DSA Form - CORAB

DSA information clause

Pursuant to Article 13(1) and Article 13(2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU.L.2016.119.1) (hereinafter referred to as the ‘GDPR’) in conjunction with Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act – DSA) (OJ. EU. L. of 2022. Issue 277, p. 1 as amended). Please be advised as follows:

1. The Controller of your data is CORAB SPÓŁKA AKCYJNA based in Olsztyn (10-547) at ul. Michała Kajki 4, entered in the Register of Businesses kept by the District Court in Olsztyn, 8th Economic Division of the National Court Register [KRS], under KRS number: 0000950779, REGON [Business ID]: 510519084, NIP (Tax ID): 7390207757l.

2. The Controller has appointed a Data Protection Officer (Ms Katarzyna Krzywicka). The Data Protection Officer is available at: ido@corab.com.pl on all matters concerning the processing of personal data and the exercise of the rights related to data processing.

3. The Controller processes the following personal data: name, surname, e-mail address, and other personal data that you provided to the Controller.

4. The personal data will be processed for the following purposes:

the fulfilment of the Controller's legal obligation under Article 16 (1), Article 16 (4), Article 16 (5) Article 16 (6) of the DSA involving the acceptance of a report from you via the form on your participation in the information hosting service which, in the opinion of the reporting party, constitutes illegal content, within the meaning of Article 3 (h) of the DSA; processing the report; informing you of the decision made by the Controller in respect of the report made; informing you that you may appeal against the decision made (basis: Article 6 (1)(c) of the GDPR);
fulfilment by the Controller of its legal obligation under Article 20 (1) of the DSA involving the acceptance of a complaint from you against one of the following decisions:
1. the decision of the Controller upon receipt by the Controller of your report as referred to in Articles 16 (5) and Article 17 of the DSA;
2. the decisions taken by the Controller due to the fact that the information provided by recipients constitutes illegal content or does not comply with the provider's terms of service: the decisions to erase the information or prevent access to it or restrict its visibility; the decisions to suspend or terminate the service, in full or in part, for its recipients; the decisions to suspend or terminate the recipients' account; considering a complaint, informing you of the outcome (basis: Article 6 (1)(c) of the GDPR);
in which, on the basis of any proceedings conducted before authorised public administration bodies, including law enforcement bodies, concerning the purposes or grounds for the processing of personal data referred to in letter a), the Controller will be required to process your personal data (basis: Article 6 (1)(c) of the GDPR);
moderating the content posted within the Controller's service so that the content posted on the service does not constitute illegal content or content that does not comply with the terms of using the service (basis: Article 6 (1)(c) of the GDPR);
the performance of reporting obligations pursuant to Article 15 of DSA (basis: Article 6 (1)(c) of the GDPR);
for archival (evidential) purposes, to protect information in the event of a legal need to prove facts, which constitutes the Controller’s legitimate interest (basis: Article 6 (1)(f) of the GDPR),
the establishment, investigation or defence against claims, if any, which is the legitimate interest of the Controller (basis: Article 6 (1)(f) of the GDPR).

5. The personal data may be transferred to authorised employees of the Company, external companies providing hosting services and entities that are administrators of the social media in which the Company makes posts, and other entities that process personal data on behalf of the Company, that is. service providers in the field of IT systems maintenance, data storage, marketing communication or postal services – with such entities processing data on the basis of an agreement with the Company and only in accordance with the Company's guidelines.

6. Your personal data may also be transferred by the Controller to courts or public administration authorities on the basis of the applicable legislation.

7. The data will be kept for the period necessary for processing the report, making an appeal against the report or a complaint, and for the duration of any other proceedings before the competent authority. After this time, the data will only be processed for the period and to the extent permitted by law, in particular until the expiry of the limitation period for claims, but no longer than 6 (six) years after the completion of the relevant activities.

8. The provision of your data is voluntary, but necessary to process the submitted report and complaint.

9. Personal data will not be subject to automated processing, including profiling.

10. You have the following rights related to the processing of your personal data:

The right to access personal data and receive a copy thereof,
The right to have your data rectified (corrected),
The right to have your data erased,
The right to restrict data processing,
The right to object to data processing based on a legitimate interest,
The right to data portability,
The right to lodge a complaint with the supervisory authority.

11. In order to exercise the foregoing rights, submit your request to the e-mail address provided hereinabove. Before you exercise your rights, the Controller will have to identify you properly.

12. Not all of the above rights will be available always and under all conditions. Some of the above rights are not absolute and you need a verification to exercise them.

Details of the reporting party

First name*

Surname*

Name of the organisation*

I am making a report as a trusted whistleblower*

The reporting party’s e-mail address*

We kindly request you to describe or provide a link/attach a screenshot of where the CORAB S.A. service is violated, together with information on who is committing the said violation:

Place of violation*

Allowed file formats are: JPG, JPEG, PNG, PDF, DOC and DOCX.

Attachment (max 10MB)

Please mention why you believe the content violates the law or the CORAB S.A. terms of service.

Grounds for the report*

I declare that I fully believe that the information and allegations contained in the report are correct and complete.*
The Controller of the data provided in the form is CORAB S.A., NIP [tax no.]: 7390207757. When you send a report, you provide us with your e-mail address and other data contained in the content of the report. The details on data processing are available in the Information Clause and Privacy Policy embedded on this website.

DSA information clause

The form for reporting illegal content or content that does not comply with the CORAB S.A. terms of service.

Details of the reporting party

Join the Corab newsletter