PRIVACY POLICY
The protection of personal data has always been a priority for us. It is an important element of our credibility and customer trust. Due to the development of information technologies, especially recently observed: computer networks, internet and cloud computing etc., the importance of personal data protection has increased, leading to changes in legal regulations. This policy is our response to the factual and legal changes.
Integrated Solutions sp. z o.o. is the controller of your personal data under the law. This means that we are responsible for using the data in a safe way, in accordance with the contract and the applicable regulations.
- GENERAL INFORMATION
- This Privacy Policy contains general information concerning the processing by Integrated Solutions sp. z o.o. with its registered office in Warsaw of personal data of current and potential clients, suppliers, and persons who want to start or conduct co-operation with Integrated Solutions, including those who visit the website https://integratedsolutions.pl/.
- If possible, we usually provide you with detailed information on the processing of your personal data in a separate document at the latest when we receive your personal data. Nevertheless, we have decided to repeat them once again in this Privacy Policy so that you can find them quickly. Here, you will find information on how we use the personal data you provide to us, how we safeguard it and what rights and obligations you have.
- The Policy implements the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and other regulations concerning the processing of personal data.
- PERSONAL DATA CONTROLLER
- The controller of the personal data is INTEGRATED SOLUTIONS limited liability company with its registered office at ul. Karolkowa 30, 01-207 Warsaw, Poland, entered in the register of entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Department of the National Court Register under the number KRS 0000385043, Warsaw, XII Commercial Division of the National Court Register, under KRS number 0000385043, NIP 5252506859, holding share capital of PLN 20,473,000 (herein referred to as: “Controller” “IS” or “we”)
- The Controller has appointed a Data Protection Officer, who can be contacted by email at iod@i-s.com.pl or at the address we sit (by post).
- PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
We process your data for the following purposes:
- HANDLING THE CONTACT FORM
You can contact us using an electronic contact form on the subpage https://integratedsolutions.pl/kontakt/. Using the form requires you to provide the personal data necessary to analyse the request and respond to the request. Our purpose of processing is to get in touch with you and respond to your enquiry or provide you with any information related to your request via the contact form, due to our legitimate interest.
The provision of personal data is voluntary, meaning that it is your decision whether or not to use the contact form.
If you wish to use the form, it is necessary to provide the following data: first name, surname, e-mail address, you must also enter the subject of the message and the content of the message and, if necessary (this is not required for sending the message), you must also provide a telephone number. However, the telephone number is required only if the person writing the message asks for a return phone call.
If you do not provide the required data, it will not be possible to use the contact form or for the controller to respond to your enquiry. Other forms of contact with us remain at your disposal.
The legal basis of the processing is the legitimate interest of the controller, i.e. to provide interested persons with the possibility of convenient contact with us in the form they wish, at any time and to conduct communication with the person directing an enquiry or request to us, which remains in connection with the business activity conducted by us (pursuant to Article 6(1)(f) of the GDPR)
Personal data shall be processed for the above-mentioned contact purposes until the matter is settled or an effective objection to such processing is raised, whichever occurs first. To the necessary extent, personal data may be kept for archiving purposes for 5 years from the end of the calendar year in which the contact took place. - DIRECT MARKETING INCLUDING NEWSLETTER DELIVERY
You can subscribe to the newsletter using an electronic form available on the Integrated Solutions website.
To subscribe to the newsletter, it is necessary to provide your e-mail address and consent to our sending commercial and marketing information to the indicated e-mail address by ticking the box “Yes, I want to receive commercial information from Integrated Solutions Sp. z o.o. based in Warsaw (newsletter, product, services and events related materials, as well as other marketing information) to the e-mail address provided by me.”
Providing personal data is voluntary. You decide whether you want to subscribe or not. The consequence of failing to provide the required data shall be the inability to subscribe to the newsletter.
The legal basis for processing is your consent, which we consider to be your action in the form of filling in the newsletter subscription form by entering your e-mail address and ticking the checkbox described above and clicking on the “Subscribe to newsletter” button (based on Article 6(1)(a) of the GDPR);
The legal basis for processing data for marketing purposes may also be our legitimate interest in carrying out marketing activities in relation to individuals who may have expressed a wish to receive such content (based on Article 6(1)(f) of the GDPR);
Personal data shall be processed for marketing purposes until you have effectively withdrawn your consent to the processing of your data or expressed an effective objection to the processing of your data for this purpose (or you have opted out of the sending of newsletters or other materials). To the necessary extent, personal data may be kept for archiving purposes for 1 year. - LEAD FORM
You can subscribe to our marketing database using an electronic form available on the Integrated Solutions website.
To subscribe to our marketing database, it is necessary to provide your first name, surname, company name, e-mail address and the content of the message as well as consent to our sending commercial and marketing information to the indicated e-mail address by ticking the box “I consent to Integrated Solutions sp. z o.o. processing my first name, surname, company name, e-mail address and the content of the message for marketing purposes (including presentation of an offer, sending a newsletter and materials about products and services)” and the checkbox “I consent to the receipt of commercial information from Integrated Solutions Sp. z o.o. based in Warsaw (including the content of an offer, a newsletter, materials about products, services and events as well as other information of a marketing nature) at the e-mail address provided by me.”
Providing personal data is voluntary. You decide whether you want to subscribe or not. The consequence of failing to provide the required data shall be the inability to use the lead form.
The legal basis for processing is your consent by ticking the box “I consent to Integrated Solutions Sp. z o.o. processing my name, surname, company name, e-mail address and the content of my message for marketing purposes (including presentation of an offer, sending a newsletter, materials about products and services).”
Personal data shall be processed for marketing purposes until you effectively withdraw your consent to data processing. Then, to the necessary extent, personal data may be kept for archiving purposes for 1 year. - WEBINAR
You can sign up for the webinar using the electronic form available on the Integrated Solutions website.
To sign up for the webinar, it is necessary to provide your first name, surname, the name of the company on behalf of which you will participate in the webinar, as well as your e-mail address and consent to the processing of your personal data by ticking the checkbox “I consent to the processing of the personal data I have provided on this form by Integrated Solutions sp. z o.o. for the needs of the webinar.”
Providing personal data is voluntary. You decide whether you want to subscribe or not. The consequence of failing to provide the required data shall be the inability to participate in the webinar.
The legal basis for processing is your consent, which is defined as ticking the box “I consent to the processing of the personal data provided by Integrated Solutions Sp. z o.o. to conduct the webinar” (pursuant to Article 6(1)(a) GDPR);
Personal data shall be processed until the webinar is delivered and then, to the necessary extent, personal data may be stored for archiving purposes for 1 year. - CONCLUSION AND PERFORMANCE OF THE AGREEMENT
Your personal data shall be processed in particular so that we can take action on your requests before entering into an agreement and then conclude the agreement and perform it. The performance of the agreement also includes activities such as ensuring the correct quality of the service (e.g. through troubleshooting and checking the correct functioning of the services), as well as ongoing contact with you as our customer.
We process data for the above-mentioned purposes as it is necessary for the performance of an agreement to which you are a party or to take steps prior to its conclusion at your request (Article 6(1)(b) of the GDPR).
The provision of personal data is voluntary in the sense that you decide whether you wish to enter into an agreement with us or not but it is necessary for the conclusion and further performance of the agreement.
To conclude an agreement, we require your data (if you do not provide such data, we shall not conclude the agreement). In addition, we may ask for optional data, which does not affect the conclusion of the agreement (if we do not receive it, we cannot, for example, call a contact number).
During the course of the agreement, while providing services, we come into possession of your other data, including personal data of your employees or associates delegated to contact us. Their appearance to us is a consequence of the technical operation of our services that you use. This purpose is described in more detail in section 6 below.
At the time of concluding an agreement or during its duration, you may, for example, order additional services or goods or make use of functions not yet covered by the agreement. If this requires the use of your data in a manner other than that described in this document, we shall complete the missing information and provide it, if possible, before obtaining the data. Otherwise, the data processing information contained in this document shall remain valid.
Personal data shall be processed until the settlement of the completed agreement. To the necessary extent, personal data may be stored for archiving purposes until the mutual claims of the contracting parties expire. - COLLECTION OF PERSONAL DATA OF REPRESENTATIVES, AGENTS, MEMBERS OF BODIES, PROXIES AND CONTACT PERSONS FOR THE PURPOSE OF CONCLUDING AND PERFORMING THE AGREEMENT
In connection with the conclusion and performance of agreements within the scope of our business activities, we collect the data of persons involved on behalf of the other party designated for agreement or representation.
Usually, such data is collected directly from the data subject or transferred by the other contractual party for which such persons act. In specific cases, such data may also be obtained by us from publicly available sources, such as the contractor’s website or public registers (including company registration number, Central Registry and Information about Business Activities).
The scope of the processed data is in each case limited to the extent necessary for the conclusion and performance of the agreement and usually does not include other information than the name and surname, identification numbers (e.g. VAT identification number), data indicated in the document authorising to act on behalf of the other contractual party, and professional agreement data understood as company telephone number, company e-mail address, data of the contractual party on whose behalf such a person acts, including the place of work, position and role in the structure of the represented entity, held qualifications and entitlements required to perform the agreement (if the specificity of the agreement requires so). This information may be supplemented by details of existing relationships and agreements between us and the person concerned and other details contained in the footer of any correspondence we receive or on our business card or communicated to us directly by the person concerned to facilitate the performance of the agreement.
The provision of personal data originating directly from the natural person is in principle voluntary, although in some cases the source of the obligation to provide such data may derive from the legal relationship that links you with the other contractual party for whom you are acting (employment agreement, contract of mandate, organisational relationship).
The legal basis for the processing is Article 6(1)(f) of the GDPR, i.e. our legitimate interest in enabling the correct and effective conclusion and performance of the agreement through the persons appointed on behalf of the other party to the agreement.
Personal data processed in connection with the concluded agreements shall be stored for the time necessary for the performance of a given agreement, however, no longer than for the time necessary to assert any possible claims under this agreement or until the expiry of the obligation to data storage resulting from legal regulations (e.g. accounting). - VERIFICATION OF PAYMENT RELIABILITY
When concluding, renewing or extending the scope of the agreement for the duration of such action, we shall use information concerning you from the register of entrepreneurs, the Central Registry and Information about Business Activities and the database of the Central Statistical Office to the extent published therein, as well as information from entities professionally engaged in collecting and analysing information on the economic condition of entrepreneurs to the extent made available by them to verify your data and your payment reliability.
The legal basis for processing is Article 6(1)(f) of the GDPR, i.e. our legitimate interest in ensuring the correct conclusion and stable performance of the agreement by the other party.
The aforementioned personal data shall be processed until the conclusion or settlement of the agreement, depending on its nature, however not longer than for the period necessary to assert any possible claims under this agreement or until the expiry of the obligation to data storage resulting from legal regulations (e.g. accounting). - ENSURING THE PROCESSING OF COMPLAINTS AND SERVICE SUPPORT
Within the scope of ensuring the service of our products and services, we collect personal data to analyse and respond to claims concerning the performance of agreements concluded by us and to provide service, including the provision of service support by informing about failures, adjustment of the service based, among others, on data on the offer you are using or data on complaints submitted to date.
We process your data as it is necessary for submitting and processing your service request as well as for improving the quality of our services and ensuring safety. You can submit a service request via the hotline under no: 801 647 647, by e-mail to: service@integratedsolutions.pl or by fax to: (22) 556 39 92.
Providing personal data for the purposes of submitting and processing a service request is a contractual requirement. Failure to provide data makes it impossible to submit a service request.
The legal basis for the processing of personal data for this purpose is the need to process personal data for the performance of the agreement linking us to the natural person (Article 6(1)(b) of the GDPR) or due to our legitimate interest (under Article 6(1)(f) of the GDPR), which is the performance of the agreement linking us to the entity through representatives of that entity or persons designated for the agreement and improving the quality, speed, service, security and reliability of services.
Personal data shall be processed for the purpose of executing a service request until the case is resolved. To the necessary extent, personal data may be stored for archiving purposes for 5 years from the end of the calendar year in which the service request was made. - ESTABLISHING AND MAINTAINING BUSINESS RELATIONSHIPS
In the course of conducting our business, we also collect personal data of contact persons of other entities (public and private) in other cases, in which talks on concluding agreements with these entities are not yet conducted. For example, data may be collected at business meetings, in the exchange of business cards or from publicly accessible websites of these entities. Such data are then processed for the purposes of establishing and maintaining business relationships.
The scope of the processed data is, in any case, limited to the extent necessary to establish and maintain the business contact and does not usually include other information than that disclosed on the business card or in the footer of an e-mail message, such as name, surname and professional contact data understood as company telephone number, company e-mail address, data of the entity for which the person works, including place of work, position and role in the structure of this entity. This information may be supplemented by details of existing relationships and contacts between the person and us.
Providing personal data directly from a natural person is voluntary. The consequence of failing to provide the required data shall be the inability to include you or the entity for which you are acting in our network of contacts.
The legal basis for the processing is our legitimate interest (Art. 6(1)(f) of the GDPR) to build a network of contacts in relation to persons interested in our business activities.
Personal data processed for the purpose of maintaining business contacts shall be stored for the duration of our business activities or until you object to the processing of your personal data. - RECRUITMENT
If you are a job applicant, you are very welcome to use our recruitment service, which can be found on our website at https://integratedsolutions.pl/dolacz-do-zespolu/.
During the recruitment process, we shall process the data required by law and other data provided by you, obtained in the course of recruitment meetings, including tests you took and other methods used in the course of recruitment meetings to verify your competencies and skills, as well as data on references obtained from the person indicated by you. This data shall be used to establish your competencies and skills and assess them to meet the requirements for the position you are applying for.
Your data may be processed:
– based on legal provisions (the controller’s obligation under the law, i.e. Article 6(1)(c) of the GDPR in connection with Article 221(1) of the Labour Code) and then such processing includes the following personal data: (names) and surname, date of birth, contact details provided by the candidate, education, professional qualifications, course of previous employment, or, for data whose processing does not result from legal provisions;
– based on your voluntary consent, which IS considers to be the sending, on your own initiative, of a CV and/or a cover letter containing additional data other than that required by the provisions of the Labour Code or the provision of such data during recruitment meetings, including the tests you participated in and other methods used during recruitment meetings to verify competencies and skills, and data on references obtained from the person you indicated (Article 6(1)(a) of the GDPR);
– based on legal provisions (processing is necessary to take action at the request of the data subject before entering into an agreement i.e. Article 6(1)(b) of the GDPR) in the case of employment based on a civil law agreement;
for a period:
– until the end of the recruitment process in which you are taking part or you resign from the recruitment,
– in the scope in which the data are processed based on consent – until its withdrawal.
Within the scope resulting from the provisions of the law, providing your data for the recruitment process is a legal requirement and their omission shall result in the inability to consider your application for the offered position. Providing other data is voluntary and such data is not decisive for the outcome of the recruitment and conclusion of the employment agreement, however, it may be taken into consideration by us.
In the case of recruitment in connection with employment based on a civil law agreement, providing data is a condition for participation in the recruitment process and possible conclusion of an agreement and, at the same time, its requirement. The consequence of failing to provide the required data shall be the Controller’s inability to consider the candidate in the recruitment process.
Your data may also be stored for the purpose of conducting future recruitment processes based on your voluntary consent (Article 6(1)(a) of the GDPR), which you may grant, e.g. by (i) ticking the relevant box in the recruitment form, (ii) including information in your recruitment documents about your consent to the processing of your personal data in subsequent recruitment processes, (iii) by sending recruitment documents not related to the currently conducted recruitment processes or in the case of a temporary lack of such processes or (iv) by expressing such consent during recruitment meetings. Data shall be processed for this purpose until:
– the start of the recruitment process based on the recruitment received documents, or
– the moment of withdrawal of your consent to the processing of your personal data but no longer than for one year from the moment of your consent to the processing of your personal data for future recruitment, whichever comes first.
Providing your data for the purposes of future recruitment is voluntary and their omission shall result in the inability to consider your candidacy in the future recruitment processes. - CREATION OF COMPILATIONS, ANALYSES AND STATISTICS FOR OUR INTERNAL NEEDS
Such activities include, in particular, reporting, marketing research, service development planning, development work in IT systems, creation of statistical models (e.g. for revenue protection) ľ for the duration of the agreement and thereafter for no longer than the period after which claims arising from the agreement become time-barred (legal basis: our legitimate interest).
We shall not ask you for additional data for this purpose but we may use data that we have obtained in the course of working with you or your organisation for this purpose.
The legal basis for the processing is our legitimate interest (Article 6(1)(f) of the GDPR) to analyse available business information in order to improve products, services and business development.
The Controller shall keep your personal data for the duration of the agreement and thereafter for no longer than the period after which claims under the agreement become time-barred. - FULFILMENT OF LEGAL OBLIGATIONS ARISING FROM LEGISLATION APPLICABLE TO THE ACTIVITY
Such obligations may consist, in particular, in issuing and storing invoices and accounting and bookkeeping documents, responding to complaints, documenting the provided services, proper identification of the represented entity, preventing violations and corruption, preparing and making available to authorised bodies the documentation that enables monitoring, reporting and accounting, and other actions, if required by law.
The provision of personal data in such a case may be a legal requirement. If the relevant data is missing, we shall ask you to complete it.
The legal basis for the processing is a legal obligation on the Controller, i.e. Article 6(1)(c) of the GDPR)
The Controller shall store personal data until the fulfilment of the legal obligation or until the expiry of the obligation to store data resulting from legal regulations (e.g. tax, accounting). After this date, data may be stored for archiving purposes. - ARCHIVING
We may also archive any personal data we collect, with the exception of data the processing of which is prohibited for this purpose by applicable law, so that we can access it at a later date if the need arises.
The legal basis for the processing is the legitimate interest of the controller, i.e. the necessity to document evidence of the conducted business activity, inter alia, in accordance with applicable regulations and to use the archived material for the purpose of investigating, establishing or defending against claims, including storing evidence of our business activity which is of factual and legal significance for us, which remains in connection with the controller’s business activity (pursuant to Article 6(1)(f) of the GDPR). In this case, we assess that your fundamental rights and freedoms are not overridden by the indicated interest.
Personal data processed for archiving purposes shall be stored for the duration of our business activities or until your raising an objection.
- HANDLING THE CONTACT FORM
- YOUR RIGHTS
Which rights you have depends on the circumstances of the processing, including but not limited to the legal basis on which we process the personal data.
As a general rule, you have the following rights:- The right of access and a copy of your data (Article 15 of the GDPR),
If you make such a request, we shall confirm whether we are processing your personal data and provide you with all relevant information about this processing. You can obtain a copy of the personal data we hold about you free of charge under the terms of the GDPR.
You can also always obtain information from us about:
a) the purpose of the processing of your data,
b) what kind of data we process,
c) to whom we transfer your data,
d) how long we plan to keep your data, - the right to rectification of your data (Article 16 of the GDPR),
If you make such a request, we shall remove errors, inconsistencies in the processed data or complete them. We are committed to ensuring that the data we process is up to date and factually correct. - the right to the erasure of data (Article 17 of the GDPR),
If you make such a request and there are no circumstances under the provisions of the GDPR that prevent you from exercising your right, we shall delete the collected personal data. In particular, you can request the erasure of personal data when:
a) the personal data is no longer necessary for the purposes for which it was collected or processed,
b) you have withdrawn the consent on which the processing is based and there is no other legal basis for the processing,
c) the personal data has been processed unlawfully,
d) the personal data must be erased to comply with a legal obligation foreseen by law.
Please note that the right to the erasure does not apply to the extent that the processing of personal data by the Controller is still necessary:
a) for exercising the right of freedom of expression and information,
b) to comply with a legal obligation requiring the processing by law (e.g. the obligation to keep tax, billing and VAT documentation etc. – to the extent resulting from universally binding legal provisions) or to perform a task carried out in the public interest or in the exercise of official authority vested in the Controller,
c) for reasons of public interest in the field of public health in accordance with the GDPR,
d) for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes insofar as the right to the erasure is likely to prevent or seriously impede the purposes of such processing; or
e) for the establishment, exercise or defence of claims. - the right to restrict processing (Article 18 of the GDPR),
You may exercise your right to restrict processing by limiting our activities performed on your personal data to only storing it or activities agreed with you if:
a) you contest the accuracy of the personal data,
b) the processing is unlawful and you object to the erasure of the data,
c) we no longer need the personal data for the purposes of the processing but you need it to establish, assert or defend your claims,
d) you have objected to the processing on grounds relating to your particular situation. - the right to data portability (Article 20 of the GDPR),
You have the right to request your personal data in a structured, commonly used machine-readable format and the right to request that this personal data be sent to another controller, where the processing of this data takes place based on consent or an agreement concluded with you and by automated means. However, you only have this right if the processing is based on your consent or required for the performance of an agreement. You can also ask us to send them directly to another responsible entity designated by you. - the right to object on grounds relating to your particular situation (Article 21(1) of the GDPR),
If we process your personal data based on a legitimate interest (excluding direct marketing), you have the right to object to this processing if you believe that your particular situation justifies the cessation of our processing of this data. We shall grant your request in this respect if we assess that we are unable to demonstrate the existence of valid legitimate grounds for processing overriding your interests, rights and freedoms. - the right to object (Article 21(2) of the GDPR),
If you object to our processing of your data for direct marketing purposes, including to the performed profiling, we shall cease processing for this purpose. The submission of such an objection does not require any justification. - the right not to be subject to a decision based solely on automated processing, including profiling (Article 22 of the GDPR),
You have the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on you or similarly significantly affects you. We do not currently carry out such processing. If there are prerequisites that allow us to make such a decision, then you shall be informed. - the right to lodge a complaint with a supervisory authority
If you believe that we are processing your personal data in violation of the provisions of the GDPR or other data protection legislation, you have the right to lodge a complaint with the supervisory authority for the processing of personal data, which has jurisdiction over the place of your habitual residence, place of work or the place where the alleged infringement occurred. In Poland, the supervisory authority is the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warszawa (https://uodo.gov.pl/).
We make every effort to ensure that the exercise of this right is not necessary.
- The right of access and a copy of your data (Article 15 of the GDPR),
- CONSENT AND WITHDRAWAL OF CONSENT
The consents given by you can be revoked (withdrawn) at any time. However, the withdrawal of your consent shall not affect the actions taken prior to its withdrawal.
You may withdraw your consent, e.g. by contacting us by e-mail at iod@i-s.com.pl, in writing to the Controller’s registered office address given in para. 2, section 1) above or in person at the Controller’s registered office. - HOW TO EXERCISE YOUR RIGHTS
You can exercise any of the rights indicated above by contacting us by e-mail at iod@i-s.com.pl, in writing to the address of the Controller’s registered office given in para. 2 section 1) above or personally at the Controller’s registered office, indicating the content of the request for exercising a particular right.
If your request is unclear to us or needs to be clarified, we shall contact you about it. In the case of doubt as to your identity, we shall contact you to obtain additional information to help us verify it.
We shall endeavour to reply to your request as soon as possible and at the latest within one month from receiving it. If we need to extend this period, e.g. due to the complexity of the request, we shall notify the Data Subject, stating the reasons for the extension.
As a general rule, we shall respond in the form in which we received the request unless you expressly indicate to us by which means you expect a response. - RECIPIENTS OF PERSONAL DATA
Your personal data may be forwarded to other entities whose services we use or to whom we are obliged to forward them by law.
Your personal data shall only be transferred to the necessary extent.
We transfer your personal data to the company that is the hosting provider for our website. Foreseen recipients of personal data shall also be: entities providing us with marketing support services (e.g. newsletters), IT and TELCO support services including IT systems maintenance and servicing, data hosting, telecommunication and cloud services, email service providers, couriers, postal providers, entities providing documentation archiving and destruction, controller’s consultants, entities authorised to receive personal data under applicable law; entities that perform activities commissioned by the controller, which is necessary to carry out recruitment (e.g. entities that perform activities commissioned by the controller, which is necessary to carry out the recruitment process (e.g. entities supporting recruitment processes), and other entities that perform activities commissioned by the controller or provide it with services/goods necessary for its operations, as well as companies from the IS capital group, including Orange Polska S.A., among others, in carrying out recruitment and for internal administrative purposes.
Moreover, personal data may be transferred to public authorities or entities authorised to receive such data under applicable laws. - TRANSFER OF PERSONAL DATA OUTSIDE THE EEA AREA
As a general rule, your personal data shall not be transferred to a third country (i.e. a country outside the European Economic Area consisting of the EU countries and Iceland, Liechtenstein and Norway, hereinafter referred to as “EEA”). However, if such a transfer would be necessary due to our use of cloud-based IT solutions or serviced by a service centre located outside the EEA, we shall only do so based on standard contractual clauses (pursuant to Article 46(2) of the GDPR), based on a decision of the European Commission determining the adequacy of protection in a third country (Article 45 of the GDPR), or we provide another mechanism that is lawful and legalises such a transfer and provides adequate safeguards for the protection of personal data in accordance with the applicable legal provisions in this regard. - ATTENTION TO DATA SECURITY
Your data is secured by us by applying organisational and technical measures which are necessary and appropriate to prevent any risk of infringement of your rights or freedoms.
In particular, we protect your personal data against access of unauthorised persons and damage or loss.
The security of data transmission is ensured through the use of the SSL (Secure Socket Layer v3) transmission protocol. SSL involves encrypting data before it is sent from your browser and decrypting it after it has securely arrived at the server operating our website.
In addition, we take all necessary measures to ensure that our subcontractors and other co-operating entities guarantee to apply appropriate security measures whenever they process personal data on our behalf. - ENTRY INTO FORCE OF THE POLICY AND ITS CHANGES
- The rules set out in this Privacy Policy are governed by Polish law.
- The Controller reserves the right to amend the Privacy Policy.
- The users shall be informed about the introduced changes and the date of their entry into force, in particular by posting a notice on the website.
- This Privacy Policy shall come into force on 13 September 2021.