1. The Personal Data Controller for the website at www.syenbi.pl, hereinafter referred to as the Website, is Syenbi Sp. z o.o., with its registered office at ul. Podmiejska 1, 01-498 Warsaw, entered into the Register of Entrepreneurs maintained by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register, under KRS number: 0000287784, NIP: 5213457223, REGON: 141069761.

2. Respecting your rights as data subjects and in compliance with applicable data protection laws, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter referred to as GDPR), the Polish Personal Data Protection Act of 10 May 2018 (Journal of Laws, item 1000, hereinafter referred to as the Act), and other relevant provisions, we are committed to safeguarding the security and confidentiality of personal data obtained from you. All employees have been appropriately trained in personal data processing, and our company, as the Data Controller, has implemented proper technical and organizational measures to ensure a high level of data protection. We have introduced procedures and data protection policies compliant with GDPR, ensuring lawful processing and enforcement of your rights as data subjects. If necessary, we cooperate with the supervisory authority in Poland, i.e. the President of the Personal Data Protection Office (PUODO).

3. Any inquiries, requests, or complaints related to the processing of personal data by our company (the Data Controller), hereinafter referred to as Submissions, should be directed to the following e-mail address: rodo@syenbi.pl or in writing to the following postal address: ul. Podmiejska 1, 01-498 Warsaw.

4. Each Submission should clearly specify:
a) the personal data of the individual(s) concerned,
b) the event that is the reason for the Submission,
c) the request and its legal basis,
d) the preferred method of resolving the issue.

5. Through our Website, we collect the following personal data:
a) First and last name – processed when users (including clients or potential clients) provide this data via email, contact form, postal mail, or phone in order to use the Website’s services,
b) Phone number – processed during phone contact or when provided via email, contact form, or postal mail, to enable contact regarding services or in emergencies,
c) Email address – processed for contact purposes, service confirmations, and to respond to inquiries,
d) Business address and Tax ID (NIP) – collected from entrepreneurs for invoicing or tax documentation,
e) IP address – collected for technical purposes and may be used for statistical and demographic analysis (e.g. connection region),
f) Other data – possibly provided during specific cases via email, contact form, phone, or post.

6. Providing the data listed above is necessary in particular for:
a) using services available through our Website,
b) fulfilling service orders placed via the Website,
c) responding to your inquiries and enabling communication.

7. Our Website uses Cookies to tailor its operation to your individual preferences. You may consent to having your entered data remembered for future visits. This data is not accessible to other website owners. If you do not agree to this personalization, we recommend disabling Cookies in your browser settings.

8. As a user of our Website, you may decide whether and to what extent you wish to use our services and provide your personal data, in line with this Privacy Policy.

9. In accordance with the principle of data minimization, we only process personal data that is necessary to achieve the purposes outlined in sections 5 and 6.

10. Personal data is processed only for the period necessary to fulfill the purposes stated in sections 5 and 6. Data may be stored longer if required by applicable law or if services are continuous in nature.

11. The source of personal data processed by the Data Controller is either the data subjects themselves or clients providing databases for the purpose of service provision.

12. The legal basis for processing your personal data includes:
a) Art. 6(1)(b) GDPR – necessity for the performance of a contract or to take steps prior to entering into a contract,
b) Art. 6(1)(f) GDPR – legitimate interests of the Controller (e.g. for asserting or defending legal claims),
c) Art. 6(1)(a) GDPR – your consent, where no other legal basis applies.

13. Personal data is not transferred to third countries or international organizations within the meaning of the GDPR. If such transfer occurs, you will be informed in advance, and safeguards as outlined in Chapter V of the GDPR will be applied.

14. Personal data is not disclosed to third parties without your explicit consent. Exceptions apply only to public entities such as tax authorities, law enforcement, or other institutions authorized by law.

15. Personal data may be processed by third-party entities on behalf of the Data Controller. In such cases, a data processing agreement is signed. These entities process data solely for the purposes and within the scope specified in the agreement. We entrust personal data for processing to entities:
a) providing hosting services for the Website,
b) providing other services necessary for Website operations.

16. The Data Controller does not subject personal data to profiling.

17. In accordance with GDPR, each person whose data is processed by the Controller has the right to:
a) be informed about data processing (Art. 12 GDPR),
b) access their data (Art. 15 GDPR),
c) correct or update their data (Art. 16 GDPR),
d) erase their data (“right to be forgotten”, Art. 17 GDPR),
e) restrict data processing (Art. 18 GDPR),
f) data portability (Art. 20 GDPR),
g) object to data processing (Art. 21 GDPR),
h) not be subject to automated decision-making or profiling (Art. 22 GDPR),
i) lodge a complaint with a supervisory authority (Art. 77 GDPR, PUODO in Poland).

18. The right to erasure (right to be forgotten) does not apply if:
a) processing is necessary for exercising the right to freedom of expression or information,
b) processing is required for legal compliance,
c) processing is necessary for the establishment, exercise, or defense of legal claims.

19. If you wish to exercise any of the rights listed in section 17, please send a message via email or post to the addresses indicated in section 3.

20. Any data security breach is documented. If the incident meets the conditions set out in the GDPR or the Act, affected individuals and the supervisory authority (PUODO) are notified.

21. Capitalized terms have the meanings assigned to them in the Website’s Terms of Use, unless otherwise specified in this Privacy Policy.

22. In matters not covered by this Privacy Policy, applicable laws shall apply. In case of any inconsistency, legal provisions take precedence.