The controller of the personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), , hereinafter referred to as the “GDPR”) is Neurohm sp. z o.o. sp.k., with its registered office in Warsaw (00-586), Poland, at 9/2 Flory St., entered in the National Court Register under entry no. 0000449548, registered by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register, NIP 7010369265, REGON 146535475.
In order to payment process, User has provide the following data: company name, country, city, zip code, address, tax id (if applicable).
Payer’s data given by the User are used (processed) by the Service Provider for following purposes:
- performance of the service, registration and management of the Account (Art. 6 Sec. 1 letter (b) of GDPR);
- the processing is necessary in order for the Service Provider to comply with any legal or regulatory obligations, especially tax and accounting obligations (Art. 6 Sec. 1 letter (c) of GDPR);
- the processing is necessary for the establishment, exercise or defence of legal claims – these processing activities are necessary for the Service Provider’s legitimate business interest in the establishment, exercise or defence of legal claims (Art. 6 Sec. 1 letter (f) of GDPR).
The Service Provider may disclose the Payer’s personal data to following recipients: employees and co-workers of the Service Provider, IT service providers, entities providing advisory and legal services, banks, entities operating the module instant payments at the Website.
The Service Provider may disclose the Payer’s personal data to the enforcement and judicial authorities or to the other entities entitled to receive them under the law, if there are justifiable legal ground for such action.
The Service Provider does not intend to transfer the Payer’s personal data to a third country or international organization outside the European Economic Area.
The Service Provider will not make automated decision making towards Account Holder’s, including profiling.
The Payer’s personal data will be processed for the period necessary to achieve the purposes for which the data is processed (see above) or until the objection (if the ground of processing is the legitimate interest of the Service Provider) – depending on which event occurs earlier.
Later, the Service Provider will retain the Payer’s personal data as long as the duration of applicable limitation period under applicable law or the obligation to store data arising from the provisions of law (e.g. tax law) expires – depending on which event occurs later.
The rights of Account Holder
- the right to request access to the Payer’s personal data;
- the right to request rectification of the Payer’s personal data;
- the right to request erasure of the Payer’s personal data;
- the right to restrict processing of Payer’s personal data;
- the right to receive the Payer’s personal data, which User has provided to the Service Provider, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller;
- the right to object to processing of the Payer’s personal data, if the ground of the processing is the legitimate interest of the Service Provider
In order to exercise the above rights, please contact the Service Provider, using the above-mentioned contact details.
In addition, the User has the right to lodge a complaint with the supervisory body dealing with the protection of personal data (pol. Prezes Urzędu Ochrony Danych Osobowych), if User thinks that the data processing violates the GDPR.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Service Provider as a controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in particular, the Service Provider protects the personal data of the Users from making them available to the unauthorized persons, as well as from loss or damage.
Any additional questions and information related to personal data may be directed to the Service Provider at the following email address: email@example.com