1. Data Controller

The data controller is Speaking House sp. z o.o., ul. Syrokomli 22/6, 30-102 Kraków, Poland, entered into the Register of Entrepreneurs maintained by the District Court in Kraków, 5th Commercial Division of the National Court Register under KRS number: 0000945207, NIP: 6772473026, REGON: 52095852200000.

Email: hello@speakinghouse.pl
Phone: (+48) 690 995 096

2. Categories of Personal Data

The Controller processes the following categories of personal data: identification data, address data, contact details, and any other data if necessary for the purposes for which the Controller processes the data.

3. Purposes of Data Processing

Personal data may be processed by the Controller for the following purposes:

1. performance of a contract concluded with you or taking steps at your request prior to entering into a contract – pursuant to Article 6(1)(b) of the GDPR;

2. direct marketing of the Controller’s products and services, which constitutes a legitimate interest of the Controller – pursuant to Article 6(1)(f) of the GDPR;

3. responding to your inquiries or correspondence, which constitutes a legitimate interest of the Controller – pursuant to Article 6(1)(f) of the GDPR;

4. compliance with legal obligations imposed on the Controller – pursuant to Article 6(1)(c) of the GDPR;

5. establishing, pursuing, or defending against claims, which constitutes a legitimate interest of the Controller – pursuant to Article 6(1)(f) of the GDPR.

4. Source of Personal Data

The Controller processes personal data obtained directly from you or from an entity you are associated with. The Controller may also process data obtained from other entities if you have consented to their disclosure to the Controller. Additionally, the Controller may process data obtained from publicly available sources.

5. Data Recipients

The Controller may share personal data with its subcontractors (entities that process data on its behalf), such as:

1. IT service providers;

2. accounting service providers;

3. marketing service providers.

The Controller is also entitled to disclose personal data to other entities if required by law. Personal data may also be shared with entities involved in the performance of a contract, if necessary for its execution.

The Controller does not transfer personal data outside the European Economic Area, except in the following cases:

1. sharing data with subcontractors providing IT services, such as Google LLC, Meta Inc., MailerLite Inc. The Controller uses only entities participating in the EU-U.S. Privacy Shield framework, ensuring compliance with GDPR requirements.

6. Data Retention Period

The Controller may retain your personal data for the following periods:

1. for data processed for contract performance or pre-contractual actions – for the period required by law and the period necessary to establish, pursue, or defend claims;

2. for data processed for marketing purposes – until you object to processing, withdraw your consent, or until the Controller decides to delete the data;

3. for data processed to respond to inquiries or correspondence – for a period of 3 years from the date of submission;

4. for data processed to comply with legal obligations – for the period required by law;

5. for data processed for claims – for the limitation period of potential claims.

7. Your Rights

You have the following rights:

1. the right to access your personal data and receive a copy of it;

2. the right to rectify personal data;

3. the right to erase personal data;

4. the right to restrict processing;

5. the right to data portability;

6. the right to object to processing;

7. the right to lodge a complaint with a supervisory authority.

If data processing is based on consent, you also have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

To exercise the above rights, you may contact the Controller.