Privacy Policy

1. Definitions

1.1. Joint Controllers

PKF Consult sp. z o.o. sp. k., based in Warsaw, address: ul. Orzycka 6/1B, 02-695 Warsaw, registered in the Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under number 0000579479, NIP: 5210527710, REGON: 01014308000000, hereinafter also referred to as "PKF Consult";

PKF BPO Sadowska – Malczewska sp. k., based in Warsaw, address: ul. Orzycka 6/1B, 02-695 Warsaw, registered in the Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under number 0000593842, NIP: 7541013035, REGON: 00823260300000, hereinafter also referred to as "PKF BPO Sadowska – Malczewska";

PKF Tax&Legal Chamera Orczykowski sp. k., based in Warsaw, address: ul. Orzycka 6/1B, 02-695 Warsaw, registered in the Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under number 0000832265, NIP: 5213892373, REGON: 38571507700000, hereinafter also referred to as "PKF Tax&Legal";

PKF Advisory Sp. z o.o., based in Warsaw, address: ul. Orzycka 6/1B, 02-695 Warsaw, registered in the Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under number 0001011067, NIP: 521-39-99-042, REGON: 524060090, hereinafter also referred to as "PKF Advisory";

PKF Brevells Cekiera Sp. k., based in Warsaw, address: ul. Orzycka 6/1B, 02-695 Warsaw, registered in the Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under number 0001011347, NIP: 521-399-92-43, REGON: 524067168, hereinafter also referred to as "PKF Brevells Cekiera";

Consult sp. z o. o., based in Warsaw, address: ul. Orzycka 6/1B, 02-695 Warsaw, registered in the Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under number 0000557006, NIP: 5213696436, REGON: 38150255500000, hereinafter also referred to as "Consult"; separately also as "Controller" or "Controllers". More information in this regard can be found in Chapter 3 of this Policy.

1.2. Personal Data - information about an identified or identifiable natural person through one or more specific factors defining physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, internet identifier, and information collected through cookies and other similar technology.

1.3. Policy - this Privacy Policy.

1.4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.5. Service - the website operated by the Joint Controllers at https://pkfbpo.pl.

1.6. User - any natural person visiting the Service or using one or more services or functionalities described in the Policy.

2. Data Processing in Connection with Using the Service

2.1. In connection with the User's use of the Service, the Joint Controllers (or each Controller individually) collect data to the extent necessary to provide individual services offered, as well as information about the User's activity on the Service. Below are detailed rules and purposes for processing Personal Data collected during the User's use of the Service.

3. Joint Administration

3.1. In connection with processing Users' Personal Data in the scope of operating the Service, the Controllers cooperate in determining the purposes and means of such processing (joint administration of personal data).

3.2. The scope of joint administration includes activities such as operating the Service, managing social media, as well as using cookies and similar technologies. More information on joint administration is available at https://www.pkfpolska.pl/wspoladministrowanie-4889.

3.3. Notwithstanding the above, for certain services provided within the Service, the Joint Controllers may act separately. In each such case, the relevant data Controller responsible for executing the specific process will be indicated in the content of the Policy.

4. Purposes and Legal Bases for Data Processing in the Service

USING THE SERVICE

4.1. For the use of the Service, the joint controllers of Users' personal data are: PKF Consult sp. z o.o. sp. k., PKF BPO Sadowska – Malczewska sp. k., PKF Tax&Legal Chamera Orczykowski sp. k., PKF Advisory Sp. z o.o., PKF Brevells Cekiera Sp. k., and Consult Sp. z o.o., all based in Warsaw (02-695) at ul. Orzycka 6/1B.

4.2. The personal data of all individuals using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Joint Controllers for:

1. The provision of electronic services in terms of making the content collected in the Service available to Users – in this case, the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) GDPR);
2. Analytical and statistical purposes – in this case, the legal basis for processing is the legitimate interest of the Joint Controllers (Article 6(1)(f) GDPR), consisting in conducting analyses of Users' activity and preferences to improve the functionalities and services provided;
3. Potential determination and pursuit of claims or defense against claims – the legal basis for processing is the legitimate interest of the Joint Controllers (Article 6(1)(f) GDPR), consisting in the protection of their rights;
4. Users' personal data may also be processed for marketing purposes by the joint controllers – the principles of personal data processing for marketing purposes are described in the MARKETING section.

The User's activity on the Service, including their Personal Data, is recorded in system logs (a special computer program for chronologically storing information about events and activities related to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for service-related purposes. The Joint Controllers also process them for technical, administrative, security purposes of the IT system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the Joint Controllers (Article 6(1)(f) GDPR).

CONTACT FORM

4.3. Regarding the use of the contact form on the Service, depending on the subject of the inquiry, the controller of the Users' personal data will be PKF Consult sp. z o.o. sp. k., PKF BPO Sadowska – Malczewska sp. k., PKF Tax&Legal Chamera Orczykowski sp. k., PKF Advisory Sp. z o.o., PKF Brevells Cekiera Sp. k., Consult Sp. z o.o., all based in Warsaw (02-695) at ul. Orzycka 6/1B.

4.4. Each separate Controller ensures the possibility of contacting them using an electronic contact form. Using the form requires providing Personal Data necessary to contact the User and respond to the submitted inquiry. The User may also provide other data to facilitate the handling of the inquiry. Providing data marked as mandatory is required to accept and handle the inquiry, and failure to do so results in the inability to handle the inquiry. Providing the remaining data is voluntary.

4.5. Personal data are processed for:

1. Identifying the sender and handling their inquiry submitted via the provided form – the legal basis for processing is the necessity of processing to perform the service contract (Article 6(1)(b) GDPR); for data provided optionally, the legal basis for processing is consent (Article 6(1)(a) GDPR);
2. Analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controllers (Article 6(1)(f) GDPR), consisting in keeping statistics of inquiries submitted by Users via the Service to improve its functionalities.

5. Marketing

5.1. In terms of conducting marketing activities, the data controller of the User's personal data is PKF Consult sp. z o.o. sp. k., based in Warsaw (02-695), at ul. Orzycka 6/1B.

5.2. Personal data of Users who have consented to receive communication from PKF Consult Sp. z o.o. Sp. k. via selected communication channels (email, phone call) are processed to direct marketing communication about interesting offers or content promoting services offered by PKF Consult sp. z o.o. sp. k., PKF BPO Sadowska – Malczewska sp. k., PKF Tax&Legal Chamera Orczykowski sp. k., PKF Advisory Sp. z o.o., PKF Brevells Cekiera Sp. k., and Consult Sp. z o.o., all based in Warsaw (02-695) at ul. Orzycka 6/1B. The data is processed based on the legitimate interest of the Controller (Article 6(1)(f) GDPR). The legitimate interest of the Controller is to direct marketing content to the User via phone or email, based on the User's consent to receive marketing communications from PKF Consult Sp. z o.o. Sp. k., promoting services offered by PKF Consult Sp. z o.o. Sp. k., as well as other entities belonging to the PKF Group, i.e., PKF BPO Sadowska – Malczewska Sp. k., PKF Tax & Legal Chamera Orczykowski Sp. k., PKF Advisory Sp. z o.o., PKF Brevells Cekiera Sp. k., and Consult Sp. z o.o., to the contact details provided by the User.

6. Social Media

6.1. In terms of operating social media portals, the joint controllers of Users' personal data are: PKF Consult sp. z o.o. sp. k., PKF BPO Sadowska – Malczewska sp. k., PKF Tax&Legal Chamera Orczykowski sp. k., PKF Advisory Sp. z o.o., PKF Brevells Cekiera Sp. k., and Consult Sp. z o.o., all based in Warsaw (02-695) at ul. Orzycka 6/1B.

6.2. The joint controllers process Users' personal data who visit the profiles of the Joint Controllers operated on social media (Facebook, YouTube, LinkedIn). This data is processed solely in connection with managing the profile, including informing Users about the Joint Controllers' activities and promoting various events, services, and products. The legal basis for processing personal data by the Joint Controllers for this purpose is their legitimate interest (Article 6(1)(f) GDPR), which is promoting their brand.

7. Cookies and Similar Technology

7.1. Cookies are small text files installed on the User's device browsing the Service. Cookies collect information that facilitates the use of the website – for example, by remembering the User's visits to the Service and the activities performed by them.

7.2. In terms of managing cookies and similar technology on the Service, the joint controllers of Users' personal data are: PKF Consult sp. z o.o. sp. k., PKF BPO Sadowska – Malczewska sp. k., PKF Tax&Legal Chamera Orczykowski sp. k., PKF Advisory Sp. z o.o., PKF Brevells Cekiera Sp. k., and Consult Sp. z o.o., all based in Warsaw (02-695) at ul. Orzycka 6/1B. Detailed information in this regard is available in the Cookie Policy.

8. Personal Data Processing Period

8.1. The period for processing data by the Joint Controllers or separate Controllers depends on the type of service provided and the purpose of processing. Generally, data is processed for the duration of the service provision or order fulfillment until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Joint Controllers or each Controller individually.

8.2. The data processing period may be extended if processing is necessary to establish and pursue potential claims or defend against claims, and after this period, only in the case and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.

9. User Rights

9.1. The User has the right to access the data content and request its rectification, deletion, restriction of processing, the right to data portability, and the right to object to data processing, as well as the right to lodge a complaint with the supervisory authority dealing with personal data protection.

9.2. To the extent that the User's data is processed based on consent (i.e., for optional data provided when filling out the contact form), this consent can be withdrawn at any time by contacting the Controller responsible for handling the form (as per the "CONTACT FORM" section above).

9.3. The User has the right to object to data processing on grounds related to their particular situation – in cases where the legal basis for data processing is the legitimate interest of the Joint Controllers or each Controller individually (e.g., in connection with analytical and statistical purposes).

10. Data Recipients

10.1. In connection with the provision of services, personal data will be disclosed to external entities, including suppliers responsible for operating IT systems and entities affiliated with the Joint Controllers or each Controller individually, including companies within their capital group.

10.2. The Joint Controllers and each Controller individually reserve the right to disclose selected information about the User to competent authorities or third parties who request such information based on an appropriate legal basis and in accordance with applicable law.

11. Data Transfer Outside the EEA

11.1. The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. Therefore, as a rule, the Joint Controllers do not transfer personal data outside the EEA. Such a transfer may occur only when necessary, with an appropriate level of protection ensured, primarily through:

• Cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued regarding the adequacy of personal data protection;
• Use of standard contractual clauses issued by the European Commission;
• Use of binding corporate rules approved by the competent supervisory authority.

11.2. The Joint Controllers and each Controller individually always inform about the intention to transfer personal data outside the EEA at the stage of their collection.

12. Personal Data Security

12.1. The Joint Controllers and each Controller individually conduct ongoing risk analysis to ensure that personal data is processed securely – ensuring, above all, that access to data is only granted to authorized persons and only to the extent necessary for the tasks they perform. The Joint Controllers and each Controller individually ensure that all personal data operations are recorded and performed only by authorized employees and associates.

12.2. The Joint Controllers and each Controller individually take all necessary steps to ensure that their subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on their behalf.

13. Contact Details

13.1. Contact with the Joint Controllers or each Controller individually is possible by sending a message to the following mailing address: ul. Orzycka 6/1B, 02-695 Warsaw.

13.2. Additionally, the following email addresses have been designated for contact with the selected Controller:

• PKF Consult - pkfconsult@pkfpolska.pl
• PKF BPO - biurobpo@pkfpolska.pl
• PKF Tax&Legal - podatki@pkfpolska.pl
• PKF Advisory - konsulting@pkfpolska.pl
• PKF Brevells Cekiera - prawo@pkfpolska.pl
• Consult Sp. z o.o. - pkfconsult@pkfpolska.pl

The Joint Controllers and each Controller individually have appointed a Data Protection Officer, who can be contacted via email at iod@pkfpolska.pl regarding any matters related to personal data processing.

14 . Changes to the Privacy Policy

14.1. The Policy is reviewed and updated as necessary.

14.2. The current version of the Policy was adopted and is effective from [2023].