Table of Contents

Data Protection Notice

Version 5 May 2025

Part A · Privacy Notice for Corporate Clients

1. Who We Are

World Business Council Sp. z o.o., Aleje Jerozolimskie 85/21, 02‑001 Warszawa, Poland — KRS 0000743854 | NIP 7010843353 | REGON 381044982 — e‑mail: legal@worldbc.co — website: https://worldbc.co. We decide how and why your personal data is used, so we are the data controller.

2. Information We Collect

  • Company details – name, registration numbers (KRS, NIP, VAT) and address.
  • Contact details – names, job titles, work e‑mails and phone numbers of your staff.
  • Project documents – orders, budgets, invoices, masked bank account numbers.
  • Portal logs – dates and times your team signs in to our online tools.

3. Why We Use Your Data (and the Legal Basis)

  • To agree and deliver our advisory work (GDPR Art. 6 (1)(b)).
  • To protect our rights if there is a dispute (Art. 6 (1)(f)).
  • To tell you about similar services (Art. 6 (1)(f) or your consent where required). You can say “stop” at any time.

4. How Long We Keep It

  • Project files – up to 6 months after the project ends, unless we need them longer for legal reasons.
  • Our own billing records – 5 full financial years (Polish Accounting Act).
  • Client accounting data used for projections – up to 6 months after the project ends.
  • Marketing list – 6 months or until you unsubscribe.

5. Who Gets Your Data

  • Google Cloud Platform hosts our systems in Frankfurt (EU).
  • Other service partners get data only if it is necessary and only under a contract that protects your privacy.

6. Transfers Outside the EEA

We will only move your data outside the EEA if EU rules say it is safe. Most often we use the Standard Contractual Clauses (2021) approved by the European Commission.

7. Your Rights

You can ask us to see, correct, delete, restrict or move your data, or to object to marketing. Write to legal@worldbc.co. You may also complain to the Polish Data Protection Authority (UODO).

8. How We Protect Your Data

We use encryption in transit and at rest, multi‑factor log‑in, separate test and live systems, and regular security tests.

9. Use of AI

We use AI tools to help draft reports, but a person always checks the result. We do not make automated decisions that have a legal or similar impact on you.

10. Changes to This Notice

If we change how we use personal data, we will update this page and show the new date at the top.

Part B · Simple Data‑Processing Agreement (for Client CRM Data)

Use this where WBC handles personal data from your CRM system only on your instructions.

1. Who Is Who

  • Controller – you, the client named in the main service agreement.
  • Processor – World Business Council Sp. z o.o.

2. What We Will Do and for How Long

We will store, back‑up and analyse your CRM data to give you the agreed reports. We keep the data during the project and delete or return it within 30 days after you tell us the project is over, unless the law says we must keep it longer.

3. Whose Data and What Data

  • Your customers and prospects – name, job title, work contacts, deal history.
  • Your staff – name, work e‑mail, notes linked to tasks.

4. Our Promises as Processor

  1. Follow your written instructions only.
  2. Keep it confidential. All staff sign confidentiality terms.
  3. Keep it secure. We use the measures listed in Schedule 1.
  4. Ask before using another sub‑processor. Current list in Schedule 2.
  5. Help with rights requests. We pass on or action any request we receive.
  6. Tell you within 24 hours if we have a data‑breach.
  7. Delete or return data when you ask.
  8. Let you audit us once a year. Reports from independent security audits count as the first step.

5. Your Promises as Controller

You confirm the data you give us is collected lawfully, is accurate, and that your instructions follow the GDPR.

6. Liability

Each side is liable for its own faults. Our total liability under this agreement is capped at the fees you paid us in the last 12 months, unless we acted wilfully or with gross negligence.

7. Governing Law

Polish law applies. Disputes go to the courts in Warsaw.

Schedule 1 · Security Measures (Plain Summary)

  • TLS 1.3 encryption in transit.
  • AES‑256 encryption at rest.
  • Multi‑factor authentication for staff.
  • Separate live and test systems.
  • Daily back‑ups stored in another EU data centre.
  • Quarterly penetration tests.
  • 4‑hour response time for critical incidents.

Schedule 2 · Current Sub‑Processor

Company Location Service Safeguard
Google Ireland Ltd. Dublin Google Cloud Platform (Frankfurt) EU Standard Contractual Clauses

End of Document

Iman Najafi

Iman Najafi

World-Business-Council_Template_Fundraising-Checklist-1.png

Fundraising Checklist

Discover the essential documents you need for successful fundraising with our comprehensive guide, now available for free download. 

Download!

Ready to take your business to the next level?

Get in touch today and receive a complimentary consultation.

Request a consultation >

Industries

Our main focus is on Energy Sector, Health tech and brick and mortar businesses that are looking for acquisition of Smaller companies for different purposes, like operational cost reduction or access to new markets. Our focus is on the markets of GCC countries and CEE region.  

Capabilities

We bring our clients unrivaled transaction and integration expertise, deep industry knowledge, a global network cultivated over the course of nearly 100 years, and a focus on building institutional and executive M&A capabilities—to strengthen M&A programs long term.

Some companies treat M&A as a strategy. That’s not our view. Instead, we believe M&A is an important enabler of strategy and long-term value. We work closely with clients to create a clear M&A blueprint that accelerates their progress toward strategic goals.

  • Broad perspective on M&A. We help clients determine which sectors and capabilities offer the most potential, based on deep understanding of industry value chains and the underlying economics. We also help assess capabilities to execute a given transaction, determine what investors are willing to support, and identify sources of advantage relative to competitive offerings.
  • Long-term, objective view. Our insights and fact-based view help clients determine how well M&A programs enable strategies, support growth, and provide value to shareholders.
  • Unrivaled specificity. Successful M&A programs require precision to find the best targets at the best valuation. Our M&A blueprints reflect clients’ unique competitive advantages and take market and regulatory trends into account.
  • Deep understanding of the value at stake. We help our clients apply the technical principles of valuation to their strategic decision making, M&A approaches, and managerial practices, as described in our book Valuation: Measuring and Managing the Value of Companies (John Wiley & Sons, 2015), now in its sixth edition.

Locations

Poland

We are located at the heart of Poland Capital, Warsaw.
Click Here

Kuwait

Our Middle East operations are commenced in the beautiful warm country of Kuwait.
Click Here

Careers

You can find the latest opportunities in any of our offices here. We have a high barrier to entry into company and work with top 1% applicants. 

Click here

About Us

COMPANY
World Business Council is a Financial Advisory and deal Management focused on business Acquisition and project and corporate fundraising firm based in Poland, with offices in the Middle East and Europe which connects the HNWIs and Companies to great investment opportunities.

KRS: 0000743854
EU TAX(NIP):PL7010843353
REGON: 381044982

CONTACT
Office: Aleje Jerozolimskie 85/21, 02-001 Warsaw, Poland
Tel: +48223070999
Phone: +48 881 400 002
Working Hours: 8 am- 19 pm (GMT +1)- Every Day
Email:Office@worldbc.co

Plan Your Path to Success
(Free Download)

The road to success is paved with well-laid plans.

You will receive the following file in your email:

Data Protection Notice
Which best describes you?