DEFINITIONS
Data Controller: CPOINT Sp. z o.o., with its registered office in Warsaw, ul. Kobielska 100/13, (postcode: 03-835) Warszawa, entered into the register of entrepreneurs in the National Court Register with the number 0000502537; Tax Identification Number (NIP): 1182097499.
Personal Data/Data: any information about identified or identifiable natural person who can be identified by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including the IP of the device, location details, online identifier and information gathered using cookies or other similar technologies.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
CPOINT Website, Website: The website set up by the website administrator in the cdotpoint Internet domain, to which this Privacy Policy applies.
User: any natural person visiting the Website or using one or more functionalities made available on the Website.
PURPOSES OF PROCESING PERSONAL DATA
CPOINT Sp. z o.o. processes personal data for the purpose of:
- the performance of the contract,
- taking action prior to the performance of the contract (e.g. acceptance of service orders, handling of orders and requests),
- carrying out tasks in the public interest (e.g. keeping tax records)
- resulting from the legitimate interests of the company (e.g. information about the activities of CPOINT clients, which coincides with the scope of professional interests, public activities of the data subjects).
PRIVACY POLICY
1. The Controller is CPOINT Sp. z o.o., with the office Warsaw, ul. Kobielska 100/13, (postcode: 03-835) Warszawa.
2. Personal Data will be processed based on a legitimate interest pertaining to responding to the request submitted, pursuant to point (f) Article 6(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of data and repealing Directive 95/46/EC, “GDPR.”
3. Personal Data will not be made available to recipients without their consent, unless the duty to provide the data arises from the legal regulations or contracts concluded by EMP.
4. Personal Data will not be transferred to any third countries or organisations.
5. When contacting the Controller via e-mail, using the e-mail address provided in the Contact tab on the Website, Personal Data will be processed for the period necessary to respond to the inquiry or request, and archived for the period necessary to examine the inquiry or the request. After this period, the Personal Data will be erased.
6. The data subject has the following rights:
• the right of obtain from the Data Controller access to Personal Data, the right to request their rectification, erasure, restriction of processing, the right to object to the processing of these data, and the right to data portability;
• the right to lodge a complaint with the President of the Office for the Protection of Personal Data, when the data subject concludes that the processing of the data subject’s Personal Data breaches the provisions of regulations on the protection of personal data;
• the right to withdraw consent to the processing of data at any time; this shall not affect the lawfulness of processing based on consent before its withdrawal.
7. The provision of Personal Data including the e-mail address will be voluntary, but is necessary to respond to submitted inquiry or request. The data subject shall be obliged to provide an e-mail address or telephone number, and failure to provide such data will result in the inability to respond to the inquiry or request submitted.
8. The scope of information processed shall include personal data, i.e. e-mail address or telephone number, as well as the message content.
9. Data will not be processed by automated means.
10. The Controller does not intent to process Data for purposes other than those stated in section 2 above.
FINAL INFORMATION
The principles described in the document are applicable from 25 May 2018 — i.e. from the date of application of the GDPR.
The full text of the General European Data Protection Regulation (GDPR) can be found at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679