Privacy policy

This Privacy Policy sets out the principles for the processing and protection of personal data provided by Users in connection with their use of the website available under the domain www.proqual.pl, hereinafter referred to as the “Portal”.

I. Data controller

The controller of the Portal Users’ personal data is PROQUAL Management Institute – B. T. Greber Sp.J., with its registered office at Ostrowskiego Street 30, 53-238 Wrocław, hereinafter referred to as the “Controller”.

Personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter: GDPR).

The data collected by the Controller will be:

• processed lawfully,

• processed for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes,

• factually correct and adequate in relation to the purposes for which they are processed,

• kept for no longer than necessary for the purposes for which the data are processed.

II. Data collecting and method of use

1. The Portal allows Users to remain anonymous, as browsing its content does not require providing personal data, except in certain cases.

   Access to some services provided through the Portal may require Users to provide personal data. In such cases, failure to provide data may limit the ability to use the services.

   Methods of data collection:

   Information provided by the User
   – Through the contact form available on the Portal, the User may contact PROQUAL regarding the services provided by the Company, by providing their name, surname, e-mail address, phone number, and company name.

   – The Portal enables Users to sign up for closed training sessions and to submit inquiries regarding published offers. To do so, the User provides their name and surname, company name, e-mail address, and phone number. These personal data are used for training registration or to respond to inquiries.

   – To register for open training sessions, the User completes a form providing the following data: name, surname, phone number, and e-mail address of the participant(s), as well as the data of the applicant in the same scope, and invoice details: name and surname/company name, tax identification number (NIP), address (street, building number, apartment number), city, postal code, and invoice delivery details: address, city, postal code, e-mail address. These data are used for organizing and conducting the training.

   – To place an order in the online store, the User completes a form providing: tax identification number (NIP), company name, name, surname, address, phone number, and e-mail address. These data are used to place an order, conclude and execute the sales contract. Users may purchase PROQUAL products without registering an account, but also as a logged-in user. In case of contact, the user may be an already registered User.

   With separate consent, the User’s e-mail address may be used for marketing of the Controller’s own products and services and for sending commercial information, such as news, promotions, offers, etc. In the case of Newsletter subscription, personal data (e-mail address, optionally name) are processed for the purpose of sending commercial information electronically, including offers, updates, and content-related materials (digital content).

   The legal basis for data processing is the User’s voluntary consent (Article 6(1)(a) GDPR).

   Automatically collected information
   – During use of the Portal, only data related to browsing activities is automatically collected, such as the number and source of visits, visit duration, viewed content, number and types of subpages opened, referral usage, and the User’s IP address. These data are not linked to personal data and are not used to identify the User. They are collected for technical (administrative) purposes and to compile general demographic statistics (e.g., region of access).

   Legal bases for data processing:

   – Article 6(1)(a) GDPR – consent for processing personal data for marketing/commercial purposes including newsletters.
   – Article 6(1)(b) GDPR – processing is necessary for the performance of a contract or to take steps at the data subject’s request before entering into a contract (e.g. processing orders, execution of sales contracts).
   – Article 6(1)(c) GDPR – processing is necessary for compliance with a legal obligation (e.g. accounting regulations).
   – Article 6(1)(f) GDPR – processing is necessary for purposes of the legitimate interests pursued by the Controller or a third party (e.g. replying to inquiries, customer support, complaint handling, withdrawal requests).

III. Cookies

1. The Portal uses cookies for statistical purposes and to optimally manage site content, customizing it to the individual needs of each User. Cookies do not contain any personal data and may be stored until the browser is closed or until they are deleted.

   More information is available in the Cookie Policy located on our website under the “Cookie Policy” section.

IV. Disclosure and Sharing of Personal Data

User personal data may be shared with the following categories of recipients:

• Service providers supporting the Controller in technical, operational, and organizational areas, including:

  • Hosting and IT infrastructure providers,

  • Email and newsletter service providers,

  • Accounting and tax advisory firms,

  • Courier and postal services for physical deliveries,

  • Payment service providers for processing financial transactions,

  • Analytical and marketing tool providers (e.g. Google Analytics, Google Ads, Meta/Facebook Ads), to the extent they process personal data.

• The Controller’s employees and associates, only to the extent necessary to perform assigned tasks and data processing purposes.

• Authorized public authorities, when required by law (e.g. courts, prosecutors, police, supervisory authorities).

As a rule, personal data are not transferred outside the European Economic Area (EEA). However, considering services provided by subcontractors for IT support and infrastructure (e.g., Google LLC, Microsoft Corporation), whose servers may be located outside the EEA, mainly in the United States, the Controller ensures that all data transfers comply with the highest security standards and valid legal bases under GDPR, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission,

• European Commission adequacy decisions (e.g. for entities covered under the EU-U.S. Data Privacy Framework, if the provider participates in the program).

According to the European Commission, non-EEA recipient countries ensure an adequate level of personal data protection. The decision regarding the U.S. applies to companies participating in the Data Privacy Framework program. PROQUAL cooperates only with such certified entities. More information: https://www.dataprivacyframework.gov/s/

V. Data Security

All personal data obtained via the Portal are processed in a manner that ensures their security, in accordance with applicable laws, in particular Regulation (EU) 2016/679 (GDPR).

The Controller maintains the confidentiality of all submitted data. Processing follows strict organizational procedures aligned with the stated purposes.

VI. Data processing period

1. Personal data processed for inquiry handling will be retained during the communication period and, depending on its outcome, either added to PROQUAL’s client database for contract execution purposes or deleted if cooperation is not established.

If the User clearly discontinues communication, the data will be deleted immediately from active systems, and from backups within 30 days.

If there is no response and the situation remains unclear, the data will be retained for up to 6 months from the date of the last message.

2. Data provided during training registration will be retained for 5 years from the end of the training, to demonstrate that it was properly conducted.

Data of users who cancel training will be retained for 3 months from cancellation.

3. Data provided when placing an order or making a purchase will be retained for accounting purposes for a maximum of 5 years from the end of the calendar year in which the tax payment deadline related to the contract occurred. For other justified purposes, data will be retained as long as a legal basis for processing exists, unless a longer retention is required by law.

4. Data processed based on consent (e.g. for marketing or newsletters) will be retained until the consent is withdrawn. An additional 30-day period is required to remove such data from backups.

VII. User’s rights

The User decides on the scope and purpose of processing. At any time, the User has the right to:

• Withdraw consent: Consent for marketing processing is voluntary and may be withdrawn at any time. It is recommended to send the withdrawal from the same e-mail or phone number used to receive such content. The sole consequence will be the discontinuation of marketing communications from PROQUAL.

• Object to data processing: The User may object to processing based on legitimate interest (e.g. for marketing purposes). Such objection will lead to cessation of processing unless another legal basis applies.

• Erasure of data (“right to be forgotten”): The User may request deletion of all or selected personal data in the following cases:
  a) Consent is withdrawn;
  b) Data are no longer necessary for the purposes collected;
  c) An objection was submitted for marketing use;
  d) Data are processed unlawfully.

Despite an erasure request, the Controller may retain certain data to establish, exercise, or defend legal claims.

• Data portability: The User may receive their personal data in a structured, commonly used, machine-readable format and transfer them to another controller, or request a direct transfer if technically feasible.

• Restriction of processing: The User may request restriction of processing. Until reviewed, the User’s access to services involving such processing may be suspended.

• Access to data: The User has the right to obtain confirmation from the Controller on whether their data are being processed, and if so, to:
  a) Access their personal data;
  b) Receive information on processing purposes, categories of data, recipients, retention period or criteria, rights under GDPR, right to lodge a complaint, data source, automated processing including profiling, and safeguards for data transfers outside the EU;
  c) Obtain a copy of their personal data.

• Rectification: The User may request correction of incorrect data and completion of incomplete data.

• Lodging a complaint: The User has the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, Warsaw) or another supervisory authority.

VIII.Copyrights

All rights to the content of www.proqual.pl are reserved. The User may download and print full pages or excerpts only if copyright is not infringed. No part of the service may be copied for commercial purposes, transmitted electronically, modified, linked, or used otherwise without prior consent from PROQUAL Management Institute – B. T. Greber Sp.J.

IX. Modifications to Privacy Protection Policy

PROQUAL Management Institute – B. T. Greber Sp.J. reserves the right to amend this Privacy Policy. Any changes will be published on this page.

X. Contact

For any questions regarding privacy protection, please contact us using the information available under the “Contact” section of the website. – CONTACT.