eService Privacy Policy

1. Your personal data Controller is Centrum Elektronicznych Usług Płatniczych eService Sp. z o. o. (hereinafter referred to as 'eService' or 'Controller') with its registered office in Warsaw at ul. Jana Olbrachta 94, 01-102 Warsaw.
2. The personal data Controller can be contacted by e-mail at gdpr@eservice.com.pl, via chat available at www.eservice.pl, by phone at +48 22 533 22 22, via the CUSTOMER PORTAL, or by regular mail sent to the address of the Controller's headquarters. gdpr@eservice.com.pl https://www.eservice.pl/  http://portal.eservice.pl/
3. eService has appointed a Data Protection Officer who can be contacted on any matter regarding the processing of your personal data and the use of rights related to data processing by electronic means, by e-mail at dpo_eu@evopayments.com or by regular mail at the following address: Bird & Bird DPO Services SRL, Avenue Louise 235 b 1, 1050 Brussels, Belgium.
4. Your personal data will be processed:
   1. in order to perform the contract pursuant to Article 6.1.b of the General Data Protection Regulation No. 2016/679 (Regulation 2016/679), and to the extent that the provision of data is optional - on the basis of your given consent (Article 6.1.a of the Regulation (EU) 2016/679);
   2. for the purpose of fulfilling the legal obligations incumbent on eService based on the generally applicable legal regulations, including the regulations on counteracting money laundering and financing terrorism, the act on payment services and tax and accounting regulations - the legal basis for processing is Article 6.1.c of the Regulation (EU) 2016/679;
   3. in order to fulfil the obligations incumbent on eService under the ILO Regulations or the PCI DSS Standards - the legal basis for processing is the Controller's legitimate interest to ensure compliance with industry standards (Article 6.1.f of the Regulation 2016/679);
   4. for the purposes of conducting service quality tests - the legal basis for processing over the duration of the contract is the legitimate interest pursued by eService (Article 6.1.f of the Regulation 2016/679), the legitimate interest pursued by eService is to obtain information on the level of customer satisfaction as pertains to the services provided. Upon the termination of the contract, the legal basis for data processing for the abovementioned purpose is expressed by your consent (Article 6.1.a of the Regulation 2016/679);
   5. for analytical and statistical purposes - the legal basis for processing is the legitimate interest pursued by eService (Article 6.1.f of the Regulation 2016/679), the legitimate interest pursued by eService is to analyse the results of business operations;
   6. in order for eService to send marketing content to you; the legal basis for processing is the legitimate interest pursued by eService (Article 6.1.f of the Regulation 2016/679), the legitimate interest of eService is to send marketing content to you by post during the performance of the contract, as well as by phone, e-mail or SMS/MMS, depending on which communication route you consented to. In the scope of data processing, in order to direct marketing content to your address after termination of the contract, and in the scope regarding entities from the eService Group of Companies and eService business partners, the legal basis for processing is your consent (Article 6.1.a of the Regulation 2016/679);
   7. in order to process a complaint, in particular one concerning chargeback - the legal basis for processing is the legitimate interest of eService (Article 6.1.f of the Regulation 2016/679);
   8. in order to implement the legitimate interest of eService concerning the possible determination of, the pursuing of claims or the defence against claims, as well as debt recovery - the legal basis for processing is the legitimate interest of eService (Article 6.1.f of the Regulation 2016/679).
5. Your personal data will be processed in an IT environment, which means that it can also be temporarily stored and processed in order to ensure the security and correct operation of IT systems, e.g. in connection with creating backups, testing updates in IT systems, detection of irregularities or protection against abuse and attacks.
6. Your personal data will be transferred to:
   1. Bank PKO BP S.A. and Entities Affiliated with the Bank;
   2. Entities Affiliated with and agencies of eService,
   3. IT systems and IT services providers,
   4. entities providing eService with services necessary to perform the contract, such as handling of the eService helpline, handling complaints, accounting services, invoicing and settlement of contracts, testing the quality of service provided, enforcement of accounts receivable, and legal, analytical and marketing services,
   5. postal operators and couriers,
   6. banks with regard to payment.
   7. authorities entitled to receive your data on the basis of legal provisions.
7. Your personal data will be transferred to IT service providers located outside the European Economic Area (EEA), i.e. in the USA, as part of the Privacy Shield. Based on the EC decision regarding Privacy Shield, the US has been recognised as a state that provides an adequate level of personal data protection up to the level of protection applicable in the EEA with respect to entities included in the list of entities participating in the Privacy Shield programme.
8. Your personal data will be processed for the duration of the contract, and in the case of optional data - until your consent is withdrawn, but not longer than for the duration of the contract. The period of personal data processing may be extended each time for a period of limitation of claims, should the processing of your personal data be necessary to assert any claims or to defend against such claims by eService. After this period, the data will be processed only to the extent and for the time required by law, including accounting regulations. To the extent that the data are processed in order to direct marketing content to you, the data will be processed until you withdraw your consent or object to such processing.
9. You shall have the right to withdraw each and every consent granted at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. For evidential purposes, a statement of withdrawal of consent should be sent in writing to the address of the registered office or by e-mail at gdpr@eservice.com.pl.rodo@eservice.com.pl
10. You have the right: of access to the data content, to rectification, to erasure, to restriction of processing, to data portability and to object to the processing of personal data.
11. You are also entitled to lodge a complaint with the supervisory body for personal data protection should you feel that the processing of your personal data violates the provisions of Regulation 2016/679.
12. You are entitled to object to the processing of personal data based on the legitimate interest for reasons relating to your particular situation. For evidential purposes, the objection should be made in writing to the address of the registered office or by e-mail at gdpr@eservice.com.pl. rodo@eservice.com.pl
13. Providing personal data required by eService is necessary for the conclusion and performance of the contract. Failure to provide your personal data will result in the inability to conclude a contract. In the case of personal data marked as optional, their provision is voluntary.
14. More information on the processing of personal data by eService and your rights can be found in the Privacy Policy section on eservice.pl website.

Privacy policy

Transparency Policy 2018

Information clause for merchant