Privacy Policy

Dear All,

in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the European Parliament and of the Council of 27 April 2016, p. UE L 119 of 04.05.2016, p. 1) (hereinafter: GDPR), as part of this Privacy Policy, we provide information on the details of the processing of personal data in connection with the processing activities that take place within the website: //ornsson.com/pl (hereinafter: Website), as well as within the framework of our business activities.

For the sake of greater accessibility of this document, we have allowed ourselves direct expressions in its further parts.

If you have any further questions about how we use your personal information, please do not hesitate to write to us at the following email address: [email protected]

Table of contents

General information

Personal data controller

Data Protection Officer and Contact Point

Person visiting our Website

Person using the contact form

Customer or their representative/contact person

Potential customer or their representative/contact person

Provider of the service or goods

Job candidate taking part in our recruitment processes

Person interested in receiving the newsletter

Person visiting our social media profiles (Facebook and LinkedIn)

Rights of the data subject

Automated decision-making, including profiling

General information

We process your personal data as:

Person visiting our Website,
Person using the contact form,
Customer or their representative/contact person,
Potential customer or their representative/contact person,
Provider of the service or goods or their representative/contact person,
Job candidate taking part in our recruitment processes,
Person interested in receiving the newsletter,
Person visiting our social media profiles (Facebook and LinkedIn).

In addition, as part of the last section of the Privacy Policy, we have described the rules for the use of cookies and other technologies on our Website – for more information, see the Cookies section .

Personal data controller

The controller of personal data is Ornsson Solutions sp. z o.o., with its registered office at 17/3 Wiejska Street, 00-480 Warsaw, entered into the Register of Entrepreneurs kept under KRS number: 0000785220, NIP: 7010924494, REGON: 38333788900000 (hereinafter: Controller).

Data Protection Officer and Contact Point

The Controller has appointed a personal data protection officer who can be contacted (if you have any questions regarding the processing of personal data and your rights) via:

e-mail inbox [email protected] or
by post to the following address: 17/3 Wiejska Street, 00-480 Warsaw.

Person visiting our Website

Purposes of processing

We process your personal data in order to enable you to use the functionalities of the Website, to develop statistics related to the use of individual functionalities of the Website, to adapt the content of the Website in accordance with your preferences and for marketing purposes, to ensure the IT security of the Website and to establish, pursue and defend against claims for damage caused by unlawful use of the Website.

We use cookies and other technologies for this purpose – see Cookies section for more information.

Legal basis for processing

Your personal data is processed on the following legal bases:

Your consent (Article 6(1)(a) of the GDPR) in the case of cookies and other technologies that are not necessary for the proper use and functioning of the Website, and are used to develop statistics related to the use of individual functionalities of the Website or to adapt the content of the Website in accordance with your preferences and for marketing purposes (cookies and other technologies related to the following areas: preferences, statistics, marketing),
The processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR) – where the legitimate interest consists in enabling you to use the functionalities of the Website and ensuring the IT security of the Website, as well as in establishing, pursuing and defending against claims for damage caused by unlawful use of the Website.

Recipients of personal data

We share your personal data with suppliers:

IT software,
Hosting services,
IT support and services,
Services ensuring the security of the Website,
Legal advisory services.

In cases provided for by law, we may also make your personal data available to authorized state authorities, in particular the prosecutor’s office or the police.

Transfer of personal data outside the EEA

Personal data, as a rule, will not be transferred outside the European Economic Area or made available to international organizations. However, some of our IT solution providers are based outside the European Economic Area. As a result, personal data is transferred outside the EEA.

However, if the Controller uses IT solution providers from outside the EEA, the transfer of personal data outside the EEA is based on a decision of the European Commission stating an adequate level of protection of personal data or, in the absence of an applicable decision, on the basis of standard contractual clauses adopted by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries Regulation (EU) 2016/679 of the European Parliament and of the Council.

A copy of the standard contractual clauses and the transfer security measures used can be obtained from the Controller via the following e-mail address: [email protected].

Period of storage of personal data

We process your personal data for no longer than 3 years from the date you stop using the Website.

Obligation to provide data

Providing your personal data is a condition for the correct use of the Website’s functionalities and ensuring the IT security of the Website. In the case of cookies and other technologies that are not necessary for the proper use and functioning of the Website, providing your personal data is voluntary.

Person using the contact form

Purposes of processing

We process your personal data in order to consider and handle the matter described by you in the contact form and to answer your questions.

Legal basis for processing

Your personal data is processed on the following legal bases:

Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (applies to contracts where our customers are natural persons) (Article 6(1)(b) of the GDPR),
The processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR) – where the legitimate interest consists in considering and handling the matter described by you in the contact form and answering the questions asked by you.

Recipients of personal data

We share your personal data with suppliers:

IT software,
Hosting services,
E-mail services,
IT support and services,
Website security services.

In cases provided for by law, we may also make your personal data available to authorized state authorities, in particular the prosecutor’s office or the police.

Transfer of personal data outside the EEA

A copy of the standard contractual clauses and the transfer security measures used can be obtained from the Controller via the following e-mail address: [email protected].

Period of storage of personal data

We process your personal data until the matter described by you in the contact form is considered and resolved and the questions asked by you are answered, no longer than for 3 years from sending the message via the contact form.

Obligation to provide data

Providing your personal data is voluntary, but a condition for the correct use of the Website’s functionalities, i.e. sending a contact form to the Controller, as well as considering and handling the matter/receiving answers to your questions.

Customer or their representative/contact person

Purposes of processing

We process your personal data for the purpose of: concluding and performing a contract and providing services, performing legal obligations under tax and accounting law, debt collection and establishing, investigating or defending against claims resulting from non-performance or improper performance of a contract.

Legal basis for processing

Your personal data is processed on the following legal bases:

Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (applies to contracts where our customers are natural persons) (Article 6(1)(b) of the GDPR),
The processing is necessary to comply with a legal obligation resulting from the provisions of tax and accounting law and to which the Controller is subject (Article 6(1)(c) of the GDPR),
The processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR) – where the legitimate interest consists in the establishment and performance of a contract, the provision of services to customers who act through their representatives/proxies and contact persons, the collection of contractual debts and the pursuit or defence against claims arising from non-performance or improper performance of the contract.

Source of data and categories of personal data

If we have not obtained the data directly from you, it means that the source of your personal data is your employer or the entity you represent as a representative/contact person. We then process the following personal data: name and surname, business e-mail address and telephone number, as well as place of work and name of the position held.

Recipients of personal data

We share your personal data with suppliers:

IT software,
Hosting services,
E-mail services,
IT support and services,
Accounting and bookkeeping services,
Postal and courier services,
Banking services,
Legal advisory services.

In cases provided for by law, we may also make your personal data available to authorized state authorities, in particular the prosecutor’s office or the police.

Transfer of personal data outside the EEA

A copy of the standard contractual clauses and the transfer security measures used can be obtained from the Controller via the following e-mail address: [email protected].

Period of storage of personal data

In principle, we process your personal data for no longer than 3 years from the date of expiry or termination of the contract, however, in certain cases we may process your personal data for purposes related to the fulfilment of tax and accounting obligations.

Obligation to provide data

If you are the source of your data, then providing your personal data is a condition for concluding a contract and proper provision of services, as well as correct settlement of services provided by us.

Potential customer or their representative/contact person

Purposes of processing

We process your personal data in order to establish business contacts with potential customers and respond to their inquiries and present our services, as well as to establish, pursue or defend against claims.

Legal basis for processing

Your personal data is processed on the following legal bases:

Processing is necessary to take action at the request of the data subject prior to the conclusion of the contract (applies to contracts whose potential customers are natural persons) (Article 6(1)(b) of the GDPR),
Processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR) – where the legitimate interest consists in acquiring new customers who act through their representatives/proxies and contact persons, and responding to received inquiries and presenting our services, as well as establishing, pursuing or defending against claims.

Source of data and categories of personal data

Recipients of personal data

We share your personal data with suppliers:

IT software,
Hosting services,
E-mail services,
IT support and services,
Postal and courier services,
Legal advisory services.

In cases provided for by law, we may also make your personal data available to authorized state authorities, in particular the prosecutor’s office or the police.

Transfer of personal data outside the EEA

A copy of the standard contractual clauses and the transfer security measures used can be obtained from the Controller via the following e-mail address: [email protected].

Period of storage of personal data

In principle, we process your personal data for no longer than 3 years from the date of termination of contact.

Obligation to provide data

If you are the source of your data, providing your personal data is voluntary, but required to respond to your inquiry and to present our services.

Provider of the service or goods

Purposes of processing

We process your personal data for the purpose of: concluding and performing a contract, performing legal obligations resulting from the provisions of tax and accounting law, establishing, pursuing or defending against claims resulting from non-performance or improper performance of a contract.

Legal basis for processing

Your personal data is processed on the following legal bases:

Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to the conclusion of a contract (applies to contracts whose suppliers of services and goods are natural persons) (Article 6(1)(b) of the GDPR),
Processing is necessary to comply with a legal obligation resulting from the provisions of tax and accounting law to which the Controller is subject (Article 6(1)(c) of the GDPR),
Processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR) – where the legitimate interest consists in entering into and performing a contract with suppliers of services and goods who act through their representatives/proxies and contact persons, and in pursuing or defending against claims resulting from non-performance or improper performance of the contract.

Source of data and categories of personal data

Recipients of personal data

We share your personal data with service providers:

IT software,
Hosting services,
E-mail services,
IT support and services,
Accounting and bookkeeping services,
Postal and courier services,
Legal advisory services.

In cases provided for by law, we may also make your personal data available to authorized state authorities, in particular the prosecutor’s office or the police.

Transfer of personal data outside the EEA

A copy of the standard contractual clauses and the transfer security measures used can be obtained from the Controller via the following e-mail address: [email protected].

Period of storage of personal data

Obligation to provide data

If you are the source of your data, providing your personal data is a condition for concluding a contract and proper provision of services, as well as correct settlement of the services provided.

Job candidate taking part in our recruitment processes

Purposes of processing

We process your personal data in order to carry out the recruitment process for a position in our organization, as well as to join the database of job candidates in order to participate in future recruitment processes (if you have given your consent to it).

Legal basis for processing

Your personal data is processed on the following legal bases:

Your consent (Article 6(1)(a) of the GDPR) in the case of providing redundant data that is not necessary to carry out the recruitment process for a position in our organization (data exceeding the personal data indicated in Article 22¹ of the Labor Code), as well as joining the database of job candidates in order to participate in future recruitment processes,
Processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract (applies to civil law contracts) (Article 6(1)(b) of the GDPR),
Processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR) resulting from the provisions of the labour law (Article 22¹ of the Labour Code),
Your consent (Article 9(2)(a) of the GDPR) in relation to special categories of personal data (including data on health or disability).

Recipients of personal data

We share your personal data with suppliers:

IT software,
Hosting services,
E-mail services,
IT support and services,
Postal and courier services.

In cases provided for by law, we may also make your personal data available to authorized state authorities, in particular the prosecutor’s office or the police.

Transfer of personal data outside the EEA

A copy of the standard contractual clauses and the transfer security measures used can be obtained from the Controller via the following e-mail address: [email protected].

Period of storage of personal data

We process your personal data generally until the end of the recruitment process for a position in our organization. If you have agreed to join the database of job candidates in order to participate in future recruitment processes, we process your data for 2[ŁJ4] years from the date of consent or until you withdraw your consent. [ŁJ5]

Obligation to provide data

Providing your personal data necessary to participate in the recruitment process (i.e. those referred to in Article 22¹ of the Labour Code) is necessary to participate in the recruitment process. Refusal to provide data may result in the omission of the candidacy. Providing other personal data, not indicated in Article 22¹ of the Labour Code, is voluntary and does not affect the recruitment process.

Person interested in receiving the newsletter

Purposes of processing

We process your personal data in order to send you a newsletter (materials containing commercial information about the services we provide).

Legal basis for processing

Your personal data is processed on the following legal bases:

Your consent (Article 6(1)(a) of the GDPR in connection with the provisions of the Electronic Communications Law) to send the newsletter to the e-mail address provided by you.

Recipients of personal data

We share your personal data with suppliers:

IT software,
Hosting services,
E-mail services,
Support and IT services.

In cases provided for by law, we may also make your personal data available to authorized state authorities, in particular the prosecutor’s office or the police.

Transfer of personal data outside the EEA

A copy of the standard contractual clauses and the transfer security measures used can be obtained from the Controller via the following e-mail address: [email protected].

Period of storage of personal data

We process your personal data for 2 years from the date of sending us the form related to subscribing to the newsletter, unless you resign from receiving the newsletter earlier.

Obligation to provide data

Providing your personal data is voluntary, but necessary for us to send you the newsletter.

Person visiting our social media profiles (Facebook and LinkedIn)

Purposes of processing

We process your personal data in order to manage our social media profiles, including to ensure the order of discussion participants on our profiles, to correspond with you in relation to the matters you ask us about, to market our services, to compile statistics and to analyse the activity of users of our profiles, including to collect data on the number of likes, comments and shares on our profile or content posted on it.

Legal basis for processing

Your personal data is processed on the following legal bases:

The processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR) – where the legitimate interest consists in managing our social media profiles, including to ensure the order of participants in discussions on our profiles, to correspond with you related to the topics you ask us about (questions about our projects), marketing and promotion of our services, statistics and analysis of the activity of users of our profiles, including the collection of data on the number of likes, comments and shares of our profile or content posted on it.

Recipients of personal data

We share your personal data with suppliers:

Social media,
E-mail services,
Support and IT services.

In cases provided for by law, we may also make your personal data available to authorized state authorities, in particular the prosecutor’s office or the police.

Transfer of personal data outside the EEA

A copy of the standard contractual clauses and the transfer security measures used can be obtained from the Controller via the following e-mail address: [email protected].

Period of storage of personal data

We process your personal data for the period of operation of our social media profiles, unless you object to the processing of your personal data, which will be taken into account.

Obligation to provide data

Providing your personal data is voluntary, but necessary to conduct correspondence with you related to the matters you ask us to address (questions about our projects) and if you are active: liking, commenting and sharing our profile or content posted on it.

Additional information

The controllers of personal data are also the social media providers under which we run our profiles:

Facebook – Meta Platform Ireland Limited, which processes your personal data on the terms set out in its Privacy Policy and the Terms and Conditions (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0).
LinkedIn – LinkedIn Ireland Unlimited Company, which processes your personal data on the terms set out in its Privacy Policy and the Terms and Conditions indicated by it (https://pl.linkedin.com/legal/privacy-policy?).

As mentioned above, we process your personal data on the activity on our profiles for the purpose of statistics and analysis. In this respect, there is joint control of your data between us and social media providers. You can find more information by clicking on the appropriate link:

Facebook – more information at the link: https://www.facebook.com/legal/terms/page_controller_addendum
LinkedIn – more information at: https://www.linkedin.com/help/linkedin/answer/a1338708

Rights of the data subject

Right to withdraw consent – Article 7 of the GDPR

You have the right to withdraw your consent if we process your personal data on the basis of consent. The withdrawal of consent only works for the future and does not affect the processing carried out by us in accordance with the law before its withdrawal.

Right of access – Article 15 of the GDPR

You have the right to obtain confirmation from the Controller as to whether your personal data is being processed. If this is the case, you are entitled to access them and the following information: the purposes of the processing, the categories of personal data processed, information about the recipients or categories of recipients, the planned period for which the personal data will be stored, and if this is not possible, the criteria for determining this period, information about your rights under the GDPR, any available information about the source of the personal data, information about automated decision-making, including profiling, information about appropriate safeguards in the event of transfer of personal data outside the EEA. In addition, you have the right to obtain a copy of the personal data subject to processing.

Right of rectification – Article 16 of the GDPR

You have the right to request the Controller to rectify your personal data that is incorrect. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by providing an additional statement.

Right to erasure (“right to be forgotten”) – Article 17 of the GDPR

You have the right to request the Controller to delete your personal data if one of the following circumstances occurs:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
you have withdrawn your consent on which the processing is based,
personal data has been processed unlawfully,
you have objected to the use of your data for marketing purposes,
you have objected to the processing of your data based on our legitimate interest and the objection has been found to be justified.

Right to restriction of processing – Article 18 of the GDPR

You have the right to request the Controller to restrict processing in the following cases:

you question the accuracy of the personal data – for a period allowing the controller to verify the correctness of this data,
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
the controller no longer needs the personal data for the purposes of processing, but you need them to establish, pursue or defend claims,
you have objected to the use of your data for purposes other than marketing purposes – until it is determined whether the legitimate grounds on the part of the controller override the grounds for the objection of the data subject.

Right to data portability – Article 20 of the GDPR

You have the right to receive your personal data that you have provided to the Controller in a structured, commonly used and machine-readable format and you have the right to transmit this personal data to another controller without hindrance from the Controller to whom the personal data has been provided, if the processing is based on your consent or on the basis of a contract and the processing is carried out by automated means. You have the right to request that the Controller send your personal data directly to another controller, if it is technically possible.

Right to object – Article 21 of the GDPR

You have the right to object at any time – on grounds relating to your particular situation – to the processing of personal data concerning you based on our legitimate interest.

If you have objected to the processing of your data for marketing purposes, we will stop processing it for these purposes. The same applies to objecting to the processing of your data for purposes other than marketing purposes, if the objection proves to be justified and we have no other legal basis for further processing of your personal data.

Right to lodge a complaint with a supervisory authority

Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if he or she considers that the processing of personal data concerning him or her infringes the GDPR.

In the case of Polish, the supervisory authority is the President of the Personal Data Protection Office (link: https://uodo.gov.pl/pl).

You can submit all requests via

e-mail inbox [email protected] or
by post to the following address: 17/3 Wiejska Street, 00-480 Warsaw.

Automated decision-making, including profiling

With regard to personal data, automated decision-making processes, including profiling, will not be carried out.

Cookies

General information

Cookies are small text files that can be used by websites to make the user experience more efficient.

Types of cookies

Division according to the management structure:

First-party cookies – files belonging to the visited website,
Third-party cookies.

Division by purpose

Essential cookies – these cookies contribute to the usability of a website by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Preference cookies – allow a website to remember information that changes the look or feel of the website, such as your preferred language or the region you are in.
Statistics cookies – help website owners understand how different users behave on the website by collecting and reporting anonymous information.
Marketing cookies – are used to track users on websites. The goal is to display ads that are relevant and interesting to individual users and thus more valuable to publishers and third-party advertisers.

Division by retention period

Session cookies – are deleted when you close your browser.
Persistent cookies – these are stored on the user’s computer and are not automatically deleted when the browser is closed.

Detailed information about cookies

File name	Management structure	Purpose	Retention period
abs_cookieConsent	Own	Necessary	1 year
abs_cookiePolicyOff	Own	Necessary	1 year
JSESSIONID	Own	Necessary	expires at the end of the session
PHPSESSID	Own	Necessary	expires at the end of the session
X-CSRF-TOKEN	Own	Necessary	expires at the end of the session
_Ga	Google Analytics	Statistical	2 year
_Gid	Google Analytics	Statistical	60 seconds
_ga_# [x12]	Google Analytics	Statistical	2 year
abs_rememberMe	Own	Preference	7 days
_fbp	Meta Company	Marketing	3 months
_gcl_au	Google Adsense	Marketing	6 months

Managing cookies

Deleting cookies

All cookies on your device can be deleted by clearing your browser’s browsing history. This deletes all cookies from all pages you have visited.

Managing cookies

You can change your cookie preferences at any time by changing your browser settings to restrict cookies. We reserve that disabling cookies necessary for security and maintaining user preferences may make it difficult and, in extreme cases, impossible to use websites.

In addition, restrictions on the use of cookies may affect some of the functionalities available on the Website.

In order to manage cookie settings, select your web browser/system from the list below and follow the instructions:

Chrome
Safari
Safari (for mobile devices)
Firefox
Opera
If you’re using a different browser, check the “Help” section of the program for information.

The software for browsing websites (web browser) usually allows cookies to be stored on the User’s end device by default. Website Users can change the settings in this regard. Your web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject can be found in the help or documentation of the web browser.