DATA PROTECTION POLICY
I. Information obligations and responsible body.
Bytamic Solutions Sp. z o.o. (“us”, “we”, or “our”) with its registered office in Warsaw, Poland, NIP 5272962520, REGON 389300568: registered by the 14 th Commercial Division – National Court Register of the Regional Court for the Capital City of Warsaw in Warsaw under no. 0000906988 is the controller of personal data in the understanding of GDPR. This means that we determine the purposes and means of the processing of personal data of visitors of our websites, customers, and contractual partners.
We respect and value your privacy, therefore we process personal data in accordance with applicable regulations, in particular the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation, GDPR), with the utmost care to ensure that your personal data is secure.
This Data Protection Policy informs you of our policies regarding the collection, use and disclosure of personal data when you use our website or give us your data in other way. In the Policy, we also explain what rights are granted to you in connection with the processing of your personal data.
You can contact us by sending us an e-mail to firstname.lastname@example.org
II. Purpose and legal basis of the processing of personal data
Some services on our website may require us to process personal data about you in order to provide our services. This is, of course, only done within the legal framework, insofar as it is necessary and you have consented to it in the event of legal necessity. We take great care to adhere to the principles of data reduction and data economy.
1) Calling up and visiting our website – server log files
For the purpose of the technical provision of the website, it is necessary that we process certain data automatically transmitted by your browser so that our website can be displayed in your browser and you can use it. When you access our website, our web server automatically collects data in a server log file. They are the following:
- browser type and browser version and operating system used
- the website from which your access is made,
- the domain name of the Internet service provider,
- the IP address of your computer,
- the pages you visit on our website, as well as the date and duration of your visit.
The storage of the afore-mentioned access data is required for technical reasons in order to provide a functioning website and to ensure system security. This also applies to the storage of your IP address, without which you cannot visit our website. In theory, it would be possible to establish a personal reference.
Furthermore, we process these data from the server log files solely for statistical purposes and in order to optimise our website and improve user-friendliness.
The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
If you are interested in us as an employer and would like to apply for a job with us, we collect various personal data that we need to review your application.
The data collected in the recruitment processes will be processed:
- in order to comply with legal obligations arising from the employment process, including in particular the Labour Code – the legal basis for the processing of personal data is Article 6(1)(c) of the GDPR in relation to the provisions of the Labour Code – processing is necessary for compliance with a legal obligation to which the controller is subject.
- in order to conduct the recruitment process in the scope of data not required by law, as well as for the purposes of future recruitment processes – the legal basis for processing is the consent of the candidate (Article 6(1)(a) of the GDPR);
- in order to possibly set and enforce claims or defend against them – the legal basis of the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).
3) Employees, contractors and former employees
We can process your data:
- to conclude or perform agreements concluded with you – we process data to perform employment contracts or mandate agreements concluded with you, including to make an assessment, provide training, grant social benefits, manage business travel, and to perform activities before signing an agreement with you (Article 6(1)(b) of the GDPR);
- to comply with legal obligations – we also process data when carrying out numerous obligations imposed on us by law, including the Labour Code, regulations on social and health insurance, trade unions, occupational safety and health, employment-related benefits (e.g. social benefit fund), tax law ((Article 6(1)(c) of the GDPR);
- for purposes resulting from our legitimate interest – In certain situations we process your data for purposes arising from our or third party’s legitimate interests. For example, we do it: i) to establish, exercise or defend claims; ii) to grant powers of attorney to act on behalf of the data controller; iii) for our internal administrative purposes, including to manage staff and to prepare statistics and internal reports (Article 6(1)(f) of the GDPR);
- based on your consent – We process your data based on your consent. You give us your consent for specific purposes, e.g. so that we can transfer your data to our clients , also outside of EEA. You have the right to withdraw your consent at any time ((Article 6(1)(a) of the GDPR);
4) Customers and potential customers
We can process your data:
- to establish business contacts – processing will take place on the basis of Article 6(1)(f) of the GDPR – processing is necessary for the legitimate purposes of the controller seeking to sell services;
- to conclude and perform of a contract – processing will take place on the basis of Article 6(1)(b) of the GDPR – processing is necessary for the performance of contract and its conclusion;
- to keep accounting and tax records – processing will take place on the basis of Article 6(1)(c) of the GDPR – processing is necessary to fulfil a legal obligation;
- to collect of receivables – processing will take place on the basis of Article 6(1)(f) of the GDPR – processing is necessary to pursue the legitimate liquidity interests of the controller;
- to assert and protect against claims – processing will take place on the basis of Article 6(1)(f) of the GDPR – processing is necessary to pursue the legitimate interests of the controller consisting in defending the interests of the trader.
We use so-called cookies on our website. Cookies are small text files that are stored by the web browser on your computer or mobile device. Cookies do not cause any damage to your computer, do not contain viruses, and are automatically deleted after they expire. Some cookies expire when you end your Internet session; others are stored for a maximum of 100 days.
Some of the cookies we use on our website come from third parties that help us analyse the impact of our website content and our visitors’ interests, measure the performance of our website or serve to place ads and other content on our website or other websites. Within the framework of our website, we use both first-party cookies (only visible in the domain you are visiting) and third-party cookies (visible across domains and regularly placed by third parties).
You can, of course, also view our website without cookies. You can use your browser settings to prevent cookies from being stored on your computer. Existing cookies can also be deleted via the browser settings. In this event, however, the functionality of our website may be limited.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR for third-party cookies, which we set mainly for marketing purposes and thereby process personal data that are not required for normal website operation. Another legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR for cookies that we place to protect our legitimate interests (technical provision, optimisation, user-friendliness, security).
The legal basis for data processing is Art. 49 para. (1) sentence 1 lit. a GDPR. Standard contractual clauses to ensure an adequate level of data protection have also been concluded.
III. Recipients of the data
Within our company, access to your data is given only to those who require them to fulfil our contractual and legal obligations. Service providers and vicarious agents used by us (e.g. technical service providers, shipping companies, waste disposal companies, companies maintaining and servicing our IT servers, companies that support us in the IT area, including servicing devices used by us in our current operations and entities maintaining the software that we use as part of our day-to-day operations) may also receive data for these purposes. Depending on the circumstances, we commission these service providers within the framework of order processing. They are then subject to our instructions and may only process the data for narrowly defined purposes.
In individual cases, we also transmit personal data to our legal and tax advisors, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional status.
The recipient of the data may be public entities that perform tasks on the basis of applicable law.
IV. Data transfer to third countries
We process your data predominantly in Poland and EEA (European Economic Area).
V. Duration of the data storage.
We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage. Depending on the circumstances, this also includes the periods of time for initiating a contract and the subsequent performance of the contract. If a contractual relationship ends, the data processing purposes no longer apply or statutory retention periods expire, we will delete your data. There are a wide variety of deadlines for the retention of data and documents, which may result from the Commercial, the Fiscal or the Civil Code, for example. The deletion periods range from a few days to 10 years, depending on the circumstances.
In the case of data processing on the basis of the Administrator’s legitimate interest, the data is processed for a period of time enabling the implementation of this interest or to enable an effective objection to data processing. If the processing is based on consent, the data is processed until it is withdrawn. Data processed on the basis of a legal obligation incumbent on the Administrator shall be processed until the existence of such an obligation arising from individual provisions of law.
VI. Data security.
To ensure the appropriate security of your data on our website and systems, we take appropriate technical and organisational measures to protect your data from loss, destruction, unauthorised access and manipulation. The measures we apply are continuously developed in line with technological progress.
We use TLS encryption for our web forms. This protects your entries in our web forms during transmission to our servers. You can recognise an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in your browser line. Nonetheless, we would like to point out that this does not represent complete protection against attackers.
VII. Your rights as a data subject.
Under the GDPR, you are entitled to the following statutory data subject rights, provided that the prerequisites are met:
- Right to information about your data stored by us in accordance with Art. 15 GDPR,
- Right to rectification of inaccurate data in accordance with Art. 16 GDPR,
- Right to the deletion of the data stored by us in accordance with Art. 17 GDPR,
- Right to restrict the processing of data stored by us in accordance with Art. 18 GDPR,
- Right to data portability in accordance with Art. 20 GDPR,
- Right to revoke at any time under Art. 7 (3) GDPR any consent given to us; this will result in us not being allowed to continue the data processing based on this consent in the future.
- Right to lodge a complaint with a competent supervisory authority in line with Art. 77 of the GDPR if you consider that processing of your personal data infringes the GDPR provisions: you can exercise your right to complain to the competent authority in any country or state where our offices are located or in the country or state where you are located.
Right of objection
Insofar as the processing of your data is carried out to protect legitimate interests, you have the right to object to this processing at any time using the contact details provided if your particular situation gives rise to reasons that prevent such data processing. We will then no longer process your data unless they are predominantly based on our own legitimate interest or another legal basis. If you would like to exercise your right to object, send an email to the above email addresses.
VIII. Obligation to provide data
In principle, you are not obliged to provide us with your personal data. However, if you do not do this, we will not be able to provide you with unrestricted access to our website or to respond to your enquiries to us. Personal data that we do not absolutely need for the above-mentioned processing purposes are marked accordingly as voluntary information.
Providing data contained in recruitment documents is not mandatory, however, it is a condition necessary to fulfil when applying for job position.
If you do not provide us with your data, we will not be able to enter into or perform an employment contract or a mandate agreement with you. Provision of the data is voluntary, but necessary to enter into and perform an agreement with us.
IX. Automated decision making/profiling
We do not use automated decision making or profiling (an automated analysis of your personal circumstances).
Our data protection policy is regularly revised and updated from time to time to comply with the legal data protection and privacy laws in force.