PRIVACY POLICY

Date of the last revision: 16th of November 2024 r.

TABLE OF CONTENTS

1. INTRODUCTION

2. USEFUL DEFINITIONS

3. COOKIES

4. PLUGINS AND SOCIAL MEDIA

5. PROCESSING PERSONAL DATA BY DBC1

6. WHO WE MAY TRANSFER YOUR PERSONAL DATA

7. RIGHTS OF PERSONS WHOSE DATA IS PROCESSED BY DBC1

8. INFORMATION CLAUSE

9. CONTACT WITH DBC1

APPENDIX NO. 1 - data processing agreement

INTRODUCTION

The Policy has been developed based on the provisions of the GDPR. The Controller of the Personal Data collected through the Website and the Tool, other DBC1 service or when you contact us directly or we contact with you is:

Mok Yok Group sp. z o.o. registered in Wroclaw, postal code no. 50-125, Św. Mikołaja 8-11, entered into the Register of Entrepreneurs managed by the District Court for Wroclaw-Fabryczna in Wroclaw, VI Commercial Division of the National Court Register, under Registry no. 0000503224, with share capital of 5.200,00 PLN, State Register of Entities of National Economy (REGON): 022383863, Tax Identification Number (NIP): 8971797577

(hereinafter: DBC1).

DBC1 is a company that is committed to providing an appropriate level of privacy protection for users of the Website and the Tool. We believe that this Policy will fully explain to you how the processing and protection of Personal Data works in our company. The data processing policy applicable at DBC1 has been established on the legal basis of GDPR and best practices. By familiarizing yourself with the Policy, you will know what actions we take in respect of Personal Data. These actions are intended to ensure security and fulfillment of obligations incumbent on DBC1 as a data Controller.

You should read this Policy before contacting us, using the Website, the Tool or our other services. Please be advised that if you use our Website, the Tool or other services, this means that you accept the Policy. However, if after reviewing the Policy, you find it to be unacceptable, you may not continue to use our Website the Tool or other services.

If you have any questions or concerns regarding this Policy, you may contact us. Contact information is located in the Contact DBC1 section.

If you are using the Tool, you acknowledge that personal data is processed along with Privacy Policy and Data Processing Agreement as established in Appendix no. 1 to this Privacy Policy.

USEFUL DEFINITIONS

Personal Data – information about an identified or identifiable natural person, defined in accordance with the GDPR and Polish regulations on the protection of personal data, e.g. name, surname, identification number, factor determining mental or physiological identity, IP address.

Policy – this document.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website – a website available at https://www.DBC1.com/, with an SSL certificate installed, which, by encrypting data, secures your Personal Data and their transmission.

the Tool - a service that manages Google Workspace Gmail Signatures (terms are available under the link https://DBC1.com/terms-of-service)

User – a person who uses the Website, the Tool or the other DBC1 services, depending on the context in which the word “User” was used.

COOKIES

The Website uses cookies or similar technologies in order to provide you with services of the highest quality.

Files of cookies (so-called "cookies") are IT data, in particular text files, which are stored in the end device of the Website User and are intended for use on websites. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.

When you visit the Website, cookies and similar technologies can be used for the following purposes:

for the Website to work as intended (Essential cookies)
to track our site's performance and improve your browsing experience (Functional cookies - optional)
for marketing and analytics purposes - in order to adapt the content of the Website to the preferences of Users, to prepare an offer based on the interests of Users, for creating statistics, which help to understand how the Website Users use the websites, which allows to improve their structure and content (Marketing cookies - optional)

The Website uses two basic types of cookies:

session (session cookies) - temporary files that are stored in the User's end device until logging out, leaving the website or turning off the software (web browser),
persistent (persistent cookies) - files stored in the User's end device for the time specified in the parameters of cookies or until they are deleted by the User. For example, we use the Google Analytics service commonly used by websites for analytics purposes.

The web browsers usually allow the storage of cookies on the User's end device by default. Website Users can change their settings in this regard. The web browser allows deleting cookies. It is also possible to block cookies automatically. Detailed information on this subject can be found in help or documentation of the web browser used. For your convenience we present below sample information on managing cookies for the most popular web browsers:

However, changes in the settings of cookies can affect the operation of the website you are viewing. Cookies do not change the configuration of the device you are using. They make it easier to adapt the browsed content to your expectations and preferences, e.g. language version, proper display of a page on a device, interests or individual needs. Cookies used for authentication enable e.g. easy form filling or logging in.

DBC1 is the provider who places and accesses cookies on the Website User's end device. Cookies placed on the User's end device or other similar technologies can also be used by partners cooperating with us.

Please be informed that information about certain User behaviour is subject to logging in the server layer of our hosting operator. This data is used by us solely for the purpose of administering the Website and to ensure the most efficient operation of the hosting services provided. Viewed resources are identified by URLs. In addition , the following can be recorded:

time of request arrival,
time of response sending,
client station name - identification carried out by the HTTP protocol,
information about errors that occurred during the HTTP transaction,
the URL address of the page previously visited by the user (referrer link), in case the Website was accessed through a link,
information about your browser,
information about your IP address.

Information about our hosting provider's privacy policy can be found HERE.

Importantly, the above data is not associated with specific visitors and is only used for server administration purposes.

The Website collects information voluntarily provided by the User through forms available on the Website. Please note that the Website may also record information about your connection parameters (time stamp, IP address). The data provided on the form may constitute a collection of potential clients of DBC1. The data provided on the form is processed for a purpose stemming from the function of the specific form, e.g., to process a request or to conduct a business contact.

PLUGINS AND SOCIAL MEDIA

Social media

Social media are one of the main channels of contact with our customers and potential customers. Through them we provide up-to-date information about our activities, services, promotions, news about our services and create a place for common exchange of ideas.

Therefore, on the basis of legitimate interests, we process Personal Data of people who use our websites on social networking sites (e.g., to respond to comments and inquiries) and data that we access if you use the social networking plug-in available on our Website (in terms of statistics purposes our Website).

The processing of Personal Data on social networking is subject to the privacy rules of the respective social media provider. Therefore, we encourage you to read the rules of the social media providers we use to maintain our social media profiles:

LinkedIn, provided by LinkedIn Corporation (1000 W. Maude Avenue, Sunnyvale, CA 94085, United States of America) and for users in the European Union, European Economic Area and Switzerland LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland) - Privacy policy
Youtube, provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, United States) and for users in the European Union, European Economic Area and Switzerland - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (the provider for your location should be mentioned in Privacy policy)

If you use our profiles on social media, DBC1 also acts as a Controller of Personal Data. This data is processed by us on the terms of the Policy.

Please be advised that, in terms of the processing of Personal Data in connection with your use of the social plugins available on our Website, i.e. for the purpose of so-called web tracking (if applicable), DBC1 and the social media provider act as joint controllers of the Personal Data in accordance with Article 26 of the GDPR. Web tracking also takes place if you use the plugin as a not logged in social media user.

Web tracking consists in creating aggregate statistics based on events recorded by social media providers while users use the website. You must know that these events are logged by the social network providers without the participation of DBC1. Information regarding the processing of Personal Data by the social network provider, contact data and information regarding the right to object can be found in social media providers privacy documents indicated above.

Plugins

On our Website we also use:

Google Analytics

Using Google Analytics software, our Website places a counting code on your computer to collect data about you. Please be advised that we are party to an agreement with service provider and we use a mechanism to anonymize the User's IP number. The user may at any time object to the collection of data by the Google Analytics software by changing the web browser settings.

Provider: Provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, United States) and for users in the European Union, European Economic Area and Switzerland - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (the provider for your location should be mentioned in Privacy policy)

Google Web Fonts

The website uses Google Web Fonts. This means that your browser loads the appropriate Google font into its cache in order to display texts and fonts correctly. For this purpose, it is necessary to establish a connection through the browser to Google servers. As a result of this connection, Google obtains information that access to the Website was obtained from your IP address.

We use Google Web Fonts to maintain the visual uniformity of the Website, which makes it more readable for the recipient. The legal basis for sharing the IP address is our legitimate interest (Article 6(1)(f) of the GDPR).

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy:

https://www.google.com/policies/privacy/

Clearbit

Within our site, we use a tool called Clearbit to enrich data about customers and potential customers by identifying (via IP or cookies) visitors to our site and filling in missing information to better tailor marketing and sales activities.

Provider: API Hub, Inc.,

Cloudflare

As part of the Application, we use the Cloudflare service provided by Cloudflare, Inc. This service optimizes the website and improves the speed of loading content, as well as increases security (eliminates bots), and its operation is to enable the transfer of larger multimedia files via distributed servers connected over the Internet.

Provider: Cloudflare, Inc

Privacy policy: More information on data processing as part of the service can be found at https://www.cloudflare.com/pl-pl/privacypolicy/

PROCESSING PERSONAL DATA BY DBC1

When you provide us with your Personal Data, we become their controller.

DBC1's basis for processing your Personal Data may be:

Your consent (if applicable),
the relevant legal provision (e.g. the grounds indicated by Article 6 of the GDPR) or
the fact that the processing is necessary for the performance of a contract or taking steps prior to entering into a contract.

We may process your Personal Data, depending on the basis of our contact, for the purposes of:

providing services related to our business, e.g. by providing your Personal Data, you enable us to contact you in order to present our offer,
marketing, so that we can inform you about the best and latest offers and functionalities provided by our partners, e.g. in the form of a newsletter,
statistics related to the operation of the Website.

More details are provided in the section Information clause.

The maximum scope of Personal Data we process depends on the basis of our relationship and includes:

if you use services related to our business or have sales conversations with us: name, surname, company name, e-mail address, telephone number, position, tax identification number, information about your services, information about your company data (company size, number of employees, contact details of people responsible for cooperation with DBC1) or other data - if you provide us with it,
if you provided data in the contact form/messengers: name, surname, e-mail address, telephone number, company name, tax identification number or other data - if you provide us with it,
if you give us a consent for processing data for marketing purposes: name, surname, e-mail address, telephone number other data you provide us with,

if you use our Website: IP address, device information, cookies (including for remarketing purposes), other data that you provide e.g. by filling in the contact form on our Website.
if you use the Tool: data of the Tool user’s employees/partners whose email signature could be modified by the Tool: names and surnames, email address, phone numbers, profile photos and optionally, the email address of the users's managers.Processing your Personal Data in the scope described above is necessary for proper operation of the Tool.

Please be advised that we do not process specific categories of your Personal Data referred to in Article 9 - 10 of the GDPR such as: ethnic origin, political views or biometric data.

If we ask you to provide Personal Data on our Website (e.g. for the use of the contact form), you must know that providing it is a condition for concluding an agreement to access the functionalities available on our Website. If you do not provide this data, you will be, unfortunately, unable to use them.

The period for which Personal Data may be stored depends on the legal basis for processing your Personal Data and the purpose for which they are processed. More details are provided in the section Information clause.

WHO WE MAY TRANSFER YOUR PERSONAL DATA

Please also be informed that from time to time we may transfer or share your Personal Data with entities that cooperate with us e.g. accounting companies, legal advisors, courier companies, advertising and marketing companies, hosting providers, payment providers, CRM System provider. The transfer may take place only when we have concluded appropriate agreements with these entities in order to ensure that they will protect your Personal Data at least as responsibly as we do.

You need to know that the Tool is distributed by our trusted partners - resellers of our services and we could share data provided to us by you (e.g. information about the data characterizing the company - size of the company, number of employees, contact details of persons responsible for cooperation) with one of our resellers. The base of such a transfer is the legitimate interest of the data controller (article 6, para. 1, section f) GDPR). Our legitimate interest is the possibility of transferring your data to a reseller in order for the reseller to enter into a contract with you regarding our services. You should also notice, that if you decide to start using the Tool on the basis of agreement with one of our resellers, that reseller and DBC1 will process data related to Google Workspace accounts administered by you - processing that data is necessary for the proper operation of the Tool. Additional scope of data that reseller may process if you use DBC1 is: data of the Tool user’s employees/partners whose email signature could be modified by the Tool: names and surnames, email address, phone numbers, profile photos and optionally, the email address of the users's managers.The basis for such processing will be the data processing agreement concluded with the reseller. We will inform you when we share your data with our reseller.

Personal Information may also be shared by DBC1 with government authorities or other entities authorized to access the data and according to the law.

Transfer to such entities may only take place after we have obtained your consent (where required) or where such admissibility is provided for by law, e.g. where DBC1 processes data on the basis of a legitimate interest.

As we use tools for our daily operations whose providers may process Personal Data outside the European Economic Area and we work with advisors in various locations around the world your Personal Data may also be transferred for processing outside the European Economic Area. In this case, we shall make every effort to ensure that the processing is carried out on a lawful basis, such as standard contractual clauses. Please also note that such transfer may only take place if the third country or international organization meets the conditions set out in the GDPR.

RIGHTS OF PERSONS WHOSE DATA IS PROCESSED BY DBC1

If you consent to the processing of Personal Data, remember that the consent is given by you voluntarily. You have the right to withdraw your consent at any time. However, remember that the withdrawal of consent does not affect the processing carried out by us prior to the withdrawal.

You have the right to access your Personal Data at any time. You can always ask us, as the controller of your Personal Data, for informing you whether your Personal Data is being processed by us, to provide you with an access to your Personal Data, and to receive other information such as, but not limited to, the duration of the processing, the purposes of the processing, information on to whom we provide the data, information on automated decision-making or profiling.

Remember that you also have the right to lodge a complaint with the supervisory body (the President of the Personal Data Protection Office).

You have the right to rectify your Personal Data by changing or supplementing it.

You have the right to delete your Personal Data, known as the “right to be forgotten”. You can request us to delete your data without undue delay in the following situations:

the data is not necessary for the purpose of processing or is processed in a different way
consent to processing has been withdrawn previously, and we have no basis for processing
you have objected to data processing
the data was processed unlawfully
the personal data controller is obliged to delete data resulting from legal provisions
the data was collected in relation to the offering of information society services.

More details about the right to be forgotten can be found in Article 17 of the GDPR.

You also have the right to restrict processing by the controller. You can request a restriction when:

you question the accuracy of the data
the processing is unlawful, but you are opposed to deletion by only requesting a restriction
the controller no longer needs the data for processing purposes, but you need them to establish, assert or defend claims
you object to processing, but only until its grounds are resolved.

If the processing is performed based on consent or in an automated manner, you also have the right to transfer data that we should provide to you at your request in a commonly used format. You can also request that the data be transferred by us directly to another controller.

If the processing is based on Article 6 (1) (e) or (f) of the GDPR, you have the right to object to the processing. In this case, we can no longer process your Personal Data unless we demonstrate the grounds required by the GDPR.

You also have the right not to be subject to a decision based on automatic processing, including profiling, if such a decision has legal effects on you or otherwise significantly affects you. Please be advised that this right does not apply if: such a decision is necessary for the performance/conclusion of the contract, is permitted by law or is based on your express consent.

INFORMATION CLAUSE

Controller’s data

The Controller of the personal data is Mok Yok Group sp. z o.o. registered in Wroclaw, postal code no. 50-125, Św. Mikołaja 8-11, entered into the Register of Entrepreneurs managed by the District Court for Wroclaw-Fabryczna in Wroclaw, VI Commercial Division of the National Court Register, under Registry no. 0000503224, with share capital of 5.200,00 PLN, State Register of Entities of National Economy (REGON): 022383863, Tax Identification Number (NIP): 8971797577

Purpose of processing

Depending on the circumstances, the provided personal data may be processed for the purposes of:

answering questions asked in the forms/via messengers available on the Website,

receiving marketing e-mails (newsletters), if you consent to it,
conducting sales talks via emails, social media or phone calls,
conduct analytical and statistical activities,
in order to conclude and perform a contract with a customer/contractor with the participation of our reseller (f.ex. on the scope to provide you with the Tool)
in order to fulfill legal obligations related to the data processing for the above purposes,
for the purpose of asserting and defending against claims in connection with the processing for the aforementioned purposes.

Please be advised that providing us with the data is voluntary, but necessary to use the data for above mentioned purposes.

Legal basis and time of the processing

We process the data provided in the contact form/via messengers based on the legitimate interest of the controller, which is communication with Users of our Website or social media. We will process your data for the time necessary to provide an answer to your question. After this time, the data may be processed by us during the limitation period for any claims.

We process the data used for the purpose of sending the newsletter after obtaining your consent, until consent to the processing of this data is revoked.

We process data obtained for the purpose of concluding and performing a contract with a customer/contractor with the participation of our reseller for the duration of the contract and after that if necessary to the final settlement of receivables with the reseller. After this time, the data can be processed by us for the period of limitation of possible claims.

We process the data obtained during sales talks via email, social media or phone calls after obtaining your consent or on the basis of DBC1 legitimate interest (e.g. when we answer your questions about services or carry out our activities aimed at acquiring customers). We process the data for the time necessary to examine the needs of our customers and determine the willingness to start the cooperation with us. After this time, the data may be processed by us during the limitation period for any claims.

Data collected for the purpose of fulfilling legal obligations related to processing for the above purposes will be processed for the time necessary to fulfill such obligation.

Data collected for the purpose of asserting claims and defending against claims in connection with the processing for the above purposes will be processed for the limitation period and, if proceedings are initiated before the expiration of the limitation period, until the date of final settlement of the dispute.

Personal Data recipients

The recipients of your data may be relevant state authorities operating on the basis of generally applicable law. Your data may also be transferred to entities, as defined within Who we may transfer your Personal Data to part, processing data at the request of the controller - remember, however, that such entities process data on the basis of a contract with the controller and only in accordance with his/her instructions.

Processing data outside the EEA

Due to the fact that for our business we use tools whose suppliers may process Personal Data outside the European Economic Area, your Personal Data may also be transferred for processing outside the European Economic Area. In this case, we make sure that the processing takes place on a legal basis, which are, for example, standard contractual clauses.

Rights of data subject

You have the right to request the controller to access your personal data, rectify it, delete it or restrict the processing of, as well as the right to withdraw consent if it is expressed and a complaint is lodged with the supervisory body (for Poland: President of Personal Data Protection Office, Stawki 2, 00-193 Warsaw). In matters related to data protection, you can contact us at: contact@DBC1.com

CONTACT WITH DBC1

All inquiries and requests related to the processing of Personal Data can be directed to:

postal address: Mok Yok Group sp. z o.o., ul. Św. Mikołaja 8-11, 50-125 Wrocław, Poland
e-mail address:contact@DBC1.com

‍We may change our Policy from time to time to take account of the changing legal and technological environment. However, the most up-to-date version will always be available on our Website.

APPENDIX NO. 1 - data processing agreement

DATA PROTECTION AGREEMENT

(hereinafter referred to as Agreement)

concluded as of the date of its acceptance

MOK YOK GROUP SP. Z O.O. established in Poland, Św. Mikołaja 8-11 St., 50-125 Wrocław, entered in the Register of Entrepreneurs managed by the District Court for Wrocław - Fabryczna in Wrocław, VI Commercial Division of the National Court Register under Registry no. 0000503224, with share capital of 5.200,00 PLN, Tax Identification Number (NIP): 8971797577, State Register of Entities of National Economy (REGON) no. 022383863:

hereinafter referred to as Processor

and

Customer as Controller

hereinafter called the Parties and individually called the Party.

The Parties hereby enter into the following Agreement:

§1. GENERAL PROVISIONS

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR) this Agreement specifies data protection obligations of the Parties which arise from agreement on subscription of DBC1 service stipulated in Terms & Conditions of DBC1. It applies to all activities performed in connection with usage of DBC1 in which the staff of the Processor on behalf or a third party acting on behalf of the Processor may come into contact with personal data of the Controller.
The Controller entrusts processing of personal data to the Processor based under the rules indicated by this Agreement, the Terms & Conditions of DBC1 and within article 28 paragraph 3 GDPR. This Agreement is incorporated into the Terms & Conditions of DBC1 concluded between the Processor and the Controller.
Personal data entrusted to the Processor includes all necessary data to perform services specified in the Terms & Conditions of DBC1 which are as follows: data of DBC1 tool user’s employees/partners whose email signature could be modified by DBC1 tool: names and surnames, email address, phone numbers, profile photos and optionally, the email address of the users's managers. Processing of personal data in excess of this Agreement requires an amendment to this Agreement.
As a part of this Agreement, the Processor is entitled to process personal data on behalf of the Controller i.e. to perform following activities within the meaning of article 4 paragraph 2 of the GDPR such as: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Parties agreed that the scope of processing is as following:

purpose: providing DBC1 services
means: automated/not-automated
data subjects: employees of the Controller.

§2. RULES OF PERSONAL DATA PROCESSING

The Processor declares that before the commencement of processing of personal data the Processor implements appropriate technical and organizational measures to fulfill requirements set out in GDPR and protection of data subjects.
The Processor will process personal data only on documented instructions from the Controller, unless required to do so by European Union or Member State law. This Agreement constitutes a documented instruction from the Controller.
In particular the Processor is obliged to:

ensure that persons authorized to process personal data keep them in secrecy or subject to an appropriate statutory obligation of secrecy
apply the measures specified in article 32 of the GDPR
help, to the best of its ability, the Controller by applying appropriate technical and organizational measures, to fulfill the obligation to respond to the data subjects' requests to exercise their rights set out in Chapter III of the GDPR
help the Controller with fulfilling its obligation set out in articles 32-36 of the GDPR, taking into account nature of processing and available information,
provide the Controller with all information necessary to fulfill compliance with the obligations set out in article 28 of the GDPR
enable the Controller or auditor authorized by the Controller to carry out audits, including inspections, and contribute to them
inform the Controller if, according to the Processor’s opinion, instructions given by the Controller violate provisions of the GDPR or other provisions of data protection acts being in force in the Processor’s country
inform the Controller if during the processing of personal data the Processor becomes a joint controller within the meaning of article 26 paragraph 1 of the GDPR
if the Processor subcontracts his obligation to the subcontractor, the Processor needs to choose only those subcontractors who ensure sufficient guarantees to implement the appropriate technical and organizational measures as processing fulfills requirements set out in the GDPR and to exercise data subject’s rights.

The Processor is obliged to permanently remove all existing copies of entrusted data, within 30 days from ending processing of personal data, termination of this Agreement or expiration of this Agreement. Permanent data erasure should be such data destruction or such modification that will not allow to determine the identity of the data subject.
Provisions set out in this article are applicable to the subcontractor mentioned in section 4 of this Agreement.

§3. PERSONAL DATA PROCESSING CONTROL

The Processor will inform the Controller about circumstances that may or may have an impact on the security of entrusted personal data.
The Processor declares to have proper documentation regarding:

fulfilling the obligation to secure personal data and data necessary to the Controller for the fulfillment of obligations under the responsibility for entrusted personal data
processing of personal data covered by this Agreement
technical and organizational measures ensuring protection of personal data.

The Controller is entitled to carry out an audit in the scope of realization by the Processor obligations set out in this Agreement, with 7 business days notice. The Processor will allow persons acting on behalf of the Controller to enter the premises in which the personal data are processed on behalf of the Controller, to provide information regarding the processing, provide insight to documentation required by the provisions of the GDPR and separate regulations, to enable the inspection of media and information systems used to the processing.
The Controller will authorize a specific person or entity (by name and in written form) in the scope of conducting the audit.

§4. SUBCONTRACTORS

Controller specifically authorizes the engagement as subcontractors of those entities listed in Privacy Policy. In addition, the Controller generally authorizes the engagement as subcontractors of any other third parties.
When engaging any subcontractor, the Processor will:

ensure via a written contract that:

the subcontractor only accesses and uses Controller data to the extent required to perform the obligations subcontracted to it, and does so in accordance with this Agreement
if the processing of Controller personal data is subject to GDPR, the data protection obligations described in this Agreement (as referred to in Article 28(3) of the GDPR, if applicable), are imposed on the subcontractor.

remain fully liable for all obligations subcontracted to, and all acts and omissions of, the subcontractor.

§5. LIABILITY AND DECLARATIONS

The Processor is obliged to comply with provisions of the GDPR and separate local (for the Processor) provisions on the protection of personal data.
The Processor shall process personal data on behalf of the Controller in the manner specified by the Controller.
The Processor processes personal data in rooms/areas and uses an information system protected against unauthorized access of.
The Processor, including in particular employees/associates who process personal data on behalf of the Processor, are obliged to not disclose personal data processed on behalf of the Controller during the term of this Agreement or obtained in connection with its performance.
The Processor undertakes to notify the Controller via email about the following:

initiation of control or administrative proceedings by the supervisory body, within the meaning of article 4 paragraph 21 of the GDPR - in relation to personal data process on behalf of the Controller under this Agreement
administrative decisions issued by the supervisory body and complaints against the Processor submitted to the supervisory body in regards with a breach of provisions of personal data protection process on behalf of the Controller
other activities of authorized bodies regarding personal data processed on behalf of the Controller
other occurrences having or may have an impact on the processing of personal data processed on behalf of the Controller, in particular regarding events of personal data processed on behalf of the Controller breach - within 48 hours from the discovery of these circumstances
submit a complaint, request, question and other statement addressed to the Processor or addressed to the Controller, but submitted to the Processor by any persons, in particular natural persons whose personal data the Processor processes under this Agreement.

The Controller and the Processor shall be separately responsible for conforming with such statutory data protection regulations as are applicable to them.
The Controller shall inform the Processor without undue delay and comprehensively about any errors or irregularities related to statutory provisions on the processing of personal data detected during a verification of the results of such processing.
The Controller acknowledges that as the Processor uses for daily operations tools from worldwide providers and works with advisors in various locations around the world (the advisors have access to data within the IT systems provided by the Processor and the data are stored in the EEA locations) so the data may in some cases be processed outside the EEA. In such case the Processor shall make every effort to ensure that the processing is carried out on a lawful basis and meets the conditions set out in the GDPR.
Limitation of the Processor liability under this Agreement is the same as the limitation of liability indicated in TERMS & CONDITIONS OF DBC1.

§6. TERM

This Agreement shall enter into force on the date of signing by both Parties and is binding for duration of subscription for services provided by the Processor.
This Agreement expires along with termination or expiration of DBC1 subscription.
The Controller shall have a right to terminate this Agreement with immediate effect if Processor:

in spite of the obligation to remove the deficiencies identified during the audit, fails to remove them within the prescribed time limit

processes personal data in a manner incompatible with this Agreement, or
entrusts the processing of personal data to another entity without the Controller’s consent.

§7. FINAL PROVISIONS

Changes and amendments to this Agreement must be made in written form, electronic or document-like form, in order to be valid.
In matters not regulated herein the provisions of the term shall apply Terms & Conditions of DBC1 (including e.g. liability provisions).
This Agreement shall be governed by Polish law.
The Parties agree that the court of the Processor’ registered office shall have jurisdiction for disputes arising out of or in connection with this Agreement.
This Agreement has been executed in document-like form, in one copy.
Contact information to the Controller in connection with the execution of this Agreement:

postal address: Mok Yok Group sp. z o.o., ul. Św. Mikołaja 8-11, 50-125 Wrocław, Poland
email address: contact@DBC1.com

‍