Pursuant to Art. 13 sec. 1 and sec. 2 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), please be informed that:

1. The Controller of your personal data is Imago Public Relations Sp. z o.o. with its registered office in Katowice, 40-584, ul. Dworska 1, entered into the register of enterprises of the National Court Register kept by the District Court for Katowice – Wschód, 8th Commercial Division, under KRS [National Court Register Number]: 0000304270, NIP [Tax ID Number]: 634-26-78-174, REGON [Business Registry Number]: 240898430, telephone number (32) 608 29 85, email: imago@imagopr.pl

2. We have appointed a Data Protection Officer who can be contacted via email at: agnieszka.urbanczyk@imagopr.pl

3. Your personal data may be processed for the purposes of:
a) performing contracts concluded with the Controller’s counterparties,
b) fulfilling legal obligations incumbent on the Controller,
c) in all other cases, your personal data shall be processed only on the basis of your prior consent, to the extent and for the purposes stated in the content of the consent.

4. Your personal data may be received by:
a) entities to which the Controller is obliged to provide data on the basis of the applicable law,
b) entities to whom the Controller provides services in the field of public relations, marketing, advertising and image,
c) entities that provide the Controller with services such as: tax advisory, IT or transport services, entities delivering courier and postal parcels – provided that such entities process data on the basis of an agreement with the Controller and exclusively in accordance with the Controller’s instructions.

5. Your personal data will be stored until the claims arising from the services provided fall under the statute of limitations or until the obligation to store data resulting from provisions of law expires, in particular, the obligation to store the accounting documents relating to the contract. If we process data on the basis of your consent, personal data shall be processed until the consent is withdrawn.

6. You have the right to access your data and the right to rectify, delete, limit processing of data, the right to transfer the data, make objections and to withdraw the consent at any time without affecting the legality of processing, which was performed based on the consent before its withdrawal. In order to exercise your rights, please contact us via email at: imago@imagopr.pl.

7. If the processing of personal data is based on the consent of the data subject (Art. 6 sec. 1 letter (a) of the GDPR), you have the right to withdraw this consent at any time. This withdrawal shall not affect legal compliance of your personal data processing carried out pursuant to the consent granted prior to such withdrawal.

8. If you become aware of unlawful processing, you have the right to lodge a complaint with the President of the Personal Data Protection Office competent in matters related to personal data protection.

9. If the processing of personal data is based on the data subject’s consent, the provision of your personal data to the Controller is voluntary.

10. The provision of your personal data is mandatory if the prerequisite for the processing thereof constitutes a legal provision or a contract concluded between the parties.

11. Your personal data may be transferred to a third country/international organisation in connection with the relevant decision of the European Commission stating the appropriate level of protection guaranteed by the third country. In the absence of a decision issued by the European Commission confirming an adequate level of protection, data will be adequately secured by means of:
a) legally binding and enforceable instrument between public bodies or entities;
b) binding corporate rules approved by the President of the Personal Data Protection Office;
c) standard data protection clauses adopted by the European Commission;
d) standard data protection clauses adopted by the President of the Personal Data Protection Office and approved by the European Commission;
e) Code of Conduct approved by the President of the Personal Data Protection Office;
f) personal data protection certificate;
g) the President’s of the Personal Data Protection Office authorisation for contractual clauses;
h) the President’s of the Personal Data Protection Office authorisation for administrative resolutions between public bodies or entities.

12. Your personal data may be processed in an automated way and shall not be profiled.

We would like to ensure that we collect your personal data in the amount necessary for the specific purposes of processing. Your personal data shall be not sold to other entities, edited or changed. Any person having access to your personal data has been duly authorised for this purpose by the Controller.

At the same time, we guarantee the security of your personal data by, among other things, applying technical and organisational measures which enable safe processing thereof. We also implement appropriate procedures for handling this data, especially in case of its violation. We also make every effort to minimize the risks associated with the processing of personal data to the greatest extent possible.