Smulders Projects Poland Sp. z o.o.
PRIVACY POLICY

INTRODUCTION
In the exercise of its activities, Smulders Projects Poland Sp. z o.o. (hereinafter: “Smulders” or “Controller”) processes various data, both commercial and Personal data. If the data may be considered personally identifiable information – they shall be recognised as Personal Data.

Smulders values your privacy and takes the protection of Personal Data very seriously. This Privacy Policy describes the policy of Smulders, and the main measures taken regarding the privacy of the data subjects, including the users of this website.

Furthermore, this Privacy Policy describes what Personal Data we process from you, on what basis, why and how long we keep it and where do we transfer them. This Privacy Policy also informs you of your rights and how to exercise them.

DEFINITIONS
Scope
This Privacy Policy applies to you, when you:
– visit our website, available at https://smuldersprojectspoland.pl or our social media profiles,
– cooperate with us based on a contract or an agreement signed by the entity you represent or for which you act,
– contact us electronically (via e-mail or contact form) or by post.

Controller
Smulders, with registered office in Żary (68-200), ul. Fabryczna 14, registered in the register of entrepreneurs kept by the District Court in Zielona Góra, VIII Economic Division of the National Court Register under the KRS number 0001044103, NIP: 9280007159, REGON: 970517284, share capital in the amount of PLN 8 665 045,00, is the website provider and provider as well as the controller of your Personal Data. When processing your Personal Data, we will comply with applicable laws, including the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”), as well as the Act of 10 May 2018 on the protection of Personal Data and the guidelines of the relevant supervisory authorities.

The Controller processes all Personal Data in accordance with the principles set out in Article 5 of the GDPR, i.e., in a transparent, fait, lawful manner and limited to the necessary scope.

For more information in connection with the processing of your Personal Data, you can always contact our privacy responsible at info.spp@smulders.com.

1. What Personal Data is processed?
We collect and process various Personal Data from the users of our website, persons visiting our social media profiles, our contractors, their representatives and people contacting us. These may include i.e. the following Personal Data:
a) If you are a user of our web site or visit our social media profiles:
– Information about your computer or mobile device and your visits and use of the Website, including your IP address, operating system, browser type and geographic location.
b) If you contact us via e-mail, the contact form or via post:
– Personal identification data, such as first and last name, mobile phone number, mailing address or e-mail address.
– Other information that you provide to us in accordance with the correspondence, including information provided in the field ‘Message Content’.
c) If you cooperate with us based on a contract or an agreement signed by the entity you represent or for which you act:
– Personal identification data, such as first and last name, business contact details, such as mobile phone number, mailing address or e-mail address, job position.
Through our website, we do not process special categories of Personal Data as defined in Article 9 of the GDPR. The legal bases for processing Personal Data are specified in the further sections of the privacy policy.

2. Why is this Personal Data being processed and what is the legal basis for the processing?
Your Personal Data is processed for the following purposes:

WEBSITE
a) for the provision of electronic services in terms of providing users with access to the content collected on the website – the legal basis for processing Personal Data is the necessity of processing for the performance of the contract for the provision of electronic services (Article 6(1)(b) GDPR).
b) for analytical and statistical purposes – the legal basis for processing Personal Data is our legitimate interest (Article 6(1)(f) GDPR), which involves analyzing your activities as well as your preferences to improve the functionalities used and the services provided.

COOPERATION
a) for the purpose of entering into, executing and monitoring a contract concluded with us, including in particular for the purposes of contact, performance of information duties, interaction in the performance of the contract or arrangements – in which case the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) GDPR), and if you are not our customer or contractor (but e.g. an employee of the contractor, a representative of the contractor) the legal basis for the processing is the fulfilment of the Controller’s legitimate interest (Article 6(1)(f) GDPR), which involves performing the contract concluded with our customer or contractor.

CONTACT
a) to contact you in order to handle your request sent by email, contact form or post, to contact you in relation to our contract or other arrangements, to conduct further correspondence with you – the legal basis for processing Personal Data is our legitimate interest (Article 6(1)(f) GDPR), which involves responding to an inquiry about our business or other request for contact from you or to enter into or perform a contract with the person or entity you represent; If the correspondence concerns a contract that is to be concluded or has been concluded – the legal basis for processing Personal Data is the necessity of the processing for the performance of the contract or the necessity to take steps prior to entering into such a contract at your request (Article 6(1)(b) GDPR);
b) in the case of marketing correspondence, we also process your data to promote our Products or business – the legal basis for processing Personal Data is our legitimate interest as the Controller (Article 6(1)(f) GDPR), which involves the promotion of the Controller’s products or activities.

SOCIAL MEDIA
a) to maintain our social media profile, to inform you about our activities and to promote various events and our products – the legal basis for processing Personal Data is our legitimate interest as the Controller (Article 6(1)(f) of the GDPR) to promote our own brand and products.

Facebook
We use Meta Platforms plug-ins on our website. By clicking on them, you enter our Facebook profile. In this case, your data, in particular such as information about the web browser or application you are using, online identifiers, including IP addresses and, where provided, Facebook-related identifiers (such as mobile operating system advertising IDs), as well as information regarding your advertising provision status are transmitted to Facebook or Instagram. About this data, Facebook (Meta Platforms Ireland Limited) and the Controller are joint controllers in accordance with Article 26 GDPR.

Information on how Facebook processes your Personal Data, including the legal basis and how to exercise your rights, can be found in Facebook’s privacy policy available at: https://www.facebook.com/about/privacy.

More detailed information on the joint control of Personal Data between Facebook and Smulders can be found in the joint controllers supplement available at: https://www.facebook.com/legal/controller_addendum.

LinkedIn
When you visit our company profile on LinkedIn, it will also process your Personal Data submitted to LinkedIn, in particular such as your job function, country, industry, job level, company size and employment status. In addition, LinkedIn will process information about your interactions with the Controller’s company page. In connection with this processing, LinkedIn (LinkedIn Ireland Unlimited Company), together with Smulders, are joint controllers of your Personal Data in accordance with Article 26 of the GDPR in relation to the Personal Data contained in the information on pages provided by LinkedIn to the Controller. The page information provided to the Controller contains aggregated data and LinkedIn will not transfer your data to the Controller or allow the Controller to link it to you.

For information about LinkedIn’s processing of your Persona Data, please refer to the privacy policy available at: https://www.linkedin.com/legal/privacy-policy?#use.

For more detailed information on the joint control of your Personal Data between LinkedIn Ireland and Smulders, please see the Joint Controller Addendum available at: https://legal.linkedin.com/pages-joint-controller-addendum

OTHER
a) to comply with legal obligations imposed on the Controller, such as the provision of information and documents required by public administration authorities – the legal basis for processing is the necessity to comply with a legal obligation imposed on the Controller (Article 6(1)(c) GDPR).
b) for the marketing of our products and services – the legal basis for processing in our legitimate interest (Article 6(1)(f) GDPR), which involves the marketing of the Controller’s products or services.
c) to establish or assert or defend against claims – the legal basis for processing in our legitimate interest (Article 6(1)(f) GDPR), which involves establishing, asserting, or defending against claims.

3. Source of Personal Data
In most cases, you are the direct source of the Personal Sata that are processed by the Controller. In some cases (e.g. collaboration), we may have received your Personal Data from your employer or another entity, including an entity you cooperate with. Personal Data may also have been obtained from publicly available sources.

4. Transfer to third parties
Your Personal Data will be shared only with entities that need access to it to fulfill our obligations or provide services, and only to the extent necessary to perform these actions. The recipients of your Personal Data may include::
a) entities within the Smulders Group (e.g. Iemants NV, Belgium) and the Eiffage Group depending on the nature of the cooperation;
b) entities providing services to us, i.e. operating our IT systems, hosting, website management, cloud computing, advertising agencies, entities providing consultancy, legal, debt collection, accounting and auditing services, in particular:
– the provider of our email system – if we correspond by email;
– social media providers;
– statistical research and analysis providers.

Together, we make every effort to adequately secure your Personal Data.

Your Personal Data will not be sold, rented, distributed, or otherwise made commercially available to third parties except as described above or with your prior consent.

On rare occasions, we may be required to disclose your Personal Data pursuant to comply with mandatory laws or regulations. Therefore, we reserve the right to disclose selected information concerning you to the competent authorities or third parties who request such information on the appropriate legal basis and in accordance with the applicable law.

5. Data transfer to the third countries (outside the EEA region)
As a general rule, your Personal Data is processed within the European Economic Area (hereinafter ‘EEA’). If the Controller enters into cooperation with an entity outside this area, your Personal Data may exceptionally also be transferred to a country in which the entity is established. In this case, the transfer will only take place (i) to the extent necessary, related to the provision of services by that entity to the Controller; (ii) using the requirements set out in Chapter V of the GDPR, including appropriate safeguards such as standard contractual clauses adopted by a decision of the European Commission. You may obtain a copy of the safeguards for Personal Data transferred outside the EEA by contacting the Controller.

6. Duration of processing
We will not use or store your Personal Data for longer than is necessary to achieve the above-mentioned purposes. After this period, Personal Data will be deleted unless further processing is required by law or necessary to establish, pursue, or defend against claims, in particular:
a) when we process Personal Data for the performance of a contract – your Personal Data will be processed for the duration of the contract and thereafter for a period not exceeding the period of any limitation period for claims;
b) when we process your Personal Data as our contractor or customer (including, in particular, identification and contact data), we may process this Personal Data after the completion of the contract/cooperation or where we have obtained this data independently of the contract (for example, if you contact our sales department) – your Personal Data will be processed for the period during which it is potentially possible to establish a business relationship, but no longer than for the duration of our business activities in the area of your interest;
c) when we process Personal Data for marketing purposes – your Personal Data will be processed for the duration of our interest (e.g. for the duration of correspondence) no longer than until you object to the processing of Personal Data for such purposes;
d) when we process Personal Data in order to comply with our legal obligations – your Personal Data will be processed for no longer than the duration of those legal obligations;
e) when we process Personal Data based on our legitimate interest – your Personal Data will be processed for the duration of our interest (e.g. for the duration of correspondence) for no longer than until you object to the processing of your Personal Data for such purposes. Where we process Personal Data for the purpose of establishing or pursuing claims or defending against claims, the Personal Data will be processed for the duration of the proceedings and optionally for the period of the statute of limitations for claims, in accordance with applicable law.

7. What are your rights?
Right to be informed and right of access
You have the right to access your Personal Data, as well as to obtain the copy of your Personal Data in accordance with the applicable provisions.

Right of rectification, erasure, and restriction
You have the right to:
a) rectify your Personal Data if it is incorrect or incomplete;
b) delete your Personal Data if there is no longer a basis for processing it;
c) restrict the processing of your Personal Data in certain situations, e.g., if the accuracy of the Personal Data is contested.

You may also request to restrict the processing of your Personal Data.

Right of Objection
You also have a right to object to the processing of your Personal Data when they are processed on the basis of our legitimate interest.

Right of Personal Data portability
You have the right to obtain your Personal Data processed by us in structured, common, and machine-readable form and/or to transfer it to other personal controller, when the processing is based on consent, or a contract and it is carried out by automated means.

Right to withdraw consent
To the extent that the processing is based on your prior consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Rights related to automated decision-making including profiling
The processing of your Personal Data does not include profiling, nor will you be subject to automated decisions.

Exercise of your rights
You can exercise your rights by contacting our privacy responsible at info.spp@smulders.com.

5. Complaints
If you have a question or complaint regarding the processing of your Personal Data, please contact us asap: info.spp @smulders.com
You also have the right to file a complaint with the Data Protection Authority:

Prezes Urzędu Ochrony Danych Osobowych (President of Personal Data Protection Office)
ul. Stawki 2, 00-193 Warszawa
tel. +48 22 531-03-00,
e-mail: kancelaria@uodo.gov.pl

6. Security measures
We have security measures in place to prevent and manage any eventual destruction, loss, modification, unauthorized access, or another type of Personal Data breach as well as any other unauthorized processing and management of Personal Data.

7. Varia
Smulders may change its corporate structure by changing its legal form by merger, acquisition, and sale. In such transactions, Personal Data may be transferred in accordance with this Privacy Statement and applicable data protection laws.

8. Cookies
For the proper functioning of this website, we use cookies. Cookies are small text files that are placed on your device and read by a browser. Some cookies are essential for the proper operation of the site, while others help the Controller analyze website traffic and tailor content to your preferences. For further information please see our cookie policy here: https://smuldersprojectspoland.pl/polityka-cookies/.

9. Social Media
Our website contains links to other sites such as Facebook, LinkedIn. Please note that Smulders has no influence over the privacy protection policies or practices on these sites. We encourage you to read the privacy statements of each website that collects Personal Data .

10. Applicable law
Any dispute or claim relating to the processing of Personal Data and Privacy Statement or any information contained herein shall be governed by Polish law.
This Privacy policy was last modified on 01 April 2025.