The Controller of your personal data is: Bisonte sp. z o.o. with its registered office in Kraków at ul. Przyszłości 2C, 30-237 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków- Śródmieście in Kraków, 11th Economic Department of the National Court Register, under KRS number: 0000588519, NIP (tax identification number): 6772395579, and REGON (statistical number): 362970531, with a share capital of PLN 500,000.00 (“the Controller”).
The Controller can be contacted:
- by telephone: 502 341 902
- at the e-mail address: email@example.com;
- in writing to the correspondence address: Bisonte sp. z o.o., ul. Przyszłości 2C, 30-237 Kraków.
Depending on the circumstances, we process your personal data for the purpose of:
- conclusion and performance of an agreement with the Controller, including in connection with the use of the Controller’s services, in particular:
- conclusion of an agreement with the Controller;
- use of the services offered by the Controller;
- correspondence regarding the performance of the concluded agreement; and correspondence with a view to concluding a new agreement, as the processing is necessary for the performance or conclusion of the agreement (Article 6(1)(b) of the GDPR);
- fulfilment of the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), which includes:
- the establishment, asserting or defence against claims;
- acquisition and storage of data of potential counterparties and customers;
- collecting opinions and suggestions about the services offered by the Controller; providing users who access the Controller’s website with information on the services provided by the Controller;
undertaking marketing activities by the Controller in relation to its customers and potential customers (including marketing activities based on cookies)
- complying with the Controller’s legal obligations, as the processing may be necessary to meet the requirements of the applicable legislation, in particular tax and accounting legislation (Article 6(1)(c) of the GDPR).
In order to ensure the integrity and confidentiality of personal data, the Controller has implemented procedures which allow access to personal data only to authorised persons and only to the extent necessary for the performance of their duties. The Controller shall apply organisational and technical solutions to ensure that the processing of personal data is carried out only by authorised persons. Among other things, the Controller has implemented appropriate procedures to secure key IT resources containing personal data with passwords of a high degree of complexity and to notify of personal data breaches, and makes reasonable efforts to ensure possibility of backups of personal data.
To obtain detailed information about the safeguards applied by the Controller in respect of the protection of personal data (including the safeguards applied when personal data is transferred outside the EEA), you may contact the Controller by means of the contact details provided in clause II above.
We will process your data for:
- conclusion and performance of the agreement in accordance with clause III, sec. 1 – until the termination or expiry of the contract or until the statute of limitations for claims arising under the agreement;
- undertaking marketing activities – until you lodge an effective objection or for 5 years from when the data was collected;
- compliance with our legal obligations under the relevant legislation – until our data retention obligations under the legislation cease;
- the acquisition and storage of counterparties’ data – until you object or for 5 years from when the data was collected.
Under the GDPR, you have the right to
- request access to and receive a copy of your data;
- rectify (amend) your data;
- erase data – where there is no legal basis for the personal data to be processed;
- restrict data processing – if the personal data processed by the Controller are incorrect or processed unfoundedly, or if their erasure is not possible due to the existence of a valid legal grounds for processing;
- data portability – the right to receive, in a structured, commonly used and machine-readable format, personal data provided on the basis of consent or on the basis of an agreement, or to have such data sent directly to another entity;
- lodge a complaint to the supervisory authority – if your data are processed unlawfully, you can lodge a complaint with the President of the Office for Personal Data Protection.
In order to exercise your rights, you may contact the Controller using the contact details provided in clause II above.
You may, at any time, object to the processing of your personal data processed by the Controller in order to pursue a legitimate interest (Article 6(1)(f) of the GDPR), through the means of communication indicated in clause II.
The data are provided on voluntary basis, but such provision is necessary in order for the Controller to achieve the aforementioned aims, to which the processing relates on the appropriate legal basis in a given case.