Information clause – Article 14 of GDPR

Dear Sir or Madam,

In accordance with the Regulation of the European Parliament and the Council of the European Union 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95 / 46 / WE ("GDPR"), we wish to inform you that information concerning your company, which can include personal data, can be found in Polish company databases and analytic tools built by InfoCredit since 1990.
We invite you to look up our Quick Report on your company free of charge. We’ll also readily update information on your company, so that potential partners can more easily reach you and get to know the profile of your activity. If you’re interested, we invite you to contact us at
The products offered by InfoCredit contribute to increasing the stability and security of business transactions.
Such products provide you and other InfoCredit customers with information on reliability and financial liquidity of counterparties, and thanks to that they help minimize the risk of establishing business relationships with unreliable partners. Because of the recurring VAT carousel frauds, InfoCredit products can also help with verifying potential clients, in accordance with Article 88, paragraph 3a(1)(a) and (4)(a) of the VAT Act.
Processing of personal data for the needs of the above products falls within the scope of InfoCredit's business activity disclosed in the Business Activity Register.
It should be noted that data processing is indispensable for InfoCredit to create and deliver such products to its clients. The products and services offered by InfoCredit include, among others:
  • assessment of the credibility of business entities,
  • risk assessment of commercial transactions,
  • developing commercial information and making it available to clients,
  • implementation of obligations resulting from legal provisions, including the Act of March 1, 2018 on counteracting money laundering and financing of terrorism,
  • preparation of market and statistical analyses, including for scientific research and preparation of publications.

Because we care for your personal data, we inform you that the company INFOCREDIT Iwona Surdykowska - Huk operating at the following address: ul. Foksal 10, 00-366 Warsaw, VAT number: 521-028-17-98 ("InfoCredit" or "Administrator") processes information from public and public sources (including the Internet), creating a database. This information may include data based on the Regulation of the European Parliament and the Council of the European Union 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95 / 46 / WE ("GDPR"), constitute personal data.

In connection with the above, with the basis of GDPR Article 14 §5b, we would like to inform you that:
  1. The administrator of your personal data is Iwona Surdykowska - Huk running a business under the name of: INFOCREDIT Iwona Surdykowska - Huk at: ul. Foksal 10, 00 - 366 Warsaw, with the NIP number: 521-028-17-98 and REGON: 002184381. The Administrator can be contacted in writing, by traditional mail sent to the following address: ul. Foksal 10, 00 - 366 Warsaw and by e-mail at the following address:
  2. Your personal data is processed for the purposes of scientific and statistical ends, building a database on Polish entrepreneurs, implementing contracts concluded with the InfoCredit contractors in order to provide the recipients with comprehensive economic information within the databases, products and services provided by InfoCredit and created by them, including via the online store. In addition, your personal data is processed in order to inform you about the products and services of the Administrator, including analytical purposes. We do not provide personal data to companies conducting direct marketing services.
  3. Your personal data is processed on the basis of GDPR Article 6 §1f), i.e. based on the necessity of processing for purposes resulting from legitimate interests pursued by the Administrator or by a third party.
    The legitimate interest of the Administrator is to run a business by the Administrator consisting in creating databases, provision of services and creating products using data contained in databases, performance of contracts, the ability to provide the customer with updates and new versions of products, informing about their services, presenting offers tailored to the needs and interests customer, increase sales of their services.
  4. InfoCredit processes data on economic entities, among other those contained in the Central Registration and Information on Business. The following categories of personal data are included there: the firm name of the person conducting economic activity, which by law contains the person’s first and last name; and also their NIP, REGON, PESEL, address of conducting the economic activity (which in some cases may be the home address of the person conducting economic activity), postal address, name, second name and last name, function or position, contact information (telephone number, email address). InfoCredit is not interested in processing data on self-employed contractors, but because such activity is not discernible from companies conducting regular production, trade or service activity, it is possible that such data does get included in InfoCredit products. If you conduct your activity as a self-employed contractor, we ask you to promptly contact the Administrator at In addition, InfoCredit processes published financial statements, information on the directions and volume of international trade, owned cars, profession or qualifications, obtained state aid, data included in registries of trade unions, registries of chambers of commerce, and other associations of companies.
    InfoCredit does not process:
    • personal data revealing racial or ethnic origin, political views, religious or ideological beliefs, affiliation to trade unions,
    • biometric or genetic data to uniquely identify a physical person,
    • data on health, sexuality or sexual orientation,
    • personal data concerning convictions and violations of law or related security measures.
  5. The recipients of your personal data are public administration entities, including those working on the basis of the National Revenue Administration Act (Dz.U..2019.768 as amended), and entities conducting business activities, inter alia in the areas of:
    • B2B (services and products directed to other enterprises), such as those from finance, production, trade and service industries, including INFOCREDIT SERVICE sp. z o. o. based on Foksal 10, 00-366 Warsaw, entered into the National Court Register maintained by the Regional Court of the Capital City of Warsaw in Warsaw, XII Economic Department of the National Court Register under KRS number 380253.
    • B2C (services and products directed to individual recipients), such as those from finance, production, trade and service industries.
    • Statistics, science, and research.
  6. Your personal data may be transferred to recipients in third countries (that is to entities based outside the European Economic Area), i.e. to Switzerland and the United States of America, which recipients conduct activity complementary to that of the Administrator, including building international databases on enterprise and reports on financial reliability of potential partners. Since 1995 InfoCredit has been supporting Polish entrepreneurs by supplying information on them, their products, and their services, to leading international information agencies. Thanks to presence of this data on platforms such as Amadeus, Bloomberg, Moody’s, Creditsafe and others, Polish firms have obtained many valuable contracts. Transfer of data to recipients in third countries is conducted pursuant to:
    • GDPR Article 49 §1g, that is, the transfer of data takes place from an open and publicly accessible register, which according to the law of the Republic of Poland is to serve as a source of information for all citizens and which is available to all citizens without the need to demonstrate a legitimate interest.
    • The registers from which the transfer takes place are the register of entrepreneurs, the register of associations, other social and professional organizations, foundations and independent public health care institutions of the insolvent debtors maintained as part of the National Court Register and Central Business Activity Register. In addition, the transfer does not cover all personal data or entire categories of personal data contained in the above-mentioned registers.
    • The decision of the European Commission concerning the adequacy of protection (with reference to entities based in Switzerland) or in reference to transferring data to entities in the United States of America it will be conducted within the framework of Privacy Shield or standard clauses approved by the European Commission.
  7. The transfer of data takes place using appropriate and fitting security measures, in a manner ensuring an appropriate level of protection of personal data both in the process of data transfer and processing by the recipient. If you are interested in this data, InfoCredit will readily supply you with access to Quick Report data, where you can find the complete information on your own company, including a structured, universally used format suitable for machine reading – for this purpose, please contact the Administrator.
  8. Your personal data will be processed by InfoCredit for the period necessary to implement the legally justified interests of InfoCredit, referred to in point 3 above, but no longer than the time specified by law or until an objection is raised.
  9. In relation to the processing of your personal data, you are entitled to:
    • the right to access your data and the right to demand their rectification, removal or restriction of their processing, and a right to demand a moving of the data,
    • to the extent that the basis for the processing of your personal data is the premise of the legally justified interest of the Administrator, you have the right to object to the processing of your personal data,
    • the right to lodge a complaint with the supervisory body dealing with the protection of personal data.
  10. Your personal data has been obtained from your employer based on agreements made with the Administrator, from publicly available sources, in particular from the National Court Register (business register, register of associations, other social and professional organizations, foundations and independent public healthcare institutions, register of insolvent debtors kept under), Courts Monitors, registry files companies entered in the Register of Entrepreneurs of the National Court Register (KRS), Central Registration and Business Activity Information (CEIDG), Central Statistical Office (GUS), Central Register of Vehicles, Customs Service and others.
  11. In connection with the processing of your personal data contained in the registers referred to in point 10 above, decisions concerning you may be taken in an automated manner (ie. without human impact). Such decisions would concern your rating and the value of bank loans. Such decisions will be made based on your data published in public registers such as Central Registration and Business Activity Information (CEIDG), Courts Monitors, repositories of financial documentation, other publicly available registries. Decisions would be based on profiling, i.e. an automatic assessment of your estimated financial situation. For example, based on an automatic analysis a person conducting economic activity, actively partaking in international trade and publishing financial statements, can obtain a rating resulting in acquiring additional orders. You have the right to challenge those decisions, to express your own position or to obtain human intervention (ie, to analyze the data and make a decision by a human being). For this purpose, please contact us at the following e-mail address:
  12. InfoCredit protects your personal data from accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use or access, through physical, technical and organizational protection measures and in accordance with the requirements of applicable law.
  13. Your personal data is processed electronically and manually.