Privacy Policy

We take the protection of your privacy and personal data very seriously. In this Privacy Policy, we inform you about the extent and purpose for which we process your personal data in connection with the use of our electronic services. Please read this document carefully.

Who is responsible for your personal data?

We, Gamfi Sp. z o.o., located at Aleje Jerozolimskie 94, 00-807 Warsaw, registered in the District Court for the capital city of Warsaw, XII Commercial Division under the number KRS 0000351370, NIP 5342441276, REGON 142281049 ("Company"), will be the Administrator responsible for all personal data that you provide to us in connection with our business relationship.

For what purposes do we use your personal data?

We will process your personal data exclusively for the following purposes ("permissible purposes"):

- Conducting marketing activities by using the data you provided for direct marketing of our services and products;
- Profiling your preferences and interests best to tailor our marketing communications and product and service offers to your needs. The basis for profiling your preferences and interests includes:
   - data provided by you and collected from publicly available sources, which we collect in systems supporting the proper implementation of the services we provide (e.g., CRM-type systems),
   - automatically recorded and stored (including in cookies) data about your activity on our websites.

The result of profiling is making available to you content tailored to your interests through our websites, by email, telephone, or on websites not related to us by entities that provide us with advertising services (including websites belonging to advertising networks such as Google, Facebook, Twitter, or LinkedIn).

- Communicating with you through channels you have approved to receive current, latest announcements, special offers, and other information about services offered by the Company (including through marketing newsletters), as well as information about events and projects;
- Managing and conducting special events, including parties and customer surveys, marketing campaigns, market analyses, lotteries, contests, or other promotional activities or events;
- Maintaining security and protecting our services, websites, or other systems, preventing and detecting security threats, fraud, and other criminal or harmful activities.

In relation to marketing communication tools (i.e., emails and telephone conversations), where legally permitted, we will provide you with such information after prior acceptance. We will enable its withdrawal if you no longer wish to receive communications related to our activities.

We will not use your personal data to make any automated decisions concerning you or to create profiles other than those described above. Article 6 of the European General Data Protection Regulation (GDPR) contains the legal bases for processing your personal data. Depending on the above permissible purposes for which we use your personal data, its processing is necessary for the performance of a contract or another business agreement with us, required to comply with our legal obligations, or necessary for our legitimate interest, always provided that your interests or fundamental rights and freedoms do not override. Additionally, processing may be based on your consent if it has been explicitly given to us.

In the case of direct marketing – conducted through sending a newsletter to the provided email address – the basis for data processing is consent referred to in Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 10 of the Act on Providing Services by Electronic Means. Consent can be withdrawn anytime (using the link in the newsletter content or by writing to gdpr@gamfi.com). Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

Scope of Personal Data

We may particularly collect and process the following categories of personal data:
- In case of consent to the newsletter – email address;
- Contact information, such as full name, address, phone number, mobile phone number, and email address;
- Information related to your place of employment, such as your position, employer's name, company size, etc.;
- Further information related to conducting business necessary for processing within a project or contractual relationship or information voluntarily provided by you, such as applications and projects;
- Information collected from publicly available sources, e.g., databases, provided that we send you an information clause and obtain your consent;
- If required for compliance with the law: information about significant and important legal disputes or other legal proceedings against you or a third party related to you, and information about mutual relations with you that may prove crucial for competition protection purposes.

How Do We Collect Personal Data?

1. We will primarily collect your personal data directly from you, e.g., through forms, etc.
2. Sometimes, we obtain personal data from our partners or through tools that help us create databases in an automated manner. We care about your privacy. If we collect data from partners or the internet through tools, we send you an information clause and ask for your consent.

How Do We Protect Your Personal Data?

We maintain physical, electronic, and procedural safeguards in accordance with the most modern technical requirements and legal regulations in the field of data protection to protect your personal data from unauthorized access or intrusion. These safeguards include implementing specific technologies and procedures to protect your privacy, such as secure servers, firewalls, and SSL encryption. We will always strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data.

Who Will We Share Your Personal Data With?

We may share your personal data with:

- Service providers (so-called data processors) within or outside the Company, domestically or abroad, e.g., shared service centers, instructed by us to process personal data for permitted purposes on our behalf and solely in accordance with our instructions. The Company will retain control, remain fully responsible for your personal data, and use appropriate safeguards required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
- Any courts, law enforcement agencies, regulatory bodies, or lawyers, if legally permitted and necessary, must fulfill a legal obligation or demonstrate, bring, or defend claims.

On the Cookies page, you can find a list of recipients supporting the provision of services by the Administrator.

Where Do We Process Your Personal Data?

The Company operates within Poland. Some of the tool providers are based outside the EEA. In the course of our business activities, we transfer your personal data to recipients in countries outside the European Economic Area ("third countries"). In this respect, we only cooperate with entities verified during the preliminary audit, which have implemented all technical and organizational measures in compliance with GDPR. If you want to know more, write to us at gdpr@gamfi.com.

Is Providing Personal Data Mandatory?

The general rule is that you provide personal data entirely voluntarily (this applies, among others, to the newsletter); in principle, refusal to consent or to provide personal data does not have any negative consequences for you. However, in certain circumstances, the Company may not be able to take action without specific personal data because, for example, these personal data are required to provide access to our content or tools or to conduct legally required compliance checks. In such cases, if you do not provide us with your personal data, we may be unable to provide you with what you requested.

Retention Period of Your Personal Data

- We store your contact data processed based on consent until you object or withdraw your consent.
- Your data obtained in connection with the conclusion of a contract are processed until the end of the period of limitation of potential claims under the contract.
- Based on the Accounting Act, We must store financial data for 5 years.

Your Rights Regarding Data Protection

Subject to certain legal conditions, you have the right to request access to personal data, their correction or deletion, and the restriction of processing and the portability of personal data concerning you. You also have the right to object to processing and to request data portability. In particular, you have the right to request a copy of your personal data that we hold. If you use this option repeatedly, we may charge an appropriate fee.

Suppose you have given us consent to process your personal data. In that case, you can withdraw such consent at any time with effect for the future, i.e., withdrawal of consent does not affect the legality of the processing based on consent before its withdrawal. In case of consent withdrawal, we may still process personal data when there is another legal basis for such processing (e.g., the data controller's legitimate interest related to the need to defend against claims, about which you will be separately informed).

If you have any concerns about how we treat your personal data or wish to file a complaint, you can contact us using the details provided below so that we can investigate the matter. Suppose you are dissatisfied with our response or believe we process your personal data unlawfully. In that case, you can file a complaint with the relevant authority – the Office for Personal Data Protection (see more at uodo.gov.pl).

How to Contact Us?

If you have any questions, want to express your opinion, or assert your rights, please contact us at gdpr@gamfi.com.