Privacy Policy

The Auditing Firm MK – Please take note of the following information regarding the principles of processing personal data as well as the rights related to the processing and implementation of personal data.

This complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC, commonly known as the General Data Protection Regulation (GDPR).

Under the GDPR, affected individuals must be provided with information about the processing of their personal data in accordance with Articles 13 or 14 of the GDPR, depending on whether this data was collected directly from the person or from other sources. In this regard, we would like to inform you that:

Controller of your personal data:
The controller of your personal data is Auditing Firm MK sp. z o.o., REGON 523921732, NIP 8522689128, ul. Gen. Stanisława Kopańskiego 62/7, 71-050 Szczecin (hereinafter “Controller”). You can contact the Controller in writing at the above address or via email at audyt@martakrawiec.com.pl.

Purposes of processing personal data:
The Controller processes personal data for the following purposes:

  • Provision of financial auditing services,
  • Business cooperation and business contacts,
  • Correspondence with individuals asking questions,
  • Establishing, enforcing, or defending claims that the Auditing Firm MK might assert or that might be asserted against the Controller,
  • Sharing information with contractors, i.e., companies used to execute the aforementioned agreements,
  • Business partners whose offers complement our own. Your personal data will also be processed based on your consent – for the purposes indicated in the consent, including commercial and marketing purposes.

Obligation to provide data:
Providing personal data is voluntary but may be necessary in some cases. The necessity to provide data exists when concluding and performing contracts with the Controller. Furthermore, if legal provisions require the Controller to process personal data (e.g., tax number, PESEL for maintaining accounting records).

Legal basis for data processing:

  • Art. 6(1)(a) GDPR – when the data subject has given consent for the processing of personal data for one or more specific purposes,
  • Art. 6(1)(b) GDPR – when processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract,
  • Art. 6(1)(c) GDPR – when processing is necessary for the fulfillment of a legal obligation to which the Controller is subject (particularly: issuing and retaining invoices and accounting records, handling complaints, providing data to state authorities within the scope and in accordance with legal regulations),
  • Art. 6(1)(f) GDPR – when processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, especially when the data subject is a child. The Controller’s legitimate interest includes providing information about the offered products and services for the following purposes: improving the quality of offered/sold goods or services by gathering feedback or conducting satisfaction surveys; supporting payment services, credits, or insurance of purchased products; managing activities on the Controller’s websites by monitoring for functionality improvement, needs analysis, and adjusting advertising based on previously viewed content; handling messages, feedback, or inquiries unrelated to contract fulfillment; detecting and preventing abuse, enforcing or defending claims, and conducting proceedings before public authorities or courts; protecting property, health, and life through monitoring of the operational building/restaurant/retail store and surrounding area depending on the Controller’s activities; statistical purposes; creating analyses, reports, statistics, and archiving, including ensuring accountability.

Scope of data processing:

  • For the purposes mentioned in point 5.1, data processing is based on consent and the purpose for which it was granted;
  • For the purposes mentioned in points 5.2 and 5.3, the scope of processed data includes: first and last name or company name; email address; telephone number (landline/mobile); delivery address or location of contract execution or place of residence (street, house/apartment number, postal code, city, country, residence/business address), date of birth, PESEL or NIP number;
  • For the purposes in point 5.4 and marketing purposes, the scope of processed data includes: first name, last name, email address.

Data retention period:
The Auditing Firm MK processes personal data for the period necessary to achieve the purposes mentioned in point 5, depending on the purposes listed therein.

In particular:

  • Personal data is retained for the duration of the contract fulfillment with you and afterward for the period and to the extent required by law, as well as for the duration in which claims from the contract may expire.
  • For accounting, data is retained for the period required by law (5 years, starting from the beginning of the year following the fiscal year to which the data pertains).
  • If we process personal data based on a legitimate interest and direct marketing, we store the data until you object to this processing.
  • For establishing, enforcing, or defending claims, data is retained for the period during which the Controller’s legitimate interest exists, but no longer than the statute of limitations for claims against the data subject related to the Controller’s business activity. The statute of limitations is determined by legal provisions, particularly the Civil Code (the general limitation period for claims related to business activities is 3 years, and for sales contracts, 2 years).

Data recipients – Who has access to your personal data:
In connection with the processing of data for the purposes described above (point 5), personal data may be made available to the following categories of recipients:

  • Companies involved in processes necessary to achieve the purpose for which consent was given or to fulfill the contract, including: transport providers, payment services, electronic services,
  • Advertising agencies; transport companies/carriers responsible for delivering mail or courier packages,
  • Companies maintaining or supporting our IT systems,
  • Companies providing us with consulting or auditing services,
  • IT service providers, particularly software providers for managing an online shop,
  • Email service providers and hosting, software providers for company management,
  • Companies affiliated with the Controller by capital or personally,
  • Public authorities or entities performing public functions, within the scope and in accordance with applicable legal regulations,
  • Companies providing accounting services to the Controller,
  • Payment service providers handling payment processing,
  • Other entities, if they are legally authorized to collect the data.

Transfer of data to third parties or international organizations:
Currently, we do not plan to transfer your personal data outside the European Economic Area (including the European Union, Norway, Liechtenstein, and Iceland). Should we decide to transfer data outside the EEA, this will be done solely for legally permissible purposes and to the extent allowed by law. Up-to-date information can be found on the Controller’s website in the privacy policy.

Rights of the data subject:
You have the following rights concerning the processing of your personal data:

  • Right to access your data, including receiving a copy of the data,
  • Right to correct the data,
  • Right to delete the data (in certain situations),
  • Right to restrict the processing of data,
  • Right to object to data processing,
  • Right to data portability to another controller or to yourself (according to the principles established in Art. 20 GDPR),
  • Right to file a complaint with the supervisory authority if you believe that the processing of your data violates applicable data protection laws,
  • Right to withdraw consent at any time if the data subject has given consent for the processing of personal data (e.g., for receiving commercial information, and further processing is no longer necessary for fulfilling contractual obligations). Consent can be withdrawn at any time via a written or electronic statement. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Cookies and other technologies:
Auditing Firm MK uses cookies on its websites. Cookies are small amounts of information stored by a web browser. A cookie does not affect software or hardware. Cookies are associated only with the browser of a specific device, without identifying the user’s name or personal data (an anonymous user profile). These are pieces of information stored by the server on the user’s device and retrieved with each connection made by the user. The cookies used on our website do not collect information that can identify the user. The Controller uses session cookies, which contain data necessary for proper login and monitoring of this process on the website. They identify the data of the computer and browser used for browsing the websites – e.g., to determine whether a particular computer has previously visited the website. Further information about cookies can be found at: www.martakrawiec.com.pl.

Social Plugins:
Information supporting functions and providing important information and content according to the user’s individual needs comes from servers of providers such as Facebook, which place “Like” and “Recommend/Share” buttons on their pages. For this purpose, a code referencing the Facebook service is embedded on the relevant pages. By using the “Like” button or recommending an image or section of the page, and by leaving a comment, the user logs into Facebook, where Facebook’s privacy policies apply, available at: http://pl-pl.facebook.com/help/cookies.

Managing Cookies:
If you do not wish to receive cookies, you can change your browser settings. The operation of cookies can be disabled at any time by changing the settings in your web browser. Limiting cookie settings may affect the general quality of website use.

With regard to the privacy policy, we also inform you that: Auditing Firm MK, as the Controller, collects data for specific lawful purposes, processes them lawfully, and does not use them for other purposes. Data is processed only to the extent necessary and required for the purposes for which they are processed. The Controller does not process special categories of data. The company’s website, i.e., www.martakrawiec.com.pl, does not collect, store, or use the personal data of internet users. Considering the nature, scope, context, and purposes of processing, as well as the risk to the rights or freedoms of persons with varying likelihood and severity of risk, Auditing Firm MK implements appropriate technical and organizational measures to ensure that processing complies with this regulation and can demonstrate such compliance. These measures are reviewed and updated as necessary.

Website created © 2025 www.honestmedia.pl