As part of the services provided to clients, generally we do not decide about the purposes and methods of personal data processing or do not process personal data.
“Personal data” is information that concerns living individuals (including individuals conducting business activity based on the entry into the Central Register and Information on Economic Activity) and allows identifying such individuals directly or indirectly (including by linking these individuals’ data with other data held). Examples of personal data types are: first name, last name, home address, e-mail address, PESEL number or location data. Data on corporations, organizational units without legal personality (including contact details of such entities) or deceased individuals, are not personal data.
In case of deciding about the purposes and methods of personal data processing or processing personal data by us as part of our services or for our own activities, we meet the requirements of Regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation), so-called “GDPR”. This means that any personal data will always be processed by us as a personal data administrator or as a processor of personal data (so-called “processor”) and in compliance with obligations that the GDPR imposes on each of these roles.
If we provide services to customers electronically (“Electronic Services”), documents related to such services (primarily the regulations for the provision of electronic services) contain detailed provisions as to whether and how personal data are processed in connection with specific Electronic Services. Below, we present the general principles and requirements of GDPR related to the processing of personal data, which we use (“General Principles”). If you use any of the Electronic Services and the General Rules are contrary to the principles of personal data processing in the Electronic Services you use – priority is always given to the rules set out for your Electronic Service.
We maintain a website at https://www.immusec.com, in Polish and English language versions.
Our website is operated using secure technologies, such as the https protocol, which provides encryption of data sent between the device, from which you visit our website, and the server where our website is located.
In certain situations it is possible that individuals visiting our website will provide us with their personal details. This applies to the following situations:
– filling out the contact form (“Contact Form”);
– submitting an inquiry via the contact form (“Inquiry”);
– sending us your CV in response to a job offer or to register in our CV database (“Curriculum Vitae”).
In the event that personal data is provided to us and we decide about the purposes and methods of its processing, the personal data administrator is: Grant Thornton technology (former IMMUSEC Sp. z o.o.), with its registered office in Warsaw, operating at ul. Chłodna 52, 00-872 Warsaw, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, under KRS number 0000360418, NIP: 9512317130, REGON: 142487704.
The administrator of personal data can be contacted at the address indicated in paragraph 1 above, as well as by sending a contact form, located in the “contact” tab on our website or by sending an e-mail to: firstname.lastname@example.org.
Hereby we provide information required by the GPRD regarding the situation when we are the administrator of personal data:
|Lp.||Processing operation||Purpose of personal data processing||Legal basis for the processing of personal data||The period of storage of personal data|
|1.||Contact Form||making a contact to reply to your message||depending on the situation:
a) performance of the contract to which you are a party (if you already have a contract with us and you are contacting us via the Contact Form) or taking action on your request, before concluding the contract (when the potential goal of the contact may be the conclusion of a contract between us)
– art. 6 par. 1 letter b) GDPR
b) the legitimate interest of the administrator
– art. 6 par. 1 letter f) GDPR
the legitimate interest lies in the possibility of acquiring new customers or building a positive image of our brand
|3 years from the date of sending a message via the Contact Form
|2.||Inquiry||providing you with our commercial offer, for your express order, related to specific services provided by us||take action at your request, before concluding the contract
– art. 6 par. 1 letter b) GDPR
|3 years from the date of sending an Inquiry, or 5 years in the case when submitting an Inquiry will result in a contract between you and us|
|3.||Curriculum vitae||conducting the recruitment process for a specific position or using your CV for the future recruitments||the legitimate interest of the administrator
– art. 6 par. 1 letter f) GDPR
the legitimate interest lies in the search for new employees
|up to 1 year from the date of sending your CV to us|
Providing personal data in connection with the above situations is not a requirement under the law or a condition for entering into any contract with us. However, refusal to provide personal data in the above situations will result in the fact that we will not be able to meet the above-mentioned purposes of processing to individuals.
According to the GDPR, if we are the administrator of your personal data, you have the following rights:
We never use automatic decision-making for individuals (including this based on profiling).
On our website there are links to other websites, for example social networks and our business partners.
Remember that by clicking on such a link, you go to another website managed by another entity, that may present a different approach to personal data protection and privacy than ours.