Processing of personal data

The personal data controller (“Controller”) is HiProMine S.A. with the registered office at ul. Poznańska 12F, 62-023 Robakowo, Poland. Personal data are processed for the purpose of day-to-day business conducted by HiProMine S.A., mainly in connection with the conclusion and performance of contracts, including cooperation contracts/ contracts of mandate (Article 6(1)(b) of GDPR – processing is necessary for the conclusion and performance of a contract), and for compliance with legal obligations to which HiProMine S.A. is subject (Article 6(1)(c) of GDPR – e.g. obligation to issue VAT invoices), establishment, exercise or defence of legal claims (Article 6(1)(f) of GDPR – legitimate interest pursued by HiProMine S.A.). The personal data are not used for the purpose of automated decision-making, including profiling. HiProMine S.A. processes the following categories of personal data: first name and surname, official position, company name, business correspondence address, and business e-mail and phone number. Where the Controller requests personal data to be provided, the submission of personal data is not mandatory, but it is necessary for the establishment and conduct of business cooperation between the Controller and the contractor. The personal data are collected directly from the data subject. Where personal data do not come from the data subject, they are obtained from generally available Internet sources (e.g. CEIDG (Central Register and Information on Economic Activity), KRS (National Court Register), company website, etc.) Personal data are transferred to entities conducting auditing, consulting, financial, legal and tax advisory services to the Controller, entities cooperating with the company as part of ongoing investments, entities providing IT services (including servers and networks), entities involved in the implementation of EU projects, and state administration bodies – upon their request justified on the basis of applicable law. Personal data are transferred abroad in relation to the use of Google services which are provided with adequate data security through a certification mechanism (Privacy Shield framework). Personal data are stored for the duration of business cooperation between the Controller and the contractor, and also after its termination, where reasonable grounds exist that such cooperation will be resumed. In connection with the processing of personal data, a natural person being the data subject has the right to access the processed personal data, to have personal data concerning him or her rectified or incomplete personal data completed, to have the processed data erased, to restrict or object to personal data processing, to have the personal data transferred to another controller, and to lodge a complaint with the President of the Personal Data Protection Office. The Personal Data Controller is accessible by e-mail at