1. TERMS OF THE INFORMATION CLAUSE
1.2. The terms “TransactionLink”, “we” or “us” as used hereinafer mean TransactionLink spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered seat in Warsaw, address: Rynek Nowego Miasta 9/9, 00-220 Warsaw, Poland, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register under KRS number: 0000823971, tax identification number (NIP): 5252812929, statistical number (REGON): 385349514, share capital in the amount of PLN 127 150.00.
2. PROCESSING OF THE PERSONAL DATA
2.1. We attests that we act as a controller of the personal data (the “Personal Data”) with respect to your Personal Data acquired by us in connection with your activities while: (i) visiting our website and/or contacting us through any tools available on our website.
2.2. We process Personal Data of the following data subjects:
a) visitors of our Website (the “Visitors”); and
3. PURPOSES AND LEGAL BASIS FOR THE PERSONAL DATA PROCESSING
3.1. Personal Data obtained in connection with visiting our website and/or or contacting us through any tools available on our website are processed respectively to the extent that is necessary for your activities on our website and to process your reaching out to us by means available on our website (based on Article 6(1)(b) and Article 6(1)(f) of the GDPR).
3.2. We may also process your Personal Data when it is necessary for compliance with a legal obligation to which the controller is subject (based on Article 6(1)(c) of the GDPR) and to establish, pursue and defend against potential claims (based on Article 6(1)(f) of the GDPR).
3.3. In addition, in order to pursue necessary purposes arising from our legitimate interests as the controller of your Personal Data, we may use the technical data of the device you are using to analyze the use and improve of our services provided throughout our website and also to prevent and investigate illegal activities (based on Article 6(1)(f) of the GDPR).
3.4. If you agree to receive marketing and promotional communication from us, we will also process your Personal Data for direct marketing purposes (based on Article 6(1)(f) of the GDPR).
4. PERSONAL DATA WE PROCESS ABOUT VISITORS TO OUR WEBSITE
4.1. We may collect data when you visit our Websites by using Cookies (see Cookies Policy) or other similar technologies (e.g. IP address, equipment information, location information, beacons) and process the Personal Data gathered by them. This Personal Data, among other information, may be as follows:
a) identification data, such as IP address, time, and location;
b) information on the usage of the Website and/or Service and other web log data, such as the pages you visit on the Website, the date and time of your visit, the files that you download and the URLs from the websites you visited before and after visiting the Website;
c) technical data, including but not limited to information about your IP address and domain name, your software and hardware attributes (including device IDs) and your general geographic location (e.g. city, country);
d) e-mail addresses, when you subscribe to our newsletters or download our content;
e) e-mail addresses when you subscribe to our marketing communication or download our content.
5. PERSONAL DATA WE PROCESS RELATED TO CONTACTING US
5.1. If you decide to contact us via contact details available on our Website, we only process the following Personal Data about you:
b) e-mail address;
c) other data that you provide during the contact.
6. PERSONAL DATA RECIPIENTS
6.1. We may transfer / share your Personal Data:
a) upon your prior consent for data sharing and only to entities to which you have directly agreed in such consent;
b) at any time, when we are legally required to do so, we may disclose your Personal Data or other information about your use of our Services in order to comply with the law, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, prevent and detect fraud, or respond to requests from public authorities;
c) with entities supporting TransactionLink with its business operations, such as companies providing data hosting services.
Your Personal Data may also be transferred to entities seated in the United Kingdom, United States, i.e. outside the European Economic Area. To ensure adequate safeguards, the transfer of Personal Data takes place on the basis of an appropriate agreement, the so-called standard contractual clauses adopted by the European Commission.
You can obtain information on the protection measures applied by submitting a request to the contact details given below.
7. PERSONAL DATA RETENTION PERIOD
7.1. Your Personal Data will be processed:
a) for a duration of you using our services;
b) for a duration of a limitation period in order to establish, pursue and defend against claims, however at any time the personal data retention period will not be longer than 6 years counting down from the end of the calendar year, in which you ended up using our website or end of issue processing you contact us about;
c) if we process your Personal Data based on your consent - until you withdraw this consent. The withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal;
d) if it is necessary for us to comply with our obligations under the law, such as tax law, accounting law or laws regulating our obligations as a payment institution providing solely the account information service (e.g. obligations to report statistical data, handle complaints), we may process your data also for the period necessary for the fulfilment of the obligations included in the relevant laws, in particular in line with the (Polish) Act on Payment Services as of August 19, 2011 – for relevant periods required therein.
7.2. However, we will normally store your Personal Data for no longer than it is necessary, taking into account the purposes for which the Personal Data is collected, i.e. to fulfil our contractual obligations towards you, to pursue our legitimate interests, to fulfil legal obligations or as required for the statutory retention period.
8. YOUR RIGHTS CONCERNING PERSONAL DATA
8.1. As a data subject, with regards to your Personal Data, you have a number of rights under the GDPR, which you can exercise by contacting us by means indicated in Section 9 below. The contact details are indicated above.
Right to be informed
8.2. On this basis, we will provide you with information on data processing, including primarily the purposes and legal grounds for processing, the scope of Personal Data processed, categories of entities to which your data are disclosed, and the retention periods of your Personal Data.
Right of access and to obtain the copy of Personal Data
8.3. On this basis, you have the right to obtain confirmation as to whether or not we process your Personal Data and if so, to obtain some general information about the processing. We will also provide you with a copy of your Personal Data.
Right to rectification
8.4. By receiving this kind of request, we are obliged to remove incompatibilities or errors of your Personal Data and supplement them if they are incomplete.
Right to be forgotten
8.5. On this basis, you can request the deletion of your Personal Data, processing of which is no longer necessary to achieve any of the purposes for which your Personal Data were collected or otherwise processed. It may also cover the following situations:
a) processing was based on your consent that you have withdrawn and there is no other legal ground for the processing;
b) you have objected to processing based on the Article 6(1)(f) of the GDPR and there are no overriding legitimate grounds for the processing;
c) Personal Data have been unlawfully processed;
d) Personal Data have to be erased for compliance with a legal obligation that applies to us.
Please also note that the GDPR sets some exemptions when making use of your right to be forgotten is not possible.
Right to restriction of processing
8.6. You have the right to obtain restriction of processing where one of the following applies:
a) you contest the accuracy of the Personal Data (for a period enabling us to verify the accuracy of the Personal data);
b) the processing is unlawful and you oppose the erasure of the Personal Data and requests the restriction of their use instead;
c) we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
d) you have objected to the processing based on the Article 6(1)(f) of the GDPR (for the verification whether our legitimate grounds override yours).
If such a request is made, we cease to carry out operations on your Personal Data – with the exception of operations to which you have consented, processing carried out for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
Right to Personal Data portability
8.7. When the processing is based on your consent or the necessity for the performance of a contract – you can request to receive your Personal Data from us in a structured, commonly used and machine-readable format. The right to data portability includes Personal Data provided by you and processed by automated means. You have the right to transfer this data to another data controller.
Right to object to data processing
8.8. At any time, you may object - for reasons related to your particular situation - to the processing of your Personal Data, which is based on the legitimate interest as specified in Article 6(1)(f) of the GDPR (e.g. for analytical or statistical purposes). We shall no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Right to withdraw the consent
8.9. If your Personal Data are processed on the basis of given consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal.
Right to lodge a complaint to the Data Protection Authority
8.10. If it is considered that the processing of your Personal Data violates the provisions of the GDPR or other provisions regarding the protection of Personal Data, you may lodge a complaint to the body supervising the processing of personal data, competent in particular for your habitual residence, place of your work or place of the alleged violation.
In Poland, the supervisory authority is the President of the Personal Data Protection Office, with its office at Stawki 2 Street, 00-193 Warsaw, Poland.
9. OUR CONTACT DETAILS
9.1. You can contact us by:
a) e-mail: email@example.com,
b) contact tools available on our website: https://transactionlink.io/; or
c) in writing to the following correspondence address: Czarnieckiego 72 Street, 01-541 Warsaw, Poland.
10. DATA PROTECTION OFFICER
10.1. We have appointed Data Protection Officer – Hubert Makowski to assist you with privacy-related matters. With any data protection queries or when you wish to exercise your rights, you may contact our Data Protection Officer at firstname.lastname@example.org.
11. FREEDOM OR OBLIGATION TO PROVIDE THE PERSONAL DATA
11.1. When we obtain your Personal Data from you, providing us with data is voluntary, however, may be necessary to conclude or perform the agreement between us. We may not be able to conclude the agreement with you or fulfil contractual obligations. In some cases, it may be also necessary for us to fulfil legal obligations, including rules on anti-money laundering and anti-terrorist financing (AML).
12. PROFILING AND AUTOMATED DECISION MAKING
12.1. Your Personal Data will not be used for profiling or for automated decision making in relation to you.