According to the general data protection regulation of 27 April 2016 (GDPR), we inform that:
1. Get Compliant sp. z o.o., seated Kolonijna 5/55, 03-565 Warsaw, Poland, email@example.com, is the personal data Controller.
2. Your personal data will be processed:
- to conclude or implement a contract linking you with the Controller (Art. 6 (1) (b) of the GDPR),
- for the purposes of processing payments, accounting and financial reporting (Art. 6 (1) (c) and (f) of the GDPR),
- to fulfil other legal obligations (Art. 6 (1) (c) of the GDPR),
- for the purposes indicated in the content of consents to the processing of personal data – if such consents have been given (Art. 6 (1) (a) of the GDPR). Please be aware that sharing data other than required by the controller at any stage, is an explicit action constituting a consent for the processing of personal data for the purposes you shared the data with us.
And also in connection with the implementation of the Controller’s legitimate interests (Art. 6 (1) (f) of the GDPR):
- to organise the cooperation,
- to organise events and social initiatives – if you wish to participate,
- to implement contracts with the organization’s clients and contractors,
- to determine, pursue and defend claims,
- to conduct marketing of products and services of the Controller and its partners – if it results from our legal relationship, e.g. consent or a permit granted under copyright law.
- for statistical purposes related to improving the quality of delivered services and adapting them to the recipients.
3. The recipients of your personal data may be:
- Companies providing IT services or solutions.
- In the case of making data public – users of the website or social media, such as Facebook, Instagram, Twitter, Google+, broadcasters (radio, TV).
- Public authorities receiving data in connection with the performance of legal obligations of the controller.
- Banks, if it is necessary for processing payments.
- Controller’s clients.
- Contractors, including subcontractors and suppliers of the organization.
- Firms providing advisory and auditing services.
- Archiving and utilization companies.
- Firms providing courier and postal services.
- Firms conducting marketing activities.
- Hotels, training centers and transport companies (for business trips).
4. In principle, your personal data will not be transferred outside the European Economic Area (henceforth: EEA). However, having in mind the services provided by the Controller’s subcontractors in the implementation of support for ICT services and IT infrastructure, the Controller may commission specific activities or IT tasks to recognized subcontractors operating outside the EEA, which may result in the transfer of your data outside the EEA.
Non-EEA recipient countries covered by the European Commission decision, ensure an adequate level of personal data protection in accordance with EEA standards. In the case of recipients in the territory of States not covered by the decision of the European Commission, in order to ensure an adequate level of this protection, the Controller concludes contracts with recipients of your personal data, based on standard contractual clauses issued by the European Commission in accordance with Art. 46 (2) (c) of the GDPR.
A copy of the standard contractual clauses can be obtained from the Administrator by contacting the contact details provided above. The method of securing your data used by the Administrator is consistent with the principles set out in Chapter V of the GDPR. You can request further information about the applied safeguards in this respect, obtain a copy of these safeguards and information about the place of their disclosure.
Furthermore, it may happen that your basic personal data (such as your name, contact details) will be transferred to third countries. The necessity to transfer data to third countries depends on the performance of the contract between the Controller and the client or contractor to whom personal data is transferred.
5. Your personal data will be stored for the duration of the contract linking you to the Controller, and the rights arising from it, as well as until the expiry of the limitation periods for claims arising from legal relationships between you and the Controller. The data will be deleted earlier if you withdraw the consent – in case the consent is the only basis for data processing, as well as when it is required by law.
6. In situations provided for by law, you enjoy the rights to: access your data and receive a copy of it rectify (amend) your data, delete personal data, limit data processing, data portability – if the legal basis for their processing is consent (Art. 6 (1) (a lub Art. 9 (2) (a of the GDPR) or a contract (Art. 6 (1) (b of the GDPR), the right to withdraw consent to data processing when it is the basis for data processing (Art. 6 (1) (a of the GDPR), the right to object to the processing of your personal data – if the legal basis for the processing is a legitimate interest (Art. 6 (1) (f) of the GDPR).
7. If you find that the processing of your personal data violates the provisions of the GDPR, it is your right to lodge a complaint to the President of the Personal Data Protection Office, Stawki 2, 00-193 Warsaw.
8. The Controller requires providing the personal data to the extent necessary for the conclusion or implementation of the contract linking us and the implementation of related legal obligations. Failure to provide this type of data may result in not concluding or non-performance of the contract. In the remaining scope, providing personal data is voluntary.
9. Your data will not be subject to automated decision-making with legal or similarly significant effects.