Hereby, in the interests of the security of your personal data, and of the rights which you are entitled to,
complying with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of
27 April 2016 on the protection of individuals with regards to the relation to the processing of personal data and
on the free movement of such data and repealing of Directive 95/46/EC (in the text, as “GDPR”), I would like to
update and complement the information and the details of the processing of your personal data.ADMINISTRATOR
The controller of personal data is Biznes Up Egberss Kocel Sikorski, headquartered in Oblaczkowo 11c, 62-300
Wrzesnia, entered in the register of Entrepreneurs of the National Court Register under the number 0000749000,
hereinafter as: “Administrator”.
2. RECIPIENT CATEGORIES
This clause is addressed to:
3. DATA SOURCE AND CATEGORIES OF PERSONAL DATA CONCERNED
The personal data of the third party have been obtained directly from them.
Personal data of persons involved have been obtained either directly from that person or from the third party
or other persons involved.
Where the personal data of the persons involved have been obtained directly from those individuals, that
person shall retain the full control over the scope of the data to be disclosed.
In the event that the personal data of the persons involved were obtained from the third party or other
persons involved, this only is the data that is necessary for identification and verification of identity (contact
information) such as: Name, surname, telephone number, professional license number, vehicle registration
number, function, position, e-mail address, company (name).
4. BASIS OF PROCESSING, PURPOSES OF PROCESSING, PERIOD OF STORAGE
|Base||Article 6 (a) 1 (a) GDPR Consent of the data subject|
|Target|| Business Contacts – Marketing with prior consent|
To gain and maintain business contacts, i.e. the marketing actions for which separate
consent is required (e.g. in the case of marketing by telecommunications equipment, e.g.
computers connected to the network or phones).
For processing by the administrator of any correspondence received as a result of the use
of the contact form located on biznes-up.com.pl (hereinafter referred to as “site), fromemail, or other source and to respond or maintain any correspondence
Effective use of the website
by the software browser on user’s device. Cookies allow efficient use of the website. More
Cookies allow to match the content of the website, in particular advertising content, to the
Cookies also allow the making of viewing/popularity statistics of the website. These
statistics allow for more effective promotion of the site both on and outside of the page
Use of third-party services
Third party Cookies are, in case of some service providers, necessary for the use of their
|The period of processing of personal data continues until the consent is withdrawn or until|
the data is no longer required (e.g. when the purpose for which the data was obtained has
been reached), whichever is earlier. Consent may be withdrawn at any time, even before
it is agreed, and its revocation does not affect the legality of the processing of the data
before the revocation of the consent and will result in a lack of feedback from the
|Legal Basis||Article 6 (a) 1 (b) GDPR|
Conclusion and execution of the contract and taking action at the request of the Person
who is a data subject.
|Target||Third party’s identification|
The personal identification and the possibility of the identification of the third party
Conclusion and execution of the contract
The need ofsigning off, executing and settling of the contract with the third party, including
maintaining contact e.g. by telephone or by email.
To prove the fulfilment of the Administrator’s obligations and determination, investigation
and defense of claims
To confirm the fulfillment of the Administrator’s obligations under the agreement with the
third party and to obtain payments from the third party (e.g. payment request).
|Storage Period||The storage period lasts for the duration of the contract with the other party, as well as|
the time after its completion, i.e. the time of the limitation period for raising concerns or
claims under applicable law, and also for the time required by separate regulations (e.g. to
prevent a fraud), depending on which of these periods will be longer and to the extent
|Legal Basis||Article 6 (a) 1 (c) GDPR|
indispensability to fulfil the legal obligations incumbent on the administrator
|Target||Accounting records (including tax)|
Creation, collection and storage of accounting records, including tax related to the
conclusion and execution of the contract with the third party.
In addition to the legal basis indicated above, the following acts are also the basis:
• Act of 26 July 1991-on income tax on private persons-including article 24a paragraph 1
• Act of 11 March 2004-on the tax on goods and services-including article. 106a-106n, 112
•Ordinance of the Minister of Finance on the keeping of the tax register of incomes and
expenses of 26 August 2003, including currently § 5 and § 14 paragraph. 2 (5).
|Storage Period||The period of personal data processing lasts for the period of performing duties resulting|
from legal provisions, that constitute their source (e.g. until the tax liability expires).
|Legal Basis||Article 6 (a) 1 lit f) GDPR|
The legitimate interests of the controller or of the third party
|Business Contacts – Marketing without prior consent|
Current direct marketing and sales of services, as well as building and strengthening
business relationships, including presenting and promoting the offers of the administrator
(including the Internet), unless these activities require separate consent.
The legal interest in this area is the marketing and sale of services, and the building and
taking care of business relationships necessary for the proper prosper of the administrator
Execution of the contract through the person involved
Cooperation with the person involved within the contract concluded with the third party.
E.g. the provision of services with the authority of the delegated person to manage on
behalf of the third party, as well as the provision of services personally by the person
involved to the administrator.
The legal interest in this regard is the willingness to properly execute the obligation under
the contract with the third party.
To prove the fulfilment of the Administrator’s obligations and determination, investigation
and defense of claims
Confirming the fulfilment of the administrator ‘s obligations and obtaining of the payment
payable-not only to the third party but also to the person involved (e.g. recovery order, call
for compensation for damages or fulfillment of the payment).
The legal interest in this area is the possibility for the administrator to assert claims and to
demonstrate the fulfilment of his duties.
|Storage Period||The period of execution of the contract with the third party, as well as after its termination,|
i.e. for the duration of the limitation period of raising claims under the applicable laws; for
the time required by the separate laws (e.g. fraud prevention); Through the time needed
to reach the target; or until the opposition is taken into account, whichever is longer, to
the extent necessary.
|Objection||The data subject to this objective shall have the right to object in accordance with article|
21 of THE GDPR. The controller may no longer process the personal data indicated, unless
it demonstrates the existence of valid legitimate grounds for processing, overriding the
interests, rights and freedoms of the data subject, or grounds for establishing, investigating
or defending claims
5. CATEGORIES OF RECIPIENTS
The recipients of the data controller (i.e. the data of the third party or the person involved) may be:
According to the GDPR, the data subject has the right to:
Ad 3-The Administrator may refuse to delete personal data despite of such request, if there is one of the
exceptions mentioned in the GDPR, eg. where data processing is necessary for the establishment, exercise
or defense of claims.
Ad 3 and 4-the right to erasure of data and the right to request restriction of processing are only applicable
in the cases specified in the GDPR.
Ad 5- the right to data transfer is only granted in cases where the legal basis for processing is the consent or
performance of the contract (when this processing takes place in an automated manner).
Ad 6 – consent to the processing of data can be revoked at any time without affecting the lawfulness of
Ad 7-in Poland, the authority competent to start proceedings is the President of the Office for Personal Data
Protection, address: 2 Stawki street, 00-193 Warsaw. For the other Member States of the European Union,
the supervisory authorities are on the website: http://ec.europa.eu/newsroom/article29/itemdetail.cfm?item_id=612080.
7. FAILURE TO PROVIDE PERSONAL DATA AND CONSEQUENCES
|Basis for processing||Statutory requirement/|
Condition of conclusion of
|Consequences of non-disclosure|
|consent||none||none||• the lack of functionality of certain|
services on the website;
• no response to inquiry /problem;
• lack of advertising content and
current offersfrom the administrator
of the contract
|• the condition of|
concluding the contract;
• contractual requirement
|Yes||• failure to conclude a contract;|
• failure to perform the contract.
|legal obligation||• statutory requirement||Yes||• failure to conclude a contract;|
• failure to perform the contract;
• statutory and contractual
|legal interest of the|
|lack||lack||• Non-conclusion of the contract and|
failure to perform the contract in the
form of a purpose, performance of
the contract and in the form of
performance of the administrator’s
obligations and determination,
investigation and defense of claims
8. AUTOMATED DATA PROCESSING
Your personal data, only linked with cookies-will be processed in an automated manner, however, this will never
cause any legal effects on the site or in a similar manner significantly affect its situation (no automated decisionmaking).
Profiling of personal data on the website involves the processing of data (including by automated ways) by using
them to evaluate certain information about a person, in particular to analyse or forecast personal preferences
The data in question may be transferred to third countries from the list of EU-US Privacy Shields agreements (e.g. Google). You can find the security information for the relevant agreement here:
https://www.privacyshield.gov/welcome. Google is also certified in accordance with ISO/IEC 27001:2013. You
will find more about this certificate here: https://support.google.com/analytics/answer/3407084.
9. GOOD PRACTICS – TRANSMISSIONS OF THE INFORMATION CLAUSE TO THE PERSON INVOLVED
As a good practice, it is highly desirable that the third party should provide this information clause to the person
involved, as part of its information obligation (mainly the obligation to indicate the categories of recipients).The
transmission by the controller of this information clause to the persons involved may prove to be impossible or
may require disproportionate effort. Therefore, as part of good practice, the third party should convey this
document to the person involved.
10. THE CONTACT DETAILS
In all matters relating to the subject matter of this information clause, including the clarification of possible
doubts or ambiguities, and above all in order to exercise its powers, please contact the person responsible for
the security of personal data at the administrator, i.e.: Biznes Up Egberss Kocel Sikorski with headquarters in
Obłaczkowo 11c, 62-300 Wrzesnia, firstname.lastname@example.org.