THE INFORMATION OBLIGATION OF BUDIMEX S.A.

Hereby, having regard to requirements of  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 (hereinafter: GDPR), we would like to inform you that:

1. The Controller of your personal data is Budimex S.A., Siedmiogrodzka 9 street, 01-204, Warszawa (hereinafter referred to as “Budimex”), contact: +48 22 623 60 00.
2. Purpose and legal basis for processing personal data:
3. If you are a party to an agreement concluded with Budimex the purpose of data processing is:

-    to conclude and perform the agreement - legal basis: Article 6 (1) (b) of GDPR,

-    fulfilment of legal obligations of Budimex related to arise, inter alia, from tax regulations - legal basis: Article 6 (1) (c) GDPR,

-    raise or defense of legal claims which is a legitimate interest of Budimex - legal basis: Article 6 (1) (f) GDPR.

The provision of personal data is a requirement for the conclusion and performance of the agreement.

1. If you are an employee of a company which is a party to an agreement concluded with Budimex and you have been indicated in the content of the agreement as a person representing the contractor, contact person or person responsible for the performance of particular tasks under the agreement, the purpose of data processing is:

-    to conclude and perform of the agreement as well as raise or defense of legal claims which is the legitimate interest of Budimex - legal basis: Article 6 (1) (f) GDPR.

The categories of your personal data processed are: name and surname, function, e-mail address, telephone number, information contained in the body of the contract, an extract from the KRS or CEIDG or a power of attorney to conclude the contract. The personal data was obtained from your employer.

3. Budimex has appointed a Data Protection Officer at Budimex S.A. who can be contacted in any case regarding the processing of personal data via the email address [email protected].
4. The recipients of personal data may be: investor on behalf of whom the investment/construction work is being carried out,‎ IT solution providers, entities from the Budimex / Ferrovial group, and other entities if their participation is necessary to achieve the above purposes.
5. Personal data may be transferred to entities through which Budimex fulfils the stated purposes, ‎including entities maintaining the IT infrastructure. In justified cases, personal data may be remotely ‎processed outside the European Economic Area (EEA). If such a transfer were to take place - which may ‎occur, inter alia, in connection with Budimex's possible use of cloud-based IT solutions or serviced by a ‎service center located outside the EEA - Budimex will provide a mechanism that, in accordance with ‎European Union law, legalizes the transfer and provides adequate safeguards for the protection of ‎personal data. You may obtain a copy of the description of the technical safeguards for transfers ‎outside the EEA by directing a request to: ‎[email protected].
6. Personal data will be stored for the time necessary to achieve the above-mentioned purposes e. until the performance of the agreement, termination of the guarantee or warranty period, for the time required by law in case of financial data, claims limitation period or until an effective objection is filed as far as the processing is based on the legitimate interest of Budimex.
7. You have the right to access your data and the right to rectify, delete, limit processing and the right to data portability.
8. You have the right to object to the processing after you indicate your particular situation.
9. You have the right to lodge a complaint to the supervisory body when you consider that the processing of your personal data violates applicable personal data protection regulations.
10. Your personal data will not be subject to automated decision making or profiling.