In connection with the obligation to provide information in accordance with Article 14 of the European Parliament and Council Regulation (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), we inform you that:
1. The administrator of personal data processed on the websites available under the following addresses:
https://www.tanexpert.pl
https://www.tanexpert24.pl
is:
VT7 Sp. z o.o.
Kurkowa 5/U2
70-535 Szczecin
KRS 0001009773, NIP 8522628345, REGON 366502117
2. The Administrator has appointed a Data Protection Officer who oversees the proper processing of personal data.
3. The Administrator and the appointed Data Protection Officer can be contacted by sending a postal letter to the address in point 1 or by email at: kontakt@tanexpert.pl
4. The Administrator processes personal data based on Article 6(1)(f) GDPR, because it is necessary for the legitimate interests pursued by the Administrator, namely, for the reliable provision of the services they offer.
5. Personal data is processed by the Administrator for the following purposes:
- To prepare upon request, conclude, and perform a service contract or Sales Agreement, including fulfilling warranty obligations or similar obligations – the processing basis is Article 6(1)(b) GDPR; alternatively, in the case of a representative of the Client, the processing basis for their data is the legitimate interest of the Administrator to contact the Client (Article 6(1)(f) GDPR);
- To handle or store (record, archive, etc.) communication conducted through forms and tools (chat) available on the Online Store or through phone or email contact using the numbers or addresses provided on the Online Store – the processing basis is Article 6(1)(f) GDPR, where the legitimate interest of the Administrator is to provide a response to the inquiry; alternatively, the processing basis is the need to fulfill a legal obligation imposed on the Administrator by law (e.g., when the contact concerns the exercise of rights under the GDPR; Article 6(1)(c) GDPR);
- To establish, pursue, or defend against claims – the processing basis is the legitimate interest of the Administrator in establishing, pursuing, or defending against claims (Article 6(1)(f) GDPR);
- To fulfill the Administrator's legal obligations arising from tax and accounting regulations, including archiving contracts and settlement documents – the processing basis is Article 6(1)(c) GDPR;
- To conduct analyses, statistics, marketing activities, and send commercial information electronically – the processing basis is consent (Article 6(1)(a) GDPR); alternatively, the legitimate interest of the Administrator (Article 6(1)(f) GDPR).
6. Data processed for the purposes mentioned above may be shared with other entities, namely:
- Entities with which we have concluded data processing agreements, such as entities providing IT (e.g., hosting), accounting, banking, legal, administrative, postal, courier services;
- Employees or collaborators who have been trained, authorized, and are obligated to maintain confidentiality and comply with personal data protection regulations;
- Public administration bodies or other entities authorized by law, to fulfill their or our legal obligations.
7. We process the following types of personal data: name and surname; email address; contact phone number; address (street, house number, apartment number, postal code, city, country) and delivery address. In the case of Clients who are Entrepreneurs, we also process the company name and NIP number of the Entrepreneur.
8. Providing personal data, as referred to in the previous point, is particularly necessary for the provision of electronic services within the Online Store and for the conclusion and performance of the Sales Agreement. Providing personal data is voluntary, but failure to provide this data will result in the inability to conclude the agreement.
9. Additionally, we may process the following data characterizing the use of the electronic services provided within the Online Store (usage data):
- Identifiers of the telecommunication network or information system used;
- Information about the start, end, and scope of each use of such services;
10. The Administrator may make automated decisions based on the processed personal data, including profiling as referred to in Article 22(1) and (4) GDPR.
11. Personal data will be stored for the period necessary to achieve the purposes, namely:
- For the purposes related to the conclusion and performance of the agreement – until the expiration of its validity;
- For the purpose of handling communication – for the period necessary to address the reported matter, and after its completion, for the statute of limitations on claims related to the matter;
- For the purpose of establishing, pursuing, or defending against claims – until the expiration of the limitation period for claims;
- For tax and accounting purposes or other necessary purposes under applicable law – for the period specified by applicable legal regulations;
- For the purpose of conducting activities indicated in the previous point – until the consent is withdrawn, the legally justified interests of the Administrator or a third party are satisfied, or an objection to the processing of personal data is filed.
12. All individuals whose data the Administrator processes in its database have the right to request access to that data, its rectification, erasure, or restriction of processing, as well as the right to object to processing, and the right to data portability to another administrator.
13. To exercise these rights, please contact the Administrator or the appointed Data Protection Officer as indicated in point 3.
14. In the case of violations of applicable laws regarding the processing of personal data, individuals whose data the Administrator processes have the right to file a complaint with the supervising authority.
15. The Administrator makes every effort to provide all physical, technical, and organizational measures for the protection of personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure, use, or access, in accordance with all applicable regulations.