I. General Information
This Policy has been issued by the Personal Data Controller, which is Your Advisors Sp. z o.o., ul. Cybernetyki 19A, 02-677 Warsaw, NIP: 9512386042 REGON: 360314998 KRS: 0000533459 and is addressed to all Users (hereinafter: “Users”) of our Website (hereinafter: “Website”). Definitions applied in this Policy are explained in Point XII below.
Contact details of the Controller are provided in Point XI below.
This Policy may be amended and updated to reflect changes in the Controller's Personal Data Processing practices or changes in generally applicable law. We encourage you to read this Policy carefully and check this page regularly to verify any changes that the Controller may make in accordance with this Policy.
II. Processing of Users' Personal Data
Collection of Personal Data: The Controller may collect Users' Personal Data, such as: name, surname, and contact details, including e-mail address. The Controller may collect Users' Personal Data, in particular in the following cases:
- providing Personal Data by Users (e.g. contact by e-mail, telephone, form or any other means).
- collecting Users' Personal Data as a result of a business relationship/entering into or execution of an agreement (e.g. purchase of the Controller’s service or product by a User).
- collection of Users' Personal Data published in social media (e.g., obtaining information from Users' social media profiles, to the extent that such information is visible to the public).
- obtaining Personal Data from third parties (e.g., contractors, financial intermediaries, law enforcement entities, including administrative bodies or courts, etc.).
- obtaining or asking Users to provide Personal Data of Users, during Users' visits to the Controller's websites or using any functions or resources available on or via the Website. When Users visit the Website, the User's devices and browsers may automatically provide certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connection to the Site and other technical information regarding communication), some of which may constitute Personal Data. During a visit to the Website, no Personal Data of Users will be stored by the Controller without the prior, express consent of the Users. However, temporary storage of log files and cookies facilitates the use of our Website. For this reason, Users are asked to agree to this on our Website. Granting the aforementioned consent is optional and does not affect the possibility of using the Website. In some cases, the use of our Website may be restricted to a certain extent without such consent.
Processed Personal Data: The categories of Personal Data of Users processed by the Controller may, in particular, include:
- Personal Data: first name(s), last name(s), first name used, gender, date, photo.
- Contact data: delivery address, company (employer) address, telephone number, fax number, email address, social media profile details.
- Payment details: address for sending billing, bank account number, name of bank account holder, account security details.
- Communication content all communications, queries, statements, views and opinions about us sent by Users or published on social media or through the Website.
Legal grounds for the Processing of Personal Data: When Processing Users’ Personal Data for the purposes as set out in this Policy, the Controller may refer to one or more of the following legal grounds, as appropriate:
- Processing takes place on the basis of the User’s prior voluntary, specific, informed and unambiguous consent to the Processing;
- Processing is necessary for execution of the agreement that the User has entered into or intends to enter into with the Controller;
- Processing is necessary to fulfil the legal obligation imposed on the Controller;
- Processing is necessary to protect the vital interests of any natural person;
- Processing is necessary to manage, conduct and promote the Controller’s activities and does not prejudice the interests or fundamental rights and freedoms of the User.
Purposes of Personal Data Processing: The purposes for which the Controller may process Users’ Personal Data are as follows:
- Controller’s Website: to operate and manage our Website, to present its content; to publish advertising and other promotional and marketing information; to communicate and interact with customers and suppliers, as well as potential employees or collaborators, through our Website.
- Offering the Controller’s products and services to Users: to present our Website and other services; to provide promotional materials requested by Users; communication related to the Controller’s services.
- Marketing communications: to present by any means (including e-mail, telephone, text message, social media, postal mail and personal contact) news and other information that may be of interest to Users, including the distribution of newsletters and other commercial information, having first obtained the Users’ consent to send the information in an appropriate manner, based on generally applicable laws.
- Communication and IT operations: to manage communication systems, to operate for IT security purposes and IT security audits.
- Financial management: sales, finance, audit and sales management.
- Survey: to engage Users to obtain information on User opinions about the Controller’s products and services.
- Improving our products and services: to identify problems with existing products and services; to plan improvements to the existing products and services; and to create new products and services.
III. Sharing Personal Data with third parties
The Controller may share Users’ Personal Data:
- Administrative or judicial authorities, at their request, in order to inform about an actual or suspected violation of the applicable law;
- Persons carrying out audits, lawyers, PR agencies taking into account the obligation of confidentiality resulting from the agreement or imposed on these entities by law;
- Third parties processing the entrusted data on behalf of the Controller, regardless of their registered office, in accordance with the requirements of this point III below;
- Any entity competent for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal measures, including the safeguarding and prevention of threats to public security;
- To any receiving party, in the event of a sale or transfer of any organised part of the Controller or of any interest in the share capital of the Controller (including in the event of any reorganisation, dissolution or liquidation).
We currently use redirects to the following social media on our pages:
If we engage a third party to process Users’ Personal Data in accordance with an entrustment agreement entered into with such entity, the Processor shall be obliged to: (i) Process only the Personal Data as instructed in advance by the Controller in writing; and (ii) take all measures to protect the confidentiality and security of the Personal Data and ensure compliance with all other requirements of generally applicable law.
Technical support services in connection with the use of the Website are provided by Exago Media sp. z o.o. This entity stores and processes Users’ Personal Data obtained in the course of using the Website by Users. The Processor shall ensure full security of the Personal Data of Users by using appropriate and latest technical and organisational measures. The Processor may not use the Users’ Personal Data provided to it for purposes other than those for which it was entrusted to it by the Controller. The Controller entered into a personal data processing entrustment agreement with the Processor, on the basis of which the Processor is obliged to comply with the requirements concerning the protection of the Users’ Personal Data.
IV. International transfer of Personal Data
At present, the Controller does not transfer and does not intend to transfer any Users’ Personal Data to third countries which are not members of the European Union or to international organisations. If necessary, this Policy shall be amended and the transfer of your Personal Data may take place only in accordance with the standard contractual arrangements that Controller implements before the transfer of such Personal Data takes place. In such a case, Users shall be entitled to request a copy of the standard contractual provisions applied by the Controller, using the contact details indicated in Section XII below.
V. Data protection
The Controller shall inform that it has implemented appropriate technical and organisational protection measures to protect Personal Data, in particular including safeguards against accidental or unlawful destruction, loss, alteration, unauthorised publication, unauthorised access and other unlawful and unauthorised forms of Processing, in accordance with applicable law.
The Controller shall not be liable for the actions or omissions of the Users. Users are responsible for ensuring that all Personal Data is sent to the Controller in a secure manner.
VI. Accuracy of data
The Controller shall take all appropriate measures to ensure that:
- The Users’ Personal Data that the Controller processes are accurate and, where necessary, made up to date; and
- All Users’ Personal Data which are processed by the Controller and which are incorrect (having regard to the purpose for which they are being processed) shall be deleted or corrected without undue delay.
The Controller, at any time, may ask Users about the accuracy of the Processed Personal Data.
VII. Data scope minimization
The Controller takes all appropriate measures to ensure that the scope of the Users’ Personal Data that it processes is limited to Personal Data that are adequately required for the purposes set out in this Policy.
VIII. Storage of Data
The criteria determining the duration of the period in which the Controller stores Users’ Personal Data are as follows: the Controller keeps a copy of Users’ Personal Data in a form that allows for its identification only as long as is necessary to achieve the purposes set out in this Policy, unless the provisions of generally applicable law require a longer retention period for Personal Data. In particular, the Controller may retain Users’ Personal Data for the entire period necessary to establish, use or defend claims.
IX. Users’ rights
In accordance with the provisions of the General Data Protection Regulation, with respect to the Users’ Personal Data which are Processed by the Controller, the Users shall have the following rights:
- the right of access personal data;
- the right to correct personal data;
- the right to delete personal data;
- the right to limit the processing of personal data;
- the right to transfer personal data;
- the right to object to the processing of personal data;
- the right not to be subject to a decision involving automated processing.
If the Processing of Personal Data is carried out on the basis of the consent granted by the Users, the Users have the right to withdraw their consent at any time without affecting the lawfulness of the Processing carried out on the basis of their consent before its withdrawal.
In the case of incorrect Processing of Personal Data, Users shall have the right to lodge a complaint to the state supervisory body for data protection, i.e. to the President of the Office for Personal Data Protection.
The above does not affect the rights of the Users resulting from the acts or other provisions of generally applicable law.
In order to exercise one or more rights or inquire about those rights or any other provisions of this Policy or about the Processing of Users’ Personal Data, please contact us using the contact details indicated in point XI below.
X. Cookie files (cookies)
The Controller uses the following Websites:
When you use the Website, the data about the User are collected automatically. This data includes: IP address, domain name, browser type, operating system type. The data can be collected through cookies, Google Analytics and they may be saved in server logs.
Cookies are small text files that are sent to your computer or other terminal equipment while the User is browsing the Website. Cookies remember the user’s preferences which makes it possible to improve the quality of the services provided, to improve search results and the accuracy of the information displayed and to personalise the website, to create website statistics.
The Controller of cookies is Your Advisors Sp. z o.o. with its registered office in Warsaw.
The User may resign from cookies (or apply an appropriate setting of preferences of their use by the web browser used) by selecting appropriate settings in the web browser used.
The Controller uses the types of cookies listed below:
- Technical files – files that are essential to enable users to navigate the Website and use its functions, such as accessing secure areas of the Website.
- Performance cookies – collect information about how Users use the Website, which parts of the Website are visited most frequently.
- Functional files – which record the choices made by users (such as user name, language or the region in which users are located).
The Controller uses Google Analytics, which is a web analytics system that provides insight into the Website’s traffic used for marketing purposes.
Third-party social media (e.g. Facebook, Twitter, LinkedIn) may record information about you, for example when you click on the “Add” or “Like” button in relation to a particular social network while on the Website. The Service Provider does not control third party sites or their activities. Information on social media sites is available on the pages of these media.
- proper functioning, configuration, security and reliability of the Website,
- monitoring session status,
- adapting the information displayed to the User’s preferences,
- analyses, statistics, surveys and audit of the Website views.
XI. Contact details
If you have any questions, concerns or comments regarding the information contained in this Policy or any other issues relating to the Controller’s Processing of Users’ Personal Data, including for the purposes of exercising the rights referred to in Section IX of this Policy, please contact us at the following email address: firstname.lastname@example.org
- Controller means the entity that decides how and for what purposes Personal Data is processed. The controller shall be responsible for the compliance of the processing with applicable data protection law.
- Personal Data means any information about an identified or identifiable natural person. Examples of the Personal Data that the Controller may process are listed in section II above.
- To process, Processing or Processed means any activity relating to Personal Data whether or not performed by automatic means, such as collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, making available by transmission, dissemination or otherwise making available, organising or combining, limiting, deleting or destroying.
- Processor means any person or entity that processes Personal Data on behalf of the Controller (other than an employee of the Controller).