This Privacy Notice (the "Notice") provides information on the processing of personal data by i-Technologies (the "Controller") in accordance with applicable data protection laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council (the "GDPR").

1. Data Controller

The controller of your personal data is i-Technologies Sp. z o.o., with its registered office in Kraków, Poland, at ul. Pilotów 2E, 31-462 Kraków, Poland, registered in the National Court Register (KRS) under number 0000257744, NIP 6792891560, REGON 120261472.

2. Data Protection Consultant

The Controller has appointed a Data Protection Consultant – Jakub Liput, who may be contacted regarding all matters related to personal data protection:

• by mail: ul. Pilotów 2E, 31-462 Kraków, Poland
• by email: rodo@i-technologies.pl
• by phone: +48 690 002 751

3. Purposes and Legal Basis for Processing

Your personal data shall be processed for the following purposes:

• for the conclusion and performance of a contract, pursuant to Article 6(1)(b) GDPR (performance of a contract);
• for compliance with legal obligations to which the Controller is subject, pursuant to Article 6(1)(c) GDPR (e.g. accounting and tax obligations);
• for the establishment, exercise, or defence of legal claims, pursuant to Article 6(1)(f) GDPR (legitimate interest of the Controller);
• for direct marketing of the Controller's products and services, pursuant to Article 6(1)(f) GDPR (legitimate interest of the Controller).

4. Recipients of Personal Data

Your personal data may be disclosed to the following categories of recipients:

• public authorities and entities authorised under applicable laws (e.g. tax authorities, courts);
• service providers acting on behalf of the Controller, including providers of accounting, legal, IT, courier, and postal services, based on appropriate data processing agreements.

5. Data Retention Period

Your personal data shall be retained for the following periods:

• for the duration necessary to perform the contract and after its termination, for the period required by applicable law (e.g. accounting regulations);
• until the expiry of limitation periods for potential claims related to the contract;
• where processing is based on consent - until such consent is withdrawn.

6. Data Subject Rights

Subject to applicable law, you have the right to:

• access your personal data and obtain a copy thereof;
• rectify inaccurate or incomplete personal data;
• request erasure of personal data in cases provided by law;
• request restriction of processing;
• data portability;
• object to the processing of personal data, including for direct marketing purposes;
• withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out prior to such withdrawal.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority, in particular the President of the Personal Data Protection Office (PUODO), if you consider that the processing of your personal data violates the GDPR.

8. Voluntary Provision of Data

The provision of personal data is voluntary; however, it is necessary for the conclusion and performance of a contract. Failure to provide personal data may result in the inability to enter into or perform the contract.

9. Automated Decision-Making

The Controller informs that personal data is not subject to automated decision-making, including profiling.