Dear Sir or Madam,
At GTC AMG, the security of your personal data is our highest priority.
For this reason, we communicate transparently about any events that may
be relevant to the protection of the information entrusted to us.
Our approach is based on care, responsibility, and constantly improving
our cybersecurity standards. In today’s world, where cyberattacks
unfortunately occur with growing frequency, we remain committed to
keeping your data safe and ensuring that you stay well-informed.
On 13 November 2025, we recorded an incident involving the encryption of
certain data stored on one of our servers. We became aware of this on
17 November 2025 and immediately activated our security procedures.
The incident falls within the category of widely observed ransomware
attacks that have affected organisations in Poland and worldwide.
Importantly,
we currently have no information or indication that any personal
data has been downloaded, copied, disclosed, or misused in any way
.
Our investigations to date have not confirmed that a data leak has occurred.
However, out of an abundance of caution, we are informing you that certain
personal data may have been affected by the attack itself. This may
include information such as your name, address, national identification
number (PESEL), company details, bank account number, copies of diplomas,
or identity document details.
Although we have not identified any misuse of personal data, we recommend
observing several basic cybersecurity practices that are advisable
independently of this incident:
- avoid opening messages from unknown senders or clicking on unexpected links,
- be cautious when sharing personal information by phone or email,
- verify the identity of anyone requesting your data.
From the moment the incident was detected, we have undertaken extensive
efforts to fully investigate its causes and strengthen our security measures.
Our team, together with cybersecurity specialists, is implementing additional
technical and organisational safeguards to further protect your data and
minimise the risk of similar events in the future.
If you have any further questions, we remain at your disposal at:
spiszczatowski@inveni.re
We apologise for any inconvenience this situation may have caused and thank
you for your trust. Please rest assured that we are consistently working to
ensure the highest level of data security.
Information required under Article 34 of the GDPR
In accordance with Regulation (EU) 2016/679 of the European Parliament and
of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data Protection Regulation,
GDPR), we hereby inform that:
The controller of your personal data is
GTC AMG sp. z o.o., ul. Rolna 155A, 02-729 Warsaw, Poland
(KRS 0000141779, NIP 1180114897, REGON 011675790).
You can reach us at
spiszczatowski@inveni.re
Your data is processed to manage and evaluate the recent security incident,
meet our legal obligations (including notifying the supervisory authority),
and take all necessary follow-up and documentation measures.
The legal bases for this processing are Article 6(1)(c) GDPR (legal
obligation) and Article 6(1)(f) GDPR (our legitimate interest in safeguarding
data and IT security).
We do not use automated decision-making or profiling in relation to your data.
Your data will be stored only for the time needed to fulfil these purposes,
or until an objection is raised (if processing is based on legitimate interest),
and afterwards for the statutory limitation or retention periods.
You may exercise your rights of access, rectification, erasure, restriction
of processing, data portability, objection, and request for transmission of
your data to another controller by contacting us at the above address.
You also have the right to submit a complaint to the President of the Personal
Data Protection Office.
This information is provided in accordance with Article 34 GDPR.
