Privacy policy

Privacy Policy

I Definitions

  1. Administrator - CRIF Sp. z o.o., located at Lublańska 34, 31–476 Kraków, Poland, registered in the National Court Register maintained by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register under number KRS 0000185908, NIP: 5251556766, with a share capital of PLN 3,163,500.00.
  2. Personal Data - Any information about an identified or identifiable natural person.
  3. Policy - This Privacy Policy.
  4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  5. Service - The website operated by the Administrator at: https://synesgy.pl/
  6. User - Any natural person visiting the Service or using one or more of the services or functionalities described in the Policy.

II Processing of Data in Connection with the Use of the Service

  1. In connection with the User's use of the Service, the Administrator collects Personal Data necessary to provide the offered services. The detailed principles and purposes of processing Personal Data collected during the use of the Service by the User are described below.

III Purposes and Legal Bases for Processing Data in the Service

  1. Personal Data concerning Users (including IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Administrator: a) For the purpose of providing electronic services by making content available to Users on the Service – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR); b) For analytical and statistical purposes – the legal basis for processing is the User’s consent (Article 6(1)(a) GDPR) for conducting analyses of their activity and preferences to improve the functionalities and services provided (this concerns the use of cookies); c) For marketing purposes – the legal basis for processing is the User’s consent (Article 6(1)(a) GDPR) for undertaking specified marketing actions (this concerns the use of cookies); d) For the purpose of establishing and pursuing claims or defending against claims – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR), which involves protecting its rights.

Email Correspondence

  1. If correspondence is sent to the Administrator via email that is not related to the services provided to the User or to any other contract with the User, the Personal Data contained in such correspondence will be processed solely for the purpose of communication and resolving the matter addressed in the correspondence.
  2. The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR), which involves handling correspondence directed to it in connection with its business activities.
  3. The Administrator processes only the Personal Data relevant to the matter addressed in the correspondence. All correspondence is stored in a manner that ensures the security of the Personal Data (and other information) contained within it and is disclosed only to persons appropriately authorized to access it.

IV Period of Processing Personal Data

  1. The period of processing Personal Data by the Administrator depends on the purpose of processing. As a rule, Personal Data is processed for the duration of the service provision, until the consent is withdrawn, or an effective objection to the processing of data is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator.
  2. The period of processing Personal Data may be extended if processing is necessary to establish and pursue claims or defend against claims, and after that time only if required by legal regulations. After the processing period, Personal Data is irreversibly deleted or anonymized.

V User Rights

  1. The User has the right to access the content of their data, request rectification, deletion, restriction of processing, the right to data portability, and the right to object to data processing, as well as the right to lodge a complaint with the supervisory authority. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
  2. To the extent that the User’s Personal Data is processed based on consent, such consent may be withdrawn at any time by contacting the Administrator via email at: bok.pl@crif.com.

VI Data Recipients

  1. In connection with the provision of services, Personal Data may be disclosed to external entities, including in particular providers responsible for IT system support.

VII Security of Personal Data

  1. The Administrator continuously conducts risk analysis to ensure that Personal Data is processed securely – ensuring primarily that access to data is limited to authorized individuals and only to the extent necessary for their tasks. The Administrator ensures that all operations on Personal Data are recorded and carried out only by authorized employees and collaborators.
  2. The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities guarantee appropriate security measures whenever they process Personal Data on behalf of the Administrator.

VIII Contact Details

  1. Contact with the Administrator is possible via email at: bok.pl@crif.com or by postal address: CRIF Sp. z o.o., Lublańska 34, 31–476 Kraków.
  2. The Administrator has appointed a Data Protection Officer, who can be contacted regarding any matters related to the processing of Personal Data via email at: dpo@crif.com.

IX Changes to the Privacy Policy

The Policy is continuously reviewed and updated as necessary.

The current version of the Policy was adopted and is effective from 31.10.2024