cart-logo
0

Public Offer

GDPR Information on the Processing of Personal Data of Consumers Submitting Claims or Complaints

 

I. [Data Administrator]

 

The administrator of personal data is LBC2019 spółka z ograniczoną odpowiedzialnością [limited liability company] (NIP: 7010968698, KRS: 0000826204) at 4B/2 Stawki Str., 00-193 Warsaw.


II. [Purposes, Legal Basis, and Retention Period of Personal Data Processing]

 

The administrator processes personal data for the following purposes:

1) accept and review the claim/complaint, investigate all circumstances, provide a response, and take any necessary actions to resolve the issue based on the consent given by the complainant/reporting party. By applying to the administrator, the complainant/reporting party provides explicit consent to the processing of personal data included in the claim/complaint, as well as any other information necessary for its consideration (Article 6(1)(a) in connection with Article 4(11) of the GDPR). The data will be processed for the period necessary to resolve the issue;

2) suppose the claim/complaint contains special categories of personal data, particularly health-related data—whether included in the content of the claim/complaint or the attached documents—explicit consent must be provided directly by the consumer. This can be done by including the following statement in the claim/complaint:

“I consent to the processing of my personal data, including special categories of personal data contained in my complaint or claim, and data necessary for the administrator to consider my claim/complaint (Article 6(1)(a) and Article 9(2)(a) of the GDPR)”;

3) the provided consent may be withdrawn at any time without affecting the lawfulness of processing before the withdrawal; withdrawal of consent will prevent further consideration of the complaint or claim by the administrator;

4) the data contained in the claim/complaint that is processed to clarify the circumstances of the issue and to consider the claim/complaint may be further processed by the administrator to determine, pursue or defend claims directly or indirectly related to the claim/complaint, which is based on Article 6(1)(f), and in the case of special categories of personal data – Article 9(2)(f) of the GDPR – for a period of:

a) one year from the date of the response – in standard cases, if the reporting party does not submit further requests or complaints. In the case of documents concerning the settlement of the complaint, this period results from the Accounting Act,

b) limitation period for claims, i.e., as a rule, for 3 years from the receipt of the claim/complaint under the Civil Code. In the case of ongoing proceedings – until the final conclusion of the proceedings and until the expiry of new limitation periods for claims – in complicated, non-standard cases or if the complainant/ reporting party has made further claims, complaints or pursued further proceedings before state authorities.

 

III. [Disclosure of Personal Data]

 

  1. The administrator may disclose the personal data of the complainant/reporting party in the event of the initiation of proceedings by the complainant/reporting party or by the administrator under the obligations or administrator’s rights arising from legal provisions to external law firms cooperating with the administrator, as well as to postal operators and couriers.

  2. The personal data of the complainant/reporting party may be disclosed to entities cooperating with the administrator based on a written agreement for the entrusting of the personal data processing to fulfil the tasks and services specified in the agreement for the administrator, particularly in the fields of IT services, administrative, legal, or advisory services.

     

IV. [Rights of Persons Whose Personal Data is Being Processed]

 

  1. Every person whose data is being processed has the right to:

  1. access – to obtain confirmation from the administrator as to whether his/her personal data is being processed. If data about a person is being processed, s/he is entitled to access it and obtain the following information: the purposes of the processing, categories of personal data, recipients or categories of recipients to whom the data has been or will be disclosed, the period of data storage or the criteria for determining it, as well as the right to request rectification, deletion, or restriction of personal data processing, and to object to such processing (Article 15 of the GDPR).

  2. obtain a copy of the data – to receive a copy of the data subject to processing with the first copy provided free of charge. For subsequent copies, the administrator may impose a reasonable fee based on administrative costs (Article 15(3) of the GDPR).

  3. rectify data – to request the rectification of incorrect personal data concerning him/her or the completion of incomplete data (Article 16 of the GDPR).

  4. delete data – to request the deletion of personal data if the administrator no longer has a legal basis for processing it or if the data is no longer necessary for processing (Article 17 of the GDPR).

  5. restrict processing – to request the restriction of personal data processing (Article 18 of the GDPR) in the following cases:
    a) when the person whose data is being processed questions the accuracy of the personal data – for a period allowing the administrator to verify its accuracy,
    b) when the processing is unlawful, and the person whose data is being processed objects to the deletion of the data, requesting instead the restriction of its use,
    c) when the administrator no longer needs the data, but it is needed for the person whose data is being processed to establish, pursue, or defend legal claims,
    d) when the person whose data is being processed has objected to the processing – until it is determined whether the administrator’s legitimate grounds override the objection of the person whose data is being processed.

  6. transfer data – to receive personal data concerning him or her in a structured, commonly used, and machine-readable format, which s/he has provided to the administrator, and to request that these data be sent to another administrator, provided that the data are processed based on the consent of the person whose data is being processed or an agreement concluded with him or her, and provided that the processing is carried out by automated means (Article 20 of the GDPR).

  7. object – to object to the processing of his or her personal data for the legally justified purposes of the administrator, for reasons related to his or her particular situation, including profiling. In such a case, the administrator assesses whether there are important legitimate grounds for processing that override the interests, rights, and freedoms of the person whose data is being processed or the establishment, exercise, or defence of legal claims. If, according to the assessment, the interests of the person whose data is being processed outweigh those of the administrator, the administrator will be obliged to cease processing the data for these purposes (Article 21 of the GDPR).

  8. withdraw consent – to withdraw consent at any time and without providing a reason. However, the processing of personal data carried out before the withdrawal of consent will remain lawful. Withdrawal of consent will result in the administrator ceasing to process personal data for the purpose for which the consent was expressed.

a.To exercise the above-mentioned rights, the person whose data is being processed should contact the administrator using the provided contact details and specify which right s/he wishes to exercise and to what extent.

 

V. [President of the Personal Data Protection Office]

 

The person whose data is being processed has the right to file a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office at 2Stawki Str. The office can be contacted in the following ways:

  1. by mail: 2 Stawki Str., 00-193 Warsaw;

  2. via the email address available on the website: https://www.uodo.gov.pl/pl/p/kontakt;

  3. by phone: (22) 531 03 00.


VI. [Data Protection Officer]

 

The person whose data is being processed may also contact the administrator's Data Protection Officer directly:

  1. By email at the email address: contact@alisme.com

  2. By mail, using the correspondence address provided above, with the note: „Data Protection Officer”


VII. [Legal Acts Referred to in This Clause]

 

  1. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of  April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC  (Official Journal of the European Union L 119, 2016, p. 1);

  2. Article 74(2)(6) of the Act of September 29, 1994, on Accounting (consolidated text of Polish Journal of Laws of 2018, item 395, as amended);

  3. Article 118 of the Act of  April 23, 1964, – Civil Code (consolidated text of Polish Journal of Laws of 2018, item 1025, as amended).

 

© 2025 All rights reserved by Alís. Powered by Shopify.