Privacy Policy

In accordance with the information obligation under Article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), we hereby inform you that:

1. The controller of personal data processed on the websites available at the following addresses:
   
   ,www.mgbi.pl,
   , baza.mgbi.pl,
   , www.imsig.pl, and
   
   is:
   
   MGBI sp. z o.o.,
   , ul. Marszałkowska 58/15,
   , 00-545 Warsaw,
   , KRS 0000533676, NIP 7010446505, REGON 360001489
   
   
2. The controller has appointed a Data Protection Officer to oversee the proper processing of personal data.
   
   
3. You can contact the Controller and the Data Protection Officer appointed by the Controller by sending a letter to the Controller’s registered office address provided in section 1 or via the contact form.
   
   
4. The Controller processes personal data pursuant to Article 6(1)(f) of the GDPR, as this is necessary for the purposes of its legitimate interests, namely the reliable provision of the information services it offers.
   
   The basic services provided by the Controller include compiling lists and directories containing data on business entities operating in Poland that meet strictly defined criteria (e.g., type of business activity, location of the registered office, date of commencement of operations).
   
   The Administrator’s clients use the information contained in the studies provided by the Administrator, among other things, in the following areas:
   
   – marketing research (e.g., market size estimation),
   – sales activities (e.g., searching for new business partners),
   – debt collection activities (e.g., monitoring the progress of bankruptcy proceedings).
   
   
5. The personal data processed by the Controller relates to the business and professional activities of individuals, as well as to legal proceedings involving them (e.g., bankruptcy and restructuring proceedings).
   
   
6. This data was obtained from at least one of the following publicly available sources:
   
   – National Official Register of Economic Entities (REGON),
   – Central Register and Information on Economic Activity (CEIDG),
   – National Court Register (KRS),
   – Court and Economic Monitor (MSiG),
   – other registers and records maintained by state authorities,
   – official websites of business entities,
   – search engine results,
   – publicly available telephone and address directories,
   – social media platforms,
   – databases purchased from third parties cooperating with the Administrator.
   
   
7. The recipients of the personal data processed by the Controller are its clients operating in sectors such as:
   
   – finance and insurance;
   – telecommunications, marketing, and sales; and
   – consulting and accounting.
   
   
8. Personal data processed by the Controller may be disclosed to third parties with whom it cooperates, located in Poland, in European Union member states, and in third countries outside the European Economic Area.
   
   
9. The controller will store this data in its records and process it for the period necessary to provide the services described in section 4.
   
   
10. The controller may make automated decisions based on the personal data being processed, including profiling as referred to in Article 22(1) and (4) of the GDPR.
    
    
11. All individuals whose personal data is processed by the Controller in its databases have the right to request from the Controller access to such data, its rectification, erasure, or restriction of processing, to object to the processing, and the right to have their data transferred to another controller.
    
    
12. To exercise these rights, please contact the Controller or the Data Protection Officer designated by the Controller in the manner described in section 3.
    
    
13. In the event of a violation of applicable laws regarding the processing of personal data, individuals whose data is processed by the Controller in its databases have the right to file a complaint with the supervisory authority.
    
    
14. The administrator makes every effort to ensure that all necessary physical, technical, and organizational measures are in place to protect personal data against accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use, or access, in accordance with all applicable laws.