Information Clause of the Personal Data Controller for Customers

  1. The company Fusion Core sp. z o.o., with registered office at the following address: Jaworowa 16/A23, 43-300 Bielsko-Biała, registered in the Register of Entrepreneurs of the National Court Register by the District Court for Bielsko-Biała, VIII Commercial Division of the National Court Register, under KRS number: 0000835142, Tax ID (NIP): PL5472218186, REGON: 38583370100000 is the Personal Data Controller (hereinafter referred to as the Controller) for persons contacted via e-mail in order to offer them services provided via the website, hereinafter referred to as Customers.
  2. With respect to the rights of the Customers as personal data subjects (i.e. people to whom the data relates) and with respect to the mandatory rules of law, including especially the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/WE (General Data Protection Regulation), hereinafter referred to as GDPR, the Personal Data Protection Act of 10 May 2018 (Dz. U. item 1000), hereinafter referred to as the Act, and other relevant personal data protection regulations, the Administrator commits to maintain security and confidentiality of all personal data gathered from Customers. All employees that process personal data within the area of their responsibility have been sufficiently trained in personal data processing and the Administrator has utilised proper security, technical and organisational measures to ensure the highest possible level of protection for the personal data. The Controller has introduced appropriate procedures and policies to process personal data in accordance with the GDPR and the Act, so that personal data processing occurs lawfully and reliably and the Customers, as data subjects, may execute all their relevant rights. Additionally, if needed, the Controller cooperates with the regulatory body within the territory of the Republic of Poland, i.e. the President of the Data Protection Authority (hereinafter referred to as the PDPA).
  3. Customer personal data is processed by the Controller for the purposes of:
    1. offering services provided via the website,
    2. undertaking actions on Customer’s request, including sharing with them an individual account on the website,
    3. realising service contracts, should the Customer express their desire to use the website,
    4. answering Customer queries send via e-mail to the Controller or asked via telephone.
  4. As per the rule of minimisation specified by the GDPR, the Controller only processes the categories of personal data that are considered necessary to achieve purposes specified in the previous sentence.
  5. The Controller processes the personal data for the period of time necessary to achieve goals specified in the point 3 above. Personal data may be processed for longer periods of time than specified in the previous sentence in cases where it is sanctioned or enforced on the Controller by the mandatory rules of law or when the Controller is legally justified in doing so, as per points 7.c below (i.e. for periods of lapsed claims or proceedings finalisation, if the proceedings had been started within the lapse period).
  6. The source for data processed by the Personal Data Controller is the platform The Controller contacts Customers via public data available on the platform, i.e. their e-mail address. The source for other types of data processed by the Controller are Customers themselves, i.e. the data subjects, if they share their personal data with the Controller in e-mail correspondence or via the website
  7. The legal basis for Customer personal data processing is:
    1. art. 6.1.f of the GDPR, i.e. legitimate interests pursued by the Controller in the form of sending offers to publicly available e-mail addresses in order to make service provision offers,
    2. art. 6.1.b of the GDPR, i.e. the necessity to undertake actions on Customer’s request before concluding a relevant contract, as well performance of a contract concluded between the Customer and the Controller,
    3. art. 6.1.c of the GDPR, i.e. processing is necessary for compliance with a legal obligation to which the Administrator is subject, or
    4. art. 6.1.f of the GDPR, i.e. legitimate interests pursued by the Administrator, such as determining, demanding, or defending claims, until they lapse or until the relevant proceedings are completed, if they were initiated within that period, or
    5. art. 6.1.a of the GDPR, i.e. Customer’s consent to the processing of personal data for one or more specific purposes, when other legal bases for data processing are not applicable.
  8. We shall not transfer the Customer personal data to any third countries or international organisations, as understood by the GDPR. If the personal data is shared with a third country or an international organisation, Customers shall be duly informed thereof, and the Administrator shall utilise relevant security measures, as per Chapter V of the GDPR.
  9. No personal data is shared with any third parties without express consent of the data subjects. Personal data may be shared without the consent of the person to whom it relates only with legal public bodies, i.e. government and administrative bodies (e.g. tax offices, judicial authorities and other entities with a mandate stipulated by the relevant mandatory rules of law, such as ZUS [the Polish Social Insurance Institution], or the Tax Office).
  10. Personal data may be shared with Entities that process the data on the request of the Administrator. In such cases the Administrator concludes a contract for personal data processing with such an Entity. The processing Entity processes the shared personal data solely for purposes specified in the aforementioned contract. Without the ability to entrust the processing of personal data to other entities, the Administrator would not be able to conduct its business and execute the concluded contracts. The Controller entrusts Customer personal data to:
    1. IT companies providing hosting services, maintaining online domains and computerised systems used by the Controller.
    2. companies offering data storage services (also online), utilised by the Controller,
    3. companies providing other services to the Controller, necessary for the Controller to conduct their business.
  11. The Customer personal data is not profiled by the Administrator, as per the GDPR.
  12. In accordance with the GDPR, Customers have the rights to:
    1. be informed of the personal data processing, as per art. 13 of the GDPR,
    2. access their personal data, as per art. 15 of the GDPR,
    3. correct or update the personal data, as per art. 16 of the GDPR,
    4. delete their data (the right to be forgotten), as per art. 17 of the GDPR,
    5. limit the processing, as per art. 18 of the GDPR,
    6. transfer the data, as per art. 20 of the GDPR,
    7. object to the processing of their personal data, as per art. 21 of the GDPR,
    8. In cases of legal bases, as per point 8.d above — the right to withdraw one's consent at any time, without affecting the legality of the processing conducted on the basis of the previously given consent,
    9. restrict profiling, as per art. 22, relating to art. 4 of the GDPR,
    10. file a complaint to a supervisory body (i.e. to the President of the Data Protection Authority), as per art. 77 of the GDPR, subject to the rules of using and realising such rights, as per the GDPR.
  13. Should Customers wish to exercise any of their abovementioned rights, they should send an e-mail or a traditional mail to the e-mail or postal address specified in point 14 below.
  14. Any questions, requests or complaints relating to personal data processing by the Administrator, hereinafter referred to as Applications, should be sent via e-mail to the following e-mail address:, or in writing to the following address: Fusion Core sp. z o.o., ul. Jaworowa 16/A23, 43-300 Bielsko-Biała, Poland.
  15. The Applications should clearly contain:
    1. the data of the person or persons to whom the Application relates,
    2. the event that the Application relates to,
    3. the filed requests and their legal basis,
    4. the desired means of solving the issue.
  16. Each ascertained instance of security breach is documented, and should any of the events, as described by the GDPR or the Act, occur, the persons to whom the data relates, as well as the PDPA, if applicable, shall be informed of it.