Privacy Policy

Protection and Processing of Personal Data

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27\u00a0April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the\u00a0General Data Protection Regulation – GDPR), MonTe Biuro Rachunkowe s.c. provides the following information on the rules for processing personal data and on the rights available to data subjects.

1. Data Controller

The Data Controller of your personal data is:
MonTe Biuro Rachunkowe s.c.
ul. Myśliwska 8, 30-718 Kraków, Poland
(hereinafter referred to as the “Controller”).

2. Contact for Data Protection Matters

For any matters related to the processing of personal data, please contact the Controller:
by email: kontakt@montebiuro.pl

3. Purposes and Legal Bases for Processing

Your personal data are processed for the following purposes:

• Entering into and performing contracts for accounting, tax advisory and payroll services — Art.\u00a06(1)(b) GDPR (performance of a contract)
• Maintaining accounting records and financial settlements — Art.\u00a06(1)(b) and (c) GDPR (contract performance and legal obligation)
• Fulfilling legal obligations arising from tax, accounting and social insurance law — Art.\u00a06(1)(c) GDPR (legal obligation)
• Responding to client enquiries and correspondence — Art.\u00a06(1)(f) GDPR (legitimate interest of the Controller)
• Marketing of the Controller's own services — Art.\u00a06(1)(f) GDPR (legitimate interest) or Art.\u00a06(1)(a) GDPR (consent, where required by applicable law)
• Establishing, asserting or defending legal claims — Art.\u00a06(1)(f) GDPR (legitimate interest)
• Website analytics and statistical analysis — Art.\u00a06(1)(a) GDPR (consent via the cookie consent banner)

4. Categories of Personal Data Processed

The Controller may process in particular:

• identification and contact data (name, address, email, phone number),
• financial and tax data,
• employee data of clients, in the scope required for payroll and HR administration,
• data contained in accounting documents,
• online identifiers (e.g.\u00a0IP address, cookie identifiers).

5. Recipients of Personal Data

Recipients of personal data may include entities cooperating with the Controller, in particular:

• providers of accounting and IT systems,
• hosting and email service providers,
• legal and advisory service providers,
• banks and payment operators,
• postal operators and courier companies,
• public authorities – to the extent required by applicable law,
• analytics tool providers (Google Ireland Limited).

6. International Transfers of Personal Data

The use of Google Analytics may involve the transfer of personal data outside the European Economic Area (EEA).

Such transfers are carried out in accordance with the GDPR, in particular on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission, which provide appropriate safeguards for the protection of personal data.

7. Retention Periods

Personal data will be retained for the period:

• necessary for the performance of the contract and delivery of services,
• required by applicable law, in particular tax and accounting regulations (generally 5\u00a0years from the end of the tax year),
• until the statute of limitations for claims has expired,
• until withdrawal of consent – for data processed on the basis of consent,
• until a valid objection is raised – for data processed on the basis of legitimate interest for marketing purposes.

8. Automated Processing and Profiling

Data may be processed in an automated manner for statistical purposes (Google Analytics). No decisions producing legal effects or similarly significantly affecting data subjects are made solely by automated means.

9. Rights of Data Subjects

Under the GDPR, you have the following rights regarding your personal data:

• Right of access – to obtain confirmation of whether the Controller processes your data and to receive a copy,
• Right to rectification – to have inaccurate or incomplete data corrected,
• Right to erasure (“right to be forgotten”) – to request deletion of data in circumstances provided by law,
• Right to restriction of processing – to request that processing be limited in certain circumstances,
• Right to object – to object to processing based on legitimate interest or for direct marketing,
• Right to data portability – to receive your data in a structured, machine-readable format and transfer it to another controller,
• Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal,
• Right to lodge a complaint with the President of the Polish Personal Data Protection Office (UODO) at ul.\u00a0Stawki\u00a02, 00-193 Warszawa, Poland, or with the supervisory authority in your country of residence.

10. Voluntary Provision of Data

The provision of personal data is voluntary; however, it is necessary for concluding a contract and delivering services. Failure to provide the required data will prevent the Controller from performing the services.

11. Cookies

This website uses cookies as described in the Cookie Policy.

The Controller uses Google Analytics\u00a04 for website analytics and traffic measurement. Detailed information on how cookies operate is available in the separate Cookie Policy.