Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – the General Data Protection Regulation (OJ EU L 119 of 04.05.2016, p. 1, as amended in OJ EU L 127 of 23.05.2018, p. 2) (hereinafter: the “GDPR”), we hereby provide you with information regarding the processing of personal data.
The controller of your personal data is ComCERT SA, with its registered office in Warsaw at 13 Branickiego St., 02-972 Warsaw, registered in the Polish National Court Register under (KRS) number: 0000406425, Polish Tax Identification Number (NIP): 5252524691, Polish Statistical Number (REGON): 145934931, with share capital of PLN 136,000.00 (one hundred and thirty-six thousand zloty), fully paid up (hereinafter: “ComCERT”).
ComCERT holds the status of a large enterprise within the meaning of the Act of 8 March 2013 on counteracting excessive delays in commercial transactions.
For issues related to the processing of personal data, as well as to exercise rights related to data processing, contact can be made:
Service Recipients and Potential Service Recipients
We process your data for the purpose of concluding and performing a contract (Art. 6(1)(b) GDPR) and – in selected situations – for the purpose of pursuing legitimate interests (Art. 6(1)(f) GDPR), such as negotiating terms of cooperation, establishing, pursuing or defending claims. Your data may also be processed to fulfil our legal obligations (Art. 6(1)(c) GDPR), for example, accounting, bookkeeping, and tax duties.
The processed data may include identification, contact, and address data as well as any information provided in connection with the cooperation or service provision.
We retain the data for at least 5 years from the end of the year in which the tax payment deadline expired, and longer if required for establishing, pursuing, or defending claims.
You have the right to access your data, rectify it, erase it, restrict processing, and object to processing. The exercise of these rights may be subject to certain conditions provided by law. You also have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.
Providing data is necessary to conclude and perform the contract, as well as to fulfil our legal obligations – refusal to provide data will make it impossible to achieve these purposes.
Your personal data is processed for contact purposes, identity verification, handling your rights, fulfilling legal and corporate obligations, and for establishing, pursuing, or defending potential claims (Art. 6(1)(c) and (f) GDPR).
The categories of processed data include, in particular but not limited to, identification data, contact details, address data, data concerning your status and entitlements, data related to fulfilling our legal obligations, as well as other personal data contained in documents, correspondence, or messages exchanged with us.
Personal data will be retained for the period necessary to achieve the specified purposes related to fulfilling legal obligations, your entitlements, providing information, and communications exchange. In cases where it becomes necessary to establish, pursue, or defend claims, data may be processed and retained for the legally required period.
You have the right to access your data, rectify it, erase it, restrict its processing, and object to its processing. The exercise of these rights may be subject to conditions specified by law. You also have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.
Providing data is necessary to ensure the fulfilment of the mentioned purposes related to legal obligations and your entitlements. Failure to provide data will make it impossible to perform these actions.
If you represent a natural or legal person, act on their behalf, or have been designated as a contact person, we process your personal data for the purpose of responding and exchanging information (Art. 6(1)(f) GDPR).
The categories of processed data include, in particular, identification data, contact details, as well as other personal data contained in documents, correspondence, or messages you exchange with us.
Personal data will be retained for the period related to the ongoing communication. In cases where it becomes necessary to establish, pursue, or defend claims, data may be processed and retained for the legally required period.
You have the right to access your data, rectify it, erase it, restrict processing, and object to processing. The exercise of these rights may be subject to conditions specified by law. You also have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.
When you browse our website, the server automatically records so-called logs, which include, among others, your IP address, the date and time of the page visit, the amount of data transferred, and your internet service provider. These data are used solely to ensure the proper functioning of the website and the security of our services. The processing of these data is based on our legitimate interests (Art. 6(1)(f) GDPR).
If you contact us via the general contact form on our website, your personal data will be processed for purposes related to the provision of the service or in order to take actions prior to entering into a contract, or to present an offer (Art. 6(1)(b) GDPR), as well as to respond to your inquiry, including the presentation of our offered services (Art. 6(1)(f) GDPR). The data processed may include identification data, contact details, and any information provided in the form.
These data will be retained for the period necessary to achieve the indicated purposes. They may also be stored for a longer period where necessary for establishing, pursuing, or defending potential claims.
You have the right to access your data, rectify it, erase it, restrict processing, and object to processing. The exercise of these rights may be subject to certain conditions legally provided.
Furthermore, you have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.
We process the data of individuals interested in our job or cooperation offers for the purposes related to conducting recruitment processes or establishing cooperation.
In the case of recruitment relating to employment under labour law, your personal data within the scope specified by labour law (Article 22¹ of the Labour Code of 26 June 1974 and the Regulation of the Minister of Family, Labour and Social Policy of 10 December 2018 on employee documentation) will be processed for the purpose of recruitment proceedings (Article 22¹ § 1 points 4-6 of the Labour Code in connection with Article 6(1)(b) GDPR). Provision of other data not specified by labour law will be treated as consent to process such data (Article 6(1)(a) GDPR, and in the case of special categories of personal data – Article 9(2)(a) GDPR). We may also process your personal data in future recruitment processes if you give your appropriate consent (Article 6(1)(a) GDPR).
In the case of establishing cooperation under civil law provisions, your personal data will be processed for the purpose of this cooperation (Article 6(1)(b) GDPR).
During both processes, your personal data may also be processed based on our legitimate interests, including but not limited to verification of the information you provide, your references, your qualifications, as well as negotiation of working or cooperation conditions (Article 6(1)(f) GDPR).
Please note that you may withdraw your consent to the processing of personal data at any time, without affecting the lawfulness of processing carried out before the withdrawal.
The categories of processed data include identification data, contact details, education, professional qualifications, employment history, company (in the case of sole proprietors), as well as other data provided in application documents.
Data will be retained for the duration of the relevant process unless you consent to further storage for recruitment or cooperation processes conducted by us in the future.
You have the right to withdraw consent at any time (without affecting the lawfulness of processing before the withdrawal), as well as the right to access your data, rectify it, restrict processing, and object to processing. The exercise of these rights may be subject to conditions specified by law.
Furthermore, you have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.
Provision of personal data in the recruitment process under labour law within the scope specified in Article 22¹ of the Labour Code is necessary to participate in recruitment proceedings. Refusal to provide data in this context will prevent the recruitment process and, consequently, employment.
Provision of personal data in the cooperation process under civil law provisions is necessary to conclude and perform the contract. Refusal to provide data in this context will prevent the establishment of cooperation.
If you are a supplier of products or services to our company, we process your personal data for the purpose of concluding and performing a contract (Article 6(1)(b) GDPR). In certain situations, processing is also based on our legitimate interests (Article 6(1)(f) GDPR), such as establishing, pursuing, or defending claims. Your data may also be processed to fulfil our legal obligations (Article 6(1)(c) GDPR), for example accounting, bookkeeping, and tax duties.
The categories of processed data include identification data, contact details, address data, as well as any other data related to the contract between us and its performance.
We retain the data for at least 5 years from the end of the calendar year in which the tax payment deadline expired, unless the law provides for a longer retention period, especially regarding establishing, pursuing, or defending claims.
You have the right to access your data, rectify it, restrict processing, and object to processing. The exercise of these rights may be subject to conditions provided by law.
You also have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.
Providing data is necessary to conclude and perform the contract, as well as to fulfil our legal obligations – refusal to provide data will make it impossible to achieve these purposes.
Your personal data is processed in connection with our company’s management of social media profiles, such as LinkedIn. The processing is based on our legitimate interests, which include communication, promotion of our services, relationship building, delivering valuable content, interaction with recipients, and developing our market presence (Article 6(1)(f) GDPR).
The data processed may include identification data, contact details, and information you provide through interactions on social media profiles, e.g., direct messages sent to us via external social media platforms.
Data will be retained for the period necessary to achieve the indicated purposes and according to the social media platforms’ policies.
You have the right to access your data, rectify it, erase it, restrict its processing, and object to the processing of your data. The exercise of these rights may be subject to conditions set out by law and the policies of social media platforms.
You also have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.
We may also process your personal data during conferences, industry events, and networking meetings where information exchange and relationship building take place (Articles 6(1)(b) and (f) GDPR).
These data include, in particular, identification data, contact details, information on business cards, as well as other data provided to us by you during events (conferences, meetings).
The data are processed for contact purposes, for information exchange, establishing cooperation, and for marketing and promotional purposes of our company.
Data retention is for the period necessary to achieve the stated purposes. The period of personal data storage may be extended based on legal provisions if necessary for establishing, pursuing, or defending claims.
You have the right to access your data, rectify it, erase it, restrict processing, and object to the processing of your data. The exercise of these rights may be subject to specific conditions provided under the law.
You also have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.
Providing data may, in certain cases, be necessary to conclude and perform a contract. Refusal to provide data will make it impossible to achieve this purpose.
In connection with the processing of your personal data by us, you have certain rights. These rights may be limited in some situations, for example, when we can demonstrate that we are legally obliged to process your data.
If you wish to exercise your rights, you may contact us through our data protection contact point.
If you have given consent to the processing of personal data, you have the right to withdraw this consent at any time (Art. 7(3) GDPR). Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You are entitled to receive confirmation as to whether or not we are processing your personal data, and if so, to access your data, including information about, among other things, the purposes of processing and recipients of personal data (Art. 15 GDPR).
You have the right to request the correction of your personal data due to inaccuracy or incompleteness (Art. 16 GDPR).
In certain cases, you have the right to request deletion of your personal data (Art. 17 GDPR). If your data has been made public, we will take reasonable steps to inform other controllers processing your data about your request.
You may request restriction of processing if you contest the accuracy of the data, if the processing is unlawful, if we no longer need your data for processing purposes, or if you have objected to processing (Art. 18 GDPR).
You may request the transfer of personal data stored in a commonly used, machine-readable standard format (Art. 20 GDPR). If your goal is to transfer them to another controller, we will send the file containing your personal data directly to that controller.
You may request that we cease processing your personal data by lodging an objection (Art. 21 GDPR). It will be justified if you demonstrate that our lawful actions infringe your interests, rights, or freedoms.
If you believe that your rights have been violated by our data processing activities, you may lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (Art. 77 GDPR).
Most of the data we process are the information you provide to us voluntarily. However, in certain situations, we may process personal data obtained indirectly, for example, inferred from other information provided by you. This means that some data may result from the analysis or compilation of information already shared with us.
Personal data may also come from publicly available sources, such as public registers (e.g., Polish National Court Register, CEIDG), business information databases, or publicly accessible internet portals.
Additionally, we may receive personal data from third parties when necessary for the performance of concluded contracts, provision of services, or compliance with our legal obligations.
Your personal data may be disclosed to various categories of recipients, depending on the purpose of processing and organisational needs:
In certain cases, we may also disclose data to public authorities. However, pursuant to Article 4(9) GDPR, public authorities that may receive personal data in the course of specific proceedings according to Union or Member State law are not formally regarded as recipients.
As a rule, your personal data will not be transferred to countries outside the European Economic Area (EEA), where the law may not provide the same level of protection of your data.
However, if as part of processing your personal data are transferred to recipients in third countries (outside the EEA), e.g., in the United States, such data transfers may take place on the basis of:
Our website uses cookies.
Cookies are small pieces of information stored on the user’s end device (desktop computer, laptop, tablet, smartphone) through the web browser. They are important because they allow our website’s server to recognise a specific device during subsequent visits. This information generally does not constitute personal data but may be used to provide certain functions, such as:
Cookies are secured and encrypted in a way that prevents access by unauthorised persons. Default web browser settings allow automatic saving of cookies on users’ devices. Such settings are considered as consent to data processing in accordance with Article 399 of the Act of 12 July 2024 – Electronic Communications Law and Article 6(1)(a) GDPR.
Each user can adjust browser settings to block automatic acceptance of cookies or to receive information about their transmission. Detailed information on managing cookies can be found in the documentation and settings of the respective web browser.
Please note that limiting or blocking cookies may affect the functionality of the website and, in some cases, prevent full use of its content and services.
Furthermore, we use cookies to monitor user activity on our website (e.g., number of visits, navigation paths) through analytical tools provided by Google LLC (Google Analytics). Detailed information about Google’s use of cookies can be found here: How Google uses cookies – Privacy & Terms – Google.
We reserve the right to make changes to this privacy policy at any time, particularly in connection with the need to adapt it to applicable laws, changing regulatory requirements, and updates to privacy standards.
We encourage you to regularly review the current version of the privacy policy to stay informed of any changes.
Continued use of our services after modifications have been made will signify acceptance of the updated policy provisions.
