As of 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 has been in force in Poland, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

In connection with the above, PMOPM hereby informs that:

1. The Personal Data Controller (the “Controller”) is PMOPM.

2. Personal data are processed for the purpose of concluding and performing contracts, responding to inquiries regarding IT or consulting products, selling offered products and services, conducting marketing activities, handling requests for quotations, pursuing claims, and responding to correspondence and applications.

3. Personal data have been provided voluntarily.

4. Personal data are processed on the following legal bases and for the following periods:

a) For the time necessary to perform legal obligations, e.g. issuing an invoice
(legal basis: Article 6(1)(c) GDPR – legal obligation)

b) For the period required by law for data retention, in particular tax data
(legal basis: Article 6(1)(c) GDPR – legal obligation)

c)  For the period during which we may face legal consequences for failure to comply with obligations, in particular the risk of financial penalties imposed by public authorities
(legal basis: Article 6(1)(f) GDPR – legitimate interest of the Controller)

d) For the detection and prevention of abuse – for the duration of the contract
(legal basis: Article 6(1)(b) GDPR – performance of a contract), and thereafter for the period until claims arising from the contract become time-barred, and in the event of pursuing claims or notifying competent authorities – for the duration of such proceedings
(legal basis: Article 6(1)(f) GDPR – legitimate interest of the Controller).

e) For the establishment, defense, and enforcement of claims, including in particular the sale of our contractual receivables to another entity – for the period until claims arising from the contract become time-barred
(legal basis: Article 6(1)(f) GDPR – legitimate interest of the Controller).

f) For customer support purposes, in particular informing about service disruptions and previously submitted complaints – for the duration of the contract
(legal basis: Article 6(1)(f) GDPR – legitimate interest of the Controller).

g) For marketing activities carried out by us independently or in cooperation with other entities – for the duration of the contract
(legal basis: Article 6(1)(f) GDPR – legitimate interest of the Controller).

h) For economic analyses and statistical purposes – for the duration of the contract and thereafter no longer than until claims arising from the contract become time-barred
(legal basis: Article 6(1)(f) GDPR – legitimate interest of the Controller).

5. Recipients of personal data may include entities providing email hosting, IT services, and accounting services.

6. Personal data may be transferred to third countries included on the EU–USA agreement list.

7. You have the right to request access to your data, rectification, erasure, restriction of processing, to object to processing, as well as the right to data portability. Requests regarding the processing of personal data should be submitted via email.

8. In specific situations, you may object at any time to the processing of your personal data by us if the basis for processing is our legitimate interest or the public interest. In such a case, after considering the objection, we will no longer be able to process the personal data covered by the objection on that basis, unless we demonstrate that there are:

a) Compelling legitimate grounds for processing which override the interests, rights, and freedoms of the data subject.

b) Grounds for the establishment, exercise, or defense of legal claims.

9. If you give us consent to process your data and subsequently withdraw that consent, this will not affect the lawfulness of processing carried out before the withdrawal of consent.

10. Complaints may be lodged with the President of the Personal Data Protection Office if you believe that your personal data are being processed in violation of the law.

11. We hereby inform you of the risks associated with maintaining confidentiality when using electronic means of communication.