Privacy policy - information on the principles of personal data processing

The Controller of your personal data is the Ornsson Solutions Sp. z o.o. company seated in Warsaw at the address ul. Wiejska 17 (00-480 Warszawa) entered into the Entrepreneur Register of the National Court Register (KRS) kept by the District Court for the capital city of Warsaw, Commercial Division, under KRS number 0000785220 using the following NIP tax identification number: 701 092 44 94 (hereinafter referred to as the Controller).

The Controller has appointed the personal data protection inspector, and the Controller or the inspector can be contacted via the following e-mail address: [email protected].

The Controller directs this information (hereinafter referred as the Policy) to all the natural persons encompassed by the Controller’s activity related to functioning of the Website, as well as to addresses listed below, in relation to the necessity to fulfil the obligations specified in Article 13 Paragraphs 1 and 2, and Article 14 Paragraphs 1 and 2 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as GDPR).

It is indicated that the addresses of the further sections of this information are mainly:

1. persons browsing and visiting the Website and persons using the Contact option,
2. persons interested in cooperating with the Controller,
3. other business partners, i.e. entities providing services to the Controller,
4. clients of the Controller.

With regard to legal persons of sole proprietorships, referred to, among others, in Section 1 Paragraph 4 Letters b, c, and d of the Policy, the above described catalogue refers mainly to employees, collaborators, and representatives of entities providing personal data to the Controller.

Purpose and legal grounds for processing activities performed on your personal data:

1. purpose of processing: ensuring the possibility of using the Website, learning its content, and contacting the Controller,
2. legal grounds for the processing activities: carrying out actions aiming at concluding a contract on your initiative (Article 6 Paragraph 1 Letter b of GDPR) and the legally justified interest of the Controller (Article 6 Paragraph 1 Letter f of GDPR), which should be understood as the actions related to functioning and maintenance of the Website, promotion of the Controller’s activity defined in their articles of association, and presumptive defence of the Controller’s claims.

Origin of your data: we assume that the data comes directly from you (applicable to IP address, among others). We may also receive your data from the entity that you represent.

Recipients of your personal data: your personal data may be provided to other entities, i.e.:

1. separate controllers: legal counsel,
2. processing entities: administration service provider, hosting service provider, Website maintenance service provider, and other processing entities supporting the Controller in the field of IT.

According to the declaration received from the hosting service provider, we inform you that we do not transfer your personal data beyond the European Economic Area and that your personal data is stored on servers located within the European Union. In the event of presumptive initiation of cooperation, your personal data may be transferred beyond the European Economic Area in relation to the fact of our use of specific IT tools. The transfer is secured by the so-called standard contractual clauses. If you are interested in detailed information on data transfer, contact us using the following e-mail address: [email protected].

We process a minimal catalogue of your personal data. In many cases, your personal data is processed for statistical purposes and generally it does not make it possible for the Controller to identify you. Additionally, we indicate that we process your personal data in line with the scope indicated in contact forms.

The data storage period depends on the following criteria:

1. protection period for claims of the Controller and persons interested in your announcement, i.e. the basis period is 6 days from the date on which the claim became due and payable.

The catalogue of your rights in relation to personal data processing is listed below:

1. right to access data,
2. right to rectify data,
3. right to remove data,
4. right to limit the processing,
5. right to transfer data,
6. right to object,
7. right to lodge a complaint to the supervisory body, i.e. President of the Personal Data Protection Office, in relation to the processing.

We require you to provide the personal data indispensable for using the functions of the Website. In many cases, we do not assume collection of your personal data, and if such processing takes place, it results from your action.

Purpose and legal grounds for processing activities performed on your personal data:

1. purpose of processing: ensuring the possibility of initiating cooperation between the instructors and the Controller,
2. legal grounds for the processing activities: carrying out actions aiming at concluding a contract on your initiative (Article 6 Paragraph 1 Letter b of GDPR), and the legally justified interest of the Controller (Article 6 Paragraph 1 Letter f of GDPR), which should be understood as the actions related to functioning and maintenance of the Website, promotion of the Controller’s activity defined in their articles of association, and presumptive defence of the Controller’s claims.

Origin of your data: we assume that the data comes directly from you (applicable to IP address, among others). We may also receive your data from the entity that you represent.

Recipients of your personal data: your personal data may be provided to other entities, i.e.:

1. separate controllers: legal counsel,
2. processing entities: administration service provider, hosting service provider, Website maintenance service provider, and other processing entities supporting the Controller in the field of IT.

According to the declaration received from the hosting service provider, we inform you that we do not transfer your personal data beyond the European Economic Area and that your personal data is stored on servers located within the European Union. In the event of presumptive initiation of cooperation, your personal data may be transferred beyond the European Economic Area in relation to the fact of our use of specific IT tools. The transfer is secured by the so-called standard contractual clauses. If you are interested in detailed information on data transfer, contact us using the following e-mail address: [email protected].

We process a minimal catalogue of your personal data. We indicate that we process your personal data in line with the scope indicated in contact forms. In certain specific cases we can extended this data to include the catalogue of data published within the framework of the publicly accessible registers in order to verify your offer.

The data storage period depends on the following criteria:

1. protection period for claims of the Controller and persons interested in your announcement, i.e. the basis period is 6 days from the date on which the claim became due and payable.

The catalogue of your rights in relation to personal data processing is listed below:

1. right to access data,
2. right to rectify data,
3. right to remove data,
4. right to limit the processing,
5. right to transfer data,
6. right to object,
7. right to lodge a complaint to the supervisory body, i.e. President of the Personal Data Protection Office, in relation to the processing.

We require you to provide the personal data indispensable for using the functions of the Website and contracting the Controller.

Purpose and legal grounds for processing activities performed on your personal data:

1. purpose of processing: contract implementation,
2. legal grounds for the processing activities: implementation of a contract to which your are a party or carrying out actions prior to concluding such a contract on your initiative (Article 6 Paragraph 1 Letter b of GDPR), and the legally justified interest of the Controller (Article 6 Paragraph 1 Letter f of GDPR), which should be understood as the actions related to performance of activity defined in articles of association, functioning and maintenance of the Website, presumptive protection of the Controller’s claims, and the legal obligation encumbering the Controller in the form of the necessity to perform certain accounting activities (Article 6 Paragraph 1 Letter c) of GDPR.

Origin of your data: we assume that you provided the data to the Controller in person. In any other case, your data comes from your employer or some other entity that you represent.

Recipients of your personal data: your personal data may be provided to other entities, i.e.:

1. separate controllers: postal service operator, bank, Controller’s clients, and presumptive law firms that might support the Controller,
2. processing entities: administration service provider, accounting service provider, hosting service provider, Website maintenance service provider, and entities providing IT support, including provision of IT tools.

According to the declaration received from the hosting service provider, we inform you that we do not transfer your personal data beyond the European Economic Area and that your personal data is stored on servers located within the European Union. In the event of presumptive initiation of cooperation, your personal data may be transferred beyond the European Economic Area in relation to the fact of our use of specific IT tools. The transfer is secured by the so-called standard contractual clauses. If you are interested in detail information on data transfer, contact us using the following e-mail address: [email protected].

We process the catalogue of your personal data to the extent necessary to implement the contract.

The data storage period depends on the following criteria:

1. period of validity of the contract referring to content publication and the period required for performance of legal obligations, i.e. the basis period of 5 years starting from the end of the year following immediately the financial year in which a given transaction was finally completed or settled,
2. protection period for claims of the Controller and persons interested in your announcement, i.e. the basis period is 6 days from the date on which the claim became due and payable.

The catalogue of your rights in relation to personal data processing is listed below:

1. right to access data,
2. right to rectify data,
3. right to remove data,
4. right to limit the processing,
5. right to transfer data,
6. right to object,
7. right to lodge a complaint to the supervisory body, i.e. President of the Personal Data Protection Office, in relation to the processing.

We require you to provide the personal data indispensable for concluding the contract.

Purpose and legal grounds for processing activities performed on your personal data:

1. purpose of processing: contract implementation,
2. legal grounds for the processing activities: implementation of a contract to which your are a party or carrying out actions prior to concluding such a contract on your initiative (Article 6 Paragraph 1 Letter b of GDPR), and the legally justified interest of the Controller (Article 6 Paragraph 1 Letter f of GDPR), which should be understood as the actions related to performance of activity defined in articles of association, functioning and maintenance of the Website, presumptive protection of the Controller’s claims, and the legal obligation encumbering the Controller in the form of the necessity to perform certain accounting activities (Article 6 Paragraph 1 Letter c) of GDPR.

Origin of your data: we assume that you provided the data to the Controller in person. In any other case, your data comes from your employer or some other entity that you represent.

Recipients of your personal data: your personal data may be provided to other entities, i.e.:

1. separate controllers: postal service operator, bank, presumptive law firms that might support the Controller, and other business partners of the Controller employed for the purposes of implementing the contract.
2. processing entities: administration service provider, accounting service provider, hosting service provider, Website maintenance service provider, and entities providing IT support, including provision of IT tools, instructors providing services in aid of the Controller’s clients, and other business partners of the Controller employed for the purposes of implementing the contract.

According to the declaration received from the hosting service provider, we inform you that we do not transfer your personal data beyond the European Economic Area and that your personal data is stored on servers located within the European Union. In the event of presumptive initiation of cooperation, your personal data may be transferred beyond the European Economic Area in relation to the fact of our use of specific IT tools. The transfer is secured by the so-called standard contractual clauses. If you are interested in detail information on data transfer, contact us using the following e-mail address: [email protected].

We process the catalogue of your personal data to the extent necessary to implement the contract.

The data storage period depends on the following criteria:

1. period of validity of the contract referring to content publication and the period required for performance of legal obligations, i.e. the basis period of 5 years starting from the end of the year following immediately the financial year in which a given transaction was finally completed or settled,
2. protection period for claims of the Controller and persons interested in your announcement, i.e. the basis period is 6 days from the date on which the claim became due and payable.

The catalogue of your rights in relation to personal data processing is listed below:

1. right to access data,
2. right to rectify data,
3. right to remove data,
4. right to limit the processing,
5. right to transfer data,
6. right to object,
7. right to lodge a complaint to the supervisory body, i.e. President of the Personal Data Protection Office, in relation to the processing.

We require you to provide the personal data indispensable for concluding the contract.

Within the scope in which it refers to Cookie files, the processing of personal data of all the above described categories of entities takes place on the basis of consent and/or legally justified interest of the personal data controller.

In relation to the necessity of correct functioning of the Website, the Controller uses Cookie files. In many cases, the Cookie files are adjusted individually to your needs.

Using the Service without introducing changes to settings regarding Cookie files means acceptance for saving Cookies on your end device. We underline that you can make changes to setting regarding Cookie files in your web browser at any moment.

Cookie files, including session Cookies, may also provide the Controller with information about your end device and the version of the web browser that you use. These functions are required for us to ensure proper display of the website content.

Cookies are short text files, the decisive majority of which does not make it possible for the Controller to identify a natural person.