Privacy Policy

Information Clause on processing of personal data by Aurora Creation

§ 1

  1. This document defines the objectives, legal grounds and the scope of processing of the personal data collected by Aurora Creation from natural persons (hereinafter also: Client).
  2. Administrator of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repealing of Directive 95/46 / EC (hereinafter: GDPR) is Aurora Creation sp. z o. o with headquarters in Białystok, ul. Dąbrowskiego 28, 15-872 Białystok, NIP: 542-326-75-81, REGON: 366533862, registered in the Register of Entrepreneurs kept by the District Court in Białystok, XII Commercial Division of the National Court Register under the number KRS 0000662567 (hereinafter also: Administrator).
  3. Administrator is committed to ensure that Clients’ personal data is:
    1. processed in accordance with the law, fairly and transparently for the data subject, in particular in accordance with the Act of 10 May 2018 on the protection of personal data, Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repealing of Directive 95/46 / EC;
    2. collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with these purposes;
    3. adequate, relevant and limited to what is necessary for the purposes for which it is processed;
    4. correct and updated if necessary;
    5. kept in a form that allows identification of the data subject for no longer than is necessary for the purposes for which the data are processed;
    6. processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.

§ 2

  1. Administrator processes the personal data that Client provides to him personally or via one of the communication channels indicated on the auroracreation.pl website, i.e. by phone, via e-mail address or via the contact form.
  2. Personal data referred to in Section 2.2 are processed by Administrator for the following purposes:
    1. providing information on Client’s request;
    2. obtaining a quote for the services provided by Administrator for Client;
    3. concluding a contract with Client or providing services to Client;
    4. recruitment;
    5. direct marketing or sending commercial information.
  3. The legal basis for data processing in the scope indicated in Section 2.2 are:
    1. in the scope indicated in Section 2.2 letters a, b, c, d – 6.1 letter b – GDPR;
    2. in the scope indicated in Section 2.2 letters d, e – 6.1 letter f – GDPR.
  4. Providing personal data for the purposes referred to in Section 2.3 letters a – b is voluntary, however, it is necessary that Administrator can perform the actions requested by Client or that the Parties may conclude and perform the contract. Failure to provide personal data may result in the inability to perform the requested action or the conclusion and performance of the contract.
  5. Providing personal data for purposes of direct marketing or commercial communication, as referred to in Section 2.2 letter e is voluntary and requires Client’s clear and separate consent. The refusal to provide data for the above purpose (or consent to the processing of data for the above purpose) results in the fact that Administrator will not be able to send commercial information to Client or use direct marketing. Client may in any case withdraw the consent referred to in this Section.
  6. Personal data processed by Administrator may be made available to entities providing Administrator with various types of services in the field of marketing, advertising, IT, legal, accounting, accounting and hosting. Data processing with the above mentioned entities takes place under an agreement concluded between the processor and Administrator.
  7. Data processed by the Service Provider may be made available to state authorities in connection with public tasks performed by them (e.g. law enforcement authorities in connection with pending proceedings, tax authorities).
  8. Users’ personal data will not be transferred outside the European Economic Area.

§ 3

  1. The service provider will store personal data for a period of time:
    1. if action is taken at the request of the person to whom they relate, before the conclusion of the contract – until the claims arising from the contract concluded as a result of Administrator taking actions at Client’s request expire or until Administrator completes actions taken at the request of Client, if there is no contract between the Parties;
    2. in the case of data processing necessary to perform the contract – until the expiration of the claims resulting from this contract;
    3. in the case of processing necessary for purposes arising from legitimate interests pursued by Administrator – until the effective objection is reported;
  2. Administrator may store Clients’ personal data for a longer period than indicated in Section 1, if it is necessary to fulfil Administrator’s obligation resulting from generally applicable regulations (e.g. for the purposes of tax, court, administrative proceedings etc.).

§ 4

  1. In connection with the processing of personal data by Administrator, Client has the following rights:
    1. the right to request from Administrator access to Client’s personal data;
    2. the right to rectify Client’s personal data;
    3. the right to delete Client’s personal data;
    4. the right to limit the processing of your personal data;
    5. the right to object to the processing of Client data;
    6. the right to transfer Client’s personal data;
    7. the right to bring a complaint to the supervisory authority.

§ 5

The Service Provider informs that it does not take decisions in an automated manner, including profiling referred to in Section 22 .1 and 22.4 GDPR.