Data security is of the highest priority to Dealable24 Sp. z o.o. (NIP: 5273110150) located at Marcina Kasprzaka 29 / 318, 01-234 Warsaw, Poland. The fundamental principles laid out in the General Data Protection Regulation (EU) 2016/679 (GDPR) form the basis of our dedication to privacy. These principles underpin all of our internal procedures and guide our decisions on the treatment of your personal information. Here you will find a comprehensive overview of each principle, together with details on how it is put into practice and your rights as a data subject. Our Privacy Policy goes into great detail about specific data processing procedures and security measures, so be sure to read it.
All of our dealings with your personal data are open, transparent, and done in accordance with the law. As a data subject, this means that all processing of your information is carried out in an open, transparent, and lawful manner. The following processes are carried out in conformity with this principle:
Transparency: We will only collect and use your personal information where there is a clear and valid purpose to do so. To rephrase, we strictly follow all legal requirements when handling any data. Our legal grounds do not infringe upon your rights and include, but are not limited to, your informed consent (where required), contractual performance, compliance with the law, or our legitimate business interests. At all times, you will be informed of the legal basis for the processing of your data.
As far as data processing is concerned, we take equality extremely seriously. What this means is that we will not use any information we obtain dishonestly against you. When asked why or how we intend to use the information we collect, we will never intentionally mislead you. In addition, we think about what's best for you and your interests; for example, we make sure that no matter what the terms of service say, you can always access your data without any problems. The purpose of data processing is to prevent unauthorized access to your personal information.
Being forthright about the purpose and means of utilizing your data is important to us. The processing information is presented in simple terms, free of needless legalese. If you want to know what data we collect, why, and how we use it, you can always look at our privacy policy or other warnings. In order to shed light on things when you need it, we use a multi-pronged approach, drawing attention to key aspects while providing details through supplementary links or tooltips. We update our information periodically so that you are always up-to-date on any significant changes. You can be certain that your personal information is processed accurately because of this transparency.
Before we collect and use your personal information, we will let you know what those specific, predetermined, and legally required purposes are. This means that the data collected from you will only be used for its intended purpose. We will never use a customer's personal information in a way that goes against its intended use. For example, if you provide us with your email address to get service updates, we will not share it with a third party for advertising purposes without your explicit consent. In our internal and public records, including the Privacy Policy, we explain the reasons for collecting certain data and every processing purpose is well-documented. If the data's use is to change from its original intent, we will either seek your explicit approval beforehand or provide an alternative legal basis for processing. You may rest assured that your personal information will only be used as intended and not in any unexpected or excessive ways.
We adhere to the data minimization principle, which entails collecting no more personal information than is strictly necessary for the purposes of the specified processing. Here is how this is actually implemented:
In order to finish a contract or provide the requested service, we only ask for the absolute minimum of information. The purpose of the surveys and forms on our website is not to collect irrelevant information. We will not ask for unnecessary information if registering for a webinar simply requires your name and email address.
By sticking to the "nothing extra" principle, we lessen the risks to your privacy. As more data is processed and stored, the likelihood of leaks or unauthorized access diminishes. The information we collect isn't done "just in case," but rather with an eye toward its potential utility down the road. A distinct requirement underpins each and every one of your requests for data.
Furthermore, we review the data we collect on a regular basis, removing any unnecessary requests or variables. So, in every engagement, we make sure to only ask for the information that is truly necessary to achieve the specified goals.
Ensuring the precision and currency of personal information is another crucial principle that we uphold. Because this affects the quality of our services and the trust you place in us, we do all in our power to maintain accurate, complete, and current information about you. Accuracy is ensured by implementing the following procedures:
Updates on a Regular Basis: If your contact information (name, address, phone number, etc.) changes, we will update our records accordingly. We want to stay away from decisions that are based on information that is either erroneous or out of date.
You can always contact us if any of your information is inaccurate or out-of-date, and we will promptly correct it. Furthermore, we offer simple ways for you to inform us of any errors, and we fully honor your right to have incorrect data updated.
When the accuracy of data is vital, as in financial transactions or the provision of services that are required by law, we may take further measures to verify and validate the information. This may necessitate requesting supplementary materials or verifying details with you. By following all of these procedures, we ensure that the data stored in our databases is accurate.
The General Data Protection Regulation (GDPR) requires the immediate deletion of any inaccurate, incomplete, or otherwise unfixable data. We adhere to this policy: to prevent any possible harm, we will delete any data that is considered incorrect for processing reasons and cannot be corrected immediately.
Your help is also necessary to keep things accurate. If you need any of your personal information updated or amended, please inform us. Your initiative is greatly appreciated, since accurate data is critical for providing effective service and safeguarding your rights.
We will not store any personal information for longer than is necessary to achieve the goals that originally prompted its collection. After a certain amount of time has passed, all data is either anonymized or securely deleted in accordance with the storage limitation idea. We ensure this by doing this:
Clearly Defined Retention Periods: Processing goals, contractual and legal obligations, and applicable legal requirements are considered when determining the appropriate retention timeframes for various types of personal data. For example, transaction data may be maintained indefinitely to comply with accounting or tax regulations, whereas data collected for a one-time service will be preserved for a shorter duration. We adhere strictly to our internal procedures, which detail all retention durations.
Regular Reviews: Our data retention standards are reviewed regularly to ensure they are up-to-date. When laws or business practices change, we adjust the amount of time that data is kept. Personal data that is no longer required can be located with the use of these audits. We perform audits to identify any data that is no longer needed or is out of date, and if we uncover any, we delete it.
Secure Deletion: When the retention periods expire (or earlier if data is no longer needed), we securely delete it in a way that cannot be recovered or identified. If immediate deletion is not feasible due to technical constraints, we will anonymize the data (i.e., remove it from your identity) before deleting it if it is practical. The only way we can store the data beyond the set retention period is if it is legally permitted to do so. This includes situations where the data needs to be preserved for archival reasons in the public interest or for scientific or statistical purposes, as outlined in Article 89(1) GDPR. Our appropriate confidentiality safeguards are in place even in these cases.
By gradually decreasing the retention period of personal data, we lessen the likelihood of data misuse or susceptibility to breaches. You can have faith that we never miss a deadline and never store your data for longer than is strictly required.
Your personal information is protected from disclosure, alteration, unauthorised access, and destruction by taking every measure to ensure its confidentiality and integrity. To completely implement this data security strategy, both technical and organizational measures are used. To keep your data secure, we do the following:
We use state-of-the-art security technology like firewalls, intrusion detection systems, antivirus software, data encryption, and more to keep your personal information safe. These measures are suitable in light of the risks involved, the kind of data being processed, and the amount of data being processed. One example is the use of encryption to protect sensitive data, which ensures that only allowed individuals can access the systems that store personal information. We routinely upgrade security measures and perform risk assessments to counter emerging threats. We routinely scan our IT infrastructure for security holes and patch them as soon as we find them.
Organizational Measures and Access Control: Our data management is accompanied by strict organizational rules and state-of-the-art technology. Following the "least privilege" concept, no one other than employees or approved third parties will have access to your personal information unless absolutely necessary to carry out their duties. Each worker knows their role and responsibilities when it comes to data security, and they get regular training on the subject. By requiring all employees and outside contractors to sign non-disclosure agreements (NDAs), we ensure that any information that could be considered sensitive will be kept confidential. Training sessions and briefings on data protection best practices are held frequently to ensure that personnel are informed of the current dangers and protective actions.
Response and Monitoring of Incidents: We have established internal procedures to deal with security incidents. In the extremely uncommon case of a data breach or integrity violation, our reaction plan involves swiftly mitigating vulnerabilities and, if required by law, notifying supervisory authorities and impacted data subjects. To ensure that this does not happen again, we document every occurrence that involves personal data and look into what went wrong. Penetration testing, internal and external audits, and other evaluations are conducted often to assess our security system and ensure that our standards are strong and up-to-date.
By adhering to this principle, we can assure you that your personal data will be processed and stored with the utmost care. Data integrity ensures that information remains accurate and unmodified within the system, while confidentiality ensures that no unauthorized parties can access the information. Together, these protections allow us to maintain a high level of trust and security.
In order to demonstrate compliance with GDPR requirements, Dealable24 Sp. z o.o. is well-aware of the necessity to do so. In addition to playing by the rules, we may provide actual, confirmed evidence of our compliance, as per the accountability principle. Here is how our company enforces responsibility:
Built-in compliance: All of our business processes are now GDPR compliant. Data protection guidelines are known to and followed by every employee that handles personal information. Everyone on staff is aware of our data collection, usage, transfer, and storage rules and processes. Guaranteeing consistently high standards of data handling across the board, our organizational culture is well rooted in GDPR principles.
We conduct risk assessments and internal audits on a regular basis to ensure that our processes are in line with GDPR requirements, and we bring in outside auditors when necessary. Audits look for any security and privacy risks and take corrective measures based on audit findings. Whether it's new threats, increasing data quantities, or changes to legislation, this strategy of constant monitoring and enhancement allows us to keep data protection measures current and swiftly adapt to changes.
We invest in staff education on data privacy problems through training and raising awareness. Newsletters, knowledge tests, and training sessions are organized on a regular basis to keep everyone informed about the latest needs and advancements in the area. Because people's actions may make or break data security, we encourage an environment where everyone knows what they need to do.
Reporting preparedness: At any moment, we can demonstrate to you and the appropriate authorities that we have complied with GDPR. If you have any questions or concerns regarding your data, you can contact us and we will gladly answer them in an honest and transparent manner. Similarly, in the event of a supervisory audit, we have protocols and records prepared to back up our responsibility. Our company is built around the principle of accountability because we know that it immediately impacts the trust our clients have in us.
If there is a change to our data processing practices, legislation, or regulatory requirements, we may update or amend this document to reflect the change. This page will be updated whenever there is a new post, and the date of the last post (down below) will be changed accordingly. To keep yourself informed about the most recent version of our GDPR compliance requirements, we recommend monitoring this area periodically. Keep in mind that this document is meant to enhance our Privacy Policy and other pertinent materials, not to replace them. The Privacy Policy shall govern in the event of any conflict. This informative paper aims to clarify our approach to GDPR compliance.
If you would like more information about our data privacy practices or have any questions, comments, or concerns, please contact us. Thanks for taking the time to provide feedback; we're here to help whenever you need us.
Company: Dealable24 Sp. z o.o.
Email: contact@equilex.co
Phone: +48 791 327 985
Address: Marcina Kasprzaka 29 / 318, 01-234 Warsaw, Poland
We strive to respond to every inquiry as soon as possible and provide detailed responses. When you seek information about your data or exercise your rights, we will respond within the timeframe specified by GDPR, which is typically one month. Your confidence in Dealable24 Sp. z o.o. to keep your information secure is greatly appreciated, and we will continue to work hard to justify it.
Your trusted partner for MIP registration, compliance, and fintech consulting in Poland and across the EU.
This website offers professional consulting services and does not provide financial services to consumers
© 2026 Dealable24 Sp. z o.o. All rights reserved.