Privacy Policy NMI ERP

1. Intro

The Privacy Policy of NMI ERP Sp. z o.o. has been developed to ensure that the personal data processed by our company is protected and managed in accordance with applicable data protection regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR). The purpose of our policy is to provide transparency in the processing of personal data and to reassure individuals whose data we process about their rights and privacy protection measures.

2. Data Controller

The controller of your personal data is NMI ERP Sp. z o.o., with its registered office at ul. św. Filipa 23/3, 31-150 Kraków, registered in the National Court Register (KRS) under number KRS 0000862154.

3. What data do we process?

We process the following personal data:

• Full name
• Email address
• Telephone number (if provided)
• Company name
• Job position
• Other contact details necessary to provide services

4. Purpose of processing personal data

Personal data will be processed for the purpose of:

• Providing services related to ERP system implementations and other services delivered by our company,
• Sending marketing information, including offers, promotions, and invitations to events (such as webinars, training sessions) – only to the extent consent has been given or permitted by law,
• Executing contracts with clients, including technical support services,
• Meeting legal requirements related to the storage of documents and data.

5. Legal bases for processing personal data

We process your personal data on the basis of:

• Your consent (Article 6(1)(a) GDPR) – when you consent to the processing of your data for marketing purposes,
• Contract performance (Article 6(1)(b) GDPR) – when providing services and fulfilling contractual obligations,
• Legal obligation (Article 6(1)(c) GDPR) – e.g., accounting or tax obligations,
• Legitimate interest (Article 6(1)(f) GDPR) – for sending information about our products and services to clients and business partners.

6. Data retention period

Personal data will be stored for as long as necessary to achieve the purposes for which it was collected, in accordance with the following rules:

• Data related to contract execution – for the duration of the contract and for 6 years after its termination (in line with tax and accounting regulations),
• Data processed on the basis of consent (e.g., marketing) – until consent is withdrawn,
• Contact details of clients and partners – until an objection to processing is raised or the business relationship ends.

After this period, the data will be deleted or anonymized in line with our Data Retention Policy.

7. Recipients of personal data

Your personal data may be shared with:

• Entities processing data on our behalf (e.g., IT companies, mailing service providers),
• Business partners cooperating in service delivery – only to the extent necessary for contract execution,
• Entities authorized to access data under the law.

8. Your rights regarding personal data

You have right to:

• Access your personal data and obtain a copy,
• Rectify your personal data if it is incorrect or incomplete,
• Erase data (right to be forgotten),
• Restrict the processing of personal data,
• Object to the processing of personal data,
• Data portability,
• Withdraw consent at any time (when processing is based on consent),
• Lodge a complaint with the supervisory authority (President of the Personal Data Protection Office) if you believe data processing violates GDPR.

9. Transfer of data outside the European Economic Area (EEA)

Your personal data will not generally be transferred outside the European Economic Area (EEA), unless required for cooperation with our service providers or as required by law.

If, in connection with service delivery, it becomes necessary to transfer data outside the EEA (e.g., to IT service providers), such data will be transferred only with appropriate safeguards required by GDPR, in particular based on:

• Adequacy decisions,
• Standard contractual clauses approved by the European Commission.

10. Automated decision-making and profiling

We do not use automated decision-making, including profiling, that could affect your rights, obligations, or significantly impact your situation.

11. Personal data security

We make every effort to ensure the security of your personal data. We apply appropriate organizational and technical measures to protect data against unauthorized access, alteration, disclosure, or destruction. These measures include, among others, encryption, IT system security, and procedures limiting data access exclusively to authorized persons.

12. Changes to the Privacy Policy

We reserve the right to make changes to the Privacy Policy. Any significant changes will be communicated appropriately, e.g., by publishing the new version of the policy on our website.

13. Contact

If you have any questions regarding the Privacy Policy, please contact us by email at: biuro@nmierp.pl, ul. św. Filipa 23/3, 31-150 Kraków or by phone at: +48 888 552 396. The Data Protection Officer (DPO) can be contacted at: k.pinczer@nmierp.pl