The processing of personal data at CAUSA FINITA S.A. is governed by the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons in relation to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter referred to as "GDPR") and national regulations on the processing of personal data. On this page, we provide you with important information about how the personal data you provide to us is used and inform you how you can submit your requests related to the processing of this data.

Policies and regulations of Causa Finita S.A.:

• Privacy Policy

• Regulations for the provision of electronic services

• Trust service provision policy

• Privacy policy for users of our social media profiles

Clauses regarding the processing of personal data at Causa Finita S.A.:

• Information clause for senders of electronic correspondence

• Information clause for Causa Finita S.A. customers

• Information clause for Causa Finita S.A. Partners and their representatives

• Information clause for job candidates and collaborators

Administrator of personal data:

The administrator, i.e., the entity deciding on the purposes and means of processing your personal data, is Causa Finita S.A. based in Rzeszów (35-310) Al. Tadeusza Rejtana 36. You have the right to contact us regarding any matters related to the processing of your personal data using the available communication forms below:

• electronically by sending a message to the address: biuro@ultimaratio.pl

• in traditional form, by sending correspondence to the address:

Causa Finita S.A.
Al. Rejtana 36, 35-310 Rzeszów
with the note “Data Protection Officer”.

Important concepts worth knowing:

GDPR is the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons in relation to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation). This regulation protects the fundamental rights and freedoms of natural persons, in particular their right to personal data protection.

Link to the legal act: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

personal data – means any information relating to an identified or identifiable natural person, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or one or more specific factors characteristic of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

controller – means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller may also be designated by Union law or by the law of a Member State or specific criteria for its designation may be laid down;

processor – means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;

processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

consent of the data subject – means any freely given, specific, informed, and unambiguous indication of the data subject's wishes, by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

recipient – means a natural or legal person, public authority, agency, or other body to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union law or the law of a Member State shall not be regarded as recipients; their processing of personal data must be in compliance with data protection rules applicable to the processing purposes;

profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed;

supervisory authority – means an independent public authority established by a Member State to monitor the application of data protection legislation in order to protect the fundamental rights and freedoms of natural persons in relation to processing; in Poland, the supervisory authority is the President of the Personal Data Protection Office.

Link to the website of the Personal Data Protection Office: https://www.uodo.gov.pl/

Rights you can exercise:

One of the main objectives of introducing the GDPR provisions was to strengthen your right to privacy protection and to strengthen the right to shape the means of processing data that has already been provided to the data controller. Below we present the rights you have in connection with the processing of your personal data and how to exercise these rights:

Right to withdraw consent - Art. 7 GDPR 

If the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time, without any negative consequences for you. Please note that withdrawing consent does not affect the legality of the processing carried out before its withdrawal.

If the processing of your personal data results from a contract with the controller or applicable legal provisions, withdrawal of consent for the processing of personal data will not be possible. Consent can only be withdrawn when the processing of your personal data is based on your consent, e.g., receiving commercial information at the email address or phone number you have provided.

Right of access to data - Art. 15 GDPR

You have the right to access your personal data, which consists of being provided with all information regarding the processing of your personal data. This information includes, for example, identifying the purposes and scope of the processed data, indicating the recipients of your data, specifying how long your data will be processed, what rights you have concerning the processing of data, and any other information related to the processing
of your personal data - according to the principle of full transparency and fairness. As part of the right of access to data, you also have the right to receive a copy of your personal data.

Based on the submitted application, we will provide you with information free of charge (subject to situations of repetitive and regular requests for subsequent copies of data, where we may charge a reasonable fee) and without undue delay, no later than within a month of receiving the request. Due to the complex nature of the request or the number of requests, we may extend the deadline by another two months, of which we will inform you.

Right to rectification of data - Art. 16 GDPR

You have the right to rectify your personal data, which involves updating the personal data held by the controller. Such a situation will occur, for example, when the controller processes your personal data for a specific purpose, but you find that this data is not up-to-date, accurate, or complete. Rectification of the data causes the controller to immediately update your personal data.

Right to erasure of data - "right to be forgotten" - Art. 17 GDPR

You have the right to request the erasure of your personal data by the controller. You may exercise the right to erasure of personal data in situations where your personal data is no longer necessary for the purposes for which it was collected or has been collected in a manner that violates the law. In addition, you may also exercise this right if you have lodged a successful objection to the processing of your personal data and there are no overriding legitimate grounds for the processing of your personal data. If the only legal basis for the processing of your personal data was your consent, then the withdrawal of such consent will also be treated as exercising your right to erasure of personal data. In some situations, the right to erasure of data may also be exercised due to a legal obligation under the law.

You will not be able to exercise your right to erasure of personal data where the processing is necessary for exercising the right to freedom of expression and information and where the processing of your personal data results from a legal obligation to which the controller is subject. Furthermore, your personal data will not be erased when the processing of your personal data is a result of a contract with the controller, or when the processing results from the necessity of establishing, pursuing, or defending claims.

Right to restrict the processing of personal data - Art. 18 GDPR

You have the right to request that the controller restrict the processing of your personal data when you contest the accuracy of the personal data or when you object to the processing of it. In such a situation, the restriction of the processing of this data will last until the controller verifies the accuracy of this data or until the controller considers your objection to the processing of personal data. In some situations, the right to restrict processing may arise from a situation where the controller no longer needs personal data for a specific processing purpose, but such data is required by the data subject, e.g., for the establishment, pursuit, or defense of claims.

Right to data portability - Art. 20 GDPR

You have the right to data portability, which involves the transmission of your personal data by the controller in a structured, commonly used, machine-readable format. You may exercise this right when the processing of your personal data is based on your consent or the execution of a contract. You also have the right to request that personal data be transmitted
directly to another controller, where technically feasible.

Please note that the right to data portability must not adversely affect the rights and freedoms of others, and in responding to a request for data portability, we do not assume liability for the processing of this data either by the data subject or by the controller to whom the data is being transferred.

Right to object to the processing of data - Art. 21 GDPR

You have the right to object to the processing of your personal data by the controller. In situations where the processing of personal data is based on a legitimate interest of the controller (Article 6(1)(f) GDPR), such an objection should contain justification that specifies your particular situation. The controller shall not process personal data based on your objection unless the controller demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, this also applies to situations where processing is related to the establishment of claims or defense against claims. If personal data is processed for direct marketing purposes, you may object at any time to such processing, including profiling, without having to demonstrate reasons related to your particular situation.

Automated decision-making, including profiling - Art. 22 GDPR

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you. This right applies where your personal data is processed in a completely automated manner, meaning that no human involvement is part of such a process. An automated decision is a specific action resulting from an analysis carried out by an information system. You will not be able to exercise this right where the processing of your personal data is based on a contract, your consent, or the provisions of commonly applicable law; however, you still have the right to request that the automated analysis be carried out again, but with human involvement - especially in situations where the decision adversely affects you.

Right to lodge a complaint with the Supervisory Authority

If you believe that the administrator is processing your personal data in a manner inconsistent with the law, you have the right to lodge a complaint with the Supervisory Authority, which in Poland is the President of the Personal Data Protection Office. You will find all necessary information in this regard at: www.uodo.gov.pl Please remember that before deciding to lodge a complaint regarding the actions of the controller, you may inform the Data Protection Officer of your concerns.

Exercising your rights:

You can exercise the rights mentioned above (excluding the right to lodge a complaint with the supervisory authority) by contacting the Data Protection Officer or directly with the controller through the communication methods provided below:
 

Administrator

• electronically by sending a message to the address: biuro@ultimaratio.pl

• through the electronic form available at: https://ultimaratio.pl/contact

• in traditional form, by sending correspondence to the address:

Causa Finita S.A.
Al. Rejtana 36, 35-310 Rzeszów
with the note "Data Protection Officer".

Data Protection Officer

• electronically by sending a message to the address: iod@ultimaratio.pl

• in traditional form, by sending correspondence to the address:

Causa Finita S.A.
Al. Rejtana 36, 35-310 Rzeszów
with the note "Data Protection Officer"

The security of your personal data:

We attach particular importance to all processes in which your personal data is processed; moreover, we make every effort to protect your personal data from unauthorized access, unauthorized modification, and disclosure, in particular:

• we control our methods of collecting, storing, and processing information, including physical security measures, to protect data from unauthorized access;

• we only cooperate with those entities that guarantee compliance with data protection regulations, including in particular GDPR provisions;

• we continually enhance the security of our IT systems to ensure that their safeguards are current against all cyber threats and that using our services is safe and comfortable for you;

• we grant access to personal data only to those employees, contractors, and representatives who have the necessary knowledge and qualifications to guarantee their security during the processing of personal data and protection against unauthorized disclosure or modification;

• we continuously monitor the risk associated with the processing of your personal data, and if we determine that a given process may involve potential breaches of your personal data protection, we take necessary measures to eliminate such risk;

• all processes related to the processing of your personal data are carried out in accordance with the principle of transparency, guaranteeing you full control over all operations in which we process your personal data;

• when designing the services provided to you, we always apply the principles: "data protection by design" and "data protection by default".