary information regarding the processing of your personal data in connection with the conclusion and performance of the contract.

Who is the administrator of my data?The administrator of your personal data processed for purposes related to the conclusion and performance of the contract is Constructa Plus Sp. z o.o. Sp.k., located in Poznań 60-616, at 12/1 Małopolska Street (hereinafter referred to as “Constructa Plus”).
Who can I contact regarding the processing of my personal data?For any matters related to the processing of your personal data by Constructa Plus, you can contact us at the email address: daneosobowe@constructa.com.pl.
What is the scope of my personal data processed by Constructa Plus?First, we need to receive an inquiry from you regarding the products we offer. For this purpose, we need the following set of your data: first name, last name, phone number, and email address. During the contract execution process, your data will be supplemented with information necessary for its performance, such as parents’ names, address of residence, registered address, bank account numbers, place of birth, and marital status.
What is the purpose of processing my personal data?We process your personal data as a business entity, and the purpose of this processing is the conclusion and performance of the contract with you as the data subject. Art. 6 para. 1 of the GDPR. (Full names of the legal acts can be found at the end of the form)
To whom are my personal data being disclosed?As a business entity, we care about the confidentiality of your data. Due to the need to achieve the purpose of concluding and performing the contract with you, while maintaining appropriate work organization, your personal data may be disclosed to the following categories of recipients:
Subcontractors as material suppliers, cooperating with Constructa Plus to carry out core business activities.
Providers of legal and advisory services (law firms and notaries).
Providers of services supplying technical and organizational solutions that enable the conclusion and performance of the contract (IT service providers, courier and postal companies, property managers).
Persons authorized by you within the framework of exercising your rights.
Are my data being transferred outside the European Union?Your personal data are not transferred outside the European Union.
For how long are my personal data processed?If you are our client and we have concluded a contract with you, we are obliged to store your data as follows:
All data processed for accounting purposes and tax reasons are processed for 5 years from the end of the calendar year.
If the data were processed by us for the purpose of pursuing claims, we process the data for this purpose for the period of limitation of claims, as specified by the provisions of the Civil Code.
Your documentation (contracts, statements related to the conclusion and performance of the contract) is stored indefinitely.
Is providing my data obligatory?Providing your data is voluntary, and the basis for their processing is the fulfillment of the rights and obligations arising from the sales contract. Without your consent, it will be impossible to present the offer you are interested in and to carry out activities related to the conclusion and performance of the contract.
What are my rights?As the administrator of your data, we ensure your right to access your data. You can also correct them, request their deletion, or restrict their processing. You also have the right to data portability and the right to lodge a complaint with the supervisory authority.
Definitions and Abbreviations.GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
RIGHTS OF THE DATA SUBJECTDATA ADMINISTRATOR’S (COMPANY’S) OBLIGATIONS
Right of Access to Personal Data
The data subject can request the data controller to confirm whether personal data concerning them are being processed. If so, they can gain access to the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) where possible, the planned period for which the personal data will be stored, or if not possible, the criteria used to determine that period;
e) information about the right to request from the controller rectification or erasure of personal data or restriction of processing (“restriction of processing” means marking stored personal data to restrict their future processing) concerning the data subject (the data subject has the right to object to such processing);
f) information about the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) information about automated decision-making (without human intervention, such as automatic electronic application processing), including profiling (automated use of personal data to assess certain personal aspects of a natural person, such as evaluating preferences or interests); and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.Where personal data are transferred to a third country or to international organizations, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.The data subject has the right to obtain a copy of the personal data undergoing processing.
 The data controller must confirm, upon the request of an individual, whether personal data concerning them are being processed. If so, the controller should provide the information specified in item 1 in the left column of the table upon request.
The controller is obliged to provide information about the safeguards applied in relation to the transfer of personal data to a third country or an international organization upon the request of the individual whose personal data are being transferred.
The controller shall provide a copy of the personal data undergoing processing upon the request of the data subject. For any additional copies requested, the controller may charge a reasonable fee based on administrative costs. The copy shall be provided electronically if the request was made in that manner, unless the data subject requests otherwise.
The controller should ensure that the data subject has the option to make specific requests electronically, especially if personal data are processed electronically. The controller should be obliged to respond to the data subject’s requests without undue delay – no later than within one month, and if the controller does not intend to comply with such a request, they must provide the reasons for this.
Right to Rectification

The data subject has the right to request the controller to promptly rectify inaccurate personal data concerning them. They also have the right to request the completion of incomplete personal data, including by providing an additional statement.
The controller is obliged to promptly rectify inaccurate personal data and complete incomplete data upon the request of the data subject.
The controller should ensure that the data subject has the option to make specific requests electronically, especially if personal data are processed electronically. The controller should be required to respond to the data subject’s requests without undue delay – no later than within one month, and if the controller does not intend to comply with such a request, they must provide the reasons for this.
Right to Erasure (“Right to be Forgotten”)

1. The data subject has the right to request the controller to promptly delete personal data concerning them if one of the following circumstances applies:
a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) The data subject withdraws consent on which the processing is based, and there is no other legal basis for the processing (e.g., the necessity of fulfilling a contract or a legal obligation);
c) The data subject objects to the processing, and there are no overriding legitimate grounds for the processing (unless the personal data are processed for direct marketing purposes, in which case the objection will always be effective);
d) The personal data have been unlawfully processed;
e) The personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject;
f) The personal data have been collected in relation to the offer of information society services to a child.
1. The controller is obliged to promptly delete personal data upon the request of the data subject if one of the circumstances listed in the left column occurs.
2. If the controller has made the personal data public and is obliged to delete it, they shall, considering the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the deletion of any links to, or copies or replications of, those personal data.
3. The controller is not required to take actions specified in points 1 and 2 to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health;
d) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, as long as the deletion of such data is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
e) for the establishment, exercise, or defense of legal claims.
4. The controller should ensure that the data subject has the option to make specific requests electronically, especially if personal data are processed electronically. The controller should be required to respond to the data subject’s requests without undue delay – no later than within one month, and if the controller does not intend to comply with such a request, they must provide the reasons for this.
Right to Restriction of Processing

1. The data subject has the right to request the controller to restrict the processing of their personal data in the following cases:
a) The data subject contests the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the data;
b) The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims;
d) The data subject has objected to processing – pending the verification of whether the legitimate grounds of the controller override those of the data subject.
If processing has been restricted according to the left column of the table, such personal data may, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
Before lifting the restriction of processing, the controller shall inform the data subject who requested the restriction.
 Notification Obligation Regarding Rectification or Erasure of Personal Data or Restriction of Processing

The controller shall inform about the rectification or erasure of personal data or the restriction of processing that has been carried out in accordance with the request of the data subject. Each recipient to whom the personal data have been disclosed shall be informed unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
Right to Data Portability

1. The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a commonly used computer format, and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if:
a) the processing is based on consent or on a contract; and
b) the processing is carried out by automated means.
2. In exercising their right to data portability, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The controller is obliged, upon the request of the data subject, to transmit their data, which they have provided to the controller, in a commonly used computer format. This is done under the conditions specified in the left column.
If technically feasible, the controller should, upon the request of the data subject, transmit the data concerning them directly to another controller.
Right Not to Be Subject to a Decision Based Solely on Automated Processing

1. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
2. Paragraph 1 does not apply if the decision:
a) is necessary for entering into, or performance of, a contract between the data subject and the controller;
b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests; or
c) is based on the data subject’s explicit consent.
1. In cases where the decision specified in the left column is necessary for entering into or the performance of a contract between the data subject and the controller, or the decision is based on the data subject’s explicit consent, the controller shall implement suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests. At a minimum, these will include the right to obtain human intervention on the part of the controller, to express their own point of view, and to contest the decision.