PRIVACY POLICY OF THE "BizCentrum" APPLICATION

This Privacy Policy (hereinafter referred to as the "Policy") contains information regarding the processing of your personal data in connection with the use of the "BizCentrum" platform, operating at the internet address https://www.bizcentrum.com (hereinafter referred to as the "Application").

All capitalized terms that are not otherwise defined in this Policy have the meanings given to them in the Application's Terms of Use.

Personal Data Controller

The controller of your personal data is REMOTE CRAFTERS P.S.A. with its registered office in Krakow, address: Mehoffera Street 10/410, 31-322 Krakow, entered in the Register of Entrepreneurs of the National Court Register (KRS), maintained by the District Court for Cracow City Centre in Cracow, 11th Commercial Division of the National Court Register, under KRS number: 0001105024, REGON: 52863249300000, NIP: 9452292023, with a share capital of 5,000 PLN (hereinafter referred to as the "Controller").

Contact with the Controller

For all matters related to the processing of personal data, you can contact the Controller via email at: [email protected].

Personal Data Protection Measures

The Controller uses modern organizational and technical security measures to ensure the best possible protection of your personal data and guarantees that they are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR"), the Act of 10 May 2018 on the protection of personal data, and other data protection regulations.

Information on Processed Personal Data

Using the Application requires the processing of your personal data. Below you will find detailed information about the purposes and legal bases for processing, as well as the processing period and the requirement or voluntary nature of providing such data.

Finalité du traitement	Données personnelles traitées	Base juridique
Contract Execution and Performance of the Service Agreement	login email address data necessary for payment for purchasing access to a company profile	Article 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into such a contract)
Providing the above personal data is a condition for entering into and performing the Service Agreement (providing them is voluntary, but the consequence of not providing them will be the inability to enter into and perform the Service Agreement).

The Controller will process the above personal data until the expiration of claims arising from the Service Agreement.

Finalité du traitement	Données personnelles traitées	Base juridique
Adding a company review	email address	Article 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into such a contract)
Providing the above personal data is a condition for entering into and performing the Service Agreement (providing them is voluntary, but the consequence of not providing them will be the inability to enter into and perform the Service Agreement).

The Controller will process the above personal data until the expiration of claims arising from the Service Agreement.

Finalité du traitement	Données personnelles traitées	Base juridique
Conducting Verification Proceedings and Considering Appeals Regarding Prohibited Content	first and last name/company name contact details, including email address	Article 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case the obligations: ensuring a mechanism for reporting prohibited content (Article 16 of Regulation 2022/2065 on a single market for digital services and amending Directive 2000/31/EC (Digital Services Act, DSA)), considering complaints (Article 20 DSA).
Providing the above personal data is a condition for receiving a response to a report or exercising the rights of the Reporting Party under the DSA (providing them is voluntary, but the consequence of not providing them will be the inability to receive a response to the report and exercise the above rights). The Controller will process the above personal data for the duration of the complaint proceedings, and in the case of exercising the above rights of the Reporting Party – until the expiration of claims.

Finalité du traitement	Données personnelles traitées	Base juridique
Handling Complaints	first and last name email address	Article 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case the obligations: providing a response to a complaint – Article 7a of the Consumer Rights Act; exercising the rights of the Customer under the provisions on the Controller’s liability in the event of non-compliance of the Service with the Service Agreement)
Providing the above personal data is a condition for receiving a response to a complaint or exercising the rights of the Customer under the provisions on the Controller’s liability in the event of non-compliance of the Service with the Service Agreement (providing them is voluntary, but the consequence of not providing them will be the inability to receive a response to the complaint and exercise the above rights). The Controller will process the above personal data for the duration of the complaint proceedings, and in the case of exercising the above rights of the Customer – until the expiration of claims.

Finalité du traitement	Données personnelles traitées	Base juridique
Sending Email Notifications	email address	Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case informing Customers about actions related to the provision of Services)
Providing the above personal data is voluntary but necessary to receive information about actions related to the provision of Services (the consequence of not providing them will be the inability to receive the above information). The Controller will process the above personal data until an effective objection is raised or the purpose of processing is achieved.

Finalité du traitement	Données personnelles traitées	Base juridique
Fulfillment of Data Protection Obligations	first and last name contact details provided by you (email address; correspondence address; phone number)	Article 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case obligations arising from data protection regulations)
Providing the above personal data is voluntary but necessary for the proper performance of the Controller’s obligations under data protection regulations, including the exercise of rights granted to you by the GDPR (the consequence of not providing the above data will be the inability to properly exercise the above rights). The Controller will process the above personal data until the expiration of claims for violations of data protection regulations.

Finalité du traitement	Données personnelles traitées	Base juridique
Establishment, Exercise, or Defense of Legal Claims	first and last name company email address residential/registered address PESEL number NIP	Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case the establishment, exercise, or defense of legal claims that may arise in connection with the performance of contracts concluded with the Controller)
Providing the above personal data is voluntary but necessary for the establishment, exercise, or defense of legal claims that may arise in connection with the performance of contracts concluded with the Controller (the consequence of not providing the above data will be the inability of the Controller to take the above actions). The Controller will process the above personal data until the expiration of claims that may arise in connection with the performance of contracts concluded with the Controller.

Finalité du traitement	Données personnelles traitées	Base juridique
Application Administration	IP address, server date and time, operating system information, browser information. The above data is automatically recorded in the so-called server logs each time the Application is used (it would not be possible to administer it without using server logs and automatic recording).	Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case ensuring the proper functioning of the Application)
Providing the above personal data is voluntary but necessary to ensure the proper functioning of the Application (the consequence of not providing the above data will be the inability to ensure the proper functioning of the Application). The Controller will process the above personal data until an effective objection is raised or the purpose of processing is achieved.

Profiling

Your personal data will not be used by the Controller to make decisions in an automated manner, including profiling.

Recipients of Personal Data

The recipients of personal data may be the following external entities cooperating with the Controller:

hosting company;
payment system operator (paddle.com);
mailing system provider;
accounting office;
providers of intermediary services for logging into the Platform (Google).

Additionally, personal data may be transferred to public or private entities if such an obligation arises from generally applicable laws, a final court judgment, or a final administrative decision.

Transfer of Personal Data to a Third Country

Your personal data will not be transferred by the Controller to a third country.

Rights

In connection with the processing of personal data, you have the following rights:

the right to information about what personal data concerning you is being processed by the Controller and to receive a copy of that data (the so-called right of access). The first copy of the data is free of charge; for subsequent copies, the Controller may charge a fee;
if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request its rectification;
in certain situations, you may request the Controller to delete your personal data, for example, when:
1. the data is no longer needed by the Controller for the purposes they were informed of;
2. you have successfully withdrawn your consent for data processing - provided the Controller has no right to process the data on another legal basis;
3. the processing is unlawful;
4. the need to delete the data results from a legal obligation imposed on the Controller;
if the personal data is processed by the Controller based on your consent for processing or to perform a contract concluded with you, you have the right to transfer your data to another controller;
if personal data is processed by the Controller based on your consent for processing, you have the right to withdraw this consent at any time (the withdrawal of consent does not affect the lawfulness of processing carried out based on the consent before its withdrawal);
if you believe that the processed personal data is incorrect, its processing is unlawful, or the Controller no longer needs certain data, you can request that for a specific, necessary period (e.g., checking the correctness of data or pursuing claims) the Controller does not perform any operations on the data but only stores it;
you have the right to object to the processing of personal data, which is based on the Controller's legitimate interest. In the event of a successful objection, the Controller will cease processing personal data for the above purpose;
you have the right to file a complaint with the President of the Personal Data Protection Office if you believe that the processing of personal data violates the provisions of the GDPR.

Final Provisions

In matters not regulated by this Policy, the generally applicable provisions on personal data protection shall apply.

This Policy is effective from Jan 22, 2026.