PRIVACY POLICY
General provisions
- This document sets out the rules for the use of the website available at www.todis.pl, hereinafter referred to as the Website.
- The Website was created by Todis Consulting Spółka z ograniczoną odpowiedzialnością [Limited Liability Company], based in Warsaw, ul. Kaniowska 100, 01-529 Warszawa, registered in the Register of Entrepreneurs kept by the District Court in Warsaw, 12th Commercial Division, under the KRS number 0000950562, with a share capital of: PLN 500,000, NIP (Tax Identification Number): 5262881116, REGON (Business Statistical Number) 140200638, hereinafter referred to as “Todis Consulting”.
- Within the meaning of this Privacy Policy, the user is understood as a legal person, a natural person or an organizational unit without legal personality with full legal capacity.
- As set forth herein, all business names and product names posted on the Website shall be protected by law as trademarks or company designations and are the property of Todis Consulting or its business partners. It is prohibited to use them without prior written consent of the entity authorized to use the given trademark and/or company mark and/or registered trade name.
- This Privacy Policy applies solely to Todis Consulting. Todis Consulting reserves the right to make changes to this document at any time without prior notice.
- By accepting this Privacy Policy, you acknowledge that your use of the Website is subject to the regulations of Todis Consulting’s Privacy Policy.
Exclusion of liability
- None of the information on the Website constitutes an offer within the meaning of the Civil Code Act of April 23, 1964 (Journal of Laws of 1964, No. 16, item 93, as amended). Todis Consulting uses reasonable efforts to ensure that all information that is posted on the Website is correct and factually accurate. However, Todis Consulting assumes no responsibility for the accuracy and/or factual accuracy of such information. Todis Consulting shall not be liable for any damages that may arise from the use of the Website, as well as for damages that may arise from actions or omissions based on the information contained on the Website.
- The Website may contain links to other websites or other media, such as radio, television, newspapers, advertising, etc. Todis Consulting shall not be liable for the privacy policies applicable to those websites. Todis shall also not be liable for any damages that may arise from the use of such websites or media.
- Todis Consulting shall be entitled to remove from the Website any content that is posted on or made available through the Website in violation of the law or this document, as well as content that violates the interests of Todis Consulting and the User. Todis Consulting shall not be liable for any difficulties in using the Website, or for any written and/or oral information obtained by the User while using the Website.
Principles of personal data protection
- Todis Consulting is the controller of the personal data provided by users when using the Website. Todis exercises due diligence to ensure that all personal data are processed in accordance with the purpose for which they were collected and used in accordance with the scope of the authorizations (consents) granted and processing areas permitted by law.
- Any person who submits personal data to Todis Consulting via the Website is informed of the specific purpose for which the data are processed and the legal basis for the processing.
- Todis Consulting uses personal data only for the purposes indicated.
- Your personal data processed on the basis of the granted consent will be processed until such consent is revoked or the purpose for which they were collected ceases to exist. The consent granted may be revoked at any time without affecting the lawfulness of processing carried out on the basis of the consent prior to its revocation.
Purpose and legal bases of data processing
- Todis Consulting processes personal data for various processes.
- Each of the processes is monitored by us and analyzed in terms of its lawfulness (Article 6 of the GDPR), allowing us to process your personal data.
- We process personal data for the following purposes and on the following legal bases:
Personal Data Recipients
Recipients of personal data will be entities that process data on the basis of a personal data processing agreement concluded with the Data Controller, in particular IT system providers, entities that provide outsourced accounting services and IT support, as well as entities authorized to receive data under the law.
Personal data retention period
The period of data processing by the Data Controller depends on the purpose of processing for which the data are collected, according to the following criteria:
- Personal data of job applicants will be retained:
- until the recruitment process for the position indicated in the job offer is completed;
- in the case of consent to data processing for future recruitment processes conducted by the Data Controller – until withdrawal of this consent.
- after the aforementioned period, personal data will be retained for the time prescribed by the applicable law for that purpose or until the statute of limitations for possible claims has expired.
- Personal data of Contractors will be retained throughout the period of execution of the cooperation agreement, and after this period for the time prescribed by the applicable law for that purpose or until the statute of limitations for possible claims has expired.
- The Customers’ personal data will be retained:
- for the period of execution of the cooperation agreement – in the case of data processing for the purpose of entering into and executing the cooperation agreement,
- for the period necessary to process submitted complaints – in the case of data processing for the purpose of handling complaint processes,
- until the resolution of the dispute / reaching a settlement by the parties, taking into account the relevant statute of limitations for claims – in the case of data processing for the purpose of pursuing claims and debt recovery,
- until an objection is raised by the data subject – in the case of processing of personal data on the basis of Article 6(1)(f) of the GDPR,
- after the periods indicated in pts. (a) – (d) for the time when the retention of data is prescribed by the law or until the statute of limitations for possible claims expires.
- Personal data of contact persons and users of the Website will be retained:
- until withdrawal of the consent – in the case of data processing on the basis of Article 6(1)(a) of the GDPR,
- until the user has objected to the processing –in the case of data processing on the basis of Article 6(1)(f) of the GDPR,
Information security and storage
- Todis Consulting ensures the security of personal data through appropriate technical and organizational measures aimed to prevent unlawful data processing and their accidental loss, destruction or damage.
- Todis Consulting takes special care to ensure that personal data are:
- lawful, reliable and transparent;
- collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- correct and updated as necessary;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures adequate security of personal data;
- processed in a manner that allows for the exercise of the rights of data subjects;
- not transferred without adequate protection to countries outside the European Economic Area or international organizations.
Data acquisition
- When collecting any personal data, Todis Consulting records where it was first obtained from.
- Personal data may be obtained through:
- forms filled out online – data are collected through various forms available on the website for contact purposes, to submit inquiries or to send comments;
- offline contact – phone and fax numbers, as well as email addresses are listed on the Website through which the user can contact us;
- when using the Website’s resources, information about users is collected through cookies. Cookies – small text files transferred from the Website and stored on the hard drive of the user’s computer are used for customization of content and services according to individual needs and interests of Website users. They allow the site to “remember” the user. The user can disable cookies in his or her browser at any time. Details regarding cookies are specified in the “Cookie Policy”.
User rights
- Todis Consulting respects each person’s rights related to the processing of their personal data. In particular, each data subject has:
- the right to be informed about the processing of their personal data;
- the right to access, request rectification, supplementation and amendment of their data;
- the right to erase their personal data (“right to be forgotten”);
- the right to request restriction of their processing of data;
- the right to transfer their data;
- the right to object to the processing of their data for legitimate purposes of Todis, including direct marketing of its products and services and profiling, and the right not to be subject to decisions solely based on automated processing;
- the right to lodge a complaint with the supervisory authority (the President of the Personal Data Protection Office), if the user deems that processing of his or her personal data infringes the provisions of the GDPR.
- Todis Consulting informs that if it is not possible to identify a person unequivocally, for example due to the extent of the data provided by that person, it may refuse to act on the data subject’s request, informing the data subject thereof, unless the data subject provides additional data that allows him or her to be identified.
- Todis Consulting informs that it is not obliged to delete data (“right to be forgotten”) in case its processing is required:
- to exercise the rights and freedom of expression and information;
- to comply with a legal obligation under EU or Polish law, or to perform a task carried out in the public interest;
- for archival purposes in the public interest, scientific or historical research purposes, and statistical purposes;
- to establish, pursue or defend claims.
- If the User objects to further processing for marketing purposes, profiling, or to the transfer of personal data to another data controller, the objection shall be accepted. However, the Data Controller may leave data identifying an individual in the database in the scope allowing to avoid reuse of that individual’s data for the purposes covered by the objection.
- The user may exercise their right to information and access to data once every 6 months at most. At the request of the data subject, the Data Controller shall, within 30 days, provide the necessary information.
- Data subjects may make a request to exercise their rights at the following email address: todis@todis.pl, or at the address of the registered office of Todis Consulting – ul. Kaniowska 100, 01-529 Warszawa.
Scope of provision of data on users
Todis Consulting declares that it does not sell or lend the personal data collected for processing to other persons or institutions, except with the express consent or at the request of the user, or at the request of state authorities authorized by law for the purposes of proceedings or activities related to security or defense matters, for legally defined tasks carried out for the public good, when it is necessary to fulfill the legally justified purposes of Todis Consulting, in particular to prepare a response to a request for quotation for software produced by an entity that is a partner of Todis Consulting based in the United States or other countries, including: Epicor Software Corporation and Deltek, Inc.