Information clause regarding the processing of personal data

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 2016, No. 116) – hereinafter referred to as the GDPR, we hereby inform you about the principles of personal data processing by us, effective as of May 25, 2018.

Information regarding the Personal Data Controller

1. The Personal Data Controller is CWE Sp. z o.o. with its registered office in Wrocław, ul. Osobowicka 153B/9, 51-001 Wrocław, entered into the National Court Register – Register of Entrepreneurs (KRS) under KRS number: 0001096281 by the District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Division, Tax Identification Number (NIP) 8952270691, National Business Registry Number (REGON) 528158577, share capital PLN 5,000 – hereinafter referred to as the Controller.
2. The Controller has not appointed a personal data protection officer. All information regarding data processing by the Controller can be obtained at the Controller’s registered office indicated in point 1), by phone at +48 533304533, or by email at kontakt@happyfox.pl.

Purposes and legal basis for personal data processing

1. The Controller obtains your personal data and that of your child, or yours as the person authorized to care for the child or to collect the child from the facility, at the stage of submitting an application in the child’s recruitment process for the educational and caregiving unit for which the Controller is the lead person, or at the stage of submitting an authorization to collect the child.
2. Personal data are processed for the following purposes and on the legal basis indicated below:

a) For the purposes necessary for the proper provision of educational and caregiving services resulting from the concluded agreement, i.e., based on the legal basis of Article 6 paragraph 1 letter b of the GDPR and Article 9 paragraph 2 letters a and c of the GDPR,

b) For the purpose of considering complaints, comments, requests, and inquiries submitted to the Controller, i.e., based on the legal basis of Article 6 paragraph 1 letter d of the GDPR,

c) For archival and statistical purposes, i.e., based on the legal basis of Article 6 paragraph 1 letter f of the GDPR. c GDPR,

d) For the purpose of fulfilling the Controller’s obligations arising from generally applicable law, including tax and administrative law, i.e., based on the legal basis of Article 6, paragraph 1, letter c GDPR,

e) For the purpose of pursuing legitimate interests on the part of the Controller, i.e., pursuing claims or defending against claims arising from concluded contracts and services provided, ensuring security at the Controller’s place of business, as well as securing the legitimate interests of the Controller’s Clients in situations where their interest in protecting their rights and freedoms overrides the interests, rights, and freedoms of the data subject, i.e., based on the legal basis of Article 6, paragraph 1, letter f GDPR,

g) For the purpose of ensuring public safety and order, and protecting persons and property on the Controller’s premises, limiting conflictual behavior, and verifying the course of such behavior based on granted consent, i.e., based on the provision of Article 9, paragraph 1, letter f GDPR, 2 letter a of the GDPR,

h) For other purposes, personal data may be processed only on the basis of consent, i.e., pursuant to the provisions of Article 9 paragraph 2 letter a of the GDPR or Article 6 paragraph 1 letter a of the GDPR.

3) Providing Personal Data is a statutory requirement and is necessary for the Controller to perform its statutory tasks and to be able to perform the concluded contract. Failure to provide Personal Data or to consent to their processing will result in the inability to conclude or perform the contract.

4) However, the provisions of point 3) do not apply to the personal data referred to in point 1) letter g. Consent to the processing of personal data for this purpose is voluntary.

Information about the recipients of Personal Data

We hereby inform you that the personal data referred to in point 1) letter g. 2 are transferred to specific recipients of this data, which include:

1. entities cooperating with the Controller in providing services, in particular accounting, legal, insurance, auditing, IT, debt collection, courier companies, companies providing freight transport services, postal services, as well as attorneys, legal advisors, notaries, and other entities providing legal services cooperating with the Controller, independently deciding on the purposes and methods of processing Personal Data, psychological and pedagogical counseling centers.
2. public authorities and institutions under the terms of generally applicable law, including judicial authorities and courts, authorities under the