Privacy policy

General information

We respect the right to privacy of people whose personal data we store, in particular using appropriate technological solutions and legislative measures that prevent unauthorized entities from intruding on their privacy.

The Policy contains information about what you can expect when we contact you or you contact us or use one of our services or services from our Partners.

By reading the following content you will learn about:

  • why do we process your personal data
  • why do we do it
  • whether the provision of data is mandatory
  • how long do we have to store data
  • are there other recipients of your personal data
  • what rights do you have

Our activities related to storing and processing of all data aim to guarantee you a sense of complete security and lawful processing at a level appropriate to the data protection law applicable in EU, including Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – called GDPR.

Please be advised that our websites may also include external links which unable direct access to other websites, or when using our services, you may place cookies files in the User’s end device in order to enable you to take advantage of integrated functions (for instance: Facebook, LinkedIn, YouTube). Each of the suppliers defines the rules of using cookies in their privacy policy, therefore we have no influence on the privacy policy of the providers and their use of Cookies.

Personal Data Controller

The entity deciding on the purposes and methods of using your personal data (meaning their controller according to GDPR) is Mindbox S.A. from Warsaw (Poland).

You can contact us via:

  • phone +48 508 428 497
  • e-mail info@mindboxgroup.com
  • mail: ul. Złota 59, 00-120 Warsaw, Poland
  • contact form available at www.mindboxgroup.com

Data Protection Officer

Considering the security and transparency of the processing of personal data and the need for their constant control, we have appointed a Data Protection Officer (DPO).

With the appointed DPO you can contact by using iod@mindboxgroup.com or via our postal address (with notation “Data Protection Officer”)

Security

We conscientiously approach the protection of data concerning you and constantly develop our systems and security processes. The security measures we use include:

  • limited physical access to our buildings and user access to our systems – only for those who are entitled
  • control mechanisms such as firewall, user verification, strong data encryption and separation of roles, systems and data
  • proactive monitoring

We also use the highest standards in the industry to support the maintenance of a solid information security management system.

What data do we process?

We collect or process data only to the extent necessary to achieve the purposes for which they are used.

The scope of data will vary depending on the purpose of the processing. Most of the personal data processed by us is passed directly to us due to one of the following reasons:

  • You are our contractor or employee
  • You are involved in recruitment processes managed by us
  • You are our Client, or your data has been provided to us by your employer or partner
  • We service as the processor of the Client who is the controller of your data and these data have been made available to us in the scope binding us with the client
  • We obtained it directly from you or from a third party authorized to provide us with your information
  • You have filed a complaint or inquiry or You have asked us for information
  • You took part in the event organized by us
  • You represent your organization
  • You use one of our services

The basis for the processing

In any case, when we process your personal data, we must have so-called “Legal basis”. The legal bases result directly from the law (article 9, article 9 of the GDPR), below are those on which we most often rely:

  • Consent: You have indicated to us that you agree to the processing of your data for a specific purpose e.g. to receive marketing messages
  • Legitimate interests: only if processing is necessary for us to conduct our business and it does not interfere with the right to respect your privacy e.g. to verify the quality of our products or services, ensure security in our offices, etc.
  • Performance of the contract: we need to process your personal data in order to be able to provide you with one of our products or services or You are a party to the contract concluded with us
  • Legal claims: when data processing is necessary to establish, enforce or defend legal claims
  • Legal obligation: when we are obliged under law to process your personal data e.g. if you are our employee, we are obliged to process your data in accordance with labor law

How we use your personal data?

We use the data only for the purpose for which they may be processed in accordance with the law.

There are many ways and possibilities to use personal data regarding you, depending on how you interact with us. For example, if you do not provide us with your details, we will not be able to contact you in this way, if you do not provide us with your contact details, address of the company you work in, or represent when negotiating or purchasing one of our products or services, we will not be able to sell you this product or service.

We use personal data also for marketing or sales activities, e.g. by sending electronic communications (e-mails) containing sales or marketing information, including through paid advertising campaigns carried out in cooperation with external service providers such as Facebook, X (Twitter), LinkedIn, YouTube, Instagram, or Google (e.g., Google Ads, Google Analytics). The collected data may also be used to organize lead generation campaigns (a process of attracting people’s interest in a product or service, leading to the acquisition of data enabling contact).

Who might we share your personal information with?

In addition to us, access to data may have a number of entities. They may be service providers with whom we cooperate, and who help us in delivering products and services that you expect from us or support us in your business. These entities process personal data on our behalf and must meet high security standards. We only share information that allows them to provide us services or facilitate their provision to You.

In some circumstances, we may also be legally obliged to disclose information about you – for example, by court order, law or public authority decision. In any case, we make sure that we have a legal basis to share information about you and document our decisions.

International transfers of personal data

In the scope of achieving the processing purposes described in this policy, we may transfer your personal information to our suppliers, partners or service providers located outside the European Economic Area (EEA). In any case, if your data can be found outside the EEA, we will inform you about it.

At the same time taking care of the security of your data we strictly follow the rules of their transfer resulting directly from the GDPR and provide data only where the degree of security is guaranteed in accordance with the decisions of the European Commission or guarantees respect for privacy principles and effective legal protection measures are in force.

How long we keep your personal data?

We store data only for the period necessary to achieve the purposes in relation to which they are processed, strictly specified in this privacy policy, other regulations or contracts and in accordance with the law (GDPR) and relevant provisions. We never store personal data longer than necessary. In most cases, the storage period ends after 6 years from the end of cooperation with us due to the limitation periods for certain claims.

Is there an obligation to provide personal data?

As a rule, providing your personal data is completely voluntary, however, it may be necessary for the implementation of specific services or your requests, e.g. in terms of contact, conclusion of a contract, execution of your processing rights, etc. Providing data may also be necessary due to the applicable law.

Your rights

In accordance with the provisions of the law on the protection of personal data, you have specific rights depending on the basis for processing your data.

Right to access personal data

You have the right to know if and how we use or store your personal data – the so-called right to access personal data. By using this right, you can also ask us for a copy of your data.

Right to correct personal data

You may question the accuracy of the data we process and ask us to correct it. This is the so-called “right to correct personal data”. If your data is incomplete, you can also ask us to complete it, e.g. by adding new information.

Right to erasure

You can ask us to delete your data and in some circumstances we must do so. This entitlement is also known as so-called “The right to erasure”. This right is not absolute and applies, among others in the following circumstances when:

  • We do not require your data anymore
  • You initially agreed to the processing, but now you have withdrawn it
  • You opposed the use of your data
  • We processed your data unlawfully

We may deny you the right to “erasure” in the following circumstances:

  • when we are legally obliged to store your data
  • data storage is necessary to establish, enforce or defend legal claims

Right to restrict use of your data

You have the authority to limit the way we use your data, especially if you are concerned about the accuracy of the data or how it is used. If necessary, you can also submit a request to delete certain information about you. This right is closely related to your rights to question the accuracy of your data and the ability to object to their use.

The right to export the data

You have a right to gain the access to your personal data in a version which can be open on the computer, e.g. csv file. You can also ask the company for sending your personal data to the other economic subject. We can do this only if, as it was said in GDPR, it will be technically possible. It concerns only the information given for us on your own and the export goes in electronic format.

The right to withdraw the consent

If the processing of personal data is based on the sign consent, you can withdraw the permission at any moment. However, it doesn’t involve the data processed earlier.

The right to make a complaint to supervisory authority

The processing of personal data in our company covers the highest standards of security.

If you have some questions or doubts, please contact with us and we answer.

If you still be unpleased by the given answer or the execution of your privileges, you can make a complaint to supervisory authority (in Poland to the President of the Personal Data Protection Office).

The execution of your rights

You can ask for the execution of your privileges in a written or oral form. If your request will be in oral for, we advise you to send us also a written form or e-mail message to provide us with the correspondence trace. The correspondence gives us a clear evidence of your action and helps with answering according to your expectations as soon as possible.

The execution of your rights is free of charges and we answer no longer that a month after the request. In case of possible delays, you will be informed immediately.

If you want to ask about data processing, contact us via:

  • phone +48 508 428 497
  • e-mail info@mindboxgroup.com
  • mail: ul. Złota 59, 00-120 Warsaw, Poland
  • contact form available at www.mindboxgroup.com

Cookies files

Our website may use the cookies files, which are the IT data, especially text files, which are stored on the Data Terminal Equipment (DTE). In general, cookie files contain the www address of the page from which they came from, the time of storing in DTE and the unique number.

The usage

The cookies files are used to:

  • provide service;
  • make browsing the website in an easy way;
  • identify the device, on which the files were already downloaded, in case of reconnecting with the website;
  • create the statistics, which help in understanding how the users browse the website or what can make the structure and content of the website better;
  • adjust the content of website to the specific preferences and optimize browsing the web pages, all adjusted to the individual needs of users;
  • exchange information with our business partners in order to broker in supplying their services while using the website.

The types of cookies files

We can use the following types of the cookie files on our website:

  • “sessional”- they are stored on the DTE till the user leaves the page or closes the browser;
  • “permanent”- they are stored on users DTE for the time which is determined in their parameters or to the deleting them by the user;
  • “performance testing”- they record the information how the web pages are used;
  • “functional”- they make possible to remember settings chosen by the user and the personalization of the interface;
  • “internal”- provided by the website;
  • “external”- sourced on the other site than our website.

The website settings management

The software to browse the website, i.e. web browser, usually by default allows storing the cookies files on DTE. You can change those settings.