Rules for the processing and protection of personal data in code quest sp. z o.o.
For the purpose of the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR," we inform you about the rules of processing your personal data and about your rights related with it.
The following rules apply from May 25, 2018.
The Controller of your personal data
Your personal data controller is code quest sp. z o.o., ul Zamiany 8 LU 202, 02-786 Warszawa, Poland, REGON: 146176183, NIP (Tax No.): 9512357282, entered into the entrepreneur register of the National Court Register by the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register (KRS) under No.: 0000424452, share capital (fully paid) PLN 2010 000 (hereinafter referred to as, We, "codequest")
codequest has set one contact point for all personal data issues. If you would like to contact us, please write us an e-mail or send a letter to code quest sp. z o.o., ul Zamiany 8 LU 202, 02-786 Warszawa with the note: "Personal data".
Where do we obtain your personal data from?
- Most of the data we receive directly from you. You provide us with this data:
- by sending us a message via e-mail or social networks;
- during a conversation with the codequest Personnel Member.
- We may also have your data from publicly available sources , as well as from our partners , who collect personal data in the execution of their own plans (for their own purposes) and make them available to us as a part of our commercial cooperation if you had consented to provide us with this data.
- We also receive data about you indirectly, through the analysis of cookie files, the web server logs collected by the hosting operator of the www.codequest.com ("our website").
What is the scope of data processed?
We process following personal data:
- name and surname;
- e-mail addresses;
- telephone number (if you provided us for contact);
- the name, address of your business, NIP (Tax No.) (if you are an entrepreneur or want to receive a VAT invoice);
- additional information about yourself that you could have included in an e-mail correspondence or that you could have provided during the telephone conversation with our staff (although we do not record calls);
- the information contained in the application form or provided during the recruitment process;
- your consent;
- data from the analysis of cookie files and collected www server logs.
What is the purpose and legal basis for processing of your personal data?
We process your personal data for the purpose of offering and subsequent performance of our IT services, e.g., related to programming, software development, consulting and website management ("services"), and for the purpose of recruitment.
Due to the above, we process your personal data for various purposes indicated below:
- for the purpose of preparation of a personalized offer for our services and then performing the contract with you if you decide to become our client (Article 6 (1) (b) of GDPR);
- recruitment, including:
- to establish and maintain contact with the Candidate concerning the application documents submitted, according to Article 6(1)(b) of the GDPR, i.e., in relation to taking action at the request of the data subject before concluding a contract,
- carrying out and resolving the recruitment process based on Article 6(1)(b) of the GDPR, i.e., taking the necessary actions at the request of the data subject before concluding the contract - in the scope of data indicated in Article 221 §1 of the Labor Code and based on the Candidate's consent, i.e., Article 6(1)(a) of the GDPR and in the scope of data beyond the catalogue, indicated in Article 221 §1 of the Labor Code,
- to take account of the Candidate's application documents in future recruitment processes based on his/her voluntary agreement (Article 6(1)(a) of the GDPR).
- mandatory provisions of the law also require us to process your personal data for accounting and tax purposes (Article 6 (1) (c) of GDPR);
- if you give us (separate) consent, we will process your data for our marketing purposes with reference to the legitimate interest of the controller (Article 6 (1) (f) of GDPR);
- if you subscribe to our newsletter, we process your data in order to carry out the service you ordered (Article 6 (1) (b) of the GDPR);
- your personal data is also processed to collect debts, conduct court, arbitration and mediation proceedings, archiving and give us the possibility to account for the correct fulfilling of the obligations imposed by law, including the processing of your data, which is the legitimate interest of the controller (Article 6 (1) (f) of GDPR);
- data from the analysis of cookie files, collected web server logs by the hosting operator of our website are processed for the purposes of building anonymous statistics of visits to our website, useful - among others - for marketing purposes (including analyzing and profiling data for marketing purposes) and in order to support the functionality of our website (e.g., login, presentation of content, handling of forms) (Article 6 (1) (f) of GDPR).
How long do we process your personal data for?
The period for which we process your personal data depends on the purpose of processing. Consequently:
- preparation of a personalized offer for our services - for this we process your data for the time in which we negotiate with you, but not longer than three years from the date of obtaining your data;
- performing the contract concluded with you if you decide to become our client - for this, we process your data for the duration of its performance, and after its completion until the expiration of our mutual claims related to this contract;
- personal data collected for the purposes of recruitment will be processed for the duration of the recruitment process, and if the Candidate agrees to leave the data for the purposes of future recruitments, they will be stored until the withdrawal of the consent, but not longer than 36 months from the date of its granting;
- regarding accounting purposes - we will process your data for five years, counting from the beginning of the year following the accounting year covered by the accounting documents (Article 74 paragraphs 2 and 3 of the Accounting Act). As far as tax purposes are concerned, data will be processed for a period of 5 years, counting from the end of the calendar year in which the payment deadline for a given tax has expired (Article 70 § 1 of the Tax Ordinance);
- sending you marketing messages other than a newsletter - to this end we process your data until you file an objection to such processing, but no longer than ten years from the date of obtaining your data for this purpose;
- sending newsletter - to this end, we process your data until you are a subscriber to this service, or until you file an objection to such processing, depending on which of these events occurs earlier;
- debt collection, conducting court, arbitration and mediation proceedings, archiving purposes and the possibility of us to account for the correct fulfilling of the obligations imposed by law, including processing your data - your personal data will be processed until the end of the limitation period (this period will depend on the type of claim in accordance with the Civil Code or other legal acts regulating the principle of non-civil liability) or the period in which we may be exposed to a different type of liability related to the relationship we have established with you;
- building (anonymous) statistics of visits to our web site, including for marketing purposes (in particular to adapt messages and offers to your preferences) - for this purpose, we process data throughout the period in which you use our website or our services provided electronically (such as the newsletter) and later for a period of 5 years from the time when you stopped using them.
Who is the recipient of your personal data?
We can pass your personal data on to our Contractors:
- service providers supplying codequest with technical and organizational solutions, that enable us to provide services and manage our organization, such as:
- companies providing services of delivery and maintenance of database software, suppliers of management systems, through which we can run codequest, run our website, send a newsletter and keep relevant sales records, etc.;
- entities providing hosting services;
- marketing agencies (advertising agencies, entities supporting e-mailing services) that help us understand what our clients are interested in, create interesting offers, promotions and help us in ongoing communication with customers, including you;
- providers of legal, accounting and advisory services;
- our subcontractors, with whom we cooperate in order to provide services to our clients;
- our partners/contractors to whom we share data as a part of our commercial cooperation if we had requested your consent for this purpose and you agreed for us to do so.
For each of these purposes, we only provide data that is necessary to achieve it.
Do we process your personal data automatically (including through profiling) in a way that affects your rights?
Your personal data may be processed in an automated way (including profiling), however, it will not have any legal impact on you or your situation.
As part of our marketing, we want to be able to present you information (offers, promotions) tailored to your interests. Therefore, profiling of personal data by codequest is solely based on the processing of your data (also in an automated way) by using them to assess certain information about you, in particular, to analyze or forecast your personal preferences and interests.
How do we process your personal data?
We process personal data in accordance with applicable law, in particular in accordance with GDPR. We have the following rules in mind when we process your personal information:
- Adequacy rule. We process only data that is necessary to achieve a given processing goal. We have carried out an analysis of the fulfilment of this rule for each business process;
- Transparency rule. You should have full knowledge of what is happening with your data. This document, in which we try to provide you with complete information about the rules of processing your personal data by us, is its manifestation;
- Accuracy rule. We strive to keep your personal data in our systems up-to-date and truthful. If you find that in any area your personal data have not been updated or are incorrect, please contact us at the email address firstname.lastname@example.org;
- Integrity and confidentiality rule. We apply the necessary measures to safeguard the confidentiality and integrity of your personal data. We are constantly improving them, along with the changing environment and technological progress. Security includes physical and technological measures restricting access to your data, as well as appropriate measures to prevent loss of your data;
- Accountability rule. We want to be able to account for each of our actions regarding personal data, so that in the event of your inquiry we can give you full and reliable information about what actions we have been carried out on your data.
What rights do you have regarding the processing of your personal data?
The provisions of law give you a number of rights that you can use at any time. Unless you abuse these rights (e.g. unreasonable daily requests for information), exercising them will be free of charge and should be easy to implement.
Your rights include:
- The right to access your personal data. This right means that you can ask us to export from our databases the information we have about you and send it to you in one of the commonly used formats (eg XLSX, DOCX, etc.);
- The right to correct personal data. If you find out that your personal data we process is incorrect, you may ask us to correct it and we will be obliged to do so. In this case, we have the right to ask you for a document or proof of the change;
- The right to seek restriction of personal data processing. If despite the fact that we adhere to the adequacy principle, that is we process only data that is necessary to achieve a given processing goal, you consider that for a specific purpose we process too wide catalogue of your personal data, you have the right to request that we restrict (limit) the scope of processing. If the request does not oppose the requirements imposed on us by applicable law, or it is not necessary for the performance of the contract, we will accept your request;
- The right to request erasure of personal data. This right, also known as the right to be forgotten, means that you can demand that we remove any information that contains your personal information from our systems and any other records. Remember, however, that we will not be able to do so if we are obliged to process your data under provisions of law (for example transaction documents for tax purposes, obligation to ensure the accountability of our activities). In each case, however, we will remove your personal data to the fullest extent possible, and where it is not possible we will ensure their pseudonymisation (which means that the data subjected cannot be identified without a corresponding key). Allowing this, your data we need to keep in line with applicable law will be available only to a very limited group of people in our organization;
- The right to personal data portability. By the GDPR, you can ask us to port the data you provided to us in the course of all our contacts and all cooperation to a separate file, for the purpose of further transfer to another data controller;
- The right to withdraw consent. If we process your personal data on the basis of your consent, you can revoke this consent at any time. Withdrawal of your consent will not affect the lawfulness of the processing previously performed on the basis of the consent (prior to its withdrawal). However, we would like to inform you that your personal data in the scope of the purpose covered by the revoked consent will cease to be processed for this purpose only. Your personal data subject to consent will be further processed in order to fulfil our obligations under the law, including, in particular, the obligation to account for the correctness of personal data processing, or for the purposes based on our legitimate interest.
You can perform the above-mentioned rights by contacting us at the e-mail address email@example.com or by post on code quest sp. z o.o., ul. Zamiany 8 LU 202, 02-786 Warszawa with the note "Personal data".
In all matters related to personal data, you can always write to us, especially when any action or situation you encounter raises your concerns about its legality or if you feel that your rights or freedoms may be violated. In this case, we will answer your questions and concerns and immediately address the issue.
If you believe that in any way we have violated the rules for the processing of your personal data, you have the right to submit a complaint directly to the supervisory authority (from 25 May 2018, it is the President of the Office for Personal Data Protection in Poland). As part of exercising this right, you should provide a full description of the situation and indicate what action you consider as violating your rights or freedoms. The complaint should be submitted directly to the supervisory authority.
What is the right to object?
We would like to inform you separately that you also have the right to object to the processing of your personal data.
You submit the right to object when you do not want us to process your personal data for a specific purpose (for example for marketing purposes).
You have the right to object also when the processing of your personal data is based on a legitimate interest of the controller or for statistical purposes, and the opposition is justified by the particular situation in which you have found yourself. In this case, we will continue to process your data for other processes (for other purposes), but not for the purpose for which you objected. You can exercise the right to objection by sending a message to the e-mail address firstname.lastname@example.org or by post to the address code quest sp. z o.o., ul. Zamiany 8 LU 202, 02-786 Warszawa with a note "Personal data".
Is it your obligation to provide your data?
You do not have a legal obligation to provide us with your personal data. Without obtaining them, however, we will not be able to provide our services to you.
Do we transfer your data outside EU
Yes, we can transfer your data to a third country or to international organizations. Such a possibility occurs primarily in the situation when we use platforms to conduct e-marketing activities located on servers in the United States of America.
If we pass your data to a third country or international organizations, we always make sure that their recipients guarantee a high level of personal data protection. For US entities, these guarantees result from participation in the Privacy Shield, established by Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of protection provided by the EU Privacy Shield - USA.
- Disabling cookiesYou can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Therefore it is recommended that you do not disable cookies.
- The cookies we set
- Email newsletters related cookiesYou can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Therefore it is recommended that you do not disable cookies.
- Forms related cookiesWhen you submit data through a form such as those found on contact pages or comment forms, cookies may be set to remember your user details for future correspondence.
- Site preferences cookiesIn order to provide you with a great experience on our website, we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences, we need to set cookies so that this information can be called whenever you interact with a page.
- More InformationHopefully, that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our website.However, if you are still looking for more information, you can contact us by sending a message to the e-mail address email@example.com or by post to the address code quest sp. z o.o., ul. Zamiany 8 LU 202, 02-786 Warszawa with a note "Personal data".