PRIVACY AND COOKIES POLICY
This document defines the rules for processing personal data and using tracking technologies within the Polishtax.com portal. All data processing activities are strictly tailored to the specific nature of professional accounting services, VAT compliance (domestic and international), payroll calculation, and comprehensive HR and payroll outsourcing for both Polish and foreign entities. The Administrator ensures the highest standard of protection for financial, employee, and business information, acting in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and applicable national laws.
§ 1. General Provisions
1. The Administrator of the personal data of the Polishtax.com website users is the company INTERTAX P.S.A. established and operating under the laws of Poland (hereinafter referred to as the “Administrator”).
2. Contact with the Administrator regarding personal data protection and the exercise of user rights is possible via e-mail at: ado@polishtax.com or by post to the registered corporate address of the company.
§ 2. Purposes and Legal Bases for Data Processing
The Administrator processes personal data within the portal for the following business and operational purposes:
| Processing Purpose and Operational Context | Legal Basis (GDPR) |
| Handling of inquiries, cost estimates, and commercial offers (contact forms, direct e-mail inquiries regarding VAT compliance, accounting, or HR & payroll outsourcing for domestic and foreign corporate clients). | Article 6(1)(b) GDPR (steps at the request of the data subject prior to entering into a contract) and Article 6(1)(f) GDPR (legitimate interest – defense against potential legal claims). |
| Execution and performance of outsourcing contracts for accounting, VAT compliance, and HR & payroll services (including processing contact data of clients, partners, and data strictly necessary for financial and employee settlements). | Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(c) GDPR (compliance with a legal obligation to which the Administrator is subject, in particular tax regulations, the Accounting Act, and labor law). |
| Maintaining professional business relations and market education (distribution of a dedicated corporate newsletter containing tax updates, changes in VAT regulations, and labor law insights). | Article 6(1)(a) GDPR (voluntary, informed, and unambiguous consent of the user for marketing and informational communication). |
§ 3. Data Retention Period
1. Data processed for handling commercial inquiries are stored for the period necessary to prepare the offer and conduct business negotiations, and after their completion – for the limitation period of commercial claims (typically up to 3 years).
2. Data related to the execution of accounting and HR/payroll contracts are stored for the duration of the cooperation, and thereafter for the period required by statutory law (5 years from the end of the tax year for tax and accounting documentation, and for HR and payroll records – in accordance with mandatory labor law retention periods).
3. Data processed based on consent (newsletter) are processed until such consent is withdrawn by the user.
§ 4. Categories of Data Recipients
1. In order to ensure proper service delivery, data may be shared with external entities supporting the Administrator: providers of HR/payroll and financial-accounting software, IT infrastructure operators (secure hosting, CRM systems), and public authorities entitled to receive data under separate laws (e.g., Tax Offices, Social Insurance Institution – ZUS) within the scope of executing contracts with clients.
2. Any entrustment of personal data to technical sub-processors (IT) is carried out strictly on the basis of rigorous Data Processing Agreements (DPAs).
§ 5. Planned and Potential Use of Artificial Intelligence (AI) Systems
1. The Administrator informs that currently no automated artificial intelligence (AI) systems are used within the Polishtax.com portal to process users’ personal data.
2. In the event of a decision to deploy AI-powered solutions in the future (such as assistant chatbots, automated inquiry segmentation, or smart cost estimation forms), the Administrator undertakes to strictly comply with the EU Artificial Intelligence Act (AI Act) and the following principles:
• Security and Confidentiality: All AI tools will be implemented within closed and secure environments of the Administrator’s IT infrastructure, based on DPAs preventing the use of commercial or HR/payroll data of clients to train external public models.
• Principle of Transparency: The user will be clearly notified that they are interacting with an automated system (AI) and not with a human employee of the Administrator.
• Prohibition of Automated Decision-Making: AI tools will serve an exclusively auxiliary and informational function. No decisions producing legal effects or significantly affecting users (including final financial calculations or binding commercial offers) will be made in an automated manner without human intervention and verification by an employee of the Administrator.
§ 6. Data Transfers Outside the European Economic Area (EEA)
1. Due to servicing foreign clients and utilizing global cloud-based solutions supporting the website operation, data may be transferred outside the EEA.
2. These transfers are executed exclusively in compliance with the highest security requirements, based on Standard Contractual Clauses (SCCs) approved by the European Commission or within the framework of the Data Privacy Framework.
§ 7. Cookies and Website Analytics
1. The Polishtax.com website uses cookies (technical, analytical, and marketing) to optimize page display, ensure form security, and analyze website traffic.
2. In accordance with 2026 requirements, analytical and marketing cookies are activated only after the user grants explicit, active consent via the Consent Management Platform (CMP) banner. Technical cookies, necessary for the basic operation of the website, function by default.
3. The user can independently manage cookie settings or withdraw consent at any time through the website’s configuration options.
§ 8. Rights of the Data Subjects
Every individual whose data is processed by the Administrator has the right to:
• Object to processing based on the legitimate interest of INTERTAX P.S.A.
• Access the content of their data and receive a copy thereof,
• Rectify (correct) and erase data (“the right to be forgotten”),
• Restrict data processing,
• Data portability,
§ 9. Supervisory Authority
The user has the right to lodge a complaint with the competent supervisory authority – the President of the Personal Data Protection Office (uodo.gov.pl – ul. Stawki 2, 00-193 Warsaw, Poland) if they consider that the processing of their personal data violates the provisions of the GDPR.
