Privacy Policy at Scanway S.A.

PRIVACY POLICY AT SCANWAY S.A.

Table of Contents:

• Information on the processing of personal data

• Data protection rules for the provision of electronic services

• Cookies policy

1.Information on the processing of personal data

1. The Controller is Scanway S.A. with its registered office in Wrocław, at ul. Strzegomska 140a, 54-429 Wrocław, registered in the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register under the KRS number 0000997696, REGON 363535091, NIP 8842761100, the amount of share capital: PLN 139,500.00, paid up in full. E-mail address: industry@scanway.pl, phone: (+48) 71 733 62 64.

2. Contact with the data protection officer – Wiesław Lechowicz, e-mail address: iod@scanway.pl or by mail to the Controller’s address with a note: Data Protection Officer.

3. The purpose of personal data processing and the legal basis for processing is:

1. 1. performance of a contract to which the data subject is a party, or taking action at the request of the data subject prior to entering into a contract, on the basis of Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as “GDPR”;
   2. fulfillment of a legal obligation incumbent on the controller, based on Article 6(1)(c) of the GDPR;
   3. using electronic invoices and sending them to the e-mail address provided, in accordance with the submitted statement, based on Article 6(1)(a) of the GDPR;
   4. sending commercial information to the provided electronic address, in particular e-mail and/or the provided phone number (voice communication, SMS, MMS), in accordance with the submitted statement, on the basis of Article 6(1)(a) of the GDPR;
   5. consent to the processing of data for a specific purpose, based on Article 6(1)(a) of the GDPR, and resulting from the law;
   6. use of cookies for storing and accessing information for the purpose of applying advertising, market research and the behavior and preferences of service recipients (people using services provided electronically) with the purpose of using the results of this research to improve the quality of services provided by the Controller, based on Article 6(1)(a) of the GDPR

4. The processing of personal data is carried out out of legitimate interests pursued by the controller, based on Article 6(1)(f) of the GDPR, for the purposes of: sending or exchanging correspondence; invitation to contact; performance of the contract with the designated customer representatives; verification of payment reliability; blocking the use of services due to financial arrears; direct marketing of products or services, carried out in the traditional form; ensuring network and information security; ensuring the functioning of the scanway.pl website and collecting scanway.pl server logs; creation of compilations of analysis and statistics (for the controller’s internal needs); archival (evidential) which is the realization of our legitimate interest of securing information in case of a legal need to prove facts and establish, assert or defend claims.

5. Categories of personal data obtained otherwise than from the data subject: name(s) and surname, registered address, address of residence or address for service, PESEL number or other number confirming identity, series and number of document confirming identity, name of position, name, company of the entrepreneur, registered office and address, NIP, KRS, REGON, phone number, e-mail address.

6. Personal data may be transferred to entities that provide services to the Controller, such as a law firm, IT service providers, a hosting company, postal and courier operators for shipment processing, banks for payment processing. Personal data may be transferred to authorities authorized by law.

7. Please be informed that we use service providers from outside the European Economic Area (EU and Norway, Liechtenstein and Iceland) to support the operation of websites, applications and services (e.g. Microsoft, Google). Your personal data may be transferred outside the European Economic Area to a third country or international organization:

1. as to which the European Commission has adopted a decision finding an adequate level of protection, as referred to in Article 45(3) of the GDPR; or
2. by means of standard contractual clauses for the transfer of data outside the European Economic Area, providing adequate safeguards within the meaning of Article 46 of the GDPR;
3. with the consent of the data subject for a one-time or multiple transfers of personal data to a third country, as referred to in Article 49 of the GDPR

8. The storage period for personal data is, respectively, for the purpose of:

1. fulfilling a legal obligation incumbent on the controller – for the period prescribed by law;
2. performance of the contract – for the duration of the contract and 5 years from the beginning of the year following the fiscal year in which operations, transactions and proceedings are finally completed, paid off, settled or barred;
3. exercising rights under guarantee, warranty – 1 year after the expiration of the warranty or settlement of the complaint. The storage period shall be calculated from the beginning of the year following the fiscal year to which the collection relates;
4. using electronic invoices and sending them to the provided e-mail address – for the period of consent to process personal data for the specified purpose;
5. sending commercial information to the provided electronic address, in particular e-mail and/or the provided phone number (voice communication, SMS, MMS) – for the period of consent to process personal data for the specified purpose;
6. collection of scanway.pl server logs – for a period of up to 12 months;
7. use of cookies to store and access information for the purpose of applying advertising, market research and the behavior and preferences of service recipients – for the period of consent to process personal data for a specific purpose or for the period specified by the manufacturer of cookies.
8. sending or exchanging correspondence – in the absence of a specific, clear and legitimate purpose of data processing by the controller, the correspondence shall be deleted after 3 years. However, the end of the processing period is the last day of the calendar year;
9. establishing, asserting or defending claims, unless a special provision states otherwise, the limitation period is six years, and for claims pertaining to periodical performances and claims resulting from an economic activity – three years. However, the end of the limitation period is the last day of the calendar year, unless the limitation period is less than two years.

9. You have the right to access, rectify, erase or restrict processing of your personal data, or the right to object to processing, as well as the right to data portability.

10. If the processing is based on consent, the data subject has the right to withdraw consent at any time, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.

11. You have the right to lodge a complaint with the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

12. Provision of data is voluntary, but necessary for the above purposes.

13. Sources of personal data, when applicable, are customers who have designated persons to represent them and/or to execute concluded contracts and/or publicly available websites, registries, industry directories of companies.

14. Your data shall not be subject to automated decision-making in individual cases, including profiling as referred to in Article 22(1) and (4) of the GDPR.

15. You have the right to object to the processing of personal data based on Article 6(1)(f) of the GDPR, including profiling on the basis of these provisions for reasons related to the specific situation of the data subject.

16. You have the right to object to the processing of your personal data, for direct marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.

17. Data protection rules for the provision of electronic services are available in Chapter II.

18. The cookie policy is available in Chapter III.

2. Data protection rules for the provision of electronic services

1. Legal basis:

1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as the “GDPR”.
2. Act of May 10, 2018 on the protection of personal data;
3. Act of July 18, 2002 on the provision of electronic services.

2. The terms used in this document shall mean the following:

1. electronic address – a designation of the communication and information system that allows communication by means of electronic communication, in particular e-mail;
2. commercial information – any information intended directly or indirectly to promote the goods, services or image of an entrepreneur or professional person whose right to practice a profession is subject to compliance with the requirements set forth in separate laws, excluding information that enables communication by means of electronic communication with a specific person and information about goods and services that does not serve to achieve the commercial effect desired by the entity that orders its dissemination, in particular without compensation or other benefits from producers, sellers and service providers;
3. communication and information system – a set of cooperating IT devices and software, ensuring processing and storage, as well as sending and receiving data via telecommunication networks by means of a telecommunication terminal device appropriate for a given type of network, within the meaning of the Act of July 16, 2004 – Telecommunications Law;
4. service provision by electronic means – the performance of a service provided without the simultaneous presence of the parties (at a distance), through the transfer of data at the individual request of the service recipient, sent and received by means of electronic processing devices, including digital compression and data storage, which is entirely transmitted, received or transferred via a telecommunications network within the meaning of the Act of July 16, 2004 – Telecommunications Law;
5. electronic means of communication – technical solutions, including ICT devices and software tools cooperating with them, enabling individual distance communication using data transmission between ICT systems, and in particular electronic mail;
6. service provider – a natural person, a legal person or an organizational unit without legal personality, who, conducting, even if only incidentally, a profit-making or professional activity, provides services electronically;
7. service recipient – a natural person, legal person or organizational unit without legal personality, who uses a service provided electronically;
8. registered office – the registered office of an entrepreneur or the registered office of a branch of a foreign entrepreneur performing business activity in the territory of the Republic of Poland;
9. personal data – means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
10. processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
11. restriction of processing – means the marking of stored personal data with the aim of limiting their processing in the future;
12. filing system – means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
13. controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
14. processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
15. recipient – means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
16. consent – of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
17. account – an account created for the service recipient on the website as a result of the registration process.
18. Website – scanway.pl website.

3. The Controller is Scanway S.A. with its registered office in Wrocław, at ul. Strzegomska 140a, 54-429 Wrocław, registered in the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register under the KRS number 0000997696, REGON 363535091, NIP 8842761100, the amount of share capital: PLN 129,000.00, paid up in full. E-mail address: industry@scanway.pl, phone: (+48) 71 733 62 64.

4. Contact with the Data Protection Officer – Wiesław Lechowicz, e-mail address: iod@scanway.pl or by mail to the Controller’s address with a note: Data Protection Officer.

5. Information on the processing of personal data is available in Chapter I.

6. The cookie policy is available in Chapter III.

7. Scanway S.A. processes the following personal data of the service recipient necessary to establish, shape the content, change or terminate the legal relationship between them:

1. names and surname of the service recipient;
2. PESEL registration number or, if this number has not been assigned, the number of the passport, identity card or other document confirming identity;
3. address of permanent residence;
4. correspondence address, if other than the address referred to in point 3;
5. signature-verification data of the service recipient;
6. electronic addresses of the service recipient.

8.In order to execute contracts or perform other legal action with the service recipient, Scanway S.A. processes other data necessary due to the nature of the service provided or the manner of its settlement:

1. the name or business name of the service recipient’s workplace;
2. the registered office and address of the service recipient’s workplace;
3. Tax Identification Number NIP of the service recipient’s workplace;
4. the service recipient’s phone number;

9. Scanway S.A. has distinguished and marked (by placing a “*” sign next to the form field with the description “* – required fields”) those of the data referred to in section 7 as data whose submission is necessary for the provision of the service electronically.

10. Scanway S.A. processes, with the consent of the service recipient and for the purpose of advertising, market research and research into the behavior and preferences of service recipients with the purpose of using the results of such research to improve the quality of the service provided by the service provider, other data concerning the service recipient that are not necessary for the provision of the service electronically.

11. Scanway S.A. processes the following data characterizing how the service recipient uses the service provided electronically (usage data):

1. designations identifying the service recipient assigned on the basis of the data referred to in section 6;
2. designations identifying the termination of the telecommunications network or communication and information system used by the service recipient;
3. information about the beginning, end and scope of each use of the service provided electronically;
4. information about the use of services provided electronically by the service recipient.

12. Scanway S.A. makes the data referred to in sections 6–10 available free of charge to state authorities authorized under separate regulations for the purposes of their proceedings.

13. The billing of the service provided electronically presented to the service recipient shall not disclose the type, duration, frequency and other technical parameters of the individual services used by the service recipient, unless the latter has requested detailed information in this regard.

3. Cookies policy

1. The Controller is Scanway S.A. with its registered office in Wrocław, at ul. Strzegomska 140a, 54-429 Wrocław, registered in the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register under the KRS number 0000997696, REGON 363535091, NIP 8842761100, the amount of share capital: PLN 129,000.00, paid up in full. E-mail address: industry@scanway.pl, phone: (+48) 71 733 62 64.

2. Contact with the Data Protection Officer – Wiesław Lechowicz, e-mail address: iod@scanway.pl or by mail to the Controller’s address with a note: Data Protection Officer.

3. Information on the processing of personal data is available in Chapter I.

4. Data protection rules for the provision of electronic services are available in Chapter II.

5. A cookie is a small text file saved by the browsing website on the user’s computer or mobile device. Cookies may contain the name of the website from which they originate, a specific period of time they are stored on the user’s computer or mobile device, and a unique identifier.

6. The www.scanway.pl website uses cookies to store and access this information for:

1. functional,
2. statistical,
3. advertising purposes.

7. The user consents to storing and accessing this information contained in cookies via settings on www.scanway.pl.

8. The user can additionally determine the conditions for storing or accessing this information contained in cookies through the settings of the web browser.

9. Storing or accessing this information does not cause configuration changes to the user’s computer or mobile device and the software installed on that device.

10. Web browsers allow cookies to be stored on a user’s computer or mobile device by default.

11. The user of the site can also set the level, whether, how many and what kind of cookies they want in their web browser at any time. Lack of such settings will be a conscious act of will and acceptance of cookies set on www.scanway.pl.

12. You can change the conditions for storing or reading cookies by changing the settings in your web browser:

• Microsoft EDGE – https://support.microsoft.com/pl-pl/topic/wy%C5%9Bwietlanie-plik%C3%B3w-cookie-w- przegl%C4%85darce-microsoft-edge-a7d95376-f2cd-8e4a-25dc-1de753474879 , information about the location of EDGE browser settings (Path to cookies and site permissions with description): Settings > Cookies and site permissions > Stored data and cookies (stored Data and cookies); available settings: Allow sites to write and read data in cookies (recommended); Block third-party cookies; See all cookies and site data; Block; Allow; Clear on closing; Cookies and site data temporarily allowed.
• Mozilla Firefox, link: https://support.mozilla.org/pl/kb/ciasteczka
• Chrome, link: https://support.google.com/chrome/answer/95647?hl=pl
• Opera, link: https://help.opera.com/pl/latest/web-preferences/
• Safari, link: https://support.apple.com/pl-pl/HT201265

The Privacy Policy takes effect on July 11, 2025 and replaces the previous Privacy Policy.