Privacy policy

1. DEFINITIONS

• • Controller:
    • ALTO Tax spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-189), ul. Inflancka 4b, building C, entered in the Business Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under number: 0000465944, NIP (Tax ID No.): 5252515019, REGON (Statistical ID No.): 144777949,
    • ALTO ACCOUNTING spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-189), ul. Inflancka 4b, building C, entered in the Business Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under number: 0000601942, NIP (Tax ID No.): 5272760130, REGON (Statistical ID No.): 363732963,
    • ALTO RISK ADVISORY spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-189), ul. Inflancka 4b, building C, entered in the Business Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under number: 0001101445, NIP (Tax ID No.): 5253000843, REGON (Statistical ID No.): 528432920,
    • ALTO ESG spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-189), ul. Inflancka 4b, building C, entered in the Business Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under number: 0001105991, NIP (Tax ID No.): 5253003712, REGON (Statistical ID No.): 528647224.
    • PROTECTO BROKERS spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-189), ul. Inflancka 4b, building C, entered in the Business Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under number: 0000948797, NIP (Tax ID No.): 7011072047, REGON (Statistical ID No.): 521098560.
  • Personal Data – any information about a natural person, identified or identifiable by one or several factors defining his or her physical, physiological, genetic, psychic, economic, cultural or social identity, including the IP of the device, location data, online identifier and information collected through cookie files and other similar technologies.
  • Policy – this Privacy Policy.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  • Website – an online service run by the Controller at the address https://altoadvisory.pl/#.
  • User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE

In connection with the User’s use of the Website, the Controller collects data within the scope necessary to provide its respective services and collects information about the User’s activity on the Website. The detailed rules and purposes of processing the Personal Data collected during the use of the Website by the User are described below.

3. PURPOSES AND LEGAL BASES OF DATA PROCESSING on THE WEBSITE

USE OF THE WEBSITE

Personal Data of all persons using the Website (including the IP address or other identifiers and information collected through cookie files and other similar technologies) are processed by the Controller:

• • to provide services electronically by giving Users the access to the content collected on the Website – in this case, the legal basis for the processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);
  • for analytical and statistical purposes – in this case, the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) to analyze the activity of Users and their preferences in order to improve the functionalities used and the services provided:
  • to determine and pursue possible claims or defend against claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) to protect its rights;
  • for marketing purposes of the Controller – the principles of Personal Data processing for marketing purposes are described in the MARKETING section.

Activity of a User on the Website, including his or her Personal Data, is recorded in system logs (a special computer program for storing a chronological record of information about events and actions concerning the IT system used for providing services by the Controller). The information collected in logs is processed mainly for purposes related to the provision of services. The Controller also processes the information for technical and administrative purposes, in order to ensure the security of the IT system and to manage the IT system and also for analytical and statistical purposes – in this respect, the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).

RECRUITMENT SERVICE

The data of Users using the recruitment service are processed for the purpose of providing this service – the legal basis for the processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);

The principles of processing data in the recruitment process are set out in a separate document, available at https://altoadvisory.pl/en/polices-of-data-processing-in-the-recruitment-process/.

CONTACT FORMS

With respect to the use of the contact form on the Website, depending on the subject of the offer inquiry, the Controller of Users’ Personal Data will be ALTO TAX spółka z ograniczoną odpowiedzialnością, ALTO Accounting spółka z ograniczoną odpowiedzialnością; ALTO Risk Advisory spółka z ograniczoną odpowiedzialnością; ALTO ESG spółka z ograniczoną odpowiedzialnością; ALTO Investments spółka z ograniczoną odpowiedzialnością, all with its registered office in Warsaw.

Each of the separate Controllers ensures the possibility of contacting it via an electronic contact form. Using the form requires providing Personal Data necessary to contact the User and respond to the submitted offer inquiry. The User may also provide other data in order to facilitate handling of the inquiry. The provision of data marked as mandatory is required to accept and handle the inquiry, and the failure to provide such data will make handling the inquiry impossible. The provision of other data is voluntary.

Personal Data are processed:

• • for the purpose of identifying a sender and handling his or her inquiry sent through the available form – the legal basis for the processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR); with respect to data provided voluntarily, the legal basis for the processing is consent (Article 6(1)(a) of the GDPR);
  • for analytical and statistical purposes – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in keeping statistics of inquiries submitted by Users through the Website in order to improve its functionalities.

4. MARKETING

The Controller processes Users’ Personal Data to perform marketing activities which may involve:

• • sending email messages about interesting offers or content, which in some cases may include commercial information (a newsletter service);
  • conducting other types of activities related to direct marketing of goods and services (sending commercial information electronically and telemarketing activities);

NEWSLETTER

The Controller provides the newsletter service on the terms and conditions set out in the regulations to the persons who provided their email addresses for this purpose. The provision of data is required to render the newsletter service, and the failure to provide them makes it impossible to send the newsletter. This form of communications with the User may include profiling.

Personal Data are processed:

• • to provide the newsletter sending service – the legal basis for the processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);
  • when marketing content is directed to the User in a newsletter – the legal basis for the processing, including profiling, is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) in connection with the consent given to receive the newsletter;
  • for analytical and statistical purposes – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) to analyze the activity of Users on the Website in order to enhance the functionalities used;
  • to determine and pursue possible claims or defend against claims – the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) of the GDPR) to protect its rights.

DIRECT MARKETING

User’s Personal Data may be also used by the Controller to send the User marketing content through various channels, i.e. by email, text / multimedia message or by telephone. Such actions are taken by the Controller only when the User has given consent to them, where the consent may be withdrawn at any time.

In certain cases, the Controller may also conduct direct marketing via traditional mail. The User will be informed separately about the intention to implement this type of marketing. With regard to this type of marketing, the User has the right of objection.

5. COOKIES AND SIMILAR TECHNOLOGIES

Cookies are small text files installed on the device of a User browsing the Website. Cookies collect information to facilitate using a website, e.g. by remembering the User’s visits on the Website and actions performed by him or her.

“SERVICE” COOKIES

The Controller uses the so called “service cookies” primarily to provide the User with services electronically and improve the quality of these services. Thus, the Controller and other entities providing analytical and statistical services to the Controller use cookies by storing information or gaining access to information already stored in the User’s telecommunications end device (a computer, telephone, tablet, etc.). Cookie files used for this purpose include:

• • User input cookies (session identifiers) stored for the duration of a session;
  • authentication cookies used for services that require authentication for the duration of a session;
  • user centric security cookies, e.g. used to detect abuses concerning authentication;
  • multimedia player session cookies (e.g. flash player cookies) for the duration of a session;
  • persistent user interface customization cookies for the duration of a session or slightly longer.

6. ANALYTICAL AND MARKETING TOOLS USED BY PARTNERS OF THE CONTROLLER

The Controller and its Partners also apply various solutions and tools used for analytical and marketing purposes. Below one may find basic information about these tools. Detailed information in this respect may be found in the privacy policy of a given Partner.

GOOGLE ANALYTICS

Google Analytics cookies are used by Google company to analyze how the User uses the Website as well as to compile statistics and reports about the operation of the Website. Google does not use the collected data to identify a User, nor does it combine any information items to make such an identification possible. Detailed information on the scope and rules of collecting data in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.

7. MANAGEMENT OF COOKIE SETTINGS

The use of cookies for the purpose of collecting data, including gaining access to the data stored in the User’s device, requires the User’s prior consent. The User may withdraw the given consent at any time.

In the case of cookies that are necessary for the provision of a telecommunications service (data transmission to display content) the consent is not required.

The consent for the use of cookies may be withdrawn through the “Privacy settings” tab on the Website, as well as through browser settings. Detailed information on this subject may be found at the links below:

• • “Privacy settings” tab: https://altoadvisory.pl/ustawienia-prywatnosci/
  • Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
  • Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
  • Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
  • Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
  • Safari: https://support.apple.com/kb/PH5042?locale=en-GB

The User may verify the status of his or her current privacy settings for the used browser at any time with the tools available at the links below:

• • http://www.youronlinechoices.com/pl/twojewybory
  • http://optout.aboutads.info/?c=2&lang=EN

8. PERIOD OF PERSONAL DATA PROCESSING

The period of processing data by the Controller depends on the type of provided service and the processing purpose. In principle, data are processed for the entire period of providing the service or processing a purchase order until the moment of withdrawing consent or expressing an effective objection to the data processing in the cases where the legal basis for the processing is the Controller’s legitimate interest.

The period of data processing may be extended if the processing is necessary to determine and pursue possible claims or defend against claims, and after that time only if and to the extent required by law. After the elapse of the processing period, the data are irreversibly deleted or anonymized.

9. USER’S RIGHTS

The User has the right to: access the content of the data and demand its rectification, erasure, restriction of processing, the right to data portability and the right to object to data processing as well as the right to lodge a complaint with a supervisory authority responsible for Personal Data protection

To the extent that User’s data are processed on the basis of his or her consent, the consent may be withdrawn at any moment by contacting the Controller at the email address rodo@altoadvisory.pl or by letter sent to the address indicated in section 1.1.

The User has the right to object to data processing for marketing purposes if the processing is conducted in connection with the Controller’s legitimate interest and also – for reasons concerning the User’s particular situation – in other cases when the legal basis for data processing is the legitimate interest of the Controller (e.g. in connection with the achievement of analytical and statistical objectives).

10. DATA RECIPIENTS

In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular vendors responsible for the maintenance of IT systems, entities such as banks and payment operators, entities providing accounting services, couriers (in connection with the processing of purchase orders), marketing agencies (regarding marketing services) and entities related to the Controller, including companies from its group. The Personal Data of Users who use the recruitment service will be transferred to the providers of recruitment tools.

The Controller reserves the right to disclose selected information items referring to the User to relevant authorities or third parties which will demand such information pursuant to an appropriate legal basis and in compliance with applicable laws.

11. TRANSFER OF DATA OUTSIDE THE EEA

The level of Personal Data protection outside the European Economic Area (EEA) differs from that guaranteed by the European law. For this reason, the Controller transfers Personal Data to places outside the EEA only when necessary and ensures an adequate protection level, mainly by:

• • cooperating with Personal Data processors in the states with respect to which a relevant decision of the European Commission has been issued regarding the affirmation of ensuring an adequate level of protection of Personal Data;
  • application of standard contractual clauses issued by the European Commission;
  • application of binding corporate rules approved by the relevant supervisory authority;

At the data collection stage, the Controller always informs the User of the intention to transfer Personal Data outside the EEA.

12. PERSONAL DATA SECURITY

The Controller conducts an ongoing risk analysis to ensure that Personal Data are processed in a secure manner that most importantly guarantees that access to the data is provided only to authorized persons and only to the extent necessary for them to perform their tasks. The Controller makes sure that any operations on Personal Data are recorded and performed only by authorized employees or collaborators.

The Controller takes any necessary actions so that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process Personal Data on the behalf of the Controller.

13. CONTACT DATA

The Controller may be contacted by email at rodo@altoadvisory.pl or by letter sent to the mailing address: ul. Inflancka 4b, building C, 00-189 Warsaw.

14. AMENDMENTS TO THE PRIVACY POLICY

The Policy is verified on an ongoing basis and updated when needed.

The current version of the Policy has been adopted and is effective as of 2022.