§1

GENERAL PROVISIONS

The administrators of the personal data collected via the www.sabatconsulting.com website are Sabat Consulting S.C., Jan Sabat, and Dorota Sabat. They are registered in the Central Register of Business Activity and Information of the Republic of Poland, maintained by the minister responsible for the economy. Their place of business and delivery address is ul. Józefa Piłsudskiego 14/4, 33-100 Tarnów, NIP: 8732822326, REGON: 851788360. The electronic email address is jan@sabatconsulting.pl, and their telephone number is +48 502 146 443. From this point forward, they will be referred to as the "Administrator" and, simultaneously, as the "Service Provider."

This Regulation governs the processing of personal data collected by the Administrator through the website www.sabatconsulting.com, in accordance with (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, regarding the protection of natural persons in relation to the processing of personal data and the free movement of such data, while repealing Directive 95/46/EC (General Data Protection Regulation), hereafter referred to as the "GDPR."

Any words or expressions capitalized within this Privacy Policy will be understood as defined in the Terms of Service at www.sabatconsulting.com.

 

§2

TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes the personal data of Service Recipients of the www.sabatconsulting.com Website in the case of:

  • Placing an order on the Website to perform the Sales Agreement based on Article 6(1)(b) of the GDPR (performance of the Sales Agreement),

  • Using the Contact Form or the Registration Form, based on Article 6(1)(b) GDPR (interpretation of the agreement for the provision of electronic services by the Terms and Conditions of the Website).

TYPE OF PERSONAL DATA PROCESSED:

  • Name,

  • Company,

  • Tax Identification Number (TIN),

  • Address,

  • Telephone,

  • E-mail address.

PERIOD OF ARCHIVING PERSONAL DATA. The Administrator stores the Service Recipients' data:

  • The basis of data processing is the performance of a contract for as long as necessary according to the version of the agreement and, thereafter, for a period corresponding to the statute of limitations on claims. Unless specified otherwise by a particular provision, the statute of limitations shall be six years, and for periodic performance claims and claims related to running a business, three years.

  • When data processing is based on consent, it continues until the license is revoked. After revocation, it remains valid for a period that corresponds to the limitation period for claims that the Administrator may raise or that may be raised against them. Unless stated otherwise, the limitation period is six years, with three years for claims related to periodic performance and claims associated with conducting business activities.

Additional information may be collected when using the website, mainly the IP address assigned to the Client's computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.

Navigation data may also be collected from Service Recipients, including information on links and references they click on or other actions they take on the Site. The legal basis for such activities is the Administrator's legitimate interest (Article 6(1)(f) GDPR) in facilitating the use of services provided electronically and improving their functionality.

The provision of personal data by the Service Recipient is voluntary.

Personal data will also be processed automatically by profiling, provided the Client consents to this based on Article 6(1)(a) GDPR. Profiling involves assigning a profile to a person to make decisions about them or analyze or predict their preferences, behavior, and attitudes.

The Client has the right to object at any time to the processing of their data as outlined in point 7 of this paragraph. They also have the right to be informed about the methods and scope of personal data profiling, as well as the rights to erasure, restriction, correction, rectification, and transfer of personal data to another entity.

The controller must take special care to protect the interests of the data subjects and must ensure that the data it collects is:

  • processed lawfully,

  • collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes,

  • Substantially accurate and sufficient regarding the purposes for which they are processed and retained in a manner that allows for identifying data subjects no longer than necessary to fulfill the purpose of the processing.

 

§4

SHARING OF PERSONAL DATA

The personal data of the Service Recipients is provided to the service providers used by the Administrator to run the Site. Depending on the contractual arrangements and circumstances, the service providers to whom personal data is transferred are either subject to the Administrator's instructions on processing such data (processors) or determine the purposes and means of processing themselves (controllers).

Service Recipients' data are stored exclusively in the European Economic Area (EEA).

 

§5

THE RIGHT TO CONTROL, ACCESS AND RECTIFY ONE'S DATA

The Data Subject has the right to access their data content and the rights to rectification, erasure, restriction of processing, data portability, to object, and to withdraw consent at any time without affecting the lawfulness of processing carried out based on consent prior to its withdrawal.

Legal grounds for the Service Recipient's request:

  • Access to data - Article 15 GDPR.

  • Rectification of data - Article 16 GDPR.

  • Deletion of data (so-called right to be forgotten) - Article 17 GDPR.

  • Restriction of processing—Article 18 GDPR. The Service Recipient has the right to request that the processing of their data be restricted to a certain period or within a specific scope.

  • Data Portability - Article 20 of the GDPR. To proceed, contact the Administrator, providing the name and address of the entity to which the data will be transferred and the extent of the data. The transfer will occur electronically after the Service Recipient confirms this request.

  • Objection - Article 21 GDPR. The Service Recipient has the right to object to the processing of their data in its entirety and to the extent indicated by them.

  • Withdrawal of Consent - Article 7(3) GDPR. Consent for data processing may be revoked at any time without providing a reason. The request may pertain to the withdrawal of consent for a specific purpose or for all purposes of processing personal data.

To exercise the rights mentioned in point 2, you may send an appropriate email to jan@sabatconsulting.pl or address your request in writing to Józefa Piłsudskiego 14/4, 33-100 Tarnów. In the written or electronic message, please provide as much information as possible regarding the subject of the request, explicitly identifying the right that the Service Recipient intends to exercise under point 2 of this paragraph, along with contact details. The information provided will significantly facilitate and expedite the Administrator's request review.

Suppose the Client requests the exercise of rights under the preceding rights. In that case, the Administrator shall either comply with the request or refuse to comply (point 6 of this paragraph) immediately but no later than within one month of receipt. However, if, due to the complex nature of the request or the number of bids, the Administrator is unable to comply with the request within one month, he shall comply with the request within a further two months, informing the Service Recipient in advance - within one month of receipt of the proposal - of the intended extension of the deadline and the reasons for it.

Suppose it is determined that the processing of personal data violates the provisions of the GDPR. In that case, the data subject has the right to complain to the President of the Data Protection Authority.

The right to erasure ("right to be forgotten") under Article 17(1) and (2) of the GDPR does not apply insofar as the processing is necessary for:

  • To exercise the right to freedom of expression and information, to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the controller is subject, or for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller, for reasons of public interest in the field of public health by Article 9(2)(h) and (i) and Article 9(3) of the GDPR,

  • For archival purposes in the public interest, for scientific or historical research purposes, or statistical purposes by Article 89(1) GDPR, insofar as the right referred to in paragraph 1 of Article 17 GDPR is likely to prevent or seriously impede the purposes of such processing, or for the establishment, investigation, or defense of claims.

 

§6

COOKIES

The Administrator's Website uses "cookies."

The installation of cookies is necessary for the proper provision of services on the Website. Cookies contain the information required for the Website to function properly, and they also allow for the development of general statistics on website visits.

The Website uses two types of "cookies": "session" and "permanent."

  • "Session" cookies are temporary files stored on the service recipient’s final device until the user logs out (leaves the Website).

  • "Permanent" cookies are stored on the Service Recipient's terminal equipment for the time specified in the parameters of the "cookies" or until the Service Recipient deletes them.

The Administrator uses cookies to better understand how the Service Recipients interact with the Website's content. The cookies collect information about how the Client uses the Website, the type of Website from which the Client was redirected, the number of visits, and the length of the Client's visit to the Website. This information does not record specific personal data of the Client but is used to compile statistics on the use of the Website.

The Client has the right to decide on the access of cookies to their computer by selecting them in advance in their browser window. Detailed information on the possibility and methods of using cookies is available in the software (web browser) settings.

Users of the Website may change their cookie settings at any time. These settings can block the automatic handling of cookies by the Internet browser or inform the user of the Website about their placement in their device. Please change your cookie settings so that cookies are placed on your terminal equipment, and we will store information on your terminal equipment and access this information.

Turning off cookies may make it difficult to use certain website services, particularly those requiring a login.

 

§7

FINAL PROVISIONS

The Administrator shall apply technical and organizational measures to ensure the protection of the processed personal data appropriate to the risks and the category of data protected. In particular, the Administrator shall safeguard the data against access by unauthorized persons, taking by an unauthorized person, processing in breach of the applicable regulations, and alteration, loss, damage, or destruction.

The Administrator shall make available appropriate technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.

The provisions of the GDPR and other applicable laws shall apply to matters not covered by this Privacy Policy.

 

END OF PRIVACY POLICY

 

Additional Information:

This Privacy Policy has been prepared in accordance with applicable laws, including the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) of the European Parliament and the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data, repealing Directive 95/46/EC.

We encourage Service Recipients to periodically review our Privacy Policy to remain informed about any changes.

 

Contact Information:

If you have any questions or concerns regarding this Privacy Policy, please reach out to us at:

  • Email: jan@sabatconsulting.com

  • Address: Jan Sabat, ul. Józefa Piłsudskiego 14/4, 33-100 Tarnów, Poland

  • Phone: +48 502 146 443

Date of Last Update: 25 January 2025