Privacy policy & Cookies

We wish to inform you that INPRO S.A. makes every effort to ensure the accountability and confidentiality of your personal data and its availability to authorised persons. Any personal data obtained by Inpro S.A. is processed in compliance with legal requirements (the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR" – the General Data Protection Regulation, the Personal Data Protection Act and detailed regulations) and to the extent as allowed for by statements of consent granted.

I. INFORMATION ON THE DATA CONTROLLER

The controller of your personal data is INPRO S.A. with its registered office at ul. Opata Jacka Rybińskiego 8, 80-320 Gdańsk, registered in the National Court Register under number KRS 0000306071, using tax ID (NIP) 5890008540, further the "Controller."

II. PERSONAL DATA PROTECTION OFFICER

Inpro S.A. appointed the personal data protection officer. If you have any doubts about the processing of your personal data, please contact the data protection officer by traditional post at the address in item 1 with the "Data Protection Officer" note, or by email: daneosobowe@inpro.com.pl

III. PURPOSES OF AND GROUNDS FOR PERSONAL DATA PROCESSING

To render the services to you as part of our activity, the Controller processes your personal data for various purposes, but always in compliance with law. You will find the specific purposes of personal data processing with legal grounds below.

For the purposes of tender enquiry, we process personal data such as:

• First name and surname,
• email address,
• telephone number.

The legal grounds for such data processing are provided by Article 6(1)(a) of the GDPR, which permits personal data processing if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

For the purposes of arranging a construction site visit, we process personal data such as:

• first name and surname,
• telephone number,
• email address.

The legal grounds for such data processing are provided by Article 6(1)(a) of the GDPR, which permits personal data processing if the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

For marketing purposes, we process personal data such as:

• first name and surname,
• telephone number,
• email address.

The legal grounds for such data processing are provided by Article 6(1)(a) of the GDPR, which permits personal data processing if the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

For the newsletter service For the purposes of tender enquiry, we process personal data such as:

• email address.

The legal grounds for such data processing are provided by Article 6(1)(a) of the GDPR, which permits personal data processing if the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

To create GDPR-related registers and schedules, including the register of customers who made an objection pursuant to the GDPR, we process such data as:  

• email address.

because, first, the provisions of the GDPR impose certain obligations to maintain documentation to demonstrate compliance and accountability; second, if you object, for example, to the processing of your personal data for marketing purposes, we must know in relation to whom direct marketing should not be used because he or she does not want that.

The legal grounds for such data processing is, first, Article 6(1)(c) of the GDPR, which permits the processing if it is necessary for compliance with a legal obligation to which the Personal data controller is subject; second, Article 6(1)(f) of the GDPR, which permits personal data processing if, by so doing, the Personal Data Controller pursues its legitimate interest (the Company's interest in this case is the knowledge about persons who exercise their rights under the GDPR);

For record and evidential purposes, we process personal data such as:

• first name and surname (if given),
• email address.

— to safeguard the information which may be used to demonstrate facts of legal significance. The legal grounds for such data processing are provided by Article 6(1)(f) of the GDPR, which permits personal data processing if, by so doing, the Personal Data Controller pursues its legitimate interest (the Company's interest in this case is to possess personal data which will permit proving certain facts related to the provision of services, e.g. upon request from an state official body);

For the analytical purpose, i.e. the examination and analysis of the activity on the Company's web site, we process personal data such as:

• date and time of the visit on the web site,
• type of the operating system,
• approximate location,
• type of the browser used for browsing the web site,
• time spent at the web site,
• subsites visited,
• the subsite at which the contact form was completed.

The legal grounds for such data processing are provided by Article 6(1)(f) of the GDPR, which permits personal data processing if, by so doing, the Personal Data Controller pursues its legitimate interest (the Company's interest in this case is to become familiar with the customers' activity at the web site);

To use cookies at the web site, we process text information (the cookies will be described at a relevant item). The legal grounds for such data processing are provided by Article 6(1)(a) of the GDPR, which permits personal data processing if voluntary consent has been given (when the web site is visited for the first time, a request for consent to use cookies will appear);

To manage the web site, we process personal data such as:

• IP address,
• server date and time,
• information on the browser,
• information on the operating system,

— that data is recorded automatically in the so-called server logs each time the Company's web site is used. Web site administration without the use of the server or such automatic recording would not be possible. The legal grounds for such data processing are provided by Article 6(1)(f) of the GDPR, which permits personal data processing if, by so doing, the Personal Data Controller pursues its legitimate interest (the Company's interest in this case is web site administration);

IV. COOKIES

1. 1. Like other entities, the Controller uses at its web site the so-called cookies or short pieces of text information recorded on the user's computer, telephone, tablet or another device. Cookies may be used by our system, and also by those of other entities whose services we use (e.g. Google).
2. 2. At the web site, cookies fulfil many functions, most often useful, which we will try to describe below (if this information is insufficient, please contact us):

• ensuring safety — cookies are used to authenticate users and prevent unauthorised use of the customer's panel. Thus, they are used to protect the user's personal data against unauthorised access;
• influence on the processes and efficient use of the web site — cookies are used to enable the efficient operation of the web site and the use of the functions available there, which is possible owing to, for example, the storage of the setup between the subsequent visits at the site. Owing to that, the web site and subsites may be browsed efficiently;
• session state — information is often recorded in cookies on the frequency of visits at the web site, for example on which subsites are displayed most often. Cookies also permit the identification of errors displayed at certain subsites. Cookies used to record the so-called "session state" help to improve the service and enhance the comfort of web site browsing;
• maintenance of the session state — if the customer logs in to his or her panel, the cookies enable the maintenance of the session state. This means that after going to another subsite it is not necessary to enter the login and password again, which enhances the comfort of use of the web site;
• generation of statistics — cookies are used to analyse the way of using the web site by the users (how many of them open the web site, how long they stay there, and which contents is of the greatest interest etc.). Owing to that, the web site can be improved on an ongoing basis and its operation adjusted to user preferences. To monitor activity and generate statistics, we use Google tools such as Google Analytics; in addition to the reporting of web site use statistics, the pixel-based Google Analytics may also be used, along with some of the cookies described above, to assist in displaying more suitable contents in Google services (e.g. in the Google browser) and in the entire network.

3. It is important that many cookies are anonymised – without additional information we are unable to establish your identity.
4. Your web browser permits the use of the cookies in your device by default, therefore during the first visit we ask you for consent to use cookies. If you do not wish cookies to be used when you browse a web site, you can change the setup in the browser i.e. block the automatic servicing of cookies completely or demand a notice on placing cookies in the device each time. The setup may be changed any time.
5. We respect the autonomy of all persons using the web site, however, we feel obliged to warn you that disabling or restricting the servicing of cookies may cause quite serious problems with web site use, e.g. it may be necessary to log at each subsite, the web site loading time may be longer, there may be restrictions in the use of the functionalities or in liking the web site on Facebook etc.

V. RIGHT TO WITHDRAW CONSENT

1. If personal data is processed on the basis of your consent, you can withdraw it at any time at your discretion.
2. If you would like to withdraw your consent to personal data processing, it is enough to:

• send a message to our Data Protection Officer at daneosobowe@inpro.com.pl
• or by traditional post to: INPRO S.A., ul. Opata Jacka Rybińskiego 8, 80-320 Gdańsk, with a note: "Data Protection Officer".,

3. If your personal data was processed on the basis of consent, its withdrawal does not cause the personal data processing until withdrawal to be unlawful. In other words, until consent withdrawal we have the right to process your personal data and consent withdrawal does not affect the lawfulness of previous processing.

VI. INFORMATION ON WHETHER YOU NEED TO GIVE YOUR PERSONAL DATA

1. Giving any personal data is voluntary and depends on your decision. 
   In some cases, however, giving certain personal data is necessary to you to use a service or meet your requirements with regard to the use of the services provided by the Controller or third parties (other Data Controllers or data processing entities).
2. To ask about an offer, you must give us your full name, telephone number and e-mail, otherwise we are unable to present our offer to you.
3. To arrange a site visit, you must give us your full name, telephone number and e-mail, otherwise we are unable to render this service to you.
4. To receive marketing information and the newsletter, you must give us your e-mail, otherwise we are unable to send such information and newsletter to you.

VII. AUTOMATED DECISION MAKING

We wish to inform you that we do not effect automated decision making including based on profiling. The contents of a query sent through a contact form is not evaluated by an IT system. The proposed price of a unit does not, in any way, result from an assessment by any IT system.

VIII. PERSONAL DATA RECIPIENTS

1. As most entrepreneurs, in our activity we are assisted by other entities, which is often related to the need to transfer personal data. In relation to the above, if necessary, we transfer your personal data to the following entities: lawyers working with us, who provide their services, to the hosting company, the company responsible for sending the newsletter, the IT company and the insurance company (if there is a need to repair damage).
2. In addition to that, based on the relevant provision of law or decision of a competent official body, we may have to transfer your personal data to other public or private entities. It is therefore very difficult for us to foresee who may require the disclosure of personal data. We assure you, however, for our part, that we analyse each demand for personal data disclosure very carefully and in depth to prevent accidental transfer of information to an unauthorised person.

IX. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

1. As most entrepreneurs, we use popular services and technologies offered by entities such as Microsoft or Google. Those companies have their registered offices outside the European Union, therefore they are treated as third countries in the light of the provisions of GDPR.
2. The GDPR introduces certain restrictions on the transfer of personal data to third states because, as the EU regulations do not apply there as a rule, the protection of EU citizens' personal data may be, unfortunately, be insufficient. That is why each personal data controller is obliged to establish the legal grounds for such transfer.
3. We assure you, for our part, that why using the services and technology we transfer personal data to entities in the United States and only such entities which joined the Privacy Shield programme, on the basis of the executive decision of the European Commission of 12 July 2016. More information on the subject is available at the European Commission's web site at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_pl. Entities which joined the Privacy Shield programme guarantee that they will comply with high personal data protection standards in force in the European Union, therefore using the services and technologies offered by those entities in the personal data processing is lawful.
4. We can provide you with additional explanations on the transfer of personal data at any time, particularly when this issue gives you the cause for concern.
5. You have the right to obtain the copy of personal data transferred to a third state at any time.

X. PERIOD OF PERSONAL DATA PROCESSING

1. Pursuant to current regulations, we do not process your personal data "on end," but only for the time necessary to achieve the stated aim. After that period, your personal data will be irrevocably removed or destroyed.
2. If we do not need to perform any operations on your personal data other than data storage (e.g. when we store an instruction for the purposes of protection against claims, we additionally secure the data through pseudonymisation until permanent removal. Pseudonymisation is such personal data or personal data set encryption that data cannot be read without an additional key, thus such information becomes useless to an unauthorised person.
3. With regard to the various personal data processing periods, we wish to inform you that we store personal data for the following period:
    

   a) until withdrawal of consent or such time as the processing aim has been achieved, but not longer than 5 years – with regard to personal data processed on the basis of consent;

   b) until effective submission of an objection or until such time as the processing aim has been achieved, but not longer than 5 years – with regard to personal data processed on the basis the legitimate interest of the Personal Data Controller or for marketing purposes;

   c) until such time as the data becomes out of date or useless, but not longer than 3 years – with regard to personal data processed mainly for analytical purposes, the use of cookies or for web site administration.

4. To facilitate the personal data removal or destruction process, we count periods in years from the end of the year in which we started personal data processing. Counting the time separately for each agreement would be related to significant organisational and technical difficulties and to considerable costs, therefore fixing one date for personal data removal or destruction permits us to manage the process more efficiently. Obviously, if you exercise your right to be forgotten, such cases are considered on a case specific basis.
5. The additional year related to the processing of personal data gathered to perform the agreement is allowed for because you may, theoretically, make a claim just before the expiry of the period of limitation, your claim may be delivered with a significant delay or you may wrongly specify the time of the limitation of your claim.

XI. DATA SUBJECTS' RIGHTS

1. Please be informed that you have the right to:

• gain access to your personal data, including the receipt of its copy;
• correct personal data,
• remove personal data,
• restrict the processing of personal data,
• object the processing of personal data,
• transfer personal data,
• not subject yourself to a decision based only on automated processing (including profiling).

2. We would point out that the rights mentioned above are not absolute in nature, therefore we may lawfully refuse to abide by them in certain situations. If we refuse to meet the demand, however, we only do so following careful analysis and only when the refusal to meet the demand is necessary.
3. With regard to the right to lodge an objection, you have the right to object personal data processing on the basis of the Personal Data Controller's legitimate interest (as listed in item III) in relation to your special circumstances. You must remember, however, that we may lawfully refuse to meet the objection if we demonstrate that:

• there are legally justified grounds for the processing, which are superior in relation your interests, rights and freedoms, or
• there are grounds for establishing, pursuance or defence of interests.

4. Moreover, you can lodge an objection against the processing of your personal data for marketing and newsletter (information bulletin) purposes. In such a situation, on receipt of your objection, we will stop data processing for that purpose.
5. You can exercise your rights through:

• sending a message directly to our Personal Data Protection Officer at daneosobowe@inpro.com.pl or by traditional post to INPRO S.A., ul. Opata Jacka Rybińskiego 8, 80-320 Gdańsk, with a note: "Data Protection Officer".

XII. THE RIGHT TO LODGE A COMPLAINT

If you think that your personal data is processed against current law, you may lodge a complaint at the supervisory authority – the President of the Personal Data Protection Office. 

XIII. FINAL PROVISIONS

1. The matters not dealt with in this  Privacy Policy are governed by the personal data protection regulations.
2. You will be informed about any amendments to this Privacy Policy by electronic means through the publication of this Policy at the controller's web site at www.inpro.com.pl
3. This Privacy Policy has been effective from 25 May 2018.