Privacy policy

Data confidentiality and protection of our customers privacy is a priority for us. Therefore, in order to ensure the security of your personal data, IntraworQ Sp. z o.o. with its registered office in Warsaw (00-124) at the Rondo ONZ 1 has established a policy that defines the principles of personal data processing.

We process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereafter GDPR).

GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of 7 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Personal data controller

The administrator of your personal data within the meaning of Article 4 point 7) of the IDB is IntraworQ Sp. z o.o. with its registered office in Warsaw (00-124) at the Un Rondo ONZ 1, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register under the number KRS: 0000484758, REGON: 146978190, NIP: 525-25-76-305 (hereinafter referred to as the Administrator).

Contact with the Administrator

In all matters related to the processing of personal data, you can contact the Administrator at the above-mentioned address or by e-mail: rodo@intraworq.com.

Additionally, the Administrator has appointed a Data Protection Inspector who can be contacted in any matter related to the processing of personal data. Contact details of the Inspector: e-mail address: iod@intaworq.com.

Source of personal data collection

Personal data is collected directly from you or from third parties, e.g. the entity on whose behalf you act or our Partners, as well as from other publicly available registers. We also obtain information by completing the contact form or through cookies.

Scope of personal data processed

In case of contact with the Administrator by means of the service or the contact data provided in the service, the Administrator processes the data provided by you for the purposes indicated below. In connection with the use of cookies for statistical purposes, the Administrator may process the following data: IP address and data such as the place from which the recipient came to the site, number of visits, time of the visit to the site, viewed content.

Purpose and legal basis of personal data processing

Purpose of the data processing Legal basis
Provide an answer to the person, or contact back to the person who made contact with the Administrator through the contact form. Legitimate interest of the Administrator – Article 6(1)(f) GDPR.
Conclusion and performance of a contract – if you are a party to the contract and conclusion and performance of a contract for the provision of services by electronic means – if you use such services. Data processing is necessary for the conclusion and performance of the contract – Article 6(1)(b) GDPR.
Ensuring contacts necessary for the service and implementation of the contract concluded with the entity on behalf of which you enter and maintaining business contacts. Legitimate interest of the Administrator – Article 6(1)(f) GDPR.
Consideration of possible complaints, as well as determination, investigation and defense against claims. Legitimate interest of the Administrator – Article 6(1)(f) GDPR.
Execution of legal obligations imposed on the Administrator, concerning, among others, keeping accounts and accounting documentation. Fulfillment of the legal obligation incumbent on the Administrator – Article 6(1)(c) of the GDPR.
Sending marketing content in the form of a newsletter (containing in particular information about the company, new products, current offer) by e-mail. Voluntary consent – Article 6(1)(f) GDPR.
Conducting direct marketing activities. Legitimate interest of the Administrator – Article 6(1)(f) GDPR.
Collecting information about traffic statistics in the service. Legitimate interest of the Administrator – Article 6(1)(f) GDPR.
Execution of requests of persons, processing of personal data requests The fulfilment of the legal obligation to consider your notification (Article 6(1)(c) of the GDPR).
Conducting the recruitment process and selecting the right person for employment. To the extent arising from Article 22(1) of the Labour Code, the legal basis is the legal obligation incumbent on the Administrator (Article 6(1)(c) of the GDPR).

This includes such data as: first name(s) and surname, date of birth and contact details indicated by the candidate for the job. If it is necessary to perform a specific type of work or a specific position, this also applies to information about education, professional qualifications and the course of previous employment. The legal obligation incumbent on the Administrator includes also those data whose application is necessary to realize the right or fulfil the obligation resulting from the law.

If a candidate submits personal data for work in a wider scope than specified in the labour law, the legal basis for processing them for the aforementioned purpose is the candidate’s consent (Article 6(1)(a) of the GDPR).

This applies to all data provided by the candidate for work in the CV, cover letter or made available during interviews.

Personal data profiling

Your personal data will not be used for automated decision-making, including profiling.

Recipients of personal data

The recipients of your personal data will be:

  1. Administrator’s authorized personnel,
  2. entities processing personal data on behalf of the Administrator to fulfill the purposes for which the data are collected (in particular entities providing IT solutions and IT and technical support services). These entities must have access to the data to perform their duties. These entities will have access to personal data only to the extent necessary to perform their tasks.
  3. public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for the purposes that arise from the provisions of generally applicable law.

Can your personal data be transferred outside the European Economic Area?

As the Administrator uses Google Analytics, personal data may be transferred outside the European Economic Area. In connection with the transfer of data outside the EEA, the Administrator has taken care to use only providers that guarantee a high level of personal data protection. These guarantees arise in particular from the participation of providers in the “Privacy Shield” program established by Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of protection provided by the EU-US Privacy Shield.

Period of storage of personal data

The period of data processing is related to the purposes and grounds for their processing:

  1. the data processed on the basis of the statutory requirements will be processed for the time when the legal regulations require the data to be kept;
  2. the data processed for the purpose of concluding and performing a contract will be processed for the period necessary for its execution and settlement, which may be extended, where appropriate, by the statute of limitations for civil law claims.
  3. data processed on the basis of the legitimate interest of the Administrator will be processed until the effective objection is made or this interest ceases, e.g., data processed for the purpose of claiming or defending against claims will be processed for a period equal to the statute of limitations for these claims.
  4. data processed on the basis of consent will be processed until the withdrawal of consent.
  5. personal data processed for recruitment purposes will be stored until the end of the recruitment in which you participate. In case of additional consent to use the data for future recruitment purposes or sending application documents not related to a specific recruitment process, your data will be stored for 9 months.

Is it your responsibility to provide your personal data?

The provision of personal data by you is voluntary, however, necessary to achieve the purpose you wish to achieve, including, for example, the use of the service, the conclusion of a contract, the answer to your inquiry or the issue raised by you.

The Administrator indicates that the candidate’s provision of personal data indicated in Article 22(1) of the Labour Code is mandatory under the applicable labour law. Failure to provide such data will result in the lack of possibility to take part in the conducted recruitment process. The provision of personal data by the candidate to a greater extent than that resulting from Article 22(1) of the Labour Code is voluntary.

The Administrator declares that failure to provide such data cannot be the basis for unfavorable treatment of a person applying for employment, nor can it cause any negative consequences towards him/her, especially cannot constitute a reason justifying refusal of employment.

Applicable rights

You have the right to:

  1. demand access to his personal data, its correction, deletion or restriction of processing, as well as the right to transfer the data,
  2. if the basis for the processing of personal data is a legitimate interest of the Administrator – the right to object to the processing of personal data at any time for reasons related to the specific situation of the person,
  3. where the legitimate interest lies in carrying out direct marketing activities – the right to object at any time to the processing of personal data for the purpose of carrying out marketing activities, without the need to justify one’s decision,
  4. withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before it was withdrawn,
  5. file a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.

A request for exercising your rights can be made on the contact details given in the introduction.

Cookie files

Cookies are small files sent by a web server to your browser and stored on your computer. Cookies help the Administrator analyze network traffic and recognize which part of the website has been visited. Cookie files in no way allow the Administrator to access the computer or information about the Users, except for information about how the website was used and personal data that the Users make available automatically due to the browser settings.

The Administrator uses session and permanent cookies. Session cookies are temporary files, which are stored in the User’s end device until logging out or leaving the website. Permanent cookies allow the Administrator to recognize your browser during the next visit to the Website and adjust the Website to the needs of Users (e.g. remembering your preferred language or font size), as well as for statistical purposes. Permanent cookies remain in the memory of your peripheral device until they are deleted. Using the Internet Services, a User agrees to place cookie files on his/her computer or other device for the aforementioned purposes.

If the User does not agree to receive cookies, he can manage and control them through his browser settings. However, it should be remembered that deleting or blocking cookies may affect the way you use the Website.

In order to monitor and improve the Website, aggregate information about the Users as they browse the Website is collected, including details about the operating system, browser version, domain name, IP address, User’s URL from which they access and visit the Administrator’s websites and which subpages of the Website have been visited. The Administrator may keep general statistics, collect website traffic data and information about related sites and make this aggregate data available to third parties for marketing, advertising or other promotional purposes, however, this aggregate data does not contain any personal data. For statistical purposes the Administrator uses the services of such providers as: Google Analytics.

Social networking sites

The websites use so-called social plugins redirecting to the Administrator’s profiles on social networking sites such as https://www.linkedin.com/company/iwq/. With the help of the functionalities offered by these plugins, users can share particular content or share it in social media. However, we would like to point out that by using these plugins, a data exchange takes place between the User and the social network or internet service concerned. The Administrator does not process this data and does not know what data is collected from the Users. Therefore, we encourage you to read the rules and privacy policies of these social networking sites before using these plugins.

Final provisions

To the extent not regulated by this Policy, the EU and national regulations on personal data protection apply.

Date of the last update of the Policy: 21.05.2020