Personal data processing rules
The purpose of this document is to outline the rules and actions regarding the collection, processing, and protection of personal data by Marmite with regards to the requirement of the EU General Data Protection Regulation (GDPR).
We assure that we apply technical and organizational measures with the utmost care so that your personal data are protected in the best possible way. We protect your data against unauthorized access, as well as other cases of disclosure, loss or unauthorized modification.
§1 Controller of your personal data
The entity responsible for the processing of personal data is:
Marmite sp. z o.o.
Zakrzewo at ul. Przemysłowa 4
KRS number: 0000581685
(+48) 618 945 000
(hereinafter referred to as: the “Controller”)
You can contact our data protection officer at:
+48 721 060 420
Or by mail via the address stated above.
§2 Personal data we process
We process personal data that we receive from you while using our website and, if applicable, during our business relationship.
In the case of purely informational use of our website, i.e., if you do not submit information to us through a form, we only collect the personal data that your browser transmits to our server. When you access our website, we collect access data, which is technically necessary for us to present our website to you and to ensure stability and security.
The access data includes:
- the IP address, date and time of the request, time zone,
- content of the request (i.e. name of the specific website accessed),
- access status/HTTP status code,
- amount of data transferred in each case,
- referrer URL (previously visited page),
- operating system and its interface, language and version,
- type of browser software,
- notification of successful retrieval.
Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, address, e-mail, telephone number and, if applicable, the data that you send us in the message (hereinafter referred to as “contact data”).
§3 Legal basis of processing your personal data
We process personal data in accordance with the GDPR for the following purposes and based on the following legal grounds:
|If you have given us consent to process personal data for certain purposes, in particular for contacting you (via our contact form or by e-mail for processing and handling the enquiry, sending newsletters, advertising by telephone, e-mail, SMS), this processing is lawful on the basis of your consent.
You may revoke given consent at any time with effect for future processing. You can send the revocation to the above contact details or to firstname.lastname@example.org.
|Consent, Art. 6 para 1 sentence 1 lit. a GDPR|
|When contacting us (via contact form or e-mail) to send us a message, make an inquiry or report a claim, your personal data will be processed for the respective purposes.||Performance of a contract or execution of pre-contractual measures upon request of the person, Art. 6 para 1 lit b GDPR|
|When you visit our website for the first time, we will ask you whether you wish to consent to the use of non-essential cookies. (The use of essential cookies does not require your consent.)
More on cookies and how you can manage them, see section “Cookies” https://marmite.eu/cookie-policy
|Consent, Art. 6 para. 1 sentence 1 lit. a GDPR|
|When you login into your pro user account, we process your personal data to give you access to the section of our website for professionals.||Performance of a contract or execution of pre-contractual measures upon request of the person, Art. 6 para 1 lit b GDPR|
|We process your access data to safeguard our legitimate interests or those of third parties. We pursue the following legitimate interests:
||As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR|
§4 Recipients of your personal data
Within the organization, departments that need to know your data to fulfill our contractual and regulatory obligations can access your data.
In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.
Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose your data to third parties only if this is required, for example, under Art. 6 para. 1 sentence 1 lit. b GDPR for contractual purposes or based on legitimate interests pursuant to Art. 6 para 1 sentence 1 lit. f GDPR in the economic and effective operation of our business or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties.
We may share your personal data with the following categories of recipients and data processors:
- entities rendering accounting and tax services for our company,
- entities providing legal services for our company,
- entities servicing and managing our IT system,
- entities providing courier or postal services for our company,
- banks – if it is necessary to make settlements,
- insurance companies which adjust claims,
- state authorities or other entities authorized under legal regulations – to perform duties imposed on us,
- in the case of data obtained in connection with direct marketing – marketing agencies.
§5 Period of data storage
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.
Applicant data will be deleted after six months in the event of a rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after five years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.
We are legally obliged to store personal data in the context of performing contracts and complying with fiscal obligations. The according retention periods to the records apply.
§6 Transfer of personal data to third countries or international organizations
The data provided will be processed within the European Union and in the USA. For countries without an adequacy decision by the Commission according to Article 45 GDPR, as is the case with the USA, we generally agree on EU standard contractual clauses with the recipients of your data or obtain your consent for the data transfer. Furthermore, transfer of data is based on a Data Transfer Impact Assessment.
Note: The protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there are no enforceable rights to protect your data against access by government authorities. Therefore, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.
§7 Your rights as a data subject
In connection with the processing of your personal data by us, you have the following rights:
- The right to information about personal data processing: you have the right to obtain from us information about the purposes and grounds for personal data processing, the scope of data stored, entities to which they are transferred, and the planned date of data erasure.
- The right to access your data and receive their copy: you have the right to receive a copy of the data processed which concern you.
- The right to rectify (correct) personal data: you have the right to request that we remove incompatibilities or errors regarding your data and demand them to be supplemented or updated – if they turn out to be incomplete or out-of-date.
- The right to restrict processing of personal data: you have the right to demand that we cease to perform certain operations on your personal data.
- The right to erase personal data: you have the right to demand that we erase data whose processing is no longer necessary for the purposes for which they have been collected (the so-called “right to be forgotten”).
- The right to data portability: you have the right to obtain from us personal data concerning you which you provided to us based on a contract or your consent, in a structured, commonly used machine-readable format. You can request us to forward your data directly to another controller (if it is technically possible).
- The right to object to the processing of personal data: “marketing” objection – you have the right to object to the processing of your data to conduct direct marketing; if you exercise this right – we will stop processing data for this purpose. Objection in a specific case – you also have the right to object to the processing of your data based on a legitimate interest for purposes other than direct marketing, and when processing is necessary for us to perform a task carried out in the public interest or to exercise public authority entrusted to us. In this case, you should indicate to us your specific situation which in your view justifies the cessation of processing covered by the objection. We will stop processing your data for these purposes, unless we demonstrate that the basis for processing of your data is superior to your rights, or that your data are necessary to us to establish, exercise or defend claims. Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs. If possible, any objection should be addressed to the above-mentioned address or email.
- The right to revoke consent to the processing of personal data: if personal data are processed based on your consent, you have the right to revoke your consent at any time (revocation of your consent will not affect the lawfulness of the processing carried out prior to the revocation of your consent).
The above notifications and measures requested by you will be made available to you free of charge in accordance with Art. 12 para 5 GDPR.
To exercise your rights referred to in points a) to (h) hereinabove, all correspondence should be sent via post or e-mail to the following address: Marmite sp. z o.o., Zakrzewo, ul. Przemysłowa 4, 62-070 Dopiewo, e-mail: email@example.com. In addition, you can revoke your consent via the revocation form available on our website. Before complying with your rights, we will have to ensure that you are really you, i.e., identify you accordingly.
If you believe that we are processing your personal data in violation of the provisions of the GDPR or other legal acts regulating personal data protection, you have the right to lodge a complaint to the President of the Office for Personal Data Protection.
§8 Automated individual decision-making, including profiling
In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
§9 Information on source of data/voluntary provision of data
Providing personal data by you is voluntary. However, if you do not provide the data which are necessary, for example, to render certain services by us or provide you with a response to your request, it may prevent us from taking specific actions.
In addition, if you raise objection regarding our direct marketing, you will not be informed about our marketing activities.
In the situation of performing a contract, we obtained your data from our contractor who indicated you as a contact person and provided us with data regarding your name, surname, e-mail address and telephone number. If we have obtained your data from another source, we will provide you with relevant additional information in this regard.
§10 Data processing through cookies and similar technologies
Some cookies are deleted when you end the browser session, i.e. after you close your browser (“session cookies”). Other cookies remain on your device for a specified duration unless you delete these cookies manually beforehand.
Cookies may be technically necessary for the provision of a website. Prior consent by the user is not required for these cookies. Other cookies require consent by the user before being used. These cookies increase the functionality of a website or are used for marketing or collecting statistics to improve the website.
If cookies are set, they collect and process personal data to an individual extent, such as browser and device information, as well as IP addresses.
In addition, we and any services that we embed in our website may use the web storage on your device. Here, information is stored locally in the cache of your browser. The stored information is either automatically deleted again after closing the browser window (“session storage”) or continues to exist so that it can be retrieved when you visit the website again (“local storage”) unless you delete your browser cache (“browser data”).
We store information or cookies on your device according to Article 5(3) of the ePrivacy Directive if this is technically necessary to provide you with our website. Otherwise, the collection of data is generally only based on your express consent. Insofar as individual cookies also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO for the execution of the contract, in accordance with Art. 6 para. 1 lit. f DSGVO, to protect our legitimate interests in a reliable and secure provision of our website or in accordance with Art. 6 para. 1 lit. a DSGVO as a result of your consent.
§11 Processing of applications
Your application data will be screened by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department responsible for the respective open position. There a decision will be made on the further procedure. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application procedure.
An application will be answered within one month of its receipt. If it becomes necessary to extend this deadline, we will inform you of the reasons for such an extension.
Your application should, if possible, precisely indicate the subject of the request. If we are not able to identify the person submitting the application or determine the content of the request, we will ask the applicant for additional information.
§12 Processing of personal data in the context of the use of external online services
§12.1 Google Analytics
We use the web analytics service Google Analytics from Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) hereinafter “Google”.
Google processes the data for us to evaluate the use of our website by the website visitors, to create reports about the activities within our website and to provide further services connected with the use of our website. In doing so, pseudonymous usage profiles of the website visitors are created from the processed data.
During your visit to the website, the following information is collected, among other things:
- Pages viewed,
- Achievement of contact targets, such as contact requests or newsletter sign-ups,
- Your use of our website, for example clicks and time spent on one of our pages,
- Your approximate location (country),
- Your IP address (in shortened form, so that no clear assignment is possible),
- Technical information such as browser type, internet provider used, terminal device and screen resolution,
- Via which website or advertising medium you came to us.
Recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other, non-personal data remain stored in aggregated form for an unlimited period of time. The IP address transmitted by your browser will not be merged with other data from Google.
We use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within the European Union or European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
You can also opt-out from Google Analytics via a browser add-on, which you can download here: https://tools.google.com/dlpage/gaoptout?hl=en
Further information on data processing by Google, setting and objection options can be found on the Google website at https://policies.google.com/technologies/partner-sites.
§12.2 Google Tag Manager
We use the Google Tag Manager service from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, based on your consent.
The Google Tag Manager is a service that organizes the loading of additional tools – especially analytics tools. Google receives your IP address when the Google Tag Manager is loaded. The Google Tag Manager servers are usually located in Ireland, but also in the USA.
There are corresponding risks associated with processing your data in the USA. Please note that US authorities, such as intelligence agencies, could potentially gain access to personal data exchanged with Google through the integration of this service due to US laws such as the Cloud Act.
By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 (1) p. 1 lit. a GDPR.
For more information on Google Tag Manager, please see Google’s privacy notice at https://www.google.de/intl/de/policies/privacy/.
We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and can be played directly from our website. The legal basis for the use of YouTube is your consent in accordance with Art. 6 (1) p. 1 lit. a) and Art. 49 (1) p. 1 lit. a GDPR.
The videos are integrated in such a way that data about you as a user is only transmitted to YouTube when you play the videos. We have no influence on the data transmission to Google that then takes place.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website and data on location (GPS data), IP address and devices used, including information on objects in the vicinity of your device, such as WLAN access points, radio masts and Bluetooth-enabled devices, as well as sensor data from your device (see YouTube privacy information of the provider). This is done regardless of whether you are logged in to Google or YouTube. If you are logged in, however, your data may be assigned to your account. If you do not wish to have your data associated with your YouTube profile, you must log out before activating a video. YouTube stores your data in case you are logged in as user profiles and uses them for purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
The processing of data within the scope of this service also takes place in the USA. The information generated by the cookies about the use of our website is usually transferred to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 p. 1 lit. a GDPR.
For more information about the purpose and scope of data collection and processing by YouTube, please see the privacy information. There you will also find further information about your rights and setting options to protect your privacy:
§13 Social media
You can find us on social networks and platforms, so that we can also communicate with you there and inform you about our services.
We point out that your data may be processed outside the European Union / European Economic Area and that the data is usually processed for market research and advertising purposes. Profiles can be created from the usage behavior and resulting interests of the users. These profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the computers of the users, in which the usage behavior and the interests of the users are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them.
We only link to our company profiles on the respective social networks on our website. However, please note that when you click on a link to the social networks, data is transmitted to their servers. If you are logged in to the respective social network at this time with your username and password, the information that you have visited our company profile on the respective social network from our website will be transmitted there and the respective provider can store this information in your user account.
In principle, we have no influence on the data processing of the social networks. However, we receive statistics from them about the use and visits of our company profile in their social network (e.g. information about the number of views, interactions such as likes and comments as well as summarized demographic and other information or statistics). For more information about the data processed by the social networks, please see the respective privacy notices linked below.
Insofar as we receive your personal data in the context of our social media profiles (e.g. in the context of a communication), you are entitled to the rights mentioned in this privacy notice. You can address your requests regarding data processing within the scope of our company profiles to us via the contact data mentioned above.
If you also wish to exercise rights against the provider of the social network, the easiest way to do so is to contact the respective network directly. The network knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in the privacy notice linked below. We will also be happy to support you in exercising your rights, insofar as this is possible for us.
The processing of your personal data is generally based on your consent in accordance with Art. 6 para 1 sentence 1 lit. a GDPR. The legal basis is also Art. 6 para 1 lit. b GDPR if we receive and process your data as part of a contract-related inquiry. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 para 1 lit. f GDPR based on our legitimate interest in our corporate communication in the respective social networks.
For information on the respective processing and the objection options, we refer to the privacy notice of the networks linked below:
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and making new business contacts – privacy information https://www.linkedin.com/legal/privacy-policy , opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Google YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), video portal – privacy information: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated