Information clause for Clients
Fulfilling the data protection information obligations under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ EU. L. 2016, No. 119, p. 1) [„GDPR”], which came into force on 25 May 2018, we provide the following information:
- Who is the personal data controller?
We kindly inform you that the administrator of your personal data, i.e. the entity which decides about the purposes and means of its processing is Difference spółka z ograniczoną odpowiedzialnością, address: al. Juliusza Kossaka 11 01-576 Warszawa („ADO”).
- Who is the Data Protection Officer and how to contact him/her?
We have appointed a Personal Data Inspector who can be contacted at the postal company address or via e-mail: firstname.lastname@example.org – with regard to all issues related to the processing of personal data and executing your rights related to personal data processing.
- What is the purpose and basis of your data protection?
Your data will be processed for the following purposes:
- to conclude and perform the contract to which you are a party [art. 6(1) (b)) GDPR];
- fulfillment of legal obligations imposed on the administrator, in particular those resulting from the provisions of the Act of 22 August 1997 on protection of individuals and property (Journal of Laws of 2018.2142 i.e. dated 2018.11.14); the accounting act of 29 September 1994 (Journal of Laws of 2018.395 i.e. dated 2018.02.20) and the tax ordinance act of 29 August 1997 (Journal of Laws of 2018.800 i.e. dated 2018.04.27) [art. 6 (1) (c) GDPR];
- to establish and assert claims or to defend against claims related to the agreement concluded with you – the legal basis of data processing is the necessity of personal data processing in order to realize the legitimate interest of the controller; the controller’s legitimate interest is the possibility to assert and defend against the aforementioned claims [art. 6 (1) (f) GDPR];
- marketing, i.e. offering products and services of the data controller – the legal basis of data processing is the necessity of personal data processing in order to realize the legitimate interest of the controller; the controller’s legitimate interest is offering controller’s clients information about products and services offered by the controller [art. 6 (1) (f) GDPR];
- testing clients’ satisfaction – the legal basis of data processing is the necessity of personal data processing in order to realize the legitimate interest of the controller; the controller’s legitimate interest is maintaining high quality of services and clients’ satisfaction with products and services offered by the data controller [art. 6 (1) (f) GDPR].
Your personal data will be processed in the manner and scope to the extent you have given your consent to.
- Can you refuse to provide the personal information we ask for?
Providing personal data required in connection with the contract concluded with you is necessary for the conclusion of the contract and the performance of activities under the contract – without providing your personal data the execution of the contract will not be possible. The provision of personal data for which we are requesting your consent to their processing (in particular to be used for the use of telecommunications terminal equipment and automatic calling systems for direct marketing purposes, as referred to in Article 172 of the Act of 16 July 2004. Telecommunications law (Journal of Laws of 2018.0.1954) is entirely voluntary.
- Will your personal data be shared by the data controller with other entities? Your personal data may be shared with:
- entities processing data on our behalf and on the basis of contracts concluded with us, e.g.: IT companies operating our systems; subcontractors providing services to us; entities acting as intermediaries in the sale of our services and products; entities providing us with accounting, claims handling, invoicing and billing, quality assurance, debt recovery, analytical, audit, advisory, legal or tax services;
- to postal and courier companies – in connection with the forwarding of correspondence; to payment companies – in connection with payments made; to companies purchasing debts from us – in connection with the sale of debts
- How long will your personal data be processed?
The period of your personal data storing depends on the purpose for which the data is processed. Personal data will be stored:
- for the period resulting from legal regulations requiring data to be stored for a specified period;
- for the period necessary to perform the contract concluded with you;
- until the statute of limitations for claims that may arise in connection with the contract concluded with you;
- for the period for which the controller pursues his/her legitimate interests.
- What are your rights?
You have the right to access and rectify your personal data.
To the extent specified in the GDPR, you also have the right to request erasure of your personal data, restriction of processing of your personal data, as well as data portability and to object to the processing of your personal data.
You also have the right to withdraw your consent to the processing of personal data. Consent for the processing of personal data may be withdrawn at any time, yet the withdrawal of consent does not affect the legality of the processing that we have carried out on the basis of this consent before its withdrawal.
If you believe that we are processing your personal data in violation of the law, you have the right to lodge a complaint with the supervisory authority responsible for personal data protection, i.e. the President of the Office for Personal Data Protection.