Purposes of and legal bases for personal data processing
Itella processes the personal data of Clients on four legal grounds (performance of a contract, legitimate interest and consent, legal obligation), which are described below.
- The personal data processing carried out for the performance of a contract is necessary for Itella to be able to fulfil its obligations under the contract or to carry out the necessary operations prior to the conclusion of the contract. This includes the following processing purposes:
- Pre-contractual relationships – preparation of the service offer and/or provision of pre-contractual information;
- Order management – processing of the personal data necessary for the provision of the service;
- Customer management – processing of the personal data necessary for customer communication (entry into contracts, queries/notices sent by e-mail, etc.);
- Processing of the personal data necessary for the provision of services;
- Ensuring the quality of services – monitoring and managing the quality of services in accordance with the contract entered into with the customer or their consent;
- Billing and payment – personal data processing is necessary for issuing invoices and receiving payments.
- On the basis of legitimate interest, Itella processes personal data primarily to improve the services provided and to develop customer communication and its business operations in order to offer the simplest, smoothest and highest quality service possible as well as the best customer service. Also for the development of new services (data analysis, market research, customer surveys, etc. are carried out), management of business risks, submission of recoveries and, in some cases, for the purposes of direct marketing.
Therefore, Itella has a legitimate interest to process personal data for the purposes set out below:
- Processing for statistical and analytical purposes – customer satisfaction and feedback questionnaires;
- Automated personal data processing, i.e. profiling and data modelling – Itella uses these in order to offer services that correspond to the Customer’s preferences, determine prices of the services, detect fraud and the threat of fraud or achieve marketing goals. In the event of automatic decision-making, the data used for making decisions are those that Itella has about the Customer. The Customer has the right to send Itella their opinion and contest automatic decisions by sending a respective notice to the e-mail address firstname.lastname@example.org;
- For the purposes of maintaining and developing customer relationships – customer relationship management (messages, communication, customer service), online chat and calls with Itella;
- For the purposes of development, quality assurance and improvement of services;
- For the purposes of fraud prevention and risk management;
- Personal data processing necessary for communication with partners;
- Personal data processing necessary for the resolution of disputes.
- Personal data processing for the purposes of direct marketing – based on the Customer’s separate consent, Itella may communicate, by way of direct marketing, marketing notices (newsletter, campaign offers, prize draws, satisfaction surveys, etc.) by telephone, e-mail, SMS and other e-channels. The customer has the right to withdraw their consent at any time as well as to refuse advertising and offers, sending a respective notice to the e-mail address email@example.com. Information about the opportunity to unsubscribe from advertising and offers is also set out next to the electronically communicated offer or advertising.
- Itella is obliged to process personal data for the following purposes in order to perform a duty or obligation arising from law:
- Documenting and saving transactions and payments on the basis of the Accounting Act;
- On the basis of the Money Laundering and Terrorist Financing Prevention Act and for ensuring that international sanctions are followed;
- Forwarding data to public authorities, courts and other law enforcement bodies and responding to queries in accordance with the law;
- Compliance with the audit obligation on the basis of the Commercial Code;
- Resolution of data protection claims and processing of breaching on the basis of the General Data Protection Regulation.