1. General Provisions

1.1. This Privacy Policy sets out the rules for the processing and protection of personal data of the Users of the Platform available at https://www.ltprofessional.pl
1.2. “User” shall be defined as an adult natural person possessing full legal capacity to perform acts in law, who uses the Platform;

1.3. “Platform” shall be defined as the complete functionalities related to the electronic provision of services as made available at https://www.leasingteam.pl by LeasingTeam Professional Sp. z o.o. with a seat in Warsaw, 02-677, at Taśmowa st. # 7, or by other companies part of Grupa Kapitałowa LeasingTeam, pursuant to Section 2 below.

1.4. “Personal Data” shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (a feature) such as a first and last name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.5. “Processing” shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, browsing, use, disclosure, making available, alignment or combination, restriction, erasure or destruction.

1.6. User personal data is processed in line with existing regulations, specifically in line with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR) and in line with the Act of 10 May 2018 on the protection of personal data.

1.7. If you do not agree with this Privacy Policy, please refrain from using the Platform’s services.


2. Companies of Grupa Kapitałowa LeasingTeam as Joint Controllers of Personal Data

2.1. In order to attain business objectives, and in particular, to streamline administration and financial/ accounting processes, as well as to ensure the highest standards of security and the highest quality of services, including of customer and contractor services, the companies which make up Grupa Kapitałowa LeasingTeam jointly, as Joint Controllers of personal data, set out the goals and means of personal data processing. For this reason and in light of the financial, personal and organizational relationships that exist between the companies who make up Grupa Kapitałowa LeasingTeam, Grupa Kapitałowa LeasingTeam has adopted a model for joint data controlling, which among others, also covers User data.

2.2. Pursuant to an accord made between the entities listed in items 2.3.1 through 2.3.8, the rules for how Joint Controllers will fulfill their GDPR obligations have been set out. A significant portion of these rules which apply to Users has been provided in Section 5 of the Privacy Policy.

2.3. Grupa Kapitałowa LeasingTeam consists of:

2.3.1. LeasingTeam Professional Sp. z o.o. with seat in Warsaw, Taśmowa st. # 7, 02-677 Warsaw, 
2.3.2. LeasingTeam Sp. z o.o. with seat in Warsaw, Taśmowa st. # 7, 02-677 Warsaw,
2.3.3. IT LeasingTeam Sp. z o.o. with seat in Warsaw, Taśmowa st. # 7, 02-677 Warsaw, 
2.3.4. BPO Team Sp. z o.o. with seat in Warsaw, Taśmowa st. # 7, 02-677 Warsaw,
2.3.5. LeasingTeam Brand Management Sp. z o.o. with seat in Warsaw, Taśmowa st. # 7, 02-677 Warsaw
2.3.6. CPC Consulting Group Sp. z o.o., sp.k. with seat in Warsaw, Taśmowa st. # 7, 02-677 Warsaw,
2.3.7. CPC Consulting Group Sp. z o.o. with seat in at Kurkowa st.# 12, 50-210 in Wrocław, 
2.3.8. Fundacja Dziecięca Radość with seat at Taśmowa st. # 7, 02-677 in Warsaw


2.4. The leading company in the joint data control model is Onca Sp. z o o (Joint Controller No. 1), which controls personal data processing, identifies personal data processing risks and sets out security standards in relation to these risks to ensure all personal data subject to processing at Grupa LeasingTeam is appropriately protected.

2.5. LeasingTeam Brand Management Sp. z o o is responsible for the marketing and promotion of Grupa Kapitałowa’s products and services, including for direct marketing services.

2.6. To ensure the security of User personal data, Joint Controllers apply appropriate technical and organizational means as regards the safety of processing of personal data.


3. Goals and Legal Basis For Processing User Personal Data

3.1. User personal data are being processed or may be processed:

a) to respond to enquiries e.g. to respond to a question posed by a User via the contact form and to provide information about the Joint Controller offering – in this case, Joint Controllers process data based on User consent (article 6, point 1, item a, GDPR);

b) to deliver on the legitimate interest of Joint Controllers related to the running of the Platform, including to analyzing the User’s use of the website: https://www.leasingteam.pl (article 6, point 1, item f, GDPR);

c) to address the legitimate interest of the Joint Controllers, which may, among others, encompass the establishment, pursuit and defense of claims, prevention of crime and related investigations, business management and development, including risk management (article 6, point. 1, item f, GDPR);

d) for direct marketing purposes by Joint Controllers, including to match services to User needs (including profiling) based on cookies and other similar technologies, as spoken of in point 9 – in this case data is processed by Joint Controllers based on the legitimate interest of Joint Controllers (article 6, point. 1, item f, GDPR);

e) for marketing purposes of Joint Controllers, as carried out specifically via newsletter services, as based on User consent (article 6, point. 1, item a, GDPR);

3.2. Whilst personal data is provided to the Platform voluntarily, it may prove necessary for the delivery of one or more services and data processing goals, as listed in point 3.1. above, which Joint Controllers may not be able to deliver if personal data isn’t provided.


4. Scope of Processing of User Personal Data

4.1. The scope of User personal data processed by Joint Controllers encompasses:

a) User data provided voluntarily by the User via contact forms available on the Platform: first name, last name, e-mail, telephone number, title/ company, NIP tax number, city;

b) User data obtained by Joint Controllers in connection with the use of cookies and other similar technologies (see point 9).


5. User Rights and Obligations

5.1. Joint Controllers have agreed together, that the entity responsible for exercising the rights and obligations under GDPR (specifically information obligations as spoken of in articles 13 and 14 of GDPR) in relation to individuals whose data is being processed, shall be Onca Sp. z o o . Notwithstanding the above, the rights and privileges afforded by GDPR may be exercised by each of the Joint Controllers.

5.2. If personal data is being processed based on User consent, such consent is voluntary and may be withdrawn at any time without affecting compliance with processing laws. The Consent withdrawal statement should be submitted by e-mail to the e-mail address set up jointly by Joint Controllers, as listed in point 5.5.

5.3. The User shall also have the right to:

a) have his personal data deleted;

b) have the processing of his personal data restricted;

c) access the contents of his data and to clarify (correct) them;

d) to obtain a copy of his data or to have his data transferred, however this right may not adversely affect the rights and freedoms of other individuals (including the rights to trade secrets or intellectual property rights) and shall be exercised to the extent which is technically possible;

e) to object to the processing of his personal data, when this processing is based on a legitimate interest of the Joint Controllers or a third party.

5.4. Barring exceptions stated in GDPR regulations, the LeasingTeam Professional Sp. z o o Joint Controller shall exercise User rights.

5.5. To exercise the rights outlined in points 5.2 and 5.3, send a message to an e-mail account set up by the Joint Controllers: daneosobowe@leasingteam.pl.
5.6. The User shall have the right to file a complaint about personal data to the supervisory authority, when of the view that the data processing applied to him breaches GDPR regulations.


6. Term of Customer Personal Data Processing

6.1. Joint Controllers process User personal data in a manner and for the length of time which is necessary to fulfill the purposes these data have been collected for.

6.2. When data is processed:

a) based on User consent – user data shall be processed until the User withdraws that consent;

b) to ensure compliance with legal obligations imposed on Joint Controllers – user data shall be processed for a period of time as foreseen by law;

c) for Joint Controller direct marketing purposes, including to match services to User needs (profiling) – User data shall be processed until the User objects;

d) to deliver other legitimate Joint Controller interests – data shall be processed until such time as the User’s objection is accepted or the limitation period of a claim runs out.

6.3. After the processing period ends, data shall be deleted or anonymized.


7. Entities That Customers’ Personal Data is Made Available To

7.1. Joint Controllers provide User personal data if they possess appropriate legal basis to do so, and specifically when this is essential for the delivery of services rendered to Users.

7.2. User personal data may also be provided on demand of public authorities or other agencies entitled to such access based on existing regulations, specifically when this is essential to ensure the safety and security of Joint Controllers’ systems.

7.3. Recipients of User personal data may specifically include:

7.3.1. entities authorized to receive User data based on existing regulations;

7.3.2. entities whose services Joint Controllers use in order to provide services to Users, and in particular:

a) entities who operate or provide IT systems to Joint Controllers;

b) entrepreneurs who provide and maintain software used in the Platform’s operation;

c) law firms, consultancy businesses that Joint Controllers work with.

7.3.3. Joint Controllers’ trusted marketing partners:

a) Google LLC in connection with the use of Google Analytics.


8. Transfer of Data Outside EEA

8.1. Joint Controllers transfer personal data outside of the European Economic Area (EEC) only when this is necessary and while ensuring appropriate level of protection, primarily via:

a) cooperating with entities who process personal data in countries in relation to which an adequacy decision has been made by the European Commission;

b) the application of standard contractual clauses which have been issued by the European Commission;

c) the application of binding corporate policies approved by appropriate regulators.

8.2. Whenever applicable, the Controller shall always notify of the intent to transfer personal data outside of the EEC at the data collection stage. On User request, the LeasingTeam Sp. z o o Joint Controller shall make a copy of data which will be transferred outside of the EEC available to the User.


9. Cookies and Other Like Technologies

9.1. As with most online platforms, during Platform’s use, User personal data may be automatically collected by the Platform’s system logs via cookie files (“cookies”), Google Analytics and HotJar analytical tools as provided by Hotjar Ltd.

9.2. Cookies are small text files saved on the User’s end device which help to identify Users and provide Joint Controllers with statistics about User traffic, User activity and the way Users have used the Platform. They help adapt Platform contents and services to User preferences.

9.3. The Platform uses session cookies which are subject to deletion once the online browser is closed, and persistent cookies, which are retained for a specific period of time (defined in cookie file parameters or until such time when they are removed by the User) on end devices used by the User to browse the Platform or the Store.

9.4. The following types of cookies are placed on the User’s device:

a) cookies used to ensure safety and security;

b) cookies that enable the collection of information about how services are used;

c) cookies that enable the system to remember User settings and preferences and enable User interface customization;

d) cookies that enable the system to provide the User with content which is better adapted to User preferences and interests.

9.5. In line with existing regulations, Joint Controllers process data about the number (including IP number) and the type of User’s end device, as well as about the time the User is connected to the Platform and other operating data about User activity on the Platform, including User preferences. The data listed are processed for technical purposes to adapt the Platform to User needs and to collect general statistics data about the Platform’s operation, as well as to customize the content provided to the User.

9.6. The User may change his cookie settings individually anytime by going to User Internet browser settings and defining how cookies will be enabled and how they will get to access the User’s end device. In particular, the said settings may be changed to disable cookies in the browser settings or to receive notice every time cookies are placed on the User’s end device.

9.7. The User may delete cookies anytime by altering the functions of the browser he is using. The Controller hereby warns that this may restrict some functionalities of the Platform.

9.8. Joint Controllers may also use Google Analytics, a system that provides insight into online user personal data and location data traffic, used to generate statistics and reports on Platform operation, and to customize advertising content that’s displayed. Detailed processing rules applied by Google LCC and how you can disable cookies used by Google LCC are available at www.google.com/policies/privacy/partners/.

9.9. User Platform operation, including user personal data are saved in system logs (log files used to keep a chronological record of events and activities of the IT system used by the Joint Controllers to provide services). The log data is processed primarily for the purpose of providing services. Joint Controllers also process these data for technical, administrative, IT system security and management purposes – as regards this area, legitimate Controller interest shall constitute the legal basis for this processing (article 6, point 1, item f od GDPR).

9.10. Joint Controllers utilize the HotJar tool (or a similar tool with identical functionalities), used to analyze user Platform website (and subpage) traffic in order to assess User behavior while using the Platform and utilizing its functions. The use of HotJar or a like tool does not involve the downloading or recording of User personal data.


10. Final Provisions

10.1. This Privacy Policy is continually reviewed and updated as needed to reflect any and all changes to how personal data is being processed. Joint Controllers may also choose to implement amendments in line with existing regulations or laws. Notices of updates and amendments will be published at https://www.ltprofessional.pl/politykaprywatnosci

10.2. This Privacy Policy shall come into effect on the 1st of January 2019.


Contact Us about personal data protection

You can send your enquiries, questions or complaints about how your personal data is collected and processed by Grupa Kapitałowa LeasingTeam to: daneosobowe@leasingteam.pl