INFORMATION CLAUSE

for Users of an Informational Website Regarding Product Technical Documentation

  1. Protection of personal data under the General Data Protection Regulation (GDPR)

    This notice pertains to the personal data collected by:
    (a)Grupa Azoty Polyolefins S.A. (“Company” or “Data Controller”) directly to the Product Documentation Information System available at: https://gryfilen.com

    For the scenario described in item a) above, Grupa Azoty Polyolefins S.A. acts as the controller of personal data. The company is registered in Police, ul. Kuźnicka 1, 72-010 Police, and is entered into the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court in Szczecin, XIII Economic Division, under the KRS number 0000577195. The share capital and paid-in capital amount to PLN 922,968,300, and the company holds NIP PL 851-318-76-11 and REGON 362562393.

    Within this clause, we provide information on the utilization of your personal data and outline the rights individuals have concerning the collection and use of such data. For any questions or comments, please contact us by mail at: ul. Kuźnicka 1, 72-010 Police, or via email to the data protection officer of Grupa Azoty Polyolefins S.A. at adogapoly@grupaazoty.com.

  1. Scope of Information
    This clause offers information details provided by the Companies regarding the use of personal data in the territory of Poland in relation to individuals:
    (a)who make use of the Website by downloading documentation of the Company’s products (referred to collectively as “You” or “Users”).

  1. Types of Personal Data Processed

    3.1 Data Provided by Users
    In the context of your relationship with the Company, which consists in the Company providing you with access to product information, we may process the personal data you provide, including but not limited to:
    (a) name, company, business address and mailing addresses;
    (b) contact details, such as e-mail address, telephone or fax number.
    If you wish to subscribe to the System, providing the specified data is voluntary but necessary for the purposes of managing the cooperation between you and the Company.

    3.2 Data Collected from Other Sources
    We may obtain your personal data from publicly available sources, such as CEIDG or KRS business registers, to verify the information you have provided. The scope of the processed data, in this case, will be limited to the data publicly available in the relevant registers.

  1. Legal Basis, Purposes and Periods of Data Processing

    4.1 Legal Basis for Data Processing
    We process personal data under the following legal bases:

    (a) based on your consent (Article 6(1)(a) of the GDPR), your personal data may be processed for the purpose of providing and updating product documentation via the Website. This processing relies on your express, voluntary, and prior consent. The lawfulness of such processing is based on your consent, which can be withdrawn at any time. Please note that the withdrawal of consent is only effective for the future and does not affect the lawfulness of processing carried out before its withdrawal;
    (b) processing is necessary for the performance of obligations arising from the provision of the Website to you, if you are, currently or in the future, a party to a contract with the Company or Companies, or for taking certain actions before the conclusion of a contract, such as preparing a draft contract (Article 6(1)(b) of the GDPR);
    (c) processing is necessary for complying with the Company’s legal obligations or is directly prescribed by law (Article 6(1)(c) of the GDPR), with regard to personal data contained in documents subject to archiving by law;
    (d) processing is necessary for the pursuit of the Company's legitimate interests and does not unduly affect your interests or fundamental rights and freedoms (Article 6(1)(f) of the GDPR). When processing personal data on this basis, we always seek to find balance between our legitimate interests and your privacy.

    The legitimate interests include:
    (i) enabling the Company to contact you for the purpose of operating the Website;
    (ii) retention of records to demonstrate compliance with obligations arising from the settlement of public funding;
    (iii) prevention of fraud and criminal activities;
    (iv) conducting internal audit processes in the Azoty Group;
    (v) establishing or asserting civil law claims by the Company with you in the course of its business, as well as defence against such claims;
    (vi) verification of the User’s credibility;
    (vii) verification of Users in public registers.

    4.2 Periods of Data Processing Determined for Specific Purposes
    Personal data shall be processed only for specific purposes and to the extent necessary for their achievement and for as long as necessary. Below are the main purposes that the Companies pursue through the processing of personal data and the corresponding processing periods:

Purpose of processingDescriptionLegal basisProcessing period
Provision of documentation on the Company’s productsRunning the WebsiteConsent of the data subject (Article 6(1)(a) of the GDPR)Until consent is withdrawn
Assertion or defence against claimsAssertion or defence against claimsAssertion or defence against claimsAssertion or defence against claims

 Notwithstanding the above periods, your data may be processed by the Companies:

(a) for the purpose of establishing or asserting civil law claims in the course of business activities conducted by the Companies, and also for the purpose of defending against such claims – for the relevant periods of limitation, generally no longer than 3 years from the occurrence of the event that gives rise to the claim, and
(b) for the purpose of demonstrating compliance with obligations arising from the settlement of public funding – for the relevant periods indicated in contracts and relevant legislation governing the award of funding, typically 5-year periods.

  1. Transfer of Personal Data to Other Recipients

    5.1 Transfer of Personal Data Outside the Company Personal data may be transferred to recipients outside the Company, including:

    (a)entities processing personal data on behalf of the Company, such as:
    (i) providers of IT support services for IT systems or tools used in processing personal data or similar services;
    (ii)providers of document archiving services;
    (iii)entities providing mail preparation and mailing services.

    These entities do not independently decide how to process your personal data. Their processing activities are limited to what is necessary for the Company’s business and will not extend beyond the purposes outlined in section 4. The Company exercises control over these entities through the right to conduct audits and by incorporating appropriate contractual provisions to safeguard your privacy.

    (b)other controllers of personal data, including:
    (i)entities granting or settling public funds (if cooperation with the Counterparty involves the implementation of a project for which public funds have been granted);
    (ii)entities involved in the transaction insurance process;
    (iii)Economic Information Bureau;
    (iv)financial institutions engaged in the execution and settlement of contracts;
    (v)courier or postal service providers;
    (vi)consultancy providers, auditing entities, and law firms;
    (vii)other Counterparties or subcontractors involved in contract performance;

    (c)other individuals within the organization of a relevant Counterparty or subcontractor.

    5.2 Data Transfer Outside the European Economic Area (EEA)

    Personal data provided to entities outside the Azoty Group may also be processed in a country outside the European Economic Area (“EEA”), which comprises EU Member States, Iceland, Liechtenstein, and Norway.

    Your data may be transferred outside the EEA (i) to a client, supplier or business partner of the Companies, to fulfil obligations under a contract between a company from the Azoty Group, and the Counterparty, or (ii) to entities providing IT systems and hosting services.

    If your personal data is transferred outside the EEA, the Companies will implement appropriate safeguards to ensure compliance with data protection principles. These safeguards may include an entrustment agreement between the companies and the recipient based on standard data protection clauses approved by the European Commission or ensuring that the transfer takes place to a jurisdiction which is subject to a European Commission decision on adequate protection of personal data.

    You have the right to request additional information about data transfers outside the EEA and obtain a copy of the relevant safeguards, exercising your rights as outlined in section 6.
  1. Counterparties’ Rights and the Exercise Thereof

    6.1 Rights vested
    Each individual has the right to access his or her personal data processed by the Company. If you believe that any information relating to your person is inaccurate or incomplete, please submit a request for correction as outlined in section 6.2 below. The Company shall promptly rectify such information.

    Additionally, you have the right to:
    (a) withdraw your consent where the Company has obtained such consent to process your personal data (bearing in mind that such withdrawal will not affect the lawfulness of processing conducted before the withdrawal)
    (b) request the erasure of your personal data in cases specified by the provisions of the GDPR;
    (c) request the restriction of the processing of your personal data
    in cases specified in the provisions of the GDPR;
    (d) object, on grounds relating to your particular situation, to the processing of your personal data when such processing is carried out for the purposes of public interest or the legitimate interests of the Companies or a third party;
    (e) data portability, i.e., receiving the personal data provided to the Company in a structured, commonly used, and machine-readable format, and requesting the transfer of such personal data to another controller, without hindrance from the Company, and subject to the Company’s confidentiality obligations.

    The Company will verify your requests, demands or objections in accordance with the applicable personal data protection regulations. However, it should be borne in mind that these rights are not absolute; the rules provide for exceptions to their application.

    In response to your request, the Company may ask you to verify your identity or provide information to better understand the situation. The Company will make every effort to explain its decision if your requests are not met.

    6.2 Exercise of your rights

    To exercise the aforementioned rights, please send an email to the Data Protection Officer of Grupa Azoty Polyolefins S.A. at adogapoly@grupaazoty.com.

    If you become aware of unlawful processing of your personal data by the Companies, you have the right to lodge a complaint with the supervisory authority competent in matters of personal data protection, i.e., the President of the Office for Personal Data Protection.

    In order to ensure that personal data is up-to-date and accurate, we may from time to time ask you to verify and confirm the personal data we have about you or to inform us of any changes concerning the personal data (e.g. change of email address). We encourage you to regularly check the accuracy, validity, and completeness of the personal data we process.

  1. Updates to the Information Clause

    This clause was last updated on [12/10/2023] and may be subject to further changes. If required by law, any information regarding future changes or additions to the processing of personal data described in this clause that may refer to you will be communicated via the Website.

Counterparty’s Declaration

Niniejszym oświadczam, iż:
(a) I have read the information clause for the Counterparties;

(b) I undertake to make the content of the information clause immediately available to all persons whose personal data I am providing to the Company on the basis of the provisions of this clause.

APPENDIX 1

Companies from the Grupa Azoty processing personal data for the purposes of cooperation with contractors

 COMPANY NAMECOMPANY ADDRESSCONTACT DETAILS OF THE DATA PROTECTION OFFICER/DATA ADMINISTRATOR
1Grupa Azoty S.A. of TarnówTarnów, 33-101, ul. E. Kwiatkowskiego 8iod.tarnow@grupaazoty.com
2Grupa Azoty „KOLTAR sp. z o.o. of TarnówTarnów, 33-101, ul. E. Kwiatkowskiego 8iod.koltar@grupaazoty.com
3Grupa Azoty Zakłady Azotowe Kędzierzyn S.A. of Kędzierzyn-KoźleKędzierzyn-Koźle, 47-220, ul. Mostowa 30Aiod.zak@grupaazoty.com
4ZAKSA S.A.Kędzierzyn – Koźle, 47-223, ul. Mostowa 1Aiod@zaksa.pl
5Grupa Azoty Kopalnia i Zakłady Chemiczne Siarki „Siarkopol” S.A. of GrzybówStaszów, 28-200, Grzybówiod.siarkopol@grupaazoty.com
6Grupa Azoty Zakłady Chemiczne „Police” S.A. of PolicePolice, 72-010, ul. Kuźnicka 1iod.police@grupaazoty.com
7Grupa Azoty Police Serwis Sp. z o.o.Police, 72-010, ul. Kuźnicka 1iod.gaps@gruopaazoty.com
8Grupa Azoty Transtech Sp. z o.o.Police, 72-010, ul. Kuźnicka 1iod@transtech.pl
9Grupa Azoty Polyolefins S.A.Police, 72-010, ul. Kuźnicka 1adogapoly@grupaazoty.com
10Zarząd Morskiego Portu Police sp. z o.o.Police, 72-010, ul. Kuźnicka 1ochronadanych@portpolice.pl
11„KEMIPOL” sp. z o.o.Police, 72-010, ul. Kuźnicka 6amodrzejewska@kemipol.com.pl
12Grupa Azoty Polskie Konsorcjum Chemiczne sp. z.o.o. of TarnówTarnów, 33-101, ul. E. Kwiatkowskiego 7iod.pkch@grupaazoty.com
13Grupa Azoty AUTOMATYKA sp. z o.o.Tarnów, 33-101, ul. E. Kwiatkowskiego 8iod.automatyka@grupaazoty.com
14Grupa Azoty PROREM sp. z o.o.Kędzierzyn – Koźle, 47-220, ul. Mostowa 24Diod.prorem@grupaazoty.com
15Grupa Azoty „Compounding” sp z o.o.of TarnówTarnów, 33-101, ul. Chemiczna 118iod.compounding@grupaazoty.com
16Grupa Azoty Zakłady Azotowe „Puławy” S.A. of PuławyPuławy, 24-110, al. Tysiąclecia Państwa Polskiego 13iod.pulawy@grupaazoty.com
17Agrochem Puławy” sp. z o.o.Człuchów, 77-300, ul. Mickiewicza 5iod@agrochem.com.pl
18SCF Natural sp. z o.o.Fajsławice, 21-060, Suchodoły 120biuro@scfnatural.pl
19Grupa Azoty „FOSFORY” sp. z o.o.Gdańsk, 80-550, ul. Kujawska 2dpo@fosfory.pl
20STO-ZAP sp. z o.o.Puławy, 24-110, al. Tysiąclecia Państwa Polskiego 13stozap@interia.pl
21REMZAP sp. z o.o.Puławy, 24-110, ul. Ignacego Mościckiego 12odo@remzap.pl
22Grupa Azoty Zakłady Azotowe Chorzów S.A.Chorzów, 41-503, ul. Gabriela Narutowicza 15iod.zach@grupaazoty.com
23PROZAP sp. z o.o.Puławy, 24-110, al. Tysiąclecia Państwa Polskiego 13prozap@prozap.com.pl
24„Bałtycka Baza Masowa” sp. z o.o.Gdynia, 81-341, ul. Węglowa 3bbm@bbm.gdynia.pl
25Grupa Azoty Jednostka Ratownictwa Chemicznego sp. z o.o.Tarnów, 33-101, ul. E. Kwiatkowskiego 8iod.jrch@grupaazoty.com
26Grupa Azoty ATT Polymers GmbH Forster Straße 72; D-03172 Guben, Germanydr.manfred.braun@t-online.de
27COMPO EXPERT GmbHKrögerweg 10, 48155 Münster, Deutschlanddatenschutz@dsb-ms.de
28Grupa Azoty Energia sp. z o.o.Tarnów, 33-101, ul. E. Kwiatkowskiego 8ga.energia@grupaazoty.com