Privacy Policy

Article 1. Privacy Protection Principle

1. 1.The controller of personal data is Multeafil Sp. z o.o. ul. Parkowa 5, 63-330 Dobrzyca, entered into the Register of Entrepreneurs of the National Court Register by the District Court Poznań – Nowe Miasto and Wilda in Poznań, 9th Commercial Division of the National Court Register under KRS number: 0000117738, holding NIP: 621-13-61-933.
2. 2. Multeafil Sp. z o.o., as the personal data controller (hereinafter referred to as the “Controller”), places great importance on the protection of privacy and the confidentiality of personal data processed in connection with its business activities, including data entered by Internet users into electronic forms on the website provided under the domain multeafil.com.pl (hereinafter referred to as “multeafil.com.pl”).
3. 3. The Controller selects and applies appropriate technical and organizational measures with due diligence to ensure the protection of processed personal data. Full access to the databases is granted only to persons duly authorized by the Controller.
4. 4. The Controller safeguards personal data against disclosure to unauthorized persons, as well as against processing in violation of applicable legal regulations.
5. 5. Visitors to www.multeafil.com.pl can browse the website without providing personal data.
6. In case of any doubts or to exercise your rights, please contact our Data Protection Officer, Maciej Sodkiewicz, via email: iod@multeafil.com.pl

Article 2. Legal Basis for the Processing of Personal Data

1. 1. Personal data is processed by the Controller in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as “GDPR”) for the purpose of:

a. responding to inquiries submitted via contact forms and addresses provided on the multeafil.com.pl website, based on the Controller’s legitimate interests related to the need for prompt correspondence handling (Art. 6(1)(f) GDPR);

b. conducting and concluding recruitment processes involving individuals who have applied, based on the Controller’s legal obligation and the consent provided (Art. 6(1)(a) and (c) GDPR);

c. establishing and maintaining business relationships and concluding and performing contracts with the Controller’s clients, suppliers, and service providers, including for documentation purposes and for handling, pursuing, and securing claims or complaints, based on legal obligations or legitimate interests, or where necessary prior to entering into or performing contracts (Art. 6(1)(b), (c), and (f) GDPR);

d. reviewing applications submitted to the Controller for sponsorship, funding, or support, particularly from institutions and individuals in need, based on the Controller’s legitimate interests related to the need for prompt correspondence handling, and, if requests are approved, for documentation purposes, based on legal obligations (Art. 6(1)(c) GDPR);

e. fulfilling other legal obligations incumbent on the Controller (e.g. accounting or tax duties) pursuant to Art. 6(1)(c) GDPR.

2. The provision of personal data is voluntary; however, depending on the situation, failure to provide data may result in the inability to receive a response or to participate in a recruitment process.

3. The user should not provide the Controller with personal data of third parties. If they do, they declare each time that they have obtained the appropriate consent of those individuals to provide the data to the Controller.

Article 3 Scope of personal data processing

1. 1. The Controller processes:

a. data provided in inquiries submitted via contact addresses or forms on the multeafil.pl website;

b. data included in application documents submitted in connection with ongoing recruitment processes;

c. data of natural persons who are clients, suppliers, and service providers of the Controller, and, if necessary for contract performance or to fulfill legal obligations, also data of their employees;

d. data provided in requests by individuals or representatives of institutions seeking funding or sponsorship, including special categories of data (e.g., health information), if such data is relevant and included in the submitted request.

2. The Controller uses IP addresses collected during internet connections for technical purposes related to server administration. IP addresses are also used to collect general, statistical demographic data (e.g. region of connection).

Article 4 Control of Personal Data Processing

1. 1. The user is obliged to provide complete, accurate, and up-to-date information.
2. 2. Every individual whose personal data is processed by the Controller has the right to:

a. access their data and request its rectification and portability – i.e., to receive it in a structured form that can be transmitted to another controller;

b. object to the processing of their data in cases where it is based on the Controller’s legitimate interest;

c. if the processing is based on consent – withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

d. request the deletion of their data (the right to be forgotten) or the restriction of its processing, for example in the event of withdrawal of previously given consent or the lodging of an objection, provided there are no other legal grounds for the Controller to continue processing the data;

e. lodge a complaint with the President of the Personal Data Protection Office if they believe the Controller has violated data protection laws.

3. To exercise the rights listed above, please contact our Data Protection Officer, Maciej Sodkiewicz, by sending a request to iod@multeafil.com.pl including your full name and email address.

4. The user has the right to lodge a complaint with the Personal Data Protection Office if they believe that the processing of their personal data violates the provisions of the GDPR.

Article 5 Sharing of Personal Data

User data may be shared with entities authorized to receive it under applicable legal regulations, including relevant judicial authorities. Personal data may also be transferred to entities processing it on behalf of the Controller, such as marketing agencies, training and event service providers, technical service providers (developing and maintaining IT systems and websites), accounting service providers, and courier companies. Personal data will not be transferred to third countries or international organizations.

Article 6 Data Retention Period and Other Information Regarding Processing

1. 1. Personal data will be stored only for the period necessary to fulfill the purpose for which it was submitted or to ensure compliance with legal requirements, specifically:

a. for responding to inquiries (contact), data will be processed no longer than three years after the end of communication;

b. for recruitment processes, data will be processed during the recruitment and for six months after its conclusion, or, in case of additional consent – for 12 months from the date of application submission;

c. for natural persons who are clients, suppliers, or service providers, data will be processed for the duration of the business relationship and thereafter for the period required to pursue or defend against any potential claims or to handle complaints.

2. Personal data will not be processed by the Controller in an automated manner.