_gif.gif)
Privacy Policy
I. General information
1.Personal data processing is carried out on the basis of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1) - hereinafter referred to as: "GDPR".
2. This Privacy Policy defines the principles of processing personal data of persons (hereinafter referred to as "Users") staying and using the website maintained at: https://txb.pl (hereinafter referred to as "Website").
II. Personal data administrator
1.The administrator of your personal data is: Taxenbach spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, ul. Jana III Sobieskiego 104/39, 00-764 Warsaw, NIP: 5213786458, KRS: 0000684673.
2. The joint controllers of your personal data may be one or more of the following Companies on the basis of joint control of personal data (hereinafter referred to as the "Companies"):
Taxenbach LEGAL Kollar-Ryszard spółka komandytowa with its registered office in Warsaw, ul. Jana III Sobieskiego 104/39, 00-764 Warsaw, NIP: 523949966, KRS: 0000038863.
Taxenbach Finanse limited liability company with its registered office in Warsaw, ul. Jana III Sobieskiego 104/39, 00-764 Warsaw, NIP: 5213901037, KRS: 0000850074.
Certified Auditor Tax Advisor Michał Kollar-Ryszard, ul. Jana III Sobieskiego 104/39, 00-764 Warsaw, NIP: 7122880632.
3. The Administrator uses the so-called "social plugins", i.e. the Facebook and LinkedIn services placed on the Website, which redirect to:
a) the Administrator's website operated by him on Facebook https://www.facebook.com (hereinafter referred to as the "Facebook Profile");
b) the Administrator's website operated by him on LinkedIn https://XX (hereinafter referred to as the "LinkedIn Profile").
4. In connection with the Administrator's use of the Facebook Profile and LinkedIn Profile and the inclusion of social plugins on the Website, the Joint Controllers of the User's data are also, respectively:
a) Meta Platforms Ireland Limited with its registered office in Dublin (Ireland), address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland (hereinafter referred to as "Facebook").
b) LinkedIn Ireland Unlimited Company with its registered office in Dublin (Ireland), address: Wilton Place, Dublin 2, Ireland (hereinafter referred to as "LinkedIn").
5. In connection with the activities we conduct, each time we process your personal data or ask you to provide it, we will provide you with information on how they are processed by the Administrator or Joint Administrators of your personal data.
6.The Administrator and the Companies take special care to respect the privacy of Users visiting the Website.
III. Purpose, scope and legal basis of personal data processing
-
Personal data of Website Users is collected and processed for the following purposes, scope, and legal bases:
a) To respond to inquiries, provide information, and contact data subjects via the contact form available on the Website – categories of processed personal data: first name, surname, email address, and, in case of sending messages, data voluntarily provided in the content of the message. The processing is based on the legitimate interests pursued by the Controller (Art. 6(1)(f) GDPR), consisting of responding to correspondence initiated via the Website.
b) Subscription to an email Newsletter service – categories of processed personal data: email address. The legal basis is the performance of a contract for electronic services (Art. 6(1)(b) GDPR) and the consent of the data subject (Art. 6(1)(a) GDPR). The Newsletter Terms and Conditions are available at: https://txb.pl/regulamin-newsletter. When the User consents to receiving the Newsletter, the Company will send commercial communications electronically regarding services offered by the Company.
c) To deliver marketing communications to Users through the Website – categories of processed personal data: first name, surname, email address. The processing is based on the legitimate interests pursued by the Controller (Art. 6(1)(f) GDPR), consisting of customizing marketing messages to the User's preferences and interests
d) Interaction with the Controller or Companies via social media profiles – categories of processed personal data: publicly available personal data from social networks (first name, surname, image) and data voluntarily provided in messages. The processing is based on the Controller’s legitimate interests (Art. 6(1)(f) GDPR) consisting of business communication with social network users, marketing activities, brand-building for the Controller or Companies, responding to messages, comments, and reactions, as well as statistical and advertising purposes conducted via social media tools.
e) Compliance with legal obligations imposed on the Controller related to the operation of the Website, particularly accounting and tax regulations – categories of processed personal data: first name, surname, contact details. The legal basis is the necessity to fulfill legal obligations (Art. 6(1)(c) GDPR).
f) Establishment, investigation, enforcement, and defense against claims – categories of processed personal data: first name, surname, contact details. The legal basis is the Controller's legitimate interests (Art. 6(1)(f) GDPR) consisting of establishing, pursuing, enforcing, and defending against claims before courts and other state authorities.
g) Improvement of Website functionality, facilitating the use of electronically provided services, ensuring better service, analyzing statistical data, and administering the Website. The legal basis is the Controller's legitimate interests (Art. 6(1)(f) GDPR), consisting of processing navigational data, including information about links and references Users click or other activities performed on the Website.
h) Promotion of organized events, conducting marketing activities for the Companies or business partners, and publishing photos or recordings from these events. The legal basis is the Controller's legitimate interests (Art. 6(1)(f) GDPR), consisting of conducting marketing activities.
IV. Providing personal data
1. Providing personal data is voluntary, with the reservation, however, that providing the data is necessary to provide the Administrator's services, and failure to provide certain personal data will prevent the provision of services, in particular the possibility of using the contact form and providing the Newsletter subscription service.
2. If the User expresses consent, it is expressed voluntarily by clicking the checkbox containing the terms of the consent granted.
V. Data recipients
1. The User's personal data may be transferred to third parties cooperating with the Administrator or the Companies: providers of IT, programming, service and maintenance services and hosting service providers and those providing information tools, e-mail providers, providers of programs for sending e-mails on behalf of the Administrator or the Companies, operators of social networking sites Facebook and LinkedIn, providers of invoicing systems, entities supporting the Administrator or the Companies in organizing events, entities providing auditing, accounting, consulting and advisory services used by the Administrator or the Companies in running the Website and with whom the Administrator or the Companies have concluded agreements that include data processing principles and confidentiality. Service providers to whom personal data are transferred, depending on the contractual arrangements and circumstances, are either subject to the instructions of the Administrator or the Companies as to the purposes and methods of processing this data (as processors) or process this data as independent administrators. This data is not shared and none of these companies has the right to process the data in a manner other than specified in the agreement. User data may be processed only for the purposes of proper provision of services.
2. In the event of a request, the Companies will make personal data available to authorized state authorities under applicable law, in particular to the competent judicial authorities, organizational units of the Public Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.
VI. Transfer of data outside the European Economic Area (hereinafter referred to as "EEA")
The Administrator transfers personal data to third countries outside the EEA solely for the purpose for which they were made available to the following entities, due to the international nature of these entities:
a) Meta Platforms Inc. with its registered office in California, USA – the entity responsible for the activity of the Administrator's fanpage on facebook.com Information on privacy standards: https://www.facebook.com/privacy/explanation. Meta Platforms Inc. declared that it has implemented standard contractual clauses, which you can read about here: https://www.facebook.com/business/help/336550838147603 . Privacy policy available at the link: https://www.facebook.com/legal/terms/page_controller_addendum .
b) Google LLC based in California, USA – an entity that enables the analysis of traffic on the Service. Information on privacy standards: https://policies.google.com/privacy?hl=pl. Google has declared that it has implemented new standard contractual clauses, which you can read about here: https://support.google.com/analytics/answer/9012600?utm_source=awfe&utm_medium=email&utm_campaign=20175128 , https://business.safety.google/adsprocessorterms/ , https://business.safety.google/adscontrollerterms/ .
c) LinkedIn Corporation with its registered office in California, USA – the entity responsible for the operation of the Administrator's account on linkedin.pl. Information on privacy standards, including the implementation of standard contractual clauses: https://www.linkedin.com/help/linkedin/answer/62533 . Privacy policy available at the link: https://pl.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other#other .
d) Adobe Systems Software Ireland Limited – the entity responsible for handling the Administrator's services. Link to the entity's Privacy Policy: https://www.adobe.com/privacy.html .
e) Microsoft Ireland Operations Limited – the entity responsible for handling the Administrator's services. Link to the entity's Privacy Policy: https://about.ads.microsoft.com/en/solutions/technology/microsoft-invest-dsp
VII. Cookie mechanism
1. The website uses small files known as cookies. These files are stored by the Administrator on the User’s device when visiting the Website, provided that the web browser allows it.
2. Cookies are pieces of data that are recorded and stored by the web browser on the User’s device. The information collected through such files enables the assessment of Website traffic, the needs of Users visiting the Website, and the development of general Website visit statistics.
3. A cookie file usually contains the following: the domain name from which it originates, its "expiration time" (i.e., access duration), a unique randomly generated number identifying the file, the User’s IP address, the User’s browser type, and the User’s operating system.
4. Two types of cookies are used:
a) Session cookies: After the session of a given browser ends or the computer is turned off, the stored information is deleted from the device’s memory. The session cookies mechanism does not allow the collection of any personal data or confidential information from the Users’ computers.
b) Persistent cookies: These are stored on the User's device and remain there until they are deleted or expired. The persistent cookies mechanism does not allow the collection of any personal data or confidential information from the User’s computer.
5. An IP address is a number assigned to the User's computer by the Internet service provider. The IP number enables access to the Internet. In most cases, it is assigned dynamically, meaning it changes with each Internet connection. The IP address is used for diagnosing technical problems with the server, generating statistical analyses (e.g., determining which regions have the highest number of visits), providing information useful for administering and improving the Website, as well as for security purposes and identifying any unwanted automated programs that burden the server by browsing Website content.
6. Cookies are used for the following purposes:
a) Authenticating the User on the Website and ensuring the User’s session on the Website or, after logging into the User’s account, maintaining the session so that the User does not have to re-enter their login and password each time.
b) Conducting analyses, research, and audience audits of the Website, particularly for creating anonymous statistics that help understand how Users interact with the Website, enabling improvements in its structure and content.
c) Securely collecting information to enhance the provided services and improve the display of the Website.
Nazwa pliku cookie | Zamiar | Czas trwania | Typ pliku cookie |
|---|---|---|---|
XSRF Token | Cookie to detect call fraud. | Session | Necessary |
hs | Security cookie for Hive (legacy). | Session | Necessary |
session sv | Session cookie used for identification purposes. | 6 months | Necessary |
SSR buffering | Performance cookie for rendering. | 24 hours | Necessary |
TS* | Attack detection cookies. | Session | Necessary |
bSession | Used to measure system effectiveness. | 24 hours | Necessary |
fedops.logger.session id | Tracking errors and session problems (resilience). | 12 months | Necessary |
_wixAB3|* | Cookie for website experiments. | 6 months | Necessary |
server session binding | Cookie for API protection. | Session | Necessary |
User session linking | Cookie for API protection. | Session | Necessary |
XII. General Provisions and Changes to the Privacy Policy
1. The Company reserves the right to make changes to this Privacy Policy. The Company will inform Users of any changes 14 days in advance by publishing the new Privacy Policy on the Website.
2. If you have any questions regarding the Privacy Policy, please contact us at the following e-mail address: office@txb.pl .
3. This Privacy Policy is effective from 1 March 2025.
Cookie policy available at the link: https://support.wix.com/en/article/cookies-and-your-wix-site .
b) managed by third party LinkedIn:
Nazwa pliku cookie | Zamiar | Czas trwania | Typ pliku cookie |
|---|---|---|---|
bcookie | Used for the LinkedIn share button. | 2 years | Necessary |
li_gc | Used by LinkedIn to store user consent to the use of cookies. | 2 years | Necessary |
lidc | Used to remember and store actions performed on the website by Users. | 1 day | Necessary |
lang | Used to remember the language settings selected by the User. | Session | Necessary |
Cookie policy available at: https://pl.linkedin.com/legal/cookie-policy .
c) managed by third party Facebook:
Nazwa pliku cookie | Zamiar | Czas trwania | Typ pliku cookie |
|---|---|---|---|
presence | Used to operate Messenger chat windows. | Session | Necessary |
xs | Used to store the unique session ID. | 3 months | Necessary |
c_user | Wykorzystywane do przechowywania unikalnego ID użytkownika. | 30 dni | Niezbędny |
fr | Used to deliver advertising. | 3 months | Necessary |
sb | Used to store browser data. | 2 years | Necessary |
datr | Used to prevent fraud. | 2 years | Necessary |
wd | Stores the dimensions of the browser window and is used by Facebook to optimize page rendering. | 7 days | Necessary |
dpr | Stores the dimensions of the browser window and is used by Facebook to optimize page rendering. | 7 days | Necessary |
locale | Contains the display location of the last logged in user in this browser. | 7 days | Necessary |
m_pixel_ratio | Used to provide users with an optimal user experience, including fast loading of Facebook products. | Session | Necessary |
usida | Used to tailor advertising to users. | Session | Necessary |
oo | Provides information to Facebook to link the plugin's functionality. | 5 years | Necessary |
Cookie policy available at: https://www.facebook.com/privacy/policies/cookies/ .
VIII. Data storage period
1. Personal data will be processed until the purpose of the processing ceases to exist, including taking into account the requirements in this respect resulting from the relevant legal provisions. In particular, personal data will be processed for the following periods:
a) at least for the period necessary to provide a specific service, in particular until the limitation period for claims expires;
b) if the basis for processing is the performance of obligations arising from legal provisions – for the period resulting therefrom;
c) only for the time required to achieve the purpose for which such data was collected or is processed, or longer if required by any contract, applicable law or statistical purposes, while maintaining appropriate safeguards;
d) if the basis for processing is the legitimate interest of the administrator – until the Administrator objects to the processing or the data becomes ineffective;
e) in the event of consent to conduct direct marketing activities towards the User, the data will be processed for a period of 3 years, unless the User withdraws consent to their processing before the end of this period.
IX. Withdrawal of consent
1. Consent may be withdrawn at any time by e-mail to the following address: office@txb.pl.
2. Withdrawal of consent to subscribe to the Newsletter is done by clicking on the unsubscribe link in the e-mail received during registration or by sending a request to unsubscribe via e-mail to the following address: office@txb.pl.
3. If a person has given consent to the processing of personal data (legal basis: art. 6 sec. 1 letter a) GDPR), the data is processed until the consent is withdrawn, but after this period, information on who and when and what consent was given may be archived (for the purpose of establishing, pursuing or defending legal claims). In other cases, the data is processed for a period justified by the implementation of the purpose (e.g. performance of the contract, answering questions, accounting and tax regulations, limitation of claims, etc.). The processing period depends on the possibility of establishing, pursuing or defending claims or when data retention is required due to legal or tax regulations.
4. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent results in cessation of actions taken to the extent to which consent was granted and to the extent to which consent was withdrawn.
X. Data Subject Rights
1. Right to Withdraw Consent – Legal Basis: Article 7(3) of the GDPR:
a) The User has the right to withdraw any consent given to the Companies.
b) The withdrawal of consent takes effect from the moment it is withdrawn.
c) The withdrawal of consent does not affect processing carried out by the Companies lawfully before the withdrawal.
d) The withdrawal of consent does not result in any negative consequences for the User, but it may prevent further use of services or functionalities that the Companies can legally provide only with consent.
e) Consent for the processing of personal data can be withdrawn by contacting us via email at: office@txb.pl.
2. Right to Object to Data Processing – Legal Basis: Article 21 of the GDPR:
a) The User has the right to object at any time—on grounds relating to their particular situation—to the processing of their personal data based on a legitimate interest.
b) If the processing of data was based on the above legal basis, opting out of receiving marketing communications via email will constitute an objection to the processing of their personal data.
c) If the User's objection is justified and the Companies do not have other important legally justified grounds for processing the personal data that override the interests, rights, and freedoms of the User, the data to which the objection applies will be deleted.
3. Right to Data Erasure ("Right to be Forgotten") – Legal Basis: Article 17 of the GDPR:
a) The User has the right to request the immediate deletion of all or some of their personal data.
b) The User has the right to request the deletion of personal data if:
The personal data are no longer necessary for the purposes for which they were collected or processed.
They have withdrawn their specific consent, to the extent that the processing of personal data was based on that consent, and there is no other legal basis for processing.
They have objected to the use of their data for marketing purposes.
They have objected to the processing of their data based on the legitimate interest of the controller, and there are no overriding legitimate grounds for processing.
The personal data have been processed unlawfully.
The personal data must be deleted to comply with a legal obligation under EU law or the law of a Member State to which the Companies are subject.
The personal data were collected in connection with offering information society services.
4. Right to Restrict Processing – Legal Basis: Article 18 of the GDPR:
a) The User has the right to request the restriction of the processing of their personal data. Submitting such a request, until it is reviewed, prevents the use of certain functionalities or services that require the processing of the data covered by the request. The Companies will also not send any communications, including marketing messages.
b) The User has the right to request the restriction of the use of personal data in the following cases:
When they question the accuracy of their personal data—the Companies will then limit their use for the time necessary to verify their accuracy, but no longer than seven days.
When the processing of the data is unlawful, and instead of deleting the data, the User requests the restriction of their use.
When personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the User to establish, assert, or defend legal claims.
When they have objected to the processing of their data—the restriction will apply for the time necessary to determine whether, due to the specific situation, the protection of the User’s interests, rights, and freedoms outweighs the interests pursued by the Controller in processing the User’s personal data.
5. Right to Access Data – Legal Basis: Article 15 of the GDPR:
a) The User has the right to obtain confirmation from the Controller as to whether their personal data are being processed, and if so, the User has the right to:
Access their personal data.
Obtain information about the purposes of processing, categories of processed personal data, recipients or categories of recipients of those data, the planned storage period for the User’s data, or the criteria for determining this period (if specifying the planned processing period is not possible), the rights available to the User under the GDPR, the right to lodge a complaint with a supervisory authority, the source of these data, automated decision-making, including profiling, and the security measures applied in connection with the transfer of these data outside the European Union.
Obtain a copy of their personal data.
6. Right to Rectify Data – Legal Basis: Article 16 of the GDPR:
a) The User has the right to request that the Controller immediately correct any incorrect personal data concerning them. Considering the purposes of processing, the User has the right to request the completion of incomplete personal data, including by providing an additional statement, by sending a request to the email address: office@txb.pl.
7. Right to Data Portability – Legal Basis: Article 20 of the GDPR:
a) The User has the right to receive their personal data, which they have provided to the Controller, and then transmit them to another data controller of their choice. The User also has the right to request that personal data be sent directly by the Controller to such another controller, if technically feasible. In this case, the Controller will transmit the User's personal data in a .csv file format, which is widely used, machine-readable, and allows the data to be transferred to another data controller.
8. If the User exercises any of the above rights, the Companies will fulfill the request or refuse to fulfill it immediately, but no later than one month after receiving the request. However, if—due to the complexity of the request or the number of requests—the Companies are unable to fulfill the request within one month, they will fulfill it within the next two months, informing the User in advance, within one month of receiving the request, of the intended extension of the deadline and the reasons for it.
9. The User may submit complaints, inquiries, and requests regarding the processing of their personal data and the exercise of their rights to the Controller.
10. The User has the right to lodge a complaint with the President of the Personal Data Protection Office.
XI. Automated decision-making
The User's personal data will not be subject to automated decision-making and will not be profiled.
7. The cookies mechanism is safe for Users' computers. In particular, viruses, unwanted software, or malware cannot access Users’ computers through cookies. However, Users can limit or disable cookies access to their computers via their browser settings. If this option is used, the Website will remain accessible, except for functions that inherently require cookies.
8. The Website does not use cookies that allow data analysis or marketing cookies related to advertisements or ad targeting.
9.Upon entering the Website, only cookies essential for its proper functioning are automatically installed.
10. The method for disabling cookie support in individual browsers can be found in the browser settings. If you encounter any issues, check the help section of your browser.
11. Website Users can change cookie settings at any time. Detailed information about the possibilities and methods for handling cookies is available in the software (web browser) settings. Examples of cookie management options in popular browsers:
a) Mozilla Firefox: www.support.mozilla.org/pl/kb/ciasteczka
b) Internet Explorer: www.support.microsoft.com/kb/278835/pl
c) Google Chrome: www.support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
d) Safari: www.safari.helpmax.net/pl/oszczedzanie-czasu/blokowanie-zawartosci
12. Restricting the use of cookies may affect some functionalities available on the Website.
13. The Website uses the following third-party cookies:
a) Managed by the third-party Wix: