In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ. EU L. 2016.119.1), hereinafter: GDPR,), I inform you that:

1. The Controller and the Relevant Categories of Data:

The Controller of your personal data collected in connection with the concluded agreement or ongoing business relations is S&P Księgowość i Optymalizacje Podatkowe sp. z o.o., based in Kraków. (hereinafter: Controller).

Personal data may have been collected from you in various situations, in particular as part of our existing cooperation, during the signing or execution of a contract, as a result of an inquiry, by email, by telephone, or may have been provided by the entity employing you.

In connection with the relationship between us, we may process the following data: identification data, contact details, job data or other data provided to us in connection with cooperation or contact.

Your provision of personal data is voluntary and results from the concluded contract and business cooperation, and the consequence of failure to provide data may be partial or complete inability of the Controller to perform the contract.

2. Purpose of the Processing

Your personal data will be processed, in particular, for the purpose of establishing cooperation, concluding and performing a contract, settling contracts, responding to any inquiries or requests made and conducting further correspondence/contact in this regard, marketing and contacting you regarding other information and services of the Controller, defending against potential claims, as well as for the purpose of possibly directing claims, fulfilling the legal obligations of the Controller (e.g. tax, accounting, regarding the handling of complaints).

If you have provided us with the personal data of your employees or associates as part of a contract, we inform you that this information clause also applies to them and should be shared by you with them.

3. Legal Basis for the Processing

The legal basis for processing your personal data is:

• necessity to perform a contract or take action prior to entering into a contract at the request of the data subject – Article 6(1)(b) of the RODO,
• Implementation of legal obligations imposed on the Controller – Article 6(1)(c) GDPR,
• The legitimate interest of the Controller in the form of marketing the products and services of the Controller or a third party, contact, including correspondence, and defence against potential claims – Article 6(1)(f) GDPR.

4. Processing Period

Personal Data collected for the purpose of entering into and performing a contract will be processed for the duration of the contract or until you object to the processing based on legitimate interest, unless the law (e.g., for archiving, tax, accounting) obliges us to process the data for longer, or we keep the data longer in case of potential claims, for the period of their limitation period specified by law – whichever is longer.

5. Data Recipients

The recipients of your personal data will be entities that support us in administrative and organizational matters of the company and in marketing activities, provide us with support and operation of our ICT tools and systems, make shipments and help us conduct communications with our contractors and customers.

6. Data Transfer Outside the EEA

Your data will not be transferred outside the European Economic Area.

7. Authorizations

You are entitled to:

• access to the content of their data, request their rectification, erasure or restriction of their processing, object to the processing of personal data to the extent that the basis for the processing of personal data is the legitimate interest of the Controller,
• withdraw consent at any time to the extent that it is the basis for the processing of your data. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
• portability of personal data, i.e. to receive information from the Controller of personal data processed, in a structured, commonly used machine-readable format, to the extent that your data is processed for the purpose of entering into and performing an insurance contract or on the basis of consent.
• lodge a complaint with the President of the Personal Data Protection Office if you consider that the processing of personal data concerning you violates the provisions of the GDPR.

If you have any questions about the processing of your data or to exercise your rights under the GDPR, please contact the Data Controller at the following email address: piotr.pytka@spksiegowosc.pl