• en
  • pl

PRIVACY POLICY

1. About us

The controller of your personal data is KWADRYGA Consulting Development Trade Service HIACYNTA WARSICKA based in Warsaw (00-640), at Mokotowska 1. If you have any questions regarding processing of your personal data, please read this Policy and, in case of questions or doubts, contact us: contact@pink-hyacinth.com or write to the address of the company’s registered office. Personal data is obtained and processed in the manner and on the terms specified in this Policy.

2. General Provisions

At KWADRYGA Consulting Development Trade Service, we attach particular importance to protecting the privacy of our clients, contractors and employees. One of the key aspects of this process is the protection of the rights and freedoms of individuals in connection with the processing of their personal data. We ensure that the processing of your data is carried out in accordance with the provisions of the General Data Protection Regulation 2016/679/EC (hereinafter referred to as “GDPR”), as well as specific local regulations.  We are a personal data controller within the meaning of Article 4(7) of the GDPR. We also might use the services of processors referred to in Article 4(8) of the GDPR –  but they process personal data on our (the controller’s) behalf (these are, for example, accounting or IT companies). We implement appropriate technical and organizational measures to ensure a degree of security corresponding to the possible risk of violating the rights or freedoms of individuals with different probability of occurrence and severity of the threat. Our data protection measures are based on adopted policies and procedures and regular training to improve the knowledge and competence in this area.

3. What is the purpose of personal data processing

We use the data contained in the received messages to respond to them and conduct ongoing correspondence. We also use the data we obtain from clients to efficiently provide services. We share your data with third parties with your consent or when we are required to do so by law.

4. On what terms and on what basis we process your data

We make sure to protect the interests of data subjects and, in particular, ensure that the data are:

  • processed lawfully, fairly and in a transparent manner;
  • collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;
  • adequate, relevant and limited to what is necessary for the purposes for which they are processed;
  • correct and updated as necessary (we take steps to ensure that personal data that are inaccurate in light of the purposes for which they are processed are promptly deleted or rectified);
  • kept in a form that allows identification of the data subject for no longer than is necessary for the purposes for which they are processed;
  • processed in a manner that ensures their adequate security, including protection against unauthorized or unlawful processing and accidental loss or destruction.

We process your data most often when it is necessary for the performance of a contract (provision of services) to which you are a party, or to take action at your request even before the conclusion of the contract (Article 6(1)(b) GDPR). We may also process your data on the basis of the consent you have given us (Article 6(1)(a) GDPR, Article 9(2)(a), which can be withdrawn at any time –  this applies to special categories of data for example concerning health. In some situations, the processing is necessary to fulfill our legal obligation, for example tax or accounting obligations (Article 6(1)(c) RODO). Processing may also be necessary for purposes arising from our legitimate interests, examples of which include pursuing claims in connection with our business activities or responding to questions or requests addressed to us (Article 6(1)(f) RODO).

5. What rights do you have

We take appropriate measures to provide you with all relevant information in a concise, transparent, understandable and easily accessible form, in clear and simple language, and to conduct all communications with you regarding the processing of personal data in connection with your exercise of your right to:

  • obtain information provided on the acquisition of your personal data;
  • obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and other information indicated in art. 15 GDPR – including the right to obtain a copy of your data;
  • rectification of your data;
  • deletion of your data (“right to be forgotten”);
  • restriction of processing;
  • data portability;
  • not to be subject to a decision based solely on automated processing (including profiling),

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data based on our legitimate interest.

However, some of the above rights are available only under specific circumstances. In addition, if your personal data is processed on the basis of consent, you have the right to withdraw it. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you wish to exercise the right in question, please contact us by email: contact@pink-hyacinth.com,  or post: KWADRYGA Consulting Development Trade Service HIACYNTA WARSICKA, Warsaw (00-640), at Mokotowska 1.

The security of your data is our priority. However, if you feel that by processing your personal data we violate the provisions of GDPR, you have the right to file a complaint with the President of the Office for Personal Data Protection in Poland (uodo.gov.pl) or other local data protection supervisory authority.

6. How we will contact you

We will provide information in writing, or by other means, including, where appropriate, by electronic means. When requested, the information may be provided orally, as long as the identity of the data subject is proven by other means. When you make the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by you.

7. Within what timeframe we will comply with your request

We strive to provide information without undue delay – as a rule, within one month of receiving your request. If necessary, this period may be extended by another two months due to the complexity of the request or the number of requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

8. Subcontractors/processors

If we work with entities that process personal data on our behalf, these are processors that provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights and freedoms of data subjects. We carefully check the entities to which we entrust the processing of your data. We conclude detailed agreements in accordance with Article 28 of the GDPR and periodically verify the fulfillment of the requirements.

9. How we take care of the processing of your data

We comply with the requirements of the GDPR and local regulations, we have implemented internal policies and procedures, as well as technical and organizational security measures.