Privacy Policy

  1. DEFINITIONS.
    1. Administrator – a company operating under the name Mientha, a limited liability company with its registered office in Warszawa (02-508), ul. Puławska 39 lok. 40, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register, under the KRS number: 0000914133, NIP: 5342641986, share capital: PLN 5,000.00, hereinafter referred to as the “Administrator”.
    2. Personal Data – information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, online identifier and information collected through cookies and other similar technology.
    3. Policy / Privacy Policy – this Privacy Policy.
    4. Website – website maintained by the Administrator at https://mientha.com.
    5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46 / EC.
    6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
    7. Customer – an entity cooperating with the Administrator.
    8. Candidate – a natural person applying for employment, participating in the Recruitment process.
    9. Processor – a processor within the meaning of Art. 4 point 8 of the GDPR, i.e. a natural person, legal person, public authority, unit or other entity that processes Personal Data on behalf of the data controller.
    10. Recruitment – one or more processes conducted by the Administrator in order to, inter alia, building a set / database of Candidates, as well as selecting a Candidate who will be offered an employment contract / contract of mandate / cooperation contract with the Administrator, or the process of searching for a suitable Candidate who will be offered an employment contract / contract of mandate / cooperation contract with the Client.
  2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE.
    1. The Policy describes the detailed rules and purposes of processing Personal Data collected during the use of the Website by the User / Candidate, as well as as part of the services provided by the Administrator related to Recruitment.
    2. In connection with the obligations of the GDPR, we provide you with basic information about the processing of Personal Data for individual (indicated below) categories of persons. Information clauses for individual categories of persons:
      1. Information clause for contractors/clients of the Administrator (point IX of the Policy);
      2. Information clause for the Administrator’s employees (point X of the Policy);
      3. Information clause for persons employed under a mandate contract (point XI of the Policy);
    3. In order to exercise their rights, the data subject should contact the Administrator using the contact details provided in the information clause and inform him or her which right and to what extent he or she wants to exercise.
  3. PURPOSES AND LEGAL BASES OF PROCESSING.

CONTACT FORM

    1. The Administrator allows you to contact him via the electronic form on the Website.
    2. Using the form requires providing Personal Data necessary to make contact and respond to the inquiry.
    3. Providing Personal Data marked as mandatory is required in order to accept and handle the inquiry, and failure to provide them results in the inability to respond. Providing other/other Personal Data is voluntary.
    4. Personal Data is processed in order to identify the User and handle his inquiry sent by the form provided on the Website – the legal basis for processing is consent (Article 6(1)(a) of the GDPR).
    5. The User’s Personal Data will be processed no longer than it is necessary to respond or until the consent is withdrawn.

RECRUITMENT

    1. The Administrator conducts Recruitment for their own needs, as well as for their Clients.
    2. Recruitment for Clients is carried out:
      1. by posting an advertisement on a public portal with information about recruitment for Client;
      2. contact with a Candidate already registered in our Candidate Database, in connection with participation in the previous Recruitment, with the consent given to the Administrator for the processing of Personal Data in order to carry out future recruitment processes;
      3. contact with a potential Candidate via LinkedIn social networks.

Recruitment conducted for the needs of the Administrator and recruitment conducted for projects carried out by the Administrator’s Clients (as part of the delegation to provide services at the Client’ premises)

    1. As part of recruitment processes, the Administrator expects the Candidate to provide Personal Data (e.g. in a CV or cover letter) only to the extent specified in Article 221 § 1 of the Act of 26 June 1974 Labor Code. The consequence of not providing this data is the inability to consider a given candidacy in the Recruitment. Providing other data is voluntary.
    2. Personal Data in the scope indicated in the provisions of the labour law (Article 221 of the Act of 26 June 1974 – Labour Code, i.e. name(s) and surname; date of birth; contact details indicated by the Candidate; education; professional qualifications; course of previous employment) will be processed in order to conduct the recruitment procedure (both if the preferred form of employment is an employment contract (Article 6(1)(b) of the GDPR, Article 6(1)(c) of the GDPR) or a civil law contract – Article 6(1)(c) of the GDPR) or a civil law contract – Article 6(1)(b) of the GDPR). 6 (1) (b) of the GDPR), while other data on the basis of consent (at. 6 (1) (a) of the GDPR), which can be revoked at any time.
    3. The Administrator also processes Personal Data in order to verify the qualifications and skills of the Candidate and to determine the terms of cooperation – the legal basis for data processing is thelegitimate interest of Administrator (Article 6(1)(f) of the GDPR). The legitimate interest of the Administrator is the verification of Kandydatów to work and determine the terms of possible cooperation; in order to establish or pursue by the administrator possible claims or defend against claims made against the Administrator.
    4. If the documents contain the data referred to in Article 9(1) of the GDPR, the Administrator processes the Candidate’s Personal Data on the basis of consent (Article 9(2)(a) of the GDPR), which may be revoked at any time.
    5. The Administrator processes Personal Data, also in subsequent recruitments, if the Candidate agrees to it (Article 6 (1) (a) of the GDPR), which may be revoked at any time.
    6. Personal Data will be stored until the end of the recruitment process, unless the Candidate has agreed to participate in further recruitment processes – in this respect, the data will be used for 12 months.

Recruitment conducted on behalf of the Administrator’s Clients

    1. As part of the Recruitment, the Administrator:
      1. conducts the recruitment process on behalf of the Client (i.e. performs activities consisting in recruiting candidates and carries out technical activities related to Recruitment), in this respect the Administrator acts as a Processor;
      2. collects the Candidates’ Personal Data in the database and then makes them available to the Client as a potential future employer (who becomes a separate administrator of the Candidate’s Personal Data) – in this respect, the processing of the Candidate’s personal data (as part of future recruitment processes) takes place on the basis of consent (Article 6(1)(a) of the GDPR), the provision of the Candidate’s data is also based on consent (Article 6(1)(a) of the GDPR). Personal Data will be used for the period indicated in point 8 above.
    2. The Candidate has the right to withdraw consent to the processing of Personal Data, without affecting the actions taken before its withdrawal.
    3. Personal Data may be processed by the Administrator also in order to investigate and defend against claims – the legal basis for processing is the legitimate interest of the Administrator consisting in the implementation of the above-mentioned purpose (Article 6(1)(f) of the GDPR).

PROFILES ON LINKEDIN PORTALS

    1. The Administrator, in connection with having public profiles on LinkedIn social networks available at: https://www.linkedin.com/company/mientha/about/, processes data left by people visiting these profiles (m.in comments, likes, online identifiers – profile name, public data).
    2. Personal Data are processed by the Administrator: in connection with the profiles conducted and on the basis of Article 6(1)(f) of the GDPR (processing is necessary for the purposes resulting from the legitimate interests of the Administrator, i.e. promoting products and services offered by the Administrator, or they may be processed in order to pursue claims and defend against claims).
    3. The Administrator provides the User with the privacy policy of the co-controllers:
      1. [https://pl.linkedin.com/legal/privacy-policy?].

NEWSLETTER

    1. If the User agrees to receive marketing information via e-mail, Personal Data in the form of the User’s name and e-mail address will be processed by the Administrator in order to send such information.
    2. The basis for the processing of Personal Data is Article 6(1)(a) (consent) and Article 6(1)(f) of the GDPR (processing is necessary for the purposes resulting from the legitimate interests of the Administrator). Providing Personal Data is voluntary, but necessary to send the newsletter.
    3. Personal Data will be stored by the Administrator until the consent is withdrawn, until an effective objection is raised or the purpose of processing is achieved.
  1. RIGHTS OF DATA SUBJECTS.
    1. Users of our Website have the following rights:
      1. the right of access to the provided Personal Data;
      2. the right to request supplementation, updating, rectification of the Personal Data provided in the scope specified in Article 16 of the GDPR;
      3. the right to delete the data provided if they are incomplete, outdated, untrue or have been collected in violation of the Act or are no longer necessary to achieve the purpose for which they were collected, including the right to be forgotten to the extent specified in Article 17 of the GDPR;
      4. the right to limit the processing of the data provided to the extent specified in Article 18 of the GDPR;
      5. the right to transfer the Personal Data provided, if they are processed in an automated manner on the basis of consent or on the basis of a contract, to the extent specified in Article 20 of the GDPR;
      6. the right to object to the processing of data, to the extent specified in Article 21 of the GDPR;
      7. the right not to be subject to profiling, to the extent specified in Article 22 of the GDPR;
      8. the right to withdraw consent to the processing of the Personal Data provided at any time, if the processing of this data is based on consent;
      9. the right to lodge a complaint with a supervisory authority; the President of the Office for Personal Data Protection is supervisory authority the Administrator in the field of Personal Data.
    2. If you have any questions regarding the processing of Personal Data and the exercise of your rights, you can contact the Administrator at the following e-mail address: [email protected].
  2. SHARING AND ENTRUSTING PERSONAL DATA. RECIPIENTS OF PERSONAL DATA. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY.
    1. Personal Data of Users/Candidates will not be made available by the Administrator to other entities, except for the situation in which the Data Administrator providing data and the Data Administrator obtaining data by making available have an appropriate legal basis, including on the basis of commissioned services, as well as in accordance with the concluded entrustment agreements (i.e. in the scope of operation, Service and management of the IT network and end devices, recipients providing technical support services, Customers).
    2. If necessary and if required by applicable law, Personal Data may be made available to competent public authorities (e.g. courts, prosecutor’s offices, police).
    3. Entities to which data have been entrusted are obliged to apply technical and organizational measures to secure these data.
    4. The controller takes measures in accordance with industry standards to protect the confidentiality of data. The Administrator applies precautions, including technical and organizational measures, ensuring the protection of processed Personal Data, appropriate to the threats and categories of data protected, and in particular constantly monitors the level of security within its network and monitors internal regulations, as well as protects data against their disclosure to unauthorized persons, taking by an unauthorized person, processing in violation of the Act and change, loss, damage or destruction. We store all the information we receive about you on properly secured servers.
    5. The Administrator does not transfer Personal Data outside the EEA, however, he uses the services of third parties whose registered offices may be located outside the EEA (e.g. Microsoft Corporation). In this case, Personal Data may be transferred to countries/international organizations outside the European Economic Area when these countries/organizations have been deemed by a decision of the European Commission to provide an adequate level of protection of Personal Data to the level of protection applicable in the EEA or provided that appropriate safeguards are applied, which may consist in the use of binding corporate rules, standard data protection clauses adopted by the Commission European, standard data protection clauses adopted by the President of the Office for Personal Data Protection or contractual clauses approved by the President of the Office for Personal Data Protection.
  3. DATA RETENTION PERIOD.
    1. The Administrator stores Personal Data for as long as it is necessary to achieve the purposes for which they were collected, including as part of the fulfillment of legal, tax and accounting obligations, until the consent given is withdrawn or an effective objection to the processing of data is submitted in cases where the legal basis for data processing is the legitimate interest of the Administrator. The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after this time only in the case and to the extent required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
  4. PROFILING.
    1. Personal Data is not subject to profiling.
  5. COOKIES.
    1. The Administrator uses cookies, i.e. small text information stored on the User’s end device. Cookies can be read by the Administrator’s ICT system. Through the ICT system, the Administrator gains access to information contained in cookies.
    2. Cookies make it easier to move around the Website and use it.
    3. Types of cookies used by the Administrator:
      1. “Necessary” cookies, enabling the use of services available on the Website.
    4. The Administrator also informs the Website Users that it is possible to configure a web browser to prevent the storage of cookies on the User’s end device.
    5. Cookies may be deleted by the User after they have been saved by the Administrator, through appropriate browser functions, programs used for this purpose or using appropriate tools available for this purpose as part of the operating system used by the User.
    6. Under these links there is information about how to delete cookies:
      1. Firefox: http://support.mozilla.org/pl/kb/usuwanie-ciasteczek,
      2. Opera: https://help.opera.com/pl/latest/web-preferences/,
      3. Internet Explorer: http://support.microsoft.com/kb/278835/pl,
      4. Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647,
      5. Safari: http://support.apple.com/kb/HT1677?viewlocale=pl_PL,
      6. Edge: https://support.microsoft.com/pl-pl/help/4027947/windows-delete-cookies.
  6. INFORMATION CLAUSE FOR PROCESSING BY A COMPANY OPERATING UNDER THE NAME MIENTHA Sp. z o.o. PERSONAL DATA OF CUSTOMERS / CONTRACTORS.
    In accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), we inform you about the principles of processing your Personal Data and your rights related to it:

    1. The administrator of your Personal Data is a company operating under the name Mientha, a limited liability company with its registered office in Warszawa(02-508), ul. Puławska 39 lok. 40, entered into the register of entrepreneurs of the National Court Register, kept by the District Court for the m.st of Warsaw in Warsaw, XIV Commercial Division of the National Court Register, under krs number: 0000914133, NIP: 5342641986, share capital: PLN 5,000.00, hereinafter referred to as: “Administrator”. Contact to the Administrator: email: [email protected].
    2. Your Personal Data will be processed by the Administrator for purposes related to the implementation of rights and obligations resulting from contracts between the Administrator and contractors, fulfillment of the Administrator’s legal obligations related to keeping construction documentation, implementation of obligations arising from tax and accounting regulations and pursuing any claims.
    3. The legal basis for the processing of your Personal Data is:
      1. Article 6(1)(b) of the GDPR, i.e. the necessity for the Administrator to conclude and perform the obligations and rights arising from the agreements concluded between the parties,
      2. Article 6(1)(c) of the GDPR, i.e. the necessity to perform legal obligations incumbent on the Administrator, including those resulting from the scope of the construction process, in connection with the performance of obligations in the field of financial settlements, including tax settlements,
      3. Article 6(1)(f) of the GDPR, i.e. the legitimate interests of the Administrator, i.e. in the scope of m.in pursuing possible claims and in the processing of Personal Data of employees or co-workers or other contact persons understood as ongoing contact with these persons,
      4. in other cases, your Personal Data will be processed only on the basis of previously granted consent, to the extent and for the purpose specified in the content of the consent (Article 6 (1) (a) of the GDPR).
    4. Providing your Personal Data is voluntary, but the result of not providing them will be the inability to conclude and implement the indicated contracts and obligations.
    5. Your Personal Data may be disclosed to the Administrator’s employees or associates, entities authorized under the law or entities cooperating with the Administrator on the basis of commissioned services and in accordance with the concluded agreements for entrusting the processing of Personal Data.
    6. Your Personal Data will be processed for the period necessary to achieve the above-mentioned purposes, i.e. in the scope of the implementation of the contract for a period until the end of the contract implementation process, and after that time for the period and to the extent required by law or for the administrator’s implementation of the legitimate interest of the Personal Data administrator in the scope specified above.
    7. In addition, to the extent that Personal Data are processed on the basis of consent, Personal Data will be processed until the consent to such processing is withdrawn, and after that time they may be processed for the period of limitation of possible claims.
    8. Your Personal Data will not be used for profiling or for automated decision-making towards you. Personal Data will not be transferred outside the European Economic Area.
    9. Each data subject has the right to:
      1. request rectification (correction) of Personal Data – if the data is incorrect or incomplete;
      2. request the deletion of Personal Data;
      3. request the restriction of the processing of Personal Data;
      4. the transfer of Personal Data where the processing is based on a contract concluded with the data subject or on the basis of the consent given by such a person and where the processing is carried out by automated means;
      5. withdrawal of consent to the processing of Personal Data to the extent that the processing of Personal Data takes place on the basis of consent, with the proviso that the withdrawal of consent does not affect the lawfulness of data processing, which was made on the basis of consent before its withdrawal.

      In order to exercise the above-mentioned rights, the data subject should contact the Controller using the contact details provided and inform him or her of which right and to what extent he or she wishes to exercise.

    10. If you believe that the processing of Personal Data by the Administrator violates the provisions of the GDPR, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority for the Administrator in the field of Personal Data is the President of the Office for Personal Data Protection (address: Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw).
    11. In addition, in the case of transferring Personal Data of our employees / associates, we oblige you to inform them about the disclosure of their Personal Data to the Administrator and about further processing of data for contact purposes in connection with the conclusion and implementation of contracts.
  7. INFORMATION CLAUSE FOR PROCESSING BY A COMPANY OPERATING UNDER THE NAME MIENTHA Sp. z o.o. PERSONAL DATA OF CLIENTS.
    In accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), I inform you about the principles of processing your Personal Data and your rights related to it:

    1. The administrator of your Personal Data is a company operating under the name Mientha, a limited liability company with its registered office in Warszawa (02-508), ul. Puławska 39 lok. 40, entered into the register of entrepreneurs of the National Court Register, kept by the District Court for the m.st of Warsaw in Warsaw, XIV Commercial Division of the National Court Register, under KRS number: 0000914133, NIP: 5342641986, share capital: PLN 5,000.00, hereinafter referred to as: “Administrator”. Contact to the Administrator: email: [email protected].
    2. The administrator processes your Personal Data in connection with the implementation of the mandate contract (Article 6 (1) (b) of the GDPR). In addition, the processing of your data will be necessary for purposes other than those indicated above, and necessary in connection with the performance of obligations in the field of financial settlements, including tax settlements (Article 6 (1) (c) of the GDPR). In addition, in some situations it is or may be necessary to process your data for purposes necessary for the implementation of the legitimate interests of the Administrator (to pursue possible claims). In other cases, your Personal Data will be processed only on the basis of previously granted consent, to the extent and for the purpose specified in the content of the consent (Article 6 (1) (a) of the GDPR).
    3. Providing your Personal Data is either a condition for the conclusion and performance of the contract between you, or results from the implementation of obligations arising from the above-mentioned provisions of law or is necessary to achieve the objectives resulting from the above-mentioned legitimate interests of the Administrator. Failure to provide all the required Personal Data by you will constitute an obstacle to the conclusion of a cooperation agreement. To the extent that Personal Data is collected on the basis of consent, providing Personal Data is voluntary.
    4. The data provided by you will not be transferred to a third country or an international organization.
    5. In connection with the processing of your Personal Data for the above purposes, your Personal Data may be made available to the following recipients or categories of recipients:
      1. authorized employees of the Administrator; contractors – only in the scope of business data, and in the remaining scope only after obtaining a separate, voluntary consent of you;
      2. postal operators, courier companies;
      3. as well as public authorities, entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes that result from legal provisions;
      4. entities cooperating with the Administrator on the basis of commissioned services and in accordance with the concluded entrustment agreements (e.g. entities cooperating in the field of accounting settlements, ICT services, such as hosting, delivery or maintenance of IT systems).
    6. Your Personal Data will be processed for the period necessary to achieve the above-mentioned purposes, i.e. in the scope of concluding and / or performing the contract between you and the Administrator, for a period until the completion of the process of concluding the contract or its implementation, and after that time for the period and to the extent required by law or for the implementation by the Administrator the legitimate interest of the controller as set out above. To the extent that you have consented to the processing of Personal Data after termination or expiration of the contract, your Personal Data will be processed until this consent is withdrawn.
    7. Your Personal Data will not be used to profile you or to automate decision-making towards you.
    8. You have the relevant rights under the GDPR, i.e.:
      1. the right to access Personal Data, including the right to obtain a copy of this data;
      2. the right to request rectification (correction) of Personal Data – in the event that the data is incorrect or incomplete;
      3. the right to request the deletion of Personal Data;
      4. the right to request the restriction of the processing of Personal Data;
      5. the right to transfer Personal Data where the processing is based on a contract concluded with the data subject or on the basis of the consent given by such a person and where the processing is carried out by automated means;
      6. the right to withdraw consent to the processing of Personal Data to the extent that the processing of your Personal Data takes place on the basis of your consent, with the proviso that the withdrawal of consent does not affect the lawfulness of data processing, which was made on the basis of consent before its withdrawal.

      In order to exercise the above-mentioned rights, the data subject should contact the Controller using the contact details provided and inform him or her of which right and to what extent he or she wishes to exercise.

    9. If you believe that the processing of your Personal Data by the Administrator violates the provisions of the GDPR, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority for the Administrator in the field of Personal data is the President of the Office for Personal Data Protection (address: Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw).
  8. INFORMATION CLAUSE FOR THE PROCESSING OF PERSONAL DATA OF EMPLOYEES BY A COMPANY OPERATING UNDER THE NAME MIENTHA Sp. z o.o.
    In accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), I inform you about the principles of processing your Personal Data and your rights related to it:

    1. The administrator of your Personal Data is a company operating under the name Mientha a limited liability company with its registered office in Warszawa (02-508), ul. Puławska 39 lok. 40, entered into the register of entrepreneurs of the National Court Register, kept by the District Court for the m.st of Warsaw in Warsaw, XIV Commercial Division of the National Court Register, under KRS number: 0000914133, NIP: 5342641986, share capital: PLN 5,000.00, hereinafter referred to as: “Administrator”. Contact to the Administrator: email: [email protected].
    2. The Administrator processes your Personal Data in connection with the implementation of the concluded employment contract (Article 6(1)(b) of the GDPR), including in the scope of keeping employee files, settling the list of payments and payment of remuneration, recording working time, issuing and directing for medical examinations (preliminary, periodic, control), conducting OHS training, as well as in the field of archiving employee documentation (archiving files and documents containing data provided at the employment, employment certificates, diplomas, employee statements and internal documents required by the employer, employment contracts and annexes to the contract, referrals for medical examinations and certificates, settled sick leaves, payroll, PIT issued and certificates of employment and earnings and others related to the course of employment), in the field of social security (applications to social insurance), as well as for the purpose of conducting financial settlements, including tax, i.e. m.in issuing and sending PIT, in order to calculate and make payments to the PPK (Article 6(1)(c) of the GDPR), and in the field of sensitive data, especially health data, in order to fulfill obligations and exercise special rights in the field of labour law, social security and social protection, i.e. in the scope of settling sick leave and benefits (Article 9(2)(b) and (h) of the GDPR). In addition, in some situations it is or may be necessary to process your data for purposes necessary for the implementation of the Administrator’s legitimate interests (for the purpose of pursuing possible claims, pursuant to Article 6(1)(f) of the GDPR. The data that the Administrator obtains are data specified in the law, including labor law. In other cases, your Personal Data will be processed only on the basis of previously granted consent, to the extent and for the purpose specified in the content of the consent (Article 6 (1) (a) of the GDPR).
    3. Providing your Personal Data is either a condition for the conclusion and performance of a contract between you as an employee, or results from the implementation of obligations arising from the above-mentioned provisions of law or is necessary to achieve the objectives resulting from the above-mentioned legitimate interests of the Administrator. Failure to provide all the required Personal Data by you will constitute an obstacle to the conclusion of an employment contract. To the extent that Personal Data is collected on the basis of consent, providing Personal Data is voluntary.
    4. The data provided by you will not be transferred to a third country or an international organization.
    5. In connection with the processing of your Personal Data for the above purposes, your Personal Data may be made available to the following recipients or categories of recipients:
      1. authorized employees of the Administrator;
      2. business partners, contractors – only in the scope of business data, and in the remaining scope only after obtaining a separate, voluntary consent of you;
      3. postal operators, courier companies;
      4. as well as public authorities, entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes that result from legal provisions (e.g. ZUS, National Tax Administration);
      5. entities cooperating with the Administrator on the basis of commissioned services and in accordance with the concluded entrustment agreements (e.g. entities cooperating in the field of accounting settlements, ICT services, such as hosting, delivery or maintenance of IT systems).
    6. Your Personal Data will be processed for the period necessary to achieve the above-mentioned purposes, i.e. in the scope of concluding and / or performing the contract between you and the Administrator, for a period until the completion of the process of concluding the contract or its implementation, and after that time for the period and to the extent required by law or for the implementation by the Administrator the legitimate interest of the controller as set out above. To the extent that you have consented to the processing of Personal Data after termination or expiration of the contract, your Personal Data will be processed until this consent is withdrawn.
    7. Your Personal Data will not be used to profile you or to automate decision-making towards you.
    8. You have the relevant rights under the GDPR, i.e.:
      1. the right to access Personal Data, including the right to obtain a copy of this data;
      2. the right to request rectification (correction) of Personal Data – in the event that the data is incorrect or incomplete;
      3. the right to request the deletion of Personal Data;
      4. the right to request the restriction of the processing of Personal Data;
      5. the right to transfer Personal Data where the processing is based on a contract concluded with the data subject or on the basis of the consent given by such a person and where the processing is carried out by automated means;
      6. the right to withdraw consent to the processing of Personal Data to the extent that the processing of your Personal Data takes place on the basis of your consent, with the proviso that the withdrawal of consent does not affect the lawfulness of data processing, which was made on the basis of consent before its withdrawal.

      In order to exercise the above-mentioned rights, the data subject should contact the Controller using the contact details provided and inform him or her of which right and to what extent he or she wishes to exercise.

    9. If you believe that the processing of your Personal Data by the Administrator violates the provisions of the GDPR, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority for the Administrator in the field of Personal Data is the President of the Office for Personal Data Protection (address: Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw).
  9. CHANGES TO THE PRIVACY POLICY.
    1. The policy is constantly reviewed and updated if necessary.
    2. The current version of the Policy is effective from November 23, 2021.