Strona główna » Privacy Policy

Privacy Policy DAPR SP. Z O.O.

Table of contents

  1. Introductory information
  2. Glossary
  3. Contact with the Controller
  4. Join Controllers
  5. Legal basis for processing
  6. Rights of data subjects
  7. Security of use of the site
  8. Cookies
  9. Final provisions

1.
Introductory information

With a view to ensuring the highest standards of security in the processing of Personal data, DAPR sp. z o.o. would like to inform you that this privacy policy meets the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) as well as the standards contained in national legislation. 

The information presented in the Policy will allow you to get acquainted in detail with the principles of personal data processing when contacting DAPR sp. z o.o.  

2.
Glossary

Controller – the entity that decides the purposes and means of Personal data processing. The Controller of Personal Data is DAPR sp. z o.o. with its registered office in Warsaw, mailing address 47 Żurawia Street, 00-680 Warsaw. KRS:0000688178. 

Personal data – any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified directly or indirectly.  

EEA – the European Economic Area, a free trade zone and common market, comprising the countries of the European Union and the European Free Trade Association (EFTA), with the exception of Switzerland. It is an area in which the free flow of Personal data takes place.   

Data Recipient – means a natural or legal person, an organizational unit without legal personality (a so-called “deified legal person”), a public authority, an entity or any other entity to which Personal data is disclosed, whether or not it is a “third party.  

Third countries – countries that are not part of the EEA. 

Cookies – are small pieces of information, called cookies, sent by a website you visit and stored on the terminal device (computer, laptop, smartphone) you use when browsing the web.  

Supervisory authority – the Supervisory authority for the Protection of Personal Data, , which oversees compliance with data protection laws in Poland.  

Profiling – means any form of automated processing of Personal data which involves the use of Personal data to evaluate Personal factors of an individual, in particular to analyze or predict aspects relating to the performance of that individual, his or her economic situation, health, Personal preferences, interests, reliability, behavior, location or movement of the data subject – provided that such action produces legal effects in relation to that individual or similarly significantly affects him or her. 

SSL protocol – is a network protocol used for secure Internet connections, adopted as a standard for encryption on the World Wide Web. SSL certificate ensures the confidentiality of data transmission over the Internet.   

Data Processing – means an operation or set of operations performed on Personal data or sets of Personal data in an automated or non-automated manner, such as collecting, recording, organizing, structuring, storing, adapting or modifying, downloading, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, deleting or destroying.  

Policy – the privacy policy of DAPR sp. z o.o. 

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data and repealing Directive 95/46/EC. 

Websites – sites managed by the Controller to which this Policy applies, i.e. https://redintogreen.pl/, https://redintogreen.pl/en/, https://doraregister.io/, https://dapr.pl/.   

UŚUDE – the Act on Provision of Electronic Services of July 18, 2002 (Journal of Laws No. 144, item 1204, as amended).   

PKE – the Electronic Communications Law of July 12, 2024 (Journal of Laws 2024, item 1221, as amended). 

User – means a person, using the websites and social profiles of the Controller. 

3.
Contact with the Controller

The Controller can be contacted via e-mail: kontakt@dapr.pl or phone number (+48) 22 100 40 13. 

4.
Join Controllers

We would like to inform you that with regard to the Personal data processed in connection with the operation of the Red Into Green profile on Facebook – the controller of your Personal data processed on this portal is both DAPR sp. z o.o. and Meta Platforms Ireland Ltd., thus both entities are Joint Controllers. All information about the processing of Personal data by DAPR sp. z o.o. and your rights can be found in this privacy Policy.   

With regard to the maintenance of your profiles on Facebook, the investigation of your activities on Facebook, the exercise of your rights, etc., please refer to Facebook. Please be informed that by liking, i.e. clicking the “like” button, you consent to the processing of your Personal data. For more information on the co-administration and processing of Personal data, in particular by Facebook, please refer to the rules and policies on Facebook’s website. 

5.
Legal basis for processing

Purpose of Data processing Legal basis Recipients of the data Data processing time 
Providing a response to the message sent via email, chat – Facebook profile, LinkedIn and telephone contact Article 6(1)(F) of the GDPR, i.e., the Controller’s legitimate interest in handling correspondence and phone calls Telecommunications service providers; IT service providers; Internet providers; Hosting providers; Microsoft Corp. Meta Platforms Ireland Ltd. HubSpot Inc. OVH Ltd. For the period necessary to consider the issue to which the message is sent. 
To provide an offer (in the case of persons directing an inquiry on behalf of an entity for which they provide services i.e. B2B) Article 6(1)(F) GDPR i.e. the Controller’s legitimate interest in offering and establishing business cooperation. IT service providers; Internet providers; Hosting providers; Microsoft Corp. HubSpot Inc. OVH Ltd. Until an objection is filed. 
Providing an offer (in the case of those addressing an inquiry on their own behalf i.e. B2C) Article 6(1)(B) of the GDPR i.e. taking the necessary actions to conclude a contract with customers as a result of actions taken by the customer. IT service providers; Internet providers; Hosting providers; Microsoft Corp. HubSpot Inc. OVH Ltd.   Until an objection is filed. 
Marketing – text message and telephone contact Article 6(1)(F) of the GDPR, i.e., legitimate interest in carrying out its own marketing activities in connection with the receipt of consent in accordance with the PKE and the UWA. Telecommunications service providers; HubSpot Inc.   Until an objection is raised or the consent given under the PKE and UŚUDE is withdrawn. 
Marketing -maintaining company profiles on social media platforms (Facebook, YouTube, LinkedIn) Art. 6(1)(F) GDPR i.e. the Controller’s legitimate interest in acquiring and retaining customers by publishing advertising posts IT Service Providers; Internet Providers; Hosting Providers; Meta Platforms Ireland Ltd. Microsoft Corp. Google Ireland Ltd. Pending objections. 
Webinars, conferences and outdoor booths Article 6(1)(F) of the GDPR, i.e., the Controller’s legitimate interest in promoting the company’s business and acquiring customers. IT Service Providers; Internet Providers; Hosting Providers; Meta Platforms Ireland Ltd. Microsoft Corp. Google Ireland Ltd. HubSpot Inc. ClickMeeting Ltd.   Until an objection is filed. 
Conclusion and execution of a contract with a B2C customer (order processing) Article 6(1)(B) GDPR i.e. the Data processing is necessary for the performance of the contract to which the customer is a party.   IT service providers; Internet providers; Hosting providers; Payment service providers; Law firms and legal advisors; . Microsoft Corp. HubSpot Inc. OVH Sp. z o.o. Until the expiration of the deadlines arising from accounting regulations and the statute of limitations for civil law claims. 
Conclusion and execution of a contract with a B2B customer (order execution) Article 6(1)(F) of the GDPR, i.e., legitimate interest of having to be contacted in order to fulfill the contract.   IT service providers; Internet providers; Hosting providers; Payment service providers; Law firms and legal advisors; Microsoft Corp. HubSpot Inc. OVH Sp. z o.o. Until the expiration of the deadlines under accounting regulations and the statute of limitations for civil law claims. 
Complaints (defense and investigation of claims) Article 6(1)(F) of the GDPR, i.e., legitimate interest to establish, assert or defend against claims. IT service providers; Hosting providers; Payment service providers. Microsoft Corp. HubSpot Inc. OVH sp. z o.o. Until the statute of limitations for claims under civil law. 
Pursuing the conclusion and performance of a contract (subcontractors) Article 6(1)(B) of the GDPR, i.e., taking the necessary steps to enter into a contract with a subcontractor. IT service providers; Internet providers; Hosting providers; Law firms and legal advisors; Microsoft Corp. OVH sp. z o.o. For the duration of the contract, its termination and until the expiration of the period for filing potential claims 
Implementation of the contract (subcontractor’s employees).   Article 6(1)(F) of the GDPR, i.e., the Controller’s legitimate interest in coordinating with a subcontractor. IT service providers; Internet providers; Hosting providers; Law firms and legal advisors; Microsoft Corp. OVH sp. z o.o. For the duration of the contract, its termination and until the expiration of the period for filing potential claims 
Conducting recruitment (employees) Article 6(1)(A) or (C) GDPR i.e. Article 6(1)(C) GDPR to the extent indicated in the provisions of the Labor Code, the Controller is obliged to process a specific catalog of data of job applicants ; or Article 6(1)(A) of the GDPR for data beyond the catalog indicated in the labor legislation, the legal basis for processing Personal data is the candidate’s consent.   IT service providers; Internet providers; Hosting providers; Microsoft Corp.     3 months from the date of completion of the recruitment process, or until you withdraw your consent, in connection with providing an oversized category of Personal data or expressing your willingness to participate in future recruitments 
Conducting recruitment (contractors and associates) Article 6(1)(B) of the GDPR i.e. the legal basis is to seek to enter into a contract with individuals on their own business. IT service providers; Internet providers; Hosting providers; Microsoft Corp. 3 months from the date of completion of the recruitment process. 
Keeping statistics and profiling Article 6(1)(F) GDPR, i.e., the Controller’s legitimate interest in collecting and using statistics to improve the scope and quality of services offered.   IT Service Providers; Internet Providers; Hosting Providers, Google Ireland Ltd. HubSpot Inc. progreso.pl sp. z o.o.   Pending objection.   
Exercise of the rights of individuals under the GDPR Article 6(1)(C) of the GDPR, i.e., the legal obligation to accept, process and respond to the request sent. IT Service Providers; Internet Providers; Hosting Providers; Microsoft Corp. Up to 2 years from the date of consideration of the case. In the case of the initiation of administrative proceedings, until an administrative decision is issued, or until a final court judgment in the case of an appeal against an authority’s decision. 

6.
Rights of data subjects

Each person whose data is processed has a number of rights under the GDPR.    

The right to request access to one’s Personal data. 

Each person is entitled to obtain confirmation from the Controller as to whether Personal data concerning him or her is being processed, and if this is the case, he or she is entitled to access it and a range of information. 

We will provide the first copy of the Personal data subject to processing to the person upon request for free. For any subsequent copies requested by the data subject, we may charge a reasonable fee based on administrative costs. If you request a copy electronically, and unless you indicate otherwise, we will provide the information in a commonly used electronic form.   

Right to rectification 

You have the right to request that we promptly rectify your Personal data that is inaccurate. You also have the right to request the completion of incomplete Personal data, including by providing an additional statement. 

Right to request deletion 

You have the right to demand that we delete your data immediately, and we are obliged to delete it without undue delay if one of the following circumstances applies: 

  • Your Personal data are no longer necessary for the purposes for which they were collected or otherwise processed; 
  • You have withdrawn the consent on which the Data processing is based and there is no other legal basis for further Data processing; 
  • You have objected to the Data processing and there are no overriding legitimate grounds for Data processing; 
  • Your Personal data has been unlawfully processed; 
  • Your Personal data must be deleted in order to comply with a legal obligation under European Union law or the law of a Member State to which the Controller is subject; 
  • Your Personal data was collected in connection with the offering of information society services. 

In accordance with the GDPR, your data, despite your request and the fulfillment of the above conditions, may not be deleted if the Data processing is necessary: 

  • to exercise your right to freedom of expression and information; 
  • for compliance with a legal obligation requiring Data processing under European Union law or the law of a Member State to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; 
  • for reasons of public interest in the field of public health; 
  • for archival purposes in the public interest, for scientific or historical research, or for statistical purposes, insofar as the right, to erasure, is likely to prevent or seriously impede the purposes of such processing; 
  • To establish, assert or defend claims. 

Right to request restriction of Data processing  

You have the right to request the Controller to restrict Data processing in the following cases: 

  • you question the accuracy of your Personal data – for a time that allows the Controller to verify the accuracy of the data; 
  • the Data processing is unlawful and you, object to the erasure of the Personal data, requesting instead the restriction of its use; 
  • the Controller no longer needs the Personal data for the purposes of Data processing, but they are needed by you, to establish, assert or defend claims; 
  • You, raise an objection to the Data processing – until it is determined whether the legitimate grounds on the part of the Controller override the grounds of the data subject’s objection. 

Right to object  

You have the right to object at any time – on grounds relating to your particular situation – to Data processing based on the Controller’s legitimate interests or Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; including profiling under these laws.   

If you lodge an objection, we are no longer allowed to process your Personal data unless we demonstrate the existence of compelling legitimate grounds for the Data processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, assertion or defense of claims. 

Right to data portability 

You have the right to receive in a structured, commonly used machine-readable format your Personal data that you have provided to us, and you have the right to send such Personal data to another Controller without hindrance from us if: 

  • The Data processing is carried out on the basis of consent or pursuant to a contract, and 
  • Data processing is carried out by automated means. 

The possibility of exercising your right to data portability and having the Controller send your data directly to another controller will be realized as long as it is technically possible. 

In accordance with the GDPR, the exercise of your rights must not adversely affect the rights and freedoms of others. 

Right to withdraw consent

If your data is processed based on consent, you have the right to withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of Data processing that was carried out on the basis of consent before its withdrawal.   

If you withdraw your consent, we have the right to continue to process your data as necessary: 

  • to exercise your right to freedom of expression and information; 
  • for compliance with a legal obligation requiring Data processing under European Union law or the law of a Member State to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; 
  • for reasons of public interest in the field of public health; 
  • for archival purposes in the public interest, for scientific or historical research, or for statistical purposes, insofar as the right, to erasure, is likely to prevent or seriously impede the purposes of such Data processing; 
  • to establish, assert or defend claims. 

The right to file a complaint  

You have the right to file a complaint with the Supervisory authority. Supervisory authority is the authority that controls the correct application of data protection regulations by the Controller, the complainant should first contact the Controller to exercise his rights. 

Direct link to the website of the Supervisory authority to file a complaint; 

https://uodo.gov.pl/pl/p/skargi

Information about the processing of data outside the EEA

Your Personal data may be processed outside the EEA in certain cases. Such data may be transferred to the U.S. in connection with your activity on our social media profiles on Facebook, YouTube and LinkedIn, whose service providers we have identified in Section 5 of this Policy. In addition, in connection with your use of Microsoft 365 services for electronic communications, data may also be transferred to the provider’s servers in the US.   

In each case of data transfer, it is legally based on the European Commission Decision on the Data Privacy Framework, and in certain cases on the Standard Contractual Clauses. Each provider ensures an appropriate level of security for such transfers. More information on this below: 

Google Ireland Ltd. – https://support.google.com/adspolicy/answer/10042247?hl=pl Meta Platforms Ireland Ltd. https://www.facebook.com/legal/EU_data_transfer_addendum

Microsoft Corp. – https://www.microsoft.com/pl-pl/trust-center/privacy/gdpr-faqs

HubSpot Inc. – https://legal.hubspot.com/dpa 

7.
Security of use of the Sites

We would like to inform you that we use adequate technical and organizational measures aimed at ensuring the maximum level of protection for persons using the Company’s Websites and providing their Personal Data. 

In order to guarantee the highest level of security in the use of the Sites, they are secured by SSL code. 

The sites may contain relevant links to other websites, especially for making payments for our services (websites) or other media (radio, television, press, space advertising, etc.). Accordingly, the Controller, outside of the websites administered by it, is not responsible for the privacy policies that will apply on such websites or in such media The Controller is not responsible for the availability of any services or goods made available through websites or other media to which links may be provided.   

The Controller shall also not be liable for any damages arising, or that may arise, in connection with the use of such websites or media.  

8.
Cookies

We use cookies for the following purposes: 

– maintenance and correctness of the website services; 

– analyzing user traffic and preferences; 

– keeping statistics on users visiting the site. 

The data collected through cookies by Google Analytics (including the User’s IP address) is transmitted to Google and stored by Google on servers in the United States. If the Websites anonymize IP addresses, the User’s IP address will be truncated by Google in the territory of a member state of the European Union or another country of the European Economic Area before the address is transmitted to the United States. Only in exceptional circumstances will your full IP address be transmitted to Google’s servers in the United States and truncated locally. Google will use this information to evaluate your use of the Sites, to create reports on site traffic for site operators, and to provide other services related to site traffic and Internet usage. Google will not associate your IP address with any other data in its possession.   

Like many other services, the Google Analytics tool and Facebook use their own cookies to analyze Users’ activities. These cookies are used to store information, such as the start time of the current visit and whether the User has been to the site address before, what site they came to our site from, what screen resolution their device is, what information they were interested in on our site, etc. By using the site, you consent to the processing of your data by Google in the manner and for the purposes specified above.   

Please be advised that the implementation of restrictions on the use of the technologies specified above may adversely affect the operation of the site. For detailed information on the Google Analytics solution used, please click on the following link:   

https://support.google.com/analytics/answer/6004245

The legal basis for the transfer of data outside the EEA is the European Commission Decision on Data Privacy Framework, and in certain situations are standard contractual clauses

You may configure your browser to receive information about the use of cookies and have the ability to decide whether to accept or reject them in certain cases or completely. If you do not accept the use of certain cookies, the functionality of our websites may not be displayed correctly. 

We include below instructions for configuration in each browser.   

Internet Explore 

Microsoft Edge 

Mozilla Firefox 

Chrome 

Opera 

Safari 

9.
Final provisions

The use of the Controller’s website and providing Personal data in forms or by e-mail or telephone contact is completely voluntary. In some cases, providing data may be necessary for a specific purpose.   

The Controller reserves the right to change the Policy at any time due to the scope of services offered and to adapt the newly amended law. In any case, if possible, we will try to inform you about the update of the Policy before its implementation.    

Privacy Policy last updated on 25.04.2025. 

Wnioski o realizację praw w zakresie ochrony danych osobowych

Proszę wybrać poniżej rodzaj wniosku w zakresie ochrony danych osobowych wraz z ewentualnymi dodatkowymi zapytaniami w treści wiadomości. Dołożymy wszelkich starań, aby je zrealizować. Twój adres e-mail jest wymagany, aby skontaktować się z Tobą w sprawie Twojego wniosku. Nie będziemy wykorzystywać podanego adresu e-mail w innych celach niż realizacja Twojego wniosku.

Dostęp do danych
Dostęp do danych
Usuwanie danych
Sprostowanie danych