Privacy policy
1. Definitions
1.1. Controller – Rymarz, Zdort, Maruta, Wachta, Gasiński, Her i Wspólnicy sp.k., based in Warsaw, Poland (00-850) at ul. Prosta 18.
1.2. Personal Data – any information about a natural person, identified or identifiable by one or several factors defining his/her physical, physiological, genetic, psychic, economic, cultural, or social identity, including the IP of the device, location data, online identifier and information collected through cookie files and other similar technologies.
1.3. Policy – this Privacy Policy.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
1.5. Website – an online service run by the Controller at the address https://sanctionscertificate.eu/.
1.6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
2. Data processing in connection with the use of the website
2.1 In connection with the User’s use of the website, the Controller collects data with the scope necessary to provide its respective services and collects information about the User’s activity on the Website. The detailed rules and purposes of processing the Personal Data collected during the use of the Website by the User are described below.
3. Purposes and legal basis of data processing on the website
USE OF THE WEBSITE
3.1 Personal Data of all the persons using the Website (including the IP address or other identifiers and information collected through cookie files and other similar technologies) are processed by the Controller:
3.1.1. to provide services electronically – in this case, the legal basis for the processing is that processing is necessary for the performance of a contract (Article 6(1)(b) of GDPR);
3.1.2. for analytical and statistical purposes – in this case, the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR) to analyze the activity of Users and their preferences in order to improve the functionalities used and the services provided;
3.1.3. to determine and pursue possible claims or defend against claims – the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) to protect its rights.
Email Correspondence
3.2. Personal Data, which is shared by the User in email correspondence addressed to one of the Controller and is not related to the services provided or other existing contracts, will be processed only for the purpose of communication and addressing the matter to which the correspondence relates.
3.3. The legal basis for the processing of Personal Data by the Controller for this purpose is that the Controller are pursuing their legitimate interests (Article 6(1)(f) of the GDPR) involving the sending out of replies to email correspondence received in connection with its business.
3.4. The Controller only process Personal Data relevant to the matter to which the relevant correspondence relates. The entire correspondence will be stored in a manner ensuring the security of Personal Data (and other information) contained therein, and such data will only be disclosed to authorised persons.
4. Cookies and similar technologies
4.1. The Controller use cookies to provide the User with services electronically and to improve the quality of these services. The use of cookies on the Website is not intended to identify Users. The Policy governs the processing of data related to the use of its own cookies.
REQUIRED COOKIES
4.2. The Controller use necessary cookies primarily to provide Users with the services and functionalities of the Website that the User wishes to use. Required cookies may only be installed by the Controller through the Website.
4.3. The legal basis for the processing of data in connection with the application of the required cookies is that such processing is necessary for the purposes of performing contracts (Article 6(1)((b) of the GDPR).
ANALYTICAL COOKIES
4.4. Analytical cookies make it possible to obtain information such as the number of visits and traffic sources of the Website. They are used to determine which pages are more popular and to understand how Users navigate the Website by storing statistics about the traffic on the Website. The processing is done to improve the performance of the Website. The information collected by these cookies is aggregated and is therefore not intended to establish the identity of the User. Analytical cookies may be installed by the Controller and its partners through the Website.
4.5. The legal basis for the processing of Personal Data in connection with the use of necessary and analytical cookies by the Controller is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in ensuring the highest standard of services rendered in the Website.
4.6. The processing of Personal data in connection with the use of functional and analytical cookies is subject to securing the User’s consent for the use of (separately) functional and analytical cookies through the platform for managing consents for cookies. The consent may be withdrawn at any time through that platform.
5. Analytical tools used by controller
5.1. The Controller and its partners apply various solutions and tools used for analytical and marketing purposes. Basic information regarding such tools is described below. For more detailed information on the use of such tools, please refer to the data privacy settings and the privacy policies of the relevant partner.
GOOGLE ANALYTICS
5.2. Cookies of Google Analytics are files used by Google to analyse Users’ habits in regard to using the Website and to create statistics and reports concerning the functioning of the Website. Google does not use the collected data for User identification and does not combine such information to allow for the identification of Users. Detailed information on the scope and terms of data collection related to this tool is available at: https://www.google.com/intl/pl/policies/privacy/partners.
6. Period of personal data processing
6.1. The period of data processing by the Controller depends on the type of provided service and the purpose of the processing. In principle, data are processed for the entire period of providing the service or fulfilling a purchase order until the moment of withdrawing consent or filing an effective objection to the data processing in cases where the legal basis for the processing is the Controller’s legitimate interest.
6.2. The data processing period may be extended if the processing is necessary to determine and pursue possible claims or defend against claims and, after that time, only when and to the extent required by law. After the elapse of the processing period, the data are irreversibly deleted and anonymized.
7. Rights of Data Subjects
7.1. The Data Subjects have the right to access their Personal Data and demand its rectification or erasure or the restriction of its processing, the right to data portability, and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority responsible for the protection of Personal Data.
7.2. To the extent that the Data Subjects’ data is processed on the basis of consent, such consent may be withdrawn at any time by contacting any of the Controller by email at IOD@rzmlaw.com.
7.3. The Data Subjects have the right to object to the processing of their data for reasons related to their particular situation if the processing is not carried out in connection with the Controller pursuing their legitimate interests. Such objection should be submitted with reasons by contacting any of the Controller in writing or by email at the addresses set out in section 10 “Contact Details” below.
8. Data recipients
8.1. In certain cases, if necessary to achieve the purposes described above, Personal Data will be disclosed to external entities providing services to the Controller (e.g. IT service providers).
8.2. The Controller reserves the right to disclose selected information items referring to the User to relevant authorities or third parties which will demand that they are provided such information pursuant to an appropriate legal basis and in compliance with prevailing laws.
9. Transfer of data outside the EEA
9.1. The level of Personal Data protection outside the European Economic Area (EEA) differs from that guaranteed by the European law. For this reason, the Controller transmits Personal Data to places outside the EEA only when necessary and ensuring an adequate protection level, mainly by:
9.1.1. cooperating with the entities processing Personal Data in the countries with respect to which the relevant decision of the European Commission was issued concerning the assurance of an adequate level of protection of Personal Data;
9.1.2. applying standard contractual clauses set forth by the European Commission; and
9.1.3. applying binding corporate rules approved by the relevant supervisory authority.
10. Security of personal data
10.1. The Controller conduct risk analyses on an ongoing basis to ensure that Personal Data is processed in a secure manner – ensuring, in particular, that only authorised persons have access to such data and only to the extent that this is necessary for the performance of the Controller duties. The Controller ensure that all operations conducted in connection with Personal Data are recorded and performed only by authorised employees and contractors.
10.2. The Controller will take all necessary actions to ensure that its subcontractors and other cooperating entities also apply appropriate security measures whenever they process Personal Data on behalf of one of the Controller.
11. Contact details
11.1. A Data Subject may contact the Controller at the following address: Rymarz, Zdort, Maruta, Wachta, Gasiński, Her i Wspólnicy sp.k., email address: IOD@rzmlaw.com, office address: Prosta 18, 00-850 Warsaw, Poland.
11.2. The Controller has appointed a Data Protection Officer who can be contacted in any matter relating to the processing of Personal Data by e-mail at IOD@rzmlaw.com.
12. Amendments to this privacy policy
12.1. This Policy will be verified on an as-needed basis and updated, if required.
12.2. The existing version of this Policy has been adopted and has been in force as of 1 August 2025.