The Personal Data Entrustment Policy is a document that defines how your personal data is shared and transferred. It also includes the purposes, procedures, security rules and responsibilities related to the data transfer process.

  • § 1 General provisions
    • This Personal Data Entrustment Policy sets forth the terms and conditions under which Recipients and Users of the mizzox.com Website and App.mizzox.com made available by MIZZOX S.A. with its registered office in Kraków entrust the above-mentioned entity with personal data for processing.
  • § 2 Definitions
    • Terms used in this document mean:
      • Service Provider – a company under the name of MIZZOX S.A. with its registered office in Krakow, Poland, entered in the register of entrepreneurs kept by the District Court for Krakow-Śródmieście in Krakow, XI Economic Department of the National Court Register under the KRS number 0001123058, NIP: 6793097640, REGON: 12302151500000.
      • Service Recipient – a customer using the Services provided by the Service Provider under the terms of the Regulations. The Service Recipient is an entrepreneur performing a business activity in its own name. He may be a natural person, a legal person or an organizational unit without legal personality, to which a separate act grants legal capacity.
      • User – a person with an account on the Site, authorized to represent the Service Recipient and use the Site on his behalf.
      • Service mizzox.com – the information system of the website at https://mizzox.com run by the Service Provider, supporting the management of business conducted by natural persons, legal persons or organizational units that are not legal persons, to which a separate law grants legal capacity.
      • App.mizzox.com – a modern IT tool made available for a fee by the Service Provider on the Site and on mobile devices, the functioning and rules of use of which are described in separate regulations.
      • Regulations – the regulations of the website located at https://mizzox.com.
      • Terms of Service of the application – the rules of the application located at https://mizzox.com
      • Principles of personal data processing – document available at https://mizzox.com
      • Agreement – the legal relationship between the Service Provider and the Service Recipient, based on which the Service Provider provides Services to the Service Recipient, as defined in the Regulations.
  • § 3 Principles of entrusting personal data
    • The User, in connection with the conclusion of the Agreement, represents that:
      • has read the Personal Data Processing Rules and fully accepts the provisions contained therein – including consent to the Service Provider’s processing of his/her data provided to the Service Provider to the extent and on the terms detailed in the aforementioned document;
      • declares that any entrusted personal data shall be processed in accordance with the law, and that their entrustment to the Service Provider for processing shall not violate any rights of third parties;
      • entrusts its following personal data to the Service Provider for processing, to the extent specified in the Privacy Policy:
        • name, surname;
        • the company;
        • age and date of birth;
        • email address;
        • phone number;
        • address of residence and places of business;
        • PESEL and REGON numbers, as well as Tax Identification Numbers;
        • vehicle registration numbers;
        • information on assets, including detailed information on income and costs of business activities;
        • Bank account and payment/credit card numbers;
        • health information;
      • entrusts to the Service Provider for processing, exclusively within the framework of the use of the functionalities of the Application in accordance with their purpose, the personal data entered by the User in the Application. The aforementioned data are the data of the User’s contractors, employees, co-workers and relatives, and include in particular:
        • name,
        • surname;
        • company;
        • age and date of birth;
        • email address;
        • phone number;
        • address of residence and places of business;
        • PESEL and REGON numbers, as well as Tax Identification Numbers;
        • vehicle registration numbers;
        • information on assets, including detailed information on income and costs of their business activities;
        • Bank account and payment/credit card numbers;
        • health information;
      • acknowledges that the Service Provider is entitled to entrust the personal data indicated in the Agreement to other entities (including those located in so-called third countries, i.e. outside the European Economic Area) for processing for the purposes described above, and under the terms of the Personal Data Processing Rules.
    • The service provider, in connection with
      • any data entrusted to it by the User shall be processed only for the purpose of executing the Agreement. For the avoidance of any doubt, it is understood that the conclusion of the Agreement and the use of the provided Application thus constitutes an explicit order for data processing given by the User;
      • entrusted data will be provided with due security, guaranteed both by organizational solutions (e.g., allowing only persons or entities duly authorized and obligated to secrecy to carry out data processing activities, keeping a register of processing activities of all entrusted data), as well as a system of technical safeguards, meeting the requirements specified in Article 32 RODO;
      • undertakes to assist in the implementation of the obligations imposed on the Service Recipient as a controller with regard to both securing personal data and responding to objections, inquiries and requests from data subjects. In the event that the Service Provider receives such an inquiry relating to data of which the User is the controller, the Service Provider undertakes to promptly forward the said inquiry and provide explanations to the extent necessary for the User to fulfill its obligations;
      • data entrusted by the Client or the User shall be promptly deleted by the Service Provider or returned at the request of the User; at the same time, if the Client or the User requests the Service Provider to stop processing personal data, the processing of which is necessary for the execution of the subject of the Agreement, the Service Provider may terminate the Agreement with immediate effect, and the Service Provider’s exercise of the above right shall not give rise to any liability on its part towards the Client. The principle set forth in the first sentence shall not apply if, pursuant to Article 6(1) of RODO, the Service Provider – despite the Service Recipient’s or User’s request for deletion or return of the data – is still obligated or authorized to process the data on another legal basis;
      • shall be obliged to fulfill all legally prescribed obligations incumbent on it both as a controller of personal data and as an entity to which the data is entrusted within the meaning of Article 28 et seq. RODO, in particular to the extent of enabling the Service Recipient and the User to confirm the Service Provider’s fulfillment of the aforementioned obligations under the terms of Article 28(3)(h) RODO.
      • The Parties unanimously declare that the Data Entrustment Rules constitute another legal instrument referred to in Article 28(3) of the RODO, and thus, together with the provisions of the Service Provider’s Personal Data Processing Rules, are a self-contained basis for entrusting the User’s personal data to the Service Provider.
  • § 4 Final provisions
    • The Service Provider reserves the right to unilaterally change the Principles. The changes referred to in the preceding sentence shall be effective from the time of publication of the Rules in their new wording.
    • In matters not regulated, the provisions of the Personal Data Processing Rules and Regulations shall apply.

These rules come into force with effect from 24/10/2023.