Information obligation

Data Controller

The Controller of the personal data within the meaning of Article 4(4) of the GDPR[1] is PATRONUSEC, which can be contacted at the following email address: hello@patronusec.com or by post at ul. Święty Marcin 29/8, 61-806 Poznań, Poland.

Categories of personal data and purposes of processing

During and after the cooperation with the Client, PATRONUSEC will process personal data for the purposes indicated below:

data subjectspurpose of processingtypes of personal data processed by the Controllerduration of processing
natural persons – parties to contracts concluded with the Controller or persons representing entities with whom the Controller has concluded an agreementconclusion and performance of the Agreement (Article 6(1)(b) of the GDPR) Personal data in the form of first name, surname, position, contact details and, in the case of proxies, personal data contained in the power of attorney (e.g. ID card number, PESEL) as well as identification data (e.g. NIP, REGON), data relating to the performed services.Data related to the performance of the Agreement until the fulfilment of the Controller’s legitimate interests, in particular those related to the statute limitation of possible claims that may arise from the concluded agreement.  Data contained in the Controller’s tax or accounting records will be retained until the expiry of data retention obligations under specific legislation. 
establishment and assertion of possible claims relating to the non-performance or improper performance of the agreement (Article 6(1)(f) of the GDPR)
keeping documentation of the agreement (Article 6(1)(b) and (f) of the GDPR)
accounting, financial and administrative handling of the agreement (Article 6(1)(c) and (f) of the GDPR)
specifying the persons authorised to represent the entity with which PATRONUSEC concludes the agreement and the scope of the authorisation
in order to verify the quality of our service, the quality of customer service, your satisfaction, statistical purposes as our legitimate interest (Article 1(6)(f) of the GDPR);
contact in connection with the performance of the agreement

Provision of personal data is voluntary, however necessary for the conclusion of the Agreement and, once concluded, it is necessary to ensure the fulfilment of the above purposes, with the Controller having the right to refuse to conclude the Agreement in the event of refusal to provide personal data.

 

Recipients of personal data

In particular, the following groups of entities will be the recipients of the personal data in question, as appropriate:

  1. authorised persons, including employees or co-workers of the Controller, who need to access the data to perform their duties,
  2. processors to whom the Controller subcontracts certain activities, e.g. companies operating IT and ICT systems, our consultants or entities providing services to the Controller,
  3. websites where the Controller will advertise its services or make advertising material available.

 

Rights of the Client in connection with the processing of personal data

Within the limits of Articles 15-21 of the GDPR, the data subject shall have the following rights where applicable:

  1. the right to access the content of their data and their rectification, erasure or restriction of processing and portability of their data,
  2. where the Controller processes data on the basis of consent, the right to revoke it at any time, without this affecting the lawfulness of the processing carried out on the basis of that consent granted prior to its revocation,
  3. the right to lodge a complaint with the President of the Personal Data Protection Office if it considers that the processing of personal data violates the provisions of the GDPR,
  4. the right to object to the processing of personal data based on the legitimate interest of the Controller.

Additional Information

The above personal data is not profiled by the Controller.

***

 


[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR).

To top