GDPR

Acting in accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation referred to as GDPR), we would like to inform you that Backoffice Outsourcing Sp. z o.o. and its Group companies present a Privacy Policy, in particular with regard to your data protection rights.

This Privacy Policy contains information regarding the processing of personal data of our existing and potential customers.

Specific sections address issues such as:

  • the controller of personal data,
  • kind of data collected from Users and the collection method,
  • the purpose of collecting and processing personal data and the legal basis for processing personal data,
  • the principles and scope of the processing of personal data and, in particular, of their sharing with other entities,
  • the Users’ rights in relation to the processing of personal data,
  • the procedures related to the protection and security of personal data.

Legal basis:

This Privacy Policy refers to the following legal provisions concerning the protection of individuals’ personal data:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation referred to as GDPR) effective as of 25 May 2018.
  • new provisions in Polish legislation.

Data of the Personal Data Controller

In accordance with Article 13(1) and (2) of the General Data Protection Regulation of 27 April 2016, we inform you that the controller is:

Backoffice Outsourcing Sp. z o.o. and the companies comprising the Group with its registered office in Warsaw, at Al. Stanów Zjednoczonych 72/12, 04-036 Warsaw (details of the Group’s companies can be found in the “Registration Data” tab under the link https://backofficeoutsourcing.es/dane-rejestrowe/.

The controller can be contacted by letter or email at: cok@backofficeoutsourcing.de (details provided below).

Data of the Data Protection Officer

The Data Protection Officer is:

Robert Kütz, Al. Stanów Zjednoczonych 72/12, 04-036 Warsaw.

The officer can be contacted by letter or email at: cok@backofficeoutsourcing.de.

Purposes of personal data processing and legal basis for processing

Backoffice Outsourcing Sp. z o.o. and Group companies collect personal data only for specific, explicit and lawful purposes. The personal data in question may include your identification data: first name, surname, company name, contact details, i.e. email address, telephone number, where required by law, personal identification number (PESEL) and identity document number.

Your personal data may come from a number of sources, including your consent or publicly available sources.

Personal data is also obtained by providing it in the course of our emailing campaigns, as well as manually in connection with the provision of data in the course of ongoing cooperation.

At the first stage, the Controller processes personal data, i.e. email address obtained from generally available sources (e.g. from the National Court Register, CEIDG, Internet resources), and after receiving a notification, it processes personal data solely for the purpose of presenting you with a commercial offer related to the outsourcing of correspondence and other back office activities, after a prior quantitative analysis performed on the basis of a voluntarily completed questionnaire. Subsequently, the personal data obtained in the course of contacting the customer are processed exclusively for the purpose of fulfilling the cooperation agreement concluded and, above all, commercial correspondence.

The purpose of data processing is primarily to send you an enquiry, followed by a specific commercial offer for the outsourcing of correspondence and other back-office activities and, if accepted, the execution of the contract.

Personal data is processed on the basis of the consent given by the User and in cases where the provisions of law authorise the Controller to process personal data on the basis of a specific provision of law or for the performance of a contract concluded between the parties.

Legal basis for processing personal data:

  • Article 6(1)(b) of the GDPR**, which states that it is permitted to process personal data to the extent that it is necessary for the performance of a contract or it is necessary to take steps at the request of the data subject prior to entering into a contract;
  • Article 6(1)(c) GDPR*, which states that the processing is necessary for the fulfilment of a legal obligation incumbent on the controller. (e.g. for the purpose of issuing and storing invoices);
  • Article 6(1)(f) of the GDPR**, which states that the processing of data is necessary for the purposes of the legitimate interests pursued by the controller. The legally legitimate interest of Backoffice Outsourcing Sp. z o.o. and the Group companies is the processing of personal data such as the email address for direct marketing and information purposes, by sending an enquiry requesting contact and subsequently presenting a commercial offer concerning the outsourcing of correspondence and other back-office activities;
  • Article 6(1)(a) of the GDPR, which provides that the data subject has consented to the processing of their personal data for one or more specified purposes.

Information as to whether data are required or voluntary and the consequences of failing to provide them

With regard to the processing of personal data for the purpose referred to in the previous paragraph (Art. 6(1)(c) GDPR), the obligation to provide data is a statutory requirement. On the other hand, with regard to the processing of data for the purposes referred to in paragraphs 2** (Art. 6(1)(b) GDPR) and 3** (Art. 6(1)(f) GDPR), the obligation to provide data is a contractual requirement – the provision of personal data for all purposes referred to above is voluntary, but is necessary for the conclusion and performance of the contract with the Controller.

Consequences of not providing personal data

  • refusal to conclude a contract, to make an offer;
  • possibility of claiming compensation or refusal to provide services;
  • loss of the right to insurance cover;
  • negative consequences before the state authorities in the form of administrative fines, etc.

Period of retention of personal data

Backoffice Outsourcing Sp. z o.o. and Group companies store personal data:

  • for the purpose of concluding a contract, we keep it for the period of contract negotiation and until the end of the calendar year following the year in which you last contacted us about concluding a contract;
  • in connection with the conclusion of a contract we process it until the end of the processing period for potential claims under the contract, and in any case for the period required by law until the end of the processing period for potential claims under the contract, for example: According to Article 74 of the Accounting Act, the accounting books and accounting documents must be kept for at least five years from the beginning of the following financial year;
  • in order to comply with the Controller’s legal obligations – until the expiry of legal obligations;
  • accounting documents of the Books and related documents until the expiry of the period of limitation of tax liability, unless otherwise provided by the tax laws.

Users’ rights in relation to the processing of personal data

In connection with the processing of your personal data, you have the right to:

  • request the Controller to grant you access to your personal data, i.e. to obtain information about the purpose and means of processing your personal data;
  • request the Controller to rectify your personal data, i.e. to correct your personal data when it is incorrect or has changed;
  • request the Controller to restrict the processing of your personal data;
  • request the Controller to erase your personal data (“right to be forgotten”), i.e. to erase data that is processed without a legitimate legal basis;
  • object to the processing of your personal data;
  • data portability, i.e. to obtain your personal data that you have provided to us or to indicate another controller to whom we should provide the data;
  • lodge a complaint with the supervisory authority – the General Inspector for Data Protection and, following a change in legislation, with the President of the Office for Personal Data Protection;
  • where you have voluntarily consented to the processing of personal data on the basis of Article 6(1)(a) of the GDPR, you have the right to withdraw your consent at any time by sending an email to the Controller’s address, which does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

You can exercise the above rights by contacting the Controller at: cok@backofficeoutsourcing.de, or in writing by letter.

Furthermore, in the event that the processing we carry out violates the provisions of the GDPR in a legitimate manner, you have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection – PUODO.

Information on automated decision-making, including profiling

As part of the processing of your personal data, your personal data is subject neither to automated decision-making nor to profiling as referred to in Article 22(1) and (4) of the GDPR. However, we reserve the right to process your data by automated means including profiling.

Sharing personal data with other entities

As a general rule, your personal data will not be shared with third parties. Only with your consent, your personal data may be shared with the entities indicated in the consents depending on the content of the consent for processing and sharing. Furthermore, we will only pass it on to third parties if there is a legal basis for doing so. These third parties include:

  • subcontractors, i.e. entities we use for the processing;
  • law firms, which include firms of solicitors, barristers, chartered accountants, notaries, accountancy firms;
  • authorities and bodies exercising public authority within the framework of the obligations imposed by law;
  • debt buyers;
  • Economic Information Bureaus, including: Biuro Informacji Gospodarczej InfoMonitor S.A. and Krajowy Rejestr Długów Biuro Informacji Gospodarczej S.A.;
  • postal or courier companies or printers;
  • auditors;
  • control bodies;
  • entities that support us in the course of our business on our behalf, in particular providers of external systems that support our business, e.g. IT support;
  • hosting companies;
  • banks;
  • in the event of the need to maintain accounts, to state authorities or other entities authorised by law, in order to fulfil the obligations incumbent upon us (Tax Office, KAS, PIP, ZUS, PFRON, GUS).

Principles of personal data processing and procedures related to the protection and security of personal data

Taking into account the provisions of Art. 5 GDPR, when processing your personal data, Backoffice Outsourcing Sp. z o.o. and the Group companies attach importance to processing your data in a manner that is secure, fair, lawful and transparent for you (“lawfulness, fairness and transparency”).

We are guided by the principle of data minimisation, i.e. we collect personal data only to the minimum extent necessary to fulfil the purposes for which it is collected (“data minimisation”).

The purposes for collecting your personal data are clearly defined and are based on the law. We do not process your data in a manner incompatible with these purposes (“purpose limitation”).

We also ensure that personal data is kept up to date and correct and respond promptly to requests to rectify or update data (“correctness”).

Any information that constitutes personal data shall be treated confidentially and shall be protected against accidental disclosure to third parties (“integrity and confidentiality”).

As part of ensuring the security of your processed data, we make every effort to provide all measures to protect your personal data.

To ensure the security of the data entrusted to us, we have developed internal procedures and recommendations to prevent data from being made available to unauthorised persons. We monitor their implementation and continuously check their compliance with the relevant legal acts.

Postal operator

Backoffice Outsourcing Sp. z o.o. is a postal operator within the meaning of Article 3.12 of the Postal Law Act of 23 November 2012, i.e. a business authorised to perform postal activity on the basis of an entry in the register of postal operators.  Pursuant to the disposition of Article 42 of the above-mentioned Act, information or data covered by postal secrecy may be collected, recorded, stored, developed, modified, deleted or made available only when these activities relate to the provided postal service or are necessary for its performance or when separate provisions provide otherwise.

When personal data is provided to it for the purpose of providing the service, Backoffice Outsourcing Sp. z o.o., becomes the controller of this data.

Only when the postal operator does not provide postal services, but other services, the transfer of the personal data of the addressee (or other entity) to that entity must take place on the basis of an of data processing agreement for the purpose and to the extent provided for in that agreement. Only then the postal operator will have the status of a processor (entity entrusted with the processing of personal data) and not of a controller (as will be the case in the case of obtaining personal data while providing postal services).

Legal basis:

Act of 19 September 2019 on the protection of personal data (consolidated text: Journal of Laws 2019, item 1461).

Act of 23 November 2012 – Postal Law (consolidated text: Journal of Laws 2020, item 1041, 2320).

Data processing agreement

As a general rule, only the controller can process the personal data it manages. If it wants to make the data available to other entities, it usually has to enter into a data processing agreement with them.

e-mail: cok@backofficeoutsourcing.de

Address: Inspektor Ochrony Danych Backoffice Outsourcing Sp. z o.o. Robert Kütz, Al. Stanów Zjednoczonych 72/12, 04-036 Warsaw.

 

Links to all language versions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

BG   ES   CS   DA   DE   ET   EL   EN   FR   GA   HR   IT   LV   LT   HU   MT   NL   PL   PT   RO   SK   SL   FI   SV