Privacy policy

The Administrator of the Website is Quadra Underwriting sp. z o. o. with its registered office in Warsaw (00-893) at ul. Ogrodowa 31/54; registered in the National Court Register under number KRS 0000916353, Tax ID: 5223208059.

1. User – any natural person visiting the Internet Domain or using one or more services or functionalities described in the Privacy Policy;

2. Processor – a natural person or legal entity or an organizational unit without legal personality that processes personal data on behalf of the Administrator;

3. Personal data – all information about an identified or identifiable natural person through one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected through cookies and other similar technology;

4. Recipient – a natural person or legal entity or an organizational unit without legal personality to whom personal data is disclosed, regardless of whether it is a third party. Public authorities that may receive personal data as part of proceedings in accordance with European Union law or the law of a Member State are not, however, considered recipients; the processing of personal data by these public authorities must comply with data protection regulations applicable according to the purposes of processing;

5. Processing – an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

6. Privacy Policy – this Privacy Policy;

7. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

8. Internet Domain – website placed on the domain at URL https://quadra.com.pl

9. Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, Personal data transmitted, stored or otherwise processed;

10. Supervisory Authority – means an independent public authority established by a Member State, which in Poland is the President of the Personal Data Protection Office with its seat in Warsaw, ul. Stawki 2.

11. Cookies – information about the processing of data obtained by QUADRA 

1. The Administrator takes adequate measures to provide, in a concise, transparent, intelligible and easily accessible form, using clear and plain language, any information to the data subject and to communicate with them regarding processing and to ensure that the personal data of the data subject is processed lawfully, fairly and in a transparent manner.

2. The Administrator exercises due diligence to ensure that personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes, and that the personal data of the data subject is adequate, relevant and limited to what is necessary for the purposes for which it is processed. 

3. If such a need arises, the Administrator ensures that the personal data undergoing processing is updated. To this end, the Administrator will take all reasonable steps to ensure that personal data that is inaccurate in light of the purposes of its processing is erased or rectified without delay. 

4. The Administrator exercises due diligence to ensure that personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed and that personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

5. The Administrator processes personal data lawfully when at least one of the following conditions is met:

a. the data subject has given consent to the processing of their personal data for one or more specific purposes;

b. processing is necessary for compliance with a legal obligation to which the Administrator is subject, 

c. processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Internet Domain and the provision of personal data by the User is generally voluntary, except for the following exceptions:

a. conclusion of a contract with the Administrator – then the provision of personal data is required for the conclusion of the contract, and failure to provide it results in the inability to conclude it; The detailed scope, purpose and time of processing personal data by the Administrator is contained in the further provisions of the Privacy Policy;

b. performance of the Administrator's statutory obligations – contained in generally applicable laws, in particular the Accounting Act(1), the Tax Ordinance Act(2), the Corporate Income Tax Act(3), the Value Added Tax Act(4).

 

1. To use the Internet Domain, it is not necessary to meet special technical conditions by a computer or other electronic device of the visitor allowing access to and use of the Internet.

2. QUADRA makes efforts to ensure that use of the Internet Domain is possible for Internet users using all popular web browsers, operating systems and device types.

3. For the best functioning of the Internet Domain, the use of the following is recommended: 

a. operating systems: 

1) Windows;

2) macOS and iOS; 

3) Android;

4) Linux.

b. web browsers:

1) Microsoft EDGE;

2) Mozilla Firefox;

3) Chrome;

4) Safari;

5) Opera.

4. The Internet Domain serves to provide information about QUADRA to visitors.

5. Use of the Internet Domain is free of charge.

6. The Internet Domain does not offer the possibility of account registration. No products are offered through the Internet Domain.

 

Personal data means any information that can be used to directly or indirectly identify a specific person. The following types of your personal data may be processed: IP address assigned to the computer or external IP address of the Internet provider, domain name, browser type, access time, operating system type.

 

QUADRA processes personal data only for specific and limited purposes, i.e.: for purposes arising from legitimate interests pursued by QUADRA or by a third party, i.e.:

• consisting in the operation of the Internet Domain – then the Administrator processes information about the User's device of the Internet Domain in order to ensure its correct operation, such as the computer's IP address, information contained in cookies or other similar technologies, data on activity on the Internet Domain, including on individual subpages (legal basis: Article 6(1)(b) GDPR);

• personal data as a User of the Internet Domain processed by the Administrator in connection with claims for the purpose of possible pursuing claims or defense against claims based on the legitimate interest of the Administrator and in accordance with applicable national law, in particular the Civil Code (legal basis: Article 6(1)(f) GDPR);

• maintaining statistics and analyzing traffic on the Internet Domain, which are necessary for processing data for purposes arising from the legitimate interests of the Administrator – consisting in maintaining statistics and analyzing traffic on the Internet Domain to improve the functioning of the Internet Domain and increase sales of Products and services (legal basis: Article 6(1)(f) GDPR);

 

1. Personal data of the User of the Internet Domain may be disclosed only to Processors pursuant to concluded personal data entrustment agreements for the purpose of providing services on behalf of the Administrator and to entities authorized to obtain personal data under applicable law (state authorities to which the Administrator is obliged to make disclosures, in particular the Ministry of Finance and other bodies of the National Tax Administration).

2. For the purpose of providing services on behalf of the Administrator, the personal data of the User of the Internet Domain is disclosed in particular to entities related to the Administrator, having a legitimate interest in processing personal data within the capital group, as well as entities providing services to the Administrator:

a. accounting, legal and advisory – to the selected provider acting on its behalf in the case and to the extent necessary to achieve the given data processing purpose in accordance with the Privacy Policy;

b. IT and hosting services and other technical and organizational services – only in the case and to the extent necessary to achieve the given data processing purpose in accordance with the Privacy Policy;

c. marketing – in the scope of Internet Domain management;

3. The entities referred to in paragraph 2 process data on the basis of a contract with the Administrator and only in accordance with the Administrator's instructions and generally applicable law.

4. Personal data of the User of the Internet Domain will not be processed in third countries.

 

1. All internet connections between the user's device and our service are protected by SSL/TLS protocol, which ensures encryption of transmitted data and prevents interception of information by unauthorized third parties.

2. QUADRA exercises due diligence in exercising protection over the personal data of the User of the Internet Domain against their improper use, interference, loss, unauthorized access, modification or disclosure.  QUADRA's actions include implementing appropriate access controls, investing in the latest IT security technologies to protect the IT environments used by QUADRA.

3. QUADRA maintains appropriate technical and organizational measures to protect against unauthorized or unlawful processing of personal data and/or against accidental loss, alteration, disclosure or access or accidental or unlawful destruction or damage of the personal data of the User of the Internet Domain. 

 

1. The time of processing personal data of the User of the Internet Domain by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the personal data of the User of the Internet Domain is processed for the duration of the service provision, until the withdrawal of consent given by the User or the submission by the User of an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator. 

2. The period of processing personal data of the User of the Internet Domain may be extended if processing of personal data is necessary to establish and pursue possible claims or defend against them, and after that time only if and to the extent required by law. After the processing period expires, data is finally deleted or anonymized. 

 

 

Below we present the rights of the User of the Internet Domain related to the processing of personal data:

1. the data subject has:

a. right to obtain access to data – every data subject is entitled to obtain from the Administrator confirmation as to whether personal data concerning them is being processed, and where that is the case, is entitled to access to it and information about the purpose of processing, categories of personal data, recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the right to request from the Administrator rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, as well as to object to such processing, if personal data has not been collected from the data subject – any available information about their source, information on automated decision-making, including profiling, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;

b. right to receive a copy of data – the Administrator shall provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Administrator may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested, the information shall be provided in a commonly used electronic form. The right to obtain a copy shall not adversely affect the rights and freedoms of others;

c. right to rectification – the User of the Internet Domain has the right to request from the Administrator without undue delay the rectification of personal data concerning them that is inaccurate. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing the Administrator with a supplementary statement in this regard;

d. right to erasure of data – the User of the Internet Domain has the right to request from the Administrator the erasure of personal data concerning them without undue delay, and the Administrator has the obligation to erase personal data without undue delay where one of the following grounds applies:

- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

- the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;

- the data subject objects to the processing;

- the personal data has been unlawfully processed;

- the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the Administrator is subject;

e. right to restriction of processing – the data subject has the right to request from the controller the restriction of processing where one of the following applies:

- the data subject contests the accuracy of the personal data, for a period enabling the Administrator to verify the accuracy of the personal data;

- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

- the Administrator no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;

- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject;

f. right to data portability – the data subject has the right to receive the personal data concerning them, which they have provided to the Administrator, in a structured, commonly used and machine-readable format and has the right to transmit those personal data to another controller without hindrance from the Administrator to which the personal data have been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means;

g. right to object – the data subject has the right to object at any time, on grounds relating to their particular situation, including profiling. The Administrator shall no longer process the personal data unless the Administrator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If, according to the assessment, the interests of the data subject will be more important than the interests of the Administrator, the Administrator will be obliged to cease processing personal data for these purposes. Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;

h. right to withdraw consent – at any time and without giving a reason, but the processing of personal data carried out before the withdrawal of consent remains lawful. Withdrawal of consent will result in the Administrator ceasing to process personal data for the purpose for which that consent was given.

2. The data subject, in order to exercise the above-mentioned rights, should contact the Administrator using the Administrator's contact details provided in the Privacy Policy and inform them which right and to what extent they wish to exercise.

3. A request regarding the exercise by the data subject of their rights as a data subject may be submitted: (i) in writing to the address: ul. Ogrodowa 31/54, 00-893 Warsaw (ii) by e-mail to: contact@quadrauw.eu

4. The data subject has the right to lodge a complaint with a supervisory authority, which in Poland is the President of the Personal Data Protection Office with its seat in Warsaw, ul. Stawki 2, who can be contacted:

a. by mail: ul. Stawki 2 00-193 Warsaw;

b. through the electronic mailbox: /UODO/SkrytkaESP;

c. by phone: (22) 531 03 00.

 

1. When using the Internet Domain, the following types of User's personal data may be processed: IP address assigned to the computer or external IP address of the Internet provider, domain name, browser type, access time, operating system type.

2. Navigation data may also be collected from persons visiting the Internet Domain, including information about links and references they decide to click or other actions taken on the Internet Domain.

3. As part of the operation of the Internet Domain, small Cookie files are used. They are saved by QUADRA on the end device of the person visiting the Internet Domain, if the web browser allows it. A cookie file usually contains the domain name from which it originates, its "expiration time" and an individual, randomly selected number identifying this file. Information collected using files of this type helps to adapt the Internet Domain to individual preferences and makes it possible to develop general visit statistics.

4. QUADRA uses two types of Cookie files:

a. Session Cookies: after the end of a given browser session or turning off the computer, the saved information is deleted from the device's memory. The session cookies mechanism does not allow downloading any personal data or any confidential information from the computers of visitors.

b. Persistent Cookies: are stored in the memory of the visitor's end device and remain there until they are deleted or expire. The persistent cookies mechanism does not allow downloading any personal data or any confidential information from the visitor's computer.

5. QUADRA uses its own Cookies for analysis and research as well as audience auditing, and in particular for creating anonymous statistics.

6. QUADRA uses external Cookies to collect general and anonymous statistical data through Google Analytics analytical tools (external cookies administrator: Google Inc with its seat in the USA);

7. Below we present how to change the settings of popular web browsers regarding the use of Cookie files:

a. Microsoft EDGE;

b. Mozilla Firefox;

c. Chrome;

d. Safari;

e. Opera.

1. The Privacy Policy may be changed, about which QUADRA will inform users of the Internet Domain in advance by at least 7 days.

2. Each User can contact the Administrator in the following way: 

a. at the mailing address: ul. Ogrodowa 31/54, 00-893 Warsaw

b. via e-mail: contact@quadrauw.eu

3. Date of last modification: 1.09.2025