GDPR


The GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Regulation on the protection of Data) is to ensure the security and consistency of the processing of personal data. It imposes a number of obligations on the personal data controller, including the need to fulfill information obligations towards persons whose personal data is processed, i.e. informing them of what the personal data administrator will do with the personal data collected from them.

We believe that only an effectively informed person is able to make informed decisions in connection with the processing of his/her personal data and effectively react to any possible irregularities in this regard.


INFORMATION OBLIGATION IN CONNECTION WITH THE PROCESSING OF PERSONAL DATA OF SENDERS OF ELECTRONIC CORRESPONDENCE NOT RELATED TO THE PROVIDED SERVICES OR CONTRACTED CONTRACTS

 

Who is the Personal Data Controller?

The Controller of the processed personal data of senders of electronic correspondence, not related to the services provided or concluded contracts, Kontomatik sp.z o.o. with its registered office in Warsaw (00-838) at Prosta 51.

The Controller can be contacted by e-mail by writing to the following e-mail address: contact@kontomatik.com or by traditional mail by sending correspondence to the following address: Kontomatik sp.z o.o., ul. Prosta 51, 00-838 Warsaw, with the annotation "Personal Data Protection".

 

Has a Data Protection Officer been appointed?

The protection of processed personal data is extremely important to us, which is why we have appointed a Data Protection Officer who can be contacted on the subject of personal data protection by email by writing to the following e-mail address: iod@kontomatik.com or via traditional mail, by sending correspondence to the Kontomatik address Ltd Prosta 51, 00-838 Warsaw, with the annotation "Personal Data Protection".

 

What are the purposes and legal grounds for the processing of personal data?

Personal data is processed in connection with the correspondence and for the needs of maintaining the necessary information in the event of a defense against or pursuing claims arising from correspondence. Personal data is processed in order to implement the Controller's legitimate interest, including responding to correspondence related to the implementation of the contract, in accordance with art. 6 sec. 1 lit. b) or in a situation unrelated to the performance of the contract, art. 6 sec. 1 lit. a) and f) GDPR, or establishing, defending and pursuing claims, in accordance with art. 6 sec. 1 lit. f) GDPR. 

Data processing is based on:

  • expressed consent, Art. 6 sec. 1 lit. a) GDPR (however, the withdrawal of consent does not affect the lawfulness of the processing of personal data carried out on the basis of the consent granted before its withdrawal);
  • contract, art. 6 sec. 1 lit. b) GDPR (where the provision of personal data is voluntary, but necessary for the performance of the contract, and failure to provide personal data may result in, for example, failure to answer the question asked);
  • legitimate interest pursued by the Controller, in accordance with art. 6 sec. 1 lit. f) GDPR.

How long is personal data stored?

Personal data processed in connection with correspondence are processed for a period of up to 12 months from the date of providing the answer.

 

Is personal data shared and with whom?

Personal data may only be made available when:

  • recipients are other entities providing services to Kontomatik sp.z o.o. only in the scope of the service provided in accordance with the concluded contract (e.g. external consultants, IT solution providers),
  • recipients are other entities in the field of:
  • striving to meet the requirements of applicable law, regulations, legal processes or valid demands of state institutions
  • detect and prevent fraud, and resolve other fraud, security and technical issues;
  • protect the property rights or safety of the Controller and other persons in a manner required or permitted by law.

The Controller does not intend to transfer personal data to the so-called third countries (i.e. outside the European Economic Area). The Controller may, however, commission the performance of specific IT services or tasks to service providers established outside the European Economic Area (e.g. in the scope of data processed via the website). In this case, personal data is transferred on the basis of binding corporate rules or standard contractual clauses adopted by the European Commission and only to entities that have undertaken to comply with specific principles of personal data protection.

In order to obtain additional information on the transfer of data outside the EEA and to obtain a copy of the adopted protection measures, you can contact the Data Protection Officer.

 

What rights are there in relation to the processing of personal data?

Each person whose personal data is processed by the Controller has the right to:

  • information on the processing of personal data;
  • rectification of processed personal data if they are incorrect;
  • deletion of data ("right to be forgotten");
  • processing restrictions;
  • data portability;
  • object to data processing;
  • withdrawal of consent;
  • submit a complaint to the supervisory authority.

More information on the rights of data subjects can be found here: Information clause of the rights of a natural person pursuant to the GDPR.


What personal data can we process?

We collect and process the following scope of data:

  • personal data (eg name and surname);
  • contact details (eg mailing address, telephone number, email address);
  • image data (eg photo);
  • communication data (eg data resulting from correspondence);
  • professional data (e.g. name of the entity on behalf of which you are contacting, address, position)

 

How can certain rights be exercised?

The demands resulting from Art. 15-22 of the GDPR can be brought to the Controller at any time.More information on the fulfillment of requests can be found here: Information clause about submission of a request to execute the rights pursuant to the GDPR. 


Is the data subject to automated processing?

The information we collect may be processed in an automated manner (including in the form of profiling), but it will not cause any legal consequences for a natural person or similarly significantly affect it.


Where do we obtain personal data from?

We obtain personal data from the data subject (i.e. from the sender of the correspondence). 



INFORMATION CLAUSE ABOUT SUBMISSION OF A REQUEST TO EXECUTE THE RIGHTS PURSUANT TO THE GDPR

Kontomatik sp.z o.o. based in Warsaw (hereinafter the "Controller") takes appropriate measures to communicate with the data subject in a concise, transparent, understandable and easily accessible form, clear and simple language, pursuant to art. 15-22 of the GDPR on the processing of personal data.

 

How can you submit a request to exercise your rights under the GDPR?

A request regarding the implementation of the rights resulting from the provisions of the GDPR may be submitted:

  • in writing to the following address:

Kontomatik sp.z o.o.

Prosta 51, 00-838 Warsaw

  • by email to the following address: iod@kontomatik.com

If the Controller finds that he is unable to identify the person submitting the application on the basis of the submitted application, he may request the applicant to provide additional information that will enable his identification and further processing of the request.

The application may be submitted in person or through a proxy (e.g. a family member). Due to data security, the Controller encourages the use of a power of attorney certified by a notary, legal advisor or attorney, which will significantly speed up the verification of the authenticity of the authorization and the implementation of the application regarding the rights resulting from the GDPR.

The Controller will respond to the applicant's application immediately, but not later than within one month from the date of receipt of the request, subject to the next sentence.

Due to the complexity of the request or the number of requests, the Controller may extend the deadline for responding to the request by another two months (three months in total). In such a situation, within one month of receiving the request, the Controller will inform the data subject about the extension of the deadline for providing a reply, including the reason for the delay.

The answer is given by the Controller in writing and sent via traditional mail, unless the application was submitted by email or an electronic response was requested.

 

Does the execution of requests involve a fee?

The procedure regarding the submitted applications is free of charge. If the Controller proves that the applicant's request is manifestly unjustified or excessive, in particular due to its constant nature, it may:

- make the processing of the request subject to payment of a reasonable fee, or

- refuse to act in connection with the submitted request.

If the Controller's decision to impose a fee is questioned, the applicant may submit a complaint to the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw (more information at www.uodo.gov.pl). 

INFORMATION CLAUSE OF THE RIGHTS OF A NATURAL PERSON

PURSUANT TO THE GDPR

 

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation,"GDPR") natural persons have the following rights in connection with the processing of their personal data by Kontomatik sp. z oo based in Warsaw ("Controller").

 

The right to access data (Article 15 of the GDPR)

You have the right to request access to your personal data, in particular information about whether we process your personal data and the scope of the data we have, the purposes of data processing or the categories of recipients of your data, the planned period of data storage, and your rights regarding personal data, about the sources of their acquisition in a situation where they have not been collected from you. In addition, you have the right to obtain a copy of the processed data.

 

The right to rectify data (Article 16 of the GDPR)

In a situation where your personal data held by us is incomplete or incorrect, you have the right to request that it would be corrected.

 

Right to erasure ("right to be forgotten") (Article 17 of the GDPR)

You have the right to request the deletion of your data if one of the following circumstances applies:

- personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

- you have filed an effective objection to the processing;

- the personal data has been processed unlawfully;

- personal data must be deleted in order to comply with a legal obligation;

- you have withdrawn your consent to the processing of personal data and the personal data has been processed on the basis of your consent and there is no other legal basis for their processing.

However, you will not be able to exercise the right to delete data if such data is necessary for the Controller to establish or pursue claims or defend against claims or if the processing is based on the provisions of applicable law.

 

The right to restrict data processing (Article 18 of the GDPR)

You have the right to request the restriction of the processing of your personal data in the following cases:

- if you question the correctness of personal data - for a period allowing for the verification of the correctness of such data;

- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

- we no longer need personal data, but you need it to establish, investigate or defend against claims;

- in the event of an objection by you - until it is determined whether the legally justified grounds on our side override the grounds of your objection.

If the processing has been restricted, such personal data may be processed by the Controller, with the exception of storage, only with the consent of the data subject, in order to establish, assert or defend claims or to protect the rights of another natural or legal person.

 

Right to data portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format and you have the right to send this personal data to another controller if:

- the processing is based on your consent or on the basis of a contract with you and

- the processing is carried out in an automated manner.

At the same time, you have the right to request that your personal data be sent directly to another data controller, as long as it is technically possible.

 

The right to object to data processing (Article 21 of the GDPR)

You have the right to object at any time - for reasons related to your particular situation - to the processing of your data, if the legal basis for processing is the legitimate interest of the Controller

As a result of the objection, we will cease to process your personal data, unless we demonstrate the existence of valid legally valid grounds for processing that override your interests, rights and freedoms, or grounds for establishing, pursuing claims or defending against claims.

If your personal data is processed for direct marketing purposes, you can object to such processing at any time, including profiling, without having to show reasons related to your particular situation.

 

The right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw) if you believe that we are processing your personal data in violation of the law. All the necessary information can be found on the website www.uodo.pl.