Information on the processing of personal data of Document Recipients and Observers/Recipients on the AMODIT Trust Center Platform

Recipients of documents and Observers/Recipients

of documents on the AMODIT Trust Center Platform

Administrator and Data Protection Officer

1. The administrator of your personal data is ASTRAFOX Sp. z o.o., based in Warsaw (02-826) at Poloneza Street 93, phone: +48 22 355 21 60, email address: office@astrafox.pl, hereinafter referred to as the “Administrator” or “We”.

2. The Administrator has appointed a Data Protection Officer (DPO), whom you can contact regarding any matters related to the processing and protection of personal data by writing to the email address: iod@astrafox.pl.

Source of Data and Categories of Data

3. Your personal data, including your name, email address, phone number, company name, and position, were obtained from a User of the Amodit Trust Center Platform (this could be, for example, your contractor or employer), who directed a document to you for signing, observing, initialing, or downloading.

Purposes of Processing and Legal Basis for Processing

4. We process personal data to provide a trust service which includes:

a. Electronic identification of persons to whom documents have been directed for signing/initialing or downloading,

b. Enabling the placement of an electronic signature, initial on a document, or refusal to sign (if applicable),

c. Verification of the correctness of placing initials, electronic signatures (if applicable),

d. Ensuring the integrity of the document content and authenticity of the document’s origin.

5. The legal basis for processing your personal data for the above purpose is our legitimate interest (Art. 6(1)(f) of the General Data Protection Regulation, GDPR), which involves providing the trust service in accordance with the Amodit platform’s Terms of Service and the instructions of the Amodit Trust Center User who directed the document to you for signing, initialing, or downloading.

6. Personal data will also be processed for the purpose of potential claim pursuit and security or defense against claims, which constitutes a legitimate interest of the Administrator based on Art. 6(1)(f) GDPR.

Data Recipients

7. Recipients of your personal data may include entities providing IT services (software maintenance, server hosting), legal, advisory services to the Administrator under relevant agreements, and entities authorized to receive your personal data under applicable laws.

Retention Period

8. Personal data will be retained for the period necessary to achieve the indicated processing purposes but no less than the statute of limitations for claims.

Rights of Individuals

9. Under GDPR, you have the right to:

a) Access your data and request a copy (Art. 15 GDPR);

b) Request correction of your personal data (Art. 16 GDPR);

c) Request deletion of data (Art. 17 GDPR);

d) Request restriction of data processing (Art. 18 GDPR);

e) Object to the processing of your personal data based on legitimate interest (Art. 21 GDPR);

10. To exercise your rights, please contact the Administrator or Data Protection Officer at the email addresses indicated in points 1 and 2 above, or by mail to the Administrator’s address.

11. Every individual also has the right to file a complaint with the President of the Personal Data Protection Office if they believe that the processing of personal data concerning them violates GDPR provisions.

Information on the Absence of Profiling and Data Transfer Outside the EEA

12. Your personal data will not be subject to automated decision-making, including profiling, and will not be transferred outside the European Economic Area.