Data Processing Agreement

1. Personal data controller

The personal data controller is Cardinal Cryptography Sp. z o.o. with registered seat in Kraków, Pawia Street 9, 31-154 Kraków, entered into the Register of Entrepreneurs maintained by the District Court for Kraków-Śródmieście, XI Business Department of the National Court Register, KRS: 0000780223, NIP (Tax Id): 6762564514, REGON 383024794, share capital PLN 7 500, e-mail: (hereinafter: “Controller”).

2. Purpose and basis for personal data

The Controller processes your personal data in order to offer you products and services directly and to inform about your activities (direct marketing), which is the legitimate interest of the Controller – pursuant to article 6 section 1 let. f GDPR.

3. Recipients of data

Controller may share your personal data with subcontractors (entities that he uses during the processing) such as:

  • IT service providers (eg hosting providers and entities dealing in mailing);
  • entities providing IT services.


4. Time of data storage

The data obtained in order to offer products and services directly and to inform about activities (direct marketing) is kept by the Controller until you object to their processing for this purpose, until you revoke your consent to receive commercial information or until the Controller decides to remove them.

5. Rights of data subjects

You have the following rights:

  • right to access personal data and the right to receive a copy;
  • right to rectification of the personal data;
  • right to erasure of the personal data;
  • right to restriction of processing concerning the personal data;
  • right to portability of the personal data;
  • right to object to processing of the personal data;
  • right to lodge a complaint with a supervisory authority.

In order to exercise the above rights, you can contact the personal data Controller.

6. Information on voluntariness or the necessity to provide data

Providing your data is voluntary. If you do not provide data for the purpose of processing them in order to offer products and services and informing by the Controller about its activities, you will not be able to receive information regarding the activities of the Controller.