AML – GDPR information clause

Recent GDPR information and documents:

© getsix 2021. All rights to the content of this clause reserved.

In accordance with art.13 and Article 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Dz. Urz. EU L 119 of 04.05.2016, p. 1, with the amendment published in Dz. Urz. EU L 127 of 23.05.2018, p. 2) hereinafter referred to as "GDPR", we inform you that the administrator of your personal data, provided to us through the "KYC" form, hereinafter referred to as "Administrator", "getsix Group Company" or "We" is respectively:

getsix Wrocław Sp. z o.o. headquartered at 45 Zwycięska St., 53-033 Wrocław

getsix Warszawa Sp. z o.o. headquartered at ul. Wincentego Rzymowskiego 31 02-697 Warszawa

getsix Poznań Sp. z o.o. headquartered at: St. Wyspiańskiego 43 60-751 Poznań

getsix Szczecin Sp. z o.o. headquartered at: ul. Storrady Świętosławy 1a 71-602 Szczecin

getsix Katowice Sp. z o.o. headquartered at: ul. Konduktorska 33, 40-155 Katowice

getsix Tax & Legal Majchrowicz-Bączyk Sp.k. headquartered at: ul. Wyspiańskiego 43, 60-751 Poznań

getsix Polska Sp. z o.o. headquartered at: ul. ul. Zwycięska 45, 53-033 Wrocław

getsix Services Sp. z o.o. headquartered at: ul. Zwycięska 45, 53-033 Wrocław

amavat Sp. z o.o. headquartered at 45 Zwycięska St., 53-033 Wrocław

omnisello Sp. z o.o. headquartered at 45 Zwycięska St., 53-033 Wrocław

Contact with our Data Protection Officer is possible at the following e-mail address:

We obtain personal data:

  • directly from you and/or
  • on the basis of a copy/copy of an identification document and/or
  • from the entity with which we have concluded or will conclude an agreement and which you represent or is its ultimate beneficiary and/or
  • from the Central Register of Actual Beneficiaries or the register referred to in Article 30 or Article 31 of Directive 2015/849 held in the relevant Member State.
  • from the relevant other reliable register of entities/taxpayers in the relevant Member State,
  • from electronic identification means or relevant trust services as defined in Regulation 910/2014 (if available)
  • from publicly available internet sides

Each of the getsix Group Companies of which you are/will be a client "providing bookkeeping services" is an "obligated institution" within the meaning of the Anti-Money Laundering and Counter-Terrorist Financing Act dated March 1, 2018, as amended (the "AML/CFT Act").

Your personal data is/will be processed by Company from getsix Group (as an "obliged institution") requirements of the AML/CFT Act, that is:

  • in order to carry out the risk assessment obligation referred to in article 27 of the AML Act. (identification and assessment by Companies from getsix Group of risks of money laundering and terrorist financing relating to our business, taking into account risk factors concerning clients, countries or geographical areas, products, services, transactions or their delivery channels)
  • in order to apply to our clients the financial security measures referred to in Articles 33 and 34 of the Money Laundering Act, in particular, but not limited to:
    • in order to identify the client and verify its identity1 and to establish ownership and control in accordance with Article 34 (1) (1) of the AML/CFT Act,
    • to identify the beneficial owner in accordance with Article 34 (1) (2) of the AML/CFT Act.
    • for the purpose of evaluating the business relationship and, as appropriate, obtaining information on its purpose and intended nature; pursuant to Article 34(1)(3) of the AML/CFT Act.
    • in order to monitor the client's business relations on an ongoing basis, in accordance with Article 34(1)(4) of the AML/CFT Act.

(legal basis art. 6 par. 1 letter (c) of the GDPR)

Pursuant to Article 34 of the AML/CFT Act. "obliged institutions, for the purposes of applying financial security measures, may process information contained in the identity documents of the client and the person authorized to act on his behalf and make copies of them."

The getsix Group Company of which you are/will be a client will keep your personal data, copies of documents and information obtained as a result of the financial security measures for a period of 5 years, starting from the first day of the year following the year in which the business relationship with the client was terminated or in which occasional transactions were carried out. The General Inspector of Financial Information (hereinafter referred to as GIIF) may require us to store them for another period not exceeding 5 years.

Your personal data is/will also be processed:

  • in order to identify entitlements to represent the party, (legal basis Article 6(1)(b) and (c) GDPR)
  • for the purpose of concluding, performing, terminating a contract or taking action prior to concluding a contract (legal basis in Article 6(1)(b), (c) and (f) of the GDPR)
  • for the purposes arising from the legitimate interests pursued by the controller or by a third party, in particular, but not exclusively, for the purpose of asserting or protecting against claims, as well as for archiving purposes, for security purposes, for the handling of possible complaints or demands and to comply with the principle of accountability referred to in Article 5(2) of the GDPR. (legal basis Article 6(1)(c) and (f) GDPR)

The personal data will be processed respectively for the period necessary for the proper performance of the contract (as a rule, the contract duration); for the period of claims limitation resulting from legal regulations (as a rule, 3 years, maximum 6 years calculated from the contract termination date); as well as for the period of storing accounting and tax documentation resulting from the regulations (as a rule, the data will be stored for the time necessary for tax and accounting purposes, i.e. for 5 years from the end of the year in which the tax obligation arose) - whichever comes later.

Where appropriate and reasonable the recipients of your personal data may be:

  • The General Inspector of Financial Information (GIIF);
  • Competent authority for the Central Register of Ultimate Beneficiaries (if discrepancies are going to be reported between the information collected in this register and the information about the client's real beneficiaries as determined by getsix in connection with the application of the AML/CFT Act;
  • Other getsix Group companies;
  • Postal and courier companies to the extent that they are necessary to deliver your correspondence;
  • entities acting on our behalf in handling accounting, tax, advisory and legal matters - to the extent necessary to fulfill the specific purpose of processing
  • entities providing us with technical support services and suppliers of IT solutions enabling us to run our business (for example, software providers, e-mail and hosting providers, Data Center);
  • entities and persons authorized by us and acting on our instructions;

A getsix Group company of which you are/will be a client as an obliged institution is required to notify the GIIF immediately:

  • about circumstances that may indicate a suspicion of money laundering or terrorist financing (art. 74 of the Act on Money Laundering)
  • in the event of a reasonable suspicion that a specific transaction or specific assets may be related to money laundering or terrorist financing (Article 86 of the AML/CFT Act)
  • and transfer data specified in the provisions, including personal data. In order to carry out the statutory tasks the GIIF may collect and use necessary information containing personal data and process it in the meaning of the provisions on personal data protection, also without the knowledge and consent of the data subject.

You have the right to demand from the Controller access to your personal data, their rectification, or limitation of their processing, to object to processing, as well as the right to data portability. The regulations indicate to what extent you can exercise each of these rights. It will depend, in particular, on the legal basis and the purpose of the processing of personal data by the Controller.

You have the right to lodge a complaint to the supervisory authority, i.e. the President of the Personal Data Protection Office, if you consider that we are processing your personal data in violation of the GDPR.

The provision of personal data is a statutory requirement and failure to do so will result in the impossibility of establishing a business relationship with the company in the getsix Group of which you are/will be a client or in the termination of the business relationship (according to Art. 41 of the of the AML/CFT Act).

Your personal data will be used by the Controller for the profiling of the risk of money laundering and terrorism financing, which is an obligation of the law on prevention of money laundering and financing of terrorism. The personal data can be processed in the information systems of the Controller, but they are not used for an automated (without interference of a human being) decision making, which could entail for the persons, whose data are concerned, legal implications.

© getsix Group. 2021. All rights reserved. This document is protected by copyright.

1 "Verification of the identity of the customer, the person authorized to act on his behalf and the beneficial owner shall consist in confirmation of the identification data established on the basis of a document stating the identity of the natural person, a document containing current data from an extract from the competent register or other documents, data or information from a reliable and independent source, including, where available, electronic identification means or relevant trust services as defined in Regulation 910/2014."

Last update : 17.11.2021

Our Recommendations

Our Memberships

Our Certification

Wojskowe Centrum Normalizacji Jakości I KodyfikacjiTÜV NORDTÜV RHEINLAND

Our Partnerships