Policy for the processing of personal data on the CREDE EXPERTO website: https://crede.com.pl/
- Controlleror CREDE EXPERTO– Magdalena Grygorowicz conducting an economic activity under the name CREDE EXPERTO Magdalena Grygorowicz, ul. August 6, No. 1/3, 90-606 Lodz, VAT: PL7291158547.
- Personal data – information about an identified or identifiable individual („data subject”), i.e. information which allows to identify such a person directly or indirectly, in particular on the basis of first name or surname, identification numer, location data, online identifier or through one or more specific factors indicating the physical, physiological, genetic, mental, economic, cultural or social identity, including an image, a recorded voice, contact details, information contained in correspondence, information gathered using recording devices or other similar technology.
- Policy– this Policy related to the processing of personal data.
- GDPR– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
I. PROCESSING OF PERSONAL DATA BY THE CONTROLLER
- In connection with the activity consisting in the provision of accounting and advisory services, CREDE EXPERTO collects and processes Personal Data in accordance with the relevant legislation, including GDPR, and respects the applicable rules governing the processing of Personal Data.
- CREDE EXPERTO ensures transparency of the processing of Personal Data, informs about the processing of Personal Data at the time of its collection, and also ensures that Personal Data is collected only to the extent necessary for the stated purpose and that it’s processed only for the necessary period.
- When processing Personal Data, the Controller uses organisational and technical solutions to ensure the compliance of processing with applicable regulations, ensure security and confidentiality of Personal Data, as well as access to information about processing to Data Subjects. In the case of a Personal Data protection violation, the Controller will inform the Data Subjects about such an event in accordance with the regulations.
- In the framework of the processing of Personal Data by CREDE EXPERTO, no automated decision-making takes place. The Controller also doesn’t use profiling.
- Entities cooperating with CREDE EXPERTO guarantee the application of appropriate security measures whenever they process Personal Data on instructions from the Controller.
II. PURPOSES OF AND LEGAL BASES FOR PROCESSING OF PERSONAL DATA
CREDE EXPERTO processes Personal Data via its web portal for the following purposes:
Persons who visit the CREDE EXPERTO website, operating at https://crede.com.pl/, have the possibility of subscribing to the newsletter in order to receive the latest information concerning the Controller’s activities.
In that case, the provision of Personal Data is entirely voluntary and occurs with the consent of the data subject. The legal basis for data processing in this case is consent, which results from Article 6(1)(a) of GDPR.
CREDE EXPERTO offers the possibility to contact the Controller via an interactive form available on the website https://crede.com.pl/. Thanks to that, it’s possible to contact the Controller with any questions, also in order to achieve the cooperation.
Personal Data provided via the contact form is mostly processed with the aim of taking action at the request of the data subject, before concluding the contract (Article 6(1)(b) of GDPR). If the form serves purposes other than the establishment of cooperation and the conclusion of a contract, the basis for processing is the consent of the data subject (6(1)(a) of GDPR) or the legitimate interest of the Controller consisting in the possibility of contact, as well as in the creation of a contact network related to his/her activity (Article 6(1)(f) of GDPR).
Through the website https://crede.com.pl/ CREDE EXPERTO also conducts recruitment, giving candidates the opportunity to send their CV and apply for the possibility of professional development.
In that case, the Controller complies with his/her legal obligation resulting from the provisions of the Labour Code and Article 6(1)(a) of GDPR constitutes the basis for processing. On the other hand, in the event of the use of Personal Data obtained for the purposes of future recruitment, the Controller acts on the basis of consent and therefore under the provision of Article 6(1)(a) of GDPR.
III. RECIPIENTS OF THE PERSONAL DATA
In connection with the activity conducted by CREDE EXPERTO, Personal Data may be supplied to external entities with which CREDE EXPERTO cooperates, including in particular service providers responsible for the operation of equipment and IT systems and tools analysing the use of our website, as well as entities providing hosting, accounting, HR and payroll, archiving services.
The Controller is also obliged to disclose selected information concerning the data subject to competent authorities or to third parties who request such data, only on the appropriate legal basis and under the applicable law.
By changing your browser settings, you can disable the option to store cookies on the terminal equipment. Information on how to do this in the most popular browsers can be found under the following links:
- Mozilla: https://support.mozilla.org/pl/kb/W%C5%82%C4%85czanie%20i%20wy%C5%82%C4%85czanie%20obs%C5%82ugi%20ciasteczek
- Opera: https://help.opera.com/pl/latest/web-preferences/#cookies
- Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
- Chrome: https://support.google.com/chrome/answer/95647?hl=pl
- Internet Explorer: https://support.microsoft.com/pl-pl/hub/4338813/windows-help?os=windows-10
V. PERIOD OF PROCESSING OF PERSONAL DATA
Personal data obtained by CREDE EXPERTO via the website https://crede.com.pl/ will be processed only for a certain period of time, after which it will be deleted. The period of storage of Personal Data by CREDE EXPERTO depends on the purpose of processing and legal provisions, when these constitute the basis for processing, and is:
- in the event of processing of Personal Data on the basis of the Controller’s legitimate interest, Personal Data is processed for a period allowing the pursuit of this interest or until an objection to the processing of Personal Data is submitted and considered;
- if processing is based on consent, Personal Data is processed until its withdrawal;
- when the necessity to conclude and perform the contract constitutes the basis for processing, Personal Data is processed until termination of contract and expiration of mutual claims;
- Personal Data processed for the purpose of achieving a legal obligation of the Controller is stored until the fulfilment of this duty.
The extended period of processing of Personal Data may result from the need to establish or pursue claims either to defend against claims, and after the end of this period – processing of Personal Data is only permitted when and insofar as it will be required by law. After the expiry of the processing period, the Personal Data is deleted.
VI. OBLIGATION TO PROVIDE PERSONAL DATA
Provision of Personal Data to the Controller is voluntary and isn’t a statuory or contractual obligation. However, failure to submit it may entail the following consequences:
- no possibility to conclude or perform a contract either to take action at the request of the data subject;
- no possibility to send the newsletter or reply to a question asked in the contact form;
- no possibility to conduct a recruitment proces.
VII. ENTITLEMENTS RELATED TO THE PROCESSING OF PERSONAL DATA
Persons visiting the CREDE EXPERTO website and providing us with their Personal Data are entitled to:
- request access to Personal Data from us, including obtaining information about what happens do the data, e.g. what are the purposes of its processing, what data we process or to whom we transfer it. It’s also possible to demand a copy of this data;
- correct Personal Data, because CREDE EXPERTO, as the Controller, is obliged to remove any inconsistencies or errors and to supplement Personal Data if it’s incomplete;
- delete Personal Data – on this basis, it’s possible to request the deletion of data that is no longer necessary for the purpose for which it was collected;
- restrict the processing of Personal Data in specific cases – if the correctness of personal data is contested or the data subject has objected to or opposes the deletion of Personal Data processed unlawfully, requesting the restriction of its use instead;
- object to the processing of Personal Data for marketing purposes (this objection doesn’t need to be justified) or to the processing for other purposes based on the Collector’s legitimate interest;
- withdraw consent – if Personal Data is processed on the basis of consent, it can be withdrawn at any time, but it doesn’t affect the lawfulness of the processing carried out before the withdrawal of consent;
- lodge a complaint – if the processing of Personal Data is considered to infringe the provisions of GDPR or other provisions relating to the protection of Personal Data, it’s possible to make a complaint to the Personal Data Protection Office.
VIII. CONTACT WITH THE CONTROLLER
In all matters concerning the processing of Personal Data and the exercise of rights related to data processing, please contact the Controller. This can be done by email to the following address: firstname.lastname@example.org or in writing to the Controller’s address for correspondence indicated at the beginning of this Policy.
IX. CHANGES TO THE PERSONAL DATA PROCESSING POLICY
The Policy is reviewed on a regular basis and updated if necessary. The current version of the Policy was adopted on 11 September 2019.