Privacy Policy
GENERAL PROVISIONS
The Data Controller for the processing of data collected via the website located at https://www.grcadvisory.com is GRC Advisory Sp. z o.o., principal place of business and address for service: ul. Strzegomska 140A, 54 - 429 Wrocław, registered in the National Court Register KRS: 0000350726, tax identification number NIP: 8942993784, statistical number REGON: 021167324, share capital PLN 50.000, email address:kontakt@grcadvisory.com, hereinafter referred to as the “Data Controller”, which is also a Service Provider.
The Customer's personal data shall be processed in accordance with the Personal Data Protection Act of 10 May 2018 (Journal of Laws 2019, item 1781) and in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (RODO) (Official Journal of theEU L 119 of 04.05.2016, p. 1) and the Act on the provision of services by electronic means of 18 July 2002 (Journal of Laws of 2024, item 1513)..
The Data Controller shall take all reasonable steps to protect the interests of data subjects and ensure that all data is:
- lawfully processed,
- obtained only for specified, lawful purposes, and not further processed in any manner incompatible with those purposes,
- factually correct, adequate and relevant in relation to the purposes for which it is processed and shall be stored in a form that permits identification of the data subject, for no longer than is necessary for those purposes.
PURPOSE AND SCOPE OF DATA COLLECTION
The data received by the Data Controller shall be used exclusively to:
- contacting the Customer
- information purposes and other activities related to the Customer's activity on the website https://www.grcadvisory.pl
The Data Controller may process the following personal data about the User:
- first name and surname,
- e-mail address,
- phone number.
The Data Controller may collect and process the following information about how the User interacts with the electronic services (usage data):
- digits and symbols which identify the end-user’s network termination point or ICT system,
- information on the date and time of access as well as the scope of each use of the electronic services,
- information on the use of the electronic services.
The submission of personal data set forth in point 2 of this Privacy Policy is essential to enable access to electronic services provided through the website.
LEGAL GROUND FOR PROCESSING
The use of the service, concluding contracts for the provision of electronic services through an online store, which involves the need to enter personal information is entirely voluntary. The subject of the data independently decides whether to start using the services provided electronically by the Provider.
Pursuant to Article 6(1)(a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (RODO) (Official Journal of the EU L 119 of 04.05.2016, p. 1), the processing of data is permitted when, inter alia::
- the data subject has consented to the processing of their personal data for one or more specified purposes;
- the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
The processing of personal data by the Controller shall always be carried out within the framework of the grounds for permissibility of processing, i.e. when it is necessary for the performance of a contract to which the data subject is a party or for taking action at the request of the data subject prior to entering into a contract.
THE RIGHT TO CONTROL, ACCESS AND CORRECT PERSONAL DATA
The User has the right to access their personal data and correct them.
The Customer has the right to access and correct the content of his/her personal data. Each person has the right to control the processing of data concerning him/her contained in the Administrator's data filing system and, in particular, the right to request the completion, updating, rectification of personal data, temporary or permanent suspension of their processing or their deletion if they are incomplete, outdated, untrue or have been collected in violation of the law or are no longer necessary for the purpose for which they were collected.
In order to exercise the rights referred to above , you may do so by sending an appropriate e-mail to: kontakt@grcadvisory.com.
COOKIE POLICY
The Service Provider website uses cookies. By continuing to use the website without changing their browser settings the User consents to the use of cookies.
Cookies are essential for the provision of electronic services via the website. Cookies, especially those requiring the User’s additional authorisation, contain information that is necessary for the proper functioning of the website.
The website uses three main types of cookies:
- “session” cookies are temporary files which are stored on the User’s end-device until they log out (leave the website),
- "analytical” cookies provide information on how individual User interact with website and are used to improve the performance of the website. Analytical cookies collect information about how User use the website, what type of website referred the User to website, the frequency of visits and the time of each visit. All User data is collected anonymously and used solely for statistical analysis of website use.
The User can adjust cookie permissions via options in their browser settings. More detailed information about cookie management with specific web browsers can be found in the browsers’ respective settings.
FINAL PROVISIONS
The Data Controller uses technical and organizational measures to ensure the protection of personal data processed appropriate to the risks and category of data being protected, and in particular protects data against their unauthorized disclosure, takeover by an unauthorized person, processing with violation of existing regulations change, loss, damage or destruction.
The Service Provider provides the technical means to prevent the acquisition and modification by unauthorized persons personal data transmitted electronically.