Pursuant to Article 13(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: "GDPR"), we hereby inform you that:
Data Controller: The controller of your personal data is Afina Systems in Warsaw, address: ul. Senatorska 2, Workin, 00-075, registered in the Register of Entrepreneurs of the National Court Register (KRS) maintained by the District Court for the Capital City of Warsaw in Warsaw, under KRS number: 0000884244, REGON: 388239950, NIP: 5252852337 (hereinafter: the "Company").
Purposes and Legal Basis of Processing: Your personal data will be processed on the basis of Article 6(1)(a)–(c) of the GDPR for the purpose of concluding and performing a sales contract for products offered by the Company, as well as for the fulfillment of legal obligations incumbent on the Company, direct marketing, creating compilations, analyses and statistics, handling complaints and inquiries, technical support, and financial settlements, including the issuance of accounting documents.
Data Recipients: The Company is entitled to transfer your personal data to third parties (hereinafter: "Company Associates"). Accordingly, your personal data may be transferred to Company Associates based on a personal data processing agreement concluded between the Company and the Associates. The Company is also obliged to disclose your personal data based on mandatory provisions of law, including requests from authorized courts, authorities, and institutions.
Transfer of Data Outside the EEA: In principle, your personal data is not transferred outside the European Economic Area (EEA). However, your personal data may be transferred outside the EEA when necessary to fulfill your order, including situations where the execution of the order requires the involvement of Company Associates based outside the EEA.
Storage Period: Your personal data will be stored for the period necessary to perform the contract concluded with the Company, and thereafter until the expiry of the statute of limitations for claims arising from the contract. Personal data recorded in accounting documentation will be stored for the period specified in applicable laws, including tax regulations.
Your Rights: Subject to the limitations arising from the GDPR and other legal provisions, you have the right to access your personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, and the right to withdraw consent at any time if the processing is based on your consent.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority within the meaning of the GDPR if you consider that the processing of your personal data violates the provisions of the GDPR.
Voluntary Data Provision: To the extent necessary to perform the contract or to take action at your request, as well as to fulfill a legal obligation—the processing of your data occurs based on law (Art. 6(1)(b) and (c) GDPR) without requiring your consent. In all other respects, providing personal data is voluntary. However, where consent is given solely for marketing purposes, providing data is voluntary, but refusal or withdrawal of consent prevents the Company from informing you about new offers and promotions.
Automated Decision-Making: You may be subject to a decision based solely on automated processing, including profiling, if the Company is authorized to do so by applicable law or if you have given prior consent.