We care about the security of your personal data
Pursuant to art. 13(1) and art. 13(2) of the General Data Protection Regulation of 27 April 2016, please be informed that we process your personal data.
The controller of your personal data is Atman sp. z o.o. (formerly ATM S.A.) with its registered office in Warsaw at Grochowska 21A, 04-186 Warsaw, Poland, KRS No. 0000923206, VAT No. PL1130059989, REGON No. 012677986.
If you are our customer, we process your personal data for the purpose of:
- The delivery and maintenance of a service, on the basis of art. 6(1)(f) of the Regulation as a legitimate interest of the controller, including but not limited to the preparation and configuration of a service, handling your requests, removing failures, as well as providing technical support throughout the entire term of the contract, unless laws provide otherwise;
- The performance of the concluded contract or taking actions prior to concluding such a contract, signing the contract, on the basis of Article 6(1)(b) of the Regulation;
- The performance of financial and accounting services, handling claims, complaints, requests and notifications, on the basis of art. 6(1)(f) of the Regulation as a legitimate interest of the controller, for a period that will allow us to review claims, if any;
- The compliance with legal obligations, on the basis of art. 6(1)(c) of the Regulation, in particular also under the Act on Telecommunications of 16 July 2004;
- The maintenance and ongoing service of the website, on the basis of art. 6(1)(f) of the Regulation as a legitimate interest of the controller;
- Informing (including direct marketing) pursuant to Article 6(1)(f) of the Regulation, as the legitimate interest of the controller, to provide the necessary information on related products/features that may support your organization’s operations and/or the service you purchased from us, until the moment you withdraw your willingness to receive it;
- Trading and marketing, on the basis of art. 6(1)(a) of the Regulation, including but not limited to the distribution of the newsletter, handling communication by use of online forms, handling incoming helpline calls, implementation of training webinars and other industry events, by obtaining your consent and until your consent is withdrawn;
- Recording of telephone conversations that you conduct with the Customer Service Department pursuant to Article 6(1)(f) of the Regulation, as a legitimate interest of the controller, consisting of enabling telephone contact and unequivocal assessment of the conversation in disputable situations. The recording is kept for 12 months after the telephone call.
If you are a potential business partner/customer, we process your personal data for:
- Purposes related to initiating and maintaining business contacts. In this case the legal basis for the data processing is the legally justified interest of the controller [Article 6(1)(f) of the GDPR], consisting in the creation of a contact network in connection with the conducted activity;
- Commercial purposes pursuant to Article 6(1)(a) of the Regulation, including in particular the distribution of newsletters, handling communication via online forms, operating an inbound call center, organizing and conducting webinars, trainings and other industry events, by obtaining your consent and until you revoke it.
If you visit Atman Data Center, we process your personal data for the purpose of:
- Physical protection and maintenance of the facility – on the basis of art. 6(1)(f) of the Regulation as a legitimate interest of the controller, including but not limited to CCTV monitoring, access management and personal flow control in the data center facilities.
If you are our supplier, contractor or business partner, we process your personal data for the purpose of:
- The performance of a contract, on the basis of art. 6(1)(f) of the Regulation, for a period that will allow us to review claims, if any;
- The assessment of a supplier, development of a supply channel or development of a sales process, on the basis of art. 6(1)(f) of the Regulation as a legitimate interest of the controller, for a period that will allow us to review claims, if any.
Your personal data may be transferred to:
- The Controller’s employees/co-workers authorized to process them at the Controller’s instruction
- Other data recipients, including:
- IT and telecommunication service providers with whom we work
- Marketing companies and law firms
- Authorized entities on a documented request, e.g. public order services,
with all guarantees ensuring the security of the data transferred.
You have the following rights in respect of our processing of your personal data:
- The right to access your data and receive copies thereof
- The right to data rectification
- The right to erasure of data, restriction of data processing
- The right to object to data processing
- The right of data portability
- The right to withdraw your consent to data processing, without affecting the legitimacy of the processing carried out before such withdrawal, which means that the withdrawal of consent is not retroactive
- The right to lodge a complaint to a supervisory body – the President of the Personal Data Protection Office
You will be provided with all information regarding the processing of your personal data, including the exercise of the rights arising from the processing of your data by sending an e-mail to the following address: email@example.com. Data Protection Officer is Monika Jagodzińska.
On our websites, we use solutions that monitor user behavior that allow profiling, but do not carry out automated decision-making that produces legal effects. These mechanisms are used by the Controller to manage and improve websites.
Do we transfer your data outside the EEA?
We do not transfer your personal data outside of the European Economic Area except for the use of an ICT systems provider used to support sales and execution processes. Contact details of customers or potential customers, which are necessary for cooperation, need to be registered in these systems.
In the case referred to above, personal data is transferred to the USA. The transfer of data outside the European Economic Area is based on standard contractual clauses (Article 46(2) of GDPR).
Do we have access to your data?
If you use our services such as Cloud or Dedicated Servers, we can access data in ICT systems operating in the cloud or dedicated servers of Atman, especially when performing administrative tasks in the operating system, tasks ensuring security of the solution or when destroying the contents of the hard disk. If you process personal data as part of the service, it means that – within the meaning of the Regulation – we become their processor and it is necessary to conclude a data processing agreement.
How to conclude a data processing agreement with Atman sp. z o.o.?
- Ask the person whom you contact at Atman for a model data processing agreement, or send such request at firstname.lastname@example.org. Then fill in the received document.
- Sign the filled in agreement in two copies.
- E-mail the filled in and unilaterally signed agreements at email@example.com, or send them by post at the address of the Data Protection Officer at Atman sp. z o.o. (formerly ATM S.A.), Grochowska 21A, 04-186 Warsaw, Poland.
- When we have received your copies, we will process them and send them back at the address indicated in the agreement.