Information clause customers and potential customers

Indication of the Controller

The Controller of your personal data is one of the MDD Group companies:

  1. .mdd Sp. z o.o. (Ltd.), registered office in Sępólno Krajeńskie, Poland, at (89-400), ul. Koronowska 22, KRS (National Court Register): 0000097731, NIP (Taxpayer Identification Number): 5611437378, REGON (National Official Business Register): 092911632,
  2. DIRECT DIGITAL Sp. z o.o. (Ltd.), registered office in Bydgoszcz, Poland, at (85-023), ul. Toruńska 33, KRS: 0000915881, NIP: 9532784828, REGON: 389662490,
  3. .mdd Dąbrowski Sp. Komandytowa (Limited Partnership), registered office in Sępólno Krajeńskie, Poland, at (89-400), ul. Koronowska 22, KRS: 0000394682, NIP: 5040068981, REGON: 341092676
  4. .mdd Design Sp. z o.o. (Ltd.), registered office in Sępólno Krajeńskie, Poland, at (89-400), ul. Koronowska 22, KRS: 0000478469, NIP: 5040072652, REGON: 341482450;

of which it communicates to you in the abridged version of the information obligation provided pursuant to Article 13.1 and Article 14.3 Polish RODO in direct or indirect communication.

Would you like to notify us of a breach of protection of your personal data, send us a request regarding your rights as a data subject? Do you have questions or concerns about the protection of your personal data? Contact our Data Protection Officer directly at the following email address: iod@mdd.pl: iod@mdd.pl

Data sources

  1. We have obtained personal data from you directly, in connection with the contract negotiation and execution process or from publicly available sources.

Data categories

We process personal data in the scope of contact data (e.g. telephone number, e-mail address), employment data (position, place of employment) and identification data (name, surname).

Purposes of data processing and legal basis

  1. Establishment of communication and maintenance of business relationships - processing is necessary for the legitimate interests of the controller to purchase goods and services necessary for the operation of the business (Article 6(1)(f) Polish RODO).
  2. Performance of contractual provisions - processing is necessary for the performance of pre-contractual activities and for the performance of contractual provisions (Article 6(1)(b) Polish RODO).
  3. Maintenance of accounting and tax records - processing is necessary for the fulfilment of a legal obligation under Article 74 of the Accounting Act and others concerning taxpayers (Article 6(1)(c) Polish RODO).
  4. Pursuing and protecting against claims - processing is necessary for the fulfilment of the legitimate interests of the controller (Article 6(1)(f) Polish RODO).
  5. Marketing of the Administrator's own services, where the processing is necessary for the purposes of the Administrator's legitimate interests (Article 6(1)(f) Polish RODO), and in the case of fulfilment through a designated communication channel [telephone, e-mail], based on the consent granted in this regard (Article 6(1)(f) Polish RODO in connection with Article 10(1)-(2) Polish Law on Provision of Electronic Services or Article 172(1) Polish Telecommunications Act).
  6. Marketing of the Administrator's own services may be preceded by profiling, understood as the automated tailoring of the content provided according to the interests or needs of the customer, when the processing is necessary for the purposes of the Administrator's legitimate interests (Article 6(1)(f) Polish RODO) and in the case of profiling that materially affects your decisions, only if you have given your consent.

Duration of data processing

Data is processed for a period of time respectively:

  1. until an effective objection/request for deletion is made - applies to points 1 and 5 above with the exception of email and telephone communication;
  2. until termination or expiry of the contract - refers to point 2 above;
  3. 5 years calculated from the end of the calendar year in which the contract is terminated or expired - refers to point 3 above;
  4. limitation of actions - refers to point 4 above;
  5. until consent is withdrawn - refers to points 5-6 above.

Transfer of personal data

Personal data will only be transferred by the Controller to trusted entities, such as companies providing and operating selected IT systems and solutions, and providers of accounting, legal, postal and courier services.

As a general rule, personal data will not be transferred outside the EEA or made available to international organisations. However, where the controller uses service providers from outside the EEA that have not been recognised by the European Commission as providing an adequate level of protection for personal data, transfers of personal data to the above-mentioned entities shall be made on the basis of standard data protection clauses adopted by the European Commission, thus subject to adequate safeguards for the protection of the privacy and rights and freedoms of the data subjects. A copy of the standard contractual clauses can be obtained from the controller.

Your rights

Concerning our processing of your personal data, you have the right to:

  1. request access to your personal data,
  2. request the rectification of your personal data,
  3. request the erasure or restriction of the processing of your personal data,
  4. object to the processing of your data,
  5. complain to the supervisory authority, which in Poland is the President of the Office for Personal Data Protection.

You may exercise your rights by sending the appropriate instruction by post to the Administrator's registered office address or by e-mail to: iod@mdd.pl

Other information

The provision of data is voluntary, but necessary for the conclusion and execution of the contract.

The processing of data in the marketing of our own services may be preceded by profiling, understood as the automated adjustment of the content provided according to your interests or needs. If profiling materially affects your decisions, the mechanism is started after you have given your consent.