Privacy Notice

COUNTERPARTIES / REPRESENTATIVES OF COUNTERPARTIES / CONTACT PERSONS

Controller

TH-EY S&D LTD (a company registered in England and Wales, with registered number 11033177 having its registered office at 223 Leytonstone Road, London, England, E151LN) the “Controller”.

Data Protection Officer

Regarding the protection of your personal data, you can contact the Data Protection Officer designated by the Controller at the following e-mail address:w@th-ey.com.

Purposes and legal grounds for processing

Your personal data may be processed for the following purposes:

  1. Execution and performance of the contract entered into with your employer/entity on whose behalf or for whose benefit you are acting. The processing of the data remains necessary for the conclusion and proper execution of the contract Article 6 sec (1) (b) GDPR);
  2. Performance of legal obligations incumbent upon the Controller in connection with the conclusion and performance of the agreement, e.g. accounting and bookkeeping obligations arising from the provisions of the Accounting Act or tax obligations related to the settlement of income tax in accordance with the provisions of the Tax Ordinance, Personal Income Tax Act/legal regulations and other tax regulations. The legal basis for data processing is Article 6(1)(c) GDPR;
  3. Protection of the legitimate interests of the Controller consisting in the possibility of contact in connection with the concluded and executed agreement, pursuing claims or defending against claims, including by way of court proceedings conducted on the basis of the provisions of the Civil Code, the Penal Code or other relevant legal regulations (basis: Article 6(1)(f) GDPR). 

Your personal data processed for this purpose have been obtained directly from you or made available to us by your employer/entity referred to above. The data may include: full name, business e-mail address or telephone number and place of employment, position held/fulfilled.

Data recipients

The recipients of personal data may be authorised employees of the Controller, Joint Controllers and other persons acting under the authority of the Controller, courts and other public authorities authorised to receive your data on the basis of relevant legal provisions. The data may be made available to entities with which the Controller has concluded a Data Processing Agreement or otherwise legalised the processing of your data. The necessary data may also be transferred to entities providing services to the Controller, including courier and postal companies, legal and financial advisors and auditors, where such entities process the data in accordance with the Controller’s instructions.

Data storage period

Your personal data will be kept for the time necessary to achieve the purposes for which they are processed:

  1. In the case of data processed for the purposes set out in sec. 1 of the Purposes and legal grounds for processing section for the duration of the contract;
  2. In the case of data processed for the purpose specified in sec. 2. Purposes and legal grounds for processing section – for a period of 5 years from the end of the calendar year in which the event giving rise to the accounting, accounting or tax obligation occurred;
  3. In the case of data processed for the purposes set out in sec. 3, Purposes and legal grounds for processing section, for 3 years after the termination of cooperation, and in the case of a pending proceeding for the duration of such proceeding until its final conclusion or until the statute of limitations for claims arising from the concluded agreement.

Data processing rights

You have the following rights: a) access your data and receive a copy of it; b) rectify (correct) your personal data; c) restrictions on the processing of personal data; d) deletion of personal data; e) object to processing (in the case of processing based on Article 6 sec. 1 letter f) of the GDPR); f) file a complaint to the President of the Personal Data Protection Office, if it is found that the processing of personal data violates the provisions of the GDPR.

Requirement to provide data

Submission of data processed for the purposes indicated in sec 1 of the Purposes and legal grounds for processing section is a condition for the conclusion and performance of the contract. Providing data processed for the purposes specified in item 2 of the aforementioned section remains a statutory requirement and is mandatory. The consequence of failing to provide data in the required scope shall be the impossibility of concluding a contract and its settlement.

Data transfer to a third country

Your personal data will be transferred to a third country or an international organisation. The data will be transferred to the United Kingdom, which, in accordance with the decision of the European Commission, meets an adequate level of personal data protection.

Automated decision making

Your personal data will not be used for automated decision-making, including profiling, in relation to your person.