1. General information


PragmaGO SA attaches great importance to transparency in operations and respects everyone’s fundamental right to privacy. Ensuring the confidentiality of data is a priority for us. We make every effort to ensure that the safeguards adopted guarantee the confidentiality and security of your data.

This Privacy Policy is intended to explain how we handle information about you. The phrases and expressions used in this Policy have the following meanings:

  • personal data – as defined in art. 4(1) RODO means any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified directly or indirectly;
  • processing – within the meaning of Art. 4(2) RODO means an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collection, recording, organizing, structuring, storing, adapting or modifying, retrieving, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, deleting or destroying;
  • RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation);
  • administrator – within the meaning of Art. 4(7) of the RODO means a data controller, i.e. an entity that alone or jointly with others determines the purposes and means of processing personal data. Whenever this Policy refers to an administrator, it shall mean PragmaGO SA;

The Data Protection Officer can be contacted at the following addresses: IOD, PragmaGO SA ul. Brynowska 72, 40-584 Katowice and/oriod@pragmago.pl.

2. We process personal data of our Customers and potential Customers for the following purposes and on the basis of the following legal grounds:


2.1 Before entering into a contract, we process your personal data for the following purposes:

TargetLegal basisProcessing period
Taking action at your request, i.e. Response to the questions asked, including the presentation of individualized terms of cooperation, seeking to conclude a contractFor sole proprietors: art. 6 paragraph. 1(b) RODO;
For those representing and authorized to contact on the side of the potential client: art. 6 paragraph. 1(f) RODO (for the performance of actions taken to conclude a contract with a principal)
The time necessary to establish the terms of possible future cooperation, until the conclusion of an agreement or until negotiations on the conclusion of an agreement break down;
in the case of persons representing and authorized to contact on the part of a potential customer, additionally until an effective objection is made to the processing of such data, whichever event occurs first
To take action at your request, in particular, necessary to process an application for a factoring agreement, assess creditworthiness using publicly available sources (using automated data processing)For sole proprietors: art. 6 paragraph. 1(b) RODO
For those representing and authorized to contact on the side of the potential client: art. 6 paragraph. 1(f) RODO (for the implementation of activities
The time necessary to decide on the conclusion of the contract, until the conclusion of the contract or until negotiations on the conclusion of the contract are broken off;
in the case of persons representing and authorized to contact on the part of a potential customer, additionally until an effective objection is made to the processing of such data, whichever event occurs first
Conduct marketing of our own products and services and those of entities of the PragmaGO®Group for the purpose of realizing our legitimate interests, whereby conducting marketing contact by us is possible on the basis of additional consent to use the telephone number and e mail address for marketing purposes6 paragraph. 1(f) RODO;
Art. 10 of the Law on Provision of Electronic Services,
Art. 172 of the Telecommunications Act
Until you object to marketing activities and withdraw your consent to receive marketing materials
Establish, assert or defend against possible claims that may be related to the contracting process, in particular in case of refusal to conclude a contract due to a negative result of a financing risk assessment – for the purpose of realizing our legitimate interests in the form of securing claimsArt. 6 paragraph. 1(f) RODOFor the period of the statute of limitations for claims under the Civil Code

2.2. In connection with the conclusion of the contract, we process your personal data for the following purposes:

TargetLegal basisProcessing period
Implementation and performance of the contractFor sole proprietors: art. 6 paragraph. 1(b) RODO;
For those representing and authorized to contact on the side of the potential client: art. 6 paragraph. 1(f) RODO (for the performance of actions taken for the purpose of executing the concluded contract)
Contract duration;
in the case of persons representing on the client’s side, additionally, until an effective objection is made to the processing of such data, whichever event occurs first;
in the case of persons authorized to contact on the customer’s side, additionally until an effective objection is made to the processing of such data or the loss of authorization to act on behalf of the customer, whichever event occurs first
To fulfill the controller’s legal obligations in the context of the personal data of the client’s representatives and the client’s beneficial owners. In particular, the data controller, as a mandatory institution, for the purpose of applying financial security measures, is authorized to process the information contained in the identity documents of the customer and the person authorized to act on his behalf, and to make copies of them, as well as to analyze transactions carried out in the framework of the customer’s business relationshipArt. 6 paragraph. 1(c) RODO in connection with. from Art. 34 of the Anti-Money Laundering and Terrorist Financing Law (AML)For the time required by law, in particular the Anti-Money Laundering and Countering the Financing of Terrorism Act (AML)
Fulfillment of the administrator’s legal obligations under accounting and tax laws in connection with the wording of these laws (financial reporting, tax reporting, GIIF)For sole proprietors: art. 6 paragraph. 1(f) of the DPA (for the management of risks related to the financing and execution of the contract).Duration
We process personal data of persons providing collateral for factoring agreements for the purpose of securing claims under factoring agreements, i.e. for purposes arising from our legitimate interestsArt. 6 paragraph. 1(f) RODOFor the period of execution of the contract and, in the case of updating a claim secured by a surety on the part of the person providing the surety, until the claim is satisfied
Establish, assert or defend against possible claims that may be related to the performance of the contract-for the purpose of pursuing our legitimate interests in the form of securing claimsArt. 6 paragraph. 1(f) RODOFor the period of the statute of limitations for claims under the Civil Code
Preparation and maintenance of statements, analysis, statistics, reporting, i.e. for internal administrative purposes, i.e. to fulfill the legitimate interest of the data controller in the form of risk analysisArt. 6 paragraph. 1(f) RODOFor the time necessary to compile anonymized statistics and analyses or, in the case of non-anonymized statistics and analyses, for the usefulness of a particular compilation or until you raise an effective objection to the processing of your data
Establish, assert or defend against possible claims that may be related to the performance of the contract-for the purpose of pursuing our legitimate interests in the form of securing claimsArt. 6 paragraph. 1(f) RODOFor the period of the statute of limitations for claims under the Civil Code
Preparation and maintenance of statements, analysis, statistics, reporting, i.e. for internal administrative purposes, i.e. to fulfill the legitimate interest of the data controller in the form of risk analysisArt. 6 paragraph. 1(f) RODOPending objections
Conduct marketing of our own products and services and those of entities of the PragmaGO®Group – for the realization of our legitimate interests in the form of conducting activities in the field of direct marketing of products and services, whereby conducting marketing contact by us is possible on the basis of additional consent to use telephone number and e-mail address for contactArt. 6 paragraph. 1(f) RODO; Art. 10 of the Law on Provision of Electronic Services,
Art. 172 of the Telecommunications Act
Until you make an effective objection to marketing activities or until you withdraw your consent to receive marketing and information materials electronically, whichever event occurs first

2.3 After the expiration of the contract, we also process your data for the following purposes:

TargetLegal basisProcessing period
Preparation and maintenance of statements, analysis, statistics, reporting (internal administrative purposes), i.e. for the pursuit of our legitimate interests in the form of risk analysisArt. 6 paragraph. 1(f) RODOFor the time necessary to compile anonymized statistics and analyses or, in the case of non-anonymized statistics and analyses, for the usefulness of a particular compilation or until you raise an effective objection to the processing of your data
Conduct marketing of our own products and services and those of entities of the PragmaGO®Group – for the realization of our legitimate interests in the form of conducting activities in the field of direct marketing of products and services, whereby contact by e-mail or telephone is possible on the basis ofconsent6 paragraph. 1(f) RODO; Art. 10 of the Law on Provision of Electronic Services,
Art. 172 of the Telecommunications Act
Until youobjectto marketing activities or withdraw yourconsentto receive marketing and information materials electronically, whichever event occurs first

TargetLegal basisProcessing period
Responding to an inquiry directed by you using the contact information provided by SmartsUpp and Thulium, or via the contact form posted on pragmago.plRealization of our legitimate interest in the form of responding to an inquiry addressed to us, thus on the basis of Art. 6 paragraph. 1(f) RODOUntil the question has been answered, or until you have successfully objected to the processing of your personal data
Conduct marketing of its own products and services using data obtained through the contact formRealization of our legitimate interest in the form of conducting direct marketing activities of our own products and services, so Art. 6 paragraph. 1(f) of the RODO, while in accordance with the provisions of Art. 10of the Law on Provision of Electronic Servicesand Art. 172 ofthe Telecommunications Lawwe need additional consent to use the given communication channels for marketing activitiesUntil you make an effectiveobjectionto marketing activities or withdraw yourconsentto receive marketing and information materials electronically, whichever event occurs first
Creation of analyses, statistics and summaries that will serve to improve the effectiveness of our marketing activities and build our business strategy – the vast majority of such statistics are created based on non-personal data or anonymized data. In some cases, personal data collected from cookies may be usedWhere personal data will be used for this purpose, their processing will be based on the necessity of realizing our legitimate interest in the form of carrying out analytical and statistical activities aimed at the development of the PragmaGO® Group, thus on the basis of Art. 6 paragraph. 1(f) RODOUntil an effective objection is raised
Establish, assert or defend against possible claims that may arise in connection with your use of the site or in connection with the distribution of marketing and information materialsRealization of our legitimate interest in the form of securing claims, thus on the basis of Art. 6 paragraph. 1(f) RODOFor the period of time prescribed by law for the limitation of claims

In addition, due to the wording of the judgment of the Court of Justice of the European Union on July 29, 2019. (Fashion ID GmbH & Co.KG v Verbraucherzentrale NRW eV, reference C-40/17) PragmaGO SA informs that Facebook is the co-administrator of the personal data of people using the Facebook plug-in posted on PragmaGO SA.

PragmaGO SA, as part of its cooperation with Facebook, partly obtains personal data directly from PragmaGO SA users, and partly from users’ profiles on the Facebook social network.

  • To the extent that PragmaGO SA obtains data directly from users, the provision of personal data is completely voluntary, and failure to provide such data has no effect on the user. The user can use the PragmaGO SA website without providing any personal information and remaining anonymous at all times (in a situation where the user only browses the PragmaGO SA website without interacting with the Facebook plug-in).
  • To the extent that PragmaGO SA obtains user data from user profiles on the Facebook social network, user data will be disclosed in the form of anonymous statistical summaries prepared by Facebook.
TargetLegal basisProcessing period
Creation of analyses, statistics and summaries that will serve to improve the effectiveness of our marketing activities and build our business strategy – the vast majority of such statistics are created based on non-personal data or anonymized data. In some cases, personal data collected from cookies may be usedWhere personal data will be used for this purpose, their processing will be based on the necessity of realizing our legitimate interest in the form of carrying out analytical and statistical activities aimed at the development of the PragmaGO® Group, thus on the basis of Art. 6 paragraph. 1(f) RODOUntil an effective objection is raised

PragmaGO SA also informs that in connection with the operation of the social network Facebook, user profiling may occur, i.e. Create a profile containing information about a user’s interests or specific characteristics. Some features provided by Facebook allow the compilation of users’ personal data and the creation of statistics and summaries from it, which PragmaGO SA can later use to adjust the content provided to users accordingly. At the same time, we would like to inform you that decisions based on the created profiles will not be made by automated means.

4. What data do we obtain in the operation of the site and how do we use it?


We may collect data pertaining to you by means of forms on pragmago.co.uk and by storing cookies (so-called “cookies”) on your terminal equipment, as well as by collecting web server logs by the web hosting operator Mint Software Sp. z o.o. operating under the address mintsoftware.pl. We may also obtain your personal information if you write via SmartsUpp or use the Thulium tool, or by using the contact information provided on our website and this Privacy Policy.

5. Who can access your data?


PragmaGO SA shares your personal data with: business partners, entities providing IT, postal, courier, HR and payroll, marketing, legal, archiving, accounting services. Recipients of your personal data may be other PragmaGO® Group companies: Pragma Inkaso SA, Pragma Faktor Sp. z o.o., as well as entities to which we subcontract tasks requiring processing of personal data in the field of IT services (Mint Software Sp. z o.o., StrongPC) and legal services (Pragma Adwokaci Bukowska Celary Feder Sp. k, Kancelaria Radców Prawnych Wysocki Zawiejski Sp. p.), as well as companies providing information about your payment credibility (Biuro Informacji Kredytowej SA), entities providing services of access to information concerning you (in the scope of obtaining information and history of operations for the indicated bank accounts – Kontomatik UAB based in Vilnius and Kontomatik Sp. z o.o.), providers of identity verification tools (Blue Media SA) or providers of insurance services (Euler Hermes SA) or providers of tools allowing tracking your activity (Asseco Poland SA).

PragmaGO SA informs you about the exact identity of the recipients in specific information clauses addressed to you in connection with the services you use.

Your data may also be transferred to entities authorized to access them in accordance with generally applicable law (e.g. the police).

Recipients of the data may be located in a country outside the European Economic Area (EEA), in which case, however, the Controller will ensure that an adequate level of safeguards is in place so as to protect the data subject. The transfer of data to countries outside the EEA may be related to, for example.

  • actions taken on social networks and the use of plug-ins and other tools from these sites (including Facebook, Twitter, Linkedin, YouTube),
  • Using analytical and anonymized user behavior tracking tools, in particular, such as Google Analytics, Lucky Orange.

6. Voluntariness of providing data


Provision of your personal data may be a contractual requirement (i.e. necessary to conclude a contract with PragmaGO SA or to establish and implement cooperation), may be a statutory requirement (i.e. be necessary to comply with legal obligations, such as those under the Anti-Money Laundering and Terrorist Financing Act (AML). If you do not provide the required personal data, it may be impossible or very difficult to cooperate with you.

For the rest, your provision of personal data is voluntary, failure to do so may prevent the implementation of the above. purposes, in particular to contact you.

7. What rights do you have in relation to data processing?


  • The right to access the content of your data – Art. 15 RODO. As a data subject, you may request information on data processing and a copy of your data.
  • The right to rectify data – Art. 16 RODO. As a data subject, you may request that your data be corrected or updated.
  • The right to erasure – Art. 17 RODO. As a data subject, you may request deletion of data in situations provided by law. Removal will not be possible, among other things. in a claim situation, or during the period when PragmaGO is required to process them due to, for example, tax regulations.
  • The right to restrict the processing of Data – Art. 18 RODO. As a data subject, you may request the suspension of data operations under the conditions and for the time provided by law.
  • The right to data portability – Art. 20 RODO. As a data subject, you may request that your data be transferred to another specifically designated Controller.
  • The right to object to data processing – Art. 21 RODO. As a data subject, you may object to the processing of your data at any time. PragmaGO SA, as the Administrator, after reviewing the request, may refuse to exercise the right if there are legal grounds for processing the data and they override the interests of the requester or in cases where by law there is no objection to the processing of personal data.
  • The right to withdraw consent previously given for the processing of data for marketing purposes and for a specific contact path, however, withdrawal of consent does not affect the validity and lawfulness of the processing performed before the withdrawal of consent.
  • The right to lodge a complaint with the President of the Office for Personal Data Protection if you consider that the processing of your Personal Data violates the provisions of the RODO.

8. Automated decision-making


PragmaGO SA, as a Data Controller, makes partially automated decisions that have an effect on you as a data subject in the case of creditworthiness assessment, credit risk, risk management, including the risk of late repayment.

Assessment of financial capacity for the purpose of concluding a contract – is carried out on the basis of the information you provide in the contract application and financial documents, and is carried out based on a set of rules and algorithms necessary for the examination of creditworthiness. Data is also obtained from publicly available sources, such as. CEIDG, business information offices, BIK. Considerations include:

  • amount of financial commitment,
  • payment culture,
  • period of success,
  • Debt in other financial institutions

The effect of assessing financial capacity by automated means is to issue a decision on whether to approve the agreement, the terms of the agreement, change the scope of the agreement based on the assessment of payment culture, or refuse to enter into the agreement. We do not use profiling, i.e. The final decisions are made by our employees.

9. Information system


10. Source of data – the information applies to personal data obtained by means other than from the data subject


Your personal data may come from an entrepreneur with whom you have a contractual relationship or in relation to whom you are a beneficial owner, a statutory representative, a principal in the case of a power of attorney granted, another party to a contract with the Company, and from publicly available sources, in particular, databases and registers: PESEL, National Court Register (KRS), Central Register and Information on Business Activity (CEIDG), REGON, Register of Personal Identity Cards, BIK, CEIDG, business information bureau.

11. Information about cookies


1 The website uses cookies.

(2) Cookies (so-called “cookies”) are IT data, in particular text files, which are stored on the website user’s terminal equipment and are intended for use on the website. Cookies usually contain the name of the website from which they originate, the time they are stored on the end device and a unique number.

(3) The entity placing cookies on the website user’s end device and accessing them is the website operator, indicated in point 9 of this Privacy Policy.

4 Cookies are used for the following purposes:

  • creation of statistics that help to understand how users of the website use the websites, which allows to improve their structure and content;
  • maintaining the site user’s session (after logging in), thanks to which the user does not have to re-enter his/her login and password on each sub-page of the site;

5. to determine the user’s profile in order to display tailored materials to the user on advertising networks, in particular the Google network.

(6) The site uses two main types of cookies: “session” (session cookies) and “permanent” (persistent cookies). “Session” cookies are temporary files that are stored on the user’s terminal device until the user logs out, leaves the website or shuts down the software (web browser). “Permanent” cookies are stored on the User’s terminal device for the time specified in the parameters of the cookies or until they are deleted by the User.

7 Web browsing software (web browser) usually allows cookies to be stored on the user’s terminal device by default. Users of the site can change these settings. Your web browser allows you to delete cookies. It is also possible to automatically block cookies. For details, please refer to the help or documentation of your web browser.

8 Restrictions on the use of cookies may affect some of the functionality available on the website.

9. cookies placed on the website user’s terminal equipment and may also be used by advertisers and partners cooperating with the website operator. We recommend reading the privacy policies of these companies to learn about the use of cookies used in statistics:Google Analytics Privacy Policy.

(10) Cookies may be used by advertising networks, in particular the Google network, to display ads tailored to the way you use the site. For this purpose, they can keep information about the user’s navigation path or the time they stayed on a particular page.

12. Server logs


1 The information of some retained users is subject to logging in the server layer. This data is used solely for the purpose of administering the site and to ensure the most efficient operation of the hosting services provided.

2 Resources viewed are identified by URLs. In addition, the record may be subject to:

  • time of arrival of the query,
  • time to send a response,
  • the name of the client’s station – identification carried out by the HTTPS protocol,
  • information about the errors that occurred during the execution of HTTPS transactions,
  • URL address of the page previously visited by the user (referer link) – in case the access to the Website was through a link,
  • information about the user’s browser,
  • IP address information.

(3) The above data are not associated with specific browsers.

(4) The above data is used only for the purpose of server administration.

13. Cookie management


If you do not want the cookies distributed by the service to be stored on your terminal device, you can change your browser settings. We stipulate that disabling cookies necessary for authentication processes, security, maintenance of user preferences may hinder, and in extreme cases may make it impossible to use the websites.