Privacy Policy

I. Personal data administrator

The administrator of personal data within the meaning of art. 4 point 7 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27.04.2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (GDPR) is EOFWCA.pl limited liability with its seat in Ostrowit at Ostrowite 71a, 13-334 Łąkorz, entered in the Register of Entrepreneurs of the National Court Register by the District Court in Olsztyn, 8th Commercial Division of the National Register court under the number KRS 0000746087, NIP: 8771480723, REGON: 381123345, share capital PLN 5,000.
Data controller contact details:

Phone: +48 508 078 633,
E-mail address: kontakt@eofwca.pl.

Administrator in accordance with Art. 32 sec. 1 GDPR observes the principle of personal data protection and applies appropriate technical and organizational measures to prevent accidental or inconsistent damage, loss, modification, unauthorized disclosure or unauthorized access to personal data processed in connection with the conducted activity.
Providing personal data is voluntary, but necessary in order to establish cooperation and / or conclude a contract with the data controller.
The data controller processes personal data only to the extent necessary for the proper provision of services or taking action at the request of the data subject.

II. Purpose and grounds of personal data processing

The controller processes personal data for the following purposes:

preparation of a commercial offer in response to the customer’s interest, which is a legitimate interest of the data controller (Article 6 (1) (f) of the GDPR);
Provision of services by electronic means via the Website, on the basis of a concluded contract (Article 6 (1) (b) of the GDPR);
handling the complaint process, on the basis of the obligation incumbent on the data controller in connection with applicable law (Article 6 (1) & nbsp; c GDPR);
accounting related to the issuance and acceptance of settlement documents, on the basis of tax law (Article 6 (1) (c) of the GDPR);
archiving of data for the possible determination, investigation or defense against claims or the need to prove facts, which is a legitimate interest of the data controller (Article 6 & nbsp; section 1 (f) of the GDPR);
Contact by phone or via e-mail, in particular in response to inquiries addressed to the data controller, which is a legitimate interest of the data controller (Article 6 (1) (f) of the GDPR);
sending technical information regarding the functioning of the Website and the Services used by the Customer, which is the legitimate interest of the Data Administrator (Article 6 (1) (f) of the GDPR);
Marketing of the data controller’s own products, which is its legitimate interest (Article 6 (1) (f) of the GDPR) or takes place on the basis of previously granted consent (Article 6 (1) (a) of the GDPR).

III. data recipients. Transfer of data to third countries

The recipients of personal data processed by the data controller may be entities cooperating with the data controller, when it is necessary to perform the contract concluded with the data subject.
The recipients of personal data processed by the data controller may also be subcontractors – entities whose services are used by the data controller in data processing, e.g. entities providing development services (training, coaching), accounting offices, law firms, entities providing IT services (including hosting services).
The data controller may be obliged to provide personal data on the basis of applicable law, in particular to disclose personal data to authorized bodies or state institutions.
Personal data will not be transferred to an entity established outside the European Economic Area.

IV. Period of storage of personal data

The data controller stores personal data for the duration of the contract concluded with the data subject and after its termination in & nbsp; purposes related to the pursuit of claims related to the contract, performance of obligations arising z & nbsp; applicable law, but for a period not longer than the limitation period in accordance with the provisions of the Civil Code.
The data controller stores personal data on the settlement documents (e.g. invoices) for a period of time specified in the provisions of the Act on goods and services and the Accounting Act.
The data controller stores personal data processed for marketing purposes for a period of 10 years, but not more than until the consent to the processing of data is withdrawn or an objection to data processing is withdrawn.
The data controller stores personal data for purposes other than those indicated in sec. 1-3 for a period of 3 years, unless the consent to data processing has been withdrawn earlier, and the processing of data cannot be continued on a basis other than the consent of the data subject.

V. Powers of the data subject

1. Any data subject has the right to:

access – obtaining confirmation from the Administrator whether its personal data are processed. If the data about the person is processed, he is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, information about recipients or categories of recipients to whom the data has been or will be disclosed, about the period of data storage or the criteria for determining them, about the right to request rectification, deletion or limitation of the processing of personal data due to the data subject and to object to such processing (Article 15 of the GDPR);
to receive a copy of the data – obtaining a copy of data to be processed, the first copy is free, and the administrator may impose a fee in a reasonable amount resulting from administrative costs for subsequent copies (Article 15 (3) of the GDPR);
to be corrected – request rectification regarding its personal data, which are incorrect or supplementing incomplete data (Article 16 of the GDPR);
to delete data – request the deletion of its personal data, if the Administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);
to restrict processing – requests to limit the processing of personal data (Art. 18 GDPR) when:

– the data subject questions the correctness of the personal data – for a period allowing the Administrator to check the correctness of the data,

– processing is unlawful and the data subject object to their removal, demanding a restriction of their use,

– the controller no longer needs this data, but it is needed by the data subject to establish, assert, or defend claims,

– the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the administrator are superior to the grounds of the data subject’s objection;

to transfer data – to receive in a structured, commonly used machine-readable format of personal data concerning it, which it provided to the Administrator, and a request to send this data to another Administrator, if the data is processed on the basis of the consent of the data subject or the contract concluded with it, and if the data is processed in automated method (Art. 20 GDPR);
to object – objecting to the processing of its personal data for legitimate purposes of the Administrator, for reasons related to its special situation, including profiling. Then the Administrator assesses the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the data subjects, or the grounds for establishing, pursuing or defending claims. If, according to the assessment of the interests of the data subject, they are more important than the interests of the administrator, the Administrator will be obliged to stop processing data for these purposes (Art. 21 GDPR).

In order to exercise the above-mentioned rights, the data subject should contact the administrator, using the contact details provided, and inform him which rights and to what extent he wants to exercise.
The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection in Warsaw.

Privacy Policy

I. Personal data administrator

Data controller contact details:

Phone: +48 508 078 633,

E-mail address: kontakt@eofwca.pl.

Providing personal data is voluntary, but necessary in order to establish cooperation and / or conclude a contract with the data controller.

The data controller processes personal data only to the extent necessary for the proper provision of services or taking action at the request of the data subject.

II. Purpose and grounds of personal data processing

The controller processes personal data for the following purposes:

preparation of a commercial offer in response to the customer’s interest, which is a legitimate interest of the data controller (Article 6 (1) (f) of the GDPR);

Provision of services by electronic means via the Website, on the basis of a concluded contract (Article 6 (1) (b) of the GDPR);

handling the complaint process, on the basis of the obligation incumbent on the data controller in connection with applicable law (Article 6 (1) & nbsp; c GDPR);

accounting related to the issuance and acceptance of settlement documents, on the basis of tax law (Article 6 (1) (c) of the GDPR);

archiving of data for the possible determination, investigation or defense against claims or the need to prove facts, which is a legitimate interest of the data controller (Article 6 & nbsp; section 1 (f) of the GDPR);

Contact by phone or via e-mail, in particular in response to inquiries addressed to the data controller, which is a legitimate interest of the data controller (Article 6 (1) (f) of the GDPR);

sending technical information regarding the functioning of the Website and the Services used by the Customer, which is the legitimate interest of the Data Administrator (Article 6 (1) (f) of the GDPR);

Marketing of the data controller’s own products, which is its legitimate interest (Article 6 (1) (f) of the GDPR) or takes place on the basis of previously granted consent (Article 6 (1) (a) of the GDPR).

III. data recipients. Transfer of data to third countries

The recipients of personal data processed by the data controller may be entities cooperating with the data controller, when it is necessary to perform the contract concluded with the data subject.

The data controller may be obliged to provide personal data on the basis of applicable law, in particular to disclose personal data to authorized bodies or state institutions.

Personal data will not be transferred to an entity established outside the European Economic Area.

IV. Period of storage of personal data

The data controller stores personal data on the settlement documents (e.g. invoices) for a period of time specified in the provisions of the Act on goods and services and the Accounting Act.

The data controller stores personal data processed for marketing purposes for a period of 10 years, but not more than until the consent to the processing of data is withdrawn or an objection to data processing is withdrawn.

The data controller stores personal data for purposes other than those indicated in sec. 1-3 for a period of 3 years, unless the consent to data processing has been withdrawn earlier, and the processing of data cannot be continued on a basis other than the consent of the data subject.

V. Powers of the data subject

1. Any data subject has the right to:

to receive a copy of the data – obtaining a copy of data to be processed, the first copy is free, and the administrator may impose a fee in a reasonable amount resulting from administrative costs for subsequent copies (Article 15 (3) of the GDPR);

to be corrected – request rectification regarding its personal data, which are incorrect or supplementing incomplete data (Article 16 of the GDPR);

to delete data – request the deletion of its personal data, if the Administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);

to restrict processing – requests to limit the processing of personal data (Art. 18 GDPR) when:

– the data subject questions the correctness of the personal data – for a period allowing the Administrator to check the correctness of the data,

– processing is unlawful and the data subject object to their removal, demanding a restriction of their use,

– the controller no longer needs this data, but it is needed by the data subject to establish, assert, or defend claims,

– the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the administrator are superior to the grounds of the data subject’s objection;

In order to exercise the above-mentioned rights, the data subject should contact the administrator, using the contact details provided, and inform him which rights and to what extent he wants to exercise.

The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection in Warsaw.

VI. Automated decision making. profiling

Personal data will not be processed automatically or through profiling.

Location

Shortcut

Privacy