INFORMATION ON PROCESSING OF PERSONAL DATA

Information about the Administrator

The Company is based at Piazza Luigi di Savoia, 22 - 20124 - Milan – Italy. 
 In accordance with article 13 of Italian Law Decree no. 196/2003 hereinafter referred to as the Administrator, he informs you - whose personal data the Administrator processes at least one of the purposes indicated in this information.

The data processor is GCC Group sp. z o.o. Tarnowo Podgórne k/Poznania, ul. 25 Stycznia 20 62-080 Poland, VAT code: 783-17-07-450

Information about the supervisory body

The supervisory body for personal data in Poland is currently the President of the Office for Personal Data Protection. The person whose data is processed has the right to file a complaint to the supervisory body.

Information about the possibility of opposition and withdrawal of consent

The person whose data is processed may object to specific data processing - especially for marketing purposes. The administrator will consider the grounds for objection. If the opposition concerns the processing of data for marketing purposes, it will be taken into account by the Administrator, unless consents to the processing of the data for marketing purposes or in the course of consideration of the objection are simultaneously maintained or later such consents will be granted. It should be emphasized that all consents are expressed voluntarily. The person whose data is processed may always withdraw all or some consents regarding the processing of personal data. The withdrawal of a given consent does not affect the right of the Administrator to process data for the purpose described in this consent until the withdrawal. It is also possible that - in accordance with the law - the Administrator will be entitled to process data on a different legal basis or for other purposes. The method of withdrawal of consent is given below.

Sometimes consent to the processing of data may be necessary to perform a specific activity - e.g. reporting card complaints, Unless the Administrator can do this under the law.

If the authorization is submitted to the Administrator for the information covered by the telecommunications secret, such authorization may be revoked, the Administrator will not transfer the data or information referred to in authorization. If in connection with the authorization, the person whose data is processed will enter into a contract with another entity that receives such data, it should be noted whether the withdrawal of the authorization referred to above - applicable to the contract or law - will not have any other legal consequences. If the authorization is withdrawn, the contract may not be performed in whole or in part.

Information on the primary purposes of personal data processing.

The administrator processes personal data for the following purposes:

  1. performing activities in accordance with the consent granted - e.g. for marketing purposes. With regard to a minor (aged between 13 and 18 years), commercial information is sent for marketing purposes after consent by its parent or guardian (statutory representative). Combining personal data and its further processing for marketing purposes when using publicly available websites may take place after acceptance of relevant statements / consents or policies that concern this. The legal basis for the granting of consents or authorizations are the provisions of: Regulations, Community law (European Union law) or Polish law, executive acts, specifically concerning a given consent / authorization, including: an act on access to economic information on the provision of electronic services, telecommunications law
  2. considering the application or activities preceding its submission, or related to the conclusion, performance or termination of the contract and the performance of other activities related to the contract, including activities preceding its conclusion. These are activities such as: card registration and other activities in the process of concluding, executing or terminating the contract. They may also include other activities or statements related to the contract, including those regarding the security of repayment of obligations or actions, or statements related to the representation of a natural person (eg power of attorney or parent / guardian activities), including the activities of the representative himself, as well as actions commissioned by other entities.
  3. performing a legal obligation. Such obligations arise from legal provisions, including: provisions of Community law (European Union law) or law, these are in particular: the obligation to maintain the security of funds retained or the obligation to transfer in a safe way. These obligations may also arise from competition and consumer protection laws or other regulations that provide for the requirements to adapt the services offered to consumers to their characteristics or to suggest the adequacy of these services. In addition, the Administrator is obliged to perform obligations arising from tax law, accounting or archiving regulations, or regulations that deal with acts prohibited by law. In addition, the Administrator has the right to process data to perform duties, carry out recommendations issued by authorized bodies or institutions
  4. analysis of economic data, management analysis, application of statistical methods or models, analysis of statistical correctness or market trends in the scope of proper management activities. These activities are performed within external (towards other entities) or internal reporting obligations. The legal basis for exercising them may be Community law (European Union law) or Polish law. These obligations may result from the Code of Commercial Companies, as well as the Act on competition and consumer protection or legal regulations regarding a given activity, including special acts such as insurance law
  5. analysis of economic data, management analysis, application of statistical methods or models, analysis of statistical correctness or market trends in the scope of proper management activities. These activities are performed within external (towards other entities) or internal reporting obligations. The legal basis for exercising them may be Community law (European Union law) or Polish law. These obligations may result from the Code of Commercial Companies, as well as the Act on competition and consumer protection or legal regulations regarding a given activity, including special acts such as insurance law
  6. performing tasks in the public interest - within the scope resulting from legal regulations and activities undertaken;
  7. for marketing purposes, which include:
    • transmission, display or transmission of commercial information,
    • transmission, display or transmission of commercial information on electronic or telephone communication devices. These activities can also be performed using systems that provide this information automatically;
    • sending commercial information via traditional mail;
    • geolocation of your electronic communication devices to send commercial information;
    • combining data with information on the economic situation of the data subject, its characteristics or behaviors, or preferences, to match commercial information with its known or anticipated needs or expectations (so-called profiling).
  8. performing the legitimate interests of the Administrator, which have been indicated above, as well as such interests as:
    • ensuring the safety of persons (primarily customers and employees) and property of the Administrator;
    • ensuring the security of funds and transactions that do not result from the obligations imposed by law, and from the rules of the Administrator's regulations;
    • investigating or defending claims or rights of the Administrator or entity that the Administrator represents;
    • relationship and marketing management, including profiled ads for specific clients or a group of clients

Information on secondary purposes of data processing.

The administrator may process data for other secondary purposes - if both goals are interrelated, i.e .:

  1. transfer of data to the archive;
  2. audits or explanatory proceedings;
  3. implementation of business and management control mechanisms;
  4. other statistical surveys or historical or scientific research;
  5. business, economic or legal advice that is provided to the Administrator.

Information on the types of data processed

The data processed by the Administrator is related to:

  1. identification or verification of the Customer, in particular the confirmation or confirmation of the identity of the Client or the person / entity the Client represents. Checking whether the data is consistent with the data provided or received from relevant documents, registers or lists, as well as device identification data (e.g., telephone number, IP, e-mail, mobile device numbers) used by the client, also as a person representing the given person or entity;
  2. specific transactions;
  3. financial or service-related data - this refers to data related to the provision of a given service, property and financial situation of the Customer or persons who are involved in or related to the given activity;
  4. data regarding the search on the website, which are personal data - they are downloaded in accordance with the cookie policy and privacy policy or other statements / consents in this case;
  5. data relating to preferences or behaviors - these are data analyzed and transmitted to perform the service and transferred by appropriate consent (eg to transfer commercial information for marketing via electronic devices) or other legal basis;

In addition, the Administrator may process other personal data provided by the Client, unless they can be qualified to any of the above groups, and this is done for the purposes described in this information.

Information about the category of data recipients

We may provide personal data to entities or bodies:

  1. which are authorized by law;
  2. which transfer of data is necessary for the performance of a specific activity;
  3. which transfer of data is necessary for the performance of a specific activity;

Information on the length of data being processed

The period of data processing depends on the purpose for which it was collected and is processed, from the law or accepted by the Administrator, in accordance with these provisions, methods or models, as well as consents and other statements, data subjects are processed and data related to :

  1. a contract or other legal act - for the time necessary to consider the application, preparation for the performance of the given activity, and if this activity takes place - for the time necessary to perform it. If the action did not take place, we process the data by 1 month from the date of data collection;
  2. archived data - after the expiry of a given legal relationship (ie, for example a contract), personal data concerning the operation of these persons on behalf of the entrepreneur, institution or organizational units are processed by 5 years, and other personal data of natural persons are processed for up to 10 years, unless the law provides for a shorter period. If there is a dispute, a lawsuit or other proceedings (especially criminal proceedings), the archiving period will be counted from the day when the dispute is finally concluded, and in the case of many proceedings of final termination of the last one, regardless of how it ends, unless the law provides for a longer period data storage or longer period of limitation for the claims / law concerned;
  3. a court decision - data may be processed up to 10 years from the date of issuing a final judgment terminating the proceedings;
  4. the consent of the person whose data is being processed - for the time indicated in the statement of consent, in any case - until the consent is withdrawn;
  5. obtaining data from databases run by other entities or data provided by other entities. The processing period depends on the purpose of the transfer, e.g. card complaint. The data can be processed separately according to individual goals and legal basis, e.g. you can revoke a certain consent to the processing of data for marketing purposes, but this does not deprive the Administrator of the right to process data for another purpose or another legal basis. The data subject may always withdraw all or some of the consents or authorizations.

Information about the rights of the data subject

  1. the data subject has the right to request from the Administrator access to personal data relating to him and the right to rectify them when they are inconsistent with the actual state, and in cases provided for by law to delete them or limit data processing.
  2. the data subject has the right to object to the processing of data. The opposition will be reviewed by the Administrator.
  3. From 25 May 2018, the data subject will have the right to transfer data or obtain a copy of the data, but this right can not adversely affect the rights and freedoms of others, including trade secrets or intellectual property, and will be it is implemented in a technically possible range. The first copy of the data is free. For the transfer of data due to other legal regulations, it may be required to obtain the consent of the Client or another person or fulfill other conditions required by these provisions. Applications may be submitted electronically to the address [email protected] or in writing to the company's address. The administrator may request clarification of the information or activities to which the request relates. When making a request to move data or to obtain a copy, the Administrator provides it with information on the electronic format or media used.
  4. In the case of concluding an agreement, providing personal data is necessary for its conclusion. The law may introduce the requirement to provide data for the purpose described in it (eg identification or verification). In addition, providing certain data may be necessary to perform a specific transaction or activity. If the Customer does not provide the data required by the contract or other document used by the Administrator in accordance with the law, the Administrator will not enter into the contract or perform the transaction or action.
  5. Expressing any type of consent for the processing of data for marketing purposes is voluntary. In some cases, for the performance of the contract, it may be necessary to transfer the data to a third party or receive data from such entity. Then it will be necessary to give consent or authorization for such transfer, unless there is a separate legal basis for the transfer. If the permission / withdrawal is refused or withdrawn, it may affect the conclusion or performance of the contract with the third party or specific activity, provided that the transfer of such data is necessary for the conclusion or performance of the contract or specific activity.
  6. If an application for an activity or service has been submitted, the Administrator may make decisions automatically, which may lead to refusal to conclude a contract or refuse to perform an activity or to offer an activity or service under certain conditions. Important information for a given automatic decision depends on the type of activity. Important information influencing the decision taken automatically, including the use of profiling techniques, are information affecting the reliability that may have impact on the terms of the service or service, including the content of the information or consultation provided. The customer has the right to appeal against the automatic decision. Such appeal will be considered by the Administrator's employee.

Information about cookies

The site https://gccsim.com may use cookies. These are small text files sent by the web server and stored by the browser computer software. When the browser reconnects with the site, the site recognizes the type of device the user is connecting to. Parameters allow to read information contained in them only to the server that created them. Cookies therefore make it easier to use previously visited websites.

The information collected relates to the IP address, type of browser used, language, type of operating system, Internet service provider, time and date information, location and information sent to the website via the contact form. Cookie files collected data are used to monitor and check how users use the site to improve the functioning of the website, ensuring more effective and problem-free navigation.

The information collected relates to the IP address, type of browser used, language, type of operating system, Internet service provider, time and date information, location and information sent to the website via the contact form. Cookie files collected data are used to monitor and check how users use the site to improve the functioning of the website, ensuring more effective and problem-free navigation.

Extended Cookie Consent is on the site https://gccsim.com/cookie-statement

Final information

The data subject has the right to withdraw the granted consents or authorizations regarding the processing of personal data. This authorization also applies to consents for the Administrator to process data for marketing purposes or authorizations to transfer data to another entity that has been granted to the Administrator in the past. Withdrawal of a given consent does not affect the right of the Administrator to process data for the purpose described in this consent until its withdrawal. The rights provided for in the Regulation, in particular the right to obtain a copy of data, the right to data transfer, the right to delete data, to limit data, may be implemented from 25 May 2018, that is, from the date of application of the Regulation under the terms of the Regulation and comply with other regulations rights. This information fulfills the legal obligation. It does not require any additional action.

Glossary

Commercial information
- all forms of advertisements, promotions, contests and games of chance, as well as commercial offers or purchase proposals. They may concern: promotion of the image, services or products of the Bank or other entities whose services or products are offered by the Bank or are related to the Bank's operations. Commercial information can be profiled or profiled. You can opt out of profiled marketing at any time. The bank processes data for marketing purposes based on the client's consent. The Bank may also process them on the basis of a justified Bank interest - provided that if the data are processed on the basis of consent and it is withdrawn, the Bank will not process data for marketing purposes, unless the Customer has given a different consent;
personal data
means information about an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name, identification number, location data, internet identifier or one or more specific factors determining physical, physiological, genetic, psychological, the economic, cultural or social identity of a natural person;
processing
means the operation or set of operations performed on personal data or personal data sets in an automated or non-automated manner, such as collecting, recording, organizing, organizing, storing, adapting or modifying, downloading, browsing, using, disclosing by sending, distributing or otherwise sharing, matching or linking, limiting, deleting or destroying;
the restriction of processing
means the marking of stored personal data in order to limit their future processing;
profiling
means any form of automated processing of personal data, which consists in the use of personal data to assess some of the personal person's personal factors, in particular to analyze or forecast aspects of the effects of this individual's work, its economic situation, health, personal preferences, interests, credibility, behavior, location or movement;
pseudonymisation
means the processing of personal data in such a way that it can no longer be attributed to the specific data subject without the use of additional information, provided that such additional information is kept separately and is covered by technical and organizational measures that prevent them from being identified or identified to be identified by a natural person;
data set
means an ordered set of personal data available according to specific criteria, irrespective of whether the set is centralized, decentralized or functionally or geographically dispersed;
administrator
means a natural or legal person, public body, unit or other entity that independently or jointly with others sets the purposes and means of processing personal data; where the purposes and means of such processing are laid down in Union law or in the law of a Member State, an administrator may be designated by Union law or in the law of a Member State, or specific criteria may be laid down for its determination;
processing entity
means a natural or legal person, public body, unit or other entity that processes personal data on behalf of the administrator;
recipient
means a natural or legal person, public body, unit or other entity to whom personal data are disclosed, regardless of whether he is a third party. Public bodies which may receive personal data in the context of a specific proceeding under Union law or under the law of a Member State shall not, however, be considered as recipients; the processing of these data by these public authorities must be in accordance with the data protection rules applicable to the purposes of the processing;
third party
means a natural or legal person, public authority, unit or entity other than the data subject, administrator, processor or persons who, under the authority of the controller or processor, may process personal data;
the consent of the data subject
means the voluntary, concrete, informed and unambiguous representation of the will which the data subject, in the form of a declaration or explicit confirmation action, authorizes for the processing of personal data concerning him;
breach of personal data protection
means a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data sent, stored or otherwise processed;
genetic data
means personal data on the inherited or acquired genetic characteristics of a natural person that reveal unique information about the physiology or health of that person and which arise in particular from the analysis of a biological sample from that individual;
biometric data
means personal data that arise from special technical processing, relate to the physical, physiological or behavioral characteristics of a natural person and enable or confirm the unambiguous identification of that person, such as a facial image or dactyloscopic data;
health data
means personal data about the physical or mental health of an individual - including the use of health care services - disclosing information about his or her health status;
representative
means a natural or legal person residing or having its registered office in the Union who has been designated in writing by the controller or processor under Article 27 to represent the controller or processor in the scope of their duties under this Regulation;
entrepreneur
means a natural or legal person running a business, regardless of its legal form, including partnerships or associations that conduct regular business activities;
supervisory authority
means an independent public authority set up by a Member State in accordance with Article 51 of the REGULATION ON THE PROTECTION OF PERSONAL DATA ;
cross-border processing
means processing of personal data that takes place in the Union within the activities of organizational units in more than one Member State of an administrator or processor in the Union with organizational units in more than one Member State; or the processing of personal data that takes place in the Union within the framework of a single administrative unit of an administrator or processor in the Union but which significantly affects or can significantly affect the data subject in more than one Member State;
relevant and reasoned objection
means an objection to the draft decision as to whether there has been a breach of this Regulation or whether the intended action towards the controller or processor complies with this Regulation, which must clearly show the importance of the draft decision of the risk of breach of the basic the rights or freedoms of the data subjects and, where applicable, the risk of disrupting the free flow of personal data in the Union;
customer
means the person whose data is being processed or another natural or legal person.

The legal basis for this information is the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general data protection regulation).