Zaloguj się Utwórz konto

Masz pytanie?

Wpisz pytanie i znajdź odpowiedź. Do dzieła!

Znajdź odpowiedź na swoje pytanie

Privacy policy

ING Usługi dla Biznesu S.A. Privacy Statement

    GENERAL INFORMATION


  1. This Privacy Policy contains information on the processing of personal data by ING Usługi dla Biznesu S.A., with its registered office in Katowice, 40-121, ul. Chorzowska 50, entered in the register of entrepreneurs at the District Court Katowice-Wschód, 8th Commercial Division of the National Court Register, under KRS number: 0000408358, REGON: 242834901, NIP: 6342805313, whose share capital is PLN 27,000,000.00, paid in full (hereinafter: the "Company"). The Company is the controller of personal data within the meaning of the GDPR.
  2. The Company is committed to ensuring the confidentiality, security and protection of your personal data during processing, in accordance with applicable data protection legislation, including the provisions of the EU Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”).
  3. The Company can be contacted via email address: [email protected] or in writing to the Company's registered office address.
  4. In all matters concerning the processing of your personal data, in particular the exercise of your rights in relation to the processing of your personal data, you may contact the Company's designated Data Protection Officer (Liliana Rother-Obrączka) via email address: [email protected] or in writing to the Company's registered office address (preferably marked “GDPR").
  5. When you use websites belonging to the Company, your personal data collected through cookies may be processed in accordance with the Cookies Policy, available at: https://pomoc.aleo.com/polityka-cookies.

    6. WHOSE PERSONAL DATA DO WE PROCESS?


  6. The Company processes the personal data of natural persons who:
    1. are users of the ALEO.com Platform, including unregistered users ("Users");
    2. are users of the Website, including in particular Professionals or Clients within the meaning of the Terms of Service (“Website Users");
    3. are entrepreneurs whose data come from publicly available sources, including public registers (inter alia, the Register of Entrepreneurs of the National Court Register, the National Official Register of Business Entities and the Central Registration and Information on Business) ("Entrepreneurs");
    4. act as persons authorised to represent legal persons, including Entrepreneurs or other organisational units, or are persons appointed by Clients or Potential Clients to conclude and perform an agreement ("Representatives");
    5. are members of the bodies of legal persons, including Entrepreneurs ("Body Members");
    6. are potential clients, contractors or suppliers of the Company because, for example, they have provided the Company with contact details in connection with the services and products offered by the Company ("Potential Clients");
    7. are clients, counterparties or suppliers of the Company (whereby clients include persons for whom the Company executes financial transactions ordered by clients) ("Clients");
    8. are a party to applications, complaints, claims or other letters addressed to the Company ("Complainant”).

    7. PURPOSES, GROUNDS AND PERSONAL DATA STORAGE PERIOD


    INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA

    Purpose of processing Legal basis for processing Data storage period
    The conclusion and execution of the contract for the use of the ALEO.com Platform, including the creation and maintenance of an account within the ALEO.com Platform, confirmation of the User's identity, collection of fees, processing of complaints and reports of abuse. Necessity of the processing for the conclusion and performance of the contract (Article 6(1)(b) of the GDPR). Personal data is stored for the duration of the contract.
    Maintaining and communicating via websites, including through chat, electronic contact forms, etc. Consent (Article 6(1)(a) of the GDPR). Personal data is stored for 30 days.
    Direct marketing of products and services (i.e. receiving commercial information through various communication channels). Consent (Article 6(1)(a) of the GDPR). DPersonal data is stored until you object or withdraw the relevant consent to marketing contact.
    The assertion and defence of claims in connection with the use of the ALEO.com Platform. Pursuing of the Company's legitimate interests of providing effective legal protection (Article 6(1)(f) of the GDPR). Personal data shall be stored until the statute of limitations for claims under generally applicable law.
    Conducting statistical research, analytical purposes, user satisfaction surveys. Pursuing of the Company's legitimate interests of improving the products and services offered (Article 6(1)(f) of the GDPR). Personal data is stored until an objection is raised or the contract is terminated.
    Ensuring network and information security; disaster recovery (e.g. backups). Fulfilment of the Company's legitimate interests of ensuring security (Article 6(1)(f) of the GDPR). Personal data is stored for the duration of the contract.
    Fulfilment of legal obligations under Polish and EU law. Fulfilment of legal obligations arising, inter alia, from tax law and accounting regulations (Art. 6(1)(c) of the GDPR in connection with the Accounting Act and tax laws). Personal data is stored until the expiry of a legal obligation (e.g. accounting documents, including the data contained therein, need to be stored for a period of 5 years).

    INFORMATION ON THE PROCESSING OF SERVICE USERS' PERSONAL DATA

    Purpose of processing Legal basis for processing Data storage period
    The conclusion and performance of the contract (Terms of Service), including the creation and maintenance of an account, confirmation of identity, processing of complaints and reports of abuse. Necessity of the processing for the conclusion and performance of the contract (Article 6(1)(b) of the GDPR). Personal data is stored for the duration of the contract.
    Maintaining and communicating via websites, including through chat, electronic contact forms, etc. Consent (Article 6(1)(a) of the GDPR). Personal data is stored for 30 days.
    Direct marketing of products and services (i.e. receiving commercial information through various communication channels). Consent (Article 6(1)(a) of the GDPR). Personal data is stored until you object or withdraw the relevant consent to marketing contact.
    The assertion and defence of claims. Pursuing of the Company's legitimate interests of providing effective legal protection (Article 6(1)(f) of the GDPR). Personal data shall be stored until the statute of limitations for claims under generally applicable law.
    Conducting statistical surveys, analytical objectives, satisfaction surveys. Pursuing of the Company's legitimate interests of improving the products and services offered (Article 6(1)(f) of the GDPR). Personal data is stored until an objection is raised or the contract is terminated.
    Ensuring network and information security; disaster recovery (e.g. backups). Fulfilment of the Company's legitimate interests of ensuring security (Article 6(1)(f) of the GDPR). Personal data is stored for the duration of the contract.
    Fulfilment of legal obligations under Polish and EU law. Fulfilment of legal obligations arising, inter alia, from tax law and accounting regulations (Art. 6(1)(c) of the GDPR in connection with the Accounting Act and tax laws). Personal data is stored until the expiry of a legal obligation (e.g. accounting documents, including the data contained therein, need to be stored for a period of 5 years).

    INFORMATION ON PROCESSING OF PERSONAL DATA OF ENTREPRENEURS, REPRESENTATIVES AND MEMBERS OF BODIES

    Purpose of processing Legal basis for processing Data storage period
    Information objectives, related to the dissemination of information on pursuing business. Fulfilment of the Company's legitimate interests of seeking to increase the certainty and security of business transactions, verification of the reliability of business entities, dissemination of information on business, including through opinions issued within the ALEO.com Platform (Art. 6(1)(f) of the GDPR). Personal data is stored until you object on grounds relating to your particular situation (provided that there are no valid legitimate grounds on the part of the Company for further processing).

    INFORMATION ON THE PROCESSING OF PERSONAL DATA OF POTENTIAL CLIENTS AND THEIR REPRESENTATIVES

    Purpose of processing Legal basis for processing Data storage period
    Entering into a cooperation agreement with the Company. Necessity of the processing for the conclusion and performance of the contract (Article 6(1)(b) of the GDPR). Personal data is stored for the duration of the contract.
    Maintaining contact with Representatives with a view to concluding a cooperation agreement Fulfilment of the Company's legitimate interests in maintaining contact with persons representing the Potential Client or appointed by the Potential Client to conclude a contract (Article 6(1)(f) of the GDPR). Personal data is stored for the duration of the contract or until the Potential Client objects or appoints another Representative.
    Conducting statistical research, analytical purposes. RPursuing of the Company's legitimate interests of improving the products and services offered (Article 6(1)(f) of the GDPR). Personal data is stored until an objection is raised or the contract is terminated.
    The assertion and defence of claims. Pursuing of the Company's legitimate interests of providing effective legal protection (Article 6(1)(f) of the GDPR). Personal data shall be stored until the statute of limitations for claims under generally applicable law.
    Fulfilment of legal obligations under Polish and EU law. Fulfilment of legal obligations arising, inter alia, from the Civil Code, regulations on counteracting money laundering and terrorism financing (Article 6(1)(c) of the GDPR). Personal data is stored until the expiry of the legal obligation.

    INFORMATION ON THE PROCESSING OF PERSONAL DATA OF CLIENTS AND THEIR REPRESENTATIVES

    Purpose of processing Legal basis for processing Data storage period
    The performance of a cooperation agreement with the Company, including the making of payments or other financial transactions, the recording and financial settlement of services, products and materials supplied to and by the Company. Necessity of the processing for the conclusion and performance of the contract (Article 6(1)(b) of the GDPR). Personal data is stored for the duration of the contract.
    Maintaining contact with Representatives for the purpose of executing the cooperation agreement. Fulfilment of the Company's legitimate interests of maintaining contact with persons representing the Client or appointed by the Client to perform the cooperation agreement (Article 6(1)(f) of the GDPR). Personal data is stored for the duration of the contract or until the Client objects or appoints another Representative.
    Direct marketing of products and services (i.e. receiving commercial information through various communication channels). Consent (Article 6(1)(a) of the GDPR). Personal data is stored until you object or withdraw the relevant consent to marketing contact.
    The assertion and defence of claims. Pursuing of the Company's legitimate interests of providing effective legal protection (Article 6(1)(f) of the GDPR). Personal data shall be stored until the statute of limitations for claims under generally applicable law.
    Conducting statistical surveys, analytical purposes, customer satisfaction surveys. Pursuing of the Company's legitimate interests of improving the products and services offered (Article 6(1)(f) of the GDPR). Personal data is stored until an objection is raised or the contract is terminated.
    Fulfilment of legal obligations under Polish and EU law. Fulfilment of legal obligations arising, inter alia, from the Civil Code, tax law, accounting legislation, regulations on counteracting money laundering and terrorism financing (Article 6(1)(c) of the GDPR in connection with the Accounting Act, tax laws and the Act on Counteracting Money Laundering and Terrorism Financing). Personal data is stored until the expiry of a legal obligation (e.g. accounting documents, including the data contained therein, need to be stored for a period of 5 years).

    INFORMATION ON THE PROCESSING OF THE COMPLAINANTS' PERSONAL DATA

    Purpose of processing Legal basis for processing Data storage period
    Handling of applications, complaints, claims or other letters addressed to the Company. Pursuing of the Company's legitimate interests in handling the Complainants' letters which do not relate to the Company's legal obligations (Article 6(1)(f) of the GDPR). Personal data shall be stored for the time necessary to clarify the matter covered by the request, complaint, claim or other letter addressed to the Company or until an objection is raised.
    The assertion and defence of claims. RPursuing of the Company's legitimate interests of providing effective legal protection (Article 6(1)(f) of the GDPR). Personal data shall be stored until the statute of limitations for claims under generally applicable law.
    Fulfilment of legal obligations under Polish and EU law. Fulfilment of legal obligations arising, inter alia, from the provisions of the Civil Code (Art. 6(1)(c) of the GDPR in connection with the Civil Code). Personal data shall be stored for the time necessary to clarify the matter covered by the request, complaint, claim or other letter addressed to the Company and until the expiry of the legal obligation.

    WHERE DID WE OBTAIN YOUR PERSONAL DATA?


  7. In most cases, we have obtained personal data directly from you (e.g. when you have started using the ALEO.com Platform, created an account on the Website, provided your personal data for direct marketing purposes, when you contact us via forms, chat, letters, you are our Clients or Potential Clients).
  8. However, the personal data of Entrepreneurs, Representatives and Body Members was obtained indirectly, i.e. bypassing them.
  9. Personal data of Entrepreneurs, Representatives and Members of the Bodies was obtained by the Company for information purposes, related to the dissemination of information on pursuing business activities. The data was obtained from publicly available sources, including public registers (inter alia, the Register of Entrepreneurs of the National Court Register, the National Official Register of the Entities of National Economy and the Central Registration and Information on Business). The categories of personal data obtained include data that are in the aforementioned publicly available registers (primarily forename, surname and PESEL number).
  10. The personal data of Representatives who act as persons authorised to represent legal persons or other organisational units or are persons designated by Clients or Potential Clients to conclude and perform an agreement was obtained by the Company from Clients or Potential Clients. The categories of data obtained include data indispensable for the conclusion and performance of the agreement, i.e. identification data (forename, surname), position and contact data or other additional information provided to the Company by the Client or Potential Client.

    11. TO WHOM MAY PERSONAL DATA BE TRANSFERRED?


  11. Your personal data may be transferred to the following entities:
    • other ING Group companies, a current list of which can be found at: https://aleo.com/pl/o-platformie/grupa-ing – for internal administrative purposes, e.g. related to reporting within ING Group, for statistical, accounting and management purposes, including internal management analysis (e.g. in connection with the implementation of requirements under regulations on counteracting money laundering and terrorism financing);
    • other ING Group companies – for their own marketing purposes (where consent has been given);
    • entities acting under the law (public authorities), including, inter alia, the Public Prosecutor's Office, the Police and the Tax Office - in connection with the fulfilment of legal obligations incumbent on the Company (e.g. in connection with abuses that may have occurred within the ALEO.com Platform);
    • entities providing marketing and advertising services to the Company or other ING Group companies (e.g. marketing agencies, interactive agencies) - to the extent necessary for the provision of these services;
    • entities providing IT services to the Company or other ING Group companies (e.g. website hosting) - to the extent necessary for the provision of these services;
    • entities providing other types of services to the Company or other ING Group companies, e.g. legal and advisory service providers - in connection with the provision of these services.

    12. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)


  12. Your personal data may be transferred outside the EEA, in particular to the United States of America.
  13. Any such transfer shall be adequately secured. Where a particular country outside the EEA has not been covered by a European Commission decision declaring an adequate level of protection for personal data, the Company shall apply appropriate safeguards and conclude up-to-date standard contractual clauses with the relevant entity from that country. In any case, we assess the risk of transferring personal data to a country outside the EEA and, if necessary, implement complementary measures to further safeguard the transferred personal data.
  14. The controller may transfer personal data to third countries that do not comply with the relevant safeguards only in specific situations and provided that you expressly consent to this or the transfer is necessary for the establishment, assertion or defence of claims. We will inform you in advance of the risks involved in such a transfer in line with Article 49 of the GDPR.
  15. A copy of the personal data transfer mechanism used (including safeguards) can be obtained by contacting the Data Protection Officer at [email protected].

    16. HOW DO WE PROTECT YOUR PERSONAL DATA?


  16. We are aware that your personal data are confidential. The Company maintains the confidentiality, security and protects your personal data in accordance with applicable laws, including the provisions of the GDPR, as well as internal policies and instructions adopted by the Company.
  17. The Company has implemented technological and operational security measures to protect your personal data from loss, misuse, or unauthorised modification or destruction. Such measures include, but are not limited to, exploitation, encryption, appropriate management processes regarding access rights and other technical and organisational measures to ensure adequate protection of your personal data. These measures shall ensure an adequate level of security with respect to the risks inherent in the nature of the personal data to be protected.
  18. However, we would like to emphasise that if you send information over the Internet, it cannot be guaranteed that this is 100% secure.
  19. For any payments we collect from you online, we use a recognised, secure online payment system.

    20. IS IT COMPULSORY TO PROVIDE PERSONAL DATA?


  20. The use of the ALEO.com Platform, conclusion of the Terms of Service agreement, as well as entering into cooperation or contacting the Company for any other purpose are voluntary. However, providing personal data in connection with registration within the ALEO.com Platform / acceptance of the Terms of Service, as well as conclusion of a cooperation agreement are necessary for the conclusion of the agreement and its subsequent execution - without providing personal data it is not possible to conclude and execute the agreement.
  21. The provision of personal data for direct marketing purposes is voluntary - in particular, it does not condition the conclusion and execution of an agreement for the use of the ALEO.com Platform or the Terms of Service.

    22. RIGHTS IN RELATION TO THE PROCESSING OF PERSONAL DATA


  22. In relation to the processing of your personal data, you have certain rights under the terms of the personal data protection legislation, including the provisions of the GDPR, among others:

    a) the right of access - you have the right to obtain confirmation from the Company as to whether your personal data are being processed by the Company, as well as with regard to certain other information (e.g. concerning the purposes of the processing as well as the categories of personal data processed about you). You also have the right of access to your personal data, in the form of obtaining a copy of the personal data concerning you. This is so that you are aware of and can check how the Company uses your personal data. The Company may refuse to provide you with a copy of your personal data where this could adversely affect the rights of another person;

    b) he right to rectification - you have the right to request that the Company immediately rectify your personal data where it is inaccurate or incomplete (e.g. where the Company processes your incorrect name);

    c) the right to erasure (also known as the "right to be forgotten") - this allows you to request the erasure of your personal data where, for example, the data have been used unlawfully or where your consent has been withdrawn (where this was the sole basis for the processing of your data). "The right to be forgotten" does not, however, constitute an absolute right to erasure of your personal data, as there are certain exceptions to it, e.g. where the Company needs to continue to use the data to establish, assert or defend legal claims or to comply with a legal obligation;

    d) the right to restriction of processing - you have the right to stop the Company from further using your personal data in cases where, for example, the Company is in the process of assessing a request for rectification of your data. In a situation of restriction of processing, the Company may continue to store your personal data, but may no longer actively use them (e.g. for marketing purposes);

    e) the right to data portability - you have the right to receive and re-use certain personal data for your own purposes with other parties (who are separate data controllers). This right only applies to your personal data which you have provided to us and which we process (by automated means) with your consent or for the performance of a contract. In this case, we will provide you with a copy of your personal data in a structured, commonly used and machine-readable format or (where technically possible) we may send your data directly to another controller. The Company may refuse to exercise this right where it would adversely affect the rights of another person.

  23. To the extent that the processing of your personal data is based on the exercise of legitimate interests, you have the right to object to the processing of such data, in particular in relation to processing for direct marketing purposes. However, the Company has the option to continue processing your personal data if they can demonstrate valid and legitimate grounds for the processing that override your interests, rights and freedoms, or if it is necessary for the establishment, assertion or defence of claims. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for such purposes.
  24. To the extent that the processing of your personal data is based on consent, you have the right to withdraw it at any time. Withdrawal of the consent does not affect compliance of the processing with the law, as regards processing effected based on the consent prior to its withdrawal.
  25. You have the right to lodge a complaint with the authority supervising compliance with personal data protection regulations (i.e. the President of the Personal Data Protection Office, ul. Stawki 2, 00193 Warszawa).
  26. Requests to exercise rights can be submitted to the Data Protection Officer at [email protected].
Wróć