Identity of the Controller
The Data Controller is the Head of the National Revenue Administration, having a registered office in Warsaw (00-916), ul. Świętokrzyska 12.
Contact details of the Controller
The Data Controller can be contacted in writing at the address of the Controller’s registered office.
Contact details of the Data Protection Officer
The Head of the National Revenue Administration has appointed a Data Protection Officer, who can be contacted by e-mail at IOD@mf.gov.pl. The Data Protection Officer can be contacted in all matters concerning the processing of personal data and the exercise of rights relating to the processing of data.
Purposes of the processing and legal basis
Personal data are processed for the purpose of performing the Controller’s statutory tasks under the law, including but not limited to:
- collection and reimbursement of taxes and duties and enforcement of State Treasury receivables;
- control of foreign trade in goods;
- combating fiscal, financial and cross-border crime, including money laundering and terrorist financing;
The processing of your personal data is necessary to provide you with access to the functionalities and services of the e-Urząd Skarbowy portal, and to ensure that the Controller provides services and support for the taxpayer and payer in the proper performance of their tax obligations.
In accordance with the law, your personal data can be made available and transferred to public administration bodies, services, courts and prosecutors’ offices.
Transfer of personal data to a third country or international organisation
Your personal data may be provided to the entities entitled to receive your data, including non-EU third countries, in justified cases and on the basis of applicable laws.
Data retention period
Your personal data will be retained for as long as necessary to achieve the purposes of the processing, but not less than the period specified in the provisions on record keeping.
Rights of data subjects
You have the right:
- to access your data, with the reservation that the provided personal data may not disclose any classified information or violate legally protected secrets which the Controller is obliged to keep, and subject to Article 5 of the Act of 10 May 2018 on the protection of personal data;
- to request their rectification;
- to restrict processing.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the data protection supervisory authority of your Member State of habitual residence, place of work or place of the alleged infringement:
President of the Office for Personal Data Protection
Address: Stawki 2, 00-193 Warsaw
Phone: 22 531 03 00
Source of origin of personal data
Data come from data subjects and from institutions and bodies on the basis of the provisions of the law.
Information on the freedom or obligation to provide data
The provision of personal data is obligatory under the law.
Automated decision-making and profiling
The processing of your data may be automated, which may involve automated decision-making, including profiling, by the Controller under the applicable law. This applies to the following cases:
- assessing the risk of infringement of the law where such assessment is made on the basis of the data declared in the submitted documents, based on established criteria;
- assessing the risk of infringement of the law where such assessment is made on the basis of the data obtained from publicly accessible registers and social media portals based on established criteria.
The assessment carried out in the above cases results in automatic inclusion in a risk group; inclusion in an unacceptable risk group may result in changing the relationship and taking additional steps provided for by the law.