Arctic Paper SA | Arctic Paper Sverige

Information on the processing of personal data.

1. Who is who in this privacy policy?

We, i.e. the controller of your personal data, as described in section 3.

You, i.e. the natural person whose personal data we process.

2. What is GDPR?

GDPR is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

3. Who is the controller of your personal data and what are their contact details?

The controller of your personal data is us, namely:

Arctic Paper Kostrzyn S.A.

ul. Fabryczna 1, 66-470 Kostrzyn nad Odrą, Poland

KRS number: 0000306944

We have also appointed a Data Protection Officer, whom you can contact by email: [email protected]

4. For what purpose and on what basis do we process your personal data? How long do we keep them?

Choose your role from the list below:

Purpose of processing	Description of the legal basis	GDPR provision
Personnel recruitment – current recruitment processes	Fulfilment of legal obligations imposed on us by legislation (in particular Article 22¹of the Labour Code) – as far as the personal data provided for by the legislation is concerned	Article 6(1)(c)
	Consent – for personal data not provided for by legislation	Article 6(1)(a)

If you provide us with services or goods and are therefore our contractor or a representative of our contractor, we process your data as follows:

Purpose of processing	Description of the legal basis	GDPR provision
Contractor data processing – for the purpose of fulfilling a contract with a contractor or taking action prior to entering into a contract with a contractor	Necessity for the performance of a contract to which the data subject is party or for taking steps prior to entering into a contract	Article 6(1)(b)
Processing of contractor's representative data – for the purpose of fulfilling a contract with a contractor or taking action prior to its concluding a contract	Legitimate interest in being able to conclude and perform a contract between us and a contractor	Article 6(1)(f)
Performance of legal obligations related to the contract with the contractor	Fulfilment of legal obligations imposed on us by law, in particular tax and accounting obligations	Article 6(1)(c)
Redressing or defending against possible claims	Legitimate interest to establish, assert or defend against claims	Article 6(1)(f)

Contractor data processing – for the purpose of fulfilling a contract with a contractor or taking action prior to entering into a contract with a contractor

Purpose of processing: Contractor data processing – for the purpose of fulfilling a contract with a contractor or taking action prior to entering into a contract with a contractor
Description of the legal basis: Necessity for the performance of a contract to which the data subject is party or for taking steps prior to entering into a contract
GDPR provision: Article 6(1)(b)

Processing of contractor's representative data – for the purpose of fulfilling a contract with a contractor or taking action prior to its concluding a contract

Purpose of processing: Processing of contractor's representative data – for the purpose of fulfilling a contract with a contractor or taking action prior to its concluding a contract
Description of the legal basis: Legitimate interest in being able to conclude and perform a contract between us and a contractor
GDPR provision: Article 6(1)(f)

Performance of legal obligations related to the contract with the contractor

Purpose of processing: Performance of legal obligations related to the contract with the contractor
Description of the legal basis: Fulfilment of legal obligations imposed on us by law, in particular tax and accounting obligations
GDPR provision: Article 6(1)(c)

Redressing or defending against possible claims

Purpose of processing: Redressing or defending against possible claims
Description of the legal basis: Legitimate interest to establish, assert or defend against claims
GDPR provision: Article 6(1)(f)

Your data will be retained until the expiration of the statute of limitations for civil law claims and tax liabilities, and until the mandatory retention periods for accounting records have elapsed, as stipulated by civil, tax and accounting legislation.

Purpose of processing	Description of the legal basis	GDPR provision
Correspondence management and documentation	Legitimate interest to ensure continuity of business actions consisting of correspondence in connection with business activities	Article 6(1)(f)

5. Where do we get your personal data from?

In most cases, we obtain your personal data directly from you.

However, if you are a representative of our contractor who supplies us with goods or services, we obtain personal data such as:

identifying information (e.g. name, surname),
contact details (e.g. e-mail address, telephone number, fax number).

If you are our customer, our customer's representative, our contractor, or our contractor's representative, we also verify (obtain) the data contained in public registers, i.e. the Central Register and Information on Economic Activity (CEIDG) and the National Court Register (KRS).

6. To whom do we transfer your personal data, i.e. who will be the recipient of your data?

Recipients of your personal data may be:

providers of services to us, in particular IT, hosting, security, accounting, bookkeeping, document destruction, repair of business equipment, agency, postal, transport, courier, audit, legal, consultancy,
public authorities.

7. Will your personal data be transferred to a third country (i.e. a country outside the European Economic Area) or an international organisation?

Your data will only be processed within the European Union/European Economic Area and shall not be transferred to a third country (outside the European Union/European Economic Area). Your data shall not be transferred either to any international organisation.

8. What rights do you have as we process your personal data?

You have the right to object at any time to the processing of your data based on legitimate interests, on grounds relating to your particular situation.

In addition, you are entitled to the following rights:

You have the right to request access to your personal data, and to receive a copy of the data that we process free of charge,
the right to request the rectification of your personal data, if it is incorrect or incomplete,
the right to delete your personal data. We are obliged to delete your personal data if we have no legitimate interest in storing it,
the right to request the restriction of the processing of your personal data under certain circumstances, e.g. if you have requested rectification of your data and we need to control this,
the right to data portability, which means that you have the right to transfer your personal data to another controller upon request.

If the processing of your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before the withdrawal.

You also have the right to lodge a complaint with the President of the Personal Data Protection Office.

9. Is the provision of personal data voluntary?

The provision of personal data is necessary:

for conducting recruitment processes, or
for the performance of concluded contracts or pre-contractual actions, or
for the correspondence in connection with our business activities, or
for the fulfilment of our legal obligations.

If data is not provided, the above actions cannot be carried out.

10. What about automatic decision-making?

We will not make decisions about you that are based solely on automated processing, including profiling, and that produce legal effects or otherwise materially affect you in a similar way.

11. Changes to this Privacy Policy

This Privacy Policy will be reviewed and updated once a year, if necessary. If we make any material updates to our processing of your personal data, we will notify you of such changes and obtain your consent where necessary. Non-material changes will be reflected in this Privacy Policy, and we encourage you to review it regularly. This Privacy Policy was updated on 2 January 2025.

Privacy Policy of Arctic Paper SA