Workai wins Nielsen Norman Group Intranet Design Annual 2023! 🏆

SEE CASE STUDY
BOOK A DEMO

Privacy Policy

Dear Sir or Madam,
This Privacy Policy will help you make informed and conscious decisions regarding the processing of your personal data in the course of the business conducted by Elastic Cloud Solutions sp. z o.o., located at ul. Zurawia 71 in Bialystok (15-540), please read it carefully.

Version 1.3, January 2023

Introduction

This document contains Our Privacy Policy, i.e. the principles we follow in the processing of personal data. This document also contains the content of the information obligations that must be presented to data subjects, i.e. you, in compliance with the law. Before going into details, we would like to highlight some of the key principles of personal data protection. These are important to Elastic Cloud Solutions Ltd. and we believe they are important to you as well.

The Privacy Policy pursues four key objectives, i.e.:

  1. to explain how the organization processes the information you provide to it, in order to better tailor its products and services to your expectations;
  2. to ensure that all information about the processing of your data, is presented in a clear and transparent manner;
  3. assuring you that the personal data processed by the organization is safe in relation to the risks that arise in its processing processes,
  4. ensuring transparency in your dealings with the organization’s representatives, so that the implementation of your right to privacy is always guaranteed.

All the information that is collected from you is related directly or indirectly to the organization’s activities, i.e. development, implementation, and administration of the software. We are the data controller of your personal data, which means that we decide on the purposes and means of its processing. In practice, it is important to remember that as a data controller, the organization is the entity responsible for your personal data. Regarding the implementation of any questions or concerns related to your personal data, please contact the Data Protection Officer at:

gdpr@workai.com

In general, all personal data in the organization is divided into processes in which it is processed based on the main purpose behind the processing and the category of data subjects.
 

These will be, in turn:

1. Recruitment

The personal data of job applicants is processed for the purpose of selecting the most suitable job candidates for specific positions, for current as well as future recruitment. Your personal data in this process is processed on the basis of your consent (to the extent of sensitive data that may be included in your application documents) or for the purpose of entering into a contract of employment or another civil law contract, as well as on the basis of labor laws. In addition, the legal basis for processing personal data in this process is also the legitimate purpose of the processing, i.e. statistical, reporting, and quality control activities. Providing personal data in this process on the basis of your consent is voluntary, however, failure to do so will hinder our ability to conduct the recruitment process efficiently. To the extent required by labor laws regarding recruitment, providing personal data is mandatory. In the recruitment process, if you are not selected and you consent to the processing of your personal data for future recruitment processes, your personal data will be stored for 2 years from your last response to the proposal for the subsequent recruitment. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the recruitment process (e.g. websites and job search agents), however, we point out that these entities remain under the constant supervision of the company and ensure at least the same level of security of personal data.

2. Employment

The personal data of employees and associates is processed to handle the process of hiring personnel and to provide support for the execution of civil law contracts handled in the other processes of personal data processing, as well as the security of persons and property. Your personal data in this process is processed on the basis of a provision of law in the field of sensitive data, when the processing is necessary for the purposes of preventive health or occupational medicine, to assess an employee’s fitness for work, to provide health care or social security, when the processing is necessary for the fulfillment of obligations and the exercise of specific rights by the company or you, in the field of labor law, social security and social protection, and when the processing is necessary to establish, assert or defend claims. In addition, your personal data may also be processed for the purpose of executing an employment contract or other civil law contract. Finally, your personal data is processed on the basis of the company’s legitimate purpose of the processing in the field of statistics, reporting, and quality control. The provision of personal data in this process is mandatory, and the consequence of failure to provide data may be the inability to establish cooperation. In the process of employment under an employment contract, your personal data will be retained for 10 years from the last activity on the personal data in connection with the employment (except for those employed before January 1, 2019 – then the period is 50 years). In the process of employment under civil law contracts, your personal data will be processed for 6 years from the last activity on the data. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the hiring process, however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data. In addition, your data may be shared with data recipients (e.g. cell phone operators), of which you will be informed by them.

3. Marketing

Personal data of potential customers (e.g., owners of sole proprietorships, partners of partnerships, and representatives of institutional customers) is processed for the purpose of responding to inquiries and for active marketing activities through selected communication channels.

Your personal data in this process is processed on the basis of your consent (marketing through selected communication channels) or for the purpose of concluding a contract in the case of inquiries addressed to the company, as well as for the purpose of its implementation in the framework of subscribing to the Newsletter. In addition, your data is processed on the basis of the legitimate purpose of the personal data controller when we recommend the company’s services in personal contacts or create marketing statistics and reports. Providing your personal data in this process is voluntary, but failure to do so will prevent us from responding to your inquiry or presenting our offer in a manner tailored to your individual needs. In the process, your personal data is kept for 3 years after you revoke your consent if you have given it. In other cases, also 3 years from the end of the newsletter service, i.e. from the last active activity on your personal data or submission of your inquiry after this period of time, your data (if we do not establish cooperation) will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the marketing process (e.g. mailing service providers), however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

4. Sales

The personal data of customers and customer representatives (in the case of contacts with institutional customers) is processed for the purpose of selling the services offered by the company in accordance with the scope of the offer and creating personalized offers. Your personal data in this process is processed for the purpose of concluding a contract or creating a personalized offer as well as on the basis of a legal provision, among others, in accordance with the Law of September 15, 2000 – the Commercial Companies Code. Finally, your personal data may be processed for legitimate purposes, i.e. to offer other products and services of the company in direct contact as well as for statistical, reporting, and quality control activities.

Providing personal data in this process is voluntary, however, the consequence of failure to provide data may be the inability to establish cooperation. In the sales process, your personal data will be stored for 6 years from the last activity on personal data in connection with the execution of the contract.

After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the sales process (e.g. organizers of events or conferences, our partners), however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

5. Customer service

The personal data of customers and customer representatives (in the case of providing services to institutional customers) is processed in order to provide efficient customer service in accordance with the best standards of the company. Your personal data in this process is processed for the purpose of executing the concluded contract, fulfilling the provisions of the law as well as for legitimate purposes, i.e. statistical activities regarding the quality of customer service. The provision of personal data in this process is voluntary (except when required by law), but the consequence of failure to provide data may be a reduction in the quality of cooperation or, in extreme cases, the inability to perform the contract. In the process of customer service, your personal data will be stored for 6 years from the last activity on personal data in connection with the execution of the contract. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the customer service process (e.g. customer service software providers), however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

6. Complaints

The personal data of those who file complaints is processed for the purpose of handling them and ensuring the high quality of services provided by the company. Your personal data is processed for the purpose of fulfilling the contract and on the basis of the legal provision on warranty for defects, as well as on the basis of the legitimate purpose of the processing of the data controller, i.e. successive improvement of the quality of services provided. The provision of personal data in this process is voluntary, however, the consequence of failure to provide data may be the inability to identify the services under which the complaint is made.

In the process of complaints, your personal data will be stored for 6 years from the last activity on personal data in connection with the processing of complaints. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the complaint process (e.g. industry technical experts), however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

7. Accounting

The personal data of customers and customer representatives (in the case of providing services to institutional customers) is processed for the purpose of processing all settlements with customers, and suppliers, as well as ensuring the company’s compliance with tax laws. Your personal data in this process is processed on the basis of a legal provision in the scope of regulations arising from, among others, the Accounting Act of September 29, 1994, and the Value Added Tax Act of March 11, 2004.
 In addition, the legal basis for the processing of your personal data is the performance of the contract that was concluded as well as the legitimate purpose of the processing of the data controller, i.e. the analysis of statistical data and the preparation of accounting balances. The provision of personal data in this process is mandatory, and the consequence of failure to provide data may be the inability to properly account for services. In the accounting process, your data will be processed for a period of 6 years from the last activity with the data in connection with the settlement of accounting documents. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the accounting process, however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data. In addition, your data may be shared with recipients of data (e.g. tax authorities or auditors), of which you will be informed by them when contacted.

8. Access control

Personal data is also processed to ensure the security of persons and property residing at our location. Your personal data in this process is processed on the basis of the legitimate purpose of the processing, which is the aforementioned protection. In the process, we store your personal data for a period of 3 months to 2 years after archiving it, depending on the access control point, i.e., for example, capturing your image on video surveillance or in the computer system. Providing personal data in this process is also voluntary, but failure to do so will prevent you from entering the protected area or gaining access to the system. Your personal data in this process may be entrusted to external entities involved in the access control process, however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

9. Purchasing

The personal data of representatives of our contractors, i.e. both sole proprietors, partnerships, and representatives of legal entities, is processed for the purpose of fulfilling contractual obligations. Your personal data in this process is processed on the basis of the contract (even if it has not been recorded in writing), in order to fulfill our obligations under the law (mainly tax law) and for the legitimate purpose of the processing, which is the execution of the contract with the contractor (usually your employer). In the process, we keep your personal data for a period of 6 years after they are archived, i.e. after the last activity in connection with the execution of the contract with the contractor. The provision of personal data is voluntary, but failure to do so will prevent us from executing the contract with the contractor. Your data may have been provided by a contractor (e.g. your employer). Your personal data in this process may be entrusted to external entities involved in the process, however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

Your rights

We would like to emphasize that we guarantee each person whose data we process the possibility of exercising the following rights:

  • the right to access the content of your data – you can request a description of the processing specifically of your personal data and access to any personal data collected about you.
     However, we point out that excessive use of this right will hinder the work of the organization, so please be prudent in exercising this right,
  • the right to rectification of data – we make every effort to always process the most up-to-date data about you, however, if you find that the data we process has become inaccurate you can always request its rectification,
  • the right to erasure – if you find that you no longer want the organization to process your personal data you can always request that your data be deleted. However, we point out that this right will not be able to be exercised in every case, as some of the data must be retained by the organization due to binding legal regulations,
  • the right to limit processing – if you find that the data that is processed by the organization for some reason should not be deleted after the aforementioned periods of time (data retention), you can request its continued storage,
  • the right to data portability – if it turns out that your personal data will be processed in computer systems then you can request their transfer to another service provider or directly to you. I would like to point out, however, that this entitlement applies only to the data that you have provided yourself,
  • the right to object – you can always object to the processing of specific personal data for a specific purpose. In any such case, the objection will be considered and your comments taken into account in the processing of your data for the future,
  • the right to withdraw consent – you may withdraw your consent to the processing of your personal data at any time, but any actions that were performed on your data before the withdrawal will remain valid,
  • the right to lodge a complaint – if you feel that the organization is violating your right to privacy you can always turn to the President of the Office of Personal Data Protection with a complaint, but we encourage you to resolve your concerns together before making such a decision.

10. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and products.

What is a cookie?

A cookie is a small file that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

Necessary cookies – Cookies that are required for the operation of our website. Cookies that enable you to log into secure areas of our website.

Analytical/performance cookies – Allow us to notice and count the number of individual visitors and to see how visitors act on our website using it. This helps us to improve our website, helping users to find things they are looking for more easily.

Functionality cookies – Cookies used to recognize you when you make a returning visit to our website. We can personalize our content for you, and remember your preferences (for example, your choice of language or region).

Targeting cookies – Cookies recording your visit to our website, the pages you have visited, and the followed links. We will use this information to make our website and the advertising campaign we lead more related to your interests. Considering the last purpose we may also share this information with third parties.

Particular cookies

Please consult the information below about the particular cookies we use and the purposes for which we use them.

a) Facebook – Store information about your preferences, and allow us to customize and provide you with offers that are targeted at your individual interests on the Facebook platform.

For more detailed information on Facebook’s cookie policy please visit –https://www.facebook.com/policies/cookies/

b) LinkedIn – Store information about your preferences, and allow us to customize and provide you with offers that are targeted at your individual interests on the LinkedIn platform.

For more detailed information on LinkedIn’s cookie policy please visit –https://www.linkedin.com/legal/cookie-policy

c) Google Analytics – Collect and aggregate visitor information such as browsing patterns and page visits to measure how users interact with website content. All information collected is anonymous.

d) Google Ads – Store information about your preferences, and allow us to customize and provide you with offers that are targeted at your individual interests on the Google platform.

To see more information on how Google deals with privacy please visit –www.google.com/policies/privacy/

e) HubSpot – Collect and aggregate visitor information such as browsing patterns and page visits to measure how users interact with content published, and allow us to conduct marketing campaigns resulting from the nature of our business.

To see more information on how HubSpot deals with user data please visit https://legal.hubspot.com/privacy-policy

f) Remarketing – The website uses cookie remarketing tools to be able to direct advertisements to you on Facebook (Facebook Pixel), LinkedIn (LinkedIn Pixel), Twitter (Twitter Pixel), and Google (Google Advertising Network).

Log files and web beacons

In addition to cookies, the Website may also collect data usually collected by internet system administrators as part of so-called logs or log files. Information contained in logs may include: Your IP address, type of internet browser, and address of the page from which you entered the Website.

Some subpages of the Website may contain so-called web beacons. Web beacons allow you to receive information such as the IP address of the computer on which the page on which the web beacon was posted, the URL of the page, the time of page loading, the type of browser, as well as information contained in cookies in order to assess the effectiveness of our ads.

How to control cookies?

You may manage, control or delete cookies – for details, visit http://www.whatarecookies.com/enable.asp. You may delete all cookies that are already on your computer and you can set your browser to block them from being installed. If you do this, however, you may have to adjust some preferences manually every time you visit a site. Additionally, some of the services and functionalities may not work.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You can block cookies by activating the setting on your browser that blocks all or some cookies. Have in mind that, if you use your browser settings to block all cookies (including essential cookies) you may not have access to all functionalities of our webpage.

Summary

In summary, the organization and its staff take great care to ensure that the processing of your personal data encroaches on your privacy as little as possible, however, if at any stage of the processing of your personal data you have doubts about the compliance of these activities with the law, please contact: gdpr@workai.com.