Search


    ENG  PL

    Information about data processing

    Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, hereinafter referred to as the ‘GDPR’, we provide you with the information about your personal data processing.


    1.    Controller of your personal data
    The Controller of your personal data is eCommerce Spółka z o.o. (hereinafter referred to as "The Controller" or “Lingaro”), with its registered office in Warsaw, address: 180 Pulawska St., 02-670 Warsaw, Poland


    2.     Contact details in matters related to the processing of personal data
    On any matter concerning the processing of personal data you can contact us via e-mail: privacy@lingarogroup.com or in writing at the address of the Controller's registered office indicated in point 1. 


    3.    What types of data do we process
    We will process the data you have provided in your report, including your first and last name, email address (unless you have made your report anonymous), and any other data contained in the body of your report.


    4.    The purposes for which personal data is processed and the legal basis for processing
    The Controller may process personal data in order to examine a report of violations of law or internal regulations (hereinafter: 'the Report'), including its assessment and further processing by the Controller, and to identify the person submitting the Report (hereinafter: 'the Reporting Person'), unless the Report was submitted anonymously.


    Personal data will be processed on the following legal basis:

    a.    the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), i.e.: handling violations of laws or internal regulations within the Controller’s organization - to the extent that it exceeds the regulations of the Act of 24 June 2024 on Whistleblower Protection hereinafter referred to as the “Act on Whistleblower Protection”, ensuring the Controller’s operations are conducted in accordance with applicable laws and internal regulations, as well as to protect against potential claims;


    b.    processing is necessary for compliance with a legal obligation to which the Controller is subject, i.e. to enable the Controller to report violations of laws or internal regulations by the Reporting Person arising directly from Article 8 of the Whistleblower Protection Act in conjunction with Article 6(1)(c) of the Regulation.



    5.    Information on the entities the Controller may share your data with

    The Controller may share your data with the following entities:


    a. Entities and bodies to which the Controller is obliged or authorized to make personal data available under the generally applicable laws. This may include public authorities, law enforcement agencies, and others.


    b. Service providers acting as our processors. Data processors are contractually obligated to implement appropriate technical and organizational measures to protect personal data and to process personal data only in accordance with instructions. One of our suppliers that processes personal data on our behalf is the provider of the notification system, Whistleblowing Solutions AB. This provider will store data on our behalf but will not perform any further operations on the data beyond what is necessary to store it in accordance with our instructions.


    6. Transfer of the personal data
    Some of our IT service providers, may be located in countries outside of Europe. In some cases, this may include countries outside the European Union and/or the European Economic Area (“EEA”). If recipients are located in countries that do not provide adequate protection for personal data, we will take all necessary measures to ensure that the transfer of this data outside the EEA is appropriately safeguarded in accordance with applicable data protection laws. This includes implementing appropriate safeguards, such as the EU Standard Contractual Clauses for Data Protection. For detailed information regarding these safeguards, please contact us as outlined in point 2 above.


    7.Retention period
    Personal data processed in connection with the receipt or assessment and further processing of a Report shall be retained for a period of 3 years after the end of the calendar year in which the external Report is submitted to the competent authority for further action, or the further action is concluded, or after the conclusion of the procedure initiated as a result of such action.


    8. Your rights
    You have the right to access to your data, the right to obtain a copy of it, to request rectification, deletion and restriction of processing. The request should be submitted to the address: privacy@lingarogroup.com. As your personal data is processed on the basis of the legitimate interests of the Controller, you have the right to object to the processing. The objection should be submitted to the address: privacy@lingarogroup.com.
    You have the right to lodge a complaint to the President of the Personal Data Protection Office (Stawki 2, 00-193 Warsaw, tel. 22 531 03 00, fax. 22 531 03 01, www.uodo.gov.pl) if you consider that the processing of your personal data violates the provisions of the GDPR or other regulations determining the manner of processing and protection of personal data.


    9. Requirement to provide data
    It is not necessary to provide personal information such as your name or other identifiable information to submit a report. Reports can be made anonymously. However, in order for us to act on your report, it must include, at a minimum, a description of the situation that constitutes the alleged violation. If no description is provided, we will need contact information for the reporting person so that we can obtain any additional information we may need.


    10. Automated decision-making, including profiling.
    Your personal data will not be processed by automated means, and they will not be a subject to profiling.