Legal information

Privacy Policy
Information clauses
Terms of use of axpo.com website

Personal Data Protection | Privacy Policy

In accordance with Article 13 and Article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR"), we hereby inform that:

The Controller of personal data is Axpo Polska sp. z o.o. with its registered office in Warsaw, address: Rondo Daszyńskiego 2B, 00-843 Warsaw, entered into the register of entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under the KRS number: 0000020839, Tax Identyfication Number (NIP): 5262483798, REGON: 016380846, share capital 241 250 000.00 PLN ("Controller").

The Controller processes personal data of the following subjects: persons using the Controller's websites, contractors and representatives of the Administrator's contractors, users of an account ("eBOK Users") on the Service, representatives of contractors ("eBOK"), persons contacting the Controller and job applicants.

The Controller processes personal data of the following subjects: persons using the Controller's websites, the Controller's contractors and representatives of contractors, account users (“eBOK Users”), on the eBOK service (“eBOK”) persons contacting the Controller and job applicants.

Personal data processed by the Controller include:

1) personal data of the Controller's contractors: name, surname, address, e-mail address, telephone number, PESEL number, company, NIP, contract number;

2) personal data of eBOK Users: name and surname, address, e-mail address, mobile phone number, PESEL or NIP, number of the electricity sales contract, data included in electronic invoices, data on the debt balance and payment terms;

3) personal data of contractors' representatives: name, surname, position or function, business telephone number and business e-mail addresses;

4) personal data of persons using the wybieram axpo website (“Wybieram Axpo”) to whom the Controller directs individual offers: NIP, e-mail address, telephone number, other personal data included in the invoice from another seller;

5) personal data of persons contacting the Controller via the contact form or by e-mail: name and surname, e-mail address, computer IP and other personal data included in the inquiry;

6) personal data of website visitors: computer IP number;

7) personal data of job applicants: name and surname, address, telephone number, e-mail address and other personal data included in the job application;

8) personal data of persons contacting the Controller by phone: name and surname, customer name, NIP, telephone no., address, e-mail address;

9) personal data collected on phone call recordings: name and surname, customer name, NIP, telephone no., address, e-mail address.

Personal data will be processed for the following purposes:

1) to conclude and perform a contract for the sale of energy;

2) to conclude and perform a contract for the provision of electronic services;

3) to submit individual offers to interested persons;

4) to issue and store accounting documents;

5) to provide marketing services;

6) to carry out promotional programmes organised by the Controller;

7) to carry out the recruitment process;

8) to contact with people directing inquiries or messages to the Controller via the contact form, by e-mail or phone;

9) day-to-day customer service.

Legal bases for personal data processing are as follows:

1) Article 6 (1) (a) of the GDPR, i.e. consent – in case of sending a form on Wybieram Axpo, sending marketing offers and contacting the Controller;

2) Article 6 (1) (b) of the GDPR, i.e. the processing of personal data is necessary for the conclusion and performance of the contract, including contracts with eBOK Users and customers contacting by phone, as well as to take steps at the request of the data subject prior to entering into such contract;

3) Article 6 (1) (c) of the GDPR, i.e. legal obligation – in case of issuing an invoice or other accounting document and storing them in the accounting records and in case of carry out the recruitment process;

4) Article 6 (1) (f) of the GDPR, i.e. the Controller's legitimate interest in the possibility for the Controller to exercise and assert claims and to defend against claims;

5) Article 6 (1) (f) of the GDPR, i.e. the Controller's legitimate interest in organising and carrying out promotional programmes organised by the Controller;

6) Article 6 (1) (f) of the GDPR, i.e. the Controller's legitimate interest in processing personal data of persons, who are not AXPO customers, contained in phone call recordings.

Personal data may be made available to entities authorised under the provisions of generally applicable law, in particular institutions authorised to control the Controller's activities or institutions authorised to obtain personal data on the basis of legal provisions, as well as entities providing the Controller with services in the field of outsourcing accounting processes, auditors, legal or tax advisors and IT service providers.

Access to personal data is granted only to persons in case of whom such access is justified due to the tasks performed and the services provided. All persons authorised to process personal data are obliged to keep the data confidential and secure them against disclosure to unauthorised persons.

The Controller may disclose personal data processed by them for the purposes described in this Privacy Policy, within the Axpo Group and to other subsidiaries of the Controller. Disclosure takes place exclusively for the purpose of intra-company management (e.g. accounting, centralised contractor management, etc.).

Your personal data will be stored for:

1) the period of performing the contract for the sale of energy and the contract for the provision of electronic services and after their expiry until the end of the limitation period of possible claims; or

2) the period resulting from the relevant legal provisions; or

3) the duration of the Controller's promotional programmes; or

4) in case of data processing for marketing purposes, until the consent is withdrawn; or

5) for the duration of the recruitment process – in case of giving consent to the processing of personal data in future recruitment processes, the data will be processed until the consent is withdrawn, however not longer than 12 months;

6) in case of eBOK Users: for the period for which they have an active eBOK account;

7) in case of customers contacting the Controller by phone: for the duration of the contract and thereafter until the end of the limitation period of claims resulting therefrom;

8) in case of data of persons who are not customers, collected on phone call recordings, the data will be processed for 24 months after the recording has been made.

If a claim is made by a person, the period of storage and processing of their personal data may be extended if it is necessary for handling the claim and possible defence against such claim.

Provision of personal data is voluntary, but necessary to: conclude and perform a contract for the sale of energy and a contract for the provision of electronic services (in particular the eBOK account), participate in promotional programmes and participate in the recruitment process.

The source of personal data of:

1) the Controller’s contractors,

2) eBOK Users,

3) persons using Wybieram Axpo,

4) persons contacting the Controller,

5) job applicants

are data subjects or the Controller’s contractors.

The source of personal data of the contractors' representatives are the Controller's contractors.

The data subject may exercise the following rights:

1) the right to request access to their personal data, as well as to receive a copy thereof,

2) the right to rectify their personal data,

3) the right to erase their personal data,

4) the right to restrict the processing of personal data,

5) the right to object to the processing of personal data – it is necessary to indicate a specific situation which, in your opinion, justifies the cessation of processing,

6) the right to data portability – If the Controller has obtained personal data on the basis of your consent or contract,

7) the right to withdraw consent to the processing of personal data for a specific purpose – provided that the basis for the processing of your personal data is consent,

8) the right to appeal to the supervisory authority in connection with the processing of personal data by the Controller – the supervisory authority is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

The Controller takes adequate technical and organisational measures to protect your personal data. Your personal data is only accessible to individuals who require it for the purposes and tasks described in this privacy policy (e.g. HR staff, IT system administrators). These persons are all obliged to handle personal data confidentially and solely in accordance with applicable data protection regulations and provisions. Data transmission to us takes place in unencrypted form and by means of an open, cross-border network that is accessible to everyone. However, the Controller has implemented security measures to protect data against unauthorised access and to ensure website authenticity, data integrity and the confidentiality of data transmitted over the group-internal network (Intranet).

Personal data may be transferred to third countries outside the European Economic Area ("EEA"), including the headquarters of the Controller’s parent company – AXPO Holding AG in Switzerland, which, in accordance with the Decision of the European Commission of 26 July 2000, No. C (2000) 2304 ensures an adequate level of protection for personal data transferred from the European Union.

In other cases, the Controller transfers personal data in accordance with the requirements of the GDPR, included among others in Article 46 of the GDPR, in particular on the basis of standard contract clauses.

The Controller may make decisions based on automated processing, including profiling, based on the personal data of eBOK Users.

In other cases, the Controller does not make automated decisions, including decisions resulting from profiling based on your personal data.

You can contact the Controller:

1) by sending an e-mail to the following address: privacy@axpo.pl;

2) by sending a letter to the address of the Controller's registered office.

The recommended way of contacting the Controller with regard to your personal data is by e-mail.

A person who has submitted an application or a request concerning the processing of their personal data, as part of exercising their rights, may be asked to answer a couple of questions, which will enable the verification of their identity.

The Controller's websites also use cookies to track website usage. Cookies are small data files that a web portal leaves on your computer, tablet or smartphone when you visit the site. By using cookies, the website can "remember" certain inputs and settings (e.g. login, language, font size and other preferences) over a certain period of time, and you do not have to re-enter these parameters when returning to the site or navigating the portal.

Information on cookies collected and used on Wybieram Axpo can be found on the website of this service. The following applies to all other Controller's websites.

"Service" cookies

The Controller uses the so-called service cookies primarily to provide the user with electronic services. Cookies used for this purpose include cookies with data entered by the user (session ID) for the duration of the session (user input cookies).

"Analytical" cookies

The Controller uses the so-called analytical cookies to improve the quality of services on the websites. Therefore, the Controller and other entities providing analytical and statistical services to the Controller use cookies by storing information or gaining access to information already stored in the user's telecommunications end device (computer, telephone, tablet, etc.). Cookies used for this purpose include Google Analytics cookies used to analyse the use of websites by the user, to generate statistics and reports on the functioning of websites.

"Marketing" cookies

The Controller and their trusted partners also use cookies for marketing purposes, including in connection with targeting users with behavioural advertising. For this purpose, the Controller and their trusted partners store information or gain access information already stored in the user's telecommunications end device (computer, telephone, tablet, etc.).

Managing cookie settings

Service cookies that are necessary to use the website are automatically installed on the user's device. Their use is necessary to provide a telecommunications service (data transmission to display content) – the user cannot opt out of these cookies if they want to use the websites.

Analytical and marketing cookies are not automatically installed by the Controller. The user may give the Controller permission to install analytical cookies by expressing consent.

The user may give consent to the installation of analytical and marketing cookies by clicking the "Accept all cookies" button on the banner that appears after entering the website. The Controller will then be entitled to install analytical and marketing cookies in accordance with the settings of the browser used by the user (in case of default settings all cookies are installed).

The user may give consent to the installation of only selected analytical or marketing cookies. To do so, they simply click on the "Cookie settings" button on the banner that appears after entering the website and select the cookies they wish to install. The user can withdraw their consent at any time. For this purpose, the user should change the browser settings. Detailed information on this issue can be found at the following links:

Microsoft Edge: https://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plik%C3%B3w-cookie-w-przegl%C4%85darce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
Safari: https://support.apple.com/kb/PH5042?locale=en-GB

If the consent is not given or has been withdrawn for a given type and provider of cookies (if the installation of cookies is not accepted in accordance with the browser settings), the Controller does not install such cookies on the user's end device or ceases to process them.

The user may at any time verify the status of their current privacy settings for the browser used by applying the tools available at the following links:

http://www.youronlinechoices.com/pl/twojewybory

http://optout.aboutads.info/?c=2&lang=EN

Personal Data Protection | Information clauses

In accordance with Article 13 (when your data was obtained directly from you) and Article 14 (when we obtained your data from third parties) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") we hereby inform that:

1. The Controller of your personal data is Axpo Polska sp. z o.o. with its registered office in Warsaw, address: Rondo Daszyńskiego 2B, 00-843 Warsaw, entered into the register of entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under the KRS number: 0000020839, NIP: 5262483798, REGON: 016380846, share capital PLN 241,250,000.00 ("Controller").

2. The Controller has appointed a Data Protection Officer. You can contact the Data Protection Officer via email address: privacy@axpo.pl

3. Your personal data will be processed for the following purposes:

a) with regard to contractors: to perform the contract or to take action at your request before entering into a contract pursuant to Article 6 (1) (b) of the GDPR,

b) with regard to representatives and employees and persons performing the contract on behalf of contractors: to perform the contract concluded by the Controller with the contractor or take action at the Contractor's request prior to entering into a contract, pursuant to Article 6 (1) (f) of the GDPR, i.e. the Controller’s legitimate interests,

c) to comply with legal obligations to which the Controller is subject pursuant to Article 6 (1) (c) of the GDPR (e.g. accounting or tax obligations),

d) to provide marketing services and conduct research, analyses of sales and quality of services provided by the Contractor, which constitute the legitimate interests of the Controller on the basis of Article 6(1)(f) of the GDPR, i.e. providing contractors and potential contractors with the highest possible level of services provided,

e) Handling and processing of reported questions or requests on the basis of the Controller's legitimate interests on the basis of Article 6(1)(f) of the GDPR, i.e. to ensure ongoing and effective provision of information to the questions asked and processing of the requests made,

f) to assert or establish claims, as well as to defend against potential claims ts, pursuant to Article 6 (1) (f) of the GDPR, i.e. the Controller’s legitimate interests.

4. The Controller will process the following personal data for the above purposes:  

a) identification data (e.g. first name, last name, PESEL or ID card number, if required); 

b) contact data (e-mail address, telephone number, mailing address); 

c) basic information about your business activity (e.g. REGON number, tax ID number, company name); 

d) information included in the contracts with the Controller or in relation to such contracts (e.g. energy consumption point);

e) in the case of representatives - basic information related to your employment (e.g. position, business contact information);

5. data contained in the documents sent to the Controller;

6. other data provided by the contractor to the Controller.

7. In the case of collecting personal data directly from you - the provision of personal data by you is voluntary, while the refusal to provide it may result in the inability to conclude or perform a contract with the Controller, or to process your questions or requests.

8. In case you have not provided personal data directly to the Controller- personal data may have been provided to the Controller by a contractor you represent.

9. We will keep your data for the period of performance of the contract and after its expiration until the end of the statute of limitations for possible claims or for the period resulting from the relevant legislation. In the case of data processing based on the legitimate interest of the Controller, your personal data will be kept until the existence of the Controller's legitimate interest, in particular, until the expiration of the statute of limitations for claims.

10. Your personal data may be transferred to other entities (e.g. authorized partners who conclude contracts with contractors on behalf of the Controller, relevant network operators, entities conducting postal or courier activities, debt collectors or banking services providers, Controller’s parent company being Axpo Holding AG or to other companies in the Axpo Group to which the Controller belongs) or external service providers (e.g. entities providing accounting, tax, legal, distribution or IT services).

11. Your personal data may be transferred outside the EEA, including the headquarters of the Controller's parent company – AXPO Holding AG in Switzerland, which, in accordance with the Decision of the European Commission of 26 July 2000, No. C (2000) 2304, ensures an adequate level of protection for personal data transferred from the European Union (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32000D0518). In other cases, the transfer of data outside the EEA takes place in accordance with Article 46 of the GDPR, in particular on the basis of standard contract clauses, approved by the European Commission, which you can find here:: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

12. The Controller does not make automated decisions, including profiling, based on the personal data provided.

13. We inform you that you have the right to request access to your personal data, their rectification, erasure, restriction of processing and their portability. Each person has the right to appeal to the supervisory authority(in Poland- the President of the Personal Data Protection Office).

14. You have the right to object to the processing of your personal data based on the legitimate interest of the Controller, as well as to object to the processing of your personal data for marketing purposes.

15. In any case regarding your personal data, you can contact us: by telephone, letter to the address of the Controller's registered office indicated above or by e-mail to privacy@axpo.pl.

2. The Controller has appointed a Data Protection Officer. You can contact the Data Protection Officer via email address: privacy@axpo.pl.

3. Your personal data will be processed for the following purposes:

a) to make an offer to potential customers who have given their consent to be contacted pursuant to Article 6 (1) (a) of the GDPR,

b) for marketing purposes (other than those indicated in Section 3(a) above), including conducting research and analyses of sales and quality of services provided by the Controller, which constitute the Controller's legitimate interests pursuant to Article 6 (1) (f) of the GDPR that is, to provide contractors and potential contractors with the highest quality of service,

c) if you express a desire to enter into a contract with the Controller - to take steps aimed at concluding the contract for products and services offered by the Controller pursuant to Article 6 (1) (b) of the GDPR,

d) to comply with legal obligations to which the Controller is subject in connection with Article 6 (1) (c) of the GDPR (e.g. accounting or tax obligations),

e) with regard to persons contacting the Controller by phone, who are not contractors- handling and processing of submitted questions or requests on grounds of the Controller's legitimate interests on the basis of Article 6(1)(f) of the GDPR, i.e. to ensure timely and effective response to questions raised and handling of submitted requests.

f) Establishment, defense and pursuit of possible legal (including through the collection of recordings of telephone conversations) being the legitimate interest of the Controller on the basis of Article 6(1)(f) GDPR.

g) In the case of refusal to consent to be contacted for marketing purposes, including presentation of an offer-maintain a list of entities which have not consented to marketing contact on the basis of Article 6(1)(f) GDPR, being the legitimate interest of the Controller, i.e. ensuring that a decision as to the refusal to consent is respected and defence against potential claims.

4. The Controller will process the following personal data for the aforementioned purposes:

a) Identification data (e.g. first name, last name, PESEL or ID card number, if required);

b) Contact data (e-mail address, telephone number, postal address);

c) Basic information about your commercial activity (e.g. KRS number, tax ID number (NIP), company name);

d) Work-related data (e.g. position, business contact information);.

e) Data contained in documents sent by you to the Controller.

5. In the case where personal data is collected directly from you- providing your personal data is voluntary, but refusal to provide it may result in an inability to conclude a contract with the Controller or to process your questions or requests.

6. If you have not disclosed your personal data directly to the Controller- the Controller obtains your personal data from publicly available sources, such as the Polish Central Register and Information on Business Activity (CEiDG). If you are a representative of the Controller's potential contractors - your personal data may have been provided to the Controller by the contractor you represent, e.g. in order to conclude a contract or present an offer.

7. If the data processing is based on the consent granted, your personal data will be stored until the consent is withdrawn (without affecting the legality of the processing carried out on the basis of consent before its withdrawal), but in any case for a period not exceeding 1 year (whichever comes first). In other cases, we will store your data until the end of the limitation period for possible claims or for the period resulting from the relevant legal provisions.

8. Your personal data may be transferred to other entities ( authorized partners who conclude contracts with contractors on behalf of the Controller, relevant network operators, entities conducting postal or courier activities, debt collectors or banking services providers, Controller’s parent company being Axpo Holding AG or to other companies in the Axpo Group to which the Controller belongs) or external service providers (e.g. entities providing accounting, tax, legal, distribution or IT services).

9. Your personal data may be transferred outside the EEA, including the headquarters of the Controller's parent company – AXPO Holding AG in Switzerland, which, in accordance with the Decision of the European Commission of 26 July 2000, No. C (2000) 2304, ensures an adequate level of protection for personal data transferred from the European Union (Decision - 2000/518 - EN - EUR-Lex (europa.eu)). In other cases, the transfer of data outside the EEA takes place in accordance with Article 46 of the GDPR, in particular on the basis of standard contract clauses, approved by the European Commission, which you can find here:: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

10. The Controller does not make automated decisions, including profiling, based on the personal data provided.

11. We inform you that you have the right to request access to your personal data, their rectification, erasure, restriction of processing and their portability. Each person has the right to appeal to the supervisory authority in Poland- the President of the Personal Data Protection Office),and to withdraw consent at any time without affecting the lawfulness of the processing, which was carried out on the basis of the consent before its withdrawal.

12. You have the right to object to the processing of your personal data based on the legitimate interest of the Controller, as well as to object to the processing of your personal data for marketing purposes.

13. In any case regarding your personal data, you can contact us: by phone, by letter to the address of the Controller's registered office indicated above or by e-mail to privacy@axpo.pl.

2. The Controller has appointed a Data Protection Officer. You can contact the Data Protection Officer via email address: privacy@axpo.pl.

3. Your personal data will be processed for purposes:

a) with respect to non-customers who contact the Controller or with whom the Controller is contacted - handling and processing of reported questions or requests based on the Controller's legitimate interests on the basis of Article 6(1)(f) of the GDPR, i.e. ensuring the ongoing and effective provision of information to the questions asked and processing of reported requests,

b) with regard to persons representing (potential) contractors who contact the Controller or who are contacted by the Controller on matters related to the execution or conclusion of an agreement with the Controller - handling and processing of submitted questions or requests on the basis of the Controller's legitimate interests on the basis of Article 6(1)(f) GDPR, i.e. execution or conclusion of an agreement with the contractor you represent,

c) in the case of contractors who contact the Controller or who are contacted by the Controller in matters related to the performance or conclusion of a contract with the Controller, data will be processed for the purpose of performing the contract or taking action at the request of the contractor on the basis of Article 6(1)(b) GDPR.

4. The Controller may process the following personal data for the above purposes:

a) identification data (e.g. first name, last name, PESEL or ID card number, if required);

b) contact data (e-mail address, telephone number, mailing address);

c) basic information about your business (e.g. REGON number, Tax ID number, company name);

d) basic information related to your employment (e.g. position, business contact information);

e) information on the contract concluded with the Controller,

f) data contained in your submitted request or documents.

5. In the case where personal data is collected directly from you- the provision of personal data by you is voluntary, while the refusal to provide it may result in the inability to conclude or execute a contract with the Controller, or to process your questions or requests.

6. In the case where you did not provide personal data directly to the Controller - if you are a representative of the Controller's (potential) contractors, your personal data may have been provided to the Controller by the Contractor you represent, e.g. in order to conclude or perform a contract, or to present an offer.

7. The data will be stored until an answer is provided to the inquiry and the statute of limitations for possible claims.

8. Your personal data may be transferred to other entities (autoryzowanym partnerom, którzy zawierają umowy z kontrahentami w imieniu Administratora, właściwym operatorom sieci, podmiotom prowadzącym działalność pocztową lub kurierską, podmiotom nabywającym wierzytelności lub podmiotom świadczącym usługi bankowe, spółce matce Administratora, którą jest Axpo Holding AG lub innym spółkom z grupy kapitałowej Axpo, do której należy Administrator) or external service providers (e.g. entities providing accounting, tax, legal, distribution or IT services).

9. Your personal data may be transferred outside the EEA, including the headquarters of the Controller's parent company – AXPO Holding AG in Switzerland, which, in accordance with the Decision of the European Commission of 26 July 2000, No. C (2000) 2304, ensures an adequate level of protection for personal data transferred from the European Union (https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:02000D0518-20161217). In other cases, the transfer of data outside the EEA takes place in accordance with Article 46 of the GDPR, in particular on the basis of standard contract clauses approved by the European Commission, which you can read at the following link: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

10. The Controller does not make automated decisions, including profiling, based on the personal data provided.

11. We inform you that you have the right to request access to your personal data, their rectification, erasure, restriction of processing and their portability. Each person has the right to appeal to the supervisory authority, to object to the processing of personal data and to withdraw consent at any time without affecting the lawfulness of the processing, which was carried out on the basis of the consent before its withdrawal.

12. You have the right to object to the processing of your personal data based on the legitimate interest of the Controller.

In any case regarding your personal data, you can contact us: by telephone, letter to the address of the Controller's registered office indicated above or by e-mail to privacy@axpo.pl.

2. The Controller has appointed a Data Protection Officer. You can contact the Data Protection Officer via email address: privacy@axpo.pl.

3. Your personal data will be processed for the purposes of:

a) carrying out the recruitment process for the position for which you are applying, within the scope of personal data required by Article 221 §1 of the Labor Code (first and last name, date of birth, contact details, education, professional qualifications and history of previous employment) on the basis of Article 6(1)(c) of the GDPR, i.e. legal obligation,

b) to carry out the recruitment process with respect to personal data other than that indicated in the point above, provided in your resume, form, cover letter and other documents on the basis of your consent (Article 6(1)(a) or Article 9(2)(a) GDPR),

c) to check and assess your skills and qualifications for the selected position on the basis of Article 6(1)(f) GDPR, i.e. the Controller's legitimate interest in ensuring a fair recruitment process for all candidates and selecting a person with the appropriate qualifications and skills required for the position,

d) for the purposes of future recruitment on the basis of Article 6(1)(a) GDPR i.e. your consent to the processing of data for this purpose (if you have given such consent),

e) to receive and process notifications and conduct investigations in the event that you make a notification on the basis of the Act of June 14, 2024 on the protection of whistleblowers on the basis of Article 6(1)(b) GDPR, i.e. to fulfill the legal obligation imposed on the Administrator by the Act on whistleblowers (the full information clause in connection with the reception and handling of the aforementioned notifications is available at: https://www.axpo.com/pl/en/legal-information.html),

f) establishing, defending or pursuing possible claims being the legitimate interest of the Controller on the basis of Article 6(1)(f) GDPR.

4. The Controller will process the following personal data for the above purposes:    

a) basic information about you (name, date of birth),

b) contact information,

c) data on your education, professional qualifications and history of previous employment (if necessary for a specific type of job or position),

d) other data voluntarily provided by you in your resume or during the recruitment process, which are not required by the Controller on the basis of Article 221 of the Labor Code (points a-c above), including special categories of personal data (e.g., medical data, data on trade union membership)

e) in the event that you make a notification under the Act of June 14, 2024 on the protection of whistleblowers-identification data, contact data and any personal data contained in the application, or related documents,

f) in case of employment of a candidate as a result of the recruitment process- residential address, type and number of identity document, data of the prospective employee (or children of the employee and other members of his/her immediate family) necessary due to the employee's enjoyment of special rights provided by the labor law, education and course of previous employment (if these data were not obtained during the recruitment process) and payment account number. 

5. Your data will be processed by us in order to carry out the recruitment process. The basis for processing is the obligation resulting from legal provisions, in particular Article 22¹ of the Labor Code in connection with Article 6 (1) (c) of the GDPR. In case of providing personal data not resulting from the above-mentioned obligation, the legal basis for the processing will be your consent pursuant to Article 6 (1) (a) of the GDPR). Additionally, you may give consent to the processing of personal data in future recruitment processes. The basis for processing is your consent, in accordance with Article 6 (1) (a) of the GDPR.

6. The data will be stored until the recruitment process is completed and for the period of the statute of limitations for possible claims under the relevant laws. In case of giving consent to the processing of personal data in future recruitment processes, the data will be processed until the consent is withdrawn, however not longer than 12 months. Personal data processed in connection with your notification under the Act of June 14, 2024 on the protection of whistleblowers will be retained for a period of 3 years after the end of the calendar year in which the follow-up actions or proceedings initiated by these actions were completed.

7. Provision of personal data within the scope of data described in Article 22¹ §1 of the Labor Code is necessary to participate in the recruitment process. The provision of other personal data is voluntary.

8. Your personal data may be transferred to other entities (e.g. authorized partners who conclude contracts with contractors on behalf of the Controller, relevant network operators, entities conducting postal or courier activities, debt collectors or banking services providers, Controller’s parent company being Axpo Holding AG or to other companies in the Axpo Group to which the Controller belongs) or external service providers (e.g. entities providing accounting, tax, legal, distribution or IT services).

9. Your personal data may be transferred outside the EEA, including the headquarters of the Controller's parent company – AXPO Holding AG in Switzerland, which, in accordance with the Decision of the European Commission of 26 July 2000, No. C (2000) 2304, ensures an adequate level of protection for personal data transferred from the European Union (https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:02000D0518-20161217). In other cases, the transfer of data outside the EEA takes place in accordance with Article 46 of the GDPR, in particular on the basis of standard contract clauses, approved by the European Commission, which you can find here:: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

10. The Controller does not make automated decisions, including profiling, based on the personal data provided.

11. We inform you that you have the right to request access to your personal data, their rectification, erasure, restriction of processing and their portability. Each person has the right to appeal to the supervisory authority, to object to the processing of personal data and to withdraw consent at any time without affecting the lawfulness of the processing, which was carried out on the basis of the consent before its withdrawal.

12. In any case regarding your personal data, you can contact us: by phone, by letter to the address of the Controller's registered office indicated above or by e-mail to privacy@axpo.pl.

1. This information clause relates to the processing of personal data in connection with the filing and handling of reports pursuant to the Act of June 14, 2024 on the protection of whistleblowers (Journal of Laws 2024, item 928) (the “Whistleblowers Act”):

a) whistleblowers (as defined in the Whistleblowers Act),

b) persons subject to the report (within the meaning of the Whistleblowers Act),

c) persons assisting in making a report (within the meaning of the Whistleblowers Act),

d) witnesses to the event that was subject to reporting by the whistleblower.

2. The Controller of your personal data is Axpo Polska sp. z o.o. with its registered office in Warsaw, address: Rondo Daszyńskiego 2B, 00-843 Warsaw, entered into the register of entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under the KRS number: 0000020839, NIP: 5262483798, REGON: 016380846, share capital PLN 241,250,000.00 ("Controller").

3. The Controller has appointed a Data Protection Officer. You can contact the Data Protection Officer via email address: privacy@axpo.pl.

4. Your personal data will be processed for the following purposes:

a) receiving and investigating reports referred to in the Whistleblowers Act on the basis of Article 6(1)(b) GDPR, i.e. fulfillment of the controller's legal obligation imposed by the Whistleblowers Act,

b) to conduct investigations of reports, on the basis of Article 6(1)(c) GDPR, i.e. to fulfill the controller's legal obligation under the Whistleblowers Act,

c) to fulfill the controller's legal obligation under the Whistleblowers Act,

d) to ensure the protection of whistleblowers, persons assisting in the making of a report, witnesses and persons affected by reports, on the basis of Article 6(1)(c) of the GDPR, i.e. to fulfill a legal obligation under the law, in particular the Whistleblowers Act,

e) to establish, defend and pursue potential claims, including those related to proceedings under the Whistleblower Act, being the legitimate interest of the Controller on the basis of Article 6(1)(f) of the GDPR.

f) to maintain records and documentation required by the Whistleblowers Act, on the basis of Article 6(1)(c) GDPR, i.e. to fulfill a legal obligation incumbent on the controller,

g) to analyze and monitor reports in order to improve internal procedures and prevent legal violations, on the basis of Article 6(1)(f) GDPR, i.e. to fulfill the controller's legitimate interest in improving risk management and internal compliance.

h) in case the whistleblower has consented to the disclosure of his/her data-disclosure of the whistleblower's personal data allowing the identification of the whistleblower on the basis of Article 6(1)(a) GDPR, i.e. the whistleblower's consent,

i) in the case of processing of special categories of personal data disclosed in a notification or if such data are relevant to the notification and investigation,, e.g., health data, the processing will be carried out on the basis of Article 9(2)(g) GDPR, i.e., processing necessary due to substantial public interest under the law, in particular the Whistleblowers Act.

5. The Controller will process the following personal data for the aforementioned purposes:

a) identification data of the persons making the report (whistleblowers), persons assisting in making the report, witnesses, and persons subject to the report, such as name and surname,

b) contact information of whistleblowers and persons subject to the report, in the case of non-anonymous reports, such as: e-mail address, telephone number, mailing address,

c) information related to the violation, including:

i. description of the violation: detailed information about the reported incident, violation or suspected violation,

ii. indication of the person subject to the report, i.e., identification data of the person whose conduct is the subject of the report,

iii. indication of persons with knowledge of the violation: names, positions and other identifying data of persons who may have information about the reported incident,

iv. documents constituting evidence in the case: any material that may be attached to the notification, such as files, documents, photos, audio/video recordings, electronic correspondence, which may confirm the violation,

v. additional information that makes it probable that a violation has occurred or is suspected: any other information provided by the whistleblower that may facilitate the verification of the report or the investigation,

vi. information on previous reports on the same matter: whether the violation has been previously reported to others in the organization, such as supervisors, and the details of those reports,

d) data on the workplace, position, responsibilities of the persons indicated in the report, and other information related to the performance of official duties,

e) data on investigation or disciplinary proceedings: information related to any investigation conducted on the basis of the report, including the results of the investigation, decisions and actions taken by the Controller,

f) special categories of personal data (e.g., health data), if relevant to the notification and investigation,

g) other personal data included in the content of the notification, if they are relevant to the investigation of the notification in accordance with the provisions of the Whistleblowers Act.

6. At the same time, reports can be made anonymously, which means that in such cases the whistleblowers' identification data will not be processed.

7. In the case of collecting personal data directly from you - the provision of personal data by you is voluntary, however, to the extent that the processing of personal data results from legal obligations imposed on the Controller by the provisions of the Whistleblowers Act, the provision of data is mandatory. Refusal to provide them may result in the inability to effectively process your notification or take action in connection with the violations referred to in your notification.

8. If your data is obtained from sources other than directly from you - your data may have been provided to the Controller by the whistleblower making the report, a person assisting in making the report, a witness to the incident, or any other person with knowledge of the violation, in accordance with the provisions of the Whistleblower Law. In such a case, the Controller is not obliged to inform you of the acquisition of the data if this could hinder the investigation in accordance with the Whistleblowers Act, and, in particular, the Controller shall not disclose the whistleblower's personal data without the whistleblower's explicit consent.

9. Personal data processed in connection with the acceptance of a notification or follow-up action will be kept for a period of 3 years after the end of the calendar year in which the follow-up action or proceedings initiated by those actions were completed.

10. Personal data that is not relevant to the processing of the notification will be deleted immediately, no later than 14 days after it is determined that it is not relevant to the case.

11. Personal data processed on the basis of consent will be processed until the consent is withdrawn without affecting the legality of the processing carried out on the basis of consent before its withdrawal.

12. To the extent not mentioned in points 10-13, personal data will be kept until the end of the statute of limitations for possible claims, or for the period prescribed by applicable law.

13. Your personal data may be transferred to other entities (to public authorities and courts, and to the Controller's parent company, which is the Axpo Holding AG or other companies in the Axpo Group, to which the Controller belongs) and third-party service providers (providers of the platform designed for notifications).

14. Your personal data may be transferred outside the EEA, including the headquarters of the Controller's parent company – AXPO Holding AG in Switzerland, which, in accordance with the Decision of the European Commission of 26 July 2000, No. C (2000) 2304, ensures an adequate level of protection for personal data transferred from the European Union (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32000D0518). In other cases, the transfer of data outside the EEA takes place in accordance with Article 46 of the GDPR, in particular on the basis of standard contract clauses, approved by the European Commission, which you can find here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

15. The Controller does not make automated decisions, including profiling, based on the personal data provided.

16. We inform you that you have the right to request access to your personal data, their rectification, erasure, restriction of processing and their portability, and to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal. Each person has the right to appeal to the supervisory authority in Poland- the President of the Personal Data Protection Office), to object to the processing of personal data and to withdraw consent at any time without affecting the lawfulness of the processing, which was carried out on the basis of the consent before its withdrawal.

17. You have the right to object to the processing of your personal data based on the legitimate interest of the Controller.

In any case regarding your personal data, you can contact us: by phone, by letter to the address of the Controller's registered office indicated above or by e-mail to privacy@axpo.pl.

2. The Controller has appointed a Data Protection Officer. You can contact the Data Protection Officer via email address: privacy@axpo.pl.

3. Your personal data will be processed for the following purposes:

a) to perform the contract concluded with the Controller pursuant to Article 6 (1) (b) of the GDPR,

b) to comply with legal obligations to which the Controller is subject in connection with Article 6 (1) (c) of the GDPR (e.g. accounting or tax obligations),

c) to provide marketing services, conduct research, analyses of sales and quality of services provided by the Contractor, on the basis of Article 6 (1) (f) of the GDPR, i.e. the Controller's legitimate interests in the form of providing contractors and potential contractors with the highest possible level of service,

d) in the case of customers contacting the Controller on matters related to the execution or conclusion of a contract with the Controller, the data will be processed for the purpose of performing the contract or taking action at the customer's request on the basis of Article 6(1)(b) of the GDPR,

e) with regard to non-customers contacting the Controller- handling and processing of reported questions or requests on the basis of the Controller's legitimate interests on the basis of Article 6(1)(f) of the GDPR, i.e. ensuring ongoing and effective provision of information to the questions asked and processing of reported requests,

f) defence against possible claims and, their investigation and defence being a legitimate interest of the Controller on the basis of Article 6(1)(f) of the GDPR.

4. The Controller will process the following personal data for the above purposes:   

a) identification data (e.g. first name, last name, PESEL or ID card number, if required);  

b) contact data (e-mail address, telephone number, mailing address);  

c) basic information about your business activity (e.g. REGON number, Tax ID number, company name); 

d) basic information related to your employment (e.g. position, business contact information);  

e) information on the contract concluded with the Controller;

f) data contained in documents sent to the Controller.  

5. In the case where you have collected personal data directly from the Controller - the provision of personal data by you is voluntary, while the refusal to provide it may result in the inability to conclude or execute a contract with the Controller, or to process your questions or requests.

7. We will store your data for the period of performance of the contract and after its expiry until the end of the limitation period for possible claims or for the period resulting from the relevant legal provisions.

8. Your personal data may be transferred to other entities (authorized partners who enter into contracts with contractors on behalf of the Controller, relevant network operators, postal or courier companies, debt acquirers or banking service providers, the Controller's parent company Axpo Holding AG or other companies in the Axpo Group to which the Controller belongs). or external service providers (e.g. entities providing accounting, tax, legal, distribution or IT services).

9. Your personal data may be transferred outside the EEA, including the headquarters of the Controller's parent company – AXPO Holding AG in Switzerland, which, in accordance with the Decision of the European Commission of 26 July 2000, No. C (2000) 2304, ensures an adequate level of protection for personal data transferred from the European Union (https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:02000D0518-20161217). In other cases, the transfer of data outside the EEA takes place in accordance with Article 46 of the GDPR, in particular on the basis of standard contract clauses approved by the European Commission, which you can read at the following link: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

10. We inform you that you have the right to request access to your personal data, their rectification, erasure, restriction of processing and their portability. Each person has the right to appeal to the supervisory authority, to object to the processing of personal data and to withdraw consent at any time without affecting the lawfulness of the processing, which was carried out on the basis of the consent before its withdrawal.

11. Based on your personal data, we will make automated decisions.

13. In any case regarding your personal data, you can contact us: by phone, by letter to the address of the Controller's registered office indicated above or by e-mail to privacy@axpo.pl.

Terms of use of axpo.com website

The definitions used in these Terms of Use shall have the following meaning:

1. Axpo or Service Provider – Axpo Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, at Rondo Daszyńskiego 2B, 00-843 Warsaw, entered into the register of entrepreneurs of the National Court Register under KRS number: 0000020839, for which the registration files are kept in the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register NIP: 5262483798, REGON: 016380846, share capital: PLN 241,250,000.00, e-mail: bok@axpo.pl;

2. Data – all information, data, materials, works, pictures, films, images, documents, signs, symbols, applications, programmes and other elements of the Website, placed on the Website by the Service Provider;

3. Civil Code – Act of 23 April 1964 – Civil Code (consolidated text, Official Journal of Laws of 2020, item 1740 as amended);

4. Terms of Use – these "Terms of Use of axpo.com website";

5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the European Union L No. 119, p. 1);

6. Website – an ICT platform available through the website www.axpo.com, enabling the User to use the Services;

7. Services – services provided electronically by Axpo through the Website;

8. APES – Act of 18 July 2002 on the provision of electronic services (Official Journal of Laws of 2020, item 344 as amended);

9. User – any person using the Website.

1. These Terms of Use are rules for the provision of electronic services within the meaning of APES, define the terms and conditions for the provision of Services by the Service Provider by electronic means described in § 4 below and the rights and obligations of Users.

2. The Service Provider provides Services by electronic means free of charge, in accordance with these Terms of Use.

3. These Terms of Use specify in particular:

a) types and scope of Services provided electronically by Axpo;

b) conditions for providing Services;

c) technical requirements necessary for cooperation with the ICT system used by the Service Provider;

d) prohibition to provide illegal content by the User;

e) conditions for concluding and terminating contracts for the provision of Services;

f) complaint procedure.

1. The purpose of the Website is to provide information on Axpo and its services. The information contained on the Website may bespeculative and may refer to the future. It shall express the Axpo assessment made at the time of posting this information.

2. The published content shall not constitute an inquiry or offer. The information contained on the Website shall not constitute the basis for Axpo to make binding decisions or to answer questions in individual cases. No decisions, including in particular those regarding employment, shall be made on the basis of this information.

3. The content published on the Website shall not constitute any promises or guarantees.

4. Neither Axpo nor any of its subsidiaries and affiliates shall be held liable for any loss, damage or liability, whether direct, indirect or consequential, in tort, including negligence, or contractual, or to any person or third parties, caused by any reason whatsoever, including access to, use or non-use of information and materials made available on this website, misuse of the connection, technical malfunctions or access to linked sites. Furthermore, the company shall not be liable for the content of the linked sites. The provisions of this paragraph shall not apply to consumers within the meaning of Article 22¹of the Civil Code and self-employed persons.

1. The entire content of the Website is protected by copyright. The Axpo logo on the Website is the property of Axpo Holding AG and is a registered trademark.

2. Entering the Website, downloading and copying Data from this website or any part thereof shall not grant the User any rights to this content, software, registered trademark, or any other rights to the Data or elements of the Website. It is prohibited to modify, reproduce or use the website, the Axpo Holding AG logo or any part thereof for public or commercial purposes without the prior consent of Axpo Holding AG.

3. The use of the Website and Data by Users may only take place in accordance with the provisions of the Terms of Use and in accordance with applicable law.

1. Through the Website, Axpo provides Services consisting in the access to:

a) information, materials and announcements posted on the Website;

b) a search engine for content available on the Website;

c) a contact form;

d) Axpo's current contact details;

e) information on current job offers;

f) information on Axpo's current offers, promotional programmes, including regulations on current promotions;

g) redirections to selected websites related to Axpo;

h) redirections to the site where job offers in the Axpo group are visible.

2. Axpo stipulates that the Website pages may contain links to other websites, including those unrelated to Axpo, which have separate regulations, terms of use and privacy policies. Axpo shall not be liable for the content of these regulations, terms of use and conditions.

1. The User undertakes to comply with these Terms of Use.

2. The commencement of the use of the Services by the User shall be tantamount to the acceptance of these Terms of Use and the conclusion of a contract with Axpo for the provision of Services.

3. It is prohibited to provide unlawful content to the Website, in particular offensive content, that may be misleading, contains viruses or may cause disruptions or damage to ICT systems. The User undertakes not to engage in such unlawful activities.

4. If such content is provided by the User, Axpo shall have the right to block or restrict the User's access to the Services and to take legal action for damages.

5. The User may terminate the use of the Website at any time. If the User terminates the use of the Website, the contract for the provision of Services shall be terminated without any separate statements.

6. In order to properly cooperate with the Axpo ICT system, the User's device must meet the following technical requirements:

a) have access to the Internet,

b) have one of the following web browsers installed: Firefox, Chrome, Safari, Edge, Opera; the browser should be updated to the latest version.

7. The use of selected functionalities of the Website may depend on the User's acceptance of cookies and activation of Java, Java Script software.

1. The User shall have the right to lodge complaints regarding access and operation of the Services.

2. Complaints may be submitted via:

a) e-mail (to the e-mail address: bok@axpo.pl),

b) by letter (to the address of Axpo Polska sp. z o.o., Rondo Daszyńskiego 2B, 00-843 Warsaw),

c) by phone (at: 22 452 53 00).

3. The complaint shall include: a description of the event to which it refers and the User's contact details.

4. The complaint related to the Website shall be considered as soon as possible, in a form corresponding to the manner of lodging complaints, subject to the provision of relevant contact details by the User. The time limit for this service shall be in accordance with Axpo's customer service standards and shall not be longer than 14 days.

1. The controller of the User's personal data provided by the User on the Website is Axpo Polska sp. z o.o. with its registered office in Warsaw, Rondo Daszyńskiego 2B, 00-843 Warsaw.

2. Detailed information on personal data protection is available at https://www.axpo.com/pl/pl/poznaj-Axpo/informacje-prawne.html.

1. Bearing in mind the public nature of the Internet, Axpo hereby informs that using the Website may involve risks. Specific risks shall include:

a) the possibility of receiving spam, i.e. unsolicited advertising (commercial) information transmitted electronically;

b) the presence and operation of malware, including computer viruses;

c) the presence and operation of Internet worms, i.e. malware capable of self-replication;

d) the possibility of exposure to spyware, i.e. software that spies on the user's activity on the Internet and installs itself without the user's knowledge, consent or control;

e) the possibility of being exposed to cracking or phishing (password mining);

f) piracy;

g) sniffing – unauthorised eavesdropping, other than cracking and phishing, consisting in the use of a sniffer – a computer program which intercepts and possibly analyses data flowing in the network;

h) the possibility of introducing by other persons using the ICT system and/or telecommunications network illegal devices which provide unauthorised access to services;

i) operations of cryptanalysis, i.e. finding weaknesses in the cryptographic system, and thus making it possible to break or circumvent it.

2. Due to the specific nature of electronic threats, in order to minimise the risk and increase the level of security, the User is recommended to protect the devices they use, e.g. by introducing access control mechanisms to these devices, protecting data used for access authentication, installing anti-virus software, having an up-to-date operating system, as well as connecting end devices solely to reliable Wi-Fi networks. The User using public ICT channels accepts the above risk.

1. The Terms of Use are made available to the User free of charge on the Website and, at the User's request, may be sent to the e-mail address provided by them in a form that allows the User to obtain, reproduce and record them on a computer or other end device.

2. In matters not covered by these Terms of Use, the provisions of generally applicable law, in particular the Civil Code and the APES, shall apply. The application of the provisions of the Civil Code regarding the offer made in electronic form shall be excluded unless these Terms of Use provide otherwise.

3. Axpo reserves the right to amend the Terms of Use for important reasons. Important reasons shall include, in particular:

a) introduction of new or amendments to the existing legal provisions;

b) adjustment to necessary changes introduced in the Service Provider's current ICT system;

c) changes to the functionality of the Website consisting in adding new services, functions, tools or modules;

d) changes to the Axpo's offer.

4. In case of any amendments to the Terms of Use, Axpo shall post the new text of the Terms of Use on the Website. Amendments to the Terms of Use shall enter into force after 14 days from their publication and notifying the Users of the new text of the Terms of Use by means of an announcement posted on the Website or in another customary manner. Further use of the Website after the new text of the Terms of Use enters into force shall mean the acceptance of these provisions.

5. Axpo shall make every effort to ensure the proper and uninterrupted functioning of the Website. Possible interruptions in the operation of the Website may occur in connection with the modification or update of the software, the contents of the Website or as a result of unforeseen failures and errors. In case of failures and technical errors caused by problems with hardware or software, Axpo shall take measures to limit the negative effects of the technical problems on the Users as far as possible.

6. These Terms of Use shall enter into force on 13 December 2020.