GDPR information obligation

The following information constitutes a concise, clear, and transparent summary of the information contained in the Privacy Policy regarding the Data Controller, the purpose and manner of processing personal data, as well as your rights in connection with such processing, in the form required to fulfill the information obligation under the GDPR. Details regarding the methods of processing and the entities involved in this process are available in the aforementioned policy.

Who is the data controller?

The Data Controller (hereinafter referred to as the “Controller”) is the company “INTRIST PROSTA SPÓŁKA AKCYJNA”, conducting business at the address: Prowansji 9c, 05-500 Józefosław, with the assigned tax identification number (NIP): 1231519984, and the National Court Register number (KRS): 0000995143, providing services electronically via the Website.

How can you contact the data controller?

You can contact the Controller in one of the following ways:

  • Postal address – INTRIST PROSTA SPÓŁKA AKCYJNA, Prowansji 9c, 05-500 Józefosław
  • Email address – hello@intrist.pl
  • Telephone – +48 733 644 002
  • Contact form – available at: https://intrist.pl/#contact_pl

Has the Controller appointed a Data Protection Officer?

Pursuant to Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer.

For matters concerning data processing, including personal data, please contact the Controller directly.

Where do we obtain personal data from and what are their sources?

Personal data are obtained from the following sources:

  • from the individuals to whom the data pertain
  • in the case of registration using social media platforms, with the explicit and informed consent of those individuals, from those social media platforms

What is the scope of the personal data we process?

The Website processes ordinary personal data voluntarily provided by the individuals to whom they pertain (e.g., name and surname, username, email address, telephone number, IP address, etc.).

A detailed scope of the processed data is available in the Privacy Policy.

What are the purposes for which we process data?

Personal data voluntarily provided by Users are processed for one of the following purposes:

  • Provision of electronic and other services, including:
    • IT software services
    • 3D design and printing
    • IT training
  • Communication between the Controller and Users regarding matters related to the Website and data protection
  • Ensuring the legitimate interests of the Controller

What are the legal bases for data processing?

The Website collects and processes Users’ data on the basis of:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR):
    • Article 6(1)(a): the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
    • Article 6(1)(b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    • Article 6(1)(f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
  • The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
  • The Act of 16 July 2004 – Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
  • The Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

What is the legitimate interest pursued by the Controller?

  • For the purpose of establishing, pursuing, or defending against claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) consisting in the protection of our rights, including, among others;
  • For the purpose of assessing the risk of potential clients;
  • For the purpose of evaluating planned marketing campaigns;
  • For the purpose of carrying out direct marketing.

For how long do we process personal data?

As a rule, the specified personal data are stored only for the duration of the service provided by the Controller through the Website. They are deleted or anonymized within 30 days from the termination of the service (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.).

In exceptional cases, in order to protect the legitimate interests pursued by the Controller, this period may be extended. In such a situation, the Controller will store the specified data, from the time of the User’s request for deletion, for no longer than 3 years in the event of a breach or suspected breach of the Website’s terms and conditions by the data subject.

Who is the recipient of the data, including personal data?

As a rule, the only recipient of the data is the Controller.

However, data processing may be entrusted to other entities providing services to the Controller for the purpose of maintaining the operation of the Website. Such entities may include, among others:

  • Hosting companies providing hosting or related services to the Controller

Will your personal data be transferred outside the European Union?

Personal data will not be transferred outside the European Union, unless they are published as a result of an individual action by the User (e.g., posting a comment or entry), which will make the data available to any person visiting the Website.

Will personal data be used as a basis for automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What rights do you have in connection with the processing of personal data?

Right of access to personal data

Users have the right to obtain access to their personal data, exercised upon request submitted to the Controller.

Right to rectification of personal data

Users have the right to request the Controller to promptly rectify any inaccurate personal data and/or complete incomplete personal data, exercised upon request submitted to the Controller.

Right to erasure of personal data

Users have the right to request the Controller to promptly erase their personal data, exercised upon request submitted to the Controller.
In the case of user accounts, data erasure consists of anonymizing data that enables identification of the User.
For the Newsletter service, the User may independently delete their personal data by using the link provided in each email message.

Right to restriction of processing of personal data

Users have the right to restrict the processing of their personal data in the cases specified in Article 18 of the GDPR, including, for example, contesting the accuracy of personal data, exercised upon request submitted to the Controller.

Right to data portability

Users have the right to obtain from the Controller their personal data in a structured, commonly used, machine-readable format, exercised upon request submitted to the Controller.

Right to object to the processing of personal data

Users have the right to object to the processing of their personal data in the cases specified in Article 21 of the GDPR, exercised upon request submitted to the Controller.

Right to lodge a complaint

Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.