Privacy Policy

1. Introduction

Alien Affairs Sp. z o.o. ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our website https://alienaffairs.com/ and our professional services.

We are a Poland-based business consulting firm specializing in accounting, HR, and payroll services for foreigners running businesses in Poland. Together with our partner companies, we also provide limited liability company registration and residence permit application services.

2. Data Controller Information

Data Controller: Alien Affairs Sp. z o.o.

3. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

3.1 Contract (Article 6(1)(b) GDPR)

• Providing accounting, bookkeeping, and financial services
• HR and payroll processing services
• Company registration and business formation services
• Residence permit application assistance
• Client communication and service delivery

3.2 Legal Obligation (Article 6(1)(c) GDPR)

• Tax reporting and compliance (Polish Tax Code)
• Accounting record keeping (Polish Accounting Act)
• Anti-money laundering (AML) compliance
• Social security and employment law obligations
• Regulatory reporting to Polish authorities
• Court and legal proceedings compliance

3.3 Legitimate Interest (Article 6(1)(f) GDPR)

• Business development and client relationship management
• Quality assurance and professional liability protection
• Website analytics and service improvement
• Marketing communications to existing clients
• Fraud prevention and security measures
• Internal administration and record keeping

3.4 Consent (Article 6(1)(a) GDPR)

• Newsletter subscriptions and marketing communications
• Optional cookies and website analytics
• Testimonials and case study participation
• Photography for marketing purposes (with explicit consent)

3.5 Vital Interests (Article 6(1)(d) GDPR)

• Emergency situations requiring disclosure to protect health or safety

4. Categories of Personal Data We Process

4.1 Identity and Contact Information

• Full name, gender, date of birth, place of birth
• Nationality, citizenship status, residence status
• Address (current and previous), phone numbers, email addresses
• Identity document details (passport, ID card, residence permit)
• Emergency contact information

4.2 Professional and Business Information

• Employment history, job titles, professional qualifications
• Business activities, company ownership, directorship roles
• Income information, salary details, benefits
• Bank account details, financial statements
• Tax identification numbers (PESEL, NIP)
• Social security information (ZUS)

4.3 Financial Data

• Bank account information and transaction history
• Income and expense records
• Tax returns and supporting documentation
• Investment information and asset details
• Loan and credit information
• Accounting records and financial statements

4.4 Immigration and Legal Status

• Visa and residence permit information
• Work permit details and employment authorization
• Immigration history and legal status changes
• Supporting documentation for legal applications

4.5 Family and Personal Circumstances

• Marital status, spouse/partner information
• Dependent information (for tax and benefit purposes)
• Family income for immigration applications
• Personal circumstances affecting tax or legal status

4.6 Technical and Website Data

• IP address, browser type, device information
• Website usage patterns, page views, session duration
• Cookies and similar tracking technologies
• Communication preferences and history

5. How We Collect Personal Data

5.1 Direct Collection

• Service applications and client intake forms
• Face-to-face meetings and consultations
• Phone calls and email communications
• Document submissions and file uploads
• Online forms and questionnaires

5.2 Automatic Collection

• Website cookies and analytics tools
• Email tracking and communication logs
• System access logs and security monitoring
• Payment processing systems

5.3 Third-Party Sources

• Government agencies and official registers
• Banks and financial institutions
• Previous accountants or service providers (with consent)
• Business partners and referral sources
• Public records and databases

6. How We Use Your Personal Data

6.1 Service Delivery

• Accounting Services: Maintaining books, preparing financial statements, tax compliance
• Payroll Services: Salary processing, tax withholdings, social security contributions
• HR Services: Employment contracts, personnel records, compliance monitoring
• Business Registration: Company formation, legal documentation, regulatory filings
• Immigration Services: Residence permit applications, work permit processing
• Tax Services: Tax preparation, filing, planning, and representation

6.2 Legal and Regulatory Compliance

• Filing tax returns with Polish tax authorities
• Submitting payroll reports to ZUS (Social Security)
• Maintaining accounting records as required by law
• AML reporting and compliance monitoring
• Responding to government inquiries and audits
• Court proceedings and legal documentation

6.3 Client Relationship Management

• Communicating about services and account status
• Providing updates on law changes affecting clients
• Quality assurance and service improvement
• Professional development and training
• Client satisfaction surveys and feedback

6.4 Business Operations

• Internal administration and record keeping
• Professional liability and risk management
• Business development and marketing
• Website maintenance and improvement
• Security monitoring and fraud prevention

7. Data Sharing and Disclosure

7.1 Service Partners and Contractors

We may share your data with trusted partners who help us deliver services:

• Accounting Software Providers: For financial record processing
• Payroll Service Providers: For salary and benefit administration
• Legal Partners: For company registration and legal services
• Immigration Consultants: For residence permit applications
• Translation Services: For document translation
• IT Service Providers: For website and system maintenance

7.2 Government Authorities

We are legally required to share certain information with:

• Polish Tax Office (Urząd Skarbowy): Tax returns, financial data, compliance reports
• Social Security Institution (ZUS): Employment, salary, and contribution data
• Statistical Office (GUS): Business and employment statistics
• Immigration Authorities: For residence permit and work permit applications
• Courts and Legal Authorities: When required by law or legal proceedings
• Financial Intelligence Unit: For AML compliance and suspicious activity reporting

7.3 Professional Advisors

• Legal counsel for complex matters
• Professional auditors and compliance experts
• Insurance providers for professional liability coverage
• Regulatory bodies for professional standards compliance

7.4 Business Transfers

In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the new entity with appropriate safeguards.

8. International Data Transfers

8.1 Transfers Outside the EU/EEA

When we transfer personal data outside the European Union or European Economic Area, we ensure appropriate safeguards:

• Adequacy Decisions: Countries recognized by the European Commission as providing adequate data protection
• Standard Contractual Clauses (SCCs): EU-approved contracts ensuring data protection standards
• Binding Corporate Rules (BCRs): For transfers within multinational corporate groups
• Certification Schemes: Recognized data protection certifications

8.2 Specific Transfer Scenarios

• Cloud Storage: Secure servers with appropriate safeguards
• Software Services: Business applications with EU-based hosting or adequate protections
• Professional Networks: International accounting and legal networks with proper agreements

9. Data Retention Periods

We retain personal data only as long as necessary for the purposes outlined in this policy:

9.1 Accounting and Financial Records

• Minimum 5 years from the end of the financial year (Polish Accounting Act)
• Up to 10 years for certain tax-related documents
• Permanent retention for some corporate documents as required by law

9.2 Payroll and Employment Records

• 10 years for payroll records and social security documentation
• 5 years for employment contracts and HR documentation
• 50 years for certain pension and retirement-related records

9.3 Tax Records

• 5 years from the tax year end (standard retention)
• Up to 10 years for complex tax matters or ongoing disputes
• Indefinite for records related to ongoing legal proceedings

9.4 Business and Legal Documents

• 5 years for general business correspondence
• 10 years for contracts and legal agreements
• Permanent for company formation documents and statutory records

9.5 Marketing and Communications

• 3 years for marketing communications and preferences
• Until withdrawal for consent-based processing
• 6 years for contract-related communications

9.6 Website and Technical Data

• 2 years for website analytics and usage data
• 1 year for system logs and security monitoring
• Varies for cookies based on type and purpose

10. Your Rights Under GDPR

As a data subject, you have the following rights:

10.1 Right of Access (Article 15)

• Request copies of your personal data
• Information about how we process your data
• Details about data sharing and retention

10.2 Right to Rectification (Article 16)

• Correct inaccurate or incomplete personal data
• Update outdated information
• Add missing information

10.3 Right to Erasure/"Right to be Forgotten" (Article 17)

• Request deletion of personal data
• Limitations: We may retain data required by law or for legal proceedings

10.4 Right to Restrict Processing (Article 18)

• Limit how we use your personal data
• Maintain data without processing it
• Apply during dispute resolution

10.5 Right to Data Portability (Article 20)

• Receive your data in a structured, machine-readable format
• Transfer data to another service provider
• Applies to consent-based or contract-based processing

10.6 Right to Object (Article 21)

• Object to processing based on legitimate interests
• Opt-out of direct marketing communications
• Object to automated decision-making

10.7 Rights Related to Automated Decision-Making (Article 22)

• Not to be subject to solely automated decision-making
• Human review of automated decisions
• Contest automated decisions affecting you

10.8 Right to Withdraw Consent

• Withdraw consent for consent-based processing
• Does not affect lawfulness of previous processing
• Easy withdrawal process provided

11. How to Exercise Your Rights

To exercise your data protection rights:

Contact Methods:

Process:

• Submit Request: Clearly state which right you want to exercise
• Identity Verification: We may need to verify your identity for security
• Response Time: We will respond within one month (may be extended by two months for complex requests)
• Free of Charge: Most requests are processed free of charge
• Appeal Process: Contact supervisory authority if unsatisfied with our response

12. Cookies and Website Technologies

12.1 Types of Cookies We Use

Essential Cookies (No Consent Required):

• Website functionality and navigation
• Security and authentication
• Language preferences and accessibility settings
• Shopping cart and form data (if applicable)

Performance Cookies (Consent Required):

• Website analytics (Google Analytics, etc.)
• Performance monitoring and optimization
• Error tracking and debugging

Functionality Cookies (Consent Required):

• Personalization and user preferences
• Social media integration
• Live chat functionality
• Location-based services

Marketing Cookies (Consent Required):

• Advertising personalization
• Social media tracking
• Retargeting and remarketing
• Conversion tracking

12.2 Cookie Management

• Browser Settings: Configure cookie preferences in your browser
• Consent Management: Use our cookie consent banner to manage preferences
• Opt-Out: Disable non-essential cookies at any time
• Third-Party Cookies: Managed through respective third-party privacy settings

12.3 Third-Party Services

We use the following third-party services that may set cookies:

• Google Analytics: Website traffic analysis
• Google Maps: Location services and directions
• Social Media Plugins: Facebook, LinkedIn integration
• Communication Tools: Live chat, email tracking

13. Data Security Measures

13.1 Technical Safeguards

• Encryption: SSL/TLS encryption for data transmission
• Access Controls: Role-based access with strong authentication
• Firewalls: Network security and intrusion prevention
• Backup Systems: Regular, secure data backups
• Software Updates: Regular security patches and updates

13.2 Organizational Measures

• Staff Training: Regular data protection and security training
• Access Policies: Strict need-to-know access principles
• Confidentiality Agreements: All staff bound by confidentiality
• Incident Response: Procedures for data breach response
• Regular Audits: Security assessments and compliance reviews

13.3 Physical Security

• Secure Premises: Access-controlled office locations
• Document Storage: Locked filing systems and secure storage
• Device Security: Encrypted laptops and mobile devices
• Disposal Procedures: Secure destruction of sensitive documents

14. Data Breach Notification

14.1 Our Obligations

• Supervisory Authority: Report breaches within 72 hours to the Polish DPA
• Individual Notification: Notify affected individuals if high risk to rights and freedoms
• Documentation: Maintain records of all data breaches
• Investigation: Conduct thorough breach investigations

14.2 What We Will Do

• Immediate Action: Contain and assess the breach
• Risk Assessment: Evaluate potential harm to individuals
• Notification: Contact authorities and affected individuals as required
• Remediation: Implement measures to prevent future breaches
• Support: Provide assistance and guidance to affected individuals

15. Children's Privacy

15.1 Age Restrictions

• We do not knowingly collect personal data from children under 16
• Parental consent required for children under 16
• Special protections for children's data

15.2 Family Business Services

When providing services to family businesses:

• Parental Consent: Required for processing children's data
• Limited Processing: Only what's necessary for legitimate purposes
• Enhanced Protection: Additional safeguards for children's data
• Right to Object: Parents can object to processing at any time

16. Updates to This Privacy Policy

16.1 Policy Changes

• We may update this policy to reflect changes in law, regulations, or business practices
• Material changes will be prominently announced
• Continued use of services constitutes acceptance of updates
• Previous versions available upon request

16.2 Notification Methods

• Website Notice: Prominent announcement on our website
• Email Notification: Direct communication to active clients
• Service Communication: Updates during regular service interactions
• Legal Notice: Required notifications as per applicable law

17. Supervisory Authority

You have the right to lodge a complaint with the supervisory authority:

18. Professional and Industry Standards

18.1 Professional Obligations

Our data processing complies with:

• Polish Chamber of Accountants professional standards
• International Federation of Accountants (IFAC) guidelines
• Professional secrecy obligations under Polish law
• Audit and assurance standards for data handling

18.2 Industry Compliance

• Banking and Financial Services data handling standards
• Anti-Money Laundering (AML) compliance requirements
• Know Your Customer (KYC) verification procedures
• Professional liability insurance requirements

19. Multi-Language Support

19.1 Language Services

We provide services and communications in:

• English: Primary business communication language
• Bengali: For clients from Bangladesh and Bengali-speaking regions
• Hindi: For clients from India and Hindi-speaking communities
• Polish: For local regulatory and compliance requirements

19.2 Document Translation

• Certified Translations: Professional translation services for official documents
• Privacy Rights: Information about your rights available in your preferred language
• Legal Documents: Key legal information provided in understandable language
• Cultural Sensitivity: Culturally appropriate communication methods

20. Contact Information

For any questions about this Privacy Policy or our data processing practices: