Skip to Content

PRIVACY POLICY

Solvti sp. z o.o.

I. GENERAL PROVISIONSII. DEFINITIONSIII.  CHANGES TO THE PRIVACY POLICYIV.  SCOPE OF DATA PROCESSED V.  SOURCES OF DATA COLLECTION VI. PURPOSES AND LEGAL BASES FOR DATA PROCESSINGVII. DATA OF PERSONS REPRESENTING CLIENTSVIII. RECIPIENTS OF PERSONAL DATAIX. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREAX. DATA RETENTION PERIODXI. RIGHTS OF DATA SUBJECTSXII. INFORMATION ON WHETHER THE PROVISION OF DATA IS MANDATORY OR VOLUNTARYXIII. AUTOMATED DECISION-MAKING AND PROFILINGXIV. DATA SECURITYXV. DATA RELATED TO THE USE OF THE WEBSITEXVI. LINKS TO OTHER WEBSITES AND EXTERNAL SERVICESXVII.  CHANGES TO THE PRIVACY POLICYXVIII. RECIPIENTS OF PERSONAL DATAXVI.  FINAL PROVISIONS

I. GENERAL PROVISIONS

  1. This Privacy Policy sets out the rules governing the processing of personal data by Solvti Sp. z o.o., with its registered office at ul. Strzegomska 42Ab, 53-611 Wrocław, entered in the Register of Entrepreneurs of the National Court Register under number 0000904919, holding NIP number 8943167485 and REGON number 388666333, hereinafter referred to as the “Controller” or the “Company”.

  2. This Privacy Policy applies to personal data processed in connection with:

    1. the use of the Controller’s website,
    2. contact with the Controller, including via contact forms, electronic mail, telephone, and social media,
    3. the establishment and maintenance of business relations with clients, contractors and partners,
    4. the conclusion and performance of contracts,
    5. marketing and sales activities conducted by the Controller.
  3. The controller of personal data is Solvti Sp. z o.o.
  4. The Controller may be contacted:
  5. in writing – at the registered office address indicated above,
  6. by electronic means – at the following e-mail address: office@solvti.com
  7. If the Controller has appointed a data protection officer, information in this regard, together with the relevant contact details, shall be provided on the website or in a separate notice addressed to the data subjects.
  8. The Controller exercises due diligence in order to protect the interests of the data subjects and, in particular, ensures that the data collected are:
  9. processed lawfully, fairly and in a transparent manner,
  10. collected for specified, explicit and legitimate purposes,
  11. adequate, relevant and limited to what is necessary for the purposes for which they are processed,
  12. accurate and, where necessary, kept up to date,
  13. stored for no longer than is necessary for the purposes of processing,
  14. secured by applying appropriate technical and organisational measures.

II. DEFINITIONS

For the purposes of this Privacy Policy, the following definitions shall apply:

  1. Personal Data – shall mean any information relating to an identified or identifiable natural person;
  2. GDPR – shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016;
  3. User – shall mean any person visiting the Controller’s website or contacting the Controller;
  4. Client – shall mean a natural person, or a person acting on behalf of a legal person or organisational unit, who uses the Controller’s services or is interested in acquiring them;
  5. Contractor – shall mean an entity cooperating with the Controller, including a supplier, business partner, or their representative;
  6. Website – shall mean the website operated by the Controller together with its subpages.

III.  CHANGES TO THE PRIVACY POLICY

  1. The Controller may process the personal data of the following categories of persons:

    1. users visiting the website;
    2. persons contacting the Controller via a contact form, e-mail, telephone, or other means of communication;
    3. persons representing clients, contractors, business partners and suppliers;
    4. persons designated by clients or contractors as contact persons;
    5. clients who are natural persons conducting business activity;
    6. potential clients interested in the Controller’s offer;
    7. persons who have consented to receive commercial or marketing information, if the Controller conducts such activities.

IV.  SCOPE OF DATA PROCESSED 

  1. In particular, the Controller may process the following personal data:

    1. first name and surname,
    2. business position,
    3. company or organisation name,
    4. e-mail address,
    5. telephone number,
    6. correspondence address or business address,
    7. business identification data, including NIP, where applicable,
    8. the content of messages, enquiries or correspondence,
    9. data relating to business cooperation, orders, contractual arrangements and settlements,
    10. data contained in documents provided to the Controller in connection with ongoing cooperation or a request for proposal

  2. In connection with the use of the website, the Controller may also process operational and technical data, such as:

      1. IP address,
      2. approximate location derived from the IP address,
      3. date and time of the visit,
      4. information about the end device and operating system,
      5. information about the web browser, server logs,
      6. information about activity on the website.

3. The scope of data processed by the Controller depends on the purpose of processing and the manner in which a given person enters into a relationship with the Controller.

V.  SOURCES OF DATA COLLECTION


1.The Controller obtains personal data directly from the data subjects, in particular through:

    1. contact forms,
    2. e-mail contact,
    3. telephone contact,
    4. business meetings,
    5. the conclusion and performance of contracts.

Without these cookies, the use of certain website functions may be impossible or hindered.

2. Personal data may also be obtained indirectly, in particular:

  1. from the employer, principal, or entity represented by the person concerned,
  2. from clients, contractors or business partners who indicate a given person as a contact person or as a person responsible for the performance of cooperation,
  3. from publicly available registers, websites or databases related to the conduct of business activity,
  4. from other lawful sources.


3. Analytical and statistical cookies

Where data are obtained indirectly, i.e. not directly from the data subject, the Controller usually processes identification data, contact data, and data concerning that person’s professional role or business relationship.

VI. PURPOSES AND LEGAL BASES FOR DATA PROCESSING

The Controller processes personal data for the following purposes:

  1. Contact and handling of enquiries

For the purpose of responding to a message, request for proposal, request for contact, or any other submission sent to the Controller.

The legal basis for processing is:

    1. Article 6(1)(b) GDPR – where actions are taken at the request of the person concerned prior to entering into a contract,
    2. Article 6(1)(f) GDPR – the Controller’s legitimate interest consisting in maintaining communication and handling enquiries addressed to it.


2. Presentation of the offer and conduct of the sales process

For the purpose of preparing an offer, quotation, presentation of services, conducting business discussions, negotiating the terms of cooperation, and maintaining relations with potential clients.

The legal basis for processing is:

    1. Article 6(1)(b) GDPR – insofar as actions are aimed at entering into a contract,
    2. Article 6(1)(f) GDPR – insofar as the Controller’s legitimate interest consists in developing its business activity and maintaining business relations.


3. Conclusion and performance of a contract

For the purpose of concluding, performing, settling, day-to-day handling, and terminating a contract concluded with a client, contractor or business partner.

The legal basis for processing is Article 6(1)(b) GDPR.


4. Compliance with legal obligations

For the purpose of complying with obligations arising from provisions of law, in particular tax law, accounting law, regulations concerning archiving, pursuing claims, handling complaints, or performing obligations related to the protection of personal data.

The legal basis for processing is Article 6(1)(c) GDPR.


5. Pursuit of claims and defence against claims

For the purpose of establishing, pursuing or defending against claims related to the business activity carried out, contracts concluded, or other business relationships.

The legal basis for processing is Article 6(1)(f) GDPR.


6. Direct marketing of the Controller’s own services

For the purpose of conducting direct marketing relating to the Controller’s own services and business activity, including contacting potential clients, presenting information about the offer, or maintaining commercial relations.

The legal basis for processing is Article 6(1)(f) GDPR, and where separate provisions require consent for a particular form of communication – also the consent expressed by the data subject.


7. Sending commercial information or marketing materials

If the Controller operates a newsletter, marketing mailing, or another form of marketing communication requiring consent, personal data are processed for the purpose of sending such content.

The legal basis for processing is Article 6(1)(a) GDPR, i.e. the consent of the data subject.


8. Ensuring the security, administration and proper functioning of the website

For the purpose of ensuring the security of IT systems, detecting abuse, preventing incidents, creating backups, diagnosing errors, and administering the website.

The legal basis for processing is Article 6(1)(f) GDPR.


9. Analysis of cooperation and organisation of business relations

For the purpose of organising cooperation with clients, suppliers and partners, including relationship management, document workflow, working arrangements, and communication between the parties.

The legal basis for processing is Article 6(1)(f) GDPR.


Where the Controller processes special categories of personal data, such processing takes place solely in cases permitted by law and upon fulfilment of the conditions set out in the GDPR.

As a rule, the Controller does not expect such data to be provided via contact forms or ordinary correspondence.

Provision of personal data is voluntary, but depending on the circumstances may be necessary for:

a. obtaining a response to an enquiry,

b. receiving an offer,

c. concluding or performing a contract,

d. complying with legal obligations.

Failure to provide data may result in the inability to initiate contact, prepare an offer, conclude a contract, or perform specified activities.

VII. DATA OF PERSONS REPRESENTING CLIENTS

  1. The Controller may process the personal data of persons acting on behalf of clients, contractors, suppliers and business partners, including members of governing bodies, attorneys-in-fact, employees and associates designated for contact or for the performance of cooperation.

  2. The scope of such data may include in particular:

    1. first name and surname,
    2. position,
    3. place of employment or the name of the represented entity,
    4. business contact details,
    5. data contained in correspondence and documents related to cooperation.

  3. Such data are processed for the purpose of:

    1. establishing and maintaining a business relationship,
    2. concluding and performing a contract,
    3. verifying the authority to represent,
    4. carrying out ongoing operational contact,
    5. securing claims.
  4. The legal basis for processing is Article 6(1)(f) GDPR and, where appropriate, also Article 6(1)(b) or (c) GDPR.

VIII. RECIPIENTS OF PERSONAL DATA

  1. Personal data may be disclosed to entities cooperating with the Controller only to the extent necessary to achieve the purposes of processing.

  2. In particular, the recipients of data may include:

    1. entities providing hosting, server, cloud and infrastructure services,
    2. providers of IT tools, e-mail systems, CRM, ERP, helpdesk, communication and analytical systems,
    3. entities providing programming, implementation, servicing, administrative, or IT support services,
    4. providers of accounting, audit, legal, debt collection and advisory services,
    5. postal operators and couriers,
    6. banks, payment operators or financial institutions – where related to the execution of settlements,
    7. entities authorised to receive data under provisions of law.
  3. Where a recipient processes data on behalf of the Controller, such processing takes place on the basis of an appropriate data processing agreement or another proper legal instrument.
  4. The Controller does not disclose personal data to third parties for their own purposes, unless there is a legal basis for doing so or the data subject has given consent thereto.

IX. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

  1. As a rule, the Controller processes personal data within the European Economic Area.
  2. In connection with the use of certain IT tools or services provided by technology suppliers, personal data may be transferred outside the European Economic Area.
  3. In such a case, the Controller shall ensure that the transfer of data takes place in accordance with the applicable provisions of law, in particular on the basis of:
    a. a European Commission decision establishing an adequate level of protection,
    b. standard contractual clauses,
    c. other appropriate safeguards provided for by the GDPR.
  4. The data subject may obtain additional information regarding the safeguards applied by contacting the Controller.

X. DATA RETENTION PERIOD

  1. Personal data shall be stored for the period necessary to achieve the purpose for which they were collected, and thereafter for the period resulting from provisions of law or necessary for the protection of claims.

  2. In particular:

    1. data related to the handling of enquiries and correspondence – for the duration of the correspondence and for the period necessary to demonstrate its course and handling of the matter, and thereafter until expiry of the limitation periods for claims;
    2. data processed for the purposes of preparing offers and pre-sales activities – for the duration of commercial discussions, and thereafter for the period justified by the need to document contacts and protect claims;
    3. data related to the conclusion and performance of a contract – for the duration of the contract and, after its termination, for the period required by law and necessary for pursuing or defending against claims;
    4. data contained in accounting and tax documentation – for the period required by law;
    5. data processed on the basis of consent – until consent is withdrawn or the purpose for which the consent was given ceases to exist;
    6. technical and operational data – for the period necessary to ensure security, diagnostics, analysis of system functioning, and website administration.
  3. Upon expiry of the relevant periods, the data shall be deleted or anonymised, unless their further retention is required by provisions of law.

XI. RIGHTS OF DATA SUBJECTS

  1. Each data subject shall have – in the cases provided for by law – the right to:

    1. access personal data,
    2. rectification of data,
    3. erasure of data,
    4. restriction of processing,
    5. data portability,
    6. object to the processing of data based on the Controller’s legitimate interest,
    7. withdraw consent at any time, where processing is based on consent, provided that the withdrawal of consent shall not affect the lawfulness of processing carried out prior to its withdrawal,
    8. lodge a complaint with the President of the Personal Data Protection Office.
  2. In order to exercise their rights, the data subject may contact the Controller using the contact details indicated in this Policy.
  3. The Controller may verify the identity of the person submitting a request if this is necessary for the proper handling of the request and for the protection of data against unauthorised disclosure.
  4. The Controller shall provide a response without undue delay, no later than within the time limit provided for by the applicable provisions of law.

XII. INFORMATION ON WHETHER THE PROVISION OF DATA IS MANDATORY OR VOLUNTARY

  1. As a rule, the provision of personal data is voluntary.

  2. In certain cases, however, the provision of data may be necessary in order to:

    1. respond to a message,
    2. prepare an offer or conduct the sales process,
    3. conclude and perform a contract,
    4. issue accounting documents,
    5. comply with obligations arising from provisions of law.
  3. If the data subject does not provide the required data, this may result in the inability to achieve the specified purpose.

XIII. AUTOMATED DECISION-MAKING AND PROFILING

  1. Personal data are not used by the Controller for decision-making based solely on automated processing which would produce legal effects concerning the data subject or similarly significantly affect them.
  2. If the Controller uses tools supporting analytics, marketing, or the organisation of the sales process, limited profiling may occur, consisting in analysing activity, interest in the offer, or contact history; however, this does not lead to decisions concerning a given person being taken solely by automated means within the meaning of the GDPR.
  3. If the nature of the processing changes, the Controller shall update this Privacy Policy accordingly.

XIV. DATA SECURITY

  1. The Controller applies appropriate technical and organisational measures aimed at protecting personal data against loss, destruction, disclosure, unauthorised access, alteration, or other unlawful processing.
  2. Such measures are selected taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of processing, and the risk of infringement of the rights or freedoms of natural persons.
  3. Access to personal data is granted solely to persons authorised by the Controller or entities acting on its behalf, and only to the extent necessary to achieve the specified purposes.

XV. DATA RELATED TO THE USE OF THE WEBSITE

  1. The use of the website may involve the processing of technical and operational data, including data recorded in server logs.

  2. Such data are used in particular for the purpose of:

    1. ensuring the proper functioning of the website,
    2. ensuring security and detecting abuse,
    3. diagnosing technical problems,
    4. administering the service.
  3. Detailed rules concerning cookies and similar technologies are described in a separate document: the Cookies Policy.

XVI. LINKS TO OTHER WEBSITES AND EXTERNAL SERVICES

  1. The Controller’s website may contain links to websites or services of third parties.
  2. This Privacy Policy does not apply to the data processing practices of third parties operating their own websites or services.
  3. The Controller recommends that the privacy policies of such entities be reviewed before using their services or providing them with any personal data.

XVII.  CHANGES TO THE PRIVACY POLICY

  1. The Controller may amend this Privacy Policy, in particular in the event of:

    1. changes in legal provisions,
    2. changes in the methods of processing personal data,
    3. implementation of new technological or organisational solutions,
    4. changes in the scope of services provided or website functionalities.
  2. The current version of the Privacy Policy shall be published on the Controller’s website.
  3. The current version of the Privacy Policy shall be published on the Controller’s website.
  4. Any amendment to the Privacy Policy shall become effective as of the date of its publication, unless otherwise provided in the amended version.

XVIII. RECIPIENTS OF PERSONAL DATA

  1. Personal data may be disclosed to entities cooperating with the Controller only to the extent necessary to achieve the purposes of processing.
  2. In particular, the recipients of data may include:

XVI.  FINAL PROVISIONS

  1. This Privacy Policy is of an informational nature.

2. In matters not governed by this Privacy Policy, the relevant provisions of law concerning the protection of personal data shall apply.

2. If you have any questions regarding this Privacy Policy or the manner in which personal data are processed by the Controller, please contact the Controller using the contact details indicated above.

Code for cookiebot