Privacy notice

Pursuant to Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), we would like to inform you of the following:

 
1. Who is the controller of your personal information?
  • Fincont spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, ul. 29 Listopada 18 A 6, 00-465 Warsaw, Commercial Register number KRS 296548, tax identification number NIP 7010099216, REGON 141223950 is the Controller of your personal information (“Controller”).
  • To get in touch with the Controller, you can send an email to: biuro@fincont.pl.
  • The Controller has appointed Agnieszka Radtke as its Data Protection Officer, e-mail: iod@fincont.pl.
 
2. What are the purposes of the processing?

As the Controller, we will process personal information for the following purposes:

  • To provide accounting, HR, payroll, auditing and consulting services to Clientse. prepare proposals and execute and perform a contract,
  • to provide training services and issue certificates of training completion,
  • to conduct direct marketing of our products and services,
  • to comply with the legal obligations to which the Controller is subject such as invoicing, dealing with the tax authorities, financial reporting and compliance with the social security obligations (ZUS),
  • to pursue legitimate interests of the Controller such as securing and exercising claims.
3. What is the lawful basis for the processing?

Personal information is processed on the following lawful bases:

  • Article 6.1 (b) of the GDPR, i.e.:
    • for performance of a service agreement for services mentioned in Section II (1) of this Notice;

    •  for contracting for training services (data collected through a registration form);

or in order to take steps at the request of the data subject prior to entering into a contract;

  • Article 6.1 (c) of the GDPR, i.e.: for compliance with a legal obligation to which the Controller is subject;
  • Article 6.1 (f) of the GDPR, i.e. for the purposes of the legitimate interests of the Controller (e.g. direct marketing of the Controller’s products and services), or Article 9.2 (f) of the GDPR: for the exercise of claims; and
  • Article 6.1 (a) of the GDPR, i.e. obtaining consent to the processing of personal information.
4. Personal information retention period?

 Personal information will be processed for:

  • as long as is necessary for the proper performance of a contract and, following the expiry of such contract, for as long as is necessary for compliance with the legal obligations to which the Controller is subject:
    • for 5 years counted from the end of a calendar year for the purposes of financial accountability to the tax authorities;
    • for 10 years for the purposes of social security accountability to the Social Insurance Institution (ZUS);
    • for 2 years for the purposes of handling complaints (counted from the date of training completion);
    • for as long as is necessary and legally permitted for the establishment and exercise of claims.
  • until you withdraw your consent to the processing of personal information.

5. Who may have access to my personal information?

 Your data may be disclosed to:

  • employees and contractors who have authorization from the Controller;
  • processors, i.e. entities who provide consultancy and legal, tax and accounting assistance to us;
  • computer technology and programming service providers,
  • government authorities and other authorities under the laws and regulations; and

Your personal information will not be transferred to any third country or to international organizations

 
6. What are my rights?

 You may request from the Controller, at any time:

  • access to or a copy of your personal information which is being processed,
  • (correction) of your information,
  • erasure or restriction of the processing, or you may object to such processing,
  • erasure or restriction of the processing, or you may object to such processing,
  • data portability,
  • to file a complaint with the President of the Office of Personal Data Protection.
7. Do I have the right to object to the processing?

In addition to the rights listed in Section VI., you also have the right to object to the processing of your personal information at any time under Article 6.1 (f) of the GDPR. In such a case, the Controller will no longer process your personal information for such purposes unless the Controller can demonstrate compelling legitimate grounds that the Controller has in respect of such personal data which override the interests, rights and freedoms of the data subject or the need for such personal information for the Controller to be able to establish, exercise or defend legal claims, if any.

 
8. Right to withdraw consent.
You have the right to withdraw your consent for the processing of your personal information (to the extent that such consent provides the basis for the processing) at any time, but the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
 
Such withdrawal should be sent to: iod@fincont.pl.
 
9. Voluntary provision of personal information.

The provision of your personal information is voluntary but if you refuse to provide such information, we may be unable to enter into a contract with you or to provide the service properly.

 
10. How is your personal information protected?

We would like to inform that your personal information is processed in a secure manner and in compliance with the relevant agreements in place and, the laws and regulations, including the GDPR.

We use our best efforts to ensure that all possible physical, technical and organisational security measures are established to protect personal information against accidental or intentional destruction, accidental loss, modification or unauthorised disclosure, use or access, in accordance with all applicable laws. 

 
11. Other

Please note that the Controller does not use automated decision-making and no personal information is subject to profiling.