The internet Service www.vatguard.com, from hereinafter referred to as “the Service”, provided by the Tax Guard Group Sp. z o.o., with its registered office at ul. Zlota 61/100, Warsaw 00-819, provides its Users, who are clients according to the definition provided within the Service Regulations and who are: a natural or legal person pursuing a commercial activity, a member of a civil law partnership, a legal entity, an organizational unit without corporate existence but to which legal capacity is assigned by a distinct law to run commercial activities, or a natural person conducting business activities not evidenced within the Entrepreneurs’ Law (Journal of Laws 2018, item 646, as amended), conducting sales activities through the Internet platform amazon.- com or others that in connection with this activity use Services provided electronically by the Service, security of the Services provided, as defined by the Regulations, including payments related to those concluded agreements. Information provided by Users via the website is protected in line with use of modern technologies and is secured in accordance to applicable laws, safety requirements and also confidentiality rules.
The implementation of special procedures permits a maximum level of protection for Users when accessing and processing personal data, resulting in both ensuring safety and protection of personal data. The technical and organizational measures applied ensure protection of the personal data as it is processed, appropriate to the risks of the data covered by this protection, and in particular procedures protect data from being shared with or removed by an unauthorized person, or processed in violations of provisions regulating the protection, modification, loss, damage or destruction of personal data. In addition, the implemented procedures are to ensure control over the accuracy of data processing and protection of personal data, its confidentiality, integrity and accessibility, as well as the resilience of processing systems and Services, including restoring data availability in the event of a physical or technical incident.
Below are detailed information and processing guidelines which relate to the processing of personal data, the legal grounds, and equally guidelines relating to Users’ rights and obligations.
I. General information.
1. The administrator of the User’s personal data, that is, the entity responsible for the decision of how personal data are used is Tax Guard Group SP ZOO, with its head office located at ul. Zlota 61/100, 00-819 Warsaw, entered in the Company register at the National Court Register, maintained by the District Court for the capital city of Warsaw, 12th Commercial Division under the following numbers: KRS: 0000395343; NIP: 5272663875; REGON: 145155718. Share capital: 5000 PLN. Tel: +48666331917 email: [email protected] , from hereinafter known as VAT Guard.
2. With regards to all matters relating to the protection of personal data, including the exercising of the User’s rights, please make contact electronically at the following e-mail address: [email protected] .
3. Personal data of the User are protected and processed under the principles of Polish and EU laws and Regulations, as specified below:
a) EU Regulation (EU) No 679/2016 of the European Parliament and of the Council of 27th April 2016 on the protection of individuals in connection with the processing of personal data and of the free movement of such data, and the annulment of Directive 95/46/WE, from hereinafter referred to as the GDPR;
b) The Act on the Protection of Personal Data of 10th May 2018 (Journal of Laws 2018, item 1000, as amended) hereinafter known by the acronym UODO (Personal Data Protection Office of Poland);
c) The Act of 18th July 2002 on the provision of electronic Services (i.e. Journal of Laws 2019, item 123, as amended) hereinafter known by the acronym USUDE;
d) Act of 16 July 2004. Telecommunications Law. (Consolidated text: Journal of Laws 2018, item 1954 as amended), hereinafter referred to by the acronym PT;
e) The Act of March 1, 2018 on Counteracting Money Laundering and Financing of terrorism (Journal of Laws of 2018, item 723, as amended), from hereinafter known by the Polish acronym of UPPP;
4. The User’s personal data is used only to the extent necessary for the correct provision of the Service or for the conclusion of agreements for the provision of Services by electronic means.
The User’s consent to the processing of his or her personal data for the purposes of marketing is not an obligatory element, however in the case of the User’s consent to the processing of his or her personal data, and according to the provisions of the GDPR, USUDE and PT, it will be possible to propose to the User any current offers, dedicated discounts, promotions and marketing campaigns.
II. Basic principles, rights and obligations of Service Users:
1. The Service is intended exclusively for VAT Guard customers and is not a public page by its nature, which means that all Services provided, regardless of their paid or unpaid character, are not intended for consumers under article 221 of the Civil Code of 23rd April 1964 (consolidated text: Journal of Laws 2018, item 1025, as amended), thus the consumer uses the Service at his or her own risk and responsibility.
2. Children are not permitted to use the Service, and this is understood as a person who has not yet turned 18 years of age. For this reason, if VAT Guard determines any circumstances relating to the provision of data of children, VAT Guard will immediate- ly remove all personal data in this regard.
3. The User has the right to copy, own, distribute and process data contained within the Service only for private use and in accordance with the provisions of the Service Regulations. This right is limited only to VAT Guard customers.
4. It is forbidden to publicly disseminate data found on the Service without the written consent of VAT Guard, subject to the provisions of the Service Regulations.
5. It is forbidden to use programs designed for the bulk downloading of data (so-called data-miners, bots) as well as any unlawful interference to the workings or structure of the Service, in accordance with the rules and prohibitions as detailed in the Service Regulations.
6. It is forbidden to share any data used to log in to customer accounts on the Service, including Usernames and passwords.
7. It is forbidden to use the name and the brand of VAT Guard, which is a protected trademark.
8. Dissemination of information about the Services provided by VAT Guard without written consent of VAT guard is permitted, but only in the manner as specified within the Service Regulations and without the contravention of generally applicable laws.
III. Objectives and legal grounds for data processing.
1. A User’s personal data are processed for the following purposes:
a) In order to be able to conclude an Agreement for the provision of electronic Services and to implement such an agreement for such Services (Article2 (1) (b) of the GDPR), as follows:
i. Some of the Services provided by the website free of charge, accessed in accordance with the Service Regulations, such as browsing content or accessing the blog, do not require personal data for access;
ii. Other free-of-charge Services, such as the newsletter, or consultations provided by the sales personnel may be implemented after providing such data as an email address or the name of the User;
iii. Registration of a customer account as a free Service will be possible, after provision of the necessary data for such an account to be created and operated;
iv. When providing Paid-for Services, a wider access is required to a range of data necessary to issue a VAT invoice for the purchased Service, in particularly the company or customer’s name, the address of the registered office, tax identification numbers (NIP or VAT ID) and the country of residence; and then the detailed data required for the implementation by VAT Guard of the individual paid Services as indicated in the identification form containing additional client data, such as those of the business owners, data of the members of the company board, that of the director or of other persons authorized to represent the client and customer bank data.
v. the data provided in the identification forms are verified, based on the documents sent in by the client, in particular IDs, passports, residence certificates, tax certificates confirming the VAT status of the taxpayer, contracts, statues and certificates of confirmation of entry in the registers or the client’s records. For the same reason, VAT Guard will process data contained within these sources, in the context of implementation of the individual elements resulting in the contract for provision of a given paid Service including those related to VAT registration, submission of tax returns and representation of the customer before the tax authorities (Article 6(1) (b) and (c) of the GDPR).
b) in order to fulfill the legal obligations of VAT Guard, as imposed by the provisions of Article 33 – 36 of the UPPP as well as resulting from the provisions of tax laws and relating to inspection obligations under (Article 6 (1) (c) of the GDPR);
c) for purposes related to business operations, including for the purpose carrying out legitimate interests related to the investigation of complaints, maintaining regular contact with the customer, providing answers to queries and for purposes related to the proper handling and securing the Service (Article 6 (1)(f) of the GDPR);
d) for purposes related to the transmission of marketing information and exchange of information through prepared surveys designed to assess the Service and the quality of the Services provided to Users, being the legally legitimate interests of VAT Guard (Article 6 (1) (f) of the GDPR);
e) Pursuing claims for the conclusion of the agreement for the provision of Services by electronic means or cooperation with business intelligence Services regarding verification of a customer’s credibility and solvency (Article 6 (1) (f) of the GDPR);
f) On the basis of consent – for the purposes indicated in the consent given by the User (Article 6 (1) (a) of the GDPR);
2. Personal data of the employees, co-workers and representatives of the Customer will be processed in the scope provided by the client for the purpose of the current contact as part of the concluded Agreements and correct implementation by VAT Guard of the individual elements of the Services provided, which is legally justified by VAT Guard’s interest in this area (Article 6 (1) (f) of the GDPR).
The information obligations towards those persons incumbent on VAT Guard are to be performed by the Customer in accordance with the provisions of the Service Regulations.
3. The User’s personal data provided will be stored for the duration of the Agreement for the provision of Services by electronic means, and in the case of consent to the processing of personal data, until its withdrawal, and after the end of the Agreement for the period related to the limitation of claims, as well as provided for by law to archiving obligations and actions taken by legal bodies.
IV. Transfer of personal data.
1. The User’s personal data will be processed by employees and associates of VAT Guard to the extent necessary for the proper implementation of Services provided electronically via the Website.
2. Personal data provided by the User may also be made available, in particular, to the following categories of recipients:
a) entities cooperating with VAT Guard contracted and entrusted to process data, including in particular IT companies providing technical infrastructure, software and technical support, marketing companies servicing the transmission of offers, accounting and tax offices, law and debt collection offices, intelligence offices business, companies providing archiving Services, utilization of documentation and technical equipment as well as other subcontractors of the Services provided as part of the Website, as well as courier companies;
b) Banks, payment institutions (internet payment operators) when accepting, making and settling non-cash payments;
c) Postal operators.
2. User data may also be transferred to state authorities, including judicial authorities, such as the police, prosecutors, courts or regulatory authorities and other authorized bodies – at their request and only to the extent specified by law.
V. Rights vested in Users with respect to the processing of their personal data. 1. The User is entitled to:
a) The right to access the given data, the right to demand rectification, addition or modification;
b) The right to receive copies of the data held by VAT Guard, as well as the right to transfer to another entity in an appropriate structured form, assuming the technical feasibility of such an operation;
c) the right to object to data processing, including related to direct marketing or archiving, due to the particular situation of the User, unless further processing of data by VAT Guard will be necessary due to the need to establish, investigate or defend claims or protect interests, rights and the freedom of the User;
d) the right to demand limitation of data processing, not including storage; the right to delete data, but not applicable in cases where VAT Guard is obliged to process data on the basis of legal provisions or when it is necessary to assert and defend claims;
f) The right to cancel or withdraw consent to data processing, assuming the legality of the current data processing;
g) The right to file a complaint to the President of the Office for Personal Data Protection (UODO) at the following address: ul. Stawki 2; 00-193 Warsaw; Poland, in the event that VAT Guard has violated the provisions of the law on the protection of personal data.
2. The User’s rights indicated above may be subject to restrictions or exclusions based on special provisions of the GDPR.
3. All requests to exercise User data rights may be made via appropriate notification sent to VAT Guard to the following e-mail address: [email protected]
VI. Profiling and automated decision making.
1. VAT Guard may conduct an analysis of the User’s behavior and preferences in order to adapt its provision of Services and marketing activities to the interests and preferences of the User (“profiling”). VAT Guard can make some decisions in an automated way (without human intervention) – this is, for example, when granting rebates, bonuses or qualifying for participation in dedicated client programs. Each User has the right to object and not be subject to such decisions, which, however, may be associated with the lack of opportunities to participate in promotions, competitions or programs organized by VAT Guard. The legal basis for conducting such activities is the legitimate interest of VAT Guard (Article 6 (1) (f)) of the GDPR).
2. Profiling and automated decision-making takes place also during the analysis and assessment of the User’s risk prior to conclusion of the Agreement for the provision of Paid Services and during the implementation of the Agreement itself, which is a requirement of the UPPP Regulations (Article 6 (1)(c)).
VII. Security of online connections.
1. To ensure the security of online connections, VAT Guard uses a number of protective systems that allow Users to use the Website securely.
2. The basic protection of online connections is coding in the SSL system. It consists of asymmetric encryption of information provided by the User, which renders it impossible to view content on the network. Encryption using SSL with 2048-bit encryption is also used for websites where online payments are made.
3. The transmission of information and documents containing personal data via the Website takes place in an encrypted manner using the secure SSL protocol. VAT Guard will not send information and documents directly to the User’s e-mail address. The User may receive information at the provided e-mail address about the need to log in to the Customer Account in order to access the message sent from VAT Guard.
4. It is recommended that the User send all information and documents only through the Client’s Account. In the case of sending any data to the VAT Guardian’s e-mail address, these data should be properly encrypted and the User bears full responsibility for the security of the data sent via this method.
5. In order to ensure the safety of Users using the Website and to provide protection against unauthorized access to the Website and the Customer Account in the event of inactivity of the logged in User, the system will (after a specified time) automatically log out of the site.
6. The server has been secured through the use of a number of logical, technical, physical and organizational protection mechanisms that protect data against external attacks or loss of power source, while the devices used by VAT Guard employees and associates use anti-virus and anti-burglary programs.
7. All cases of according access to data, including data to the Customer Account, by Users to third parties, are made at their own responsibility and risk, which may prevent an appropriate response from VAT Guard.
8. In the event of a breach of the protection of personal data resulting in violation of Users’ rights or freedoms, VAT Guard is obliged to inform Users, the competent supervisory authority and the entity running the amazon.com internet platform.
VIII. Final Provisions.
1. The website is the exclusive property of VAT Guard, which has all rights to the Web- site, including intellectual property rights, in particular personal and proprietary copyrights.
1. Google LLC with its headquarters located at 1600 Amphitheater Parkway Mountain View, CA 94043 USA – providing VAT Guard server hosting services through Google Cloud.
- All Users’ personal data will be located on servers located in the EU, specifically in Belgium.
- Google LLC ensures the highest level of protection of personal data processed using Google Cloud, being a participant of Privacy Shield, as well as applying appropriate contractual clauses related to the protection of personal data. Privacy Shield is a program that was adopted following a decision of the European Commission on the 12th July 2016, permitting the transfer of personal data to entities that their registered office or that process data in the USA who have joined the program and have committed themselves to the specific rules and obligations indicated in the decision.
- Google LLC obtained ISO 27001 security certificates (Information security management) – one of the world’s most recognized independent security standards, ISO 27017 (Cloud Security) – an international standard of information security control practices based on ISO / IEC 27002, in particular in the case of cloud services, ISO 27018 (Cloud Privacy) – the international standard of conduct in the field of personal data protection in public cloud services.
- In the event of any need to transfer Users’ data to the USA, in particular in the event of hacking attacks on server centers in Belgium, all the provisions and guidelines provided for in the provisions of the RD0 were met.
- For more information on the protection of personal data and compliance with the provisions of the GDPR in the provision of hosting services via Google Cloud, please visit: https://cloud.google.com/security/privacy/ and
- Information about the Privacy Shield participants can be found at: https:// www.privacyshield.gov/list.
2. PayLane Sp. z o.o. with headquarters: ul. Norwida 4; 80-280 Gdańsk, Poland – providing the operator of the online payment system through which the User will pay remuneration to VAT Guard.
- All User data, including data related to payment cards, will be encrypted and will not be forwarded to VAT Guard.
- More information on the protection of personal data and compliance with the GDPR regulations can be found at: https://paylane.pl/dokumenty-prawne/ polityka-prywatnosci/
3. The Rocket Science Group LLC (MailChimp) with its registered office located at: 675 Ponce de Leon Avenue, NE Suite, 5000 Atlanta, GA 30308, USA – providing services related to providing tools for organizing and conducting campaigns and marketing campaigns by sending commercial information by e-mail – newsletter.
- Users’ data transferred to MailChimp will be limited only to the e-mail addresses.
- MailChimp is a participant of Privacy Shield, and additionally applies appropriate contractual clauses related to the protection of personal data. Privacy Shield is a program that was adopted by a decision of the European Commission on July 12, 2016 allowing for the transfer of personal data to those entities based in or processing data in the US that have joined the program and committed to comply with certain rules and obligations set out in the decision. Therefore, the processed data is protected in accordance with applicable law, including in particular the GDPR.
- More information on the protection of personal data and compliance with the provisions of the GDPR when providing services by MailChimp can be found at: https://mailchimp.com/about/security/ and https://mailchimp.com/legal/ .