Privacy Policy

1. [Administrator] The Data Controller is Narmox Sp. z o.o., KRS: 0000449823, NIP: 8943044268 (hereinafter referred to as the “Controller”).

2. [Contact Information] All inquiries and information regarding personal data may be sent via email to: contact@leanshaman.com.

3. [Categories of Processed Data] We process data of our Clients or contractors, as well as their employees / collaborators and other persons whose data have been provided to us in connection with the performance of contracts or who have contacted us by phone, email, or via the contact form on our website— particularly before entering into a contract or in relation to its performance.

4. [Types of Processed Data] In connection with the above relationships, we may process the following personal data: identification data, contact details, job position and professional authorizations, and other data provided to us in connection with cooperation or initiated contact.

5. [Source of Data] The above data are obtained directly from you or from other persons, e.g., from your employers or clients—particularly when individuals are designated as contacts responsible for the performance of a given contract.

6. [Purpose of Data Processing] In connection with our relationships, we process personal data for the following purposes:

• to initiate cooperation;
• to conclude and perform contracts;
• to settle and account for contracts;
• to respond to inquiries or requests and to maintain further correspondence / contact before or after entering into a contract;
• to defend against potential claims or to pursue claims if necessary;
• to fulfill our legal obligations (e.g., tax, accounting, complaint handling);
• to settle and account for the contract;

7. [Legal Basis] The legal basis for processing data by the Controller is:

• necessity for the performance of a contract or to take steps prior to entering into one (Article 6(1)(b) GDPR);
• compliance with our legal obligations (Article 6(1)(c) GDPR);
• legitimate interests of the Controller, including maintaining contact, corresponding with clients, and defending against potential claims (Article 6(1)(f) GDPR).

8. [Voluntary Provision of Data] Providing data is generally voluntary, but may be necessary to conclude or perform a contract, to respond to an inquiry, or to maintain correspondence, including returning contact.

9. [Data Retention Period] Data collected for the purpose of concluding and performing a contract will be processed for the duration of the contract or until you object to the processing when the legal basis is our legitimate interest, unless legal provisions (e.g., archiving, tax, or accounting laws) require longer retention or we store them longer in case of potential claims— for the limitation period provided by law, whichever is longer.

10. [Data Recipients] Your data may be shared with providers of IT and email services, companies supporting and maintaining our tools and IT systems (e.g., software service providers, hosting companies, Workspace-type business service providers), accounting firms, and professional advisors (e.g., law firms). Data may also be transferred to banks when financial settlements are made.

11. [Transfer of Data Outside the EU] Personal data will not be transferred to a third country (outside the EU) or to an international organization and will not be processed by the Controller in an automated manner, including profiling.

12. [Rights of Individuals] In all cases, you have the right to:

• access your data (including, for example, information on which data are processed);
• request correction or restriction of data processing (e.g., if the data are incorrect);
• request erasure of data (e.g., if they were processed unlawfully);
• data portability;
• object to processing based on legitimate interests pursued by the Controller;
• lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office.