GDPR Policy

1. I. In connection with the entry into force of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 “On the protection of natural persons with regard to the processing of personal data and on the free movement of such data” and repealing Directive 95/46/EC (“GDPR”), we inform you that HELLO POLAND sp. z o.o. processes personal data of:
   • individual clients (natural persons);
   • the clients of the Administrator who are legal persons or organizational units without legal personality — personal data of persons authorized to represent such clients, their employees and staff;
   • service providers who are natural persons, as well as employees and staff of such service providers;
   • persons who contact the Administrator for legal advice provided by the Administrator, and persons whose data were obtained in the course of providing such services to the Administrator’s clients;
   • those who cooperate permanently or periodically with the Administrator in the provision of services by the Administrator;
   • persons about whom the Administrator holds data on the basis of and in accordance with applicable law for the provision of legal services;
   • persons in relation to whom the Administrator undertakes legal actions;
   • people who use the newsletter or have requested to receive offers.
   The controller of your personal data is HELLO POLAND sp. z o.o. (LLC), headquartered in Lublin, ul. Hugo Kołłątaja 6/3, 20-006 Lublin, registered in the District Court Lublin-East in Lublin with its seat in Świdnik, 6th Commercial Division of the National Court Register under number KRS: 0000676429, with share capital of PLN 10,000, NIP: 7123338711, REGON: 367183795, hereinafter referred to as the “Administrator”.
   
   Additional contact information for the Administrator is given below regardless of the foregoing: hello.poland.office@gmail.com
   
   II. PURPOSES OF DATA PROCESSING, LEGAL BASIS
   
   We inform you that your personal data will be processed when necessary for:
   1. the conclusion and performance of a contract, i.e., on the basis of Art. 6(1)(b) GDPR, including, in particular, contracts for legal services or service agreements concluded with the Administrator and by suppliers of such services;
   2. the fulfillment of legal obligations incumbent on the Administrator of personal data pursuant to Art. 6(1)(c) GDPR arising from European and Polish law;
   3. purposes arising from the legitimate interests pursued by the Administrator or a third party pursuant to Art. 6(1)(f) GDPR, which the Administrator recognizes to include, in particular: asserting claims, establishing and defending against claims, preventing fraud, ensuring environmental and IT security, applying an internal control system, Administrator’s monitoring and logging of access to and departures from the Administrator’s Platform, identifying conflicts of interest and ethical violations to the extent necessary to counteract abuses, archiving and statistical purposes, as well as providing services for the benefit of the client in situations where the client’s interests prevail over the interests, rights and freedoms of the data subjects;
   4. carrying out recruitment and establishing cooperation (Art. 6(1)(a) and (b) GDPR, i.e., to the extent specified by labor law the legal basis is the necessity to take steps prior to entering into a contract (Art. 6(1)(b) GDPR), and outside the scope of labor law the basis of processing is the consent or other applicable legal grounds);
   5. taking steps to respond to an incoming message (Art. 6(1)(f) GDPR, i.e., the Administrator’s legitimate interest in processing correspondence);
   6. considering requests made under the GDPR (Art. 6(1)(c) GDPR, i.e., obligations arising from the GDPR to provide the data subject with information about actions taken in response to a request);
   7. processing business card data when they have been handed over (for correspondence, establishing commercial contact and any other purposes for which they were provided);
   8. reception service (Art. 6(1)(f) GDPR for arranging meetings with an Administrator’s representative and for considering or defending claims);
   9. archiving documents (Art. 6(1)(c) or (f) GDPR);
   10. conducting the Administrator’s own marketing and advertising activities (Art. 6(1)(f) GDPR);
   11. conducting marketing and advertising activities on the basis of separately given consent (Art. 6(1)(a) GDPR);
   12. sending commercial information electronically, including newsletters (pursuant to Article 10(2) of the Act “On the provision of electronic services” of 18 July 2002 — and related provisions — i.e., on the basis of Art. 6(1)(a) GDPR);
   13. the use of telecommunications terminal equipment and automated systems for the purpose of direct marketing pursuant to Art. 172 of the Act of 16 July 2004 “Telecommunications Law” (consolidated text: Journal of Laws of 2017, item 1907, as amended);
   14. adapting the content of the portal segin-roman.com to users’ interests, including profiling portal Users, detecting bots and abuses, as well as statistical measurements and improving customer service;
   15. maintaining statistics on the portal segin-roman.com;
   16. making an offer (if consent to receive it is given);
   17. sending mailings (if consent to receive them is given).
2. III. CATEGORIES OF DATA RECIPIENTS
   
   The Administrator processes personal data and, for the purposes of implementing the Administrator’s agreements, has the right to share collected or processed personal data of data subjects with:
   • employees;
   • staff cooperating with the Administrator;
   • other persons providing services on behalf of the Administrator and independently determining the purposes and means of processing (e.g., debt collection for buyers);
   • persons authorized under applicable law (in particular courts and public authorities);
   • economic information agencies;
   • courier companies;
   • payment service providers;
   • internet providers, domain and hosting providers, operators of payment systems including online payment operators, accounting and financial auditors;
   • IT service providers, network operators; service providers including advertising services, Google, social networks;
   • companies handling retrieval and destruction of documents, legal entities cooperating with the Administrator;
   • banks, financial institutions, compensation entities, insurance companies, public authorities, KAS, social insurance fund;
   • and other persons authorized by the client.
   Data will be transferred only to the extent strictly necessary. Recipients not listed above will not receive processed personal data in a form that would allow identification of Users.
3. IV. CATEGORIES OF PROCESSED PERSONAL DATA
   
   
   1. The Administrator processes the following categories of personal data (if provided):
   • first name, last name;
   • residential/correspondence address;
   • e-mail address;
   • telephone number;
   • bank account number;
   • tax identification number (if required to provide the service);
   • additionally: company name, business address, tax ID number;
   • other personal data.
   Furthermore, the Administrator may process other categories of personal data if such data cannot be classified under any of the listed groups and processing is carried out for the purposes indicated above.
   1. Your personal data will not be disclosed to third parties except when obtained through the Google Analytics service. In such cases, data may be transferred to the USA.
   2. Providing data is necessary for the conclusion and performance of contracts and for providing services, as well as for other purposes described above in this section; failure to provide the data will make it impossible to conclude the aforementioned contracts and to perform them, as well as to provide the services and carry out the actions described above, except where otherwise provided by law.
   3. You have the following rights:
   • the right of access to data, including obtaining a copy of the data;
   • the right to request rectification of data (Art. 16 GDPR);
   • the right to erasure — the “right to be forgotten” (Art. 17 GDPR);
   • the right to restriction of processing (Art. 18 GDPR);
   • the right to data portability (Art. 20 GDPR);
   • the right to object (Art. 21 GDPR);
   • the right to withdraw consent (Art. 7 GDPR);
   • the right to lodge a complaint with the supervisory authority responsible for personal data protection.
4. V. PERIOD OF DATA STORAGE
   
   Personal data will be processed for a period in accordance with applicable law or, in certain cases, until consent is withdrawn. Personal data will be processed for the periods required by applicable law, in particular tax and accounting laws, and for as long as necessary for establishing, investigating or defending claims, in particular:

   a) for the purpose of performing the contract(s) — until their termination or expiry;

   b) for establishing, investigating or defending claims — until the limitation period for claims or objections expires;

   c) for the performance of legal obligations incumbent on the Administrator — until the obligations arising from the provisions of the law expire.

   In the case of consent to the processing of personal data, data are generally processed until the objection or withdrawal of consent to the processing of personal data, if your data were processed on such a basis.
   
   Your personal data are subject to profiling in terms of personal preferences and interests on the basis of analytical data collected on the website segin-roman.com, as well as for statistical and marketing purposes, and for mailing purposes (if consent is given).
   
   The privacy policy regarding processing is also available online on the website segin-roman.com.
   
   You may contact us at any time for additional information.
   
   On behalf of: HELLO POLAND sp. z o.o., dated 01.07.2022.