PRIVACY AND COOKIES POLICY IN THE NTT SYSTEM S.A. GROUP


Below we present the rules for processing and protection of personal data in the NTT System S.A. Group.
We assure you that we exercise due diligence to ensure the protection of the interests of persons whose personal data we process. In particular, we ensure that we process data in accordance with the Regulation of the European Parliament and the Council of the European Union 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC abbreviated as "GDPR", for designated, legitimate purposes about which we inform you. Personal data are factually correct and adequate in relation to the purposes for which they are processed and stored, no longer than necessary to achieve the purpose of processing and the requirements of the regulations. NTT System S.A. has a certified Information Security Management system that meets the requirements of the PN-ISO/IEC 27001:2014 -12 standard..

PERSONAL DATA CONTROLLERS

The controllers of personal data in the NTT System S.A. Group are:
  1. NTT System S.A. with its registered office in Zakręt, 05-077 Warsaw-Wesoła, ul. Trakt Brzeski 89, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, XIV Economic Division of the National Court Register under KRS number 0000220535, NIP [tax identification number]: 113-25-184-15, share capital: PLN 83,100,000.00. 2. NTT Technology Sp. z o.o. [a limited liability company] with its registered office in Zakręt, ul. Trakt Brzeski 89, 05-077 Warsaw-Wesoła entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, XIV Economic Division of the National Court Register under KRS number 0000237030, NIP [tax identification number]: 113-25-793-51, share capital: PLN 500,000.00.
  2. NTT Technology Sp. z o.o. with its registered office in Zakręt, ul. Trakt Brzeski 89, 05-077 Warsaw-Wesoła entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, XIV Economic Division of the National Court Register under KRS number 0000237030, NIP [tax identification number]: 113-25-793-51, share capital: PLN 500,000.00.
In all matters related to the protection of personal data in the NTT System S.A. Group, please contact us at the following e-mail address: daneosobowe@ntt.pl.
Providing personal data is done on a voluntary basis, however, refusal to provide data may prevent the conclusion and implementation of contracts. Providing the data necessary to issue an invoice is a statutory obligation and results from the Act on Tax on Goods and Services.
Providing personal data used for marketing purposes is completely voluntary.

SCOPE AND OBJECTIVES OF PROCESSING


The NTT System S.A. Group processes the following categories of data:
  1. contact details: name, surname, email address, telephone number, position;
  2. data required for identification for the purposes of concluding a contract, performing a service and issuing an invoice;
  3. data contained in financial documents if the entrepreneur applies for a trade credit;
  4. identification data necessary to provide online sales services;
  5. data needed to choose the right commercial or marketing offer for you.
The NTT System S.A. Group processes your personal data for the following purposes: conclusion and performance of a contract (provision of a service), sale of products and services offered by the Capital Group companies, issuing and storage of invoices and accounting documents, provision of maintenance services, handling Customer claims under the warranty and guarantee, reducing the risk of business transactions by verifying credit and payment capacity and applying securities of receivables, recovering overdue payments, conducting marketing activities undertaken alone or in cooperation with other entities, conducting analyzes and statistics, handling queries indicated in the consents.

LEGAL BASIS FOR PROCESSING

Art. 6(1)(a) of the GDPR - the data subject has consented. Expressing consents is voluntary. You may express all or some of them; you may also express none of them. A consent may be withdrawn at any time. The withdrawal of the consent shall not affect the lawfulness of the processing performed on the basis of the consent before its withdrawal.
Art. 6(1)(b) of the GDPR - performance of a contract,
In the event of taking action at the request of the data subject before the conclusion of the contract and in connection with the conclusion and implementation of the contract;
Art. 6(1)(c) of the GDPR - processing is necessary to fulfill the legal obligation imposed on the controller, e.g. issuing an invoice;
Art. 6(1)(f) of the GDPR - (legitimate interests of the Controller).
Data processed in the case of, among others, direct marketing, organized competitions, processed contact data, pursuing claims in connection with the conducted business, including debt collection and debt enforcement.

PERSONAL DATA RETENTION PERIOD

Personal data will be stored for a period resulting from the purposes of processing determined on the basis of the following criteria:
  1. legal provisions which oblige to store data for a specified period of time;
  2. period of service provision;
  3. until the withdrawal of the consent;
  4. until the expiry of any claims of the data Controller and against him if it is necessary to dispose of the data.
After the retention periods, personal data will be erased or anonymized.

RECIPIENTS OF PROCESSED DATA

The recipients of the data may only be:
  1. carriers or agents performing shipments at the request of the Controller;
  2. entities handling payments in stationary and online stores;
  3. entities providing financial, legal, advisory, consulting, and auditing services to the Controller;
  4. entities or bodies authorized pursuant to legal provisions;
  5. advertising agencies and other entities promoting or brokering the sale of products;
  6. capital group companies.
Personal data is not transferred to a third country or international organization.

RIGHTS OF DATA SUBJECTS

In connection with the processing of your personal data, you have the right to:
  1. access your personal data;
  2. rectification of data;
  3. erase data processed unreasonably or limit data processing;
  4. file a complaint to the supervisory body if you find that the processing of your personal data violates the provisions on data protection;
  5. transfer data processed in an automated manner;
  6. withdraw granted consent;
  7. and the right to object to processing.
The right to object may be exercised when personal data is processed in order to implement the Controller's legitimate interests including profiling (legal basis for processing Art. 6(1)(f)). The objection requires justification indicating the specific situation due to which personal data should not be processed.
The controller may refuse to accept the objection if there are valid, legitimate grounds for processing that override the interests, rights, and freedoms of the data subject or there are grounds for establishing, exercising, or defending claims.
The objection to data processing for direct marketing purposes including profiling does not require justification and is binding on the Controller.
You can exercise your rights by submitting an appropriate instruction via traditional mail to the address NTT System S.A. Zakręt, ul. Trakt Brzeski 89, 05-077 Warsaw-Wesoła or via email to the address: daneosobowe@ntt.pl.
The controller shall, within one month from receiving the instruction – provide information on actions taken in connection with the request. Due to the complex nature of the request or the number of requests made, the deadline for carrying out the request may be extended by another two months, of which the person submitting the instruction will be notified.
In order to carry out the request, the Controller is entitled to verify the identity so that the data were not handed over to an unauthorized person.
If the request appears to be unjustified or excessive, in particular due to its common nature, the Controller may request a reasonable fee for the implementation of the request or refuse to take action in connection with the request.

SOURCES OF OBTAINING PERSONAL DATA

  1. directly from you;
  2. from an entity that has concluded a contract with a company of the NTT System S.A. Group;
  3. from a third party partner / entity cooperating with a company from the NTT System S.A. group, which has provided your personal data on the basis of your consent;
  4. from publicly available sources, e.g. from the National Court Register, the Central Register and Information on Economic Activity, or other similar sources.
In the event of providing us with personal data of your employees, proxies, board members, partners, associates, contractors, suppliers, or other persons, including e.g. when you authorize your employee or another person to contact us as part of cooperation or access to the B2B web service www.nttonline.plplease inform these persons:
  1. on the scope of personal data regarding these persons, which were transferred to us;
  2. b. about who is the Controller of their personal data and that their personal data are processed on the principles set out above, also available at www.ntt.pl/politykaprywatnosci;
  3. that you are the source from which we obtained the data.


COOKIES

Cookies are information saved by servers on the website User's end device. This information can be read by the server each time this end device connects to it.
Cookies are IT data, in particular text files, which are stored on the website user's end device.
Cookies usually contain the name of the domain of the web service from which they come from, their storage time on the end device, as well as an IP number. We use those files to provide services tailored to individual needs.
The entity that places cookies on the Website User's end device and obtains access to them is NTT System S.A. In many cases, the software used for browsing websites (web browser) by default allows the storage of cookies on the User's end device. Anytime, the web service users can make changes to the settings related to cookies. These settings can be changed particularly in such a way as to block the automatic handling of cookies in the web browser configuration or to inform about them every time they are placed on the website User's device. Detailed information on the possibilities and methods of managing cookies are available in the software settings (of the web browser). Failure to change cookies settings means that they will be placed on the User's end device and we will therefore store information on the User's end device and have access to that information.
Disabling cookies may cause difficulties in the use of some services on our websites, in particular those requiring logging in. Disabling cookies does not, however, result in the lack of ability to read or view the content posted on NTT System S.A. websites, with the exception of the content access to which requires logging in.

PROFILING

By visiting our website or online store, you are subject to automated profiling for marketing purposes. It involves collecting information and analyzing behaviour (among others, visited websites, time spent on the website or on the online store's website), through the following tools:
  1. Google Analitycs;
  2. Google AdWords;
  3. Hotjar.

The following data may be transferred to the above-mentioned service providers:

  1. IP number;
  2. currently used operating system;
  3. currently used screen resolution;
  4. information about the device on which you use the website or store.


PERSONAL DATA SAFEGUARDS

The data provided by you as well as all system logs and other data generated automatically as part of using our websites and online stores:
  1. are stored in a secure location on our servers;
  2. processed using technical and organizational measures required by law, ensuring their protection adequate to the threats and categories of data protected, secured against their processing in violation of applicable regulations.
The controller provides respectively the following technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically:
  1. the data set safeguard against unauthorized access;
  2. the SSL certificate on the Online Store websites, where Customer data is provided;
  3. the encryption of data used for Client authorization;
  4. access to the Account only after providing an individual login and password.


CHANGES TO THE PRIVACY POLICY

We will inform you about any changes to this Privacy Policy and cookies in the form of an e-mail or notice on our website.