GENERAL PROVISIONS

The administrator of the personal data collected via the www.vatvocate.com website is Dzień Dobry Podatki Sp. z o.o., address: Al. 1 Maja 31/33/5; 90-739 Łódź, Poland, VAT UE: PL7272855788, e-mail address: info@vatvocate.com, hereinafter referred to as „Administrator”. Personal data collected by the Administrator via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as „GDPR”, and the Personal Data Protection Act of 10 May 2018.

TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

PURPOSE OF PROCESSING AND LEGAL BASIS

The controller processes personal data via www.vatvocate.com in the case of:

• the user’s use of the contact form; the personal data is processed on the basis of Article 6(1)(f) of the GDPR as a legitimate interest of the Controller.
• user’s subscription to a newsletter in order to send information (including commercial information) by electronic means; personal data is processed upon separate consent, on the basis of Article 6(1)(a) GDPR.
• leaving a comment on the website, we collect the data visible in the comment form as well as the commenter’s IP address and browser data in order to detect spam; personal data is processed on the basis of Article 6(1)(f) GDPR as the Administrator’s legitimate interest.
• use of the services provided by the Administrator by electronic means (for the purposes of order processing and complaint handling): name (possibly surname), e-mail address, telephone number and data necessary for issuing an invoice (in particular – company name, address, tax identification number – if applicable).
• personal data may also be collected via surveys (e.g. Google surveys) in order to contact the persons who filled in the survey and provide the survey results, additional materials and direct marketing on the basis of Article 6(1)(f) GDPR as the Administrator’s legitimate interest.

TYPE OF PERSONAL DATA PROCESSED

The Administrator processes the following categories of the user’s personal data: name and surname, address, e-mail address, IP address and the commenter’s browser data.

PERIOD OF ARCHIVING OF PERSONAL DATA

Personal data of the users are stored by the Administrator:

• when the basis for data processing is the performance of a contract, for as long as it is necessary for the performance of the contract, and thereafter for a period corresponding to the period of limitation of claims. Unless a specific provision of law provides otherwise, the period of limitation shall be six years, and for claims for periodic performance and claims related to the conduct of business activity – three years.
• where the basis for data processing is consent, for as long as the consent is not revoked, and after the revocation of consent for a period of time corresponding to the period of limitation of claims which the Administrator may assert and which may be asserted against him. Unless a specific provision of law provides otherwise, the period of limitation shall be six years, and three years for claims for periodic performance and claims related to the conduct of business activity.

When using the website, additional information may be collected, in particular: the IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.

Navigation data may also be collected from users, including information about links and references they choose to click on or other actions they take on the website. The legal basis for such activities is the legitimate interest of the Administrator (Article 6(1)(f) GDPR), which consists in facilitating the use of services provided electronically and in improving the functionality of these services.

The provision of personal data by the user is voluntary.

Personal data will also be processed in an automated manner in the form of profiling, provided that the user consents to this on the basis of Article 6(1)(a) GDPR. The consequence of profiling will be the assignment of a profile to a person in order to make decisions concerning him/her or to analyse or predict his/her preferences, behaviour and attitudes.

The controller shall take particular care to protect the interests of data subjects, and in particular to ensure that the data collected by it are

• processed lawfully,
• collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes
• substantively correct and adequate in relation to the purposes for which they are processed and stored in a form which permits identification of data subjects for no longer than it is necessary to achieve the purpose of processing.

SHARING OF PERSONAL DATA

Users’ personal data are transferred to the service providers used by the Administrator to operate the website. The service providers to whom your personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to the Administrator’s instructions as to the purposes and means of processing such data (processors) or determine themselves the purposes and means of processing (controllers). Your personal data will be transferred to countries other than those in the European Economic Area – so-called third countries. This is necessary in order to ensure the proper functioning of the newsletter. In order to counteract possible risks, processing entrustment agreements have been concluded to ensure an adequate level of security of your data. Transfers of data outside the European Economic Area are based in them on standard contractual clauses approved by the European Commission.

RIGHT OF CONTROL, ACCESS AND CORRECTION OF OWN DATA

The data subject has the right to access the content of their personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal. Legal grounds for the user’s request:

• Access to data – Article 15 GDPR
• Rectification of data – Article 16 GDPR.
• Deletion of data (so-called right to be forgotten) – Article 17 GDPR.
• Restriction of processing – Article 18 GDPR.
• Data portability – Article 20 GDPR.
• Objection – Article 21 GDPR
• Withdrawal of consent – Article 7(3) GDPR.

In order to exercise the rights referred to above, you can send a relevant email to: info@vatvocate.com.

In the event that the user applies for the right resulting from the above rights, the Administrator shall fulfil the request immediately or refuse to fulfil it, however, no later than within one month after receiving the request. However, if – due to the complexity of the request or the number of requests – the Administrator is not able to meet the request within one month, he shall meet it within the following two months by informing the user about the intended extension of the deadline and the reasons for it within one month of receiving the request.

If it is found that the processing of personal data violates the provisions of GDPR, the data subject shall have the right to lodge a complaint with the President of the Office for Personal Data Protection with its seat in Warsaw (00-193) at Stawki 2.

COOKIES

This website uses cookies. We use cookies to personalise content and advertising, to offer social features and to analyse traffic to our site. We share information about how you use our site with social, advertising and analytics partners. These partners may combine this information with other data they receive from you or obtain when you use their services.

Cookies (cookies) are small text files that may be used by websites so that users can use the sites more efficiently.

The law states that we may store cookies on your device if this is necessary for the operation of this website. For all other types of cookies we need your permission.

This website uses different types of cookies. Some cookies are placed by third party services that appear on our sites.

You can withdraw your consent at any time via e-mail: info@vatvocate.com.

Facebook Pixel and LinkedIN Tag and other

The vatvocate.com website uses marketing tools, in particular Facebook Pixel and LinkedIN Tag, which are used to personalise ads displayed on Facebook and LinkedIN. We use Facebook and LinkedIN cookies for this purpose. You have the right not to consent to the use of the Facebook Pixel and LinkedIN tag tool.

FINAL PROVISIONS

The Administrator shall apply technical and organisational measures to ensure the protection of the processed personal data appropriate to the threats and the category of data protected, and in particular to protect the data against their disclosure to unauthorised persons, against their being taken by an unauthorised person, against their being processed in violation of the applicable regulations and against their alteration, loss, damage or destruction.

The Administrator provides appropriate technical measures to prevent acquisition and modification by unauthorized persons of personal data sent electronically. The Administrator uses the SSL protocol.

In matters not regulated by this Privacy Policy the provisions of GDPR and other relevant provisions of Polish law shall apply respectively.