Privacy Policy
ITMAGINATION Sp. z o.o.

This Privacy Policy determines the terms and conditions of using the Website, the cookies and other tracking technologies policy and terms and conditions of Personal data Processing and protection. We kindly ask you to read this Privacy Policy carefully.

I. GENERAL PROVISIONS

1. This Privacy Policy sets out the rules for the processing and protection of personal data provided by the Users, as well as cookies, via the website https://www.itmagination.com/ and social media platforms, on which the Controller has its profiles.

2. The Controller of Personal data is ITMAGINATION Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, Prosta 32, 00-838 Warsaw, entered in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Department of the National Court Register, KRS No. 0000315903, NIP [Tax Identification Number] 5272587128, REGON [statistical number] 141608169, with the share capital of PLN 2.000.000.

3. The Controller informs that it has appointed a Data Protection Officer. The Data Protection Officer can be contacted at the e-mail address: privacy@itmagination.com. The Data Protection Officer can be contacted on all matters concerning the processing of personal data and the exercise of rights related to the processing of personal data.

4. The Controller reserves the right to change this Privacy Policy at any time, and the User should be familiar with its current content.

II. DEFINITIONS

1. Privacy Policy – this privacy policy;

2. The Controller - natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal data;

3. Personal data - any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

4. Processing - any operation or set of operations which is performed on personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

5. The User – any natural person who uses the Website or social media profiles of the Controller

6. The Website – the web page available on https://www.itmagination.com/

7. The Form – one of the forms available on the Website enabling the User to contact the Controller, sign up for the Newsletter or recommend someone for job openings of the Controller.

8. The Newsletter – free service provided by the Controller to the User by sending e-mail messages, in which the Controller informs about its services, products and events relevant to the Controller’s operations.

9. Social media – websites and applications that enable users to create and share content or to participate in social networking.

10. Cookies – small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.

11. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general Data Protection Regulation), pursuant to which the Controller processes Users' Personal data.

III. PROCESSING OF PERSONAL DATA

The Personal data is processed for the following purposes and on the following basis:

1. Correspondence with the User, including answering inquiries and presenting offers, at the request of the User – on the basis of Article 6(1)(b) of the GDPR – performing a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract;

2. Documenting contracts made with Users, who contacted the Controller – on the basis of Article 6(1)(f) of the GDPR - the legitimate interest of the Controller;

3. Performance of concluded contracts – on the basis of Article 6(1)(b) of the GDPR – performing a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract;

4. Receiving letters, notifications and requests in electronic form, e.g. complaints and other requests – on the basis of Article 6(1)(f) of the GDPR - the legitimate interest of the Controller;

5. Receiving recommendations and concluding agreements in connection with the referral – on the basis of Article 6(1)(b) of GDPR – performing a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract; and on the basis of Article 6(1)(f) of the GDPR - the legitimate interest of the Controller;

6. Making arrangements for meetings, calls and videoconferences – on the basis of Article 6(1)(b) of the GDPR – performing a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract;

7. Pursuing claims or defending against claims, in accordance with generally applicable provisions of law – on the basis of Article 6(1)(f) of the GDPR - the legitimate interest of the Controller;

8. Fulfilling obligations in accordance with applicable provisions of law – on the basis of Article 6(1)(c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject;

9. Creation of registers required by GDPR or other applicable provisions of law – on the basis of Article 6(1)(c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject;

10. Marketing of Controller’s products and services, including in particular sending marketing information in the form of the Newsletter and analyzing whether the User has read its content and what content the User is most interested in – on the basis of  Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of his or her Personal data for one or more specific purposes; and on the basis of Article 6(1)(f) of the GDPR - the legitimate interest of the Controller;

11. Analytical purposes, including the analysis of Personal data collected automatically when using the Website, such as cookies – on the basis of Article 6(1)(f) of the GDPR - the legitimate interest of the Controller;

12. Managing the Website and the Administrator's profiles on social media platforms – on the basis of Article 6(1)(f) of the GDPR - the legitimate interest of the Controller;

13. Providing information on the social media platforms and interacting with its Users via comments, messages etc. – on the basis of Article 6(1)(f) of the GDPR - the legitimate interest of the Controller;

14. If the User consents to receiving marketing communications to his/her e-mail address and phone number, the legal basis will also be Art. 10 of the Act of July 18, 2002 on the provision of electronic services and art. 172 of the Act of July 16, 2004 - Telecommunications Law.

IV. COLLECTING THE PERSONAL DATA

1. The Controller processes Personal data of Users which have been provided by them via the Forms or during e-mail correspondence and the data which has been collected automatically with the use of cookies or server logs. Other than that, the Controller obtains Personal data of Users of social media platforms on which it has its profiles, when the User interacts with those profiles.

2. Providing Personal data is voluntary, but failure to provide them will result in the inability to perform actions on the Controller’s Website, in particular sending an inquiry via the Contact Form, subscribing to the Newsletter or sending a recommendation for job openings of the Controller.

V. RIGHTS OF THE USERS (DATA SUBJECTS)

The GDPR grants the Users (data subjects) the following rights related to processing of personal data:

1. the right to access their Personal data and receive a copy thereof,

2. the right to rectify (correct) their Personal data,

3. the right to delete their Personal data - if in their opinion there are no grounds for us to process your data, the User has the right to request their deletion,

4. the right to limit Personal data processing – the User can request that the Controller limits the processing of data only to their storage or performance of activities agreed with the User, if in his/her opinion the Controller has incorrect data or processes it unreasonably,

5. the right to object to the Processing of Personal data – the User has the right to object to the Processing of Personal data on the basis of a legitimate interest; in this case the User should indicate a specific situation that, in his/her opinion, justifies the termination of the processing covered by the objection. The Controller will not continue Processing the Personal data for these purposes unless he proves that the grounds for Personal data Processing override the User’s rights or that the User’s Personal data is necessary for the Controller to establish, assert or defend against claims,

6. the right to transfer Personal data – the User has the right to receive from the Controller, in a structured, commonly used, machine-readable format, Personal data provided to the Controller on the basis of a contract or consent; the User can order the Controller to send this Personal data directly to another entity,

7. the right to lodge a complaint to the supervisory body - if the User finds that the Controller is processing Personal data unlawfully, the User may submit a complaint to the President of the Personal Data Protection Office or another competent supervisory authority.

The rules related to the implementation of the above-mentioned rights are described in detail in Art. 16 - 21 GDPR. The above-mentioned rights are not absolute and will not apply to all processing of the Users’ data.

VI. WITHDRAWAL OF CONSENT

1. If the User processes Personal data on the basis of consent, such consent may be withdrawn at any time, which will result in deletion of Personal data that are not processes on another basis and the cessation of activities related to the consent.

2. The Controller retains the data that might be necessary in order to defend against possible claims for a period consistent with the relevant provisions on limitation periods for claims, especially provisions of Polish Civil Code, and in order to fulfill obligations imposed on the Controller by applicable provisions of law.

VII. TRANSFER TO THIRD COUNTRIES

Personal data covered by the Privacy Policy, especially in terms of the Controller’s social media profiles, the Newsletter and setting up appointments through the Contact Form, may be transferred to third countries by co-controllers or processors. Each time the Controller cooperates with another entity in Processing of Personal data, this entity is carefully checked in terms of compliance with GDPR.

1. Contact Form

Personal data of persons contacting the Controller via the Contact Form may be transferred outside the European Economic Area, in particular when using the Hubspot and Calendly applications. Processors, i.e. Hubspot, Inc. and Calendly LLC guarantee an adequate level of Personal data protection, compliant with the GDPR, especially by using Standard Contractual Clauses adopted by the European Commission Decision 2021/914 on standard contractual clauses for the transfer of Personal data to third countries.

2. E-mail correspondence

Personal data of persons who have contacted the Controller by e-mail may be transferred outside the European Economic Area. In this case, the Personal data is adequately protected - Microsoft Corporation guarantees compliance with EU provisions on the protection of Personal data, in particular the GDPR. The processor uses Standard Contractual Clauses adopted by the European Commission Decision 2021/914 on standard contractual clauses for the transfer of Personal data to third countries.

3. Newsletter

Personal data of persons who have subscribed to the Newsletter via the Controller's Website may also be transferred outside the European Economic Area. In this case, the Personal data is adequately protected – Hubspot, Inc. and Microsoft Corporation (entities that may transfer Personal data outside the EEA) guarantee compliance with EU provisions on the protection of Personal data, in particular the GDPR. Processors also use Standard Contractual Clauses adopted by the European Commission Decision 2021/914 on standard contractual clauses for the transfer of personal data to third countries.

4. Social media

Personal data of persons who liked the Administrator's profile on social media or interacted with them may be transferred outside the European Economic Area via the platforms facebook.com, instagram.com, twitter.com, youtube.com, linkedin.com, medium. com, behance.com, dribbble.com. Meta Platforms Ireland Limited, Twitter, Inc., Linkedin Ireland Unlimited Company and Adobe Systems Software Ireland Limited guarantee compliance with the GDPR, including by using Standard Contractual Clauses in contracts with processors. According to the documents provided by Google Ireland Limited and Dribble Holdings Ltd., these entities comply with the provisions of the GDPR to the full extent. Medium Corporation, on the other hand, guarantees partial compliance with the GDPR – the Controller limited Personal data processing on this platform (data minimization), which allows to increase the security of Users' Personal data.

Detailed information available on the Processing of Personal data in cooperation with the above-mentioned platforms are included in the content of the privacy policy of each of the providers of these services, available on their websites:

VIII. DATA STORAGE PERIODS

Personal data, to which the Privacy Policy relates, is stored:

  • until the expiry of the limitation periods for claims arising from specific relationships between the parties, no longer than 6 years from the end of cooperation or settlement of the matter being the subject of contact;
  • for the duration of the talks and negotiations preceding the conclusion of the contract or the its performance;
  • for the period required by law, including tax law - in relation to Personal data related to the fulfillment of obligations resulting from applicable provisions,
  • until the objection submitted pursuant to Art. 21 GDPR - in relation to Personal data processed on the basis of the legitimate interest of the Controller, including for purposes of direct marketing,
  • Until the consent is withdrawn or the purpose of processing or business purpose is achieved – in relation to Personal data processed on the basis of consent, subject to other provisions of the Privacy Policy;
  • Until the Personal data lose their usefulness – in relation to data processed for analytical and statistical purposes, use of cookies and administration of social media profiles, not longer than 3 years from their collection;

The Personal data storage periods indicated in years are counted at the end of each year in which the data processing began.

IX. SOCIAL MEDIA

1. In its operations the Controller uses social media platforms listed in section VII.4.

2. The Controller processes the Personal data connected to its profiles on social media. For each of the platforms the co-controller is the operator of that platform (social media provider).

3. The Controller has access to the User's Personal data made available on social media platforms, on which he possesses his profiles. User's rights are described in this Privacy Policy.

X. RECIPIENTS OF PERSONAL DATA

Personal data will be transferred to providers of legal, auditing, accounting, postal services, couriers, banks, as well as IT service providers, including entities based in countries outside the EEA, for which the European Commission has found an adequate level of protection, or with which contracts were concluded according to Standard Contractual Clauses adopted by the European Commission.

XI. TECHNICAL REQUIREMENTS

To use the Website, you need Internet access and Microsoft Edge, Google Chrome, Mozilla Firefox, Safari or any other browser compatible with the Website. To subscribe to the Newsletter or contact the Controller via the Contact Form, you need an active e-mail account.

XII. COOKIES AND OTHER TRACKING TECHNOLOGIES

The Website uses two types of cookies, i.e. persistent and session cookies. Persistent cookies are stored by the browser and remain there for a period determined in their parameters or until they are removed by the User, whereas session cookies are saved until the browser is closed by the User.

During the first visit to the Website, the information about the use of cookies is shown to the User along with a question about consent to the use of these files. The User can always change cookie settings from your browser or delete cookies altogether.

Please be informed that browsers manage cookie settings in various ways. In the auxiliary menu of the web browser you will find explanations on how to change cookie settings. Please remember that disabling or limiting the use of cookies may cause difficulties in using our website, as well as many other websites that use cookies.

1. The Controller’s cookies

The Controller uses its own cookies to ensure the proper functioning of the Website. The Controller’s own cookies also store information about the User’s consent to the use of cookies and information about cookie settings defined by you on the Website.

2. Third Party Cookies

The Website functions provided by third parties, which involves the use of cookies from third parties. The use of such cookies is described below.

a) Google Functionalities

The Website uses Google Analytics and Tag Manager, tools provided by Google Ireland Limited.

When visiting the Controller’s Website, a Google cookie remarketing file is automatically left on the User’s device, which with the help of a pseudonymous identifier (ID) and based on the pages you visit allows you to display interest-based advertising.

Further processing of the information takes place only if the User has given consent to Google to link the User’s browsing history and application use to his/her account and to use the information from the User’s Google account to personalize the advertisements displayed on websites. If in this case the User will be logged in when visiting the Website on Google, Google will use the User’s Personal data together with Google Analytics data to create and define lists of target groups for remarketing purposes on various devices. For this purpose, Google combines the temporarily collected information with Google Analytics data to create target groups.

Google Tag Manager is used to manage website tags via an interface. The use of Google Tag Manager does not involve the storage of cookies or the collection of Personal data. This tool enables the use of other tags that may collect Personal data under certain circumstances. Google Tag Manager does not use this Personal data. If the saving option has been deactivated at the domain or cookie level, this will apply to all tracking tags implemented via Google Tag Manager.

If you would like to learn more about the Personal data Processing as part of Google Analytics, please familiarize yourself with the information about the tool available here: https://support.google.com/analytics#topic=3544906

b) Social Media Pixels

On the Controller’s Website, there are social media pixels available, including Facebook pixel, LinkedIn pixel, Youtube pixel, Twitter pixel, Dribbble pixel, Behance pixel and Medium pixel.

After clicking on the pixel, the User is sent to the social media platform to the Controller’s page. The User can interact with the content shared, e.g. by liking or sharing it.

In order to analyze the generated traffic and conversion on the Website, the Controller has implemented pixels as part of the Website, which automatically collect information about the User’s use of the Website in terms of pages viewed.

The information collected as part of pixels is anonymous, i.e. it does not allow us to identify the User. The Controller only knows what activity the User has taken on the Controller’s Website. The Controller can also check the User’s age range, gender, where the User is connecting to the Internet. Tools such as Facebook Insights may also provide us with more information about you, but this is never information that would allow us to identify you.

However, we would like to inform you that social media platforms may combine the collected information with other information collected about you as part of the User’s use of Facebook and use it for its own purposes, including marketing.

c) Content from external websites

The Controller embed content from external websites on the Website, in particular videos from YouTube. Therefore, Google Ireland Limited cookies related to the YouTube service, including DoubleClick cookies, are used.

By playing a video or viewing other embedded material, Google receives information about it, even if the User does not have a profile with the given service provider or is not logged in. Such information (along with the User’s IP address) is sent by the browser directly to the server of a given service provider.

If the User is logged in to the website of a given service provider, this service provider will be able to directly assign a visit to the Website to the User’s profile on a given social network. The purpose and scope of Personal data collection and their further processing and use by service providers, as well as the possibility of contact and the User’s rights in this regard and the possibility of making settings to protect the User’s privacy are described in the privacy policy of individual service providers.

If the User does not want the service providers to assign the Personal data collected during video playback or reading other content on the Website directly to the User’s profile on a given website, the User must log out of this website before visiting the Website. You can also completely prevent the plug-ins from being loaded on the website by using appropriate extensions for the User’s browser, e.g. blocking scripts.

YouTube-related cookies are not loaded until the video is played, so if you do not want this to happen, please refrain from watching the video.

d) Social media tools

The Website uses plugins and other social tools provided by social media sites.

By displaying the Website containing such a plug-in, the User’s browser will establish a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by the given service provider directly to the User’s browser and integrated with the website. Thanks to this integration, service providers receive information that the User’s browser has displayed the Website, even if the User does not have a profile with a given service provider or is not currently logged in with him. Such information (along with the User’s IP address) is sent by the User’s browser directly to the server of a given service provider (some servers are located in the USA) and stored there.

If the User is logged in to one of the social networking sites, this service provider will be able to directly assign a visit to the Website to the User’s profile on a given social networking site.

If you use a given plug-in, for example by clicking on the "Share" button, the relevant information will also be sent directly to the server of the given service provider and stored there.

In addition, this information will be published on a given social network and will appear to people added as the User’s contacts. The purpose and scope of Personal data collection and their further processing and use by service providers, as well as the possibility of contact and the User’s rights in this regard and the possibility of making settings to protect the User’s privacy are described in the privacy policy of individual service providers.

If the User does not want social networks to assign the data collected during the User’s visit to the Website directly to the User’s profile on a given website, the User must log out of this website before visiting the Website. You can also completely prevent the plug-ins from being loaded on the website by using appropriate extensions for the User’s browser, e.g. blocking scripts.

e) Server logs

Using the Website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.

Logs include IP address, server date and time, information about the web browser and operating system the User uses. Logs are saved and stored on the server. The Personal data stored in the server logs are not associated with specific people using the Website and are not used by us to identify the User.

The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.

Personal data, to which the Privacy Policy relates, is stored:

XIII. PROFILING

1. The User's Personal data will not be used for automated decision-making affecting the rights, obligations or freedoms of the User within the meaning of the GDPR.

2. The Website uses tracking technologies, such as cookies, with the use of which, the User’s Personal data may be profiled. This kind of profiling allows the Controller to personalize its offer, which is directed to the User. It does not, however, impact the legal situation of the User, and is only aimed at better matching content and advertisement to the User.

XIV. FINAL PROVISIONS

1. The application of the Privacy Policy shall be governed by Polish law.

2. Any matters not regulated by the Privacy Policy shall be governed by the relevant provisions of the binding law.

3. The Privacy Policy comes into effect on August 18th, 2022.

Let's talk about your project

Our Partners & Certifications
© 2024 ITMAGINATION, A Virtusa Company. All Rights Reserved.