The Service Operator has access to the user data and the right to use them in accordance with the contents of this statement. The data may also be transferred to suppliers with whom the Service Operator is associated. In addition, the Operator of the Website may be obliged to provide information collected by the Website to authorized state authorities on the basis of lawful requests.

1. the Administrator of the personal data processed in the websites available at:

https://www.tanexpert.pl

https://www.tanexpert24.pl

is:

VIRTUAL GROUP G.Kozak i T.Rejman Sp.j.

Kurkowa 5/U2

70-535 Szczecin

KRS 0000662148, NIP 8522628345, REGON 366502117

2. The Administrator has appointed a Data Protection Supervisor who supervises the proper processing of personal data..

3. The Administrator and the Data Protection Supervisor appointed by the Administrator can be contacted by sending a postal letter to the Administrator's registered office address listed in Section 1 or by e-mail at: kontakt@tanexpert.pl.

4. The Administrator processes personal data on the basis of Article 6(1)(f) of the GDPR, as it is necessary for the realization of its legitimate interests, i.e. for the reliable provision of the information services it offers.

5. Personal data is processed by the Administrator for the following purposes:

- preparing upon request, as well as concluding and executing a Provision of Services or Sales Agreement, including the performance of complaint or similar obligations - the basis for processing is Article 6(1)(b) of the GDPR; or, in the case of the Customer's representative, the basis for processing his/her data is the Administrator's legitimate interest in being able to contact the Customer (Article 6(1)(f) of the GDPR);

- handling or preserving (recording, archiving, etc.) the communication conducted through contact forms and tools (chat) available on the Online Store or through telephone or email contact to the numbers or addresses indicated in the Online Store - the basis for processing is Art. 6 para. 1 lit. f GDPR, when the legitimate interest of the Administrator manifests itself in providing an answer to the question asked; or, the basis for processing is the necessity of fulfilling a legal obligation imposed on the Administrator by a provision of law (e.g. when the contact involves a request for the exercise of GDPR related rights; Art. 6(1)(c) GDPR);

- establishing, investigating or defending against claims - the basis for processing is the legitimate interest of the Administrator in establishing, investigating or defending against claims (Article 6(1)(f) GDPR);

- Performing the Administrator's legal obligations under tax and accounting regulations, including archiving contracts and billing documents - the basis for processing is Article 6(1)(c) GDPR;

-- conducting analyses, statistics, marketing activities and sending commercial messages electronically - the basis for processing is consent (Article 6(1)(a) GDPR); or, the legitimate interest of the Administrator (Article 6(1)(f) GDPR).

6. Data processed for the purposes indicated in the paragraph above may be shared with other entities, namely:

- entities with which we have concluded contracts for entrustment of personal data processing, i.e. entities providing IT (e.g. hosting), accounting, banking, legal, administrative, postal, courier services;

- employees or associates who have been trained, authorized and obligated to maintain confidentiality and comply with data protection regulations;

- to public administration authorities or other entities authorized by law, for the purpose of performing their or our obligations.

7. We process the following types of personal data: first and last name; email address; contact telephone number; address (street, house number, apartment number, postal code, city, country) and delivery address. In the case of Customers who are Entrepreneurs, we additionally process the Entrepreneur's name/company name and Tax Identification Number.

8.  Providing personal data referred to in the preceding paragraph is necessary for us, in particular, to provide services electronically through the Online Store and to conclude and perform the Sales Agreement. Providing personal data in these cases is voluntary, but the consequence of not providing such data will be the inability to conclude a contract.

9. In addition, we may process the following data characterizing the use of services provided electronically within the Online Store (exploitation data):

- designations identifying the end of the telecommunications network or data communications system you use;

- information about the beginning, end and scope of each time you use such services

10. The Administrator may make automated decisions based on the processed personal data, including profiling as referred to in Article 22 (1) and (4) of the GDPR.

11.  Personal data will be stored for the period necessary to fulfill the purposes, namely:

- for purposes related to the conclusion and execution of the contract - until its end;

- for the purpose of communication service - for the period necessary to address the submitted case, and after its completion for the period of expiration of the claims related to the case;

- for the purpose of establishing, investigating or defending against claims - until the expiration of the claims

- for tax and accounting purposes, or other purposes necessary under applicable laws - for the period in accordance with applicable laws;

- for the purpose of carrying out the activities indicated in the preceding point - until the consent is withdrawn, the legally justified interests of the Administrator or a third party are satisfied, or an objection is raised to the processing of personal data.

12. All individuals whose data the Administrator processes in his/her files have the right to request from the Administrator access to such data, rectification, deletion or restriction of processing, to object to processing, as well as the right to transfer the data to another administrator.

13. In order to exercise these rights, you must contact the Administrator or the Data Protection Officer designated by the Administrator in the manner described in Section 3.

14. In the event of a violation of the applicable legislation regarding the processing of personal data, persons whose data the Administrator processes in his/her files shall have the right to lodge a complaint with the supervisory authority.

15. The Administrator shall make every effort to provide all means of physical, technical and organizational protection of personal data against accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use or access, in accordance with all applicable laws.