Personal data protection

SCOPE OF INFORMATION
INFORMATION
Who is the Controller
of personal data?
 The Controller of your personal data is Rafał Piasecki, operating under the name of Rafał Piasecki R&P with its registered seat in Wrocław, ul. Gajowicka 86/40, 53-422 Wrocław, NIP 8992604543.
Who is the
administrator’s
contact person?
 Should you have any questions with regard to the processing of your personal data, please contact Rafał Piasecki, e-mail: biuro@piaseckidesign.pl
What is the purpose
of data processing
and its legal basis?
Purpose of data processing:
Legal basis of data processing:
implementing the sales contract
concluded with you		 article 6 item 1 letter b
of the Regulation and article 535 of the Civil Code
contacting you in order to
provide you with information
or answers to your inquires		 article 6 item 1 letter b of the
Regulation or article 6 item 1
letter f of the Regulation as
a legitimate interest of the
Controller in order to ensure
proper customer service
receiving, handling and
realisation of your complaints		 article 6 item 1 letter b of
the Regulation or article 6
item 1 letter f of the Regulation
as a legitimate interest of the
Controller in order to ensure proper customer service and enabling the customers to exercise their rights
receiving, handling and
realisation of your returns		 article 6 item 1 letter b of the
Regulation or article 6 item 1
letter f of the Regulation as a
legitimate interest of the
Controller in order to ensure
proper customer service and enabling the customers to exercise their rights
pursuing claims against the
customers or by the customers		 article 6 item 1 letter b of
the Regulation or article 6
item 1 letter f of the Regulation
as a legitimate interest of the
Controller in order to pursue
claims against the customers and defending against the customers’ claims
delivery of newsletters
you ordered		 article 6 item 1 letter b of the Regulation or article 6 item 1 letter f of the Regulation as a legitimate interest of the Controller consisting in the marketing of their own services.
conducting a competition,
publishing its results,
distribution of prizes		 article 6 item 1 letter b
of the Regulation
bookkeeping by the Controller,
issuing invoices and accounting
documents		 article 6 item 1 letter b
of the Regulation
dispatching, receiving and
registering correspondence		 article 6 item 1 letter b of the Regulation or article 6 item 1 letter f of the Regulation as a legitimate interest of the Controller in order to ensure
proper customer service
How the personal data
is collected?
 Personal data is collected directly from you.
To whom the personal
data is transferred?
 In order to ensure the proper organisation, handling and implementation of contracts, your personal data may be transferred to the following categories of recipients:
1. service providers providing the Controller with technical or organizational solutions enabling sales or the provision of services on your behalf or managing the organisation (in particular ICT service providers, courier or postal service companies, payment-intermediaries),
2. providers of legal and advisory services and entities supporting the Controller in pursuing justified claims (in particular law firms, debt collection companies),
3. accounting service providers for the purpose of fulfilling
their obligations with regard to accounting.
Is the personal data
transferred outside
the European Union
(or will it be)?
 Due to the fact that the Controller uses services of other
providers, e.g. hosting or IT system services, your personal
data may be transferred outside the European Union. In such
a case, appropriate measures shall be taken in order to
protect your personal data.
How long will the
personal data
be processed?
 Your personal data is processed by the Controller for the
time period necessary for the implementation of the contract,
and in case of data processing for the purpose of pursuing
claims (e.g. in debt collection proceedings) – for the statute
of limitations period as provided for in the civil law. Data
collected for accounting and tax purposes is processed for
5 years counting from the end of the calendar year in which
the tax obligation arose. After the lapse of the above-mentioned periods, your data will be deleted or anonymised.
What are the rights
of persons whose personal data is processed?
 You have the right to demand from the Controller access to
your personal data, as well as its rectification, deletion or limitation of its processing. You may exercise your right to object to the processing of your data by the Controller and the right to transfer your data to another Controller. You also have the right to lodge a complaint with the supervisory authority responsible for personal data protection.
Is the provision of
personal data a statutory or contractual requirement? Is it a condition for concluding the contract?
 Using the Controller’s services, including the conclusion of
a contract with the Controller within the scope of their activities, is fully voluntary; however, as an entrepreneur, the Controller is obliged to implement the contract or to keep the documentation in the manner provided for by the provisions of law. This also includes the use of your personal data. Your provision of personal data can be a contractual obligation or a condition for concluding a contract. Additionally, the Controller has a legal obligation to process your data due to accounting or tax reasons. In such a case data provision is a statutory requirement.
Is the data subject
obliged to provide their data and what are the possible consequences of its non-provision?
 Failure to provide data may result in a refusal to implement
the contract due to the impossibility of its implementation. For accounting or tax reasons, failure to provide the data may result in the impossibility of issuing an invoice or accounting document for you.
Is automated decision-making, including profiling, used?
 The Controller does not use automated decision-making, including profiling.
Will personal data be processed for a purpose different than the purpose for which it was collected?
 The personal data will not be processed for a purpose different than the one for which it was collected.
Legal basis for transferring information
 article 13 of the Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, (General Data Protection Regulation) (OJ L 119, 4.5.2016, “Regulation”).