PRIVACY POLICY at ATL Accounting & Payroll sp. z o.o.

We are publishing this document to explain the reasons why we collect and process personal data in the course of our business:

1. What is personal data?

It is all information that makes it possible to distinguish one person from another without much effort. They can be either directly about that person (such as his or her name, identification number and sometimes even an e-mail address or Internet account) or those that do not directly describe him or her. For example, they relate to his or her characteristics, health, views, place of residence, addictions, race or religion.

2. What personal data are we talking about in our case?

We process data that our Customers, Contractors and Employees provide to us in connection with the use of our services, their cooperation with us or their employment.

3. What does processing mean?

Processing is any action we may perform with personal data – relating to both its active use, such as collecting, retrieving, recording, combining, modifying or sharing, and its passive use, such as storing, 

4. Who is the Data Controller (i.e. who has control over data processing and security)?

The administrator of your data is ATL Accounting & Payroll sp. z o.o., NIP: 6793174369, KRS: 0000749106.

5. What are the contact details of the Data Administrator?

Contact with the Data Administrator is possible via e-mail address – info@atl-group.pl or correspondence address – Lipska 8 Street, 30-721 Kraków. 

6. On what legal basis and for what purpose do we process your data?

Any processing of your data must be based on an appropriate legal basis that complies with the applicable legislation.  Such basis may be your consent to the processing of your data or other legal provisions allowing for this contained in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “RODO“) or in various national laws such as laws or regulations.

Your data may be processed by us for several different purposes, for example:

• You can provide us with your data by sending us an email or subscribing to a newsletter, your data is then processed by us based on the consent you give us when you send us your data (e.g. your email address) – in which case the legal basis for processing is Article 6(1)(a) of the RODO;
• We also process data through the provision of electronic services in terms of providing you with content collected through the website we operate, providing you with contact forms, identifying the sender and handling your request sent through the form provided, sending you marketing content – in which case the legal basis for processing is your consent (Article 6(1)(a) RODO);
• If you are our customer or a person interested in using the services we provide, we process your data in connection with a contract concluded with you or in preparation for such a contract. This is always done with your knowledge and will. When you express your intention to enter into a contract, you know what personal data you will need to sign the contract, and once the contract has been signed, you have knowledge of what data you have provided or will provide at a later date for this purpose – legal basis for processing: article 6(1)(b) RODO;
• We also process data in connection with the necessity for the purposes of the legitimate interests pursued by us as a Controller or a third party (e.g. for the investigation of possible claims, in connection with and for the proper performance of our contract with the entity you represent e.g. contact data) – data processing on the basis of Article 6(1)(f) RODO;
• We may also process your data in connection with the need to ensure the security of our IT network and information. This will occur when you use or connect to our IT infrastructure, such as by accessing our website or sending us messages. This is our legitimate interest and the legal basis for such processing is Article 6(1)(f) of the RODO;
• We also process your data in connection with conducting analyses of the quality of the services we provide in order to improve their functionality and to keep statistics on the use of our website, by means of cookies, IP addresses, browser data, website activity and sessions, which is our legitimate interest – legal basis for such processing: article 6(1)(f) RODO;
• If you are interested in taking up a job with us, your data is processed in the form of your submitted application or CV. This is done with your knowledge and consent, which you can revoke at any time. In this case, your application will not be considered by us and we will immediately delete all data you have provided. The legal basis for processing your job applicant data is Article 6(1)(b) of the DPA. On the other hand, once you are employed with us, further data processing rules and the mandatory scope of data transfer and storage are laid down in employment law, and the legal basis for data processing is Article 6(1)(c) RODO.
• We also process data for marketing purposes with regard to the recommendations expressed on our website – the legal basis for the processing is the legitimate interest of the Controller under Article 6(1)(f) RODO.

Regarding the cases where we process your data on the basis of consent, we would like to inform you that your consent is voluntary – please note that you can revoke it at any time. In this case, we will immediately delete all the information you have provided.

7. Who do we share your data with?

In connection with the provision of services, your data may be disclosed to external entities, including, in particular, providers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing legal, auditing, consulting services and entities related to us as controller.

We are also obliged to make them available at the request of entities entitled to do so under other legal provisions (e.g. courts or law enforcement agencies). However, the release will only take place if they request us to do so, indicating the legal basis that allows them to make such a request.

We do not transfer personal data to third countries (outside the European Economic Area), except that we may use third-party providers for ICT support, in which case your personal data may be transferred outside the European Economic Area.

In cases where personal data is transferred outside the European Economic Area, a similar level of protection of such data is ensured by providing at least one of the following protection measures:

• the transfer of personal data to countries recognised by the European Commission as providing adequate protection for personal data,
• the application of data protection clauses adopted by the European Commission guaranteeing the same protection as in the European Union, or other appropriate safeguards as provided for in Article 46(2) of the RODO.

If you transfer your data outside the EEA, you may request information from us about the relevant safeguards in this regard, obtain a copy of these safeguards or information about where they are available by contacting us at the address set out in paragraph 5 above.

8. How long will we process your data?

We pay very close attention to keeping the amount of data we collect and the amount of time it takes to process it to a minimum. To this end, we carry out a systematic review of the paper and electronic documents we hold, deleting unnecessary documents whose usefulness has expired. Please note that the duration of the processing of your data, depending on the basis on which we obtained it, may be determined by separate – independent of us – legal regulations, which may impose on us the obligation to store your data, regardless of your will or desire. Examples include employment law, social security law or accounting regulations.

If you have personally availed yourself of our services and we have entered into a contract in this regard, we process your personal data for the period of performance of the contract and, after the expiry or termination of the contract, until the statute of limitations for possible claims or until we have exercised our rights and obligations under the law, including tax and accounting regulations.

9. What rights do you have in relation to your data?

If we process your personal data, you always have the right to:

• request access to your data – within the limits of Article 15 RODO,
• to rectify them – within the limits of Article 16 RODO,
• to request erasure – within the limits of Article 17 RODO,
• to restrict processing activities – within the limits of Article 18 RODO,
• to object to the processing – within the limits of Article 21 RODO,
• to data portability, including obtaining a copy of the data – within the limits of Article 20 RODO.

You can also withdraw your consent to the processing of your personal data, in which case we will immediately delete your personal data as long as there is no legal obligation requiring us to continue processing it.  For example, if you request the deletion of your email address in connection with your opt-out from the newsletter, we will immediately delete it from the mailing database.

If you consider that we have violated your rights in any way – which of course we do not want to do – or have failed to ensure the security of your personal data, you have the right to lodge a complaint with the supervisory authority, which is currently the President of the Office for Personal Data Protection.

10. Automated decision-making and profiling information.

We do not make any decisions based on your data that are automated, i.e. that take place without human intervention. We also do not take any measures that are intended to profile your person.

11. Voluntariness of data provision.

The provision of your data is voluntary, but necessary, for example, for the conclusion and performance of a contract.

12. Social media.

We process the personal data of users who visit our profiles maintained on social media (Facebook, LinkedIn). This data is processed exclusively in connection with the operation of the profile, including for the purpose of informing users of these social media about our activities and promoting various events, services and products, as well as for the purpose of communicating with these users via the functionalities available on social media. The legal basis for the processing of personal data by us as controller for this purpose is its legitimate interest (Article 6(1)(f) RODO) to promote its own brand and to build and maintain a brand-related community.

13. Cookies

• What are cookies and what are they used for?

Cookies are text files that are stored on your device and are used by the server to recognise that device when you reconnect. Cookies are downloaded every time you “enter” and “leave” the website. Cookies are not used to determine your identity, only your device, e.g. so that the image displayed is best suited to the technical capabilities of your device (e.g. its resolution) or its type (desktop or mobile version), once the browser you are using has been recognised.

Cookies are most commonly used for counters, surveys, online shops, sites requiring a login, advertising and to monitor visitor activity. Cookies also make it possible, among other things, to remember your interests and adapt websites to them in terms of the content displayed and the tailoring of advertisements.

Cookies are now used by practically all websites operating on the Internet – search engines, news sites, blogs, online shops, government websites, magazines and newspapers, etc. Our website also uses them.

More information about cookies can be found at: www.wszystkoociasteczkach.pl.

• What do cookies do?

They generally operate on the following principles:

• they identify the data of the computer and browser used to browse the website – they make it possible, for example, to find out whether a particular computer has already visited the website,
• the data collected through cookies is not combined in any way with your personal data collected e.g. during registration on websites,
• they are not detrimental to you or your computer or smartphone – they do not affect the way they work,
• they do not cause any configuration changes to your terminal equipment or the software installed on your terminal equipment,
• the default parameters of “cookies” allow the information contained in them to be read only by the server that created them,
• based on your behaviour on the websites you visit, they transmit information to the servers so that the website displayed is better tailored to your individual preferences.

• What types of cookies are there?

There are the following types of cookies:

• “session cookies” – (session cookies) are temporary files stored in the browser’s memory until the session ends (i.e. until the browser is closed). These cookies are mandatory for certain applications or functionalities to function correctly. When you close your browser, they should be automatically deleted from the device on which you viewed the website,
• “Persistent cookies” – (persistent cookies) facilitate the use of frequently visited sites (e.g. they remember your favourite colour scheme, or the menu layout on your favourite pages). These cookies are stored in a corresponding folder for an extended period of time, which you can adjust in the settings of the browser you are using. Every time you visit a page, the data from these cookies is transferred to the server. This type of cookie is sometimes referred to as “tracking cookies”,
• Third party cookies” are files usually originating from advertising servers, search servers, etc., cooperating with the owner of the respective website. They enable the advertisements displayed to be tailored to your preferences and habits, which in return often allows you to use part of the website’s content free of charge. They are also used to count “clicks” on adverts, user preferences, etc.

• Do you have to consent to our use of cookies?

Please note that you have the possibility to manage “cookies” yourself. This is made possible, for example, by the web browsers you use (usually the mechanism is enabled by default). In the most popular browsers, you have the option to:

• accept cookies, allowing you to take full advantage of the options offered by websites,
• manage cookies at the level of individual sites of your choice,
• define settings for different types of cookies, for example, to accept permanent cookies as session cookies, etc,
• block or delete cookies.

You can find information on how to enable and disable cookies in the most popular browsers at the following links:

1) Google Chrome

2) Internet Explorer

3) Mozilla Firefox

4) Opera

5) Safari

By leaving your browser settings unchanged, you consent to our use of cookies.  However, blocking them or disabling some types of cookies may prevent you from taking advantage of the full functionality of the website or interfere with its proper functioning.

• What do we use cookies for?

The website uses both session cookies and permanent cookies. We use them for the following purposes:

• the creation of statistics, which enables us to improve the structure and content of the pages,
• maintaining your session on the site.

The following information is collected in order to display the website correctly: name and version of the Internet browser, language settings, date and time of the request sent to the server, IP from which the request was sent, requested URL.  This data is collected to enable the website to be operated correctly.

In order to create statistics, a web analytics tool is used – Google Analytics, which collects data and uses its own cookies in accordance with Google’s Privacy Policy available at https://www.google.com/intl/pl/policies/privacy/.

Google collects the data obtained from the placement of cookies on your device on its servers and uses this information to create reports and provide other services related to the traffic and use of the Internet. Google may also transfer this information to third parties where it is required to do so by law or where such third parties process the information on Google’s behalf.

The data collected by our website is not disclosed or shared with third parties except with the relevant law enforcement authorities entitled to conduct criminal proceedings in connection with the initiation of such proceedings upon request by us. This will only occur if you take any action that is unlawful or detrimental to us.