+48 22 380 03 80Zadzwoń do nas

Privacy Policy

I. Initial Information

The purpose of this privacy policy is to provide you with information about how ECOVIS Poland Sp. z o.o. collects and processes your personal data when you use our services or visit our websites. This includes all personal data you provide to ECOVIS Poland Sp. z o.o. via this website, for example when you send your personal data by email in the form of a service inquiry, but also if you provide us with any personal data in another form. In this Privacy Policy, the terms “ECOVIS Poland Sp. z o.o.,” “Administrator,” “we,” or “our” (and similar) refer to the company ECOVIS Poland Sp. z o.o. based in Warsaw (Poland), which is responsible for processing your personal data.

II. Personal Data Administrator

Our full details are:

ECOVIS Poland Sp. z o.o., based in Warsaw, ul. Garażowa 5a, 02-651 Warsaw, registered in the register of entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under number 0000054522, with a share capital of 250,000.00 PLN, using the tax identification number NIP: 5261036755.

Contact details for data protection matters:

piotr.perlowski@ecovis.pl

III. Definitions

**Administrator** (also Data Controller): The entity responsible, ECOVIS Poland Sp. z o.o. based in Warsaw, ul. Garażowa 5a, 02-651 Warsaw.

 **Portal**: The service www.ecovis.com/pl/ (also operating under the domains ecovis.pl).

**Cookies**: Small files that store website settings (e.g., language), login information, etc., stored via the browser.

**User**: A natural person, legal entity, or organizational unit without legal personality who uses our website or services.

**Employee**: A person employed at ECOVIS Poland Sp. z o.o. based in Warsaw under an employment contract or other civil law contract.

**GDPR**: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

IV. Collection of Personal Data

ECOVIS Poland Sp. z o.o. collects data for specific, lawful purposes, processes it lawfully, and does not subject it to further processing incompatible with those purposes. Data is collected only to the adequate, necessary extent relevant to the purposes for which it is processed.

ECOVIS Poland Sp. z o.o. makes every effort to protect data from unauthorized access by third parties and uses high-level organizational and technical security measures, which will be described further in this Policy. ECOVIS Poland Sp. z o.o. does not share data with any recipients not authorized according to the binding legal provisions in this regard.

V. Purposes of Personal Data Processing

Your data will be processed for the provision of services by ECOVIS Poland Sp. z o.o., and in the case of Employees for purposes related to the establishment and course of employment, based on your voluntary consent and the concluded employment contract or other civil law contract.

With your consent, data may be processed for marketing purposes.

Additionally, your data may also be processed for the detection of bots and abuse, statistical measurements, and improvement of ECOVIS Poland Sp. z o.o. services.

VI.  Legal Bases for Personal Data Processing

The processing of personal data may be based on various legal grounds, depending on the category of personal data processed and the purpose of processing. We process data, among others:

    • The legal basis for processing your data for marketing purposes is your voluntary consent to data processing, including profiling (Art. 6(1)(a) GDPR).
    • For the detection of abuse, statistical measurements, and improvement of ECOVIS Poland Sp. z o.o. services (Art. 6(1)(f) GDPR – legitimate interest of the administrator).
    • Personal data of persons who use or intend to use our services and send us messages for this purpose is processed as it is necessary for the performance of the contract (Art. 6(1)(b) GDPR).
    • Personal data collected for purposes related to the establishment and course of the employment process, based on your voluntary consent and the concluded employment contract or other civil law contract (Art. 6(1)(a) and (b) GDPR).
    • Sometimes legal provisions require us to process certain personal data, for example, for tax and accounting purposes (Art. 6(1)(c) GDPR).

We request that you do not provide through websites and email any special categories of personal data (such as information about race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health information, genetic data, biometric data, sexual life or sexual orientation information, and criminal history). If such information is provided for any reason, it will mean explicit consent to collect and use such information as specified in this document or at the place where this information was disclosed.

We also inform you that “Consent” under GDPR means a voluntary, specific, informed, and unambiguous indication of the data subject’s wishes, by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. GDPR uses the term “indication of will,” which is crucial, especially in the context of Recital 32 of GDPR, which states that consent may involve: (1) ticking a box on a website, (2) choosing technical settings for information society services, or (3) another statement or behavior clearly indicating acceptance of the proposed processing of personal data in a particular context. Therefore, when you voluntarily provide us with your personal data, for example by sending an inquiry via email, we obtain your consent to process the personal data provided to us.

VII. Period for Which Your Personal Data Will Be Processed

The period for which we may process personal data depends on the legal basis constituting a lawful ground for processing personal data. We never process personal data for longer than necessary according to the aforementioned legal grounds and purposes for which they were collected. Accordingly, we inform you that:

    • In the case of processing data based on consent, the processing period lasts until the user withdraws this consent.
    • When ECOVIS Poland Sp. z o.o. processes personal data based on the legitimate interest of the data controller, the processing period lasts until the aforementioned interest ceases (for example, the limitation period for civil claims) or until the person concerned objects to further such processing – in cases where such objection is in accordance with legal provisions.
    • In the case of collecting your personal data for the performance of a contract (including an employment contract with an Employee), we process such personal data for the period necessary for its performance and, in justified cases, after its performance, but only if allowed or required under applicable law, e.g., processing for statistical, accounting, or claims purposes. In such a case, the data will be processed only for the period necessary to achieve the relevant purposes.
    • When we process personal data because it is necessary under applicable legal provisions, the periods for processing data for this purpose are determined by these provisions

VIII. Cookies

Cookies are understood as IT data, in particular text files, stored on users’ end devices intended for the use of websites. These files allow the user’s device to be recognized and the website to be displayed appropriately, tailored to their individual preferences. Cookies usually contain the name of the website from which they originate, the duration of storage on the end device, and a unique number.

Cookies are used to adjust the content of websites to the user’s preferences and optimize the use of websites. They are also used to create anonymous, aggregated statistics that help understand how the user uses websites, which allows improving their structure and content, excluding personal identification of the user.

Two types of cookies are used – “session” and “persistent”. The first are temporary files that remain on the user’s device until logging out from the website, or turning off the software (web browser). Persistent files remain on the user’s device for the time specified in the cookie parameters or until they are manually deleted by the user.

Personal data collected using cookies may be collected only for the purpose of performing specific functions for the user. Such data is encrypted in a way that prevents access to them by unauthorized persons.

Software for browsing websites by default allows the placement of cookies on the user’s device. These settings can be changed in such a way as to block the automatic handling of cookies in the settings of the web browser, or to inform about each transmission to the user’s device. Limiting the use of cookies may affect some of the functionalities available on the Portal.

IX. Requirement to Provide Personal Data

Providing personal data for marketing purposes (including profiling) is voluntary. If you do not consent to the processing of personal data left by you as part of using websites, services, and other functionalities, including those saved in cookies, your personal data will not be processed for this purpose.

Providing data for the purpose of concluding a service contract is necessary for its performance. If these data are not provided, the provision of services cannot be realized.

Providing personal data collected for purposes related to the establishment and course of the employment process is necessary for the proper performance of the employer’s obligations.

Processing data for the purpose of detecting bots and abuse, statistical measurements, and improving our services is necessary to ensure high-quality service provision. Failure to collect your personal data for these purposes may prevent the correct provision of services.

Processing data for participation in internet research is necessary to collect statistical information about the recipients of websites, the Portal, and other functionalities, and to provide

statistics about them and understand how they are used by internet users. It is necessary to ensure high quality of our services. Failure to collect your personal data for these purposes may prevent the correct provision of services.

X. Recipients of Your Personal Data

Your data may be transferred to entities processing personal data on behalf of the controller, such as IT service providers, legal service providers, as well as the Polish postal service, courier service providers, and in the case of Employees, also such entities as insurers, medical entities, external auditors, external trainers (including OHS), lessors, and other entities – provided that such entities process data based on a contract with the controller and exclusively in accordance with the controller’s instructions.

Your data may also be transferred to entities authorized to obtain them under applicable law.

XI.  Transfer of Your Personal Data Outside the European Economic Area

We do not transfer and do not plan to transfer your data outside the European Economic Area.

XII. Your Rights Related to the Processing of Personal Data

All persons whose data are processed have the following rights:

**Right to information about personal data processing**: Upon request, the Administrator provides information about the processing of personal data, including the purposes and legal bases of processing, the scope of the processed data, the entities to whom personal data is disclosed, and the planned date of their deletion.

**Right to obtain a copy of the data**: Upon request, the Administrator provides a copy of the processed data concerning the requesting person. For subsequent requests for copies of data from the same person, the Administrator may charge additional fees.

**Right to rectification of data**: Upon request, the Administrator removes any inconsistencies or errors concerning the processed personal data and supplements or updates them if they are incomplete or have changed.

**Right to erasure of data**: This right allows you to request the deletion of data that is no longer necessary to achieve any of the purposes for which it was collected.

**Right to restriction of processing**: Upon request, the Administrator ceases operations on personal data, except for operations agreed to by the data subject and their storage, in accordance with the adopted retention principles, or until the reasons for restricting data processing cease.

**Right to data portability**: To the extent that data is processed in connection with a concluded contract or consent, the Administrator provides the data supplied by the data subject in a format that allows reading by an electronic device. It is also possible to request the transfer of this data to another entity – provided that there are technical possibilities on both the Administrator’s and the other entity’s sides.

**Right to object to data processing for marketing purposes**: The data subject can object to the processing of personal data for marketing purposes at any time without having to justify such objection.

**Right to object to other purposes of data processing**: The data subject can object to the processing of personal data at any time based on the legitimate interest of the Administrator (e.g., for analytical, statistical purposes, or for the protection of property). The objection in this regard should be justified and is subject to assessment by the Administrator.

**Right to withdraw consent**: If we process your personal data based on the consent you have given, you can withdraw this consent at any time at your discretion.

To exercise the above rights, you must send an appropriate request to the Administrator. Such a request can be submitted by traditional mail or electronic mail, writing to the address (or email address) of the Administrator indicated in point II of this Policy.

The request should, if possible, precisely indicate what it concerns, i.e., in particular, who is submitting the request, which right described above the person submitting the request wants to exercise, which processing purposes the request concerns, or whether it is simply a withdrawal of consent. If the Administrator is unable to determine the content of the request or identify the person submitting the request based on the provided information, they will ask the applicant for additional information. A response to the request will be provided promptly, no later than within one month of its receipt. If it is necessary to extend this period, the Administrator will inform the applicant of the reasons for such an extension. The response will be sent to the address of the sender (either traditional mail or email) unless the request specifies a different response method (e.g., in the case of a request submitted by mail, you can request an electronic response and vice versa).

XIII. Protection of Your Personal Data

ECOVIS Poland Sp. z o.o. applies appropriate technical, physical, and administrative security measures to ensure adequate protection of the User’s personal data from loss, misuse, unauthorized access, disclosure, and alteration. These protections include multiple encryption methods, password-protected database access, and storage in certified data centers.

XIV. Automatic Data Collection

Information we collect in connection with the use of our Portal may be processed automatically, but this will not have any legal effects on or similarly significantly affect the individual.

XV. Personal Data of Children

ECOVIS Poland Sp. z o.o. does not voluntarily or actively collect, use, or disclose personal data of minors (excluding data of employees’ family members reported for insurance or registration in medical entities, etc.) in accordance with the age requirements in a given jurisdiction, without obtaining prior consent from parents or legal guardians of such minors. If we become aware that we have collected personal data of a minor without obtaining verifiable parental consent, we will take steps to promptly delete this information.

XVI. Information on the Right to Lodge a Complaint with the Supervisory Authority

If you believe that your personal data is being processed unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office.