1. This Data Protection Policy sets out the rules for the processing and protection of personal data of users of the benefit4U website (hereinafter: the Website) introduced directly by users or by persons authorized in connection with participation in various forms of group services (benefits) offered by employers or other organizers.

2. The Website Operator is the Compensation Expertise Center limited liability company, entered into the register of entrepreneurs kept by the District Court in Toruń, VII Commercial Department of the National Court Register, KRS number 0000493242, NIP 956-230-57-90, REGON 341529191.

3. The Website Operator acts as a processing entity within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (general data protection regulation; Journal of Laws EU.L.2016.119.1; hereinafter GDPR), at the request of Personal Data Controllers.

4. The controllers of personal data are entities providing services as part of group benefits. These may be insurance companies, entities organizing medical services

and other entities offering group benefits. Administrators of personal data process user data based on legal regulations, consent or a legitimate interest, about which the user will be notified via the Website. Each of the administrators meets the information obligation specified in the GDPR via the Website.

5. The Website Operator may also act as the Administrator of personal data within the meaning of the GDPR, processing personal data for purposes arising from legitimate interests pursued by the Website Operator or by a third party (Article 6 paragraph 1 point f of the GDPR).

In particular, such purpose may be direct marketing or redress or defense against claims.

6. The data entered on the Website are processed in order to implement a specific service provided by a specific Administrator. These data are not used for marketing purposes, unless the user gives separate consent in this respect.

7. Providing data is voluntary, but necessary to use the Website.

8. The user has the right to access data and request their rectification. The User also has the right to request data deletion, the right to limit processing and the right to object to data processing, subject to the restrictions set out in the GDPR,

in particular due to the need to establish, pursue and defend claims.

9. The User also has the right to object at any time to the processing of data for direct marketing purposes, including profiling, if it is linked

with direct marketing.

10. The User may request the transfer of personal data processed for the purpose of conclusion

and performance of the contract or processed on the basis of consent. This involves receiving personal data in a structured, commonly used machine-readable format and sending such data to another data administrator.

11. Data is obtained directly from users or from employers, service providers or other administrators who have entrusted the Website Operator with the processing of personal data.

12. Data may be made available to entities involved in achieving the purposes indicated

in point 1, service providers, subcontractors, and other entities - with the consent of the user.

13. Personal data will not be transferred by the Website Operator to third countries (outside the European Economic Area).

14. Personal data is stored for the time necessary to achieve the purposes set out in point 1, but no longer than necessary to pursue claims or defend against claims. In the event of withdrawal of consent or objection, the data will be deleted immediately, unless there are other grounds for processing.

15. The User, in the event of a breach of personal data protection - has the right to lodge a complaint with the supervisory body - the President of the Office for Personal Data Protection.

16. Contact with the Website Operator is possible:

a) in technical matters: via e-mail: atosbenefit4u@ceoonline.pl

b) in the event of a breach of the protection of personal data or another incident: via electronic mail (e-mail): odo@ceoonline.pl.

17. User data profiling by the Website Operator is limited to automatic assignment to the specific benefit program.

18. The website gathers information about users and their behaviors

as follows:

a) through information voluntarily entered in forms,

b) through clusters