Privacy policy

I. Controller

The controller of your personal data is Straal Sp. z o.o., with its registered office in Warsaw, address: Plac Europejski 1, 00-844 Warsaw, Poland, entered in the register of entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw, 12th Commercial Division of the National Court Register under KRS number 0000694017, Tax Identification Number (NIP) 527-282-05-82, REGON number 368238452, share capital of PLN 2 183 100 (“Straal“). If you have any questions with regard to the processing of your data by us or if you wish to exercise your rights, you can contact our data protection officer at [email protected]  or by correspondence at the above-mentioned address.

Please be advised that we have appointed a Data Protection Officer. You can contact our Data Protection Officer directly via e-mail: [email protected].

Straal Sp. z o.o. is a part of Straal Group. Straal Group is formed of the following companies:

Straal Ltd. (company number: 11185551) is an authorized Electronic Money Institution (EMI) incorporated in the UK and regulated by the Financial Conduct Authority under licence reference number 900905. Registration number with the Information Commissioner’s Office (ICO) in the UK is ZB298556.

Straal Ltd. owns UAB Straal Financial Services (CID: 305482443) incorporated in Lithuania and Straal Sp. z o.o. incorporated  in Poland (company number: 0000694017).

II. Purpose and legal basis for the processing of personal data

  1. Do you want to create an account with us?

We collect the personal data required for registration directly from you.

Your personal data is processed in order to provide the service electronically in the form of our internet account.

At registration, we request that you provide us with the following personal data: first name, last name, e-mail, login, password, correspondence address, country and phone. Aside from your personal data, we also request that you provide us with certain corporate information regarding the entity you represent: website address, company details (registered company name, legal form, tax identification number, company registration number, date of incorporation), registered company address, copies of company documentation (certificate of incorporation, memorandum and articles of association etc.), information on what services the company is interested in, settlement details (currency, bank account details etc.).

The legal basis for the processing of your personal data is the necessity to process them in order to perform our services (Article 6 (1) (b) of the GDPR).

Providing personal data is voluntary but necessary to create the internet account. Refusal to provide personal data will result in the inability to create the internet account.

Other data collected by us through the registration form, which may constitute personal data, are collected and processed on behalf of acquirers, who act as data controllers and entrust us with the processing of personal data for the purpose of concluding agreement between you and the acquirers. In such cases, we act as data processors.

  1. Are you interested in participating in our webinar, workshop or consultation?

We collect the personal data required in order to register for the above-mentioned events directly from you.

Your personal data are processed in order to enable you to participate in a webinar, workshop or consultation.

The legal basis for the processing of your personal data is the consent you have expressed by willing to participate (Article 6 (1) (a) of the GDPR). Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

Providing personal data is voluntary but necessary to participate in the webinar, workshop or consultation. Refusal to provide personal data will render such participation impossible.

  1. Are you interested in our commercial information?

Your personal data are processed for the purpose of sending commercial information.

The legal basis for the processing of your personal data is your consent by providing your e-mail address and confirming your willingness to receive commercial information (Article 6 (1) (a) of the GDPR). Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

Providing personal data is voluntary, but providing them is necessary for sending commercial information. Refusal to provide personal data will render such communication impossible.

Remember that if you have agreed to receive commercial information from our business partners, we have provided them with your e-mail address for this purpose.

  1. Are you a party to a contract concluded with us?

If you are a party to a contract with us or you intend to conclude such a contract, the data that we process about you are contact details and other data necessary to conclude the contract. These data were obtained directly from you.

Your personal data are processed for the purpose of:

  1. concluding and performing the contract,
  2. compliance with legal obligations imposed upon us, including particularly accounting activities,
  3. implementation of a legitimate interest, consisting in ensuring the communication necessary to conclude and perform the contract and its ongoing service, providing you with answers to questions, maintaining business contacts, as well as for the establishment, exercise or defence of legal claims.

The legal basis for the processing of your personal data are:

  1. the necessity to process them in order to conclude and perform the contract (Article 6 (1) (b) of the GDPR),
  2. fulfilling our legal obligations (Article 6 (1) (c) of the GDPR),
  3. our legitimate interests (Article 6 (1) (f) of the GDPR) described above.

Providing personal data is voluntary, but it is necessary to establish cooperation and service the contract. Refusal to provide personal data will result in the inability to conclude and perform the contract, including answering the question you asked.

  1. Do you represent our client or contractor?

If you represent our client, contractor or other entity in contact with us (e.g. your employer, customer or contractor), the data we process about you are contact details related to your function or relationship with the entity on behalf of which you are acting. We have obtained this data directly from you or we have received them from this entity.

Your personal data are processed for the purpose of:

  1. compliance with legal obligations imposed upon us, including particularly accounting activities,
  2. implementation of a legitimate interest, consisting in ensuring the communication necessary to service and perform the contract concluded with the entity on behalf of which you are acting, providing you with answers to questions, maintaining business contacts, as well as for the establishment, exercise or defence of legal claims.

The legal basis for the processing of your personal data is:

  1. fulfilling our obligations imposed upon us (Article 6 (1) (c) of the GDPR),
  2. our legitimate interests (Article 6 (1) (f) of the GDPR) described above.

Providing personal data is voluntary, however, it is necessary for the cooperation with the entity you represent. Refusal to provide personal data will result in the inability to maintain contacts necessary for the performance of the contract or answer the question you have asked.

  1. Are you contacting us to submit an application?

In such a case, personal data are processed in order to carry out the recruitment process for the position offered in our structures and to select the appropriate person for employment in the position specified in the job offer, including the assessment of qualifications, abilities and skills of the job candidate.

Depending on whether the recruitment process leads to the conclusion of a contract covered by the employment relationship and thus the provisions of the Labor Code, or leads to the conclusion of a civil law contract or a contract for the provision of services, there are different legal grounds for the processing of personal data:

I. In the case of recruitment for positions for which contracts covered by the employment relationship are provided, and thus the provisions of the Labour Code bind, the legal basis for the processing of personal data is:

a) To the extent resulting from Article 22 (1) of the Labour Code, the legal basis is the legal obligation imposed on the Controller (Article 6 (1) (c) of the GDPR). This applies to such data as: name(s) and surname, date of birth and contact details indicated by the job applicant. If it is necessary to perform work of a certain type or in a specific position, this also applies to information on education, professional qualifications and employment history. The legal obligation on the Controller also includes the data that are necessary to exercise the right or fulfil the obligation resulting from the law.

b) In the case of providing personal data in a wider scope than specified in the provisions of the labour law, the legal basis for their processing in the above-mentioned purpose is consent (Article 6 (1) (a) of the GDPR). This applies to the provision of the results of competency tests, as well as any data contained in the curriculum vitae (CV), cover letter or made available during interviews. We do not require the above data, but we treat their provision as tantamount to consenting to their processing. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

We would like to point out that the provision of personal data indicated in point I lit. a) above is mandatory in the light of applicable labour law provisions. Failure to provide them will result in the inability to participate in the recruitment process. Providing by the job applicant personal data indicated in the point I lit. b) above is voluntary. We declare that the failure to provide such data may not be the basis for unfavourable treatment of the job applicant, and may not cause any negative consequences for them, especially it may not be a reason justifying the refusal of employment.

II. In the case of recruitment for positions for which there are envisaged civil law contracts or contracts for the provision of services, the legal basis for the processing of personal data is consent (Article 6 (1) (a) of the GDPR). This applies to all data contained in the curriculum vitae (CV), cover letter or made available during interviews.

We would like to point out that the provision of personal data by the job applicant for the purpose of concluding the indicated contracts is voluntary, as consent is required to do so. However, we would like to point out that consent to the processing of such personal data by us as: name(s) and surname, date of birth and contact details and – within certain positions – information about education, professional qualifications and the employment history, is necessary to the given application was taken into account within the recruitment process.

  1. Above points do not apply to you and just want to contact us?

Since we want to keep in touch with you, we have created accounts on social media networks where you can visit us and interact with us (e.g. leave a comment, like a post or share it). In this case we process your personal data. Detailed rules for the processing of your personal data can be found in the Social Media Policy published on our social networks:

  1. Above points do not apply to you and just want to contact us?

If you only want to contact us, the data we process about you are your contact details and data resulting from your message. We obtained those data directly from you.

Your personal data is processed in order to pursue a legitimate interest, consisting in ensuring the handling of your message and possibly answering questions arising from it.

The legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the GDPR) described above.

Providing personal data is voluntary, but it is necessary for us to deal with your message. Refusal to provide personal data will result in the inability to handle the message sent by you and thus its removal.

III. Recipients of personal data

Your personal data may be transferred to various recipients, in particular:

• entities providing services to us to the extent necessary to achieve the purposes described in this Policy, e.g. accounting services, companies providing IT and technical support, legal and tax consultancy, banking, financial and insurance services, postal and telecommunications operators, destruction and archiving services documents, marketing services, security and security, printing houses, translators, compliance verification (audits), whereby these entities will have access to data only for the purpose of performing their duties and to the extent necessary for completing their tasks,

• other data controllers, when it is necessary to achieve the purposes described above and to the extent necessary for this, including other companies with the Group,

• law enforcement and state authorities, when it results from applicable law, including tax offices in connection with the implementation of tasks related to tax liabilities.

Personal data may be transferred to entities based outside the European Economic Area (EEA), i.e. to Great Britain, where the transfer is necessary to achieve the purposes of personal data processing indicated in the Policy. The transfer of personal data outside the EEA takes place with an adequate level of data protection, required by the provisions of the GDPR, primarily by establishing cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued stating an adequate level of protection.

IV. Your rights under the General Data Protection Regulation

You have the right to:

  1. request access to your personal data, rectification, erasure or limitation of processing, as well as data portability,
  2. if the basis for the processing of personal data is consent – you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal,
  3. if the basis for the processing of personal data is a legitimate interest – you have the right to object at any time to the processing of personal data for reasons related to your particular situation,
  4. lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office.

Providing personal data is necessary to consider your application, and failure to do so will result in the inability to process it.

The data is stored until the expiry of the limitation period for the claims of data subjects resulting from the exercise of their rights pursuant to art. 12-22 GDPR (i.e. the limitation period for claims for infringement of personal rights), as well as for the period necessary to handle any administrative proceedings related to the exercise of the rights of data subjects.

You can exercise your rights using the contact details provided at the beginning of the Privacy Policy.

V. Representative for data subject in the European Union and in the United Kingdom

In compliance with the Art 27 GDPR, Straal has appointed Prighter as our privacy representative and your point of contact as a data subject based in the European Union and in the United Kingdom.

Prigher gives you an easy way to exercise your rights in accordance with GDPR provisions. If you want to contact us via our GDPR representative or make exercise of your data subject rights, please access the following link: Prighter | Compliance Landing Page of Straal Ltd.

VI. Periods of personal data storage

Personal data will be stored, depending on the purpose and legal basis of the processing indicated in Chapter II, points 1 to 7:

– until the consent is withdrawn,

– until a positively considered objection,

– for the duration of the contract, as well as until the expiry of the periods resulting from the relevant legal provisions, i.e. until the expiry of the limitation period for tax obligations related to the contracts, which may be extended, if appropriate, by the period of limitation of civil law claims,

– for the time specified by the provisions of law in the field of accounting and finance,

– for the duration of handling the message sent to us,

– for the duration of the recruitment process,

All personal data will be deleted after the purpose of their processing ceases to exist.

VII. Data security

We protect your personal data against unauthorized disclosure, interception of data by unauthorized persons, destruction, loss, damage or alteration, and processing of personal data in a manner inconsistent with the provisions of the GDPR.

In order to secure data, we use technical and organizational measures that meet the requirements of the GDPR, in particular the measures listed in art. 24 and art. 32 GDPR, ensuring the confidentiality, integrity and availability of services for processing the personal data provided.

Our affiliates, trusted partners and external service providers are committed to processing data in accordance with our security and privacy protection requirements.

VIII. Use of personal data to make automated decisions, including profiling

Your personal data will not be used to make automated decisions, including profiling.

If you have any questions with regard to the processing of your data by us or if you wish to exercise your rights, you can contact us at [email protected].

IX. Changes to this Privacy Policy and your duty to inform us of changes to your personal data

We may update our Privacy Policy from time to time by publishing an updated version on our website. Please check this page on occasion to ensure you are happy with any changes. If we make significant changes, we will make this clear on our website or by other means of contact such as email.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Date of the last update of the Policy: 21/04/2022.

Get started Contact sales