Introduction

This Privacy Policy applies to the processing of your personal data whose administrator is a subsidiary under the company Incat Sp. z o.o. (Ltd.), with its registered offices located at ul. Braniborska 40, 53-680 Wroclaw. It is listed in the Register of Entrepreneurs, kept by the District Court of Wrocław-Fabryczna in Wroclaw, VI Commercial Department of the National Court Register under the KRS number: 0000599310, NIP: 8992782575, REGON: 363642190, share capital in the amount of PLN 100,000.00 (hereinafter referred to as: “Company” or “Administrator”) and contains information about web cookies for Users using the website.

If you have any questions or comments, please contact us via:

  • e-mail address: biuro@incat.com.pl or
  • mail correspondence addressed to: Incat Sp.z o.o., ul. Braniborska 40, 53-680 Wroclaw

(additionally note with Personal Data Protection)

As part of this document, we would like to inform you in a transparent manner that the Company processes the User’s personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation, hereinafter referred to as “GDPR”).

Definitions

The following phrases, capitalized and used in the Privacy Policy are given the following individual definitions:

Administrator or Company – a subsidiary of the company Incat Sp. z o.o., located at ul. Braniborska 40, 53-680 Wroclaw, is listed in the Register of Entrepreneurs, kept by the District Court of Wroclaw-Fabryczna in Wroclaw, VI Commercial Department of the National Court Register under the KRS number: 0000599310, NIP: 8992782575, REGON: 363642190, share capital in the amount of PLN 100,000.00;

Personal Data – information about an identified or identifiable natural person (“data subject”); an identifiable natural person is a person

which can be directly or indirectly identified, in particular on the basis of an identifier such as name, identification number, location data, online identifier or one or several specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person;

Cookies – a small file saved on the User’s computer, in which settings and other information used on the website visited by him/her are stored;

Privacy Policy – this document which specifies how the Company will process User Personal Data;

Portal – the Company’s website, www.incat.com.pl;

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Regulation

on data protection) (Journal of Laws EU No. 2016, No. 119, p. 1), effective from 25 May 2018;

User – any person using the Portal.

Types of personal data

DATA PROVIDED BY THE USER

Contact form:

Our Portal allows you to send a query to the Company via the contact form. If you choose this contact channel, the Company may collect the following Personal Data:

  • first name and last name;
  • e-mail address;
  • other information disclosed by you in the message, e.g., CV, if you express your willingness to participate in future recruitments conducted by the Company through the contact form.

Providing the data specified above is voluntary, but necessary to provide a response

after receiving a User inquiry. The Company will process the data listed above in order to implement your instruction or provide information.

In a situation, where a response to a User inquiry requires telephone contact by the Company, the Company may require you to once again provide Personal Data previously provided in the contact form to confirm User identity.

Telephone calls and e-mails:

We have provided you with a telephone number and an e-mail address on our website.

If you choose any of the above contact channels, the Company will collect all information that you decide to provide to our employee or cooperating entity with the Company during a conversation or in an electronic message.

Providing the data specified above is voluntary, but necessary to provide a response

after receiving a User inquiry. The Company will process the data listed above in order to implement your instruction or provide information.

DATA COLLECTED AUTOMATICALLY

When using the Portal, the Company may automatically collect your Personal Data in the following areas:

IP and device data:

The Company may collect User IP addresses. The IP address is the number assigned to the terminal equipment of the person visiting the website. In addition, the Administrator may collect information about the operating system and the type of web browser and its version.

Activity data on the Portal:

The Company may collect data based on your activity on the Portal, and above all, the date and duration of the visit and the sequence of activities on the Company’s website. In the event that you reach the Portal using links on other websites, the Administrator will also collect data from which page the User was redirected to the Portal and information about the advert from which such redirection took place.

Cookies:

The website uses files called Cookies. They are saved by the Administrator

on the terminal device of the person visiting the Portal, if the web browser accepts cookies. Cookies usually contain the name of the domain from which they originated, their “expiration time” and an individual randomly selected number identifying these files. The information collected using this type of file allows for the development of general statistics regarding visits to the Portal.

The company uses two types of cookies:

  • Session cookies: after the browser session ends or the end device is turned off, the saved information is deleted from the device’s memory. The mechanism of session cookies does not allow for the downloading of any Personal Data or any confidential information from the User’s end device;
  • Persistent cookies: they are stored in the memory of the User’s terminal device and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow for the collection of any Personal Data or any confidential information from the User’s end device.

The Company uses cookies for analysis and research, as well as, in particular, audience audits to create anonymous statistics that help understand how Users interact with the Portal, which allows for the improvement of its structure.

The Cookies mechanism is safe for the terminal devices to use when browsing the Portal. This way it is not possible for viruses or other unwanted software or malware to affect the terminal equipment. However, web browsers have the option of limiting or disabling the access Cookies have to the terminal device.

If these options are used, some of our services or certain parts of our Portal may become unavailable or may malfunction.

Below are instructions on how to change the settings of the most commonly used web browsers regarding the use of cookies:

  1.  Internet Explorer browser; <link: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies>;
  2. Mozilla Firefox browser; <link: https://support.mozilla.org/pl/kb/W%C5%82%C4%85czanie%20i%20wy%C5%82%C4%85czanie%20obs%C5%82uga%20ciaeczek>;
  3. Chrome browser; <link: https://support.google.com/chrome/answer/95647?hl=en>;
  4.  Safari browser; <link: https://support.apple.com/kb/PH5042?locale=en_US>;
  5. Opera browser. <link: https://help.opera.com/pl/latest/web-preferences>.

 

Cookie Name Type Purpose for saving
ASP.NET_SessionId session Remembers session ID

 

Legal basis, purposes and periods of data processing

LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

The company processes the User’s Personal Data:

  1.  on the basis of your expressed voluntary and prior consent (art.6 par.1 lit.a RODO). The consent is collected through the Portal by selecting the appropriate box under the contact form. Any consent given may be withdrawn at any time. Please note that withdrawal of consent is only effective in the future and does not affect the lawfulness of processing based on consent before its withdrawal.
  2.  when the processing is necessary for purposes of legitimate interest pursued by the Company (art.6 par.1 lit.f RODO) and does not unduly affect your interests or fundamental rights and freedoms. Please note that when processing Personal Data on this basis, we always try to balance our legitimate interest and your privacy. Such “legitimate interests” include:

 

  1. determining or pursuing civil law claims by the Company as part of its operations, as well as defence against such claims;
  2. answering a query received through any contact channel;
  3.  conducting marketing analysis using the collected Cookies from the Portal.

PURPOSES AND PERIODS OF DATA PROCESSING

Personal data is processed only for a specific purpose and to the extent necessary to achieve it and for as long as it is necessary. Listed below are the objectives pursued by the Company, as well as entities related to the Company, for processing personal data and the periods for which it processes them.

 

Purpose of processing Processing Period
Answering an inquiry received or for contact purposes.

The period necessary to complete this task

 

and withdraw the consent given.

Processing of Personal Data for the purposes of future recruitments. Until the withdrawal of consent, but no longer than for a period of 3 years.
Conducting marketing analysis using Cookies collected from the Portal.

Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the Portal or turning off the software (web browser).

 

“Persistent” Cookies are stored

in the User’s terminal device for the time specified in the parameters of the Cookie file or until they are deleted by the User.

 

Notwithstanding the above periods, your data may be processed by the Company for the purposes of establishing or pursuing civil law claims as part of its business, as well as defence against such claims – for appropriate limitation periods for such claims, i.e., in principle no longer than 6 years from the occurrence of the event giving rise to the claim.

MEASURES TO SECURE PERSONAL DATA

All persons accessing the User’s Personal Data must comply with internal policies and processes related to the processing of personal data to protect them and ensure confidentiality. Persons with access to your personal data are also required to comply with all technical data and organisational security measures introduced to protect personal data in the Company.

We have implemented appropriate technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access, and against any other illegal forms of processing. These security measures have been implemented taking into account technical capabilities, implementation costs, processing risks and the nature of Personal Data.

TRANSFER OF PERSONAL DATA TO RECIPIENTS AND OTHER THIRD PARTIES

Personal Data may be transferred to recipients and other third parties for the purpose for which they are necessary for them to perform the tasks ordered by the Company. The recipients or other third parties may be considered:

  1. entities related to the Company in person or capital, subsidiaries of the Company and special purpose vehicles;
  2. entities processing personal data at the request of the Company, such as entities providing document archiving services, accounting services;
  3.  any national public administration authorities (e.g., Police), authorities of other EU Member States (e.g., authorities established to protect personal data in other Member States) or courts, if required by applicable national or EU law or upon their request;
  4.  legal or tax advisers;
  5. providers of IT systems and hosting services;
  6.  courier or postal service providers.

Processing entities do not decide for themselves how to process your Personal Data. The processing of Personal Data by them takes place only to the extent that it is necessary for the business of the Company. The company has control over the operations of such entities through appropriate contractual provisions protecting your privacy.

DATA TRANSFER OUTSIDE OF THE EUROPEAN ECONOMIC AREA

Personal data will not be transferred to countries outside the European Economic Area (“EEA”), which includes EU Member States, Iceland, Liechtenstein and Norway.

User’s rights and use

 RIGHTS

Each User has the right to access their Personal Data processed by the Company. If you believe that any information about you is incorrect or incomplete, please submit a request for correction. The company will immediately correct such information.

In addition, you have the right to:

  1.  withdraw your consent if the Company has obtained such consent to process Personal Data (provided that such withdrawal does not violate the lawfulness of data processing carried out prior to withdrawal);
  2. obtain a copy of your Personal Data;
  3.  request removal of your Personal Data in cases specified by the provisions of the GDPR;
  4. request to limit the processing of personal data, if such processing is carried out in order to implement the public interest or legitimate interests of the Company;
  5. transferring data, i.e., receiving Personal Data provided to the Company in a structured, commonly used and machine-readable format, and to request that such Personal Data be sent to another personal data administrator, without hindrance by the Company and subject to its own confidentiality obligations. Providing your Personal Data in the cases specified in the provisions of the GDPR;
  6. to object – for reasons related to your particular situation – to the processing of your Personal Data.

The company will verify your requests, requests or objections in accordance with applicable provisions on the protection of personal data and the GDPR. However, it should be remembered that these rights are not absolute; regulations provide for exceptions to their application.

In response to your request, the Company may ask you to verify your identity or provide information that will help the Company better understand the situation. The company will strive to explain its decision to you if your requests are not met.

Your Personal Data will not be subject to automated decision making by the Company (including profiling).

EXERCISING YOUR RIGHTS

To exercise the above rights, please send an e-mail to biuro@incat.com.pl or contact the Company by mail correspondence at ul. Braniborska 40, 53-680 Wroclaw (additionally noted with Personal Data Protection).

If you are not satisfied with the way the Company processes your Personal Data, please notify us of the problem and we will investigate any irregularities. Please report your concerns using the contact details provided above.

If you have any objections to the Company’s feedback, it is also possible to make a complaint to a competent authority associated with the protection of personal data. In Poland, this authoritative body is the President of the Office for Personal Data Protection.

In order to ensure the timeliness and accuracy of Personal Data, we may periodically ask you to check and confirm the Personal Data we have about you or inform us of any changes regarding this Personal Data (such as changing your e-mail address). We encourage you to regularly check the correctness, timeliness and completeness of the processed Personal Data.