Protection of personal data

Due to the need to comply with the information obligation pursuant to Article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), we hereby inform you that:

1. The administrator of personal data processed on websites available at the following addresses:
   
   www.bnf.pl
   www.imsig.pl
   www.mgbi.pl
   
   is:
   
   MGBI sp. z o.o.
   ul. Marszałkowska 58/15
   00-545 Warsaw
   KRS 0000533676, NIP 7010446505, REGON 360001489
   
   
2. The administrator has appointed a Data Protection Officer who supervises the correct processing of personal data.
   
   
3. The Administrator and the Data Protection Officer appointed by him can be contacted by sending a letter to the address of the Administrator's registered office specified in point 1 or via the contact form.
   
   
4. The Administrator processes personal data on the basis of Article 6(1)(f) of the GDPR, as it is necessary for the pursuit of its legitimate interests, i.e. for the reliable provision of the information services it offers.
   
   The basic services provided by the Administrator include the compilation of lists and directories of business entities operating in Poland that meet strictly defined criteria (e.g., type of business, location of headquarters, date of commencement of business).
   
   The Administrator's customers use the information contained in the studies made available by the Administrator, among others, in the following activities:
   
   – marketing research (e.g., market size estimation),
   – sales activities (e.g., search for new contractors),
   – debt collection activities (e.g., monitoring of bankruptcy proceedings).
   
   
5. The personal data processed by the Administrator concerns the business and professional activities conducted by natural persons, as well as court proceedings conducted against them (e.g., bankruptcy, restructuring).
   
   
6. This data was obtained from at least one of the following publicly available sources:
   
   – National Official Register of National Economy Entities (REGON),
   – Central Register and Information on Economic Activity (CEIDG),
   – National Court Register (KRS),
   – Court and Economic Monitor (MSiG),
   – other registers and records kept by state authorities,
   – official websites of business entities,
   – search engine results,
   – publicly available telephone and address directories,
   – social networking sites,
   – databases purchased from third parties cooperating with the Administrator.
   
   
7. The recipients of personal data processed by the Administrator are its customers operating in industries such as:
   
   – finance and insurance,
   – telecommunications, marketing, and sales,
   – consulting and accounting.
   
   
8. Personal data processed by the Administrator may be made available to third parties cooperating with him, based in Poland, in European Union member states, and in third countries not belonging to the European Economic Area.
   
   
9. The administrator will store this data in its files and process it for the period necessary to provide the services described in point 4.
   
   
10. The administrator may make automated decisions based on the personal data processed, including profiling referred to in Article 22(1) and (4) of the GDPR.
    
    
11. All natural persons whose data is processed by the Administrator in its files have the right to request the Administrator to access, rectify, delete, or restrict the processing of such data, to object to the processing, and to transfer the data to another administrator.
    
    
12. To exercise these rights, please contact the Administrator or the Data Protection Officer appointed by him in the manner specified in point 3.
    
    
13. In the event of a breach of applicable regulations concerning the processing of personal data, persons whose data is processed by the Administrator in its files have the right to lodge a complaint with the supervisory authority.
    
    
14. The administrator makes every effort to ensure all physical, technical, and organizational measures to protect personal data against accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use, or access, in accordance with all applicable regulations.