1. Contact details
In all matters regarding your personal data you can contact us:
- by mail: ul. Kapelanka 26, 30-347 Kraków, Poland;
- by phone: +48 12 259 35 20;
- by e-mail: email@example.com;
- by contact form: https://www.andea.com/contact/.
If you are a California resident in all matters regarding Manufacturo and your personal data, you can contact Us:
- by mail: Manufacturo Inc., 3 Pointe Dr, Suite 317, Brea, CA 92821, USA;
- by phone: +1 562 247 9679;
- by e-mail: firstname.lastname@example.org;
- by contact form: https://www.manufacturo.com/contact/.
if you are a California resident in all matters regarding your personal data, you can contact Us:
- by mail: Andea Corp. 3 Pointe Dr, Suite 317, Brea, CA 92821
- by phone: +1 562 247 9679;
- by e-mail: email@example.com;
- by contact form: https://www.andea.com/contact/
2. What personal data we process, why, the legal basis we rely on to process your personal data
Presented below are details about processing of your personal data by us in situations where you are:
1) Visitor to our websites and other digital channels;
3) Supplier/customer or member of staff of our supplier/customer;
4) Participant of our webinars, trainings and other events;
5) User of our platform Manufacturo.
Visitor to our websites and other digital channels
1. The Controller of your data is Andea Solutions sp. z o.o. and Andea sp. z o.o.
2. We process your personal data in situations where:
- you visit our website https://www.andea.com or https://manufacturo.com/ or https://andea-aps.com/ and its sub-domains (“Website”);
- you contact us, including by contact forms available at the Website, personally, by traditional mail or using e-mail.
3. The categories of personal data:
- When you use the Website, we save data such as your IP address, type and version of your device and web browser, your decisions with respect to cookies, and the way in which you use the Website. In most cases, we will not be able to identify you as a user and this data will be anonymous to us. However, if we are able to associate this data with you, which may occur when we are in possession of additional data from another source (e.g. if we save such data when you contact us via the contact form available on the Website), this data may become your personal data for us.
- If you decide to contact us via the contact form available on the Website, the e-mail addresses or telephone numbers provided, traditionally, by regular mail, or personally, as well as in the cases where we have the right to contact you, we will process the personal data you provide us with, the personal data that is necessary to reply to your message (including identification and contact data, as well as the IP address if you use the contact form available on the Website), and the personal data we have received in connection with the relationship between us or collected from generally available sources.
3. We will process your personal data that we obtain in situations for the following purposes:
- to respond to inquiries sent to us via contact forms, or to messages sent to our contact details – based on our legitimate interest as a personal data controller;
- to analyze the use of the Website, as well as to improve its functioning and security, adjusting the way, the Website is displayed and personalizing it, saving data from forms to preserve the session and facilitate the use of the Website– based on our legitimate interest as a personal data controller;
- for direct marketing of products or services – based on our legitimate interest or on your consent;
- to pursue and defend against claims, before courts and administrative authorities and outside them – based on our legitimate interest as a personal data controller,
- for archiving and backup purposes – based on our legitimate interest which is to fulfill the obligations to keep personal data safe by maintaining appropriate safeguards.
1. The controller of your data is the appropriate company from the Andea Group to which recruitment is conducted (advertiser) and Andea sp. z o.o.
2. We will process your personal data for recruitment processes – we process only personal data that will be provided to Us by you or will be made available to Us or collected by Us in order to conduct the recruitment process and:
- are necessary to fulfill our legal obligation arising from the applicable employment law, i.e., data regarding: name, surname, e-mail address, date of birth, education, professional qualifications, and previous employment or
- for which you have given Us your consent (through your statement or explicit confirmation action, such as providing us with your CV or cover letter containing such data), i.e., data contained in the recruitment documents and references received from you, messages, conversations with you (other than those indicated in the applicable employment law) or
- are necessary for the conclusion and subsequent performance of the contract with you, i.e., in particular the data to be entered in the contract concluded in case of successful recruitment process or
- are necessary for the purposes of legitimate interests pursued by Us, such as:
- choosing the right candidate who guarantees proper performance of the duties entrusted, i.e., data collected by us in the course of recruitment activities, e.g. in notes made during conversations with you,
- bringing and defending against claims, before courts and administrative authorities and other entities (in respect of all collected data),
- archiving and backing up your data, in connection with the obligation imposed on Us as a data controller to properly secure data (in respect of all collected data).
Supplier/customer or member of staff/representative of our supplier/customer
- The controller of your data is the appropriate company from the Andea Group which have any relationship with your company or the company which is your employee/principal.
- The categories of personal data: Basic information, such as your name, the company you work for, your position, contact details.
- We will process your personal data that we obtain for the following purposes:
- for the performance and settlement of the contract concluded with you/your employer/principal – in order to perform a contract to which you/your employer/principal is a party;
- for archiving to the extent necessary to comply with legal obligations, in particular tax regulations, accounting regulations – based on our legitimate interest as a data controller;
- for possible establishment and investigation of claims or defense against claims – based on our legitimate interest as a data controller;
- for maintaining good business relations with you/your employer/contractor – based on our legitimate interest as a data controller;
- for direct marketing of products or services – based on our legitimate interest as a data controller.
Participants of our webinars, trainings and other events
- The controller of your data is Andea Solutions sp. z o.o. or other the appropriate company from the Andea Group which organizes webinar, training or other event.
- The categories of personal data: We will process personal data that you provide to Us in order to ensure you participation in the aforementioned events, such as name, surname and e-mail address. If you provide to us more information, such as telephone number, name of company, position, source of information about events organized by us, information on the production planning tools used, we will process them on the basis of your consent for marketing purposes, only if you give Us your consent.
- We will process your personal data that we obtain for the following purpose:
- for organisation of webinars, trainings and other events – based on a necessity of the data processing for the conclusion and performance of the contract for the provision of the webinar or training service.
- for archiving to the extent necessary to comply with legal obligations, in particular tax regulations, accounting regulations – based on our legitimate interest as a personal data controller;
- for direct marketing of products or services – based on our legitimate interest if we have an existing business relationship with you or on your consent.
User of Manufacturo SaaS platform
1. The controller of your data:
If you are a user of the Manufacturo SaaS platform our role may be different depending on the purpose of processing of your data:
- We may be processing your personal data on behalf of the company that is using the Manufacturo SaaS platform for its own purposes (the “Company”). Such Company will be granting you access to the Platform and will be primarily responsible for processing your personal data kept in the Platform. In this case (when our goal is to perform Our duties vis a vis that Company) we are acting as a data processor and our main responsibility is to keep your data secure and process it in accordance with the agreement entered into with the Companyr. This means e.g. that if you wish to execute your rights, you have to contact that company and if we receive your inquiries We will forward them to that company.
- We may also act as a sole data controller in some cases, e.g. where your data is necessary to pursue our legitimate interests. In such cases We, as the data controller, are primarily responsible for fulfilling the obligations resulting from the provisions of data protection laws.
2.We will process your personal data that we obtain for the following purposes:
- to provide and maintain the Manufacturo SaaS platform,
- to notify you about changes to our Manufacturo SaaS platform.
3. How long we will process your personal data
We will process your personal data:
- to contact you – from the day they were collected and as long as we are holding the conversation in the matter in which you made contact;
- for the purpose of improving the functioning and security of the Website – for the time for which these data are necessary to achieve this purpose, but no longer than until you express an effective objection to their processing;
- for the purposes of pursuing and defending against claims – for a period not exceeding the limitation period for claims;
- for archiving and backup purposes – for the period determined in accordance with the backup and archiving policy at Andea;
- for purposes related to your use of the Platform (when We act as a data controller) – for the duration of our legitimate interest;
- for the purposes of recruitment for a specific advertisement – until the verification of your application is completed and you are informed of the results of the recruitment process, but no longer than until the end of the next calendar quarter counted from the date you are informed of the results of the recruitment – in case you do not give your consent for the Controller to further process your data for future recruitment or for a period of 12 months from the end of the calendar year in which you gave your consent or until you withdraw your consent to their processing – if you give your consent to further data processing by the Controller for the purposes of future recruitment processes;
- for marketing purposes – (i) in case of marketing based on our legitimate interest – for the duration of our legitimate interest, i.e., the duration of the relationship that connects us or until you object, (ii) in cases that marketing is based on your consent – until consent is withdrawn;
- for the performance and settlement of the contract concluded with you/your employer/principal – for the period of performance of the contract, including the implementation of projects for you/your employer/principal, and the legal basis is the realization of the legitimate interest of the Data Controller in the form of ensuring the proper performance of contractual obligations;
- for maintaining good business relations with you/your employer/principal – for the duration of our business relationship.
Your personal data may only be disclosed:
- to third parties providing services to Us that are needed to achieve the purposes in relation to which we process your data (e.g., IT services, recruitment, electronic communication, hosting, marketing);
- to entities from the Andea Group, in particular when they provide each other with services, or as part of the internal administrative purposes of the Andea Group (e.g., when this results from the organization of tasks within the Group);
- to recipients to whom the disclosure is required by applicable law or order of a court or other authority;
- to other recipients, if you give us your consent to disclose data to them or if the transfer of data to them is necessary to protect your vital interests or vital interests of other individuals or for the common good.
5. Transfer of data to third countries
Your personal data may be transferred to entities outside the European Economic Area (EEA), including the USA, with whom we cooperate, such as the providers of services listed below. Whenever your personal data is transferred outside the European Economic Area (EEA) or to countries that do not provide the same or an adequate level of protection for personal data, we will ensure that this is done on the basis of a valid legal basis and using the safeguards required by law.
6. When you are a California resident
While you are using our website we may collect and further process information that may be treated as personal information under the provisions of the California Consumer Privacy Act of 2018 (hereinafter: CCPA) as amended by the California Privacy Rights Act of 2020 (hereinafter: CPRA). This part relates to you, if you are a California resident.
As Sensitive Personal Information has been classified “geolocation,” in order to comply with the CPRA, we encourage you to read the Cookies Policy to learn how to disable so-called tracking cookies.
We shared device identifiers and internet and electronic network activity to facilitate online advertising. This means that a unique, resettable number that identifies your device was linked to online activity and shared with others who use that data for advertising and analytics purposes (like advertising networks, data analytics providers, and social media platforms). Details of this issue are described in Cookies Policy.
We remind you that you can use the right to opt-out and the right to limit use of sensitive personal information (“Do Not Sell Or Share My Personal Information” and “Limit The Use Of My Sensitive Personal Information”). To exercise Your rights, please contact Us.
California supervisory authority is California Privacy Protection Agency (CPPA). The California Privacy Protection Agency (CPPA) has full enforcement authority over the CCPA/CPRA regime, as well as authority to investigate potential breaches and violations, and to draft enforcement regulations. The description of your rights you can find in the next section.
7. Data subject rights
You have the following rights:
- The right to obtain information, access to data and to receive a copy of the data. You have the right at any time to request information about your personal data that we store or to which we have access.
- The right to withdraw consent. Each time your data is processed based on your consent given, you have the right to withdraw this consent at any time, whereas withdrawal of consent will not affect the lawfulness of data processing that happened before you withdraw your consent.
- The right to rectify personal data. We take reasonable steps to ensure that your personal data is correct, complete and up to date. If it is necessary to change these data, please let us know.
- The right to data portability. You have the right to request the transfer of your personal data in a structured, commonly used machine-readable format, as well as to request the transfer of data to another data controller, when your consent is the legal basis for the processing of your personal data.
- The right to delete data and to limit processing. In the cases indicated in the provisions of law on the protection of personal data, you have the right to request the deletion of your personal data. However, this right is not absolute – there may be occasions when we are still entitled to process your personal data. You can also request a restriction on the further processing of your data. When you are a California resident: California residents can request deletion of personal data and we have to notify third parties to delete this as well.
- The right to object to processing. In the cases indicated in the provisions of law, you have the right to object to the further processing of your data when the legal basis for the processing of personal data is our legitimate interest.
- The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with the supervisory body dealing with the protection of personal data.
When you are a California resident also:
- The right to opt-out of automated decision making. California residents can say no to their personal data being used to make automated inferences, e.g., in profiling for targeted, behavioral advertisement online.
- The right to know about automated decision making. California residents can request access to and knowledge about how automated decision technologies work and what their probable outcomes are.
- The right to opt-out of the “sale” or “sharing” of your personal information to or with third parties. California residents can opt out of businesses sharing and selling their personal data specifically for behavioral advertisement, and not only of the sale of personal data.
- The rights of minors. For California residents the opt-in requirement for businesses when dealing with minors is extended to include the sharing of personal data for behavioral advertising.
- The right to limit use of sensitive personal information. California residents can make businesses restrict their use of this separate category of personal information, particularly around third-party sharing.
For each of the rights mentioned above, you can contact Us in particular using the contact details.
8. Support providers
In particular, we are using services of the following third parties:
We also use reCAPTCHA, which is a service from Google that helps protect Websites from spam and abuse. A “CAPTCHA” is a Turing test to tell human and bots apart. By adding reCAPTCHA to our Website, we can block automated software. In order for reCAPTCHA API to work, it collects hardware and software information (which in some cases may be personal data), such as device and app data, and sends it to Google for analysis.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy and https://policies.google.com/terms.
We use Senuto’s Visibility Analysis – a product offered by Senuto (Senuto sp. z o.o., ul. Czerniowiecka 6b, 02-705 Warsaw, KRS Number 0000464809), that analyzes how our Website is adjusted to the standards of search engines. For more information on the privacy practices of Senuto, please visit the Senuto web page: https://www.senuto.com/en/privacy-policy/.
We use Semstorm’s All-in-one search engine marketing platform – a product offered by Semstorm (SEMSTORM International sp. z o.o., ul. Puławska 405 lok. 29, 02-801 Warsaw, KRS Number 0000587602), that analyzes how our Website is adjusted to the standards of search engines. For more information on the privacy practices of Semstorm, please visit the Semstorm web page: https://app.semstorm.com/privacy-policy.
4. Meta (formerly Facebook)
More information about Facebook pixel can be found here: https://www.facebook.com/business/help/742478679120153?id=1205376682832142. Information about how Facebook processes your personal data can be found here: https://www.facebook.com/privacy/explanation.
We use Elevato for recruitment purposes – a recruitment system, supporting the work of HR departments and recruitment agencies offered by Elevato S.A. (Elevato S.A., ul. Batorego 3/6, 43-300 Bielsko-Biała, KRS Number 0000883924). For more information on the privacy practices of Elevato, please visit the Elevato web page: https://www.elevatosoftware.com/pl/polityka-prywatnosci/ and https://www.elevatosoftware.com/pl/bezpieczenstwo-i-rodo/.
The Website also includes links to third-party websites. When you visit these pages, different rules apply than those described here in the field of personal data processing, as well as someone else is the data controller of data processed there. We recommend that you read the rules applicable to the processing of personal data published by the administrators of these websites.
We don’t use any social media plugins. In case there is a link to Our social media on Our website, please note that the providers of the respective social media sites have their own data protection procedures, for which We are not responsible. In this case, it is recommended that you read the privacy policies and other documents regarding the processing of personal data posted on the pages of the relevant social media sites. Andea, bearing in mind the need to ensure adequate security of personal data, makes every effort to use only social networks that provide adequate protection of personal data.