Privacy policy

§ 1. Content of this document

1. This document is a collection of information regarding the processing of personal data and other information related to the use by users of the website of Focus Consulting sp. z o.o. available at: https://www.focusconsulting.pl/.
2. This document includes in particular information that the Personal Data Administrator is obliged to make available to data subjects in connection with the processing of personal data and other information.
3. Detailed information on the use of cookies or other similar technologies can also be found in the Cookie Policy available on the Website.

§ 2. Definitions

Whenever the Privacy Policy mentions:

1. Administrator - this should be understood as the Personal Data Administrator;
2. Website – this should be understood as the website of Focus Consulting sp. z o.o. available at: https://www.focusconsulting.pl/.
3. User – this should be understood as a natural person who uses the Website;
4. Focus Consulting - this should be understood as Focus Consulting Sp. z o. o. based in Warsaw, ul. Twarda 18, 00-105 Warsaw, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw. Warsaw in Warsaw, XII Commercial Division of the National Court Register under number 0000469123, with NIP: 8522603664, share capital: PLN 30,000.00.

§ 3. Personal Data Administrator

1. The administrator of Personal Data of people using the Website is Focus Consulting Sp. z o. o. based in Warsaw, ul. Twarda 18, 00-105 Warsaw, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw. Warsaw in Warsaw, XII Commercial Division of the National Court Register under number 0000469123, with NIP: 8522603664, share capital: PLN 30,000.00.
2. You can contact the Personal Data Administrator:
   • In writing to the address available on the website: https://www.focusconsulting.pl/pl/kontakt/
   • Via the contact form available on the website: https://www.focusconsulting.pl/pl/kontakt/
   • By e-mail to the following address: biuro@focusconsulting.pl
   • By phone at: +48 514 361 336

§ 4. Type, purposes, legal basis for the processing of personal data

1. In order to ensure the proper operation of the Website, Users' personal data are processed, including:
   • information contained in cookies or other similar technologies, session data;
   • system logs that contain this data are used only to administer the website and to ensure the most efficient operation of the services provided. Browsed resources are identified by URL addresses. In addition, the following may be recorded: the time of arrival of the query, the time of sending the response, the name of the User's station - identification carried out by the HTTP protocol, information about errors that occurred during the HTTP transaction, the URL address of the page previously visited by the user, participant (referrer link) - in if the Website was accessed via a link, information about the browser, information about the IP address, information about the end device.
2. Data referred to in section 1 letter b) they are not associated with specific people browsing the Website, but in combination with other information they may constitute personal data and therefore the Administrator provides them with full protection under the GDPR.
3. Information contained in cookies defined as Necessary is processed pursuant to Art. 6 section 1 letter f) GDPR as part of the Administrator's legitimate interest in ensuring the proper functioning of the Website, i.e. providing functions such as navigation on the Website and access to its secured areas. Without these cookies, the website cannot function properly.
4. The information contained in cookies defined as Functional, Analytical, Advertising and without an assigned category is processed on the basis of Art. 6 section 1 letter a) GDPR, i.e. based on the consent granted.
5. The information contained in Functional and Performance cookies is processed in order to save information that changes the appearance or functioning of the Website.
6. The information contained in cookies defined as Analytical is processed in order to determine the behavior of people visiting the Website and Users.
7. The information contained in cookies defined as Advertising is processed in order to display advertisements that are relevant and interesting for individual users, in particular corresponding to their preferences.
8. In order to properly provide services provided via the Website, in particular using the contact form and the "Find a grant" form, Users' personal data are processed, including:
   • Name;
   • Last name;
   • E-mail adress;
   • Phone number;
   • Company name, in the case of Users who are natural persons running a business;
   • NIP number, in the case of Users who are natural persons running a business;
   • Address of business activity, in the case of Users who are natural persons running a business.
9. Data referred to in section 8 are processed pursuant to Art. 6 section 1 letter a) GDPR.
10. When completing the "Contact Form", information necessary to contact the User is collected, such as: name, surname, e-mail address, telephone number. Providing data is voluntary, but must enable us to contact the User.
11. The data provided when subscribing to the newsletter will be used only to send it to the e-mail address provided by the User. It is possible to unsubscribe from receiving the newsletter at any time.
12. In the event of undertaking an investigation regarding a possible violation of the provisions of the regulations or legal provisions, principles of social coexistence or good manners, proceedings to pursue claims by the Administrator or other Users, as well as defense against claims of these entities, the Administrator may process personal data of specific Users, in in particular specified in section 1, 8, based on the Administrator's legitimate interest in pursuing or defending against claims.
13. If it is necessary to communicate with Users, the Administrator may process personal data including the e-mail address, based on the Administrator's legitimate interest in conducting communication for purposes related to the functioning of the Website.
14. If the User consents to the processing of personal data for marketing purposes, the Administrator may process personal data including:
    • User's name and surname,
    • e-mail adress.
15. In the case of personal data processing based on consent, it is possible to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
16. You can change your cookie consent at any time using the "Cookie Policy" button. Moreover, the User may withdraw his/her consent at any time by changing the web browser settings regarding the admissibility of using cookies or other similar technologies.
17. In other cases, withdrawal of consent is possible by contacting the Administrator in the manner specified in § 3 section. 2.

§ 5. Time of personal data processing

1. Personal data processed on the basis of consent (Article 6(1)(a) or Art. 9 section 2 letter a) GDPR) are processed until it is revoked.
2. Personal data processed for the purpose of concluding or performing a contract (Article 6(1)(b) of the GDPR) will be processed until the claims arising from this contract expire.
3. Personal data processed on the basis of the legal obligation imposed on the Administrator will be processed for the period specified in the law.
4. Personal data processed on the basis of the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) will be processed until this interest is realized, but no longer than for a period of 2 years from the end of the calendar year in which they were obtained.
5. In any case, the period of personal data processing may be extended until the claims expire.

§ 6. Data Recipients

1. The Administrator may transfer Users' personal data to recipients operating outside the Administrator's structure to achieve the purposes listed in § 4 to the extent necessary for their implementation. The recipients of the data are:
2. entities to which personal data must be made available under the law, in particular public administration bodies such as tax administration bodies. Data may also be made available to the authorities of other EU Member States and courts to the extent provided for by Community or national law;
3. entities with which the Administrator cooperates in order to perform its tasks, exercise rights or fulfill obligations, in particular those providing IT, debt collection, HR, accounting, transport, marketing, archiving or document destruction services;
4. entities that are independent data controllers, in particular such as:
   • entities providing legal, auditing and tax advisory services;
   • certifying entities, i.e. those granting and verifying the authorizations held;
   • entities conducting payment activities (banks, payment institutions);
   • entities providing courier or postal services;
   • entities providing training services.
5. By cooperating with the entities referred to in section 1 letter b The Administrator entrusts them with personal data to the extent necessary to fulfill their tasks and obligations. By concluding appropriate contractual provisions and using other measures, such as controls, entrusted personal data are processed in a way that protects privacy.
6. The administrator has no influence on the method and scope of personal data processing by the entities referred to in section 1 letter c.

§ 7. Transfer of data to third countries

Users' personal data will be processed in a country located in the European Economic Area, hereinafter referred to as the EEA.

If information is to be transferred outside the European Economic Area, it will be done only as part of the procedures required by the provisions on the protection of personal data.

§ 8. Automated decision-making and profiling

1. Users' data cannot be processed in an automated manner so that any decisions could be made regarding them.
2. Users' data may be profiled in order to adapt the content and personalize the offer after they express their consent.

§ 9. Rights of data subjects

1. Every data subject has the right to:
   1. access to data - obtaining confirmation from the Administrator whether her personal data is being processed. If data about a person is processed, he or she is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or about the criteria for determining them, on the right to request rectification, deletion or limitation of the processing of personal data of the data subject, and to object to such processing (Article 15 of the GDPR);
   2. receive a copy of the data - obtain a copy of the data subject to processing;
   3. rectification - request the correction of incorrect personal data concerning him or her, or the completion of incomplete data;
   4. deletion of data - request deletion of personal data if the Administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing;
   5. processing restrictions - requests to limit the processing of personal data when:
      • the data subject questions the accuracy of the personal data - for a period enabling the Administrator to check the accuracy of these data,
      • the processing is unlawful and the data subject objects to their deletion and requests restriction of their use,
      • The administrator no longer needs this data, but they are needed by the data subject to establish, pursue or defend claims,
      • the data subject has objected to the processing - until it is determined whether the legally justified grounds on the part of the Administrator override the grounds for the data subject's objection;
   6. data transfer - receiving personal data concerning her in a structured, commonly used, machine-readable format, which she provided to the Administrator, and requesting that these data be sent to another Administrator, if the data is processed on the basis of the consent of the data subject concern or a contract concluded therewith and if the data are processed in an automated manner;
   7. objection - objecting to the processing of her personal data for the legally justified purposes of the Administrator, for reasons related to her particular situation, including profiling. The Administrator then assesses the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject are more important than the interests of the Administrator, the Administrator will be obliged to stop processing data for these purposes;
   8. withdraw consent at any time and without giving reasons, but the processing of personal data carried out before the withdrawal of consent will still remain lawful. Withdrawal of consent will result in the Administrator ceasing to process personal data for the purpose for which the consent was expressed
2. Of the rights indicated in section 1 can be used by contacting the Administrator in the manner specified in § 3 section 2
3. To ensure that the applicant is entitled to exercise the rights set out in paragraph 1 The administrator may ask the applicant to provide additional information enabling identification.

§ 10. President of the Data Protection Office

The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2, which can be contacted as follows:

1. by post: ul. Stawki 2, 00-193 Warszawa;
2. via the Office's electronic inbox;
3. by phone: (22) 531 03 00

§ 11. Obligation to provide data

1. Providing the data referred to in § 4 section 8 voluntary, but necessary to contact the Administrator. If you refuse to provide this data, it will not be possible to contact the Administrator via the Website.
2. In the remaining scope, providing personal data is voluntary, but refusing to provide it may prevent:
   • achieving full comfort of using the Website - in the case referred to in § 4 section 5;
   • keeping statistics on the functioning of the Website and improving the quality of the services provided by the Administrator - in the case referred to in § 4 section 6;
   • displaying tailored marketing content - in the case referred to in § 4 section 7, which will not affect the number of displayed ads;
   • using the Website – in other cases.

§ 12. Changes to the Privacy Policy

1. The Privacy Policy may be supplemented or updated in accordance with the Administrator's current needs in order to provide current and reliable information regarding the processing of personal data.
2. The Administrator will inform about any changes to the Privacy Policy on the Website, and the Users will be informed additionally by a message within the internal communication system of the Website.
3. This Privacy Policy is valid from December 12, 2023.