GDPR information notice

1. Data controller

The controller of personal data is Decent Code Sp. z o.o., ul. Młynarska 29, 58-300 Wałbrzych, Poland (registered office address only, no on-site client service), NIP 886 301 65 19, REGON 388 952 820, KRS 0000904994, share capital PLN 10,000, e-mail: firma@decentcode.pl.

Contact for personal data matters: firma@decentcode.pl.

2. Purposes and legal bases of processing

This notice applies to persons contacting Decent Code, persons indicated as Client representatives or contact persons, Legal Kanban Users and persons using forms on the website.

Data may come directly from the data subject, from the Client indicating contact persons or Users, or from technical activity on the website.

We process data to handle enquiries, prepare offers, conclude and perform agreements, create and operate Accounts, provide support, manage billing, handle complaints, ensure system security and pursue or defend claims.

The legal basis for processing is Article 6(1)(b) GDPR (conclusion or performance of an agreement), Article 6(1)(c) GDPR (legal obligations, in particular tax and accounting obligations), Article 6(1)(f) GDPR (legitimate interest of the Controller, such as B2B contact, security, service development and claims protection) and Article 6(1)(a) GDPR where processing is based on consent.

3. Retention period

Data related to an agreement and Account is stored for the term of the agreement and then for the limitation period for claims. Billing data is stored for the period required by tax and accounting regulations, generally 5 years from the end of the year to which it relates.

Data from forms and correspondence is stored for the time needed to handle the matter and then for the period needed to demonstrate the course of contact or defend claims. Data processed on the basis of consent is stored until consent is withdrawn.

4. Data recipients

Data may be transferred to providers of hosting, IT infrastructure, e-mail, forms, security tools, accounting, legal services, payments, technical support and to authorities or entities authorised under law.

If analytics tools are used, data may be transferred outside the EEA on the terms described in the Privacy Policy and Cookie Policy.

5. Rights of persons

You have the right to access data, rectify data, erase data, restrict processing, data portability, object to processing based on legitimate interest and withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

You also have the right to lodge a complaint with the President of the Polish Personal Data Protection Office.

6. Voluntary provision of data

Providing data is voluntary, but may be necessary to handle an enquiry, conclude an agreement, create an Account, provide support or comply with legal obligations. Failure to provide required data may prevent these actions.

7. Client Data in the system

If data concerns persons whose data has been entered into Legal Kanban by the Client, the Client is generally the controller of such data and Decent Code acts as processor. In such situation, requests concerning data may require involvement of the Client as data controller.

8. Automated decisions

The Controller does not make decisions concerning persons based solely on automated processing that would produce legal effects or similarly significantly affect those persons.