The controller of your personal data is:

All Overseas Services Sp. z o.o.

ul. Szlak, 77/222,

31-153, Krakow, Poland

Email: ops@alloverseas.pl

2. What personal data we may collect

Depending on how you interact with us, we may process the following categories of personal data:

We process only the data reasonably necessary to operate, secure, and administer the Website and to respond to business inquiries.

3. Sources of personal data

We collect personal data:

*directly from you (for example when you email us or submit an inquiry);

*automatically through your use of the Website (for example technical logs);

*in some cases, from your company or colleagues where they provide your details in connection with a business inquiry or assignment.

4. Purposes of processing and legal bases

We process personal data only where we have a lawful basis under the GDPR.

a) To respond to inquiries and service requests

We process personal data to:

*review and respond to inquiries;

*prepare and discuss possible service scope;

*communicate before a potential engagement.

Legal basis:

*Article 6(1)(b) GDPR — processing necessary to take steps at your request prior to entering into a contract;

and/or

*Article 6(1)(f) GDPR — our legitimate interest in handling business inquiries and maintaining business communications.

b) To manage business communications and operational follow-up

We process personal data to:

*communicate with business contacts;

*organise follow-up regarding inquiries;

*maintain records of communications relevant to our services.

Legal basis:

*Article 6(1)(f) GDPR — our legitimate interest in managing business relationships and communications.

c) To operate, secure, and administer the Website

We process limited technical data to:

*keep the Website available;

*maintain security;

*detect abuse, fraud, or technical problems.

Legal basis:

*Article 6(1)(f) GDPR — our legitimate interest in operating and securing the Website.

d) To comply with legal obligations

Where necessary, we may process personal data to comply with applicable legal, regulatory, accounting, tax, or record-keeping obligations.

Legal basis:

*Article 6(1)(c) GDPR — compliance with a legal obligation.

e) Cookies and similar technologies

Where we use non-essential cookies or similar technologies (for example analytics, marketing, or third-party preference tools), we will rely on your consent before setting them.

Legal basis:

*Article 6(1)(a) GDPR — consent, where required.

Under EU online privacy rules, non-essential cookies must not be set before consent is obtained; strictly necessary cookies may be used without prior consent.

5. Recipients of personal data

We may share personal data only where necessary and only with appropriate safeguards, including:

*IT hosting, infrastructure, and website support providers;

*email and communications providers;

*professional advisers (for example legal, compliance, or accounting advisers), where necessary;

*local agents, counterparties, or service providers, but only where relevant to a specific operational inquiry or engagement;

*competent public authorities, regulators, courts, or law-enforcement bodies where disclosure is required by law or necessary to establish, exercise, or defend legal claims.

We do not sell personal data.

6. International data transfers

Some of our service providers may process personal data outside the European Economic Area (“EEA”).

Where personal data is transferred outside the EEA, we will ensure that an appropriate transfer mechanism under Chapter V GDPR is used, such as:

*an adequacy decision by the European Commission; or

*the European Commission’s standard contractual clauses, where applicable.

You may contact us if you would like more information about the safeguards used for a specific transfer, where required.

7. Data retention

We keep personal data only for as long as reasonably necessary for the relevant purpose, including:

*inquiries and initial business correspondence: for as long as needed to respond, assess, and follow up on the request, and for a reasonable period afterward to manage business records;

*contractual or operational records (if an engagement proceeds): for the duration of the engagement and any applicable limitation, accounting, tax, or record-keeping period;

*technical logs: for as long as reasonably necessary for security, diagnostics, and system administration;

*consent-based processing (if any): until consent is withdrawn or the data is no longer needed for that purpose.

Where retention is required by law, we retain data for the legally required period.

8. Your rights under the GDPR

Subject to the conditions and limitations in applicable law, you may have the right to:

*be informed about how your personal data is processed;

*obtain access to your personal data;

*request rectification of inaccurate or incomplete data;

*request erasure of your personal data;

*request restriction of processing;

*object to processing based on legitimate interests;

*receive data portability where applicable;

*withdraw consent at any time, where processing is based on consent.

These are the core GDPR rights available to individuals.

To exercise your rights, please contact us at: ops@alloverseas.pl

9. Right to lodge a complaint

If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with a competent supervisory authority.

If AOS is your relevant controller in Poland, the competent supervisory authority is the:

Personal Data Protection Office (UODO)

Urząd Ochrony Danych Osobowych

ul. Stanisława Moniuszki 1A

00-014 Warsaw

Poland

Website: https://uodo.gov.pl/

You may also lodge a complaint with the supervisory authority in the EU/EEA country of your habitual residence, place of work, or place of the alleged infringement, where applicable under the GDPR.

10. Cookies

This Website uses only strictly necessary technical cookies or equivalent technologies required for security, load balancing, or core website functionality. These do not require prior consent under applicable EU rules.

If we later introduce non-essential cookies (for example analytics or marketing cookies), we will update this Privacy Policy and request consent before setting them.

11. No automated decision-making

We do not use personal data obtained through the Website for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The version published on the Website at the time of access applies. The “Last updated” date above shows when the current version took effect.

13. Contact

For privacy-related questions or requests, contact:

All Overseas Services Sp. z o.o.

Email: ops@alloverseas.pl