Personal data processing clauses (GDPR)
The authorities of the National Revenue Administration (KAS) perform their tasks in particular using the Central Register of Tax Data (CRDP).
The CRDP is used to collect, analyse and process data resulting, in particular, from declarations submitted by taxpayers and payers, from decisions, rulings and other documents related to obligations under tax and customs law, as well as other documents and information provided to the KAS authorities in order to perform statutory tasks.
The co-controllers of the data contained in the CRDP are the Minister of Finance and the Head of the National Revenue Administration.
Processing of data contained in the CRDP is carried out using the ICT systems of the Ministry of Finance and the KAS, including those forming part of the Tax and Customs Information System (SISC). You can find out more about SISC from the information in the PUESC Project and Network services - information and specifications tabs.
Read (pages open in new browser windows):
- Personal data processing clause of the Minister of Finance,
- Personal data processing clause of the Head of the National Revenue Administration.
The information is provided in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR).
Read the clause on the processing of personal data in the Tax and Customs Information System (SISC):
IDENTITY OF THE CONTROLLER
The Controller of the data processed in the Tax and Customs Information System (SISC) is the Head of the National Revenue Administration having its seat at 12 Świętokrzyska St., 00-916 Warsaw.
CONTACT DETAILS OF THE CONTROLLER
You may contact the Controller in writing to the address of the Controller's seat.
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The Head of National Revenue Administration appointed a Data Protection Officer whom you may contact by e-mail: iod@mf.gov.pl.
You may write to the Data Protection Officer in all matters concerning the processing of personal data and the exercise of rights related to data processing.
PURPOSES OF PROCESSING AND LEGAL BASIS
Your personal data shall be processed for the purpose of carrying out the statutory tasks of the Controller, on the basis of legal provisions, in particular with regard to:
- servicing and supporting the taxpayer and payer in the proper performance of their tax obligations,
- servicing and supporting an entrepreneur in the proper performance of customs obligations,
- collection and reimbursement of taxes and duties, and enforcement of State Treasury receivables,
- service and control of trade in goods with foreign countries and trade in goods subject to excise duty,
- monitoring of road and rail transport of goods and trade in heating fuels,
- handling and control of gambling activities,
- combating tax, financial and border crime, including money laundering and terrorist financing.
DATA RECIPIENTS
Your personal data may, on the basis of the law, be made available to and transferred to public administration authorities, services, courts and prosecutors.
TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION
The recipients of your personal data may be entities entitled to receive your data, including non-EU third countries, in justified cases and on the basis of the relevant legislation.
RETENTION PERIOD
Your personal data will be stored for the period necessary to fulfil the purposes of the processing, but for no less than the period indicated in the legislation on archiving.
DATA SUBJECTS' RIGHTS
You are entitled to:
- access to your data, with the proviso that the personal data provided must not disclose classified information or violate legally protected secrets that the Controller is obliged to keep, and subject to Article 5 of the Personal Data Protection Act of 10 May 2018,
- the right to request their rectification,
- the right to request the restriction of processing.
THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
You have the right to lodge a complaint with the supervisory authority dealing with the protection of personal data in the Member State of your habitual residence, place of work or place where the alleged infringement was committed.
Office of the President of the Office for the Protection of Personal Data (PUODO)
address: 2 Świętokrzyska St., 00-193 Warsaw
phone: (22) 531 03 00
SOURCE OF PERSONAL DATA
The data processed in the SISC comes from data subjects and institutions and bodies under the provisions of law.
INFORMATION ON THE FREEDOM OR OBLIGATION TO PROVIDE DATA
The provision of personal data is obligatory under the law, while with regard to the establishment of an account on the Tax and Customs Electronic Services Portal (PUESC), it is done on the basis of your consent.
AUTOMATED DECISION-MAKING AND PROFILING
The processing of your data may be carried out by automated means, which may involve automated decision-making, including profiling, which is carried out by the Controller under applicable laws. This applies to the following cases:
- carrying out an assessment of the risk of infringement of the law, where this assessment is carried out on the basis of the data declared in the documents submitted, based on established criteria,
- assessing the risk of infringement, where the assessment is made on the basis of data obtained from publicly available registers and social networks, based on established criteria.
The consequence of the assessment made, in the above cases, is an automatic qualification into a risk group, where qualification into an unacceptable risk group may result in a change in the relationship and the taking of additional actions provided for by law.