Who is the data controller?

The data controller of your personal data is INFOV LIMITED LIABILITY COMPANY, registered in the register of entrepreneurs maintained by the District Court for the Capital City of Warsaw in Warsaw, XIV Commercial Department of the National Court Register under the number KRS: 0000621574, NIP: 7123313875, REGON: 364635788. The company’s place of business and address for correspondence is Aleja Krakowska 9, 05-090 Sękocin Nowy, Poland. The contact email address is info@INFOV.eu, and the phone number is + 48 22 290 49 05.

Why do we process your data?

Your personal data is processed based on the Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation / GDPR) in the following ways:

For clients:

A. In relation to services provided to companies by the data controller, i.e., to conclude or perform a contract (Article 6(1)(b) GDPR), your data will be stored until the contract is executed. Providing the data is necessary to conclude and perform the contract;

B. To fulfill any legal obligations related to the cooperation, such as accounting, tax regulations, or anti-money laundering (Article 6(1)(c) GDPR), personal data will be processed for the period specified by law;

C. For possible determination, assertion, or defense against claims, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Data will be processed until the claims are barred;

D. To ensure proper service delivery and improve service quality by monitoring your activities, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Data will be processed until the claims are barred.

For contractors, representatives, and employees of contractors:

A. To verify the validity of authorization to act on behalf of the contractor, including verifying provided data in public registers, contacting for contract execution, and for legitimate interests pursued by the data controller (Article 6(1)(b) and (f) GDPR). Data will be processed until the contract is executed, and for archiving purposes, until claims are barred. Providing data is necessary to conclude and execute the contract;

B. To fulfill any legal obligations related to the cooperation, such as accounting, tax regulations, or anti-money laundering (Article 6(1)(c) GDPR), personal data will be processed for the period specified by law;

C. For possible determination, assertion, or defense against claims, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Data will be processed until the claims are barred.

If you have not provided data directly to the data controller, it was provided by the contractor as part of their contact or identification details under the contract with the data controller.

For subscribers:

A. For marketing and promotion of products offered by the data controller, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Your data will be processed until you object to this processing;

B. To tailor marketing content to your activities, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Data will be processed until the claims are barred;

C. For possible determination, assertion, or defense against claims, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Data will be processed until the claims are barred.

For users of the data controller’s websites:

A. To ensure proper service delivery, improve quality, and ensure security, by monitoring user activities, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Data will be processed until the claims are barred;

B. To contact and respond to inquiries, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Data will be processed until the inquiry is answered or claims are barred. Providing data is voluntary but necessary to establish contact and respond to inquiries;

C. Additional information about data processing through cookies is available in the cookie policy.

For individuals contacting the data controller:

A. To respond to inquiries made by email or phone, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Personal data will be processed until the claims are barred. Providing data is voluntary but necessary to establish contact and respond to inquiries;

B. For possible determination, assertion, or defense against claims, which is a legitimate interest of the data controller (Article 6(1)(f) GDPR). Data will be processed until the claims are barred.

Who will the data be shared with?

A. Public authorities, to the extent that they receive data as part of specific proceedings based on the law;

B. Entities that process your personal data on behalf of the data controller under a data processing agreement (so-called data processors). These may include, among others: IT specialists, archiving companies, banking and payment service providers, hosting companies;

C. External data controllers (so-called Parallel Controllers to whom the data is provided), such as legal advisors, couriers, postal services, entities acquiring receivables in the case of non-payment of our invoices;

D. Entities located outside the EEA, but only when necessary and with appropriate safeguards, primarily through:

   a. Cooperation with entities in countries for which the European Commission has issued an adequacy decision;

   b. Use of standard contractual clauses issued by the European Commission.

The data controller will always inform you about the intention to transfer personal data outside the EEA at the time of data collection.

Automated decisions?

As part of the services provided by the data controller, personal data may be subject to profiling. The data controller will inform you about such actions before processing your data through profiling.

What rights do you have?

A. The right to access the personal data we process (Article 15 GDPR);

B. The right to rectify the personal data provided, including correcting it (Article 16 GDPR);

C. The right to erasure of personal data from our systems (the “right to be forgotten”) – if you believe there are no grounds for processing your data, you can request its deletion (Article 17 GDPR);

D. The right to restrict the processing of personal data – you can request that your personal data be limited to storage or performing agreed actions, in cases where the data controller holds inaccurate data about you, processed without justification; or when you do not want them to be deleted because they are necessary for establishing, asserting, or defending claims; or during the period of objection to the processing of your data (Article 18 GDPR);

E. The right to data portability – you have the right to receive from the data controller in a structured, commonly used, machine-readable format (e.g., “.csv” format) the personal data concerning you that the controller holds based on a contract or consent (Article 20 GDPR);

F. The right to withdraw consent – you have the right to withdraw your consent to the processing of personal data at any time, provided that the data is processed based on your consent. Withdrawal of consent does not affect the legality of the processing carried out before the withdrawal (Article 7(3) GDPR);

G. The right to object – you may object to the processing of your data if the processing is based on the legitimate interest of the data controller. In such a case, after considering your request, your data will no longer be processed for the purposes covered by your objection, unless the data controller demonstrates that there are legitimate grounds for the processing that override your interests, rights, and freedoms (Article 21 GDPR);

H. If you believe the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office.

Contact

If you need additional information related to personal data protection or wish to exercise your rights, please contact us at the email address: info@INFOV.eu