What is the Privacy Policy of the www.ptpodatki.pl website and cookies

The Privacy Policy of the www.ptpodatki.pl website (hereinafter the “Website”) and cookies contains information regarding the processing and protection of your personal data processed by Paczuski Taudul Doradcy Podatkowi sp. z o.o. with its registered office in Warsaw (hereinafter the “Controller”) in connection with the Controller’s business activity, as well as data collected in connection with your visiting and use of the Website, which are required pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”).

When visiting or using the Website, additional information may be collected, e.g. navigation data, data concerning the IP address, browser type, operating system, session duration, information about the source of traffic on the Website, data concerning activity on the Website, including on individual subpages, etc. As a rule, such data does not constitute personal data, as it does not allow identification of a natural person. However, in some cases, where it is linked to a specific person, it may be considered personal data. In such a case, the provisions of this Privacy Policy shall apply accordingly, including with respect to the purposes and legal bases of processing, rights granted, data recipients or transfer of data to third countries.

This Privacy Policy also contains information regarding the use by the Controller of cookies or other similar technologies appearing on the Website.

Who is the Controller and how to contact it

The Controller of your personal data is Paczuski Taudul Doradcy Podatkowi Sp. z o.o. with its registered office in Warsaw, ul. Giełdowa 7/9.

The Controller has not appointed a Data Protection Officer. The Controller may be contacted at the above correspondence address or at the email address: rodo@ptpodatki.pl

For what purposes and on what legal bases we process your personal data

1. Use of the Website

The Controller, by making the content available on the Website, processes the data of persons visiting or using the Website on the following bases:
a) for the purpose of providing services by electronic means – on the basis of Article 6(1)(b) GDPR (necessity for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract);
b) for analytical and statistical purposes - on the basis of Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in analysing the behaviour of persons visiting or using the Website in order to assess interest in the content posted by the Controller on the Website and to improve the services provided by the Controller) – the rules for processing data for this purpose have been described in detail in point 11 below;
c) for the purpose of ensuring the security of the Website and the Controller’s IT system – which constitutes the legitimate interest of the Controller (Article 6(1)(f) GDPR).

2. Newsletter

The Controller offers the possibility to subscribe to newsletters containing legal and tax information, educational content, information about events and updates of the Controller, such as e.g. “Tax Alert”, “Przekrój Podatkowy”, “Analiza podatkowa”. For the purpose of sending newsletters, the Controller processes the data of persons who have subscribed, such as: email address, subscription date, dates of sending individual newsletters, the date of unsubscribing, information on actions taken in connection with the messages sent.

The data provided when subscribing to the newsletter is processed by the Controller on the basis of Article 6(1)(a) GDPR (consent of the data subject – expressed when subscribing to the newsletter), whereas data collected automatically by the system used for sending newsletters is processed on the basis of Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in analysing the behaviour of newsletter subscribers in order to assess interest in the content sent by the Controller and to improve the services provided by the Controller).

3. Communication: telephone contact, email correspondence, traditional correspondence, contact forms

The Controller enables contact by telephone, via e-mail or traditional mail and through contact forms. For this purpose, the Controller processes the data of contacting persons, in particular: telephone number, first name, last name, e-mail address, company / place of work, correspondence address or other data contained in the content of the message.

The data is processed on the basis of Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in the need to ensure contact with the Controller in order to handle a matter or in connection with the Controller’s business activity).

4. Organisation of online or on-site events

The Controller organises online or on-site events. In order to enable participation in these events, the Controller collects data of persons registering for events or participating in them.

In connection with the organisation of online or on-site events, the Controller processes only data necessary for registration and organisation of the event, which generally include: e-mail address or other contact details, first name, last name, name of the company in which the person registering or participating in the event works. The legal basis for data processing in this case is Article 6(1)(a) GDPR (consent of the person registering for or participating in the event) and Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in organising the event and analysing the satisfaction of its participants in order to improve the quality of the services provided).

5. Maintaining profiles in social media on LinkedIn and YouTube

The Controller maintains profiles in social media on LinkedIn and YouTube and in this connection processes the data of persons who visit these profiles and leave their data there.

Personal data is processed by the Controller for the purpose of operating a given profile and for statistical and analytical purposes on the basis of Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in promoting its own brand and analysing the behaviour of persons visiting the Controller’s profiles in social media, in order to improve the quality of the services provided by the Controller).

Use of the above social media platforms is subject to the terms and privacy policies of the administrators of those platforms. In case of doubts or questions regarding the use of your personal data by individual platforms, you should familiarise yourself with their terms and policies.

6. Podcast handling

The Controller, in order to inform about its activity and promote its own brand, runs the podcast “Podkast podatkowy Paczuski Taudul”. The Controller hosts the podcast on the Spreaker platform. In order to facilitate listening, the Controller provides links and embedded players of external providers – Spotify and Apple Podcasts.

Playing the podcast results in the transmission of information, which generally does not constitute personal data (in particular IP address, data concerning the browser and device and data concerning the content listened to) to the operator of the given player. However, in some cases Apple may link this data with the user’s Apple ID account. In addition, if you leave comments on a given platform, the Controller may process data from the comments. In such a case, the data is processed on the basis of the legitimate interest of the Controller (Article 6(1)(f) GDPR) consisting in promoting its activity and analysing the behaviour of persons listening to the podcast, in order to optimise the Controller’s activities in this respect.

Use of services enabling listening to podcasts is subject to the terms and privacy policies of the administrators of those services. In case of doubts or questions regarding the use of your personal data by individual services, you should familiarise yourself with their terms and policies.

7. Complaints

For the purpose of handling complaints, the Controller processes personal data of persons submitting complaints, in particular: e-mail address, first name and last name, and possibly other personal data obtained in the course of handling the complaint.

This data is processed on the basis of Article 6(1)(b) GDPR (necessity for the performance of a contract), Article 6(1)(c) GDPR (necessity to fulfil a legal obligation incumbent on the Controller resulting from legal provisions regarding the obligation to handle complaints) or on the basis of Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in the need to contact clients, client personnel or contractors in connection with handling complaints).

8. Confirmation of recruitment

The Controller processes the data of persons interested in employment or cooperation with the Controller. When applying for a position with the Controller, only information relevant to the purpose of participation in recruitment should be included in the CV.

Personal data in connection with recruitment is processed by the Controller on the following bases:
a) where the intended form of employment is an employment contract and the data is processed only within the scope resulting from labour law provisions - Article 6(1)(c) GDPR (legal obligation incumbent on the Controller);
b) where the intended form of cooperation is a civil law contract – Article 6(1)(b) GDPR (necessity to take steps at the request of the data subject prior to entering into a contract);
c) where data beyond the scope indicated by labour law provisions is processed or data is processed for future recruitment – Article 6(1)(a) GDPR (consent of the candidate);
d) where verification of the candidate’s qualifications or skills takes place – Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in the need to verify the candidate in order to propose a position corresponding to their skills and appropriate terms of cooperation).

9. Data of clients, contractors or their personnel

In connection with concluding contracts within the conducted business activity, the Controller collects personal data of its clients, contractors, their contact persons or personnel. In such a case, depending on the situation, the Controller separately provides persons whose data is concerned with detailed information regarding the processing of their personal data or obliges its clients or contractors to do so.

Personal data in such cases, depending on the situation, is processed by the Controller on the following bases:
a) Article 6(1)(b) GDPR;
b) Article 6(1)(c) GDPR;
c) Article 6(1)(f) GDPR.

10. Establishment, exercise or defence of claims

The Controller may process selected personal data for the purpose of establishing, pursuing or defending claims on the basis of Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in the defence of its rights).

11. Statistics and analysis of the use of the Website

For the purpose of improving the quality of its services, the Controller processes statistical and analytical information regarding the use of the Website, including information about the session, IP number, amount of time spent on individual pages and subpages, use of particular service functionalities, information about the device and web browser. Detailed information on the use of cookies or other similar technologies is provided below.

If such information is considered to constitute personal data – it is processed in accordance with Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in assessing interest in the content posted on the Website, facilitating the use of the Website, improving the quality and functionality of the services provided), and its processing does not infringe the rights and freedoms of the data subjects. This information is not used for any additional purposes, and due to the nature of the website service, adjusting the way the Website content is displayed, facilitating the use of the Website and improving the quality of services is not only a market standard but also an expectation of Users towards website providers.

12. Marketing

The Controller processes personal data for the purpose of carrying out marketing activities such as:
a) informing about conferences, training sessions or other events within the Controller’s activity or content appearing on the Website – in such a case the legal basis is Article 6(1)(a) GDPR (consent of the data subject);
b) tailoring displayed marketing content to a given person’s interests – in such a case the legal basis is Article 6(1)(f) GDPR (the legitimate interest of the Controller consisting in analysing the behaviour of recipients of information in order to improve the quality of the services provided).

To whom we disclose your personal data

Your personal data is disclosed to entities cooperating with the Controller for the purpose of providing services to the Controller such as: hosting and Website maintenance, IT services, marketing and PR services, consulting, legal, advisory, accounting, recruitment services. In such a case, the basis for the transfer of your personal data are data processing agreements concluded by the Controller with service providers.

Moreover, the Controller may be obliged to provide certain information to public authorities or other authorised entities on the basis of legal provisions.

Transfer of personal data to third countries

Your personal data will, as a rule, not be transferred to third countries (countries outside the European Economic Area - EEA). However, due to the Controller’s use of tools of external entities, certain information which, in the Controller’s assessment, does not constitute personal data as it does not allow identification of a natural person, may be transferred to third countries, in particular to the United States of America (USA).

In the event that your personal data is transferred to third countries, the Controller will apply appropriate instruments to ensure the security of your personal data.

How long we process your personal data

The period of processing of individual personal data by the Controller depends on the service provided and the purpose of processing. As a rule, personal data is processed only for the time necessary to perform individual services and until:
a) the expiry of limitation periods in relation to data processed for the purpose of establishing, pursuing or defending claims,
b) an effective objection is raised — in relation to personal data processed on the basis of the Controller’s legitimate interest or for marketing purposes;
c) withdrawal of consent — in relation to personal data processed by the Controller on the basis of consent.

What rights you are entitled to

In connection with the processing of your personal data by the Controller, you are entitled to the right to access your data and to receive a copy thereof, to request rectification, erasure, restriction of processing, the right to data portability as well as to object to the processing of your personal data.

With regard to data processed on the basis of your consent, you have the right to withdraw your consent at any time and without giving any reason, without affecting the lawfulness of processing carried out before its withdrawal.

In order to exercise the above rights, you should contact the Controller and inform it which right you wish to exercise and to what extent.

The right to lodge a complaint with the President of the Personal Data Protection Office

You have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office.

Whether providing personal data is mandatory

Providing personal data is voluntary, however, depending on the circumstances, refusal to provide such data or a request for its deletion may prevent the Controller from, for example, contacting you, providing you with information about the offer, events and activities of the Controller, performing a service or concluding a contract.

Automated processing of personal data

Your personal data is not subject to profiling as a form of automated processing of personal data.

Cookies

The Controller uses cookies via the Website. Cookies are small text files sent by the Website and stored on your end device. They make it possible, among others, to determine the number of views of websites, the use of individual functionalities, and proper handling of the current session.

For what purposes the Controller uses cookies

The Controller uses cookies for the following purposes:

• Ensuring proper functioning of the Website – the Controller uses cookies to enable efficient and ergonomic use of the Website and to allow you to use its various functionalities;
• Statistics of Website use - the Controller examines how the Website is used, develops statistics and analyses of the ways the Website is used, e.g. views of individual subpages, use of individual functionalities. Statistics and analyses enable the Controller to improve the Website and adapt it to your preferences;

Security – the Controller uses cookies to protect the Website and its users against spam.

What cookies are used by the Controller

The cookies used by the Controller are:

• session, which are created and exist only during the browser session. They are necessary for the proper functioning of individual elements of the Website and proper display of the Website, including its individual subpages;
• persistent – files stored on your end device for the time specified in the parameters of cookies or until they are deleted;
• analytical - used for statistics regarding the use of the Website and information about your activity on individual subpages of the Website.

The Controller uses its own cookies and other similar technologies, which, in addition to information about user activity, may include information about the IP address, general location, type of device, and uses services of other entities, including:

• Google Analytics – a tool enabling the collection of data on the activity of Website users, including the amount of time spent on individual subpages, interest in content placed on the Website or use of its functionalities,
• Spotify – a tool enabling playback of the podcast “Podkast Podatkowy Paczuski Taudul” directly from the Website,
• Apple Podcasts - a tool enabling playback of the podcast “Podkast Podatkowy Paczuski Taudul” directly from the Website,
• YouTube - a tool enabling playback of recordings available on YouTube directly from the Website.

Possibility of managing cookies

You may independently manage cookie settings and preferences for using individual websites. For this purpose, you should change your browser settings. Most commonly used web browsers allow you to block all or some cookies and to delete stored files. Browsers also allow the use of incognito mode, which automatically prevents the installation of cookies. However, restrictions on the use of cookies may affect certain functionalities of the Website.

Changes to the Privacy Policy

The Privacy Policy may be supplemented or updated in accordance with the current needs of the Controller in order to ensure up-to-date and reliable information regarding the processing of your personal data. You will be informed about any changes to the Privacy Policy on the Website.

2. The current version of the Privacy Policy is effective as of 01.11.2025.