Privacy Policy DAPR sp. z o.o.

Table of contents

1. Initial information

In order to ensure the highest standards of security in processing of personal data DAPR sp. z o.o. would like to inform you that this privacy policy meets the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the standards contained in national legislation.

The information presented in the Policy will allow you to become familiar in detail with the rules on the processing of personal data when contacting DAPR sp. z o.o. and using the company’s websites

2. Glossary

Controller – the Controller of Personal Data, an entity that determines the purposes and means of the processing of personal data. The controller of personal data is DAPR sp. z o.o. with its registered office in Warsaw, mailing address ul. Żurawia 47, 00-680 Warsaw. KRS:0000688178.

Personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified directly or indirectly.

EEA – European Economic Area, free trade area and common market, including European Union and European Free Trade Association (EFTA) countries, except Switzerland. This is an area with free movement of personal data.

Recipient of the data – means a natural or legal person, organizational entity without legal personality (i.e. legal entity without corporate status), public authority, agency or other body to which the personal data are disclosed, regardless of whether it is a “third party” or not.

Third countries – countries not part of the EEA.

Cookies – are small pieces of information, called cookies, sent by the website we are visiting and stored on terminal device (computer, laptop, smartphone) we use to browse the web.

President of the Office – President of the Office for Personal Data Protection, a supervisory authority according to the GDPR which supervises the observance of legal provisions on personal data protection in Poland.

Profiling – means any form of automated processing of personal data which involves the use of personal data that makes it possible to evaluate personal factors of a natural person, in particular to analyze or predict aspects relating to data subject’s work performance, economic situation, health, personal preferences, interests, reliability, behavior,  location or movement – provided that such action produces legal effects concerning this person or significantly affects this person in a similar manner.

SSL protocol – is a network protocol used for establishing secure internet connections, adopted as a standard for encryption on websites. The SSL certificate ensures the confidentiality of data transmission via the Internet.

Processing – means an operation or a set of operations performed on personal data or sets of personal data whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Policy – DAPR sp. z o.o. privacy policy

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE.

3. Information about the Controller

Your personal data is controlled by DAPR sp. z o.o. with its registered office in Warsaw, mailing address ul. Żurawia 47, 00-680 Warsaw. KRS:0000688178. (hereinafter referred to as “Controller”).

You may contact the Controllervia e-mail: kontakt@dapr.pl or via phone: (+48)2210040 13.

4. Joint controllers

We would like to inform you that with regard to the personal data processed in connection with DAPR Facebook profile, your personal data processed on this portal is controlled both by DAPR sp. z o.o. and Facebook Ltd., therefore both entities are joint controllers. All information about the processing of personal data by DAPR and your rights against DAPR can be found in this privacy policy.

Please contact Facebook with regard to maintaining your Facebook profile, monitoring your behavior on Facebook, exercising your rights, etc. We would like to inform you that by clicking the “like” button, you agree to the processing of your personal data. For more information on the joint controllership and means of the processing of personal data, in particular by Facebook, please see the terms and policies on Facebook website.

5. Legal basis for the processing

Purpose of the processingLegal basisRecipients of the dataRecipients of the data
Responding to the message sent by contact form and e-mailart. 6 (1) (f), i.e.
the Controller’s legitimate interest in handling correspondence.
IT services providers;
Internet service providers;
hosting providers;
For the period of time necessary to address the issue which the message sent refers to.
Presenting the offer
(in the case of
persons making the enquiry on their own behalf, i.e. consumers)
art. 6 (1) (b) of the 
GDPR, i.e. processing is necessary in order to take steps prior to entering into a contract
IT services providers;
Internet service providers;
hosting providers;
By the end of the bidding process.
Presenting the offer
(in the case of persons making the enquiry on behalf of the entity for whom they provide services,
i.e. B2B)
Art. 6 (1) (f) of the
GDPR, i.e. Controller’s legitimate interest in making offers and entering into business cooperation.
IT services providers;
Internet service providers;
hosting providers; 
By the end of the bidding process.
Marketing website
 
Art. 6 (1) (f), i.e.
Controller’s legitimate interest in acquiring and retaining clients.
IT services providers;
Internet service providers;
hosting providers; 
Until an objection is lodged.
Marketing – newsletter and phone contact
art. 6 (1) (f) of the GDPR,
i.e. legitimate interest in conducting own marketing activities in relation to being granted consent in accordance with Telecommunications Law and Act on Rendering Electronic Services.
IT services providers;
Internet service providers;
hosting providers;
Until an objection is lodged or a consent granted on the basis of Telecommunications Law and Act on Rendering Electronic Services
is withdrawn.
Marketing – maintaining company profiles on social media platforms
(Facebook and Linkedin).
Art. 6 (1) (f), i.e.
Collector’s legitimate interest in acquiring and retaining clients
IT services providers;
Internet service providers;
hosting providers;
Facebook Ltd.
LinkedIn
Until an objection is lodged.
Aiming at concluding and implementing a contract do (clients).art. 6 (1) (b) of the GDPR
taking necessary steps to conclude contracts with clients and suppliers
Law firms and legal advisors;For the duration of the contract period, its termination and until the expiry of the period for lodging potential claims
Contract performance
(contractor’s mployees).
art. 6 (1) (f) of the GDPR
Collector’s legitimate interest in coordinating
activities with the contractor.
IT services providers; Internet service providers;
hosting providers;
Law firms and legal advisors;
For the duration of the contract period, its termination and until the expiry of the period for lodging potential claims
Conducting recruitment
(employees and contractors)
art. 6 (1) (a) and (c)
of the GDPR, i.e.
within the provisions of the labor law
the Collector is obliged to
process a database of job candidates;
with regard to data beyond the catalog indicated in the provisions of the labor law, the legal basis of the processing of personal data is the candidate’s consent (art. 6 (1) point a GDPR)
IT services providers;
Internet service providers;
hosting providers; 
Until the end of recruitment process.
Conducting recruitment
(associates)
art. 6 (1) (b) of the
GDPR, i.e. the legal basis is aiming at concluding a contract with self-employed persons.
IT services providers;
Internet service providers;
hosting providers;
Until the end of recruitment process.
Accepting and processing a claim on the basis of GDPRArt. 6 (1) (c), i.e.
obligations arising from the GDPR to provide data subject with information on action taken regarding the claim
IT services providers;
Internet service providers;
hosting providers
– Law firms and legal advisors;
Until the limitation period has expired.
Maintaining statisticsArt. 6 (1) (f), i.e.
Collector’s legitimate interest in collecting
and using statistics in order to improve the scope of offered services.
IT services providers;
Internet service providers;
hosting providers;
Until an objection is lodged.

6. Data subjects’ rights

Each person whose data is processed has a number of rights pursuant to GDPR.

Right to request access to your own personal data.
Each person is entitled to obtain a confirmation from the controller whether the personal data being processed belong to them, and where this is the case, shall be entitled to obtain access to such data and a range of information.

We will provide the person with the first copy of the personal data being processed free of charge upon request. For any further copies, requested by the data subject, we may charge a reasonable fee based on administrative costs. Should you request a copy by electronic means and do not indicate otherwise, we will provide information in a commonly used electronic form.

Right to rectification
You have the right to request us to rectify without delay your personal data that is incorrect. You also have the right to demand completion of your incomplete personal data, including by submitting an additional declaration.

Right to erasure
You have the right to obtain from us the erasure of your personal data without undue delay and we are obliged to erase it without undue delay, where one of the following grounds applies:

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw your consent on which the processing is based and where there is no other legal ground for further processing;
  • You object to the processing and there are no overriding legitimate grounds for the processing;
  • Your personal data have been unlawfully processed;
  • Your personal data have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
  • Your personal data have been collected in relation to the offer of information society services.

Pursuant to GDPR, despite your request and the fulfillment of the above-mentioned prerequisites, your personal data may not be erased if their processing is necessary:

  • to exercise the right to freedom of expression and information;
  • to comply with a legal obligation which requires the processing under Union law or the law of a Member State to which the controller is subject, or for the performance of a task carried out in the public interest or subject to the exercise of public authority vested in the controller;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, insofar as the right to erasure is likely to render impossible or seriously impair the attainment of the objectives of that processing;
  • for the establishment, exercise or defence of legal claims.

Right to restriction of processing
You have the right to obtain from the controller restriction of processing where one of the following applies:

  • you contest the accuracy of the personal data – for a period enabling the controller to verify the accuracy of these data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing but you require them for the establishment, exercise or defence of legal claims;
  • you object to processing – pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to object
You have the right to object – on grounds relating to your particular situation – to the processing based on the collector’s legitimate interest or the processing is necessary for the performance of a task carried out in the public interest or subject to the exercise of public authority vested in the controller; including profiling based on these provisions.

In the event of an objection, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Right to data portability
You have the right to receive your personal data which you provided to us, in a structured, commonly used and machine-readable format, or have the right to transmit those data to another controller without hindrance from us provided that:

  • the processing is based on consent or on a contract and
  • the processing is carried out by automated means.

In exercising the right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Pursuant to GDPR, the exercise of your rights shall not adversely affect the rights and freedoms of others.

Right of withdrawal

If your data are processed on the basis of consent, you have the right to withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.

If you withdraw your consent, we have the right to process your data where this is necessary:

  • to exercise the right to freedom of expression and information;
  • to comply with a legal obligation which requires the processing under Union law or the law of a Member State to which the controller is subject, or for the performance of a task carried out in the public interest or subject to the exercise of public authority vested in the controller;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, insofar as the right to erasure is likely to render impossible or seriously impair the attainment of the objectives of that processing;
  • for the establishment, exercise or defence of legal claims.

You have the right to lodge a complaint with the President of the Personal Data Protection Office. As the President of the Personal Data Protection Office points out, due to the fact that the President of the Office is the authority controlling the application of data protection rules by the controller, the complainant should first contact the controller to exercise his/her rights.

Direct link the website of the Office for Personal Data Protection for lodging a complaint: https://uodo.gov.pl/pl/p/skargi

7. Security of website use

We would like to inform you that DAPR sp. z o.o. applies appropriate technical and organizational measures aimed at providing people using our websites and submitting their personal data via contact form with maximum level of protection.

In order to guarantee the highest level of security of website use our websites are protected by SSL code.

The website may contain hyperlinks to other websites or other media (radio, television, press, 3D advertising, etc.). Therefore the Controller, apart from websites administered by the controller, is not responsible for privacy policies that apply on these websites or in media. The Controller shall not be held liable for the availability of any services or goods made available via websites or other media, links to which may be provided on the website.

The Controller shall also not be held liable for any damages arising or which may arise from in connection with the use of such websites or media.

8. Cookies

When using our websites cookies are processed. We use cookies for the following purposes:

  • maintaining and correct operation of website services
  • keeping statistics of users visiting website

You may configure your browser to receive information regarding the use of cookies and to be able to decide whether to accept or reject cookies in certain cases or not at all. In case you do not accept the use of certain cookies, the functionality of our website may not be displayed correctly.

Below you will find instructions for configuration of each browser
Internet Explorer
Microsoft Edge
Mozilla Firefox
Chrome
Opera
Safari

9. Final provisions

The use of the Controller’s websites and providing your personal data in the forms is completely voluntary. In some cases, providing data may be necessary for a specific purpose.

DAPR sp. z o.o. reserves the right to change the Policy at any time due to the scope of services offered and for adaptation of the amended law. In all cases, as far as possible, we will try to inform you on updates to the Policy prior to its implementation.

This Privacy Policy was last updated on August 17, 2021.