Data Controller
The controller of your personal data is InfoSEB sp. z o.o. with its registered office in Warsaw (postal code: 04-077), at ul. Grochowska 207 lok. 60, NIP: 5242735050, KRS: 0000387532 (hereinafter: the „Controller”).
Contact details
Regarding the protection of your personal data, you may contact the Controller at the above-mentioned registered office address or via e-mail: rodo@infoseb.com.
Purposes of processing and legal basis for processing
The Controller processes personal data solely to the extent necessary to achieve specific purposes and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR). Data may be processed for the following purposes:
- Handling the contact form and conducting correspondence, including responding to submitted enquiries, processing requests and contacting persons interested in the Controller's offer – pursuant to Article 6(1)(f) GDPR, i.e. the legitimate interest of the Controller consisting in conducting communication and handling enquiries.
- Conclusion and performance of a contract, provision of services, conducting business cooperation, settlement of payments and fulfilment of obligations arising from legal provisions, in particular tax and accounting regulations – pursuant to Article 6(1)(b) and (c) GDPR.
- Carrying out cooperation with contractors, including contact with persons representing or designated by contractors (e.g. employees, associates or contractors), for the purpose of performing the contract concluded with the entity they represent – pursuant to Article 6(1)(f) GDPR, i.e. the legitimate interest of the Controller consisting in enabling the performance of the concluded contract.
- Direct marketing of the Controller's own services, including providing information about the services and solutions offered – on the basis of the consent of the data subject (Article 6(1)(a) GDPR) or the legitimate interest of the Controller (Article 6(1)(f) GDPR), where the law so permits.
- Establishment, assertion or defence of claims related to the conducted activity or concluded contracts – pursuant to Article 6(1)(f) GDPR, i.e. the legitimate interest of the Controller consisting in protecting its rights and pursuing claims due.
Scope and categories of processed data
The Controller processes only the personal data necessary to achieve the purposes indicated in this Privacy Policy. Depending on the nature of the cooperation, these may include in particular:
- first and last name;
- job position;
- company or organisation name;
- e-mail address;
- telephone number;
- data contained in the correspondence conducted;
- data necessary to conclude, perform and settle the contract;
- other data provided by the data subject or specified in the concluded contract.
Data retention period
The Controller stores personal data only for the period necessary to achieve the purposes for which they were collected, and subsequently for the period required by law or until the limitation of any claims. In particular, the data are stored:
- for the time necessary to achieve the purpose for which they were collected;
- for the duration of the contract and, after its termination, for the time required by law, in particular tax and accounting regulations;
- until the limitation of claims arising from the contract or related to its performance, as well as until the conclusion of proceedings concerning the assertion of or defence against claims;
- in the case of data processed on the basis of consent – until it is withdrawn, unless further processing is required by law or justified by the need to assert or defend against claims.
Source of the data
The Controller obtains personal data primarily directly from the data subjects, via forms available on the website, e-mail, telephone contact or in connection with the conclusion and performance of contracts.
In justified cases, data may also be obtained from entities with which the Controller cooperates (e.g. contractors or business partners), as well as from publicly available registers, where this is compliant with applicable law.
Data recipients
Recipients of personal data may be entities authorised to receive them under applicable law, as well as entities providing services to the Controller, in particular in the area of IT support and hosting, e-mail, accounting, auditing, advisory and legal services, and other services necessary to conduct the business.
Personal data may also be made available to public administration authorities, courts and other entities authorised to receive them under applicable law.
Entities processing personal data on behalf of the Controller process them solely on the basis of a concluded data processing agreement and in accordance with the Controller's instructions, ensuring an appropriate level of data security.
As a rule, the Controller does not transfer personal data to third countries or international organisations outside the European Economic Area (EEA). However, if the transfer of data becomes necessary in connection with the use of technology providers' services or results from applicable law, the Controller will ensure an appropriate level of data protection in accordance with the requirements of the GDPR, in particular by applying standard contractual clauses or other mechanisms provided for by law.
The Controller applies appropriate technical and organisational measures to protect personal data against loss, destruction, unauthorised disclosure or access, in accordance with the requirements of the GDPR.
Rights of the data subject
The data subject is entitled – in the cases provided for by the GDPR – to the following rights:
- the right to access their personal data;
- the right to rectify (correct) data;
- the right to erasure of data (the „right to be forgotten”);
- the right to restrict data processing;
- the right to data portability;
- the right to object to the processing of data, where it is carried out on the basis of the legitimate interest of the Controller;
- the right to withdraw consent at any time, where processing is based on consent, whereby the withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
To exercise the above rights, please contact the Controller using the contact details indicated in this Privacy Policy.
The data subject also has the right to lodge a complaint with the President of the Personal Data Protection Office if they consider that the processing of their personal data infringes the GDPR.
Voluntary provision of data
Providing personal data is voluntary; however, to the extent that it is necessary to establish contact, conclude and perform a contract or provide services, failure to provide it may make it impossible for the Controller to respond to an enquiry, conclude a contract or provide services.
In the case of data processed on the basis of consent, providing the data is voluntary, and consent may be withdrawn at any time, without affecting the lawfulness of processing carried out before its withdrawal.
Cookies
The website uses cookies (so-called „cookies”) and similar technologies in order to ensure the proper functioning of the site, enhance security, adapt its functionality to users' needs and carry out statistical analyses.
Cookies may also be used for marketing purposes if the user gives separate consent to this, in accordance with applicable law.
The user may change cookie settings at any time via their web browser or the cookie banner settings. Restricting the use of cookies may affect some functionalities of the Website.
Profiling and automated decision-making
The Controller does not apply automated decision-making, including profiling as referred to in Article 22 GDPR, to data subjects. Should such processes be introduced, the Controller will inform the data subjects accordingly, in accordance with applicable law.
Changes to the Privacy Policy
The Controller reserves the right to make changes to this Privacy Policy, in particular in the event of changes in legal regulations, technological changes, development of the Website's functionality or changes in the manner of processing personal data.
The current version of the Privacy Policy is published on the Controller's website and is effective from the date of its publication.