ADVOX Ltd with registered office in (61-006) Poznań at ul. Blacharska 11 entered in the National Court Register under KRS number: 0000968018 kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Economic Department, having tax identification number NIP: 618-210-90-64 and REGON no: 301224011 (hereinafter referred to as Data Controller)


The Personal Data Protection Policy has been developed and implemented within the structure of the Data Controller Data in order to ensure compliance of personal data processing with the requirements of Polish and European legal acts in force in this regard, including guidelines in in particular:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter GDPR
  2. Act of May 10, 2018 on the protection of personal data (unified text, Journal of Laws of 2018, item 1000 as amended) hereinafter the Act
  3. the Guidelines of the Article 29 Working Party (now the European Data Protection Board)
  4. the Guidelines of the President of the Office for the Protection of Personal Data
  5. the Guidelines of the European Union Agency for Network and Information Security (ENISA)
  6. the Data Protection Policy applies to all individuals whose data data are processed by the Data Controller.


Data Controller - ADVOX Ltd located in (61- 006) Poznań at 11 Blacharska Street, registered in the National Court Register under number KRS: 0000968018 kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań. Poznań, VIII Economic Department, holding tax identification number NIP: 618-210-90-64 and REGON no.: 301224011

Personal data - information about an identified or identifiable natural person ("data subject"), where an identifiable natural person is understood to mean a person who can be identified, directly or indirectly, in particular on the basis of an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person

Supervisory Authority - The Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw, Poland

Third country - a country not belonging to the European Economic Area

Processing - an operation or set of operations performed on personal data or sets of personal data by automated or non-automated means, such as collection, recording, organizing, structuring, storing, adapting or modifying, retrieving, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, deleting or destroying

Consent – means a voluntary, specific, conscious, and unambiguous demonstration of will by which the data subject, in the form of a statement or explicit affirmative action, consents to the processing of personal data concerning him/her

Profiling – means any form of automated processing of Personal Data that involves the use of personal data to evaluate certain personal factors of an individual, in particular, to analyze or forecast aspects of that individual's performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement

Restriction of processing - means the marking of stored personal data in order to limit their future processing

Recipient – means a natural or legal person, public authority, entity, or other entity to which personal data is disclosed, regardless of whether it is a third party. However, public authorities that may receive personal data in the context of a specific proceeding by Union law or the law of a Member State are not considered recipients; the processing of such data by these public authorities must comply with the data protection legislation applicable according to the purposes of the processing

International organization – means an organization and its subordinate bodies operating under public international law or any other body established by or according to an agreement between two or more states


The processing of personal data in the Data Controller's structure is carried out by the general principles of personal data processing outlined in Articles 5(1) and (2) of the GDPR. This means that personal data shall be processed:

  • lawfully, based on one or more grounds for the lawfulness of processing of personal data indicated in Article 6 or in Article 9 of the GDPR (principle of legality)
  • in a fair manner taking into account the interests and reasonable expectations of the data subjects data subjects (principle of fairness)
  • in a manner that is transparent to data subjects (transparency principle)
  • for specific, explicit and legitimate purposes (purpose limitation principle)
  • to the extent adequate, relevant and necessary for the purposes for which they are processed (principle of data minimization)
  • taking into account their accuracy and possible updating (principle of correctness)
  • for no longer than necessary for the purposes for which they are processed (principle of storage limitation)
  • in a manner that ensures adequate security (integrity and confidentiality)