PRIVACY POLICY
​
I. Personal data controller
The administrator of your personal data is 1000ideas Limited Liability Company with its registered office in Krakow, ul. Bohdana Zaleskiego 1, 31-525 Kraków, entered into the Register of Entrepreneurs of the National Court Register by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under the number: 0000906972, NIP: 6751631201, REGON: 369066668.
Contact with the Personal Data Administrator is possible by e-mail at hello@1000i.pl and by phone at: +48 503 04 1000.
​
II. Contact with the personal data administrator
Contact with the Personal Data Administrator is possible:
- by e-mail at hello@1000i.pl
- by phone at: +48 503 04 1000
​
III. Purposes and grounds for processing personal data
1) The scope of personal data processed
- First name and last name
- E-mail adress
- Phone number
- Personal data of job candidates contained in the CVs submitted by them via the website of the Administrator of personal data.
- Data processed in social media, the processing of which is described separately in point XI of the Privacy Policy
- Data saved in the form of server logs described in point XIII of the Privacy Policy
- Data saved in the form of cookies described in point XII of the Privacy Policy
​
2) Collection of personal data
Personal data is collected by the Personal Data Administrator:
- As soon as the contact inquiry is sent via the contact form
- At the moment of subscribing to the newsletter, if it has been made available to Users on the website maintained by the Administrator of personal data
- At the moment of subscribing to other materials, provided for free to Users by the Personal Data Administrator via the website
- At the moment of sending personal data to the Administrator of recruitment documents in the manner specified by the Administrator in the content of the advertisement published on the Administrator's website.
- As soon as you use the Chat available on the website of the Personal Data Administrator
- At the moment of using the website - in the field of cookies, the use of Facebook Pixel and server logs.
​
3) Purposes of personal data processing
The personal data administrator processes personal data for the following purposes:
- Enabling the Users of the website to contact the Personal Data Administrator.
- Providing Users with information about the activities of the Administrator of personal data in the form of a newsletter,
- Provision of services to Users by electronic means as part of the functionalities made available on the website maintained by the Administrator of personal data,
- Creating and keeping registers and records related to the obligations arising from the GDPR,
- proper administration of the operation of the website, including preventing the use of the website for its intended purpose,
- For analytical and statistical purposes - to improve the operation of the Website and its individual modules
- The use of cookies on the website.
- In order to enable the display of advertisements as part of the remarketing of the personal data Administrator's services based on the cookie technology and Facebook Pixel.
​
4) Grounds for the processing of personal data
a) Consent of the data subject to the extent that no other grounds for the processing of personal data apply - art. 6 sec. 1 lit. a GDPR
b) Performance of the contract for the provision of electronic services or activities prior to the conclusion of the contract, undertaken at the request of the data subject - art. 6 sec. 1 lit. b GDPR.
c) Fulfilling the legal obligations incumbent on the Personal Data Administrator (in the field of keeping registers and documentation resulting from the provisions of generally applicable law, tax obligations) - art. 6 sec. 1 lit. c GDPR.
d) The legitimate interest of the Personal Data Administrator consisting in:
- Conducting analyzes and statistics aimed at improving the operation of the Websites.
- Administering the operation of the Websites,
- preventing Users from using the Websites contrary to their intended purpose,
- Creating records and registers related to the processing of personal data in accordance with the principles resulting from the GDPR,
- Conducting marketing activities in the field of services offered by the Personal Data Administrator,
Ie processing based on art. 6 sec. 1 lit. f GDPR.
​
IV. Duration of personal data storage
1. Personal data is stored for the following periods:
a) Data necessary for the provision of electronic services and the performance of the contract for the provision of such services - for the time necessary to provide such a service, but no longer than until the expiry of the limitation periods for claims regarding the services provided.
b) In the case of personal data processed on the basis of consent - until it is withdrawn or the purpose of processing is achieved, however not longer than until the user resigns from using the Website.
c) In the case of personal data constituting data provided by Users in connection with the recruitment - until the recruitment is completed, and - in the case of consent to the processing of personal data for the purposes of further recruitment - no longer than 2 years from the end of the year, in which the data was submitted by the User.
d) Data processed on the basis of the legitimate interest of the Personal Data Administrator - until an objection is effectively raised or the purpose of personal data processing is achieved, but no longer than 5 years, counted from the end of the year in which the Personal Data Administrator started processing personal data.
e) Data processed for analytical purposes and administration of the Website - until the data is no longer useful or up-to-date.
​
2. The periods specified in par. 1 above, we count from the end of the year in which the personal data was obtained. This is to improve the management of the processing of personal data and the processes of their removal, after the processing periods have elapsed.
​
3. If the User requests the exercise of the right to be forgotten, the User's application is considered individually.
V. Recipients of personal data
1. The recipients of personal data may be:
a) Companies from the 1000ideas group, affiliated by capital or personally with the Personal Data Administrator.
b) Entities providing technical solutions that were used in the construction and operation of the website,
c) Entities providing services in the field of sending mass messages,
d) Entities providing hosting services,
e) Entities providing accounting or legal services.
​
2. Personal data processed by the Administrator may be transferred to public authorities on the basis of the provisions of generally applicable law or a decision of a competent authority.
VI. Transferring personal data to third countries
1.When processing personal data, we use popular services and technologies offered by entities such as Google, Drift, as well as technological solutions available on social media, where the Personal Data Administrator has its profiles or fanpage (Facebook, Instagram, Twitter, LinkedIn ). These companies are based outside the European Union, and therefore in the light of the provisions of the GDPR, they are treated as entities from third countries.
​
2. The GDPR introduces limitations in the possibility of transferring personal data to third countries, due to the possibility of insufficient protection of personal data of citizens of the European Union due to the non-application of the provisions of European law in principle. Therefore, each data controller is required to establish the legal basis for such transfer.
​
3. For our part, we ensure that when using the services and technologies of the above-mentioned suppliers, we conduct activities aimed at verifying and monitoring whether the entities to which personal data are transferred on the basis of measures ensuring an adequate level of security, permitted under Art. 44-46 GDPR. Guarantees of an adequate level of protection are ensured, among others, by standard contractual clauses adopted by the EU Commission pursuant to Art. 46 sec. 2 GDPR.
​
4. At any time, we will provide you with additional explanations regarding the transfer of personal data, in particular when this issue raises your concern.
​
5. You have the right to obtain a copy of your personal data transferred to a third country at any time.
VII. Rights of data subjects
A person using the website has the right to:
a) Access to personal data and receive a copy thereof,
b) Requests for rectification or supplementation of personal data,
c) Requests to delete personal data - if you decide that there are no grounds for the Personal Data Administrator to process his personal data and there are no grounds justifying further processing.
d) Restrictions on the processing of their personal data - you may request that the Personal Data Administrator limit the processing of your personal data only to their storage or to perform activities agreed with her, if the data is incorrect or processed without a legal basis, or a person whose the data concern does not want to delete them due to the need to retain the data to establish, assert or defend claims or for the time of examining the objection to the processing of personal data.
e) Objections to the processing of personal data:
- Processing of personal data for direct marketing purposes: You have the right to object to the processing of personal data for the purpose of direct marketing. By exercising this right, the Personal Data Administrator will cease to process personal data.
- Objection due to a special situation: You have the right to object to the processing of your personal data on the basis of a legitimate interest for purposes other than direct marketing. The objection should then indicate what is the specific situation of the data subject who justifies the request to stop processing personal data. The personal data administrator will cease processing personal data for these purposes, unless he proves that the grounds for further processing override the rights of the data subject or that the data are necessary to establish, assert or defend claims.
f) Data portability - you have the right to receive, in a structured, commonly used, machine-readable format, personal data concerning you, which have been provided to the Administrator on the basis of the consent granted. The User may order the Administrator to send them directly to another entity.
You can exercise your rights by sending an email to the following address: hello@1000i.pl
VIII. Rights of data subjects
The data subject may at any time withdraw consent to the processing of personal data processed on the basis of his consent. Withdrawal of consent does not affect the lawfulness of data processing carried out before its withdrawal.
You can exercise your rights by sending an email to the following address: hello@1000i.pl
IX. Right to lodge a complaint with a supervisory authority.
The data subject who believes that his personal data is being processed unlawfully may submit a complaint to the President of the Personal Data Protection Office.
X. The requirement to provide personal data
Providing personal data is voluntary, but necessary if the data subject wants to use or obtain information on the services offered via 1000i.pl, 1000digital.pl and 1000software.house .
XI. Processing of personal data on social media
1. The personal data administrator uses social media to promote the services provided, including portals such as Facebook, LinkedIn or Youtube.
2. Administrators of the indicated social networking sites register the behavior of their users, using, inter alia, from cookies or other related technologies, including behaviors involving interaction with the personal data Administrator's profiles and fanpages.
​
3. The personal data administrator informs that the data collected through:
a) facebook.com are subject to co-administration by the Administrator and Facebook Ireland Ltd. - as the European branch of Facebook Inc. responsible for the operation of Facebook.com in the European Union.
b) LinkedIn.com are subject to co-administration by the Administrator and LinkedIn Ireland Ltd. - as the European branch of LinkedIn Inc. responsible for the operation of LinkedIn.com in the European Union.
c) the Instagram portal is subject to co-administration by the Administrator and Facebook Ireland Ltd. - as the entity responsible for the operation of the Instagram portal, including in the European Union,
d) The Twitter portal is subject to joint administration by the Administrator and Twitter Inc. - the entity responsible for the operation of the portal, including in the European Union.
​
4. The scope of personal data processing by the above-mentioned portals, in which the Personal Data Administrator has profiles and fanpages, has been described in detail in the privacy policies of individual portals and social media:
- https://www.facebook.com/privacy/explanation
- https://www.linkedin.com/legal/privacy-policy
- https://twitter.com/en/privacy#update
​
5. As part of using social media, the Personal Data Administrator has access to the following Users' personal data:
a) Name and surname or username,
b) Profile picture,
c) The content of correspondence with the User,
d) Information about liking a fanpage or profile,
e) Information about the User's activity on the fanpage or profile,
f) The content of comments and posts posted on the fanpage or in the profile by Users,
g) Statistical data (general) generated by operators of social networking sites regarding interests, demographic data (age, gender), general location data of users (region).
​
6. The personal data administrator processes personal data in social media for the following purposes:
a) Enabling Users to use a fanpage or profile,
b) Sharing posts and conducting discussions in comments published on the fanpage or profile,
c) Enabling Users to contact the Personal Data Administrator,
d) Enabling the Personal Data Administrator to obtain contacts to persons interested in the offer and activities of the Personal Data Administrator using the Facebook Lead Ads tool,
e) In order to conduct explanatory proceedings, establish, investigate and defend any claims,
f) Use of statistics provided, among others by Facebook.com regarding the display of posts, their ranges, number of interactions, demographic data about people following the fanpage, which data are collected on the basis of Users' activity on the fanpage.
g) In order to conduct marketing activities via a fanpage or profile, including informing about the activities of the Administrator of personal data and services offered, displaying posts and sponsored posts, as well as using Facebook Lead Ads.
​
7. Personal data in social media are processed on the following grounds:
a) In terms of enabling Users to use the fan page - pursuant to art. 6 sec. 1 lit. b GDPR - in order to provide services in the field of electronic services,
b) In terms of sharing posts, discussing in comments and contacting Users who like the fanpage - pursuant to art. 6 sec. 1 lit. f GDPR, i.e. based on the legitimate interest of the Personal Data Administrator, which is the need to ensure contact with the Personal Data Administrator and exchange of information between the Administrator and users,
c) As regards the Administrator's obtaining personal data of contacts using Facebook Lead Ads - pursuant to art. 6 sec. 1 lit. f GDPR, i.e. based on the legitimate interest of the Personal Data Administrator, which is the right to contact persons interested in the offer and conduct marketing activities against them,
d) In the scope of conducting explanatory proceedings, establishing, investigating and defending any claims - pursuant to art. 6 sec. 1 lit. c and lit. f GDPR, i.e. in terms of the fulfillment of the obligation resulting from art. 8 of the Act on the provision of electronic services and on the basis of the legitimate interest of the personal data administrator consisting in establishing, investigating or defending claims related to the fanpage.
e) In the scope of using statistical data - pursuant to art. 6 sec. 1 lit. f GDPR, i.e. based on the legitimate interest of the Personal Data Administrator, which facilitates the use of services, improves the quality of their provision and functionality. In connection with the principles of running Facebook.com, the User is aware of the statistical activities carried out against him and the sharing of their results with the Personal Data Administrator.
f) In the scope of conducting marketing activities via fanpage - statistical - pursuant to art. 6 sec. 1 lit. f GDPR, i.e. based on the legitimate interest of the Personal Data Administrator, which is the marketing of services provided by the Personal Data Administrator.
​
8. Personal data collected and processed as part of the functioning of the fanpage or profile are stored by the Personal Data Administrator for no longer than it is necessary for the implementation of individual processing purposes, where:
a) Data on likes, published posts and people following the fanpage or profile - until the user withdraws the like, deletes the post or cancels the fanpage or profile subscription,
b) Data regarding the contact with the User via the messaging application in social media or via Facebook Lead Ads - until the expiry of the limitation periods for possible claims related to the content of the correspondence, but not longer than 3 years.
c) Data processed in connection with statistics on the use of services - until the purposes of personal data processing are achieved, but not longer than 3 years.
d) Data processed in the scope of establishing, investigating or defending claims - until the end of the proceedings relating to these claims.
​
9. When using the fanpage, the User does not remain anonymous. In particular, information about people following the fanpage or profile, likes, as well as the content of posts, comments and other information published by Users is open to other users of social media.
XII. Cookies
1. The Administrator's websites use cookies for their operation, which are short text information saved in the web browser. When reconnecting with the website, the website recognizes the device on which the website is opened.
​
2. Files can be read by the system used by the Administrator, as well as service providers used in creating the website, including, for example, Google Analytics.
​
3. Some cookies are anonymized, which means that it is not possible to identify the user without additional information.
​
4. By default, your web browser allows the use of cookies on your devices, therefore, when you first visit the website, a message appears asking you to consent to the use of cookies.
​
5. If you do not wish to use cookies when using the website, the browser settings can be modified by completely blocking the automatic handling of cookies or by requesting notification each time that cookies are placed on the device. The settings can be changed at any time.
​
6. Cookies perform the following functions (if the information is insufficient, please contact us):
a) session status - cookies transfer, among others information on how visitors use the website, e.g. which subpages are displayed most often. They also provide the ability to identify the displayed errors being displayed. Cookies used to save the so-called "Session state" therefore help to improve services and increase the comfort of browsing pages,
b) creating statistics - cookies are used to analyze how users use the website (how many people open the website, how long they stay on it, which content is of the greatest interest, etc.). Thanks to this, it is possible to constantly improve the website and adapt its operation to the preferences of users. In order to track activity and create statistics, we use Google tools, such as Google Analytics; in addition to reporting website usage statistics, pixel Google Analytics may also be used, along with some of the cookies described above, to help display more relevant content to the user in Google services (e.g. in the Google search engine) and throughout the web.
c) Using social functions - on its websites, the personal data administrator uses the so-called Facebook pixel that allows you to display ads to the right recipients and allows you to analyze the effectiveness of the ads used. In order to use this function, the Personal Data Administrator uses both its own cookies and cookies provided by Facebook.
​
7. Please be advised that disabling or limiting the use of cookies may result in significant difficulties in using the Administrator's websites, e.g. in the form of a longer loading period, restrictions on the use of functionalities, etc.
XIII. Server logs
1. Information about some events initiated by users is recorded in the form of logging on the server and the hosting provider's server.
​
2. Data in the form of server logs are used only for the proper administration of the website and to ensure efficient handling of communication related to the services offered through it.
​
3. The subscription may be subject to:
a) date and time of visiting the website,
b) type of operating system,
c) approximate location,
d) type of web browser used to browse the website,
e) time spent on the website,
f) visited subpages,
g) subpage where the contact form has been completed.
​
2. User activity logs may also be saved, including, for example, the e-mail address that was provided when placing the inquiry in the forms available on the website. In this case, the logs are available in the tools used to create the website and in the tools supporting the functionalities available on the website.
​
3. The data indicated in sec. 3 above are not associated with specific people who visit the website. The personal data administrator uses them only to administer the website.
​
XIV. Automated decision making and profiling
1. Please be advised that on the basis of your personal data, decisions may be made in an automated manner, including on the basis of profiling.
​
2.Profiling means any form of automated processing of personal data, which consists in the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or forecast aspects concerning the effects of that natural person's work, economic situation, health, personal preferences, interests, reliability, behavior, location or movement.
​
3. Profiling that we conduct consists of:
a) With regard to the operated websites: monitoring the activity of website users, including the number and frequency of visits to the website.
b) With regard to profiles and fanpage in social media: directing posts and content with a specific profile to a specific group of Users and - therefore, monitoring user activity and their reactions to the published content.
​
4. Profiling is used to facilitate the transfer of advertising content as part of the promotional and marketing activities carried out by the Administrator.
​
5. The Administrator making personal data decisions in an automated manner, based on personal data such as:
a) In the case of websites: own Google Analytics cookies, advertising identifiers, device IP address, it is necessary due to the remarketing activities based on the Google Ads functionality.
b) In the case of profiles and fanpage in social media: information about demographics, age, pay, interests and location of Users who like 1000ideas fanpage.
​
6. Automated decision-making consists of:
a) directing advertising content to people who previously visited the website, and which are displayed in advertising modules available after switching to other websites.
b) directing advertising content to people who like the fanpage, and which are displayed on Facebook.com, as well as displaying individual posts to a previously defined group of recipients.
​
7. The use of automated decision-making in the form of profiling is based on the legitimate interest of the Administrator of personal data in the form of ensuring the highest possible effectiveness of marketing activities.
​
8. Decisions towards you are made:
a) In terms of the website: with the use of cookies. The exact rules for the use of cookies are described in part XI of this policy.
b) In the field of social media: statistical data provided by social media operators.
​
9. The automated decisions described above do not affect your situation.
10. A person who does not agree with the decision made in this way has the right to object, eg by submitting a complaint. For this purpose, please contact us via e-mail and indicate the reasons why you believe that your decision is wrong. Reported objections will be considered by a person authorized to analyze such reports and make decisions in their scope (such objections are not considered by any IT system).
XV. Final Provisions
1. In matters not covered by this Privacy Policy, the provisions on the protection of personal data shall apply.
​
2. You will be notified by e-mail about any changes introduced to this Privacy Policy.
3. This Privacy Policy is valid from 01/01/2021.