Table of contents

1. Introductory information
2. Glossary
3. Information about the Administrator
4. Co-administration
5. Legal basis for processing
6. Rights of data subjects
7. Security of use of the site
8. Cookies
9. Final provisions

1.
Preliminary information

With a view to ensuring the highest standards of security in the processing of personal data, DAPR sp. z o.o. would like to inform you that this Privacy Policy complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and with the standards contained in national legislation. The information presented in the Policy will allow you to familiarize yourself in detail with the principles of personal data processing when contacting DAPR sp. z. o.o. and using the company’s websites.

2.
Glossary of terms

Administrator – Administrator of Personal Data, the entity that decides on the purposes and means of personal data processing. The Administrator of the Personal Data is DAPR sp. z o.o. based in Warsaw, mailing address 47 Żurawia Street, 00-680 Warsaw. KRS:0000688178.

Personal data – any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified directly or indirectly.

EEA – the European Economic Area, a free trade zone and common market, comprising the countries of the European Union and the European Free Trade Association (EFTA), with the exception of Switzerland. It is an area in which the free flow of personal data takes place.

Data Recipient – means a natural or legal person, an organizational unit without legal personality (a so-called “deified legal person”), a public authority, an entity or any other entity to which personal data is disclosed, whether or not it is a “third party.

Third countries – countries that are not part of the EEA.

Cookies – are small pieces of information, called cookies, sent by a website you visit and stored on the terminal device (computer, laptop, smartphone) you use when browsing the web.

President of the Office – the President of the Office for the Protection of Personal Data, a supervisory authority within the meaning of the RODO, which oversees compliance with data protection laws in Poland.

Profiling – means any form of automated processing of personal data which involves the use of personal data to evaluate personal factors of an individual, in particular to analyze or predict aspects relating to the performance of that individual, his or her economic situation, health, personal preferences, interests, reliability, behavior, location or movement of the data subject – provided that such action produces legal effects in relation to that individual or similarly significantly affects him or her.

SSL protocol – is a network protocol used for secure Internet connections, adopted as a standard for encryption on the World Wide Web. SSL certificate ensures the confidentiality of data transmission over the Internet.

Processing – means an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, structuring, storing, adapting or modifying, downloading, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, deleting or destroying.

Policy – the privacy policy of DAPR Ltd.

RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

3.
Information about the Administrator

The Administrator of your personal data is DAPR sp. z o.o. based in Warsaw, mailing address 47 Żurawia St., 00-680 Warsaw. KRS:0000688178. (hereinafter “Administrator”).

The Administrator can be contacted via e-mail address: kontakt@dapr.pl or phone number (+48) 22 100 40 13.

4.
Co-administration

We would like to inform you that with regard to personal data processed in connection with the operation of DAPR’s profile on Facebook, the Administrator of your personal data processed on this portal is both DAPR sp. z o.o. and Facebook Ltd., thus both entities are co-administrators. All information about DAPR’s processing of your personal data and your rights with respect to DAPR can be found in this privacy policy. With regard to the maintenance of your own profiles on Facebook, the study of your behavior on Facebook, the exercise of your rights, etc., please refer to Facebook. Please be informed that by liking, i.e. clicking the “like” button, you consent to the processing of your personal data. For more information on the co-administration and processing of personal data, in particular by Facebook, please refer to the rules and policies on Facebook’s website.

5.
Legal basis for processing

Cel przetwarzania	Podstawa prawna	Odbiorcy danych	Czas przetwarzania

Respond to the message sent via the contact form and e-mail	Article 6(1)(f), i.e., the Administrator’s legitimate interest in handling correspondence.	IT service providers; Internet providers; Hosting providers;	For the period of time necessary to consider the issue to which the message was sent.
Presentation of the offer (in the case of persons addressing the inquiry on their behalf, i.e., consumers)	Article 6(1)(b) of the DPA, i.e. the processing is necessary to take action before entering into a contract	IT service providers; Internet providers; Hosting providers;	To complete the bidding process.
Presentation of an offer (for those addressing an inquiry on behalf of an entity for which they provide services, i.e. B2B)	Article 6(1)(F) of the RODO, i.e. the administrator’s legitimate interest in offering and establishing business cooperation.	IT service providers; Internet providers; Hosting providers;	To complete the bidding process.
Marketing – website	Art. 6(1)(f) i.e. the Administrator’s legitimate interest in acquiring and retaining customers	IT service providers; Internet providers; Hosting providers;	Pending objections.
Marketing – newsletter and telephone contact	Article 6(1)(f) of the RODO, i.e. the legitimate interest of carrying out its own marketing activities in connection with the receipt of consent in accordance with the PT and the TPA.	IT service providers; Internet providers; Hosting providers;	Until you object or withdraw the consent given under the PT and the TOS.
Marketing -maintain company profiles on social media platforms (Facebook and Linkedin).	Art. 6(1)(f) i.e. the Administrator’s legitimate interest in acquiring and retaining customers	IT service providers; Internet providers; Web hosting providers; Facebook Ltd. Linkedin	Pending objections.
Strive to conclude and execute a contract (customers).	Article 6(1)(b) of the RODO to take the necessary steps to enter into a contract with customers and suppliers	Law firms and legal advisors;	For the duration of the contract, its termination, and until the expiration of the deadline for filing potential claims
Contract execution (contractor’s employees).	Article 6(1)(f) RODO legitimate interest of the Administrator to coordinate with the contractor.	IT service providers; Internet providers; Hosting providers; Law firms and legal advisors;	For the duration of the contract, its termination, and until the expiration of the deadline for filing potential claims
Conducting recruitment (employees and contractors)	Article 6(1)(a) and (c) of the RODO, i.e. to the extent indicated in the labor regulations, the Administrator is obliged to process a specific catalog of data of job candidates; with regard to data beyond the catalog indicated in the labor regulations, the legal basis for processing personal data is the candidate’s consent (Article 6(1)(a) of the RODO)	IT service providers; Internet service providers; Hosting providers.	Until the recruitment process is completed.
Conducting recruitment (associates)	Article 6(1)(b) of the DPA, i.e. the legal basis is the pursuit of a contract with individuals on their own business.	IT service providers; Internet service providers; Hosting providers.	Until the recruitment process is completed.
Acceptance and processing of a request under the RODO	Article 6(1)(c), i.e. the obligation under the RODO to provide the data subject with information about the activities of the	IT service providers; Internet providers; Hosting providers; Law firms and legal advisors;	Until the statute of limitations on claims.
Keeping statistics	Article 6(1)(f) i.e. the Administrator’s legitimate interest in collecting and using statistics to improve the scope and quality of services offered.	IT service providers; Internet service providers; Hosting providers.	Pending objections.

6.
Rights of data subjects

Each person whose data is processed has a number of rights under the RODO.

The right to request access to one’s personal data.

Each person is entitled to obtain confirmation from the controller as to whether personal data relating to him or her is being processed, and if it is, he or she is entitled to access it and a range of information. We will provide the first copy of personal data subject to processing to the person upon request for damo. For any subsequent copies requested by the data subject, we may charge a reasonable fee based on administrative costs. If you, request a copy electronically, and unless you indicate otherwise, we will provide the information in a commonly used electronic form.

Right to rectification

You have the right to request that we promptly rectify your personal data that is inaccurate. You also have the right to request the completion of incomplete personal data, including by providing an additional statement.

Right to request deletion

• You have the right to demand from us the immediate deletion of your data, and we are obliged to delete it without undue delay if one of the following circumstances applies:
• Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• You have withdrawn the consent on which the processing is based and there is no other legal basis for further processing;
• You have objected to the processing and there are no overriding legitimate grounds for processing;
• Your personal data has been processed unlawfully;
• Your personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the controller is subject;
• Your personal data was collected in connection with the offering of information society services.

In accordance with the RODO, your data, despite your request and the fulfillment of the above conditions, may not be deleted if processing is necessary:

• to exercise your right to freedom of expression and information;
• to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health;

• for archival purposes in the public interest, for scientific or historical research, or for statistical purposes, insofar as the right, to erasure, is likely to prevent or seriously impede the purposes of such processing;
• to establish, assert or defend claims.
• Right to request restriction of processing

You have the right to request the controller to restrict processing in the following cases:

you question the accuracy of your personal data – for a period of time that allows the controller to verify the accuracy of the data;

the processing is unlawful and you, object to the deletion of personal data, requesting instead the restriction of its use;

the controller no longer needs the personal data for the purposes of processing, but they are needed by you, to establish, assert or defend claims;

You, raise an objection to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds of the data subject’s objection.

Right to object

You have the right to object at any time – on grounds relating to your particular situation – to processing based on a legitimate interest of the controller, or processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; including profiling under these laws.

If an objection is lodged, we are no longer allowed to process the personal data unless we demonstrate the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.

Right to data portability

You have the right to receive in a structured, commonly used machine-readable format your personal data that you have provided to us, and you have the right to send such personal data to another controller without hindrance from us if:

• the processing is carried out on the basis of consent or pursuant to a contract, and
• the processing is carried out by automated means.

The possibility of exercising the right of data portability and sending the data from the controller directly to another controller will be realized as long as it is technically possible. In accordance with the RODO, the exercise of your rights must not adversely affect the rights and freedoms of others.

Right to withdraw consent

If your data is processed based on consent, you have the right to withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

If you withdraw your consent, we have the right to continue processing your data as necessary:

• to exercise the right to freedom of expression and information;
• to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health;
• for archival purposes in the public interest, for scientific or historical research, or for statistical purposes, insofar as the right, to erasure, is likely to prevent or seriously impede the purposes of such processing;
• for the establishment, investigation or defense of claims.

The right to file a complaint

You have the right to file a complaint with the President of the Office for Personal Data Protection. As the President of the Office of Personal Data Protection points out, since the President of the Office is the authority that controls the correct application of data protection laws by the controller, the complainant should first contact the controller to exercise his rights.

Direct link to the website of the Office for Personal Data Protection to file a complaint.

7.
Security of use of the site

We would like to inform you that DAPR sp. z o.o. applies adequate technical and organizational measures aimed at ensuring the maximum level of protection for persons using the company’s websites and submitting their personal data via the contact form.

In order to guarantee the highest level of security in the use of the pages, they are secured by SSL code.

The website may contain relevant links to other websites (web pages) or other media (radio, television, press, space advertising, etc.). Accordingly, the Administrator, outside of the websites administered by him, is not responsible for the privacy practices that will apply on such websites or in such media The Administrator is not responsible for the availability of any services or goods made available through websites or other media to which the site may be linked.

The Administrator shall also not be liable for any damages arising, or that may arise, in connection with the use of such websites or media.

8.
Cookies

By using the dapr.pl website you accept cookies.

We use cookies for the following purposes:

• maintenance and correct operation of the site’s services
• keeping statistics of users visiting the site

You can configure your browser to receive information about the use of cookies and have the ability to decide whether to accept or reject them in certain cases or completely. If you do not accept the use of certain cookies, the functionality of our website may not be displayed correctly.

We include below instructions for configuration in each browser.

• Internet Explorer
• Microsoft Edge
• Mozilla Firefox
• Chrome
• Opera
• Safari

9.
Final provisions

The use of the Administrator’s websites and providing personal data in the forms is completely voluntary. In some cases, providing data may be necessary for a specific purpose.

DAPR sp. z o.o. reserves the right to change the Policy at any time due to the scope of services offered and to adapt the newly amended law. In any case, if possible, we will try to inform you about the update of the Policy before its implementation.

The Privacy Policy was last updated on 17/08/2021.