In connection with the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as „RODO”, we inform you about the principles of processing your personal data and your rights related to it.
The following rules apply as of May 25, 2018.
- Personal Data Controller.
The administrator of your personal data is FACE IT sp. z o.o. with its registered office in Warsaw, Al. Jana Pawła II 61, room 211, 01–031 Warsaw, Poland, REGON: 146417793, NIP: 527268749, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register, under KRS number 0000442280, share capital (fully paid-up) of PLN 5,000.00 (hereinafter referred to as „We” or „FACE IT”). Warsaw, 12th Economic Division of the National Court Register under the number KRS 0000442280, share capital (fully paid up) of PLN 5,000.00 (hereinafter referred to as „We” or „FACE IT”).
- Contact Us
FACE IT has designated a single point of contact for all personal data issues. If you wish to contact us, please send us an e‑mail at: firstname.lastname@example.org or send a letter to the following address: FACE IT sp. z o.o., ul. Bagatela str. 10/31, 00–585 Warsaw, with the note: „Personal data”.
- How do we have your personal information?
- We most often receive your data indirectly from publicly available sources, such as the websites you maintain or the websites of media outlets (e.g., newspaper editorial offices, television stations) for which you work;
- Sometimes we receive your personal information, or part of it, directly from you when you send us a message via email, through a contact form, or when you speak with a FACE IT Staff Member.
- What is the scope of the data being processed?
Your personal information that FACE IT may process is as follows:
- Your Name;
- email address;
- contact phone number;
- residential or mailing address;
- The company where you work (including the company of your business, if you have one);
- name, address of your business activity, NIP and REGON numbers, bank name and bank account number;
- position held;
- occupation pursued;
- additional information about yourself that you may include in your email correspondence or that you may provide during a telephone conversation with FACE IT Personnel (but we do not record these conversations);
- the consents you have given (if, for example, you have given FACE IT consent to process your data for marketing purposes).
- For what purpose and on what basis do we process your personal data?
We process your personal data in relation to the activities performed by FACE IT, i.e. provision of public relations services (e.g. media relations), conducting communication in social networks and performance of promotional activities (e.g. sending press releases, addressing invitations to journalist meetings, sending product samples) (hereinafter: „services”) offered to our clients, i.e. entities, the activities of which – due to your profession or business – you may be interested in.
Consequently, we process your personal data in order to:
- notify you (e.g. by email, text message or telephone) of an event/event/product concerning one of our Customers – processing under 6(1)(a) (your consent) or (f) (the Administrator’s legitimate interest) of the DPA;
- to enter into and perform a contract with you if we enter into a partnership in the course of our and your business and you also decide to become our Contractor. In this case, we process your personal data on the basis of 6(1)(b) RODO (to conclude and perform the contract);
- to keep accounting books and tax settlements in accordance with 6(1)© of the DPA (in order to fulfil a legal obligation of the Administrator);
- Your personal data is also processed for the purposes of debt collection, litigation, arbitration and mediation, archiving and the possibility of us accounting for the correctness of the processing of your data, which constitutes a legitimate interest of the controller under 6(1)(f) RODO.
- How long do we process your personal information?
The period for which we process your personal data depends on the purpose of the processing. Thus, respectively:
- notifying you of an event relating to our clients which, for professional reasons, you may be interested in – for this purpose we will process your data until such time as you object to such processing or withdraw your consent to such communication
- concluding and performing the contract concluded with you, if you decide to become our Contractor – for this purpose we process your data for the time of its performance;
- as far as accounting purposes are concerned, we will process your data for a period of 5 years, counting from the beginning of the year following the financial year to which the accounting documents in question relate (Article 74(2) and (3) of the Accounting Act of 29.09.1994 (Journal of Laws of 2018, item 395, as amended). However, as far as tax purposes are concerned, the data will be processed for a period of 5 years, counting from the end of the calendar year in which the deadline for payment of a given tax expired (Article 70 § 1 of the Tax Ordinance Act of 29.08.1997 (Journal of Laws of 2017, item 201 as amended);
- debt collection – conducting court, arbitration and mediation proceedings, archiving, ensuring the possibility of accounting for the correctness of data processing and fulfilling other obligations arising from the law – for these purposes we process personal data until the end of the statute of limitations (this period will depend on the type of claim in accordance with the Civil Code or other legal acts governing liability other than civil liability).
- Who is the recipient of your personal information?
We only share your data when it is necessary to do so. We do not sell your data. However, we may pass on your personal data to our Customers (whereby the purposes for which they process your data will not change) and/or Contractors, i.e. entities/companies that provide FACE IT with services necessary for the proper functioning, e.g:
- companies that are involved in organizing various types of events;
- companies that provide services for the supply and maintenance of database and other software by means of which FACE IT can, for example, maintain appropriate records and e‑mail communications;
- entities providing hosting services;
- consulting and law firms, as well as accounting and IT service providers who support us in our daily operations;
- entities with whom we work to provide services to our customers.
For entities in each category, FACE IT transfers only the data that are necessary to achieve the objectives of the cooperation defined with it.
- Do we process your personal data automatically (including through profiling) in a way that affects your rights?
We do not use profiling, nor do we process your data by automated means.
- How do we process personal information?
We process personal data in accordance with applicable law, in particular in accordance with the RODO. We are mindful of the following rules that guide us in processing your personal data:
- Adequacy Rule. We process only those data that are necessary to achieve the given purpose of the processing; for each process, we have carried out an analysis to meet this rule;
- Transparency Rule. You should have full knowledge of what happens to your data. This document, in which we try to give you full information about the rules of our processing of your personal data, is a manifestation of it;
- Rule of Correctness. We strive to keep your personal information in our systems current and truthful;
- Integrity and Confidentiality Rule. We take the necessary measures to safeguard the confidentiality and integrity of your personal information. We are continually improving these as the environment changes and technology advances. Safeguards include physical and technological measures to limit access to your information, as well as appropriate measures to prevent loss of your information;
- Accountability Rule. We want to be able to account for every action we take on your personal information, so that if you ask us, we can give you full and fair information about what we did with your information.
- What rights do you have?
Data protection laws give you a number of rights that you can exercise at any time. Provided you do not abuse these rights (e.g. unreasonable daily requests for information), the exercise of these rights is free of charge to you and should be easy to exercise.
Your rights include:
- The right to access the content of your personal information. This right means that you can request that we export the information we have about you from our databases and send it to you in one of the commonly used formats (e.g. XLSX, DOCX, etc.);
- Right to rectification. If you become aware that the data we process is incorrect, you have the right to ask us to correct it and we will be obliged to do so. In this case, we have the right to ask you to provide some document or other evidence to prove that the data has been changed;
- Right to restrict processing. If, despite our compliance with the adequacy principle, you believe that we are processing too much of your personal data for a particular process, you have the right to request that we restrict this processing. Insofar as your request does not contradict requirements imposed on us by applicable law we will comply with your request;
- Right to request deletion of data. This right, also known as the right to be forgotten, means your right to request that we delete from our database systems and records any information containing your personal data. Please note that we will not be able to do so if we are obliged by law to process your data (e.g. transaction documents for tax purposes, obligation to ensure accountability of our actions). In any case, however, we will delete your personal data to the fullest extent possible and, where this is not possible, we will ensure that your data is pseudonymized (which means that the data subject cannot be identified without an appropriate linking key), so that your data, which we must retain in accordance with applicable law, will only be accessible to a very limited circle of people;
- Right to transfer your data to another data controller. Under the RODO, you can ask us to export the data you have provided to us in the course of all our contacts into a separate file for onward transfer to another data controller;
- Right to withdraw consent. If we process your personal data on the basis of your consent, you may withdraw that consent at any time. The withdrawal of consent will not affect the lawfulness of processing that we have done on the basis of consent given before its withdrawal. However, we would like to inform you that your personal data in the scope covered by the withdrawn consent, i.e. in the scope of the purpose to which the consent referred, will cease to be processed for that purpose. Nevertheless, your personal data covered by your consent will continue to be processed for the purpose of complying with our obligations under the law, including in particular our obligation to account for the correctness of the processing of your personal data, possibly for purposes based on our legitimate interests.
You may exercise the rights referred to above by contacting us at: email@example.com or by mail to: FACE IT sp. z o.o. ul. Bagatela 10 lok. 31, 00–585 Warsaw, with the note: „Personal data”.
In matters related to personal data you can also write to us, if any action or situation you encounter raises your concerns, whether it is compliant with the regulations or does not accidentally violate your rights or freedoms. In this case we will answer your questions and concerns and address the issue promptly.
If you consider that we have in any way violated the rules for processing your personal data then you have the right to lodge a complaint directly with the supervisory authority (from 25 May 2018 this is the President of the Office for Personal Data Protection). In exercising this right you should give a full description of the situation that has arisen and indicate what action you consider to have violated your rights or freedoms. The complaint should be submitted directly to the supervisory authority.
- What is the right to object?
We would like to inform you separately that you also have the right to so-called objection to the processing of your personal data. You have the right to object if you do not want us to process your personal data for a specific purpose (e.g. marketing purposes).
You also have the right to object if the processing of your personal data is based on a legitimate interest or for statistical purposes, and the objection is justified by the particular situation you are in.
In this case, we will continue to process your data for other processes (for other purposes), but no longer for the purpose for which you objected. You can report your right to object to the e‑mail address: firstname.lastname@example.org or by letter to: FACE IT sp. z o.o. ul. Bagatela 10 lok. 31, 00–585 Warsaw, with the note: „Personal data”.
- Is it your responsibility to provide the data?
You provide your personal data to FACE IT voluntarily. There is no law that imposes a legal obligation on you to provide it.
However, if you wish to enter into a contract with us, you must provide data that will enable us to enter into and perform that contract, as well as to properly tax and document it for FACE IT accountability purposes.
Personal data provided for e.g. contact or marketing purposes are necessary for us to contact you or to conduct marketing activities to which you agree or at least do not object. If you do not provide it, our communication with you will be either impeded (e.g. if you provide only your telephone number but not your e‑mail address) or impossible (if you do not provide any contact data).
- Do we share your data outside the EU?
No, we will transfer your data to a third country or to international organizations.