Home page Privacy Policy

Privacy Policy

1. Data Controller

The controller of personal data is INNSOFT Sp. z o.o., with its registered office in Warsaw (04-203) at ul. Murmańska 25, entered into the National Court Register under number 0000024387, NIP: 5210324183, REGON: 001317779, contact e-mail: daneosobowe@innsot.pl (hereinafter: the Controller).
For matters related to the processing of personal data, you may contact us at:
e-mail: daneosobowe@innsot.pl

2. Contact Form

The Administrator processes data provided in the contact form, such as:

  • full name,
  • email address,
  • phone number (if provided),
  • message content,
  • IP address.

Purpose of processing:

  • responding to inquiries,
  • managing correspondence,
  • taking steps prior to entering into a contract.

Legal basis:

  • Art. 6(1)(b) GDPR,
  • Art. 6(1)(f) GDPR.

Data is stored for the duration of the correspondence and then for the period necessary to establish, pursue, or defend against claims.

3. Recruitment

Application documents are sent directly to the Administrator’s email address.
Data contained in CVs is processed:

  • for the purpose of conducting current recruitment,
  • if separate consent is given – also for the purpose of future recruitments.

Legal basis:

  • Art. 6(1)(c) GDPR (data required by law),
  • Art. 6(1)(a) GDPR (consent – additional data and future recruitments)bnej zgody – również w celu przyszłych rekrutacji.

Storage period:

  • current recruitment – until the end of the recruitment process, and then for a period not longer than 12 months for the purpose of defending against potential claims,
  • future recruitments – 12 months or until consent is withdrawn.

4. Client Zone (service request system)

As part of contract fulfillment, the Administrator provides access to a service request system (Redmine).

Processed data may include:

  • user’s full name,
  • business email address,
  • data of the represented organization,
  • the content of submissions and all communication related to their handling, including correspondence, comments, the history of the submission, and other information provided during its processing,
  • technical data (IP address, session identifiers, system logs).

Purpose of processing:

  • contract performance,
  • handling requests,
  • ensuring IT system security,
  • pursuing and defending claims.

Legal basis:

  • Art. 6(1)(b) GDPR,
  • Art. 6(1)(f) GDPR.

Data related to the performance of the contract is stored for the duration of the contract, and after its termination for the period necessary to:

  • establish, pursue, or defend against claims,
  • fulfill legal obligations,
  • ensure business continuity and the maintenance and development of IT services, including for analytical and statistical purposes – these analyses are conducted solely on the basis of technical data and do not include the content of submissions or clients’ business data.

The retention period may be extended accordingly if justified by the stated purposes.

System logs and technical data processed for security purposes are stored for up to 12 months, unless further retention is necessary due to an ongoing investigation or a legal obligation.

5. Cookies

The website uses cookies to:

  • ensure proper website operation,
  • maintain user session in the Client Zone,
  • conduct basic statistics (if analytical tools are used).

The user can change cookie settings in their web browser at any time.

6. Social Media

The website contains links to the Administrator’s profiles on LinkedIn, YouTube, and Facebook.
Clicking an icon redirects to an external service. The Administrator does not transfer users’ personal data to these entities directly through the mere use of the website. Data processing principles are defined by the separate privacy policies of these services.

7. Data Recipients

Personal data may be transferred to entities supporting the Administrator in the scope of:

  • hosting and IT infrastructure maintenance,
  • email service,
  • technical support,
  • accounting and legal services.

Data is transferred only to the extent necessary to achieve the indicated purposes.

8. Transfer of Data Outside the EEA

As a rule, personal data is not transferred outside the European Economic Area.
When using providers outside the EEA, data is transferred with appropriate safeguards, in particular standard contractual clauses.

9. Rights of Data Subjects

The data subject has the right to:

  • access data,
  • rectify data,
  • erase data,
  • restrict processing,
  • object to processing,
  • data portability (to the extent provided by law),
  • withdraw consent at any time,
  • lodge a complaint with the President of the Personal Data Protection Office.

10. Voluntariness of Data Provision

Providing data is voluntary, but in some cases it may be necessary for:

  • responding to an inquiry,
  • participation in recruitment,
  • contract performance and access to the Client Zone.

11. Changes to the Privacy Policy

The Administrator may update this Privacy Policy. The current version of the document is available on the website.