GDPR information obligation

The following information is a concise, understandable, and transparent summary of the information provided in the Privacy Policy regarding the Data Controller, the purpose and method of personal data processing, and your rights in connection with such processing, in the form required to comply with the GDPR information obligation. Details regarding the processing method and the entities participating in this process are available in the indicated policy.

Who is the data controller?

The Personal Data Administrator (hereinafter referred to as the Administrator) is the company GTC LTD SPÓŁKA Z O.O., ul. Tucholska 12, 01-608 Warszawa, NIP: 5252909971, REGON: 522161615, KRS: 0000974739.

How can you contact the data controller?

You can contact the Administrator in one of the following ways:

  • Mailing address: GTC LTD SPÓŁKA Z O.O., ul. Tucholska 12, 01-608 Warszawa, NIP: 5252909971, REGON: 522161615, KRS: 0000974739
  • Email address: office@gtcltd.eu
  • Mobile phone: +48 600 345 900
  • Contact form: available on the website.

Has the Administrator appointed a Personal Data Inspector?

Pursuant to Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer. In matters concerning data processing, including personal data, please contact the Controller directly.

Where do we obtain personal data and what are its sources?

Data is obtained from the following sources:

  • from data subjects
  • in the case of registration using social networking sites, with the informed consent of these individuals, from these social networking sites

What is the scope of personal data we process?

The website processes ordinary personal data, provided voluntarily by the data subjects (e.g., name, login, email address, telephone number, IP address, etc.).

The detailed scope of data processed is available in the Privacy Policy.

What are the purposes of our data processing?

Personal data voluntarily provided by Users are processed for one of the following purposes:

  • Providing electronic services:
    • Registration and maintenance of User accounts on the Website and related functionalities
    • Newsletter services (including sending advertising content with consent)
    • Commenting on/liking posts on the Website without the need to register
  • Communication between the Administrator and Users on matters related to the Website and data protection
  • Ensuring the Administrator’s legitimate interest

What are the legal bases for data processing?

The website collects and processes User data based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
    • Article 6(1)(a) – the data subject has consented to the processing of his or her personal data for one or more specific purposes
    • Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
    • Article 6(1)(b) f – processing is necessary for the purposes of legitimate interests pursued by the controller or a third party
  • Act of 10 May 2018 on Personal Data Protection (Journal of Laws 2018, item 1000)
  • Act of 16 July 2004 – Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
  • Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

What is the legitimate interest pursued by the Administrator?

  • For the purpose of establishing, pursuing, or defending against legal claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) of the GDPR) in protecting our rights, including:
  • To assess the risk of potential customers
  • To evaluate planned marketing campaigns
  • For direct marketing purposes

For how long do we process personal data?

As a rule, the personal data indicated are retained only for the duration of the service provided by the Controller. They are deleted or anonymized within 30 days of the termination of the service (e.g., deletion of a registered user account, unsubscription from the newsletter, etc.).

In exceptional circumstances, to protect the Controller’s legitimate interests, this period may be extended. In such a case, the Controller will retain the data indicated from the time the User requests its deletion, but no longer than three years in the event of a violation or suspected violation of the terms and conditions of the service by the data subject.

Who is the recipient of data, including personal data?

As a rule, the sole recipient of data is the Administrator. However, data processing may be entrusted to other entities providing services to the Administrator in order to maintain the Website’s operations. Such entities include, among others:

  • Hosting companies providing hosting or related services to the Administrator
  • Companies through which the Newsletter service is provided

Will your personal data be transferred outside the European Union?

Personal data is transferred outside the European Union. Data is transferred outside the EU due to the use of services provided by entities located outside the EU, or as a result of publication as a result of an individual action by the User (e.g., entering a comment or entry), which makes the data available to any person visiting the website. If personal data is transferred or entrusted to be processed outside the EU, such data is processed pursuant to an agreement concluded between the Controller and the Service Provider.

Will personal data be the basis for automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What rights do you have regarding the processing of personal data?

  • Right of access to personal data
    Users have the right to access their personal data, upon request submitted to the Controller.
  • Right to rectify personal data
    Users have the right to request the Controller to immediately rectify inaccurate personal data and/or to complete incomplete personal data, upon request submitted to the Controller.
  • Right to delete personal data
    Users have the right to request the Controller to immediately delete personal data, upon request submitted to the Controller. In the case of user accounts, data deletion involves anonymizing the data that allows for the User’s identification. In the case of the Newsletter service, the User may independently delete their personal data using the link included in each email sent.
  • Right to restrict the processing of personal data
    Users have the right to restrict the processing of personal data in the cases indicated in Article 18 of the GDPR, including: Questioning the accuracy of personal data, upon request submitted to the Controller.
  • Right to personal data portability
    Users have the right to obtain from the Controller personal data concerning the User in a structured, commonly used, machine-readable format, upon request submitted to the Controller.
  • Right to object to the processing of personal data
    Users have the right to object to the processing of their personal data in the cases specified in Article 21 of the GDPR, upon request submitted to the Controller.
  • Right to file a complaint
    Users have the right to file a complaint with the supervisory authority responsible for personal data protection.