Talk
to an expert

Privacy Policy

What is in our Privacy Policy?

Information on the protection of your personal data, including your rights.

Our Privacy Policy is divided into three parts:

I. General Part, which, among other things, explains the terms used, provides our contact details, and informs you of your rights as a data subject.
II. Part Two, containing information on the processing of your personal data;
III. Part Three, information on Cookies

Table of Contents

Part I.

  1. Information about the Controller.
  2. Terms Used in the Privacy Policy.
  3. Personal Data Security.
  4. Your Rights.
  5. Complaint Regarding Personal Data Protection.

Questions about the Policy and its Publication Location.

Part II.

  1. Contact via Contact Form.
  2. Information on the processing of personal data of individuals interested in receiving an offer for Exim IT S.A. services.
  3. Careers.
  4. Marketing.
  5. Newsletter.
  6. Participation in contests, events organized via or using the Exim IT S.A. website.

Part III.
Information on Cookies.

Part I. General Provisions

Information about the Controller

The controller of your personal data is Exim IT S.A. Joint Stock Company, KRS number
0000568611. In the remainder of this Policy, we refer to ourselves as the “Controller”, “ADO” or
Exim IT
You can contact us:
by mail: ul. Jutrzenki 137, 02-231 Warszawa
by email: biuro@e-xim.pl
DPO email address: Exim IT Data Protection Officer, ul. Jutrzenki 137, 02-231 Warszawa, email: iodo@e-xim.pl

Terms Used in the Policy.

When the following terms are used in our Privacy Policy, they should be understood as follows:
Service – the website at: www.e-xim.pl
Policy – means this document, i.e., the privacy policy you are reading.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. You can find the text of the GDPR here:

https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=celex%3A32016R0679

Personal Data Security

We are committed to protecting the privacy of your personal data. We will use personal data in accordance with applicable laws and regulations concerning data protection and privacy, including the GDPR.
We apply technical and organizational measures aimed at securing the personal data provided to us, in particular preventing unauthorized persons from acquiring and modifying personal data transmitted electronically, i.e., within our Service, in accordance with the requirements of generally applicable law.

Your Rights

  1. We process your personal data, therefore:
    • You have the right to access this personal data;
    • You may request their rectification;
    • You may request their erasure, but only when permitted by the GDPR – we will inform you if you submit such a request;
    • You have the right to restrict the processing of your personal data, to the extent specified in the GDPR.

  2. Furthermore, you have the right to object to the processing of personal data. You may exercise this right if we process personal data:
    • for direct marketing purposes, without the need for justification/stating a reason;
    • based on other legitimate interests – here, a justification related to your specific situation is required (describe the reason why we should not process your data).

  3. In the second part of the Policy, you will find information about additional rights. For some forms, you will have additional options.

  4. If you wish to exercise the aforementioned rights or learn more about them, please contact us. Contact details can be found above, in the section titled “Information about the Controller”.

Complaint Regarding Personal Data Protection

 

If you believe that we are processing personal data unlawfully, you may lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office, whom you can contact as follows:

Questions about the Policy and its Publication Location

  1. If you have any questions regarding the Policy, please let us know. Contact details can be found above, in the section titled “Information about the Controller”.
  2. The Policy is available on the website: www.e-xim.pl

Part II. Information related to the processing of your personal data

Contact via Contact Form.

  1. Why do we need your data, i.e., what is our purpose for processing it?
    to respond to your message and resolve the matter;
    based on your voluntary consent, for marketing purposes involving sending offers of our services – via messages sent to your provided email address or by phone contact.
  2. What rights do you have?
    this topic is described in Part I of the Policy, titled “Your Rights”.
  3. Are you obliged to provide your data?
    No, it is voluntary, but without providing them, we may not be able to resolve the matter you presented.
  4. What is the legal basis for processing your data?
    Article 6(1)(f) GDPR, i.e., the legitimate interest of Exim IT;
    If you have given consent to us sending commercial offers, the legal basis for such action is Article 398 of the Act of July 12, 2024 – Journal of Laws 2024, item 1221 – Electronic Communications Law in conjunction with Article 6(1)(a) GDPR (consent of the data subject).
    Remember that you can always withdraw your consent. If you wish to do so, please contact us.
  5. What do we mean by legitimate interest?
    Resolving the matter you presented, responding to your message, and activities related to sending offers.
  6. Who are the recipients of the data?
    entities responsible for hosting (storing) the Service or personal data for Exim IT;
    providers of marketing tools;
    couriers and postal services;
    based on your additional consent, our partners supporting Exim IT’s marketing activities.
    Subcontractors of the Controller.
  7. Will the data be transferred outside the European Economic Area?
    If the transfer of your personal data outside the EEA is necessary, it will take place on the legal basis provided for in the GDPR.
  8. For how long will we process the data?
    For the time:
    needed to resolve the matter. Depending on its type, also for the time needed to demonstrate that we have resolved it, i.e., for the period of limitation of claims;
    of conducting marketing activities by us or until you object to further processing of data for marketing purposes, or withdraw consent to send messages to your provided email address. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

Information on the processing of personal data of individuals interested in receiving an offer for Exim IT services.

  1. Why do we need your data, i.e., what is our purpose for processing it?
    to respond to your message related to the offer;
    to ensure transparency and consistency in the form and content of offers provided to you, in particular for presenting terms corresponding, among others, to the Controller’s current pricing policy and other information covered by the offer;
    based on your voluntary consent, for marketing purposes involving sending offers of our services – via messages sent to your provided email address or by phone contact.
    For the purpose of pursuing potential claims and defending against them;
  2. What rights do you have?
    this topic is described in Part I of the Policy, titled “Your Rights”.
  3. Are you obliged to provide your data?
    No, it is voluntary, but without providing them, we may not be able to prepare and provide you with an offer.
  4. What is the legal basis for processing your data?
    Article 6(1)(f) GDPR, i.e., the legitimate interest of Exim IT;
    If you have given consent to us sending commercial offers, the legal basis for such action is Article 398 of the Act of July 12, 2024 – Journal of Laws 2024, item 1221 – Electronic Communications Law in conjunction with Article 6(1)(a) GDPR (consent of the data subject);
    Remember that you can always withdraw your consent. If you wish to do so, please contact us.
  5. What do we mean by legitimate interest?
    Resolving the matter you presented, responding to your message, and activities related to preparing and sending an offer.
  6. Who are the recipients of the data?
    entities responsible for hosting (storing) the Service or personal data for Exim IT;
    entities providing audit services,
    entities providing legal services,
    providers of marketing tools;
    couriers and postal services;
    based on your additional consent, our partners supporting Exim IT’s marketing activities.
    Subcontractors of the Controller.
  7. Will the data be transferred outside the European Economic Area?
    If the transfer of your personal data outside the EEA is necessary, it will take place on the legal basis provided for in the GDPR.
  8. For how long will we process the data?
    For the time:
    needed to resolve the matter and related to the processing of the offer request. Depending on its type, also for the time needed to demonstrate that we have resolved it, in particular, sent an offer, i.e., for the period of limitation of claims;
    of conducting marketing activities by us or until you object to further processing of data for marketing purposes, or withdraw consent to send messages to your provided email address. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

Careers

  1. Why do we need your data, i.e., for what purpose do we process it?
    Your data will be processed for recruitment to a position at the Controller or for recruitment to a position at the Controller. If you give voluntary consent, your data will also be processed for future recruitment processes conducted by the Controller.
    The position you are applying for may involve the need to transfer your application to a client of the Controller, for whom services will be performed as part of the established cooperation – if such a situation arises during the recruitment process, you will be informed in advance to enable you to express consent for such action, and you will also be provided with all necessary information regarding the processing of your personal data in accordance with applicable law, in particular as specified in Article 14 of the GDPR.
    If you give voluntary consent, your data will also be processed after the recruitment process is completed for the purpose of conducting future recruitment by us.
  2. What is the legal basis for processing your data?
    Article 6(1)(f) GDPR, i.e., the legitimate interest of Exim IT;
    to the extent necessary to take steps towards concluding an employment contract/internship/apprenticeship/contract for specific work, the legal basis is Article 6(1)(b) GDPR, and to the extent necessary to fulfill our statutory obligations – Article 6(1)(c) GDPR.
    If you give consent to the processing of data for the purposes of future recruitment, in this regard, data processing will take place on the basis of Article 6(1)(a) GDPR.
    Personal data (e.g., image) are processed on the basis of Article 6(1)(a) GDPR, i.e., your voluntary consent expressed by sending us a recruitment application, and providing them does not affect the possibility of participating
    in recruitment.
  3. What do we mean by legitimate interest?
    seeking employees/collaborators/interns/apprentices
    and conducting recruitment aimed at employing a person whose qualifications best meet our needs.
    reporting possible claims or defending against them.
  4. What rights do you have?
    You have the right to access your data, rectify it, request its erasure, as well as the right to restrict processing, data portability, object to the processing of personal data, and the right to lodge a complaint with a supervisory authority if the data is processed unlawfully. If data is processed based on separate consent, you have the right to withdraw this consent at any time. However, this will not affect the lawfulness of processing carried out before its withdrawal.
  5. Which of your personal data do we process?
    personal data specified in the Labor Code or other specific regulations.
  6. Are you obliged to provide your data?
    Providing data is voluntary; however, failure to provide it will prevent participation in the recruitment process.
  7. Who are the recipients of your data?
    Recruitment agencies and entities operating recruitment portals.
    Software providers we use.
    Entities providing access to mailboxes.
    Providers of other IT tools we use.
  8. Will your data be transferred outside the European Economic Area (EEA)?
    If it becomes necessary to transfer your personal data outside the EEA, this will be done based on the legal basis provided for in the GDPR.
  9. How long will we process your data?
    Your data will be processed until the end of the recruitment process. If you have given consent to the processing of data for future recruitment purposes, your data will be processed until the end of those recruitment processes, but no longer than 2 years or until consent is withdrawn.
  10. Will you be subject to automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you?
    NO.
  11. What can you do if you do not want us to process your data and contact you?
    For reasons related to your particular situation, you have the right to object to the processing of personal data if we process personal data based on legitimate interests.

Marketing

  1. Why do we need your data, i.e., what is our purpose for processing it?
    Building our image in the media, including social media and industry portals (Facebook, YouTube, LinkedIn) by publishing posts and other activities on social media.
  2. What rights do you have?
    this topic is described in Part I of the Policy, titled “Your Rights”.
  3. What personal data do we process?
    we may process personal data published in the media, particularly on social media profiles, and other data related to our use of social media features.
  4. What is the legal basis for processing your data?
    Article 6(1)(f) GDPR, i.e., the legitimate interest of Exim IT.
  5. Where do we obtain your personal data from?
    We obtained it from publicly available sources, such as websites, social media profiles (e.g., in connection with your activity under our posts).
  6. What do we mean by legitimate interest?
    responding to your private messages sent to us via social media;
    conducting conversations via comments under individual posts;
    sharing our posts as a follower of our profile;
    marketing, consisting of informing you about our services and ourselves through posts on our social media profile;
    analytical activities through statistics provided to us by social media entities, including data on the display of our posts, their reach, number of interactions, and demographic data of our followers; the data presented to us by social media entities are statistics created based on that company’s observation of your behavior on our profile.
  7. Who are the recipients of the data?
    Social media providers;
    entities responsible for hosting (storing) the Service or personal data for Exim IT;
    providers of marketing tools;
    couriers and postal services;
    based on your additional consent, our partners supporting Exim IT’s marketing activities;
  8. Will your data be transferred outside the European Economic Area?
    Should the transfer of your personal data outside the EEA be necessary, it will occur on a legal basis provided for in the GDPR.
  9. For how long will we process the data?
    For the duration of our legitimate interest, as described above, but no longer than until you object to the processing of personal data.
  10. Will you be subject to automated processing, including profiling, that produces legal effects concerning you or similarly affects your situation?
    No.
  11. What options do you have if you do not want us to process your data and contact you?
    You have the right to object to data processing. If you wish to exercise this right, please write to us at the email address provided above or click the link in every message you receive from us. You do not need to provide us with reasons for your objection.

Newsletter

  1. Why do we need your data, or what is our purpose in processing it?
    Marketing, concerning the promotion of us and our services, including sending you marketing information via email, SMS, or phone calls to the provided phone number.
  2. What are your rights?
    We described this topic in Part I of the Policy titled “Your Rights”.
  3. Are you obliged to provide your data?
    No, it is voluntary, but without providing them, you will not be able to subscribe to the newsletter and receive commercial information from us.
  4. On what legal basis do we process your data?
    Article 6(1)(f) GDPR, i.e., our legitimate interest;
    Article 398 of the Act of July 12, 2024 – Journal of Laws 2024, item 1221 – Electronic Communications Law in conjunction with Article 6(1)(a) GDPR (consent of the data subject);
    Please remember that you can withdraw your consent to receive newsletters and commercial information at any time. If you wish to do so, please contact us.
  5. What do we mean by legitimate interest?
    Promoting Exim IT services by sending you commercial information.
  6. Who are the recipients of your data?
    Providers of tools for:
    marketing activities,
    sending newsletters.
    Entities providing hosting (storage) for our website and personal data for us.
  7. For how long will we process your data?
    For the duration of marketing activities or until you object to further processing of data for marketing purposes, or withdraw consent for sending messages to your email address or phone contact. Your withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  8. Will your personal data be transferred outside the European Economic Area?
    Should the transfer of your personal data outside the European Economic Area be necessary, it will occur on a legal basis provided for in the GDPR.

Participation in contests, events organized through or with the use of the Exim IT website.

  1. Why do we need your data, or what is our purpose in processing it?
    Performance of the agreement you entered into with Exim IT regarding participation in an event or contest;
    Fulfillment of obligations arising from tax law regulations and regulations on withdrawal from a distance contract;
    Pursuit of claims and defense against claims arising from the concluded agreement or related to the provision of services.
  2. What are your rights?
    We described this topic in Part I of the Policy titled “Your Rights”.
  3. Are you obliged to provide your data?
    No, it is voluntary, but without providing them you will not be able to take part in the competitions or events we organise. 
  4. On what legal basis do we process your data?
    Article 6(1)(b) GDPR, i.e., for the purpose of concluding and performing the concluded agreement;
    Article 6(1)(f) GDPR, i.e., legitimate interest;
    Article 6(1)(c) GDPR, i.e., fulfillment of legal obligations incumbent on the Administrator;
  5. What do we mean by legitimate interest?
    Conducting communication and event management for the proper execution of the contest or event;
    Pursuit of and response to claims.
  6. Who are the recipients of your data?
    Providers of tools for contest and event management,
    Entities providing hosting (storage) for our website and personal data for us.
    Agencies whose services the Administrator will use in organizing a given event or contest;
  7. For how long will we process your data?
    For the duration of the agreement and the time necessary to demonstrate that we properly performed the agreement, i.e., the limitation period for claims;
    For the time necessary to demonstrate our proper fulfillment of obligations, i.e., until the expiration of the limitation periods for claims or tax liabilities;
    For the duration of a dispute and the time necessary to enforce claims.
  8. Will your personal data be transferred outside the European Economic Area?
  9.  

Should the transfer of your personal data outside the European Economic Area be necessary, it will occur on a legal basis provided for in the GDPR.

Part III. Information on cookies.

  1. Cookies are small text files stored on your computer or mobile device and then retrieved from them during subsequent visits to our website. Cookies usually contain the name of the website they came from, the time they are stored on the device, and a unique number. Generally, the use of cookies does not lead to us identifying you as a specific person.
  2. Cookies that are essential for the functioning of the website and applications are saved automatically. For other types of cookies, your consent is required.
  3. Cookie management is carried out through a tool available on the website, which is displayed automatically during your first visit to the Website, within which you can consent to the use of individual cookie categories.
  4. You can also manage cookie settings through your browser settings. More information can be found on the websites of individual browser operators:


More information about the cookies used by Exim IT can be found here: