GDPR Legal Notice for Principals

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”) please be informed that:


1. The Controller of the personal data of the Principal's Representatives (including members of the Principal's staff, associates, representatives and agents) (hereinafter collectively: the “Representatives”) is Grafit sp. z o. o. with its registered office in Warsaw (ul. Krochmalna 56 /37, 00-864 Warsaw) entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw], 13th Commercial Division of the National Court Register under KRS number: 0000948703, NIP: 5272987537, REGON: 52112626100000, having a share capital of PLN 5,000 (five thousand zlotys) (hereinafter: “Controller”).

2. In all matters relating to the processing of personal data, the Representatives may contact the Controller by e-mail, at: hello@grafit.agency.

3. The Controller may process personal data of the Representatives for the purpose of:
a) conclusion of an agreement between the Contractor and the Controller and its execution – pursuant to Article 6(1)(f) GDPR (processing is necessary for the purposes of the Controller's legitimate interests, which is the correct conclusion and execution of the agreement concluded with the Controller);
b) fulfilling the Controller's obligations under the provisions of GDPR (including the creation of records and registers) – pursuant to Article 6(1)(c) GDPR (processing is necessary for the Controller to fulfill a legal obligation);
c) establishing, asserting or defending against claims – pursuant to Article 6(1)(f) GDPR (processing is necessary for the purposes of the Controller's legitimate interest, which is the protection of the Controller's legal interests).

4. Provision of personal data by the Representatives is voluntary, but the provision of data such as:
(a) first and last name,
(b) function performed,
(c) email address,
(d) phone number,
– is necessary to enter into an agreement with the Controller and its performance (failure to provide the above data will result in the inability to enter into an agreement and its performance).

5. Personal data of the Representatives shall not be used for automated decision- making, including profiling.

6. In connection with the Controller's use of services provided by Google LLC (which is the recipient of the Representatives' data), the Representatives' personal data may be transferred to the following third countries: UK, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the aforementioned third countries is:
a) for the United Kingdom, Canada, Israel and Japan – decisions of the European Commission ascertaining an adequate level of protection for personal data in each of the aforementioned third countries;
b) for the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia, and Australia – contractual clauses providing an adequate level of protection, in accordance with the standard contractual clauses set forth in Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.

7. The Representatives may obtain from the Controller a copy of the data transferred to a third country. Recipients of personal data of the Representatives may be the following entities cooperating with the Controller:
a) a company providing accounting services to the Controller;
b) a company providing courier services to the Controller;
c) a law firm providing legal services to the Controller;
d) a company providing data hosting services to the Controller;
e) a company providing IT services to the Controller.
f) entities to which the Controller has a legal obligation to provide data.

8. Personal data of the Representatives will be stored:
a) for the duration of the agreement – for personal data that are processed for the purpose of entering into and performing the agreement;
b) until the expiration of the statute of limitations – for personal data that are processed for the purpose of establishing, asserting and defending against claims;
c) until an effective objection is lodged or the purpose of the processing is achieved – for personal data that the Controller processes for its legitimate interest.

9. In connection with the Controller's processing of personal data of the Representatives, they are entitled to certain rights:
a) the right to be informed what personal data concerning the Representatives is processed by the Controller and to receive a copy of this data (the so- called right of access). The release of the first copy of the data is free;
b) if the processed data becomes outdated or incomplete (or otherwise incorrect), the Representatives have the right to request rectification;
c) in certain situations, the Representatives may request the Controller to delete personal data, such as when: - the data are no longer needed by the Controller for the purposes it informed; - effectively revoked consent to data processing – as long as the Controller does not have the right to process data on any other legal basis; - the processing is unlawful; - the need to delete the data arises from the Controller's legal obligation;
d) the right to transfer data to another controller – this applies only to those data of the Representatives that are processed under an agreement and by automated means;
e) the right to object to the processing of the Representatives' personal data for purposes arising from the legitimate interests of the Controller;
(f) if the Representatives consider that the processed personal data is incorrect, the processing is unlawful, or the Controller no longer needs certain data, they may request that for a certain necessary period of time (e.g., to verify the correctness of the data or to pursue claims) the Controller not perform any operations on the data, but only store it;
g) the Representatives have the right to lodge a complaint with the President of the Office for Personal Data Protection if they consider that the Controller's processing of their personal data violates the provisions of the GDPR or other data protection laws.

Turbocharge your launch today
Food
Choose Your Options
By clicking on the button, you consent to the processing of personal data and agree to the site's Privacy Policy.
Book a discovery call
Turbocharge your launch today
Thanks, we received your message!
We’ll get back to you soon. In the meantime,
schedule a free consultation with our experts.
Book a discovery call
Oops! Something went wrong while submitting the form.
Turbocharge your launch today
Start your project