Privacy policy

Information for contractors

When entering into contracts, we sometimes ask our contractors to provide information about processing personal data to individuals acting on their behalf or representing them. This information (“Policy”) relates to such a request and fulfils an obligation to provide information to individuals representing and acting on behalf of or for Gemius' contractors.

If, in addition, you are a user of Gemius research interfaces, the information prepared for you can be found in the Privacy policy for the use of Gemius products

Who is the controller of my data?

The controller of your personal data is the Gemius Group company with which your employer (client, principal, or your business partner - hereinafter referred to as "Contractor") has entered into an agreement. The contact details of the Gemius Group companies can be found at www.gemius.com/contact.html.

How did Gemius receive my data?

We have obtained your information because you are a person acting on behalf of or for the Contractor and we have obtained the information from you, it has been provided to us by the Contractor, or it has been collected from publicly available records (e.g., data of persons representing the Contractor as listed in the Agreement).

The provision of information is necessary for the conclusion and performance of the Agreement or for us to work together.

For what purpose and for how long are the data processed?

Data processing purposes Legal basis Period of data processing
Establishing, asserting, or defending against claims Legitimate interest of the controller (Art. 6(1)(f) GDPR) Until the period of limitation of claims, not longer than 6 years from the end of the calendar year counted from the next year in which the event giving rise to the claims occurred
Fulfilment of legal obligations, inter alia the need to issue documents such as a VAT invoice Legal obligation (Article 6(1)(c) GDPR) 5 years from the end of a calendar year, starting from the following year in which the event giving rise to the legal obligation occurred
Marketing of the administrator's products and services, e.g. sending information on new services legitimate interest of the controller (art. 6(1)(f) GDPR) until such time as an objection is raised and upheld

What personal information is processed about me?

We process your business contact information (e.g. name, position, phone number, email address) and your contact history.

To whom is the data transferred, and to whom is it shared?

Your personal data will not be transferred to third countries unless the Contractor's headquarters or personal data controller is located in a third country. Recipients of personal data may be:

  • Other Gemius Group entities providing, for example, technical, legal or accounting services,
  • Entities providing legal services and auditing entities,
  • Entities cooperating with us to the extent indicated in the contract with the Contractor,
  • Entities delivering correspondence,
  • Public authorities or entities entitled to obtain data under the law,
  • Suppliers acting on our behalf, including CRM system providers outside the European Economic Area (data is transferred subject to security measures provided by law).

What are my rights?

You have the right to:

  • Request access to your personal data, request a copy of it, and request their transfer,
  • Request rectification (correction) of personal data,
  • Request for restriction of processing of personal data,
  • Request deletion of personal data,
  • Object to the processing of personal data.

How can I contact you regarding the processing of my data?

If you have any questions or concerns regarding data processing, please contact us at the following e-mail address: privacy[at]gemius.com. We have appointed a Data Protection Officer - Jacek Grabowski, whom you can contact at this address. If you believe that we have acted inconsistently with this Policy or have any questions about it, please contact us at the above e-mail address or by mail to our address as indicated on the page containing contact information for Gemius Group companies. You may also make a formal complaint to the relevant data protection authority.