Transactionlink

Privacy Policy

We are the administrator of your personal data

‍Taking care of their safety is not only a duty for us, but above all a matter of trust, which we want to build together.

That is why we have created this document.

In it, you will find information about what we use your data for, why we have the right to do so and how long we keep it. In addition, you will find out here what rights you have under the GDPR.

The administrator, i.e. the entity deciding on the purposes and methods of personal data processing, is TransactionLink Rynek Nowego Miasta 9/9,00-229 Warsaw. TransactionLink has appointed a Data Protection Officer who can be contacted at the following email address: privacy@transactionlink.io

‍

JOB CANDIDATES

Purposes and legal bases of processing

Purpose

Taking the steps necessary to conclude a contract, at your request (Article 6(1)(b) of the GDPR).

Purpose

Implementation of the recruitment process, to the extent directly resulting from the provisions of law, in particular Article 22(1) § 1 of the Labour Code (Article 6(1)(c) of the GDPR).

Purpose

Implementation of the recruitment process, in the event that you voluntarily provide data other than those required by law (Article 6(1)(a) of the GDPR).

PLEASE NOTE: providing information by a candidate exceeding the minimum scope of data regulated by labour law is an explicit action, tantamount to giving consent to the processing of such data for the purpose of recruitment.

Purpose

Implementation of the Administrator's legitimate interest consisting in establishing, pursuing or defending against claims (Article 6(1)(f) of the GDPR, and in the case of making special category data available – also Article 9(2)(f) of the GDPR).

Purpose

Consideration of your candidacy in future recruitments, in case of additional consent (Article 6(1)(a) of the GDPR).

Purpose

Verification of the references provided to you, in case of additional consent (Article 6(1)(a) of the GDPR).

Data retention period

The data will be stored until the end of the recruitment process and then for a period of 3 months so that we can contact you if we decide to hire you during this additional period.

If the processing may give rise to claims related to possible discrimination in employment, your data will be stored until the limitation period for these claims expires. In this case, the data retention period is 3 years, in accordance with Article 291 § 1 of the Labour Code.

If you are employed, we will continue to process your data in accordance with the periods applicable to the employee/collaborator.

If we process certain data on the basis of the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) and you submit an effective, justified objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter time, i.e. until your objection is accepted.

If we process certain data on the basis of your consent (Art. 6 (1) (a) GDPR) and you withdraw your consent before the end of the basic storage period, then the data will be processed for a shorter period for this specific purpose, i.e. until you withdraw your consent.

Data range

We process data that you provide to us yourself, i.e. data contained in application documents. These include in particular your contact details, data on your qualifications or experience.

In the course of recruitment, we may also collect additional data, e.g. data provided orally during the recruitment interview, data on the results of the tests conducted.

Data Source

We obtain data directly from you.

If we use the services of recruitment agencies that acquire candidates and then provide us with their data, the agencies are the source of the data. If you were referred to work within the referral system, the source of the data was the referrer.

Obligation to provide data

Providing some data is a statutory obligation of the candidate for an employment contract, in particular the data referred to in Article 22(1) § 1 of the Labour Code (name(s) and surname; date of birth; contact details provided by you; education; professional qualifications; course of employment so far).

Providing some data may also be a condition for concluding an employment/cooperation contract.

What if you don't provide your details

If you do not provide the data that is required by law or contract, we will not be able to carry out the recruitment process and, as a consequence, hire you.

Data recipients

Recipients are third parties to whom we transfer your data:

- recruitment agencies and services,

- providers of IT services, ICT systems, hosting services,

- entities providing us with archiving and disposal services,

- companies from our capital group,

- entities providing legal and advisory services,

- companies providing courier and postal services,

- state authorities or other entities authorized under the applicable law,

- persons appointed by the candidate to provide references,

- medical facilities conducting occupational medicine examinations (in the event of a decision to employ a candidate).

Data transfer

As a rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, taking into account the services provided by the Administrator's subcontractors in the implementation of support for ICT services and IT infrastructure, the Administrator may outsource the performance of certain IT activities or tasks to recognized subcontractors operating outside the EEA, which may result in the transfer of your data outside the EEA. Recipient countries outside the EEA, in accordance with the decision of the European Commission, ensure an adequate level of protection of personal data in accordance with EEA standards. In the case of recipients in the territory of countries not covered by the decision of the European Commission, in order to ensure an adequate level of this protection, the Administrator concludes agreements with the recipients of your personal data, based on standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the GDPR. A copy of the Standard Contractual Clauses may be obtained from the Controller by contacting the contact details provided above. The method of securing your data used by the Administrator is in accordance with the principles provided for in Chapter V of the GDPR. You can request further information about the security measures in place in this regard, obtain a copy of these security measures and information on where they are available.

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

If you believe that we are processing your personal data unlawfully, you can file a complaint with the President of the Office for Personal Data Protection. More information on this topic can be found on the office's website.

‍

EMPLOYEES AND PERSONS EMPLOYED UNDER CIVIL LAW CONTRACTS

Purposes and legal bases of processing

Purpose

Performance of an employment contract/civil law contract (Article 6(1)(b) of the GDPR).

Purpose

Applies to the processing of ordinary data

Performance of the Administrator's obligations arising from the employment relationship, including, m.in, related to the organization of work, ensuring safe and hygienic working conditions, counteracting discrimination, settling receivables, keeping and archiving personal files, the Administrator's obligations resulting from the regulations on social insurance, health insurance, taxes, company social benefits fund, employee capital plans, trade unions, accounting, general duty of defence (Article 6(1)(c) of the GDPR).

Applies to the processing of special category data

Performance of the Administrator's obligations in the field of labour law, social security and social protection, in particular health data, including within the company social benefits fund (Article 9(2)(b) of the GDPR).

Purpose

The purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR, Article 9(2)(a) of the GDPR).

Purpose

It concerns data obtained by means of: e-mail monitoring, GPS monitoring in company cars, monitoring of visited websites: ensuring the organization of work enabling full use of working time and proper use of work tools made available to the employee (or a person employed under a civil law contract) (Article 6(1)(f) of the GDPR in conjunction with Article 22(3) § 1 of the Labour Code).

Purpose

It concerns data obtained by means of video surveillance: ensuring the safety of employees or the protection of property or production control, or keeping secret information the disclosure of which could expose the employer to harm (Article 6(1)(f) of the GDPR in conjunction with Article 22(2)(1) of the Labour Code).

Purpose

Organization of social events and initiatives, if you wish to participate (Article 6(1)(f) of the GDPR).

Purpose

Performance of contracts with customers, contractors and suppliers of the Administrator (Article 6(1)(f) of the GDPR).

Purpose

Marketing the Controller's products and services to potential customers, using personal data of employees/persons employed under civil law contracts (Article 6(1)(f) of the GDPR).

Data retention period

The data will be stored for a period of 10 years from the end of the calendar year in which the employment relationship was terminated/terminated, if it was established no earlier than on 01.01.2019.

The data will be stored for a period of 50 years from the end of the calendar year in which the employment relationship was terminated/terminated, if it was established earlier than on 01.01.2019.

In the case of persons employed on the basis of civil law contracts, the data will be stored until the expiry of the limitation period for claims arising from the contract or the expiry of data retention obligations resulting from the provisions of law, in particular the storage of accounting documents.

Video surveillance recordings will be stored for a period of up to three months, and if it is necessary to establish, pursue or defend claims – until the final satisfaction of the pursued claims or the expiry of their limitation period.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) and you file an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is accepted.

Data range

At the time of employment, we process the data that you provide to us. These are data necessary to conclude an employment contract or a civil law contract, and if you are employed under an employment contract – also data related to the performance of many of the employer's obligations, such as data on your family members, data on your disability or data on your ability to work.

In the course of the term of an employment contract or a civil law contract, we obtain a number of new data about you. These include, for example, data on the training you have completed, data on your use of employee benefits, your image (obtained e.g. in connection with the production of a promotional video), data on your activity in the resources made available to you (the so-called logs), data on your geolocation (in the context of company cars) and a number of other data, the catalogue of which may differ at different stages of the employment contract or civil law contract.

Data Source

As a standard, we obtain data directly from you.

In exceptional situations, we obtain this data from sources other than you. An example of such a situation is a call from a bailiff to seize your salary. Another example is when we ask our customers about their satisfaction with the service – then we receive your personal data from them in the form of their opinions about you.

Obligation to provide data

Providing certain data is a statutory obligation of an employee employed under an employment contract, in particular the data referred to in Article 22(1) of the Labour Code.

Providing some data may also be a condition for concluding an employment contract or a civil law contract.

What if you don't provide your details

If you do not provide the data that is required by law or contract, we will not be able to employ you or exercise your rights/our obligations under special regulations.

Data recipients

Recipients are third parties to whom we transfer your data:

- state authorities or other entities authorized under the regulations, if it is necessary for the performance of legal obligations,

- our customers,

- our suppliers, including the service providers referred to below,

- entities that provide us with IT tools to store your data or entities that have access to your data as part of maintenance work in IT systems,

- entities auditing our activities or appraisers,

- entities providing accounting, HR or legal services,

- trade unions and employee credit unions,

- users of the website, social media or other audience, in the event that your data is made public,

- companies that dispose of or archive documents and other media,

- companies providing courier and postal services,

- medical facilities,

- banks, insurance companies and other financial and payment institutions,

- companies preparing personalized clothes, badges or certificates,

- companies providing security services, access control and monitoring the use of work tools,

- companies conducting training,

- hotels and transport companies.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

PEOPLE USING THE "BOOK A CALL'TAB ONN THE WEBSITE"

Purposes and legal bases of processing

Purpose

Contact with a potential customer – taking actions prior to concluding a contract, at the customer's request, expressed by leaving data in the "book a call" tab, available on our website (Article 6(1)(b) of the GDPR – if you are a potential customer; Article 6(1)(f) of the GDPR – if you are a natural person acting on behalf of or for the benefit of a client).

Purpose

Answering a question asked using the "book a call" tab (Article 6(1)(f) of the GDPR).

Purpose

Purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR).

Data retention period

Personal data will be stored until your inquiry is processed as part of the contact form, and then for a period of 3 months from the moment of response.

Personal data will be stored until the offer is presented to you, and then for a period of 3 months after its submission if the offer has not been accepted.

If our offer has been accepted and we are bound by a contract, then we will process your data for a period dedicated to customers with an active contract

If your inquiry was not related to our offer, then we will store your data for a period of 3 months from the date of your response.

If you are in a specific relationship with the Administrator (e.g. you are a customer with an active contract), then we may also store your data obtained through the Contact tab until the statute of limitations for claims resulting from the legal relationship between you and the Administrator expires.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) and you submit a justified objection to the processing before the expiry of the basic storage period, then the data will be processed for a shorter period for this specific purpose, i.e. until your objection is accepted.

Data range

By default, these are: name, surname, e-mail address, phone number (optional)

Data Source

As a standard, we obtain data directly from you.

Obligation to provide data

Providing some data is not a statutory condition or a condition for concluding a contract.

What if you don't provide your details

If you do not provide the data, we will not be able to present you with our offer or answer any other question you have asked.

Data recipients

Recipients are third parties to whom we transfer your data:

- entities that provide us with IT tools to store your data or entities that have access to your data as part of maintenance work in IT systems.

-website provider.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

PEOPLE USING THE "CONTACTS US" TAB ON THE WEBSITE

Purposes and legal bases of processing

Purpose

Contact with a potential customer – taking actions prior to concluding a contract, at the client's request, expressed by leaving data by entering the "Contact us" tab on our website (Article 6(1)(b) of the GDPR – if you are a potential customer; Article 6(1)(f) of the GDPR – if you are a natural person acting on behalf of or for the benefit of a client).

Purpose

Answering a question asked using the "Contact us" tab (Art. 6(1)(f) GDPR).

Purpose

Purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR).

Data retention period

Personal data will be stored until the offer is presented to you, and then for a period of 3 months after its submission if the offer has not been accepted.

If our offer has been accepted and we are bound by a contract, then we will process your data for a period dedicated to customers with an active contract

If your inquiry was not related to our offer, then we will store your data for a period of 3 months from the date of your response.

Data range

Typically, these are: name, surname and e-mail address. Optionally, other data that will be made available by you may be processed as part of the contact with the administrator of your data.

Data Source

As a standard, we obtain data directly from you.

Obligation to provide data

Providing some data is not a statutory condition or a condition for concluding a contract.

What if you don't provide your details

If you do not provide the data, we will not be able to present you with our offer or answer any other question you have asked.

Data recipients

Recipients are third parties to whom we transfer your data:

- entities that provide us with IT tools to store your data or entities that have access to your data as part of maintenance work in IT systems, including providers of postal and calendar services used by us (solutions offered by Microsoft).

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

PEOPLE CONTACTING THE ADMIN THROUGSH OTHER CHANNELS

Purposes and legal bases of processing

Purpose

Contact with a potential customer – taking actions prior to concluding a contract, at the client's request, expressed by leaving data in a widget posted on the website (Article 6(1)(b) of the GDPR – if you are a potential customer; Article 6(1)(f) of the GDPR – if you are a natural person acting on behalf of or for the benefit of the client).

Purpose

Answering questions, direct customer service (Art. 6 (1) (f) GDPR).

Purpose

Purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR).

Data retention period

Personal data will be stored until the offer is presented to you, and then for a period of 3 months after its submission if the offer has not been accepted.

If our offer has been accepted and we are bound by a contract, then we will process your data for a period dedicated to customers with an active contract

If your inquiry was not related to our offer, then we will store your data for a period of 3 months from the date of your response.

Data range

Typically, these are: name, e-mail address and phone number.

Data Source

As a standard, we obtain data directly from you.

Obligation to provide data

Providing some data is not a statutory condition or a condition for concluding a contract.

What if you don't provide your details

If you do not provide the data, we will not be able to present you with our offer or answer any other question you have asked.

Data recipients

Recipients are third parties to whom we transfer your data:

- entities that provide us with IT tools to store your data or entities that have access to your data as part of maintenance work in IT systems.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

CUSTOMER AN THEIR REPRESENTATIVES

Purposes and legal bases of processing

Purpose

Performance of a contract with a client or taking actions prior to entering into a contract, at the client's request, expressed in any way, e.g. by filling in a contact form on the website (Article 6(1)(b) of the GDPR – if you are a customer; Article 6(1)(f) of the GDPR – if you are a natural person acting on behalf of or for the benefit of a client).

Purpose

Fulfilment of obligations arising from legal provisions, in particular tax and accounting provisions (Article 6(1)(c) of the GDPR).

Purpose

Implementation of the Administrator's legitimate interest consisting in establishing, pursuing or defending against claims (Article 6(1)(f) of the GDPR).

Purpose

Purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR).

Note: providing data other than those requested by the Administrator or data marked as optional is an explicit action, tantamount to giving consent to the processing of personal data for the purposes for which they were provided.

Data retention period

Personal data will be stored until the expiry of the limitation period for claims arising from the contract with the client.

Certain data will also be stored until the expiry of the data retention obligations resulting from special regulations, in particular the storage of accounting documents. If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) and you file an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is accepted.

Data range

Our client (party to the contract) may be a natural person or an institution, e.g. a commercial law company. In the latter case, we process personal data of persons who act on behalf of the institution, e.g. the president, proxy or contact persons regarding the performance of the contract.

Data Source

As a standard, we obtain data directly from you.

Your personal data may also be obtained from another source, e.g. from our client - a company, if you are an employee or representative of our company. Sometimes we obtain personal data from public sources, e.g. the client's website or from the so-called business intelligence agencies, if we want to verify the client before establishing cooperation with him.

Obligation to provide data

Providing some data is necessary for the conclusion and subsequent performance of the contract.

Remember that the contract can be concluded in various ways, e.g. by placing an order in an online store.

What if you don't provide your details

If you do not provide the data that is a condition for concluding the contract, the contract cannot be concluded.

Data recipients

Recipients are third parties to whom we transfer your data:

- state authorities or other entities authorized under the regulations, if it is necessary for the performance of legal obligations,

- providers of external ICT systems, providing support and providing IT solutions,

- entities auditing our activities or appraisers,

- entities providing accounting, consulting or legal services,

- companies that dispose of or archive documents and other media,

- companies providing courier and postal services,

- banks and other financial and payment institutions,

- marketing agencies.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

CONTRACTORS (INCLUDING SUPPLIERS) AND THEIR REPRESENTATIVES

Purposes and legal bases of processing

Purpose

Performance of a contract with a contractor or taking actions prior to the conclusion of the agreement, at the request of the contractor, expressed in any way, e.g. by filling in the contact form on the website (Article 6(1)(b) of the GDPR – if you are a contractor; Article 6(1)(f) of the GDPR – if you are a natural person acting on behalf of or for the benefit of a contractor).

Purpose

Fulfilment of obligations arising from legal provisions, in particular tax and accounting provisions (Article 6(1)(c) of the GDPR).

Purpose

Implementation of the Administrator's legitimate interest consisting in establishing, pursuing or defending against claims (Article 6(1)(f) of the GDPR).

Data retention period

Personal data will be stored until the expiry of the limitation period for claims arising from the contract with the contractor.

Certain data will also be stored until the expiry of the data retention obligations resulting from special regulations, in particular the storage of accounting documents.

Data range

Our contractor (party to the contract) may be a natural person or an institution, e.g. a commercial law company. In the latter case, we process personal data of persons who act on behalf of the institution, e.g. the president, proxy or contact persons for the performance of the contract.

Before concluding an agreement with a contractor, we obtain the data necessary to start negotiating the terms of cooperation. Usually these are basic contact details: name, email address, phone number. In the case of contractors - natural persons, before concluding the agreement, we obtain additional data necessary for its conclusion, e.g. PESEL or address of residence.

In the course of the contract with the contractor, we obtain or process further data, such as data on invoices issued by the contractor or, in general, the history of cooperation.

Data Source

As a standard, we obtain data directly from you.

Your personal data may also be obtained from another source, e.g. from our contractor - a company, if you are its employee or representative. Sometimes we obtain personal data from publicly available sources, e.g. from the contractor's website or the so-called business intelligence agencies, if we want to verify the contractor before establishing cooperation with him.

Obligation to provide data

Providing some data is necessary for the conclusion and subsequent performance of the contract.

Remember that the contract can be concluded in various ways, e.g. by placing an order in an online store.

What if you don't provide your details

If you do not provide the data that is a condition for concluding or performing the contract, the contract cannot be concluded or properly performed.

Data recipients

Recipients are third parties to whom we transfer your data:

- state authorities or other entities authorized under the regulations, if it is necessary for the performance of legal obligations,

- providers of external ICT systems, providing support and providing IT solutions,

- entities auditing our activities or appraisers,

- entities providing accounting, legal or debt collection services,

- companies that dispose of or archive documents and other media,

- companies providing courier and postal services,

- banks and other financial and payment institutions,

- other companies from the Administrator's capital group.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

HANDLING COMPLAINTS

Purposes and legal bases of processing

Purpose

Implementation of the obligation to consider complaints (Article 6(1)(c) of the GDPR in conjunction with Article 7a of the Consumer Rights Act).

Purpose

Implementation of the Administrator's legitimate interest consisting in enabling the preparation of an answer to the question asked, not related to the complaint, and its dispatch (Article 6(1)(f) of the GDPR).

Purpose

Implementation of the Administrator's legitimate interest consisting in establishing, pursuing or defending against claims (Article 6(1)(f) of the GDPR).

Data retention period

Data processed in connection with the consideration of complaints are stored until the expiry of the data retention obligations resulting from special regulations (e.g. in connection with the payment of funds), in other cases – for a period of 2 years from the end of the complaint procedure, understood as responding to the complaint.

The data processed for the purpose of preparing an answer to the question asked, not related to the complaint, and sending it will be processed for a period of 2 years from the date of the answer.

Data range

Usually these are basic contact details: name and surname, e-mail address, phone number and information regarding the complaint/inquiry submitted unrelated to the complaint.

Data Source

As a standard, we obtain data directly from you.

Obligation to provide data

Providing data is not a statutory requirement or a condition for concluding a contract.

What if you don't provide your details

If you do not provide information, we will not be able to process your complaint or provide you with an answer to a question unrelated to the complaint.

Data recipients

Recipients are third parties to whom we transfer your data:

- state authorities or other entities authorized under the regulations, if it is necessary for the performance of legal obligations,

- providers of external ICT systems, providing support and providing IT solutions,

- entities providing accounting services (if, for example, we make refunds), advisory, auditing or legal services,

- companies that dispose of or archive documents and other media,

- companies providing courier and postal services,

- banks and other financial and payment institutions, if, for example, we make refunds.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

SOCIAL MEDIA

Purposes and legal bases of processing

Purpose

Promoting the Administrator's brand – when the user interacts with the content and posts published by the Administrator in social media (Article 6(1)(f) of the GDPR).

In connection with such activities, we may collect personal data, including, in particular, information about the name of your social media profile (which may include your name and surname), information contained in the content of comments, avatar or image, as well as other information regarding your activities regarding our website, profiles, fan pages and individual content (e.g. the number of "likes" or statistical data).

Purpose

Conducting communication activities and promoting the brand by operating our LinkedIn and X profiles

This includes, in particular, maintaining and updating profiles, posting content, engaging in dialogue with users, responding to comments and messages, moderating discussions, and responding to activity under posts. (Article 6(1)(f) of the GDPR).

Purpose

Fulfilment of obligations arising from the provisions of law, in particular the Electronic Communications Law (Article 6(1)(c) of the GDPR).

Purpose

Conducting statistical analyses and measuring the effectiveness of content using analytical tools provided by LinkedIn and X, e.g. data on reach, audience groups, engagement (Article 6(1)(f) of the GDPR) in order to optimize content and communication.

Purpose

Purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR).

Data retention period

Personal data will be stored until you object to marketing activities or withdraw your consent, depending on the legal basis for sending communications, i.e. you show us in any way that you do not want to receive information from us about our activities/services.

If you make certain claims in connection with the sending of marketing communications by us, the data will be stored until the statute of limitations for these claims expires.

Certain data will also be stored until the expiry of the data retention obligations resulting from special regulations, in particular the Electronic Communications Law.

If we process certain data on the basis of the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) and you file an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter time, i.e. until your objection is accepted (unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to justify the objection).

Data including comments, likes, reposts, replies, reactions or private messages is stored for as long as it is visible on the platform, i.e.:

until the user deletes their comment, reaction or message on their own,
until you delete or deactivate your LinkedIn or X profile;
until the profile administrator deletes the comment or message as part of moderation (e.g. policy violation, inappropriate content),
until you close or archive your profile on the platform.

We do not copy or transfer comments or messages to our own systems unless a legitimate interest requires it (e.g. to preserve evidence in the event of claims).

Statistical data from the platform's analytics panel (LinkedIn Analytics, X Analytics)

Statistical data on profile visits, demographics, reach, interactions, and content effectiveness are stored:

for the period of their availability in the LinkedIn or X analytical panel,
in accordance with the data processing policy established by the platform operator,
As a rule, for a period of several days to several months (different for individual indicators).

After this period, the data is automatically aggregated or deleted by the platform. The profile administrator has no influence on the availability time and deletion of this data.

Data range

We process the data of persons who:

follow our LinkedIn and X profiles,
react to the content we publish (likes, shares, comments, reposts),
visit our profiles, which generates statistical data provided by platform administrators (LinkedIn Analytics, X Analytics),
contact us via private messages.

We process data such as:

Profile name/user ID (may include first and last name)
Profile picture or avatar
the content of comments, private messages and other activities on our profile,
Platform-generated statistics (e.g., number of views, demographics, reach, engagement)
technical data related to the use of the platform in question (in accordance with LinkedIn/X policy).

The statistical data is provided by the platform administrators and does not come directly from the user.

Data Source

We receive data:

directly from the user (profile activity, messages),
from LinkedIn/X — as platform administrators — in the form of statistics and technical data.

Obligation to provide data

Providing data is neither a contractual nor a statutory requirement.

What if you don't provide your details

No effect due to the above.

Data recipients

Data may be disclosed:

providers of IT services, hosting and analytical tools,
service providers sending marketing messages,
platform administrators (LinkedIn, X) – on the terms and conditions specified in their terms and conditions.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

RECIPIENTS OF MARKETING MESSAGES

Purposes and legal bases of processing

Purpose

Implementation of the Administrator's legitimate interest consisting in the marketing of its own products and services (Article 6(1)(f) of the GDPR) using the following forms of communication: e-mails, for the purpose of sending a newsletter.

PLEASE NOTE: the use of certain forms of communication requires a separate consent to the use of this channel, in accordance with Article 398 of the Electronic Communications Law.

Purpose

Pursuing the legitimate interest of companies cooperating with the Administrator consisting in marketing their products and services, when you give your consent to this (Article 6(1)(a) of the GDPR).

Purpose

Fulfilment of obligations arising from the provisions of law, in particular the Electronic Communications Law (Article 6(1)(c) of the GDPR).

Purpose

Implementation of the Administrator's legitimate interest consisting in establishing, pursuing or defending against claims related to the sending of marketing messages, if such are reported (Article 6(1)(f) of the GDPR).

Purpose

Purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR).

Data retention period

If you make certain claims in connection with the sending of marketing communications by us, the data will be stored until the statute of limitations for these claims expires.

Certain data will also be stored until the expiry of the data retention obligations resulting from special regulations, in particular the Electronic Communications Law.

Data range

Normally, these are only the data necessary to send a marketing message, i.e. name and surname, e-mail address, phone number, and in the case of messages sent by traditional mail – also the correspondence address.

Data Source

As a standard, we obtain data directly from you.

Obligation to provide data

Providing data is neither a contractual nor a statutory requirement.

What if you don't provide your details

No effect due to the above.

Data recipients

Recipients are third parties to whom we transfer your data:

- providers of external ICT systems, providing support and providing IT solutions,

- entities providing services for sending marketing messages on our behalf.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

PROVIDING ASI SERVICES TO CLIENTS

Purposes and legal bases of processing

Purpose

Provision of the service of access to account information (AIS), consisting in obtaining and presenting data on the client's payment accounts – to the extent and on the terms resulting from the agreement and the regulations on payment services (Article 6(1)(b) of the GDPR).

Purpose

Compliance with legal obligations incumbent on the Administrator, including those resulting from the Act on Counteracting Money Laundering and Terrorist Financing (AML), the Payment Services Act and other sectoral regulations – to the extent that they require the processing of data obtained as part of the AIS service (Article 6(1)(c) of the GDPR)

Purpose

Purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR).

Purpose

Implementation of the Administrator's legitimate interest consisting in establishing, pursuing or defending against claims related to the provision of the AIS service (Article 6(1)(f) of the GDPR).

Data retention period

Data processed in connection with the provision of AIS services are stored:

for the duration of the agreement for the provision of AIS services,
in accordance with the requirements of the AML Act, if the data is processed within the framework of the obligations arising from this Act,
for the period of limitation of claims, if the data is processed for the purpose of asserting or defending against claims.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), and you object to the processing before the expiry of the basic storage period, the data will be processed for a shorter period – until the objection is accepted.

Data range

As part of the provision of AIS services, we process data provided by payment service providers, including:

the name and surname or the name of the account holder,
account number,
account balance,
the date of account opening,
transaction data (transaction date, posting date, amount, balance after transaction, transaction status),
account numbers of the parties to the transaction,
the name and address of the other party to the transaction,
the title and type of the transaction,
MCC (Acceptor Category) code,
details of the sending and receiving banks.

This data may contain information relating to third parties (e.g. senders and recipients of transfers).

Data Source

As a standard, we collect data directly from you as a user of our website.

We may also obtain data from your payment service provider in accordance with the scope of your consent.

Obligation to provide data

Providing data is a condition for providing the AIS service. Without providing them, we will not be able to provide the service of accessing account information.

What if you don't provide your details

Failure to provide data or consent will prevent the provision of AIS.

Data recipients

The recipients of the data are external entities, to whom we transfer data only to the extent necessary to provide the AIS service and to meet legal obligations:

entities to whom you have consented to the disclosure of data (e.g. recipients of AIS data indicated at your disposal),
public authorities authorized to obtain data on the basis of legal provisions (e.g. tax authorities, GIIF),
providers of external ICT systems and IT support, including providers of postal and calendar services used by the Administrator (e.g. Microsoft solutions),
entities providing legal, auditing, advisory and accounting services – if it is necessary to perform the Administrator's duties or handle claims,
companies that dispose of or archive documents and media.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

PROVIDING KYC/AML SERVICES TO CLIENTS

Purposes and legal bases of processing

Purpose

Fulfilment of legal obligations incumbent on the Controller under the Anti-Money Laundering and Countering the Financing of Terrorism (AML) Act, including customer identification and verification (KYC) obligations, ongoing monitoring, risk analysis, and collection and storage of documentation (Article 6(1)(c) of the GDPR in conjunction with the AML Act).

Purpose

Implementation of the Controller's legitimate interest consisting in ensuring compliance of the activity with AML regulations, detecting fraud, ensuring security and the ability to defend against claims related to the performance of KYC/AML obligations (Article 6(1)(f) of the GDPR).

Purpose

Purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR).

Purpose

Implementation of the Administrator's legitimate interest consisting in establishing, pursuing or defending against claims (Article 6(1)(f) of the GDPR).

Data retention period

Data processed for the purposes of performing AML obligations are stored:

for the period required by the provisions of the AML Act, i.e. for 5 years from the date of termination of business relations or occasional transaction,
in the case of data processed for the purpose of establishing, pursuing or defending against claims – for the period of limitation of claims,
if you submit an effective objection to the processing of your data on the basis of Article 6(1)(f) of the GDPR – the data will be processed for a shorter period, i.e. until the objection is accepted (within the purposes that allow it to be taken into account).

AML periods are mandatory – in this respect, it is not possible to delete data in advance.

Data range

As part of the implementation of KYC/AML obligations, we process m.in:

name and surname,
address of residence,
Email address and contact details
data from an identity document (e.g. number, series, expiry date),
biometric image data (e.g. a face photograph used for identity verification),
PEP status (politically exposed person),
data contained in the Central Register of Beneficial Owners (CRBR),
other data required by AML regulations for identification, verification or monitoring.

The data may also relate to beneficial owners and persons authorized to act on behalf of the client.

Data Source

We obtain data:

directly from you during the identification and verification process,
from documents confirming identity,
from public registers (e.g. CRBR),
From authorized identity verification (KYC) service providers,
financial institutions, if this results from AML obligations.

Obligation to provide data

Providing data is a statutory requirement resulting from the AML Act. Failure to provide them makes it impossible to establish or maintain business relations or perform transactions.

What if you don't provide your details

None If you refuse to provide the data required by AML regulations:

we will not be able to provide services,
we will not be able to establish, continue or maintain a business relationship,
We will not be able to carry out the transaction.

data provision or lack of consent will prevent the provision of the AIS service.

Data recipients

The recipients of the data may be:

public authorities authorised under the provisions of law, in particular:
- Inspector General of Financial Information (GIIF),
- law enforcement agencies,
- supervisory authorities,
providers of IT solutions and ICT services supporting KYC/AML processes (including providers of mail and calendar services used by the Administrator, e.g. Microsoft solutions),
entities with whom you have consented to share data,
entities providing legal, advisory or auditing services – to the extent necessary to meet AML obligations or handle claims,
entities archiving or disposing of documents.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

VIDEO VERIFICATION

Purposes and legal bases of processing

Purpose

Implementation of the video verification procedure aimed at confirming the user's identity remotely, including comparison of data from the identity document with the image during the video call – to the extent necessary to establish or maintain a relationship with the customer (Article 6(1)(b) of the GDPR).

Purpose

Fulfilment of the Controller's legal obligations under the Anti-Money Laundering and Countering the Financing of Terrorism (AML) Act, in the field of customer identification and verification (Article 6(1)(c) of the GDPR in conjunction with the AML Act).

Purpose

Implementation of the Controller's legitimate interest consisting in ensuring the security of identification processes, counteracting fraud and the possibility of establishing, pursuing and defending against claims (Article 6(1)(f) of the GDPR).

Purpose

Implementation of the Administrator's legitimate interest consisting in establishing, pursuing or defending against claims (Article 6(1)(f) of the GDPR).

Data retention period

The data processed in connection with video verification is stored:

for the duration of the contract or verification process,
in accordance with the requirements of the AML Act, i.e. for 5 years from the termination of business relations or the occasional transaction – if video verification is an element of the AML process,
for the period of limitation of claims – if the data is processed for the purpose of establishing, pursuing or defending against claims.

With regard to data processed in order to comply with AML obligations, it is not possible to delete the data earlier.

Data range

As part of video verification, we process in particular:

bImage data (audio-video recording or photos from the verification process)
data from an identity document (m.in. name and surname, document number, date of birth, expiry date, citizenship),
technical data related to the video verification process (e.g. metadata of the recording),
other data necessary to confirm your identity in accordance with AML requirements.

Data Source

We obtain data:

directly from you during the video verification process,
from the presented identity document,
from the comparison of the image with the identity document.

Obligation to provide data

Providing data is necessary to carry out video verification, and in the case of AML procedures – it is a statutory requirement.

What if you don't provide your details

Failure to provide required information or refusal to participate in video verification:

it will make it impossible to carry out identity verification,
may prevent you from entering into a contract, continuing your cooperation, or completing a transaction.

Data recipients

Your data may be transferred to the following recipients:

public authorities authorised to process data on the basis of regulations (in particular the GIIF – in the scope of AML tasks, law enforcement authorities, supervisory authorities),
entities with whom you have consented to share data,
providers of IT systems and ICT services supporting the video verification process, including data transfer and storage services and postal or calendar services used by the Administrator (e.g. Microsoft solutions),
entities providing legal, advisory, auditing or archiving services – if it is necessary for the performance of legal obligations or claims handling.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍

WEBSITE USERS (DATA FROM COOKIES OR OTHER TECHNOLOGIES)

‍Purposes and legal bases of processing

Purpose

To ensure the functionality of the website and to facilitate its use (Article 6(1)(f) of the GDPR).

Purpose

Conducting analysis and statistics on the use of the Administrator's website by users (Article 6(1)(f) of the GDPR).

Purpose

Purposes indicated in the content of consents to the processing of personal data, if such consents have been given (Article 6(1)(a) of the GDPR).

Purpose

Fulfilment of obligations arising from the provisions of law, in particular the Electronic Communications Law (Article 6(1)(c) of the GDPR).

Data retention period

Certain data will also be stored until the expiry of the data retention obligations resulting from special regulations, in particular the Electronic Communications Law.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) and you submit a justified objection to the processing, then the data will be processed for this specific purpose until your objection is accepted.

If we process certain data on the basis of your consent (Art. 6 (1) (a) GDPR) and you withdraw your consent, the data will be processed for this specific purpose until you withdraw your consent.

Data range

Typically, this includes data such as your IP address and any information about you that comes from cookies or the actions of so-called other tracking technologies. This may include, for example, information about the device from which you connect to us (from which you access our website), information about the browser you use, information about what you clicked on on our website. For details of what this data may be, please see the Cookie Policy section.

Data Source

As a standard, we collect data directly from you as a user of our website.

Obligation to provide data

Providing data is not a contractual or statutory requirement.

What if you don't provide your details

No effects due to the above.

Data recipients

Recipients are third parties to whom we transfer your data:

- our suppliers, including the service providers referred to below,

- entities that provide us with IT tools to process your data, including entities that provide us with so-called tracking technologies,

- marketing agencies.

Data transfer

Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar material impact.

Your rights

access to their personal data – within the limits of Article 15 of the GDPR,
rectify their personal data – within the limits of Article 16 of the GDPR,
delete your personal data – within the limits of Article 17 of the GDPR,
restriction of the processing of their personal data – within the limits of Article 18 of the GDPR,
transfer of your personal data – within the limits of Article 20 of the GDPR,
withdraw consent to data processing at any time, if it was the basis for processing, without affecting the lawfulness of processing carried out before the withdrawal of consent,

and

the right to object to the processing of your personal data at any time – within the limits of Article 21 of the GDPR – if the legal basis for their processing is the legitimate interest of the Administrator or a third party (Article 6(1)(f) of the GDPR) – when submitting an objection, you should indicate the reasons for its processing related to your particular situation, unless the objection concerns processing for the purposes of direct marketing – then there is no requirement to indicate such a reason.

Right of complaint

‍