Privacy policy


“PKF BPO Consult Spółka z ograniczoną odpowiedzialnością Spółka komandytowa”

with its registered office in Warsaw

Pursuant to Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”),

we would like to inform you of the following:

I. Who is the controller of your personal information?

    1. “PKF BPO Consult Spółka z ograniczoną odpowiedzialnością Spółka komandytowa” with its registered office in Warsaw, ul. Orzycka 6 lok. 1B, 02-695 Warszawa, company registration No. KRS 0000593842 is the Controller of your personal information (“Controller”).
    2. To get in touch with the Controller, you can send an email to
    3. The Controller has appointed Hanna Rubaszewska as its Data Protection Officer, e-mail:

II. What are the purposes of the processing?

As the Controller, we will process personal information for the following purposes:

    1. to provide accounting, tax consultancy, controlling, management, human resources and payroll, administration and replacement staffing services and Agility platform services to Clients, i.e. prepare a proposal and enter into and perform a contract;
    2. to comply with the legal obligations to which the Controller is subject;
    3. to pursue legitimate interests of the Controller, e.g. exercise claims;
    4. to send proposals and marketing content.

 III. What is the lawful basis for the processing?

Personal information is processed on the following lawful bases:

a) Article 6.1 (b) of the GDPR, i.e. for the performance of a contract or taking steps at the request of the data subject prior to entering into a contract
b) Article 6.1 (c) of the GDPR, i.e.: for compliance with a legal obligation to which the Controller is subject;
c) Article 6.1 (f) of the GDPR, i.e. for the purposes of the legitimate interests of the Controller;
d) Article 6.1 (a) of the GDPR, i.e. obtaining consent to the processing of personal information.

IV. Personal information retention period

Personal data will be retained for as long as is necessary for the proper performance of a contract and, following the expiry of such contract, for as long as is necessary for compliance with the legal obligations to which the Controller is subject and for the establishment and exercise of claims.

V. Who may have access to my personal information?

Your data may be disclosed to:

a) employees and associates and contractors who have authorisation from the Controller;
b) processors, i.e. entities who provide consultancy and legal, tax and accounting assistance to us;
c) computer technology and programming service providers;
d) government authorities and other authorities under the laws and regulations; and
e) your personal information will not be transferred to any third country or to international organisations.

VI. What are my rights?

    1. You may request from the Controller, at any time:
      a) access to or a copy of your personal information which is being processed;
      b) rectification (correction) of your information;
      c) erasure or restriction of the processing, or you may object to such processing;
      d) data portability; or
      e) to file a complaint with the President of the Office of Personal Data Protection.
    2. Some of the rights may not apply to the processing of personal information under the open contracts.

VII. Do I have the right to object to the processing?

In addition to the rights listed in Section VI., you also have the right to object to the processing of your personal information at any time under Article 6.1 (f) of the GDPR. In such a case, the Controller will no longer process your personal information for such purposes unless the Controller can demonstrate compelling legitimate grounds that the Controller has in respect of such personal data which override the interests, rights and freedoms of the data subject or the need for such personal information for the Controller to be able to establish, exercise or defend legal claims, if any.

VIII. Right to withdraw consent

You have the right to withdraw your consent for the processing of your personal information (to the extent that such consent provides the basis for the processing) at any time, but the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

IX. Voluntary provision of personal information

The provision of your personal information is voluntary but if you refuse to provide such information, we may be unable to enter into a contract with you or to provide the service properly.

X. How is your personal information protected?

    1. We would like to inform that your personal information is processed in a secure manner and in compliance with the relevant agreements in place and the laws and regulations, including the GDPR.
    2. We use our best efforts to ensure that all possible physical, technical and organisational security measures are established to protect personal information against accidental or intentional destruction, accidental loss, modification or unauthorised disclosure, use or access, in accordance with all applicable laws.

XI. Other

Please note that the Controller does not use automated decision-making and no personal information is subject to profiling.

Ask a consultant