Privacy notice for the Business Clients of Compass Group Poland Sp. z o.o.

1. Data Controller

Compass Group Poland Sp. z o.o. with registered seat in Warsaw (00-102), at ul. Jana Olbrachta 94 (further referred to as Compass).

Compass is responsible for the processing of personal data for the purposes and pursuant to legal basis which are specified in this notice, including with relation to performance of contract and management of relations with a client/vendor, marketing and sales activities undertaken at Group level, purchase management, finance management and other administrative and business issues, as well as analysis and development of products and services.

2. Purpose and legal basis for the processing of personal data

The processing of personal data takes place on the following legal basis:

1. Performance of a contract concluded between Compass and its client, vendor or business partner (further: Business Clients) and fulfillment of requests of the data subject before the conclusion of contract, e.g. requests for information or offer, subscription of newsletters or purchase orders (Article 6 section 1 b) of the GDPR);
2. Management of relationships with Business Clients or with similar entities, maintained with relation to legitimate interest of the Controller (Article  6 section 1 f) of the GDPR);
3. Legitimate interest of the Controller, tied to directing product and services marketing activities to contact persons designated by Business Clients (Article  6 section 1 f) of the GDPR);
4. Fulfillment of legal obligations of the Controller in the light of regulations in force at the country of business (Article  6 section 1 c) of the GDPR).

The processing of personal data takes place for the following purposes:

1. Supply of products and provision of services;
2. Establishment, management and development of relations between Compass and Business Clients;
3. Development of products and services;
4. Communication with Business Clients, including collecting of feedback from Business Clients, e.g. through satisfaction surveys;
5. Detection, prevention and verification of frauds and other offences;
6. Analysis, segmentation and creation of statistics for the purposes explained above

3. Data subjects and categories of personal data

Compass processes data of persons being sole proprietors of businesses and of contact persons designated by its potential, current and former Business Clients. For the purposes described above, the following categories of personal data are processed:

• Basic information on the data subject, e.g.: first name and surname, title and profession, position at the Company, Company details, contact details regarding employment;
• Marketing data, e.g.: positions and actions in the Company and in public service; preferences and professional interests; other interests and information provided by the data subject; marketing activities undertaken; participation in events; marketing permits and consents (acceptance), limitations and bans (rejection);
• Data regarding contacts and communication, e.g.: requests for contact and feedback, e-mail messages, digital forms, chat discussions;
• Analytical data, e.g.: marketing segments and profiles, developed on the basis of data described above and obtained from standard sources through analysis and application of patterns, such as calculation of potential interests of the Company/the data subject or including the Company/the data subject within a specific group of companies/data subjects.

For the purposes of direct marketing, targeted at contact persons at potential or former Business Clients, only the basic and marketing data, described above, is processed.

4. Sources of information

Personal data is collected directly from the data subject when the data subject sends a request for contact or information, or completes a form, makes a purchase or submits an order, concludes a contract, participates in events or makes other, personal, telephone or digital contact with Compass. Personal data of persons designated for contact by potential, current and former Business Clients are obtained directly from Business Clients.   It is also possible to collect and update personal data with the use of websites of Business Clients, public and private registers, public institutions. Data from such sources is acquired according to the applicable provisions of the law on personal data protection.

5. Disclosure and transfer of data

Data will not be disclosed to other external entities, unless this is necessary due to legal obligations imposed upon Compass. Compass may commission activities in the area of ICT, marketing, communication and other to external suppliers or other subcontractors.  In such case Compass may disclose personal data to these subcontractors, in the scope necessary for the provision of services commissioned to them. These subcontractors will process personal data on behalf of Compass and must follow instructions provided by Compass. Compass shall apply appropriate contractual means to ensure that personal data is processed in a lawful manner.

Personal data shall not be transferred outside the European Union or the European Economic Area. If however it turns out necessary to transfer the data outside the EU or the EEA, Compass will make sure whether the country to which data is transferred is recognized by the European Union as ensuring proper privacy protection, or shall conclude with the entity to which data is to be transferred an agreement based on Standard Contractual Clauses issued by the European Commission.