Privacy Policy

DATA PROTECTION STATEMENT

Wherever Certiget processes personal data, such processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR), for the purposes specified in this data protection statement and for purposes indicated in any additional privacy information we provide to you when we collect data.

RESPONSIBLE ENTITY

The controller of personal data is Certiget sp. z.o.o., located at ul. Sarmacka 20a/14, 02-972 Warsaw, registered in the business register maintained by the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register, KRS 0001060298, NIP: 9512578741, REGON: 526478579.

You can contact the data controller (Certiget):

  • in writing at: Certiget sp. z.o.o., ul. Sarmacka 20a/14, 02-972 Warsaw
  • via email at: [email protected]

Depending on how you use the website www.certiget.pl www.certiget.eu and the scope of consents and events related to cooperation, the personal data of Users may be processed for the following purposes:

  • to establish contact, provide the service of obtaining offers, prepare a comparative offer summary, and provide additional support,
  • to establish contact and publish a review in the profile of a certification body,
  • for analytical and statistical purposes,
  • for marketing purposes (including newsletter sending) and receiving commercial information at the provided email address,
  • to fulfill legal obligations of the controller based on generally applicable laws.

During the execution of our service, it is necessary for you to provide us with personal data that is essential or data we are required to collect to fulfill a legal obligation, initiate, continue, and conclude business relationships, and fulfill our contractual obligations. The consequence of not providing the personal data required by Certiget is the inability to conclude and execute the agreement.

  1. We inform you that we will process the following categories of data necessary for providing services:
  • Data provided by the User – first name, last name, email address, phone number, NIP, REGON, company name, street, city, country, information about the company related to the scope of implementation and certification and its valuation.

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and all other relevant regulations. Regardless, there may always be processing contexts in which we process data not listed in the privacy policy. In such cases, you will receive separate data protection information regarding the specific situation, provided it is legally required.

  1. Personal data may originate, in particular, from the following sources:
  • from completed contact forms on the website or forms filled out during a meeting with a Certiget representative,
  • from telephone conversations, email correspondence, or other communication channels used by Certiget to provide the service,
  • from a person who provided the data with the user’s consent for the purpose of executing the Certiget service,
  • from publicly available sources (e.g., industry directories, contact information on websites or professional networks).
  1. Your personal data is stored as long as it is necessary to fulfill our contractual and legal obligations or as long as we can demonstrate our legitimate interest in processing it. If we have obtained your consent, we process the data until the consent is withdrawn. If the basis for data processing is the performance of a contract, personal data is processed as long as it is necessary to perform the contract, and thereafter for a period corresponding to the statute of limitations for mutual claims.

If we can no longer demonstrate the right to process your personal data, it will be regularly deleted unless we need to continue processing it for a limited period, e.g., to fulfill data retention obligations arising from applicable national and international trade, tax, and statute of limitations laws. The retention or documentation periods typically range from 3 to 10 years.

Data will be deleted after processing the request/completing the service. This process is concluded as soon as the matter is finally clarified and the contract is executed, and there are no legal obstacles to data retention (e.g., the data processing period specified by individual legal regulations has expired). If the basis for data processing is consent, data may be processed until the purpose for which it was collected is achieved or until the consent is withdrawn.

  1. Provided that the relevant conditions are met, the User whose data is concerned has the following rights:
  • the right to access information about their data that we process, in accordance with Article 15 of the GDPR,
  • the right to rectify inaccurate data, in accordance with Article 16 of the GDPR,
  • the right to delete data stored by us, in accordance with Article 17 of the GDPR,
  • the right to restrict processing of data stored by us, in accordance with Article 18 of the GDPR,
  • the right to data portability, in accordance with Article 20 of the GDPR,
  • the right to object, in accordance with Article 21 of the GDPR,
  • if the processing is based on consent, the data subject has the right to withdraw consent at any time with effect for the future, in accordance with Article 7(3) of the GDPR;
  • the right to lodge a complaint with a supervisory authority, in accordance with Article 77 of the GDPR, if the data subject believes that the processing of their personal data violates the GDPR.

Consent can be withdrawn by sending a message to [email protected], entering the subject "Withdrawal of consent to data processing" (the email address from which the message is sent should be the same as the one from which other information subject to processing was sent) or by letter to the above address. Consent can also be withdrawn in person, directly at the office.

  1. The appropriate supervisory authority for lodging a complaint regarding violations of the General Data Protection Regulation of 27 April 2016 is:

President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, email: [email protected]

  1. The recipients of personal data will be entities that adhere to confidentiality principles and comply with data protection requirements:
  • certification bodies, training companies, consulting firms with which Certiget cooperates in the process of collecting certification, implementation, and training offers,
  • service providers and entities acting on behalf of Certiget. These are companies in the categories of IT services, accounting, banking, telecommunications, consulting, and sales and marketing.
  • authorities entitled by law to receive the User's personal data.
  1. We do not apply a fully automated decision-making process within the meaning of Article 22 of the GDPR. Personal data will not be subject to automated decision-making. We use analytical tools to provide targeted information and recommendations about our offer. They allow us to conduct communication and advertising tailored to the needs of our customers, including market and opinion research.

To the extent that the user has consented, this service uses Google Analytics, a web analytics service provided by Google LLC.

  1. The Certiget service may use buttons for the following social networks:
  • Meta Platforms - Meta Platforms Ireland Limited, 1601 S. California Ave, Palo Alto, CA 94304, USA
  • LinkedIn - LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA
  • YouTube - YouTube, LLC, 901 Cherry Ave, San Bruno CA 94066, USA

The buttons display the logos of the respective social networks. However, these buttons are not standard social plugins, i.e., plugins provided by social networks, but links with button icons. These buttons are only activated by deliberate action (clicking).

When clicking the button, we have no control over the data collected and data processing operations. We are not responsible for this data processing, nor are we the "data controller" within the meaning of the GDPR. We also do not know the full scope of data collection, its legal basis, purposes, and storage periods. Therefore, the information provided here may be incomplete.

  1. Cookies and other similar technologies

The entity placing information in the form of cookies (so-called cookies) and other similar technologies on the end device (e.g., laptop, computer, smartphone, TV) and accessing them is Certiget.

What are cookies:

Cookies are IT data, in particular text files, stored on the end device of a user (e.g., computer, phone) visiting the website. Cookies contain, in particular, the domain name of the website they come from, the time of storage on the end device, and a unique name. Cookies store information that is often necessary for the proper functioning of a website. A unique number identifying the user's device may be stored in cookies, but the user's identity is not determined based on it. A website may place a cookie in the browser if the browser allows it. You can set your browser to prohibit the placement of cookies.

Types of cookies we may use:

Depending on the lifespan of cookies and other similar technologies, we use two basic types:

  • session cookies - temporary files stored on the user's end device until logging out, leaving the website and application, or turning off the software (web browser);
  • permanent cookies - stored on the user's end device for the time specified in the cookie parameters or until the user deletes them.

Depending on the purpose of cookies and other similar technologies, we use the following types:

  • necessary for the service to operate - authentication cookies used for services requiring authentication;
  • security cookies, e.g., used to detect authentication abuses;
  • functional cookies - enabling the "remembering" of selected user settings and personalization of the user interface, e.g., regarding the selected language;
  • statistical cookies - used to count statistics regarding websites and applications.

Why do we use cookies?

We use cookies and other similar technologies to provide services at the highest level.

Managing browser settings:

In many cases, software for browsing websites (web browser) by default allows storing information in the form of cookies and other similar technologies on the user's end device. However, the user can change these settings at any time.

In the most popular browsers, it is possible to:

  • accept cookies, allowing the user to fully use the options offered by websites;
  • manage cookies at the level of individual, selected websites;
  • set preferences for different types of cookies, such as accepting permanent cookies as session cookies, etc.;
  • block or delete cookies.

Consent to data collection:

The user of the service agrees to Certiget processing personal data collected during visits. including data stored in cookies. The consent is voluntary, and I am aware that I can withdraw it at any time by contacting Certiget.

  1. We reserve the right to change this data protection information in the future in accordance with applicable data protection laws and to adapt it if necessary to changing data protection realities. We will provide separate information on significant substantive changes.

Privacy Policy, 2nd edition, document approved on 17/04/2024