Based on Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 2016.119.1 of 04.05.2016 (“Regulation” or “GDPR”), we would like to inform that:

  1. The Personal Data Controller is MDT Sp. z o.o., court register number (KRS): 0000478430, registered office: ul. Skośna 12A, 30-383 Kraków, Poland, website: The Personal Data Controller can be contacted by email at: or by writing to the mailing address specified in the first sentence above;
  2. The Data Protection Officer is Mr Tomasz Kalita. Any data subject can contact him concerning the processing of personal data and use of the data subject’s rights related to the processing, by email at or by writing to the Personal Data Controller address specified in section 1;
  3. MDT Sp. z o.o. processes data provided by the data subject for marketing purposes based on a separate and voluntary consent of the data subject (GRPR Article 6.1.a). The Data Controller uses communication channels used by the data subject for the marketing purposes, based on his/her consent given through an explicit confirmation:

– on an email address form: it means consent to receive commercial information by email;

– on a telephone number form: it means consent to use the telephone for direct marketing.

The Data Controller carries out profiling based on the personal data provided by the data subject in order to assess his/her needs and preferences, and based on them will adjust the marketing communication concerning selected products or services of the Data Controller addressed to the data subject (GDPR Article 6.1.f). Legal grounds of such processing also result from, according to GDPR Article 6.1.b, performance of the contract which the data subject is a party to as well as any actions to be taken at the request of the data subject prior to entering into the contract.

  1. The Data Controller will process the personal data for the marketing purposes until the consent is cancelled or an objection is filed against such processing.
  2. The collected personal data may be disclosed to entities and public authorities entitled to process personal data on the basis of generally applicable laws as well as to entities processing personal data on behalf of the Data Controller in connection with its performance of tasks outsourced to them (e.g. IT services, legal support).
  3. The data subject may exercise his/her rights vested based on legal regulations, depending on the legal grounds underlying the processing of his/her data, including to:
  • access own personal data, i.e. to obtain confirmation from the Data Controller as to whether his/her personal data is being processed. If the data is processed, the data subject can access it and obtain the following information: purposes of the processing, personal data categories, current or future recipients (and recipient categories) of data, data retention period (or criteria of determining such period), the right to correct, erase the date or restrict its processing, and the right to object against the processing of the data subject’s data (GDPR Article 15);
  • receive a copy of the processed data, with the first copy free of charge and any subsequent copies subject to the Data Controller’s fee in a reasonable amount calculated based on administrative costs (GDPR Article 15.3);
  • correct own personal data, if incorrect, or complete it, if incomplete (GDPR Article 16);
  • erase own data, if the Data Controller no longer has legal grounds for its processing or when the data is no longer necessary for the purposes of the processing (GDPR Article 17);
  • restrict the processing of personal data, if: the data subject challenges the correctness of the personal data – for a period allowing the Data Controller to verify correctness of the data; the processing of the personal data is unlawful and the data subject objects against its erasure and instead requests restriction of its use; the Data Controller does not need the data any more but the data subject needs it in order to establish, defend or exercise claims; the data subject objects against the personal data processing – until determined whether the Data Controller’s legitimate interest overrides such objection;
  • move the data, i.e. to receive it in a structured, commonly used and machine-readable format of the data subject’s data which he/she provided to the Data Controller, and request sending it to another data controller, if the data is processed based on the data subject’s consent or based on a contract concluded with the data subject and if the data is processed by automated means (GDPR Article 20);
  • object against the processing for the Data Controller’s legitimate purposes – for reasons of a specific case of the data subject, including in the case of profiling. In such situation, the Data Controller will assess existence of valid legitimate grounds for the processing that override the data subject’s interest or grounds to establish, defend or exercise claims. If assessed that the data subject’s interest overrides the one of the Data Controller, the latter will be required to discontinue the processing carried out for those purposes (GDPR Article 21);
  • file a complaint with the President of the Personal Data Protection Office (UODO) whenever the processing of personal data appears to violate the Regulation.

I hereby consent to the processing of my personal data by MDT Sp. z o.o., court register number (KRS): 0000478430, registered office: ul. Skośna 12A, 30-383 Kraków, Poland, website:, which I have provided to it in the personal data form for marketing purposes, including to receive targeted marketing communication based on such data.

The consent may be cancelled at any time, without stating any reason, however without impact on the legitimacy of data processing carried out before its cancellation. The data subject has the right to access own data, correct, erase and move it. Data Protection Officer is available at: Full version of the Personal Data Protection Notice can be found at: