1. Obligation under GDPR

The General Data Protection Regulation (GDPR) came into effect on May 25, 2018, establishing new rules for protecting personal data in accordance with EU Regulation 2016/679.

We ensure the proper care for personal data processing and comply with the law, implementing adequate technical and organizational measures to secure personal data entrusted to us. We take data protection into consideration during the design of new actions.

2. Data Controller

Agnieszka Bakuła is the controller of personal data of employees, coworkers, clients, and individuals who provided their data through the website form or email, as well as other entities who have consented to data processing.

3. Data Processor

Agnieszka Bakuła also processes personal data on behalf of other controllers, particularly when fulfilling orders where Agnieszka Bakuła acts as a subcontractor. In this case, Agnieszka Bakuła serves as the data processor.

4. Legal Basis and Purpose of Processing Personal Data

Agnieszka Bakuła processes personal data only if at least one of the following conditions is met:

  1. The person whose data is concerned has given their consent for the processing of their personal data (art. 6 (1a) GDPR),
  2. The processing is necessary for the performance of a contract of which the person is a party or for taking steps prior to entering into a contract (art. 6 (1b) GDPR),
  3. The processing is necessary for compliance with a legal obligation to which Agnieszka Bakuła is subject (art. 6 (1c) GDPR),
  4. The processing is necessary to protect the vital interests of the person concerned or of another natural person (art. 6 (1d) GDPR),
  5. The processing is necessary for the performance of a task carried out in the public interest (art. 6 (1e) GDPR),
  6. The processing is necessary for the purposes of the legitimate interests pursued by Agnieszka Bakuła or a third party (art. 6 (1f) GDPR).

Data provided to Agnieszka Bakuła through email or the website’s form is processed based on Article 6(1) a), b), c) or f) of the GDPR and includes, among others, such data as: name, surname, email address, phone number, and other data that will be provided in electronic correspondence. These data are processed for the purpose they were provided.

The data processed on the basis of consent (Article 6 (1a) of the GDPR), including name, surname, email address, telephone number, is used for the purpose for which the consent was granted and processed until the consent is withdrawn or until the purpose for which the consent was granted is achieved.

Data processed in connection with the conclusion of a contract on the basis of Article 6 (1b) of the GDPR include, in particular, name, surname, address, telephone number, email address, VAT/PESEL, bank account number and other data arising from the specifics of a particular contract and are used for the implementation of that contract.

Data of individuals through whom our contractors perform contracts concluded with Agnieszka Bakuła are processed based on Article 6 (1f) of the GDPR and include name, surname, email address, telephone number, among others. These data are used for the implementation of the contract.

Data entrusted for processing by other administrators, in particular for the purpose of executing services provided by Agnieszka Bakuła, are processed on the basis of Article 6 (1c) or 1 (f) of the GDPR and include among others: name, surname, correspondence address, email address, PESEL number and other data necessary for the realization of services depending on its type. The processing is carried out for the purpose of executing the commissioned service.

5. Duty to provide data and consequences of not providing data

Providing personal data in connection with the contract is voluntary but necessary to conclude and perform the contract and to carry out financial settlements associated with it.

Consent to the processing of personal data, in particular for marketing or information purposes, is voluntary, and consent may be withdrawn at any time without affecting the legality of the processing carried out based on the consent before its withdrawal.

Indicating an email address and other data in electronic correspondence is voluntary. Withdrawing consent to processing personal data will result in the inability to continue email correspondence.

6. Data storage period for personal data

Personal data obtained for the purpose of performing the contract are stored until the statute of limitations for claims arising from the contract has expired, or until the obligation to store data under the law, in particular the obligation to store financial and accounting or personnel documents, has lapsed.

In the case where the sole basis for processing is the consent given, withdrawing the consent will result in the cessation of data processing without affecting the legality of the processing carried out based on the consent before it was withdrawn.

7. Rights of the data subjects 

The person whose data is concerned has the right to access the contents of their personal data, the right to rectify, request deletion, as well as the right to limit their processing, the right to transfer data, the right to object to the processing of personal data.

In case the legal basis for processing personal data is the expressed consent, the right to withdraw consent at any time applies, without affecting the legality of the processing carried out on the basis of consent before its withdrawal.

Moreover, in the case of recognizing that the processing of personal data violates the provisions of the EU Regulation GDPR, the right to file a complaint to the supervisory authority – the President of the Personal Data Protection Office (https://uodo.gov.pl/pl/p/kontakt) – is available.

8. Recipients of personal data

Personal data may be disclosed to third parties with the consent of the person concerned.

In addition, personal data may be disclosed if it is necessary to perform the contract between the parties or to fulfill the obligations of the Personal Data Administrator.

In the case of processing personal data on behalf of third parties, Agnieszka Bakuła acts as a processor and the data is disclosed in accordance with the principles specified by the Personal Data Administrator.

The entities to which the data may be disclosed, depending on the category of data, include: entities processing personal data on behalf of Agnieszka Bakuła, sub-contractors of the Administrator, IT service providers, entities providing accounting services, entities conducting health and safety trainings, entities entering into insurance contracts and other institutions authorized by law such as the Tax Office, the Court or ZUS.

9. Profiling

Agnieszka Bakuła can automatically match certain content to the needs of customers and individuals who provided their data through the website form or email, as well as other entities who have consented to the processing of personal data, i.e., profiling, using the personal data provided by them.

Profiling involves mainly automatic assessment of which products may interest those individuals based on their previous actions taken online, including on Agnieszka Bakuła’s websites, and the display of profiled advertisements of products.

Profiling carried out by Agnieszka Bakuła does not result in any decisions with legal consequences or affecting those individuals in a similarly significant manner.

10. Information on Automated Decision-Making.

Data will not be subjected to profiling, which means they will not be the basis for automatically assigning specific properties, characteristics, or be used to predict behaviors and preferences.

11. Contact details

Można się z nami skontaktować w następujący sposób:

  • by mail to the address of our headquarters: Agnieszka Bakuła.
  • by phone at 01708748390 or +44 7920223060
  • by email at: abakula.naturopathycentre@gmail.com