Privacy policy 

Dear Sir or Madam,

This Privacy Policy will help you make informed and conscious decisions regarding the processing of your personal data in the course of the business conducted by Crowdio sp. z o.o., located at ul. Zurawia 71 in Bialystok (15-540), please read it carefully.

Introduction 

This document contains Our Privacy Policy, i.e. the principles we follow in the processing of personal data. This document also contains the content of the information obligations that must be presented to data subjects, i.e. you, in compliance with the law. Before going into details, we would like to highlight some of the key principles of personal data protection. These are important to Crowdio Sp. z o.o. and we believe they are important to you as well. 

The Privacy Policy pursues four key objectives, i.e.: 

  1. to explain how the organization processes the information you provide to it, in order to better tailor its products and services to your expectations;  
  2. to ensure that all information about the processing of your data, is presented in a clear and transparent manner;  
  3. assuring you that the personal data processed by the organization is safe in relation to the risks that arise in its processing processes,  
  4. ensuring transparency in your dealings with the organization’s representatives, so that the implementation of your right to privacy is always guaranteed. 

All the information that is collected from you is related directly or indirectly to the organization’s activities, i.e. development, implementation, and administration of the software. We are the data controller of your personal data, which means that we decide on the purposes and means of its processing. In practice, it is important to remember that as a data controller, the organization is the entity responsible for your personal data. Regarding the implementation of any questions or concerns related to your personal data, please contact the Data Protection Officer at:  

gdpr@crowdio.pl 

In general, all personal data in the organization is divided into processes in which it is processed based on the main purpose behind the processing and the category of data subjects.  
These will be, in turn: 

1. Recruitment 

The personal data of job applicants is processed for the purpose of selecting the most suitable job candidates for specific positions, for current as well as future recruitment. Your personal data in this process is processed on the basis of your consent (to the extent of sensitive data that may be included in your application documents) or for the purpose of entering into a contract of employment or other civil law contracts, as well as on the basis of labor laws. In addition, the legal basis for processing personal data in this process is also the legitimate purpose of the processing, i.e. statistical, reporting, and quality control activities. Providing personal data in this process on the basis of your consent is voluntary, however, failure to do so will hinder our ability to conduct the recruitment process efficiently. To the extent required by labor laws regarding recruitment, providing personal data is mandatory. In the recruitment process, if you are not selected and you consent to the processing of your personal data for future recruitment processes, your personal data will be stored for 2 years from your last response to the proposal for the subsequent recruitment. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the recruitment process (e.g. websites and job search agents), however, we point out that these entities remain under the constant supervision of the company and ensure at least the same level of security of personal data.  

2. Employment 

The personal data of employees and associates is processed to handle the process of hiring personnel and to provide support for the execution of civil law contracts handled in the other processes of personal data processing, as well as the security of persons and property. Your personal data in this process is processed on the basis of a provision of law in the field of sensitive data, when the processing is necessary for the purposes of preventive health or occupational medicine, to assess an employee’s fitness for work, to provide health care or social security, when the processing is necessary for the fulfillment of obligations and the exercise of specific rights by the company or you, in the field of labor law, social security and social protection, and when the processing is necessary to establish, assert or defend claims. In addition, your personal data may also be processed for the purpose of executing an employment contract or other civil law contract. Finally, your personal data is processed on the basis of the company’s legitimate purpose of processing in the field of statistics, reporting, and quality control. The provision of personal data in this process is mandatory, and the consequence of failure to provide data may be the inability to establish cooperation. In the process of employment under an employment contract, your personal data will be retained for 10 years from the last activity on the personal data in connection with the employment (except for those employed before January 1, 2019 – then the period is 50 years). In the process of employment under civil law contracts, your personal data will be processed for 6 years from the last activity on the data. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the hiring process, however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data. In addition, your data may be shared with data recipients (e.g. cell phone operators), of which you will be informed by them.  

3. Marketing 

Personal data of potential customers (e.g., owners of sole proprietorships, partners of partnerships, and representatives of institutional customers) is processed for the purpose of responding to inquiries and for active marketing activities through selected communication channels.  
Your personal data in this process is processed on the basis of your consent (marketing through selected communication channels) or for the purpose of concluding a contract in the case of inquiries addressed to the company, as well as for the purpose of its implementation in the framework of subscribing to the Newsletter. In addition, your data is processed on the basis of the legitimate purpose of the personal data controller when we recommend the company’s services in personal contacts or create marketing statistics and reports. Providing your personal data in this process is voluntary, but failure to do so will prevent us from responding to your inquiry or presenting our offer in a manner tailored to your individual needs. In the process, your personal data is kept for 3 years after you revoke your consent, if you have given it. In other cases, also 3 years from the end of the newsletter service, i.e. from the last active activity on your personal data or submission of your inquiry after this period of time, your data (if we do not establish cooperation) will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the marketing process (e.g. mailing service providers), however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

4. Sales 

The personal data of customers and customer representatives (in the case of contacts with institutional customers) is processed for the purpose of selling the services offered by the company in accordance with the scope of the offer and creating personalized offers. Your personal data in this process is processed for the purpose of concluding a contract or creating a personalized offer as well as on the basis of a legal provision, among others, in accordance with the Law of September 15, 2000 – the Commercial Companies Code. Finally, your personal data may be processed for legitimate purposes, i.e. to offer other products and services of the company in direct contact as well as for statistical, reporting, and quality control activities. 

Providing personal data in this process is voluntary, however, the consequence of failure to provide data may be the inability to establish cooperation. In the sales process, your personal data will be stored for 6 years from the last activity on personal data in connection with the execution of the contract.  

After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the sales process (e.g. organizers of events or conferences), however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

5. Customer service 

The personal data of customers and customer representatives (in the case of providing services to institutional customers) is processed in order to provide efficient customer service in accordance with the best standards of the company. Your personal data in this process is processed for the purpose of executing the concluded contract, fulfilling the provisions of the law as well as for legitimate purposes, i.e. statistical activities regarding the quality of customer service. The provision of personal data in this process is voluntary (except when required by law), but the consequence of failure to provide data may be a reduction in the quality of cooperation or, in extreme cases, the inability to perform the contract. In the process of customer service, your personal data will be stored for 6 years from the last activity on personal data in connection with the execution of the contract. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the customer service process (e.g. customer service software providers), however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.   

6. Complaints 

The personal data of those who file complaints is processed for the purpose of handling them and ensuring the high quality of services provided by the company. Your personal data is processed for the purpose of fulfilling the contract and on the basis of the legal provision on warranty for defects, as well as on the basis of the legitimate purpose of the processing of the data controller, i.e. successive improvement of the quality of services provided. The provision of personal data in this process is voluntary, however, the consequence of failure to provide data may be the inability to identify the services under which the complaint is made.  

In the process of complaints, your personal data will be stored for 6 years from the last activity on personal data in connection with the processing of complaints. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the complaint process (e.g. industry technical experts), however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data. 

7. Accounting 

The personal data of customers and customer representatives (in the case of providing services to institutional customers) is processed for the purpose of processing all settlements with customers, suppliers, as well as ensuring the company’s compliance with tax laws. Your personal data in this process is processed on the basis of a legal provision in the scope of regulations arising from, among others, the Accounting Act of September 29, 1994 and the Value Added Tax Act of March 11, 2004.  
In addition, the legal basis for the processing of your personal data is the performance of the contract that was concluded as well as the legitimate purpose of the processing of the data controller, i.e. the analysis of statistical data and the preparation of accounting balances. The provision of personal data in this process is mandatory, and the consequence of failure to provide data may be the inability to properly account for services. In the accounting process, your data will be processed for a period of 6 years from the last activity with the data in connection with the settlement of accounting documents. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the accounting process, however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data. In addition, your data may be shared with recipients of data (e.g. tax authorities or auditors), of which you will be informed by them when contacted.   

8. Access control 

Personal data is also processed to ensure the security of persons and property residing at our location. Your personal data in this process is processed on the basis of the legitimate purpose of the processing, which is the aforementioned protection. In the process, we store your personal data for a period of 3 months to 2 years after archiving it, depending on the access control point, i.e., for example, capturing your image on video surveillance or in the computer system. Providing personal data in this process is also voluntary, but failure to do so will prevent you from entering the protected area or gaining access to the system. Your personal data in this process may be entrusted to external entities involved in the access control process, however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data. 

9. Purchasing 

The personal data of representatives of our contractors, i.e. both sole proprietors, partnerships and representatives of legal entities, is processed for the purpose of fulfilling contractual obligations. Your personal data in this process is processed on the basis of the contract (even if it has not been recorded in writing), in order to fulfill our obligations under the law (mainly tax law) and for the legitimate purpose of the processing, which is the execution of the contract with the contractor (usually your employer). In the process, we keep your personal data for a period of 6 years after they are archived, i.e. after the last activity in connection with the execution of the contract with the contractor. The provision of personal data is voluntary, but failure to do so will prevent us from executing the contract with the contractor. Your data may have been provided by a contractor (e.g. your employer). Your personal data in this process may be entrusted to external entities involved in the process, however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data. 

Your rights 

We would like to emphasize that we guarantee each person whose data we process the possibility of exercising the following rights: 

  • the right to access the content of your data – you can request a description of the processing specifically of your personal data and access to any personal data collected about you.  
    However, we point out that excessive use of this right will hinder the work of the organization, so please be prudent in exercising this right,  
  • the right to rectification of data – we make every effort to always process the most up-to-date data about you, however, if you find that the data we process has become inaccurate you can always request its rectification,  
  • the right to erasure – if you find that you no longer want the organization to process your personal data you can always request that your data be deleted. However, we point out that this right will not be able to be exercised in every case, as some of the data must be retained by the organization due to binding legal regulations, 
  • the right to limit processing – if you find that the data that is processed by the organization for some reason should not be deleted after the aforementioned periods of time (data retention), you can request its continued storage,  
  • the right to data portability – if it turns out that your personal data will be processed in computer systems then you can request their transfer to another service provider or directly to you. I would like to point out, however, that this entitlement applies only to the data that you have provided yourself, 
  • the right to object – you can always object to the processing of specific personal data for a specific purpose. In any such case, the objection will be considered and your comments taken into account in the processing of your data for the future, 
  • the right to withdraw consent – you may withdraw your consent to the processing of your personal data at any time, but any actions that were performed on your data before the withdrawal will remain valid,  
  • the right to lodge a complaint – if you feel that the organization is violating your right to privacy you can always turn to the President of the Office of Personal Data Protection with a complaint, but we encourage you to resolve your concerns together before making such a decision. 

Summary 

In summary, the organization and its staff take great care to ensure that the processing of your personal data encroaches on your privacy as little as possible, however, if at any stage of the processing of your personal data you have doubts about the compliance of these activities with the law, please contact: gdpr@crowdio.pl