In accordance with Article 13(1–2) and Article 26(2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1) – hereinafter referred to as the GDPR – we hereby inform you that:

I Data Controller
The Data Controller, deciding on the purposes and means of personal data processing, is: Optimum Process Spółka z ograniczoną odpowiedzialnością with its registered office in Poland, Warsaw (02-222), al. Jerozolimskie 181B, NIP 5213786607, KRS 0000684901, REGON 367693875.

II Contact regarding personal data protection
You can contact the Data Controller by email at: [email protected] or by post at: al. Jerozolimskie 181B, 02-222 Warsaw, Poland.

III Collection, processing, and use of personal data
The method and scope of personal data collection depend on the purpose for which the data were collected and the legal basis for their processing.

We process personal data for the following purposes and under the following legal bases (legal basis – Article 6(1)(a–c, f) of the GDPR):

• conclusion and performance of individual orders, including ensuring the correct quality of services (legal basis – Article 6(1)(b) GDPR) – “performance of a contract,”
• fulfillment of legal obligations, e.g., issuing and storing invoices or responding to complaints (legal basis – Article 6(1)(c) GDPR) – “legal obligation,”
• pursuing potential claims (legal basis – Article 6(1)(f) GDPR) – “legitimate interest,” marketing of our own services during the term of the contract (legal basis – Article 6(1)(f) GDPR) – “legitimate interest,”
• marketing conducted via telecommunications means, in the event you have given consent for the use of data for this purpose (legal basis – Article 6(1)(a) GDPR) – “consent.”

Personal data provided will be processed for the period necessary to achieve the purposes described above. Depending on the legal basis, this will be respectively:

• the period during which legal obligations are performed, as well as the period in which the law requires the Controller to store the data, e.g., tax regulations,
• the period after which any claims arising from the contract become time-barred,
• until the moment of withdrawal of consent.

IV Transfer of personal data to third parties
With appropriate data security safeguards in place, we may transfer personal data to other entities, including:

• individuals authorized by the Controller to process data,
• entities entrusted with data processing, e.g., technical service providers and advisory service providers,
• other controllers, e.g., couriers.

Entities to whom the user’s data are disclosed may use them in a manner and to the extent necessary to achieve the purpose defined by the Controller. In addition, the Controller cooperates with advisors who are required to comply with regulations and security principles regarding the processing of personal data. The Controller enters into data processing agreements with individual entities, specifying the conditions under which they may use personal data.

V Data security
In order to ensure data confidentiality, the Controller has implemented procedures and organizational and technical solutions that enable access to the data only to authorized persons who process them in connection with their assigned tasks. Necessary measures are taken so that subcontractors and other cooperating entities also guarantee the use of appropriate security measures in each case when they process data on behalf of the Controller.

VI Rights of the data subject
Every person whose personal data is held by the Controller has the right to access personal data, the right to data portability, the right to rectify data, and the right to erase or restrict the processing of personal data. Any limitations in this regard may only result from applicable legal provisions.

Regardless of the rights mentioned above, every data subject may object to the processing of their data if the legal basis for using the data is a legitimate interest. Upon receiving a request in this matter, the Controller is obliged to cease processing the data for the specified purpose.

Withdrawal of consent for the processing of personal data does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

If you wish to exercise these rights, please send an email to [email protected].

Every data subject also has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that the Controller’s processing of personal data violates the law.

Communication with the Controller is conducted only in English.

VII Profiling
Personal data will not be processed in an automated manner, including in the form of profiling.

‍