GDPR Policy

Pursuant to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), Enerko Energy Sp. z o. o. provides the following information regarding the processing of personal data:

Personal data controller

The controller of Users’ personal data is Enerko Energy Sp. z o. o., ul. Skrajna 41a, 25-650 Kielce, entered into the Register of Entrepreneurs kept by the District Court in Kielce, 10th Commercial Division of the National Court Register under KRS no.: 0000408089, NIP (Tax Identification Number): 9591947172, REGON (National Business Register Number): 260578795.

Categories of personal data subject to processing

The Controller may process the following categories of personal data: identification data, addresses, contact details and possibly other data, provided that they are necessary for the purposes for which the data are processed by the Controller.

Purposes of personal data processing

The Controller may process personal data for the following purposes:

  1. xecution of the contract you have concluded with the Controller or undertaking action at your request, prior to the conclusion of the contract – pursuant to Art. 6 sec. 1 (b) of the GDPR;
  2. conducting direct marketing of the Controller’s products and services, which constitutes a legitimate interest of the Controller – pursuant to Art. 6 sec. 1 (f) of the GDPR;
  3. responding to your inquiries or correspondence addressed to the Controller, which constitutes a legitimate interest of the Controller – pursuant to Art. 6 sec. 1 (f) of the GDPR;
  4. fulfilling legal obligations incumbent on the Controller – pursuant to Art. 6 sec. 1 (c) of the GDPR;
  5. asserting or defending against claims, which constitutes a legitimate interest of the Controller – pursuant to Art. 6 sec. 1 (f) of the GDPR;
  6. enabling participation in recruitment processes conducted by the Controller both at present and in the future, provided that the Controller received appropriate notification – pursuant to Art. 6 sec. 1 (b) of the GDPR or Art. 6 sec. 1 (a) of the GDPR (if a candidate expressed consent to the processing of their personal data).

Source of personal data

The Controller shall process personal data provided by you or an entity that you are associated with.

The Controller may process personal data provided by other entities on condition that you have consented to share the said data with the Controller.

The Controller may also process data derived from publicly available sources.

Data recipients

The Controller may make personal data available to its subcontractors (entities whose services the Controller uses for data processing), including:

  1. IT services providers;
  2. accounting services providers;
  3. marketing services providers.

The Controller is entitled to make personal data available to other entities, provided that such an obligation results from legal provisions.

The Controller is also entitled to make personal data available to the entities participating in the execution of the concluded contract, provided that it is necessary for the execution of the contract.

The Controller shall not transfer personal data beyond the European Economic Area, except for making personal data available to Google LLC, which processes such data on behalf of the Controller in connection with the Controller’s use of Google Analytics. Data transfers beyond the European Economic Area as part of this service shall be made based on the standard contractual clauses.

Period of personal data processing

The Administrator may store your personal data for the following periods:

  1. in the case of data processed to execute the contract or undertake action at your request – for the period required by legal regulations and necessary to assert or defend against claims made against the Controller;
  2. in the case of data processed for marketing purposes – until you object to their processing for this purpose, withdraw your consent for such processing, or until the Controller decides to delete the data;
  3. in the case of data processed in order to respond to your inquiries or correspondence – for a period of 10 years from the date of issuing the inquiry or correspondence;
  4. in the case of data processed to fulfil legal obligations incumbent on the Controller – for the period required by legal regulations;
  5. in the case of data processed to assert or defend against claims – for the period of limitation of any potential claims;
  6. in the case of data processed to conduct recruitment processes – for the period of a given recruitment process (if such processing was based on Art. 6 sec. 1 (b) of the GDPR or for a period of three (3) years from the date of data collection (if such processing was based on Art. 6 sec. 1 (a) of the GDPR.

Data Subjects’ rights

You are entitled to the following rights:

  1. the right to access the personal data provided and obtain a copy of such personal data;
  2. the right to rectify personal data;
  3. the right to erase personal data;
  4. the right to request the restriction of personal data processing;
  5. the right to transfer personal data;
  6. the right to object to the processing of personal data;
  7. the right to submit a complaint to the supervisory body.

If the processing of personal data takes place based on your consent, you have the right to withdraw such consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing which had been carried out based on such consent before its withdrawal.

You may contact the Controller in order to exercise any of the above rights.

The Controller shall not make any decisions that affect you in that they are based solely on automated processing, including the profiling, unless you have granted your consent to making such a decision.