Information on the processing of personal data for business contacts

In compliance with the obligation pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR"), the data controller provides the information and the data subject confirms its receipt.

The controller will process personal data within this process for the following purposes and under the following legal bases:

Legal basis:

Art. 6(1)(f) - the legitimate interests pursued by ENSEMBLE³

Purposes of the processing:

a.   Monitoring and enforcing compliance with the terms of use of the website;
b.   Administering and managing our website, which includes confirming and certifying identity and preventing unauthorised access to restricted parts, premium content or other services available to registered users only;
c.   Aggregating data to analyse and improve the performance of the website;d.   Providing information about ENSEMBLE³'s activities, services and events, and other information that may be interesting to users;e.   Establishing, investigating and defending against claims.

3. Personal data will not be transferred to any third parties except to the following recipients:a. strategic partners and affiliates of ENSEMBLE³. Information about our partners is available under this link on our website. The Controller may transfer personal data only if this is necessary for pursuing the legitimate interests of the controller, referred to in point 2;b. entities providing services or goods or information, including IT services, (e.g. data processing, IT resource management, hosting/maintenance of electronic forms) to the controller, insofar as this is applicable to activities related to the management of the ENSEMBLE³’s website;c. entities authorized by law, e.g. regulatory authorities, law enforcement agencies or courts.

4. Cookies are small text files that are placed on a user’s computer when they visit websites to help provide a more personalised service. The use of cookies is now standard for most websites. If you do not wish to receive cookies, you can administer and control them through your browser. Before registering on our website, you must enable the use of cookies. If you disable the cookies, other functions of the website may not operate properly. Once you have finished visiting the site, you can delete cookies from your "browsing history" (cache memory). Please see our page on cookies for more information.Personal data will be processed by ENSEMBLE³ until the cookies are deleted, as indicated on the page on cookies. After this period, the controller will only retain personal data if obliged to do so by law - for the period provided for by such law. or for the purpose of pursuing legitimate interests - for the claims prescription period.

5. In relation to the processing of personal data - visitors to our website have the following rights:a. to access their personal data, to rectify their personal data (update), to erase their data, to restrict processing, to data portability and to object to the processing of their personal data;b. to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office).

6. The provision of personal data is voluntary; however, without the provision of personal data, some functions of the website may not function properly.

Information on the processing of personal data for persons contacting us

In compliance with the obligation pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR"), we inform that:

1. The Personal Data Controller is ENSEMBLE³ spółka z ograniczoną odpowiedzialnością̨ [limited liability company] with the registered office in Warsaw (01-919) at Wólczyńska 133 (hereinafter ENSEMBLE³ or data controller). 2. The controller will process personal data for the following purposes and under the following legal bases:

Legal basis

Art. 6(1)(f) - the legitimate interests pursued by ENSEMBLE³

Purposes of the processing

1) Replying to a question asked through a contact form;

2) Identifying customers’ needs;

3) Administering and managing our organisation, in particular our website;

3. Personal data will not be transferred to any third parties except to the following recipients:

a. strategic partners and affiliates of ENSEMBLE³. Information about our partners is available under this link on our website. The Controller may transfer personal data only if this is necessary for pursuing the legitimate interests of the controller, referred to in point 2;b. entities providing services or goods or information, including IT services, (e.g. data processing, IT resource management, hosting/maintenance of electronic forms) to the controller, insofar as this is applicable to activities related to the answer to a question;c. entities authorized by law, e.g. regulatory authorities, law enforcement agencies or courts.

4. Personal data may be transferred to a third country, i.e. a country which does not belong to the European Economic Area (EEA) pursuant to:a. Art. 45(1) of the GDPR - a decision by the European Commission determining an adequate level of protection (for countries for which such a decision has been issued);b. Art. 46(2)(c) of the GDPR - standard contractual clauses adopted by the European Commission (for the remaining countries).

5. Personal data will be processed by ENSEMBLE³ until the case which is the subject of the inquiry is closed or an objection to the processing of personal data is raised. After the expiry of the periods indicated, the controller will retain the personal data if obliged to do so by law - for the period provided for by such law, or for the purpose of pursuing legitimate interests - for the claims prescription period (insofar either party is entitled to such claims in connection with the contact undertaken).

6. In relation to the processing of personal data, the data subjects have the following rights: to access their personal data, to rectify their personal data (update), to erase their data, to restrict processing, to data portability and to object to the processing of their personal data and to lodge a complaint with a supervisory authority - President of the Personal Data Protection Office;

7. The provision of personal data is voluntary; however, necessary to answer the question asked.

Information on the processing of personal data for recipients of commercial information and marketing communications

In compliance with the obligation pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR"), we inform that:

1. The Personal Data Controller is ENSEMBLE³ spółka z ograniczoną odpowiedzialnością̨ [limited liability company] with the registered office in Warsaw (01-919) at Wólczyńska 133 (hereinafter ENSEMBLE³ or data controller). 2. The controller will process personal data for the following purposes and under the following legal bases:

Legal basis

Art. 6(1)(f) of the GDPR - the legitimate interests pursued by ENSEMBLE³

Purposes of the processing

1) Direct marketing of ENSEMBLE³’s products and services;

2) Sending commercial information by electronic means, in particular newsletters, invitations to events, ENSEMBLE³'s publications informing about ENSEMBLE³'s activities and scope of services and offering the ENSEMBLE³'s products and services.

3) Direct marketing via telecommunications terminal device (telephone).

Commercial information will only be sent to persons who have agreed to receive commercial information from ENSEMBLE³, pursuant to Article 10(2) of the Act of 18 July 2002 on providing services by electronic means.

Direct marketing via a telecommunications terminal device (telephone) will only be carried out to persons who have consented to this form of marketing, in accordance with Art. 172(1) of the Act of 16 July 2004, Telecommunication Law.

3. Personal data will not be transferred to any third parties except to the following recipients:

a. strategic partners and affiliates of ENSEMBLE³. Information about our partners is available under this link on our website. The Controller may transfer personal data only if this is necessary for pursuing the legitimate interests of the controller, referred to in point 2;

b. entities providing services or goods or information, including IT services, (e.g. data processing, IT resource management, hosting/maintenance of electronic forms) to the controller, insofar as this is applicable to activities related to the answer to a question;

c. entities authorized by law, e.g. regulatory authorities, law enforcement agencies or courts.

4. Personal data will be processed by ENSEMBLE³ until you unsubscribe from receiving ENSEMBLE³'s commercial communications or withdraw your consent to the use of a telecommunications terminal device for marketing purposes, or until you object to the processing of your personal data for marketing purposes.

5. In relation to the processing of your personal data, an associate has the following rights:a. to access their personal data, to rectify their personal data (update), to erase their data, to restrict processing, to data portability and to object to the processing of their personal data;b. to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office).

6. The provision of personal data is voluntary.

Information on the processing of personal data for participants in events/activities

In compliance with the obligation pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR"), we inform that:

1. The Personal Data Controller is ENSEMBLE³ spółka z ograniczoną odpowiedzialnością̨ [limited liability company] with the registered office in Warsaw (01-919) at Wólczyńska 133 (hereinafter ENSEMBLE³ or data controller). 2. The controller will process personal data for the following purposes and under the following legal bases:

Legal basis

Art. 6(1)(a) - consent

Purposes of the processing

1) Organising and conducting an event/activity;2) Invitation to participation in the ENSEMBLE³’s recruitment process - applies only to activities that provide for the opportunity to express a desire to apply for a job in ENSEMBLE³;

Legal basis

Art. 6(1)(f) - the legitimate interests pursued by the controller

Purposes of the processing

1) Sharing of personal data with the organiser(s) of the event(s) / activity(ies) for administrative purposes (e.g. informing about the place and time of the event(s) / activity(ies)) - applies if the event is organised by an entity other than ENSEMBLE³;

2) Direct marketing of ENSEMBLE³'s own products and services (e.g. mailing of newsletters, information about events organised by ENSEMBLE³) - only applies if the data subject has consented to receive commercial communications for marketing purposes by email or telephone;

3) Establishing, investigating and defending against claims.

3. Personal data will not be transferred to any third parties except to the following recipients:

a. the organiser(s) / partners of the event (e.g. university, cooperating research institutes) - applies if the event is organised by an entity other than ENSEMBLE³;

b. strategic partners and affiliates of ENSEMBLE³. Information about our partners is available under this link on our website.. The Controller may transfer personal data only if this is necessary for pursuing the legitimate interests of the controller, referred to in point 2;

c. entities providing services or goods or information, including IT services, (e.g. data processing, resource management, maintenance of electronic forms of participation applications) to the controller, insofar as this is applicable to activities related to the organisation and conducting of the event / activity by the controller.d. entities authorized by law, e.g. regulatory authorities, law enforcement agencies or courts.

4. Personal data will be processed by ENSEMBLE³ until:a. completion of the event / activity or withdrawal of consent to the processing of personal data;b. unsubscribing from receiving a newsletter or receiving marketing communications by telephone – only applicable if a data subject consented to the above-mentioned activities;c. withdrawing consent for the processing of personal data - only applicable if a data subject consented to apply for a job in ENSEMBLE³;After the expiry of the periods indicated, the controller will retain the personal data if obliged to do so by law - for the period provided for by such law, or for the purpose of pursuing legitimate interests - for the claims prescription period.

5. In relation to the processing of your personal data, a participant of an event / activity has the following rights:a. to access their personal data, to rectify their personal data (update), to erase their data, to restrict processing, to data portability and to object to the processing of their personal data;b. to withdraw their consent to the processing of personal data – you may withdraw your consent by sending us email to: iod@ensemble3.eu;c. to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office).

6. The provision of personal data is voluntary; however, necessary to participate in the event / activity. The provision of personal data in other respects is voluntary.

Information on the processing of personal data for visitors to the headquarters of ENSEMBLE³

In compliance with the obligation pursuant to Article 13( 1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR"), we inform that:

1. The Personal Data Controller is ENSEMBLE³ spółka z ograniczoną odpowiedzialnością̨ [limited liability company] with the registered office in Warsaw (01-919) at Wólczyńska 133 (hereinafter ENSEMBLE³ or data controller).

2. The controller will process personal data for the following purposes and under the following legal bases:

Legal basis

Art. 6( 1)(c) of the GDPR – legal obligationregulations on the operations of the various state authorities and/or agencies

Purposes of the processing

Disclosing personal data to entities authorised by law (e.g. police, insurance companies)

Legal basis

Art. 6( 1)(f) of the GDPR - the legitimate interests pursued by the controller

Purposes of the processing

1) Ensuring physical security of persons, property and information in the facilities used by ENSEMBLE³ through keeping a visitor register book, using a CCTV and an access control system;2) Establishing, investigating and defending against claims;

3. Personal data will not be transferred to any third parties except to the following recipients:

a. entities that cooperate with ENSEMBLE³ within the scope of providing security to persons, property or information at ENSEMBLE³'s office premises e.g. real estate administrators, security companies, entities providing the servicing and maintenance of CCTV systems;

b. entities or authorities entitled by law, such as: regulatory authorities, law enforcement agencies, insurance companies or courts.

4. Personal data will be processed by ENSEMBLE³ for the following period:a. up to 3 months from the date of the last entry - with regard to keeping a visitor register book;b. up to 90 days from the time of recording - with regard to recordings from the CCTV system and access control system.These periods may be extended in case the data are the subject of legal proceedings - for the duration of those proceedings, and also, where necessary to secure evidence - for the duration of criminal proceedings.

5. In relation to the processing of personal data, you have the following rights: to access your personal data, to rectify your personal data (update), to erase your data, to restrict processing and to object to the processing of your personal data.

6. Your provision of personal data for identification purposes, including the processing of your personal data as a part of CCTV and access control system, is voluntary, but necessary for the pursuit of ENSEMBLE³'s legitimate interests in ensuring the security of our offices or it results from the implementation of legal obligations. Your refusal to provide personal data may result in refusal of access to the headquarters and other ENSEMBLE³’s facilities.

Information on the processing of personal data for persons related to our Customers and Suppliers

In compliance with the obligation pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR"), we inform that:

1. The Personal Data Controller is ENSEMBLE³ spółka z ograniczoną odpowiedzialnością̨ [limited liability company] with the registered office in Warsaw (01-919) at Wólczyńska 133 (hereinafter ENSEMBLE³ or data controller). 2. The controller will process personal data for the following purposes and under the following legal bases:

Legal basis

Art. 6(1)(c) – ENSEMBLE³'s legal obligations which arise from:- Art. 2(1) and Art. 34 of the Act on Counteracting Money Laundering and Financing of Terrorism;- acts: on value added tax, personal income tax, corporate income tax;- the relevant legal provisions applicable to this field of services which impose the obligation of maintaining professional secrecy

Purposes of the processing

1) Applying financial security measures in relation to Customers and Beneficial Owners - applies when ENSEMBLE³ is an institution obliged to apply such measures;2) Complying with ENSEMBLE³'s tax obligations;3) Maintaining professional secrecy;

Legal basis

Art. 6(1)(f) - the legitimate interests pursued by the controller.

Purposes of the processing

1) Enabling the provision of professional services to Customers;Applies to the persons that the Customer indicated in the contract as contact persons

2) Ordering and receiving services from Suppliers;Applies to the persons that the Supplier indicated in the contract as contact persons

3) Managing relationships with Customers and Suppliers;

4) Developing ENSEMBLE³'s business and services, including quality management;

5) Identifying Customers’ needs;

6) Administering and managing our organisation, in particular our website, IT systems and business applications;

7) Data analysis;

8) Security management and operational risk assessment (e.g. by analysing customers or verifying the quality of Suppliers);

9) Compliance with the requirements of the professional organisations to which ENSEMBLE³ belongs;

10) Direct marketing of ENSEMBLE³'s own products and services, e.g. presenting the latest industry information, inviting to events organised by the controller and informing about ENSEMBLE³'s services;

11) Establishing, investigating and defending against claims, in particular through documenting the services provided or received.

3. Personal data will not be transferred to any third parties except to the following recipients:

a. strategic partners and affiliates of ENSEMBLE³. Information about our partners is available under this link on our website. The Controller may transfer personal data only if this is necessary for pursuing the legitimate interests of the controller, referred to in point 2;

b. entities providing services or goods or information, including IT services, (e.g. data processing, IT resource management, hosting/maintenance of electronic forms) to the controller, insofar as this is applicable to activities related to the answer to a question;

c. entities authorized by law, e.g. regulatory authorities, law enforcement agencies or courts.

4. Personal data will be processed by ENSEMBLE³ until the cooperation with the Customer or Supplier is completed. After this period, the controller will only retain personal data if obliged to do so by law - for the period provided for by such law or for the purpose of pursuing legitimate interests – for the claims prescription period.

5. In relation to the processing of personal data, the data subjects have the following rights: to access their personal data, to rectify their personal data (update), to erase their data, to restrict processing, to data portability and to object to the processing of their personal data and to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office).

6. The provision of personal data is:a. voluntary, but necessary for the establishment and performance of the cooperation with ENSEMBLE³ - for the purposes pursued as part of the legitimate interests of the data controller and for the contract performance;b. obligatory - for the purposes of processing performed under a legal obligation.

7. The source of personal data is the represented entity (Customer or Supplier).

8. By default, ENSEMBLE³ processes the following categories of personal data: first name, last name, employer's name, position, business contact details (e.g. telephone number and email address). In some cases, the scope of processed data may be broader (e.g. when complying with the act on counteracting money laundering and terrorist financing or when providing tax advisory services). In such cases, data subjects are informed of this in a separate notice on the processing of personal data.

Information on the processing of personal data for the participants of the recruitment process

In compliance with the obligation pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR"), we inform that:

1. The Personal Data Controller is ENSEMBLE³ spółka z ograniczoną odpowiedzialnością̨ [limited liability company] with the registered office in Warsaw (01-919) at Wólczyńska 133 (hereinafter ENSEMBLE³ or data controller). 2. The controller will process

Legal basis

Art. 6(1)(b) – taking actions at the request of the data subject, before concluding a contract

Art. 6(1)(c) of the GDPR – legal obligationArt. 221 § 1 of the Labour Code and the Regulation of the Minister of Family, Labour and Social Policy on employee records(applies only to persons who apply to a position related to concluding an employment contract)

Art. 6(1)(a) of the GDPR - consentif other data than these indicated in the labour laws are indicated (e.g. data provided voluntarily, photo in CV)

Art. 9(2)(a) of the GDPR - consentif the job application contains special categories of personal data (sensitive data)

Art. 10 of the GDPR – processing is allowed by law of the EU or a member stateif employment for the position in question requires personal data relating to records on criminal convictions or offences

Purposes of the processing

Art. 6(1)(a) of the GDPR - consent

Legal basis

Conducting the recruitment process for the position offered

Purposes of the processing

1) Participation in future recruitment processes carried out by ENSEMBLE³;2) Sending notifications about ENSEMBLE³ job offers and job-related events organised by or with ENSEMBLE³ (e.g. exhibitions, job fairs).

Legal basis

Art. 6(1)(f) of the GDPR - the legitimate interests pursued by the controller

Purposes of the processing

Establishing, investigating and defending against claims.

3. Personal data will not be transferred to any third parties except to the following recipients:

a. strategic partners and affiliates of ENSEMBLE³. Information about our partners is available under this link on our website. The Controller may transfer personal data only if this is necessary for pursuing the legitimate interests of the controller, referred to in point 2;

b. entities providing services or goods or information, including IT services, (e.g. data processing, resource management, IT providers) to the controller, insofar as this is applicable to a recruitment process;

c. entities authorized by law, e.g. regulatory authorities, law enforcement agencies or courts.

4. Personal data will be processed by ENSEMBLE³ until the completion of the recruitment process, and for a period of 3 months after the end of the process (in relation to data of candidates who have not been offered an employment). If a data subject agrees to take part in future recruitments to ENSEMBLE³ their data will be stored until the consent withdrawal.

5. In relation to the processing of their personal data, a job candidate has the following rights:a. to access their personal data, to rectify their personal data (update), to erase their data, to restrict processing, to data portability and to object to the processing of their personal data;b. to withdraw their consent to the processing of personal data – they may withdraw their consent by sending us email to: iod@ensemble3.eu;c. to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office).

6. The provision of personal data to the extent specified in the aforementioned labour laws is necessary to participate in the recruitment process. The provision of personal data in other respects is voluntary.

7. In some recruitment processes, the administrator uses recruitment agencies or searches for candidates on LinkedIn, in which case:a. the source of the personal data of the applicant for a position with ENSEMBLE³ is the recruitment agency, where the data subject participated in the first stage of recruitment or the portals indicated above;b. the categories of personal data processed by the controller are as follows: name, surname, date of birth, contact details indicated by the applicant and other categories of data contained in the application documents, if the data subject provides them voluntarily during the recruitment process or the data has been made public on the aforementioned portal.

Information on the processing of personal data for business contacts

In compliance with the obligation pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR"), we inform that:

1. The Personal Data Controller is ENSEMBLE³ spółka z ograniczoną odpowiedzialnością̨ [limited liability company] with the registered office in Warsaw (01-919) at Wólczyńska 133 (hereinafter ENSEMBLE³ or data controller).

2. The controller will process personal data for the following purposes and under the following legal bases:

Legal basis

Art. 6(1)(f) - the legitimate interests pursued by the controller

Purposes of the processing

1) Direct marketing of ENSEMBLE³’s own products and services, in particular offering our services;

2) Developing the business and services of ENSEMBLE³;

3) Presenting information about ENSEMBLE³ and the scope of our services;

4) Identifying customers with similar needs;

5) Analyses on, for example, market trends, relationship maps or sales opportunities;

6) Improving the quality of our services;

7) Mailing of newsletters, informing about events organised by ENSEMBLE³ and inviting to events - only applies if the data subject has consented to receive commercial communications by electronic means or any communications for marketing purposes by telephone;

8) Establishing, investigating and defending against claims.

3. Personal data will not be transferred to any third parties except to the following recipients:

a. strategic partners and affiliates of ENSEMBLE³. Information about our partners is available under this link on our website. The Controller may transfer personal data only if this is necessary for pursuing the legitimate interests of the controller, referred to in point 2;

b. entities providing services or goods or information, including IT services, (e.g. data processing, resource management, CRM system provider) to the controller, insofar as this is applicable to activities related to establishing and maintaining business contacts;

c. entities authorized by law, e.g. regulatory authorities, law enforcement agencies or courts.

4. Personal data will be processed by ENSEMBLE³ until:a. raising objections to the processing of personal data for the purposes indicated in point 2;b. unsubscribing from receiving a newsletter or receiving marketing communications by telephone – only applicable if a data subject consented to the above-mentioned activities;After the expiry of the periods indicated, the controller will retain the personal data if obliged to do so by law - for the period provided for by such law, or for the purpose of pursuing legitimate interests - for the claims prescription period.

5. In relation to the processing of personal data, the data subjects have the following rights: to access their personal data, to rectify their personal data (update), to erase their data, to restrict processing, to data portability and to object to the processing of their personal data and to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office).

6. The provision of personal data for each purpose mentioned in point 2 is voluntary.

PRIVACY POLICY

This Privacy Policy provides information on how we process personal data, outlines the legal basis for processing, the ways in which personal data is collected and used and provides information on the rights of natural persons.

ENSEMBLE³ sp. z o.o. processes personal data for various purposes, and depending on the purpose, different methods of collection, legal bases for processing, recipients of the data and retention periods or rights related to the processing of personal data may apply. For details, please refer to the sections that are dedicated to specific data processing operations.We use the personal data provided for the purposes stated in the various sections of this document or for any other purpose, indicated in each case when ENSEMBLE³ sp. z o.o. starts processing the data.

Security

We take the security of any and all data we hold very seriously. We have implemented framework policies, procedures and training related to data protection, confidentiality and security and we regularly review the security measures in place to ensure their adequacy.

Pursuant to Art. 13(1) and (2) of the Regulation (EU) 2016/679 of the European Parliament of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “GDPR”), please be informed that:

The Data Controller and contact data

The Controller of your personal data is:ENSEMBLE³ spółka z ograniczoną odpowiedzialnością̨ul. Wólczyńska 13301-919 Warsaw (hereinafter: ENSEMBLE³),

REGON: 386406355, NIP: 1182211096, KRS 0000858669;

ENSEMBLE³ has appointed a Data Protection Officer (DPO). If you have any questions about this document or manners and purposes of processing your personal data, please contact our Data Protection Officer at: iod@ensemble3.eu

Legal basis for processing

Depending on the purpose for which the data is used, specific processes, processing operations may be based on different legal bases. Therefore, each section contains relevant information about the legal basis for the processing.

DATA RECIPIENTS

We only transfer personal data to other entities, if we are permitted to do so by law. In this case, we implement provisions and security mechanisms to protect the data and to maintain our standards of data protection, confidentiality and security.Your personal data may be forwarded by ENSEMBLE³ sp. z o.o to cooperating entities (recipients), in particular our strategic partners and entities providing IT services, sale of goods and services, settlement of receivables. Additionally, the recipient(s) of personal data may be state and local government authorities in the performance of their tasks or proceedings conducted in relation to the Data Controller under the provisions of law. Detailed information may be provided upon request;Rights of natural persons and the manner of exercising them

Natural persons have certain rights regarding their personal data and data controllers are responsible for exercising these rights. Whenever the decision on how and for what purpose personal data is processed depends on us, we are the data controller and have a duty to exercise the rights of data subjects. In each section we provide further information about the rights of natural persons and how they can be exercised.

Complaints

We hope there will be no need for that, but if you would like to make a complaint about our processing of your personal data, please send an email with details of your complaint to iod@ensemble3.eu.All complaints received will be investigated and we will respond to them. Natural persons also have the right to lodge a complaint with the President of the Personal Data Protection Office.

Changes to this document

We consider transparency to be our ongoing obligation, so we will regularly review and update this document. This document was last updated on 09.10.2022.