INTRODUCTION

Regardless of who you are, we take the security of your personal data very seriously. Below, you will find information about what personal data we collect and how we process it. Additionally, you will receive information about your rights under applicable laws. If you have any questions or concerns, please feel free to contact us at the address provided below.

WHO WE ARE

Our organization is Auto Cuby Sp. z o.o. with its registered office at 84-241 Gościnino, ul. Przemysłowa 2, registered in the National Court Register maintained by the District Court Gdańsk-Północ in Gdańsk, VIII Economic Department of the National Court Register under the number KRS: 0000382450, NIP: 5882375904, phone: +48 509-388-082, email address: sekretariat@autocuby.eu (hereinafter referred to as “AUTO CUBY”). AUTO CUBY is a manufacturer of minibuses and buses, as well as professional bodywork for minibuses and buses. In terms of applicable data protection law, AUTO CUBY is the data controller. Therefore, we take all necessary measures required by the law to ensure the security of your personal data. If you have any doubts regarding the processing of personal data by AUTO CUBY, please contact us at tel. +48 509-388-082 or email: sekretariat@autocuby.eu.

BASIC INFORMATION ON PERSONAL DATA PROTECTION By processing personal data, we mean activities such as collecting, recording, organizing, sorting, storing, adapting, changing, retrieving, consulting, using, disclosing, disseminating, or making available in any other way, aligning or combining, restricting, deleting, or destroying personal data. Personal data includes any information related to an identified or identifiable natural person. This Privacy Policy applies to the personal data of customers, contractors, interested parties, applicants, guests, job candidates, or collaborators.

WHAT PERSONAL DATA DO WE PROCESS? When you contact us in any capacity, we potentially collect your personal data. For example:

• If you are interested in our services and contact us in this regard,
• When you contact us via email, mail, or phone,
• When you use our services in connection with existing business relationships,
• When you apply for a job or collaboration position. Depending on the nature of your contact with us, we collect and use various types of personal data obtained from employees, contractors, job candidates, suppliers, and other individuals engaging in relationships with us. We process the following types of personal data:
• Personal identification data, e.g., name, address, email address, phone number, fax number,
• Contract-related data, e.g., customer number, order number, invoice-related data,
• Business-related data, e.g., company name, department, performed tasks,
• Information about your interests or preferences that you communicate to us directly or through provided communication channels,
• Information about your professional career, e.g., professional training, previous employers, other qualifications, and similar information.

SPECIAL DATA

Special data, such as revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, as well as the processing of genetic data, biometric data for the unique identification of a natural person, or data related to health, sexuality, or sexual orientation, are not collected or otherwise processed by AUTO CUBY.

PERSONAL DATA OF MINORS

Personal data of children or minors are not collected or otherwise processed by AUTO CUBY.

PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

1. CONTRACT PERFORMANCE We process your personal data for the purpose of entering into and performing contracts. This also applies to information you provide us in pre-contractual correspondence. The specific purposes of data processing depend on individual services, inquiries, and may also be used to analyze your needs and determine which products and services are suitable for you. The legal basis is Art. 6(1)(b) of the General Data Protection Regulation (GDPR). To perform the contract, we usually require your name, address, phone number, or email address to contact you, as well as billing information required by applicable laws (such as VAT ID or PESEL).
2. OFFERING GOODS AND SERVICES We also need your personal data to check if, and if so, which products and services we can offer you. The legal basis is Art. 6(1)(f) GDPR, which refers to the legitimate interest of the controller.
3. JOB APPLICATION PROCESS We process the personal data provided in your job application documents to assess whether your professional qualifications are suitable for the advertised position. We use your personal data exclusively for the recruitment process, and if employed, they become part of the employee records. If no contract is concluded, your personal data will be deleted or destroyed immediately after the recruitment process. The legal basis is Art. 22(1) of the Labor Code, and for personal data provided beyond the legal basis or in the case of collaboration recruitment, Art. 22(1a) of the Labor Code, i.e., consent.
4. ENHANCING AND OPTIMIZING CUSTOMER RELATIONS As part of our efforts to continually improve customer relations, we may occasionally invite you to participate in satisfaction surveys regarding our services. The survey results are used to adapt our services to better meet your needs. The legal basis may be the respondent’s consent (Art. 6(1)(a) GDPR) or, in justified cases, the legitimate interest of the controller (Art. 6(1)(f) GDPR).
5. PROCESSING AND ANALYSIS OF DATA FOR MARKETING PURPOSES To provide you with information about products and services that perfectly match your needs, we analyze data obtained from collaborating businesses and market research. The legal basis for processing personal data for marketing purposes is Art. 6(1)(f) GDPR. In some cases, legal consent is required for marketing activities, such as email or telecommunication-based marketing, and the legal basis is Art. 10 of the Electronic Services Act and/or Art. 172 of the Telecommunications Law. Consent for marketing purposes can be withdrawn at any time without affecting the lawfulness of processing before the withdrawal. The consent can be withdrawn by contacting us at sekretariat@autocuby.eu.
6. NEWSLETTER In some cases, we may offer our customers a newsletter. To send it, we only need your email address, and all other information is voluntary. Only after successfully completing the double opt-in process will you start receiving the newsletter. In this case, you have the right to view your consent declaration (legal basis for processing personal data is consent, Art. 6(1)(a) GDPR) or unsubscribe at any time. Unsubscribing will immediately remove your contact details from our newsletter distribution list. The effectiveness of electronic consent is subject to legal requirements, and we record the date and time of consent, the content of the consent declaration, your email address, and any other voluntarily provided information.
7. SECURITY MEASURES We use your personal data, among other things, in the following situations:

• Analyzing your data to protect you or your business from harmful actions, such as identity theft or unauthorized access to your email accounts.
• Ensuring information security.
• Recording and proving facts in case of potential legal disputes. The legal basis for processing personal data in this case is Art. 6(1)(f) GDPR, i.e., the legitimate interest of the controller in security.

8. PROCESSING BASED ON CONSENT You may consent to the processing of your personal data for one or more specified purposes. In such cases, you can withdraw your consent for future processing at any time without incurring any costs beyond the basic tariff charges (internet connection costs). The legal basis is Art. 6(1)(a) GDPR.
9. PROCESSING DUE TO LEGAL REQUIREMENTS As a company, we are subject to various legal requirements (e.g., tax law). To comply with our legal obligations, we process your personal data. The legal basis is Art. 6(1)(c) GDPR.

WHERE AND WHY WE TRANSFER DATA

1. USE OF DATA WITHIN AUTO CUBY Personal data will not be disclosed to entities other than those authorized by law or entities processing personal data on behalf of AUTO CUBY for the proper handling of internal processes, such as IT service providers. Such entities process data based on a contract with the administrator and only in accordance with its instructions, without using personal data for other purposes.
2. USE OF DATA OUTSIDE AUTO CUBY We respect your privacy and only share information about you when required by law, with your consent, or to fulfill contractual obligations. For example, there is a legal obligation to forward your personal data to entities such as:

• Public administration authorities, e.g., tax officials, customs officers;
• Employees of judicial authorities and law enforcement officers, e.g., police officers, court officials, prosecutors;
• Lawyers or notaries, e.g., in legal disputes;
• Transport service providers and freight forwarders;
• Organizers and providers of training services;
• Banks and financial service providers for handling financial matters. Our service providers To make our operations more efficient, we use services provided by external providers who may receive your personal data for the purposes described above, including IT service providers, printing and telecommunications service providers, debt collection agencies, consulting firms, or trade companies. To ensure that service providers operate in accordance with the same data protection standards applied in our company, we have prepared appropriate data processing agreements (data processing agreements). These agreements regulate, among other things, that:
• Third parties have access only to the data they need to perform their assigned tasks;
• Service providers grant access to your personal data only to employees who have fully committed to complying with data protection regulations;
• Service providers follow technical and organizational measures ensuring the security and protection of personal data;
• They regulate what happens to personal data after the business relationship between the service provider and our company ends. All such agreements comply with the requirements of Art. 28 GDPR. For service providers located outside the European Economic Area (EEA), we take special security measures (e.g., using specific clauses in contracts) to ensure that personal data is treated at the same professional level as in the European Economic Area. We regularly check all our service providers for compliance with our requirements in this regard. Very important: We do not sell your personal data to third parties under any circumstances!