Privacy Notice for Contractors (and their Representatives)

Data controller

The data controller is Towarzystwo Ubezpieczeń ZDROWIE S.A. with its registered office in Gdynia, ul. Śląska 17 (hereinafter referred to as TU ZDROWIE S.A.)

Contact details

You can contact TU ZDROWIE S.A. via e-mail: biuro@tuzdrowie.pl, contact form at www.tuzdrowie.pl, by telephone at 58 888 2 999 or in writing to the address of TU ZDROWIE S.A.’s registered office.

Data Protection Officer

TU ZDROWIE S.A. has appointed a Data Protection Officer. You can contact the Data Protection Officer by email iod@tuzdrowie.pl or in writing to the address of the controller’s registered office.

You can contact the Data Protection Officer on all matters relating to the processing of personal data and the exercise of
rights in relation to data processing.

Purposes of processing and legal basis for processing

Your data may be processed:

1)     to conclude and perform a service agreement – Article 6(1)(b) of the GDPR;

2)     to settle the contract – Article 6(1)(c) of the GDPR, to fulfil the legal obligation imposed on the controller – tax law provisions, Accounting Act;

3)     to assert claims related to the concluded contract – Article 6(1)(f) of the GDPR, the controller’s legitimate interest;

4)     for statistical and internal reporting – Article 6(1)(f)of the GDPR, the controller’s legitimate interest;

5)     to handle complaints and claims, should they be filed, on the manner of performance of the contract between the parties – Article 6(1)(f) of the GDPR, the controller’s legitimate interest.

Categories of data

Identification data (first and last name, position/full-time function of persons representing the contracting party, name of business entity, NIP [Tax Identification Number], REGON [Business Identification Number]), contact data (phone number, email address) and correspondence data (registered office address, mailing address); as well as data on concluded contracts, financial data, bank account number.

Source of data

TU ZDROWIE S.A. receives personal data from the following entities: from persons authorized to deny and conclude a contract as well as from persons contacting TU ZDROWIE S.A. The source of the data may also be other data administrator, cooperating entity, publicly available sources, i.e. CEIDG (Central Register of Business Enterprises) and KRS (National Court Register).

Period of data retention

Data will be stored until the expiration of the contract, satisfaction of potential claims, the provisions of law, or until you file an objection.

Data recipients

Data recipients may be primarily: entities operating our ICT systems; entities providing legal assistance, human resources, accounting, tax or advisory services as well as debt collection companies; state authorities (e.g. ZUS [National Social Insurance Institution], tax office, and other entities authorized on the basis of legal regulations) – in order to fulfill the administrator’s duties; entities providing postal services (i.e. Poczta Polska, couriers).  

Rights of data subject

You have the right to:

·          to request access to your personal data;

·          to rectify your personal data;

·          to request erasure insofar as this does not interfere with the performance of the contract or the obligations arising from the contract;

·          to request restriction of processing;

·          to require data portability insofar as the data are processed on the basis of a contract;

·          to object to their processing on the basis of the controller’s legitimate interest for reasons relating to a particular situation.

As well as the right to lodge a complaint with the President of the Office for Personal Data Protection.

Information on data requirements

Providing personal data in connection with the contract being concluded is necessary to conclude and perform the contract. It is not possible to conclude and perform the contract without providing personal data.