Privacy Policy

1. GENERAL PROVISIONS

1. The Controller of the personal data (Controller) within the website https://W-itc.com, hereinafter referred to as the Website, is W-ITC spółka z ograniczoną odpowiedzialnością with its registered office in Wrocław, ul. Marsz. Józefa Piłsudskiego 74/320, 50-020 Wrocław, Poland, entered in the National Court Register kept by the District Court for Wrocław-Fabryczna under KRS number 0001008625, NIP: 8971915775, REGON: 52394116600000, share capital PLN 20,000.

2. The Controller undertakes to maintain the security and confidentiality of the personal data obtained from you, respecting your rights as data subjects and complying with applicable legislation, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and other relevant data protection legislation.

3. The Controller shall, in cases provided for by law, cooperate or consult with the supervisory authority in the Republic of Poland, i.e. the President of the Office for Personal Data Protection.

4. Any enquiries, requests, complaints regarding the processing of personal data by the Controller, hereinafter referred to as Applications, should be addressed to the following e-mail address: kontakt@w-itc.com or in writing to the Controller's address indicated in point 1.

5. The content of the Application should indicate the details of the person(s) concerned, a description of the event giving rise to the Application, set out your demands and, if possible, the legal basis for those demands, and indicate how you expect the matter to be dealt with.

2. HOW WE PROCESS YOUR PERSONAL DATA

1. As part of the Service, the Controller processes the following personal data:

a) your name, possibly your company name - in order to contact us, you will be asked to provide your name and the name of your company so that we can contact you to answer your questions or to provide you with an offer and services,

b) e-mail address - the e-mail address provided by you makes it possible for us to contact you electronically, e.g. by sending a reply to your messages sent via the contact form available on the Website and to confirm the services you have decided to use; the e-mail address also makes it possible for us to contact you in the event of such a need relating to the service being provided,

(c) telephone number - the provision of a telephone number allows you to be contacted in particular in urgent situations if the situation or your needs so require.

2. The provision of the data indicated in the preceding paragraph is necessary in the following cases:

a) in order to make contact using the form provided on the Website,
b) to make a pre-contractual offer at your request,
c) in order to conclude a contract and make use of the services described on the Website.

3. Each of you, as a user of the Service, can choose whether and to what extent you wish to contact us, use our services and share information and data about yourself within the scope set out in the contents of this Privacy Policy.

4. In accordance with the principle of minimization, we only process personal data that is necessary to achieve the purposes referred to in this Privacy Policy.

Personal data is processed by the Controller:

- for the purpose of providing electronic services, in which case the legal basis for the processing is the necessity of the processing for the performance of a contract or to take steps prior to entering into a contract at the request of the data subject (Article 6(1)(b) GDPR);
- in order to contact you, i.e. to answer your questions, to keep in touch with you in order to maintain the relationship (e.g. sending Christmas greetings) - in which case the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR),
- for analytical and statistical purposes, in which case the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting of conducting analyses of users’ activities as well as their preferences in order to improve the functionalities used and services provided;
- for the purposes of possible establishment and investigation of claims or defense against claims - in which case the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR).

5. Personal data shall be processed for the time necessary to achieve the purposes listed in this Privacy Policy or until effective objection to the processing is made. Personal data may be processed for a longer period of time where such an entitlement or obligation arises from specific legislation, or where this is required to secure possible claims - until the statute of limitations for such claims.

6. The Controller transfers your personal data outside the European Economic Area (EEA) only when necessary and with an adequate level of protection, in particular by:

- cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued as to whether an adequate level of personal data protection is ensured;
- the use of standard contractual clauses issued by the European Commission;
- the application of binding corporate rules approved by the competent supervisory authority.

The controller always gives notice of its intention to transfer personal data outside the EEA at the stage of collection.

7. The Controller does not share your personal data with third parties without your consent, except cases when:

- your personal data may be made available to public law entities, i.e. public administration bodies (e.g. tax authorities, law enforcement authorities and other entities authorised by generally applicable laws),
- your personal data is made available for the purposes of billing or claims (accounting office, law firm, courier companies).

To a limited extent, the Controller may process personal data using work management tools. However, all of these solutions provide an appropriate level of security for the data that is processed, through appropriate contracts and safeguards.

8. Personal data may be entrusted for processing to entities processing such data on behalf of the Controller. In such a situation, the Controller shall enter into a personal data processing entrustment agreement with the processor. The Controller would not be able to carry out its activities within the Service without entrusting your personal data for processing. The Controller entrusts personal data for processing to entities:

(a) providing hosting services for the website on which the Service operates,
b) providing other services for and on behalf of the Controller which are necessary for the day-to-day operation of the Service.

9. Your personal data is not subject to profiling within the meaning of the provisions of the GDPR.

10 . The Controller may also process your personal data in connection with recruitment. We may process the following data: identification data, contact details, data on education, data on work experience, skills and previous employment, data on entitlements and other data provided to us during the recruitment process. We process this data for the current recruitment process and, if you have given your consent, also for future recruitment processes for similar positions. The basis for the processing of your data is to take action at your request as a data subject (prior to the conclusion of a contract), as well as the provisions of the applicable law, in particular the Labour Code, and to a greater extent than specified in these provisions or for the purposes of future recruitment processes - the basis for processing is your consent. We will process your data for the duration of the recruitment process or, if you have consented to further processing for the purposes of other recruitment processes, until you withdraw your consent. Your personal data may be processed for a longer period in situations where such an entitlement or obligation arises from specific legislation, or in situations where this is required to secure possible claims - until the statute of limitations for such claims.

11. The Controller uses the Google Analytics tool provided by Google LLC, USA. The Controller creates statistics in order to optimise the Website. Google Analytics automatically collects information about your use of the Website. The information collected in this way is mostly transmitted to a Google server in the USA and stored there. Details on data protection by Google are available under the link: https://policies.google.com/privacy?hl=pl. Google Analytics stores information of the following categories: about visits to the Website, actions taken on the Website, time spent on the Website, how you arrived at the Website, clicks during the visit, as well as information about your browser and device using an anonymous IP address.

In order to give users who use the Website more choices about how their data collected by Google Analytics tools is used, Google has developed a browser add-on to block Google Analytics (Google Analytics Opt-out Browser Add-on), which the user can install. Read more: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

If you are interested in the details related to the processing of data within Google Analytics, we encourage you to read the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.

3. YOUR RIGHTS IN RELATION TO OUR PROCESSING OF YOUR PERSONAL DATA

1. In accordance with the provisions of the GDPR, you have the following rights:

a) the right to be informed about the processing of your personal data - you have the right to request the Controller to provide you with information on, inter alia, the purposes and legal basis for the processing of your personal data, the recipients or categories of recipients of such data, the period for which the data will be processed and, where it is not possible to determine this period, the criteria for determining this period,

b) the right of access to your personal data - by providing the Controller with your personal data, you have the right to inspect and access it; however, this does not mean that you have the right to access all the documents on which your data appears, as these may contain confidential information; you do, however, have the right to know what your data is and for what purpose it is processed and the right to obtain a copy of your personal data, with the first copy being issued free of charge and for each subsequent copy, in accordance with the provisions of the GDPR, an appropriate administrative fee may be charged corresponding to the cost of making and providing the copy,

c) Right to rectification, supplementation, updating, amendment of personal data - if your personal data has changed, it is necessary to inform the Controller of this fact so that the data held is correct and up to date; also, if there has been no change in personal data, but for whatever reason the data is incorrect or has been recorded incorrectly (e.g. as a result of a clerical error), it is necessary to rectify or amend the data,

d) the right to erasure (the so-called right to be forgotten) - this is the right to request the erasure of data held by the Controller and the right to request that the Controller inform other entities to which your data has been transferred of the need to erase it; you may request the erasure of your personal data in particular when:

- the purposes for which the personal data was collected have been achieved, e.g. the service has been fully provided to you and completed,
- the basis for the processing of your personal data was solely consent, which was subsequently withdrawn and there are no other legal grounds for further processing of your personal data,
- you have lodged an objection based on Article 21 GDPR and you consider that the Controller has no overriding legal grounds to continue processing your personal data,
- Your personal data has been processed unlawfully, i.e. without any basis for processing or on the basis of an incompatible purpose or without any indication of such purpose - please note that in this case you must have a basis for your request,
- the need to delete your personal data arises from the law.

The Controller points out that, in accordance with the provisions of the GDPR, you do not have the right to exercise your right to be forgotten if:

- processing of your personal data is necessary for the exercise of your right to freedom of expression and information,
- the processing of your personal data is necessary for the Controller to comply with legal obligations under the law - the Controller may not delete your data for the period necessary to comply with obligations (e.g. tax obligations) imposed by generally applicable laws,
- the processing of your data is carried out for the purpose of investigating, establishing or defending claims,

e) the right to restrict the processing of personal data - you may approach the Controller with a request to restrict the processing of your personal data (which would consist of only storing or actively processing the data only to the extent necessary until the dispute is resolved) if:

- you question the accuracy of your personal data or
- you believe that the Controller is processing your data without a legal basis, but at the same time you do not want it to be deleted
- The controller no longer needs your personal data, but they are needed to establish, assert or defend a claim e.g. before a court, or
- you have submitted an objection as set out below,

f) the right to data portability - you have the right to obtain your data in a computer-readable format and the right to have your data sent in such a format to another controller; you only have this right if your data was processed on the basis of consent or if your data was processed by automated means,

g) right to object to the processing of personal data - you have the right to object if you do not agree with the Controller's processing of personal data that has hitherto been processed for legitimate purposes in accordance with the law, unless the Controller has another legal basis allowing the processing of your personal data,

h) the right not to be subject to profiling - on the Service you will not be subject to automated decision-making or profiling within the meaning of the GDPR, unless you have given your consent; in addition, you will always be informed of profiling should it take place;

i) the right to lodge a complaint to the supervisory authority (i.e. the President of the Office for Personal Data Protection) - if you consider that the Controller processes your personal data unlawfully or otherwise violates your rights under the generally applicable data protection legislation. A detailed description of the procedure for lodging a complaint can be found at https://uodo.gov.pl/. If you have any comments on how the Controller processes your personal data, you are encouraged to contact the Controller in the first instance.

2. If you wish to exercise your rights, please send a message to the Controller’s registered office address or to the e-mail address (details provided in points I.1 and I.4 of this Privacy Policy).

3. Any identified breach of the processing of personal data shall be documented and, if necessary, the data subjects and, if applicable, the President of the Office for the Protection of Personal Data shall be informed of such breach.

4. CHANGES TO THE PRIVACY POLICY

This Privacy Policy is reviewed on an ongoing basis and updated as necessary. The current version of the Privacy Policy has been adopted and is effective as of 1 January 2024.

5. CHANGES TO THE PRIVACY POLICY

1. Cookies are IT data, small text files, recorded and stored on the devices through which the user accesses the Website. Information collected from cookies is used to optimize the operation of the Website, as well as for statistical and advertising purposes. Cookies record the activity of a user of the Website, thanks to which the Website is displayed in a manner tailored to the user's individual preferences. In the case of our Website, cookies are used by Google Analytics.

2. Two types of cookies are used on the Website:

- session cookies - these are files that are stored on the user's device and remain there until the session of the respective browser ends; the stored information is then permanently deleted from the device’s memory;
- Persistent cookies - are stored on the user's device and remain there until deleted; the end of the session of a particular browser or switching off the device does not remove them from the device.

3. The use of cookies on the Website is safe for users’ devices using the Website.

4. The User has the option to restrict or disable the access of cookies to his/her device. If this option is selected, use of the Website will be possible but functions that require cookies to function will not be available.

5. The user can change the cookie settings independently and at any time. The user can change the settings via the settings of his or her Internet browser.

ul. Marsz. Józefa Piłsudskiego 74/320,
50-020 Wrocław
Stay Connected: Follow us on essential social media platforms like LinkedIn, Facebook, Instagram and X for the latest updates and insights in the world of IT.
Newsletter
Join our newsletter for exclusive updates and insights into the world of IT and cybersecurity.
SHIELD4CROWD has received funding from the European Union's Horizon Europe research and innovation programme under grant agreement No 101121171
© W-ITC Sp. z.o.o

design by Proformat