English

The rules for the processing of personal data by Autenti Sp. z o. o

On 25 May 2018 the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) came into force. The regulation imposes a number of new obligations on all entities that collect, process and use personal data. At Autenti sp. z o.o., we treat care of personal data as the highest priority. The security of your data is at least as important to us as the quick and convenient operation of the services we offer.

Information obligation under article 13 of the GDPR

Who is processing your data?

The administrator of your personal data is: Autenti spółka z ograniczoną odpowiedzialnością with its registered office in Poznań at ul. Święty Marcin 29/8, entered into the register of entrepreneurs kept by the District Court for Poznań – Nowe Miasto and Wilda in Poznań under the following number: KRS 0000436998 (hereinafter “Autenti”) – operator of the website available under the name “Autenti” – an internet platform available at www.autenti.com (hereinafter the “Autenti Platform”).

Where do we get your data from?

We have received your data from you in connection with your acceptance of the Autenti Platform Terms & Conditions:

  • when creating an account on the Autenti Platform or
  • when signing the Autenti Platform or rejecting the signature

and later, in connection with optional activities performed by you on the Autenti Platform as part of your Account settings (provided that the account has been activated by you).

What is the purpose and legal basis for the processing of your personal data by Autenti?

Your data is processed by Autenti in order to:

  1. perform the agreement for the provision of services specified in the Regulations of the Autenti Platform (pursuant to art. 6 it. 1 letter b of the GDPR) e.g.;
    • providing the service by electronic means and full use of the Autenti Platform, including sending documents and placing signatures, electronic seals or other statements,
    • setting up and managing your account or accounts and providing service for your account, document handling and solving technical problems,
    • handling submissions that you send to us (e.g. through the contact form);
  2. fulfilment of the Administrator’s legal obligation (pursuant to art. 6 it. 1 let. c and it. 3 of the GDPR) e.g.
    • for tax and accounting purposes,
    • handling complaints in the event that the User makes such a complaint,
  3. implementation of the legitimate interests of Autenti (pursuant to art. 6 it. 1 let. f of the GDPR): marketing of own products or services,
  4. pursuing or securing claims or defending against them (pursuant to Art. 6 it. 1 let. f of the GDPR).
  5. on the basis of your consent, e.g.
    • for the provision of the newsletter service by Autenti,
    • marketing of products or services through the Trusted Partners with whom Autenti cooperates. By Trusted Partners we mean entities with which Autenti cooperates in the implementation or promotion of services specified in the Regulations of the Autenti Platform. The list of Trusted Partners can be found on the website Authenti.pl.

Is it necessary for you to provide your data?

We require you to provide the following personal data in order to be able to conclude and perform the contract concluded with you, and thus provide you with the service:

  • name, surname, e-mail address, password (if you use the Personal Account option) or
  • name, surname, email address, password, telephone number and information about the company and its address (if you use the Account for Companies).

Providing data is voluntary but required. If you do not provide this personal data, unfortunately we will not be able to conclude a contract with you and, consequently, you will not be able to use the Autenti Platform.

What rights do you have in relation to the Company when it comes to data processing?

You have the right to:

  • access to your data and rectify it, 
  • remove it, 
  • limit the processing, 
  • transfer your data, 
  • lodge an objection to processing of personal data for the purposes of the legitimate interests of Autenti, or to processing for direct marketing purposes, 
  • the right to withdraw the consent granted to us at any time without affecting the legality of the current processing (if the processing is based on consent),
  • lodge a complaint to the supervisory authority when you believe that the processing of your personal data violates the provisions of the GDPR.

If you have questions, want to exercise your right or have any other doubts – contact our Data Protection Officer. You will find the contact details below.

Who do we share your personal data with?

We provide your personal data to the parties to the documents or transactions processed that you conclude on the Autenti Platform and to entities supporting us in the provision of electronic services, i.e. those that provide payment, credit, insurance services, provide consulting or auditing services, support the service of Autenti Platform users, provide technical services incl. hosting (including data storage in the so-called cloud), regarding the development and maintenance of IT systems and websites, support the promotion of offers, cooperate in marketing campaigns. We may also transfer your personal data to public authorities fighting against fraud and abuse for the purposes of criminal proceedings.

How long do we store your data for?

Your personal data is processed in order to perform the agreement for the provision of services specified in the Autenti Platform Terms & Conditions and to fulfil the legal obligation, they will be kept for the duration of the agreement, and after its expiry for the period necessary to:

  1. after-sales customer service (e.g. handling complaints);
  2. securing or pursuing claims;
  3. if necessary – proper provision of services in accordance with the Autenti Platform Terms & Conditions, including documenting declarations of will made towards other Users, if any of the other Users still use Autenti services;
  4. compliance with a legal obligation of the Administrator (e.g. arising from tax or accounting regulations).

Personal data that we process for the purposes of marketing our own products or services, based on a legitimate legal interest, will be processed until your objection is raised.

The data processed on the basis of your consent is processed until it is withdrawn. After the processing period ends, the data is permanently destroyed or anonymised.

In the case of organisation of loyalty programs, contests and promotional campaigns, in which you can participate, we will process your data for the duration of those events and the period of handing out prizes. For the purpose of accountability, i.e. proving that the provisions on the processing of personal data are abided by, we will store the data for a period in which Autenti is obliged to keep the data or documents containing the data in order to document the fulfilment of legal obligations as well as allowing for public authorities to control the fulfilment of legal obligations.

Your personal data will be processed in an IT environment, which means that it may also be temporarily stored and processed in order to ensure the security and proper functioning of IT systems, e.g. in connection with backing up, testing changes in IT systems, detecting irregularities or protecting against abuse and attacks.

Do we transfer your data to countries outside of the European Economic Area?

Your personal data may be transferred outside the European Economic Area (EEA) to entities that meet an adequate level of protection, through:

  1. cooperation with bodies processing personal data in countries with reference to which a specific decision has been issued by The European Commission;
  2. use of standard contractual clauses issued by the European Commission;
  3. using binding corporate rules, approved by a proper supervisory body;
  4. other security that meets the appropriate level of protection based on appropriate legal security.

Do we process your personal data automatically (including via profiling) in a way that impacts your rights?

Your personal data may be processed automatically (including in the form of profiling); however, this will not have any legal consequences in relation to you or similarly will not significantly impact the situation that you are in.

Profiling personal data by Autenti consists in the processing of your data (also in an automated manner), by using it to evaluate some information about you, in particular to analyse or forecast personal preferences and interests, as well as for internal statistics, product evaluation, primarily its functionality.

How to contact us for additional information on the processing of your personal data?

Write to the personal data inspector designated by Autenti, using the contact details provided below:

  • Data Protection Officer: Agata Kolorz,
  • e-mail address: iod@autenti.com,
  • postal address: Data Protection Officer Autenti sp. z o.o, ul. Leona Henryka Sternbacha 1 (Building L1), 30-394 Kraków

Detailed rules for the processing of personal data are contained in our Privacy Policy.

 

Information obligation under article 14 of the GDPR

Where do we get your data from?

We have received your data from the Autenti Platform User in order to send you a document.

The administrator or entity providing us with your personal data is the relevant Account User in the Autenti Platform, and our platform plays only a technical role in handling the signing process. Upon signing or rejecting it in the Autenti Platform, the Administrator of your personal data will be Autenti spółka z ograniczoną odpowiedzialnością with its registered office in Poznań at ul. Święty Marcin 29/8, entered into the register of entrepreneurs kept by the District Court for Poznań – Nowe Miasto i Wilda in Poznań under the following number: KRS 0000436998 (hereinafter referred to as „Autenti”) – operator of the internet service made available under the name “Autenti” – internet platform available at the address www.autenti.com (hereinafter referred to as “Autenti Platform”).

What is the purpose and legal basis for the processing of your personal data by Autenti?

Until the signature is placed or rejected, as well as if you do not take any action, your Autenti data will be processed for the purpose of:

  1. implementation of the legitimate interests of Autenti (pursuant to art. 6 it. 1 let. f of the GDPR): consisting in striving to perform the services specified in the Autenti Platform Terms & Conditions for the User of the Autenti Platform Account, the transfer of which is initiated by this User (i.e. handling the process of sending documents to you)
  2. pursuing or securing claims or defending against them (pursuant to Art. 6 it. 1 let. f of the GDPR
  3. on the basis of your consent, e.g. marketing of own products or services or of Trusted Partners with whom Autenti cooperates. By Trusted Partners we mean entities with which Autenti cooperates in the implementation or promotion of services specified in the Autenti Platform Terms & Conditions. You can see the full list of Trusted Partners on our website Autenti.pl

Is it necessary for you to provide your data?

We require confirmation of the personal data sent to us by you in order to be able to conclude and perform the agreement concluded with the User of the Autenti Platform Account. The data provided to us by the User of the Autenti Platform Account is the name, surname, e-mail address and telephone number. Data confirmation is voluntary, but required in the process of signing or rejecting the document. If you do not confirm this personal data, the service initiated by the Autenti Platform User will not be performed and the document will not be signed or rejected.

After signing or rejecting the document sent to you, Autenti will become the Administrator of your data in connection with the process conducted.

What rights do you have in relation to the Company when it comes to data processing?

You have the right to access your data and the right to rectify, delete, limit processing, the right to transfer data, the right to object to data processing based on the legitimate interest of Autenti or to processing for direct marketing, the right to withdraw your consent at any time without affecting for the lawfulness of processing (if the processing takes place on the basis of consent), which was made on the basis of the consent before its withdrawal.

You have the right to lodge a complaint to the supervisory authority when you believe that the processing of your personal data violates the provisions of the GDPR.

Who do we share your personal data with?

We provide your personal data to the parties to the documents or transactions processed that you conclude on the Autenti Platform and to entities supporting us in the provision of electronic services, i.e. those that provide payment, credit, insurance services, provide consulting or auditing services, support the service of Autenti Platform users, provide technical services incl. hosting (including data storage in the so-called cloud), regarding the development and maintenance of IT systems and websites, support the promotion of offers, cooperate in marketing campaigns. We have the right to transfer your personal data to public entities fighting frauds and abuse.

How long do we store your data for?

Your personal data will be processed until an effective objection is made. If the processing is based on consent, the data is processed until it is withdrawn.

Do we transfer your data to countries outside of the European Economic Area?

Until the signature is submitted or rejected, your personal data will not be transferred outside the European Economic Area.

Do we process your personal data automatically (including via profiling) in a way that impacts your rights?

Your personal data may be processed automatically (including in the form of profiling); however, this will not have any legal consequences in relation to you or similarly will not significantly impact the situation that you are in.

Profiling of personal data by Autenti consists in processing your data (including in an automatic way) by using it to assess some information about you, especially for the purpose of analysis of forecast of personal preferences or interests.

How to contact us for additional information on the processing of your personal data?

Write to the personal data inspector designated by Autenti, using the contact details provided below:

  • Data Protection Officer: Agata Kolorz,
  • e-mail address: iod@autenti.com,
  • postal address: Data Protection Officer Autenti sp. z oo, ul. Leona Henryka Sternbacha 1 (Building L1), 30-394 Kraków

Detailed rules for the processing of personal data are contained in our Privacy Policy.

Broker ID Information obligation under article 13 and 14 of the GDPR

Who is processing your data?

The administrator of your personal data is: Autenti spółka z ograniczoną odpowiedzialnością with its registered office in Poznań at ul. Święty Marcin 29/8, entered into the register of entrepreneurs kept by the District Court for Poznań – Nowe Miasto i Wilda in Poznań under the following number: KRS 0000436998 (hereinafter referred to as „Autenti”) – operator of the internet service made available under the name “Autenti” – internet platform available at the address www.autenti.com (hereinafter referred to as “Autenti Platform ”) and Broker ID services.

Where do we get your data from?

We have received the e-mail address and / or telephone number from the person or entity requesting verification of your personal data (hereinafter the “User”) in order to send you activation links for the verification process at Broker ID.

We have received your data from you in connection with your consent to identify your personal data on the basis of the Broker ID Regulations (hereinafter also as “Regulations”):

  • during the verification process triggered on the mobile device by the link sent to your phone number
  • during the verification process triggered by the link received from the person requesting verification
  • during the verification process triggered by the link in the email you received.

What is the purpose and legal basis for the processing of your personal data by Autenti as part of Broker ID?

Your Autenti data as part of Broker ID is processed in order to:

  1. performance of the contract concluded on the basis of the Regulations or a separate contract (art. 6 it. 1 letter b of the GDPR). If a specific identification method is used, we may also process your biometric data (Art. 9 it. 2 let. a of the GDPR).
  2. fulfilment of the Administrator’s legal obligation resulting from tax law, accounting law and the Act on trust services and electronic identification (art. 6 it. 1 let. c and it. 3 of the GDPR),
  3. implementation of the legitimate interest of the Administrator, i.e. pursuing or securing any claims or other requests of third parties, including public authorities (art. 6 it. 1 let. f of the GDPR).

Is it necessary for you to provide your data?

We require you to provide the following personal data in order to be able to conclude and perform the agreement concluded with you, and thus provide you with the service, and to perform the agreement concluded with the User consisting in transferring the result of the identification of your personal data to the User:

  • name and surname, e-mail address, telephone number, date of birth, PESEL number, identity document number and / or other data required to carry out verification with the selected ID Method, including biometric data.
  • the selected ID Methods may also include images or videos of the Identity’s ID or face.

Providing personal data by you is voluntary, however, the consequence of refusing to consent to the identification or failure to provide the requested personal data under Broker ID will be the inability to carry out the personal data or identity requested by the User.

What rights do you have in relation to Authentic when it comes to data processing?

You have the right to:

  • access to your data and rectify it, 
  • remove it, 
  • limit the processing, 
  • transfer your data, 
  • object to data processing based on the legitimate interest of Autenti, 
  • the right to withdraw the consent granted to us at any time without affecting the legality of the current processing (if the processing is based on consent),
  • lodge a complaint to the supervisory authority when you believe that the processing of your personal data violates the provisions of the GDPR.

If you have questions, want to exercise your right or have any other doubts – contact our Data Protection Officer. You will find the contact details below.

Who do we share your personal data with?

We provide your personal data:

  • To the user by providing the verification results. This person will receive only such data, the provision of which is necessary for the performance of the agreement between the Administrator and the User, based on the User’s request and applicable law. The Administrator is not responsible for the unlawful processing of personal data by the User.
  • suppliers who participate in the provision of Broker ID, including entities providing technical services, including hosting. They may process personal data or anonymised information to enable the Administrator to achieve the goals resulting from the Regulations,
  • to other third parties if the Administrator has a reason to believe it is necessary; to comply with applicable law or an order or subpoena or other legal process; to investigate, prevent or act on illegal activities; suspected fraud, breach of the terms of the Regulations or situations related to threats to the property or property of the Administrator or the safety of any person or third party, as well as to establish, protect or exercise the Administrator’s rights or defend the Administrator against legal claims.

How long do we store your data for?

Your personal data is processed in order to perform the agreement for the provision of services specified in the Broker ID Regulations and in order to fulfil the legal obligation, will be stored for the duration of the agreement, and after its expiry for a period not longer than required by the legitimate interest of Autenti, i.e. investigation or securing any claims or other requests of third parties, including public authorities (Art. 6 it. 1 let. f of the GDPR).

Your personal data will be processed in an IT environment, which means that it may also be temporarily stored and processed in order to ensure the security and proper functioning of IT systems, e.g. in connection with backing up, testing changes in IT systems, detecting irregularities or protecting against abuse and attacks.

Do we transfer your data to countries outside of the European Economic Area?

Your data will not be transferred outside the European Economic Area.

Do we process your personal data automatically (including via profiling) in a way that impacts your rights?

Your personal data will be processed in an automated manner (including in the form of profiling). Profiling may also involve the verification of your image, including biometric data. Conducting the verification may have legal effects on you or similarly significantly affect your situation, depending on the process or purpose for which the identification is carried out for the User. 

How to contact us for additional information on the processing of your personal data?

Write to the personal data inspector designated by Autenti, using the contact details provided below:

  • Data Protection Officer: Agata Kolorz,
  • e-mail address: iod@autenti.com,
  • postal address: Data Protection Officer Autenti sp. z o.o, ul. Leona Henryka Sternbacha 1 (Building L1), 30-394 Kraków

Detailed rules for the processing of personal data are contained in our Privacy Policy.

Autenti contractor – Information obligation under article 13 of the GDPR

The administrator of your personal data is: Autenti spółka z ograniczoną odpowiedzialnością with its registered office in Poznań at ul. Święty Marcin 29/8, entered into the register of entrepreneurs kept by the District Court for Poznań – Nowe Miasto and Wilda in Poznań under the following number: KRS 0000436998 (hereinafter “Autenti”) – operator of the website available under the name “Autenti” – an internet platform available at www.autenti.com (hereinafter the “Autenti Platform”).

Personal data processed by Autenti may come from the Client or Autenti’s contractor or another entity contacting Autenti, or from publicly available sources – in particular from the National Court Register and the Court and Economic Monitor.

The categories of personal data of persons associated with commercial companies or other entities (e.g. members of the bodies of these entities), including beneficial owners, are the same as the categories derived from publicly available sources (e.g. KRS) or categories provided by the client or contractor of Autenti or by another entity contacting Autenti.

What is the purpose and legal basis for the processing of your personal data by Autenti?

Autenti processes personal data for the purpose of:

  1. conclusion or performance of a contract between Autenti and an entity with which a given natural person is related or on behalf of which it acts, as well as for the purposes of verification of this entity (e.g. Customer, Autenti Contractor or other entity contacting Autenti) and ongoing contact with this entity – (6 it. 1 let. b and f of the GDPR.
  2. performance of activities resulting from generally applicable legal provisions in connection with running a business activity, in particular in connection with the fulfilment of obligations arising from tax and accounting regulations, as well as provisions regulating the conduct of proceedings by authorized bodies – (Art. 6 it. 1 let. c) of the GDPR);
  3. pursuing or securing claims or defending against them – (art. 6 it. 1 let. f of the GDPR);
  4. archival (evidence) consisting in securing information in the event of the need to prove facts or demonstrate fulfilment of the obligation incumbent on Autenti – (6 it. 1 let. f of the GDPR).

Authorization to Autenti in the field of processed data.

Under the GDPR, a natural person has the right to:

  • access to its data and rectify it, 
  • remove it, 
  • limit the processing, 
  • transfer their data, 
  • lodge an objection to processing of personal data for the purposes of the legitimate interests of the Autenti, or to processing for direct marketing purposes, 
  • the right to withdraw the consent granted to us at any time without affecting the legality of the current processing (if the processing is based on consent),
  • lodge a complaint to the supervisory authority when you believe that the processing of your personal data violates the provisions of the GDPR.

If you have any questions, wish to exercise the above rights or have any other doubts – please contact the Data Protection Officer. The contact details are below.

Who do we share personal data with? 

Personal data may be made available to the following entities:

  1.  public authorities, institutions or third parties authorized to request access or receive personal data on the basis of applicable law;
  2. entities entrusted with the processing of personal data by Autenti or made available this data on the basis of concluded contracts, e.g. IT service providers or providing technical services, including hosting companies, debt collection companies, consulting and auditing companies, law firms, companies providing postal or courier services, accounting offices.

How long do we retain personal data?

Personal data will be kept for the period necessary to establish cooperation and then the validity of the contract, and after its expiry, depending on the purpose for which the data is processed. The period during which your personal data shall be stored is calculated based on the following criteria:

  • accounting, for a period of 5 years from the beginning of the year following the financial year in which the operations, transactions or proceedings related to the concluded contract were finally completed, paid off, settled or expired;
  • tax, for a period of 5 years, counting from the end of the calendar year in which the tax obligation resulting from the settlement of the concluded contract arose;
  • within the scope of Autenti’s performance of activities resulting from generally applicable legal regulations – for the period resulting from these provisions
  • to fulfil the legitimate interests of Autenti constituting the basis for such processing for the period necessary to fulfil this purpose or until an objection to such processing is raised, unless there are legitimate grounds for further data processing by Autenti;
  • in the scope of establishing and pursuing own claims or defence against reported claims – until the potential claims under the contract or otherwise are time-barred.

Your personal data will be processed in an IT environment, which means that it may also be temporarily stored and processed in order to ensure the security and proper functioning of IT systems, e.g. in connection with backing up, testing changes in IT systems, detecting irregularities or protecting against abuse and attacks.

Do we transfer your data to countries outside of the European Economic Area?

Your personal data may be transferred outside the European Economic Area (EEA) to entities that meet an adequate level of protection, through:

  1. cooperation with bodies processing personal data in countries with reference to which a specific decision has been issued by The European Commission;
  2. use of standard contractual clauses issued by the European Commission;
  3. using binding corporate rules, approved by a proper supervisory body;
  4. other security that meets the appropriate level of protection based on appropriate legal security.

Do we process personal data automatically (including through profiling) in a way that affects the rights of the data subject?

Autenti does not process personal data in an automated manner.

How to contact us for additional information on the processing of your personal data?

If you have any questions, please contact the Personal Data Inspector appointed by Autenti, using the contact details provided below:

  • Data Protection Officer: Agata Kolorz,
  • e-mail address: iod@autenti.com,
  • postal address: Data Protection Officer Autenti sp. z oo, ul. Leona Henryka Sternbacha 1 (Building L1), 30-394 Kraków