The Controller of your personal data is: Asseco Data Systems S.A. with its registered office in Gdańsk, ul. Jana z Kolna 11. 80-864 Gdańsk (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Data Systems S.A., e-mail: [email protected], tel.: +48 782 800 381.

Your personal data will be processed for the following purposes:

1. conclusion and performance of an agreement for the provision of a service consisting in setting up or providing access to an electronic delivery mailbox, which we offer as a qualified trust service provider performing the tasks described in the Polish Act on Electronic Deliveries (Article 6(1)(b) GDPR);
2. fulfilling the obligations imposed on the Controller under the Polish Act of 5 September 2016 on Trust Services and Electronic Identification and the Polish Act of 18 November 2020 on Electronic Deliveries (Article 6(1)(c) of the Regulation), the standards referred to in those provisions, and the eIDAS Regulation
3. remote identity verification, where such a verification method is selected, on the basis of separately expressed consent – pursuant to Article 6(1)(a) and Article 9(2)(a) GDPR. Details regarding the granting of such consent will be provided at the time the consent is requested.

Your personal data may be shared with: entities authorized under separate legal provisions (in particular: the Electronic Address Database and the Register of Identity Cards), entities providing identity verification services, other entities processing data on behalf of the Controller to support its day-to-day business operations (subcontractors, suppliers, including providers of external systems). Such entities process personal data on the basis of a contract with the Controller and only under the Controller’s instructions.

Where the identity verification method selected by you involves authentication via a selected identity provider, we obtain your data from that provider within the following scope: first name, last name, PESEL number, date of birth. The remaining data necessary for the provision of the service are obtained directly from you.

Your personal data will not be transferred outside the EEA.

1. Your personal data will be retained for the period provided for by the regulations under which the Controller operates, that is, the Polish Act on Trust Services and Electronic Identification and the Polish Act on Electronic Deliveries;
2. Where the service of setting up or providing access to an electronic delivery mailbox cannot be performed, the collected data will be deleted immediately, no later than within 24 hours of their collection.

In relation to the processing of your personal data, you have the right to:

1. access your personal data and request rectification;
2. request the erasure of your data, under the conditions set out in Article 17 GDPR;
3. request restriction of processing, under the conditions set out in Article 18 GDPR;
4. data portability, under the conditions set out in Article 20 GDPR;
5. object to processing, under the conditions set out in Article 21 GDPR;

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Providing your personal data is a condition for using the service.

We do not make any decisions that significantly affect you through automated means, including profiling.