REGULATIONS FOR THE PROCESSING OF PERSONAL DATA BY PRINT IT. SERVICE Sp. z o.o. IN ACCORDANCE WITH THE GDPR

PRINT IT. SERVICE Spółka z o.o., headquartered in Warsaw, 00-339, ul. Leszczyńska 4, suite 150, as the Data Controller, processes personal data based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, known as the General Data Protection Regulation (GDPR).

1. Personal data, as defined by the GDPR, refers to any information related to an identified or identifiable natural person in any form (by writing, sound, image), such as: name, surname, address, phone number, email address, PESEL (Polish personal identification number), NIP (tax identification number).

2. PRINT IT. SERVICE Sp. z o.o. maintains databases of employees, customers, suppliers, and collaborators, which are accessible only to authorized employees.

3. The processing of personal data, as defined by the GDPR, includes any operation performed on personal data, such as collecting, storing, deleting, sharing, or processing.

4. PRINT IT. SERVICE Spółka z o.o. processes personal data for the following purposes:
  - Execution of civil-law contracts concluded with customers,
  - Execution of commercial transactions,
  - Fulfillment of orders based on customer requests,
  - Provision of warranty and post-warranty services,
  - Provision of technical support services for customers,
  - Conducting marketing activities, including promotional sales, contests, promotions, and information campaigns,
  - Sending marketing and commercial messages via email, newsletters related to products and services offered by PRINT IT. SERVICE Sp. z o.o.,
  - Telephone contact or through automated calling systems for marketing and commercial purposes related to products and services offered by PRINT IT. SERVICE Sp. z o.o.,
  - Sending marketing and commercial messages via postal mail related to products and services offered by PRINT IT. SERVICE Sp. z o.o.

5. The collection, processing, and use of personal data by PRINT IT. SERVICE Sp. z o.o. are based on the following legal grounds:
  - Consent provided by customers in accordance with applicable law, including the GDPR, the Act of 18 July 2002 on the provision of electronic services, and the Act of 16 July 2004 – Telecommunications Law;
  - The legitimate interest of PRINT IT. SERVICE Sp. z o.o. as the Data Controller, as mentioned in Article 6(1)(f) of the GDPR – particularly in the case of sending marketing and commercial messages.

Failure to provide consent for the processing of personal data for the above purposes by individuals or sole proprietors:
  - Will prevent the execution of commercial transactions,
  - Will prevent the provision of warranty services,
  - Will prevent the sending of commercial and marketing communications to customers under the terms described in this document – particularly for communication via email and automated calling systems and telecommunication terminal devices (including voice calls and SMS messages),
  - May prevent the sending of commercial and marketing communications under the terms of these Terms.

6. **Entities to which personal data may be transferred and the purposes of the transfer**:
  - The Data Controller may transfer personal data to its employees and collaborators who need access to the data to fulfill obligations or perform actions on behalf of customers.
  - If necessary for the proper functioning of the business, the Data Controller may transfer data to:
    - Entities providing marketing services, organizing training or events;
    - Entities maintaining our IT and telecommunications systems;
    - Entities providing payment services (banks, payment institutions);
    - Entities engaged in credit (banks), leasing, or factoring activities;
    - Insurance companies;
    - Postal, courier, or transport companies – for the delivery of shipments or transport services;
    - Agencies/institutes conducting research on our behalf;
    - Entities providing personal and property security services;
    - Entities purchasing claims.
  - Furthermore, based on applicable legal provisions or a decision from the relevant authority, the Data Controller may be required to transfer personal data to other public or private entities.

7. PRINT IT. SERVICE Sp. z o.o., as the Data Controller, commits to using appropriate security measures, both technical and organizational, to protect personal data. Personal data is stored by PRINT IT. SERVICE Sp. z o.o. or data processors only for the time necessary to achieve the purposes for which the data was collected, i.e., for the duration of the consent and for the period required by law (in particular, tax laws and statutes of limitations) after consent has been withdrawn.

Specific data processing periods:
  - The duration of the contract – for personal data processed to conclude and execute the contract;
  - Up to 10 years – for personal data processed to establish, pursue, or defend claims, but no longer than allowed by applicable law;
  - 1 year – for personal data collected in connection with an offer but where no immediate contract was concluded;
  - 5 years – for personal data related to fulfilling tax obligations (e.g., storing invoices, receipts);
  - Until consent is withdrawn or the purpose of processing is achieved, but no longer than 2 years – for personal data processed based on consent;
  - Until a valid objection is raised or the purpose of processing is achieved, but no longer than 2 years – for personal data processed based on the legitimate interest of the Data Controller or for marketing purposes;
  - Until the data becomes outdated or loses its relevance, but no longer than 2 years – for personal data processed mainly for the use of cookies and website administration.

8. All individuals whose data is processed have rights under data protection law. According to applicable data protection laws, individuals whose data is processed are entitled to file a complaint with the relevant supervisory authority (i.e., the President of the Office for Personal Data Protection or its successor). In addition, individuals whose data is processed have the right to:
  - Request access to personal data – the data subject has the right to obtain from PRINT IT. SERVICE Sp. z o.o. confirmation of whether personal data concerning them is being processed, and if so, the right to access that data. Upon request, the Data Controller will provide a copy of the personal data being processed.
  - Rectify personal data that concerns them if it is inaccurate. Considering the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by providing an additional statement.
  - Erase data ("right to be forgotten") – the data subject has the right to request, under legally defined circumstances, the immediate deletion of their personal data, and PRINT IT. SERVICE Sp. z o.o. is obligated to delete such personal data without undue delay.
  - Restrict the processing of personal data – upon request, PRINT IT. SERVICE Sp. z o.o. may mark the data, and its processing may be limited to specific purposes.
  - Transfer personal data – under certain conditions, data subjects have the right to receive their personal data in a structured, commonly used, machine-readable format, and to transmit it to another data controller.
  - Object – in certain circumstances, individuals whose personal data is processed have the right to object at any time to the supervisory authority due to reasons related to their particular situation. PRINT IT. SERVICE Sp. z o.o. may be required to stop processing such personal data.

9. The Data Controller makes automated decisions for marketing purposes, including profiling.

10. The Data Controller does not transfer personal data outside the European Economic Area.

11. PRINT IT. SERVICE Sp. z o.o. does not have a Data Protection Officer.

12. Contact with the Data Controller: For any questions regarding personal data protection or privacy rights, contact the Data Controller: PRINT IT. SERVICE Sp. z o.o., Warsaw (00-339), ul. Leszczyńska 4/150, or by email:  admin@fourzeros.online.

The “Privacy and Cookies Policy” is attached to these Terms.