Privacy Policy

1. INTRODUCTION

In accordance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), i.e., OJ EU L No. 119, p. 1 (“GDPR”), we are obliged to inform you about the processing of your personal data by us. Please take the time to read the following information, which fulfills this obligation.

2. DATA CONTROLLER

The controller of your personal data is the company: iMakeable sp. z o.o., with its registered office in Wrocław, at ul. Walońska 17/80, 50-413 Wrocław, registered in the National Court Register by the District Court for Wrocław Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number: 0000929222, with REGON: 520284897, and NIP: 8992909610 (“we,” “Controller”).

3. CONTACT WITH THE DATA CONTROLLER

In any matter concerning your personal data, you can contact the Controller by writing to the registered address, by telephone at +48 601 727 193, via email at: sales@imakeable.com, or by using the contact form on the Controller’s website at: https://imakeable.com/skontaktuj-sie.

4. PURPOSES AND BASIS FOR PROCESSING PERSONAL DATA

We process your personal data for the following purposes:

4.1 If you are our customer, contractor, or representative of our customer or contractor:

(a) For the provision of services to you or the entity you represent – based on Article 6(1)(b) GDPR, if our customer is a natural person, and processing is necessary for the performance of the contract or to take steps at the request of such a person prior to entering into a contract; or based on Article 6(1)(f) GDPR if the customer is a legal entity, and the data concerns its representative.

(b) For compliance with legal obligations imposed on the Controller, particularly those related to information protection, anti-money laundering, counter-terrorism financing, tax, and accounting regulations, including for maintaining tax and accounting records – based on Article 6(1)(c) GDPR.

(d) For archival and evidentiary purposes to secure information in case of legal necessity – based on Article 6(1)(f) GDPR.

In connection with this, we may process categories of personal data such as name, job title or position, email address, phone number, address data, financial information, information required to comply with legal obligations, and other information provided to us in relation to service delivery that is necessary for proper service performance (the types of information depend on the nature of the services provided).

Providing personal data to the extent required by law is mandatory, and failure to provide it will result in the inability to fulfill the contract. Providing other personal data is voluntary, but refusal may result in the inability to fulfill all or part of the contract.

4.2 If you are an employee, contractor, or team member of one of our customers or contractors:

(a) For the legitimate interests of the Controller and our customer or contractor, related to the proper and efficient performance of the contract concluded with the customer or contractor – based on Article 6(1)(f) GDPR.

(b) For archival and evidentiary purposes to secure information in case of legal necessity – based on Article 6(1)(f) GDPR.

We may process categories of personal data such as name, job title or position, and professional contact information.

Providing personal data is voluntary, but refusal may result in the inability to fulfill all or part of the contract concluded with our customer or contractor.

4.3 If you are another natural person whose data we process in connection with the provision of services to our customers:

(a) For the legitimate interests of the Controller and our customer, related to the proper and efficient performance of the contract concluded with the customer – based on Article 6(1)(f) GDPR.

(b) For archival and evidentiary purposes to secure information in case of legal necessity – based on Article 6(1)(f) GDPR.

We may process categories of personal data such as name, job title or position, profession, contact details, and role in the proceedings.

Providing personal data is voluntary, but refusal may result in the inability to fulfill all or part of the contract concluded with our customer or contractor.

4.4 If you provided us with personal data via email or traditional correspondence:

For the purposes of correspondence and resolution of the matter covered by the correspondence – based on Article 6(1)(f) GDPR.

We may process personal data contained in the correspondence that is relevant to the resolution of the matter covered by the correspondence.

Providing data is voluntary, but refusal may result in the inability to respond to the correspondence.

4.5 If you provided us with personal data through the contact form:

For communication purposes, identification of the recipient, and resolution of the matter covered by the communication – based on Article 6(1)(a) GDPR.

We may process personal data contained in the contact form that is relevant to the resolution of the matter covered by the correspondence.

Providing data is voluntary, but refusal may result in the inability to respond to the correspondence.

4.6 If you provided us with your data in the context of establishing business contacts:

For purposes related to initiating and maintaining business relationships in connection with our activities and networking – based on Article 6(1)(f) GDPR.

We may process categories of personal data such as name, job title or position, profession, and contact details.

Providing data is voluntary, but refusal may result in the inability to maintain the business relationship.

5. WHO WE MAY SHARE YOUR PERSONAL DATA WITH

We may share your personal data with the following entities:

(a) Subcontractors, i.e., entities whose services we use in processing the data: accounting service providers, legal advisors, providers of document disposal or archiving services, IT service providers including hosting services and data server maintenance, and providers of software we use.

(b) Advisors and consultants whose services we regularly use in providing services to our clients.

(d) Entities related to the Controller by personal or capital links.

(e) Other interested parties (including our clients and contractors) if the data has been made available in a manner clearly intended for sharing with third parties for professional, business contact, or direct marketing purposes.

6. TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

Your personal data may occasionally be transferred to entities located in a third country, i.e., a country that is not part of the European Union or the European Economic Area. The Controller transfers personal data outside the European Economic Area only when necessary for processing purposes. In every case where your personal data is transferred to a third country, we do so based on a decision of the European Commission that confirms the country ensures an adequate level of protection for your personal data. However, if the European Commission has not issued such a decision, we provide appropriate safeguards by requiring data recipients to comply with the standard contractual clauses approved by the European Commission.

7. HOW LONG WE PROCESS YOUR PERSONAL DATA

The duration for which we store your personal data depends on the type of services provided or the purpose of processing.

(a) If processing is based on your consent, personal data will be processed until the consent is withdrawn, or until we determine that it has become outdated, or the purpose of processing has been fulfilled.

(b) If processing is for the purpose of providing services to our clients, personal data will be retained for the duration of the statute of limitations for claims, unless specific regulations require us to store them for a longer period.

(c) If processing is for compliance with the Controller’s legal obligations, personal data will be retained for the period required by law.

(d) If processing is based on legitimate interests, personal data will be retained until an objection to the processing is raised, or until we determine that the data has become outdated or that our legitimate interest in processing has been exhausted.

Personal data will be processed for longer than the above-mentioned periods only if other legal grounds for processing apply, such as a legal obligation or a future contract with the Controller.

8. YOUR RIGHTS

Under the GDPR, you have several rights concerning your personal data:

8.1 The right to withdraw consent for the processing of personal data.

If we process your data based on your consent, you have the right to withdraw it. We will stop processing your personal data if there is no other basis for doing so. The withdrawal of consent does not affect the processing carried out before the withdrawal.

8.2 The right to access your personal data.

You can request information about what personal data we process and for what purpose. According to Article 15(1) GDPR, this information will include at least:

(a) The purposes of processing;

(b) The categories of relevant personal data;

(c) Information about the recipients or categories of recipients to whom personal data has been or will be disclosed, in particular regarding recipients in third countries or international organizations;

(d) Where possible, the planned period of storage of personal data or, if not possible, the criteria used to determine that period;

(e) Information on the right to request the rectification, erasure, or restriction of processing of personal data and to object to such processing;

(f) Information on the right to lodge a complaint with a supervisory authority;

(g) If the personal data was not collected directly from you, any available information about its source;

(h) Information about automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

8.3 The right to rectification of your personal data.

If your personal data is inaccurate (e.g., incorrect or incomplete), you may request its rectification or completion at any time, taking into account the purposes of processing.

8.4 The right to erasure of your personal data.

You have the right to request the erasure of your personal data if:

(a) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

(b) We process personal data based on your consent, and you withdraw that consent, and no other legal basis for processing exists;

(c) You have objected to the processing of personal data, and we have no overriding legitimate grounds to continue processing;

(d) The personal data has been processed unlawfully;

(e) The erasure of personal data is required to comply with a legal obligation to which we are subject.

If the data you request to be erased has been made public by us, we will take reasonable steps, including technical measures, to inform other controllers processing the data that you have requested the erasure of links to, copies, or replication of that personal data. The right to erasure may not apply if we are required to process the data for legal reasons, to fulfill a contract, or to establish, exercise, or defend legal claims.

8.5 The right to restrict processing.

You may request that we restrict the processing of your personal data if:

(a) You contest the accuracy of the personal data (for the period necessary to verify its accuracy);

(b) The processing is unlawful, but you oppose the erasure of the data;

(d) You have objected to processing, and we are verifying whether our legitimate grounds for processing override your interests.

8.6 The right to data portability.

You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without hindrance, where:

(a) The processing is based on consent (Article 6(1)(a) GDPR) or on a contract (Article 6(1)(b) GDPR), and;

(b) The processing is carried out by automated means.

8.7 The right to object.

You have the right to object to the processing of your personal data based on our or a third party’s legitimate interests. If you provide reasons related to your particular situation that you believe justify stopping the processing of your personal data, we will consider your objection unless we demonstrate compelling legitimate grounds for the processing that override your rights, or the data is necessary for the establishment, exercise, or defense of legal claims.

8.8 The right to lodge a complaint with a supervisory authority.

If you believe we are infringing your rights related to the processing of your personal data, you have the right to lodge a complaint with the President of the Personal Data Protection Office in Poland (Prezes Urzędu Ochrony Danych Osobowych), located at ul. Stawki 2, 00-193 Warsaw. Detailed information on how to file a complaint can be found here: https://uodo.gov.pl/pl/83/155.

8.9 Profiling and automated decision-making.

We do not use your personal data for profiling or for making automated decisions.

Last updated: June 2, 2023.

Cookie Policy

The website imakeable.com uses so-called “cookies” – small files stored on the user’s computer. They contain information such as the frequency of visits to our website, the pages you most frequently visit, and basic information about the user (IP address, browser type, operating system, visit time, and its source). We use this data solely for statistical purposes. Each individual has the right to refuse the storage of “cookies” on their computer. Every browser allows for the automatic blocking of “cookies” storage.

Privacy Policy

Cookie Policy

iMakeable sp. z o. o.