Privacy Policy

1. Who are we and how to find us

The controller of your personal data collected via the www.ptt-consulting.comwebsite (hereinafter: “Website“) is PTT Consulting spółka z ograniczoną odpowiedzialnością with its registered seat in Warszawa (address: Plac Bankowy 2, 00-095 Warszawa), KRS number: 0000559476, with Statistical Number (REGON): 361587729 and Tax Identification Number (NIP): 7010485882 (hereinafter: “Controller“).

In all matters regarding the protection of personal data, you can contact the Controller by e-mail: office@ptt-consulting.com

2. How and why we process your personal data

CONTACT WITH THE CONTROLLER

By contacting us (e.g. via contact forms, chat, e-mail or other contact details provided on the Website), you can provide us with your personal data, including information contained in the content of correspondence or provided during a telephone conversation.

The legal basis for the processing of data that you provide to us by contacting us is Article 6 section 1 letter f) of Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: “GDPR”), (i.e. “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party“). This legitimate interest is the willingness to answer the questions asked, including those regarding the Controller’s activity and offer as well as the possibility of cooperation.

OPERATING DATA

We can process the data of each Website user characterizing the way they use our Website (these are the so-called operational data, mostly anonymous). This processing includes automatic reading of a unique marking identifying the end of the telecommunications network or the ICT system you use, as well as the date and time of the server, information about the technical parameters of the software and device you use (e.g. whether you are browsing our website using a laptop or telephone), as well as the place from which you connect to our server. This information may be used by us for marketing purposes, market research and to improve the operation of the Website. The data stored in the server logs are not associated with specific persons using the Website. Server logs are only auxiliary material used to administer the Website.

The legal basis for the operational data processing operation is Article 6 section 1 letter f) of the GDPR (i.e. “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party“). This legitimate interest is to enable the diagnosis of errors on the Website and to improve its quality.

MARKETING OF CONTROLLER’S OWN SERVICES

After obtaining a separate consent, we may process your personal data for marketing purposes, including sending you commercial, promotional, advertising or marketing information.

The legal basis for the processing of your personal data for these purposes is, as a rule, Article 6 section 1 letter a) of the GDPR (i.e. “the data subject has given consent to the processing of his or her personal data for one or more specific purposes“). You can withdraw your consent at any time – without affecting the lawfulness of the processing that was made on the basis of consent before its withdrawal.

In some cases, the legal basis for the processing of your personal data for direct marketing purposes may be the legitimate interest of the controller (Article 6 section 1 letter f) of the GDPR – i.e. “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party” in connection with Recital 47 of the GDPR, which states that: “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest“). Pursuant to Recital 47 of the GDPR, such a legitimate interest may exist in cases where there is a significant and appropriate type of relationship between the data subject and the data controller – for example, where the data subject is a customer of the controller. Remember that you always have the right to object at any time and free of charge to this processing, primary or further – including profiling, as long as it is related to direct marketing. Once you object to the processing of your personal data for direct marketing purposes – the data Controller may no longer process your data for such purposes.

PURSUING OF CLAIMS

The content of correspondence with you may be archived. You have the right to request a history of correspondence that you have conducted with us (if it has been archived), as well as request its removal, unless its archiving is justified due to our overriding interests.

The legal basis for the processing of your personal data after the end of contact with us is our legitimate interest in the form of the need to ensure the possibility of demonstrating certain facts in the future. Therefore, we may process your personal data in order to establish, pursue or defend against claims pursuant to Article 6 section 1 letter f) of the GDPR (i.e. “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party“).

COOKIES

Like almost all other websites, we use cookies. Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our ICT system.

Cookies allow us to:

  1. ensure the proper functioning of the Website,
  2. improve the speed and security of using the Website,
  3. use analytical tools,
  4. use marketing tools.

We use cookies on the basis of your consent, except when cookies are necessary for the proper provision of electronic services to you.

In the situation specified in point 1, 2 and 3, we process the information contained in cookies on the basis of Article 6 section 1 letter f) of the GDPR (i.e. “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party“). This legitimate interest is to ensure the proper functioning of the Website, as well as to monitor and analyse traffic and keep statistics of visits to the Website.

In the situation specified in point 4 (in the case of processing your personal data for marketing purposes, i.e. for the purposes of advertising, market research and your behaviour and preferences with the purpose of the results of these studies for the purpose of improving the quality of our services), we process the information contained in cookies on the basis of Article 6 section 1 letter a) of the GDPR (i.e. “the data subject has given consent to the processing of his or her personal data for one or more specific purposes“).

We use cookies on the basis of your consent, except when cookies are necessary for the proper provision of electronic services to you.

During your first visit to the Website, you are shown information on the use of cookies. Accepting this information means that you consent to the use of cookies in accordance with the provisions of this privacy policy for all purposes described above. You can always withdraw your consent (without affecting the legality of processing before withdrawing consent) by deleting cookies and changing cookie settings in your browser.

Importantly, you do not have to provide us with information contained in cookies. This can be prevented by deleting cookies and changing cookie settings in your web browser. Opting out of cookies usually applies only to a specific browser – this means that the same actions will have to be taken for any other browser you use on the same or other device.

You can also use tools that allow you to collectively manage cookie settings and browser plug-ins that allow you to control cookie files. Internet browsers also offer the possibility of using the so-called cookies. “incognito mode”, which allows you to visit websites without saving information about visited websites and downloaded files in the browser history. Cookies created in incognito mode are generally deleted when all windows of this mode are closed.

Remember, however, that disabling cookies may cause difficulties in using the Website, as well as many other websites that use cookies.

LINKS TO THE CONTROLLER SOCIAL MEDIA PROFILES

We run profiles on the following social media: (i) Facebook: https://www.facebook.com/pttconsulting// and (ii) LinkedIn: https://www.linkedin.com/company/ptt-consulting

The Website contains links to the above. social media, thanks to which you can quickly find our pages on these portals. These are the so-called social plug-ins that are activated only after you click them, when your browser connects to a given portal. Then, information is also transferred to this portal, including your personal data. If you are logged in to a given portal by clicking the plug-in, information about visiting our Website may be sent via your account on this portal and this fact may be saved on your account on a given social networking site.

By displaying a page containing such a plug-in, your browser will establish a direct connection with the servers of social network administrators. The content of the plugin is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile with a given service provider or are not currently logged in to it. Such information (often together with your IP address) can be sent by your browser directly to the server of a given service provider and stored there. If you have logged in to one of the social networking sites, this service provider will be able to directly assign a visit to our Website to your profile on a given social networking site.

For information on the purposes and scope of personal data collection, further processing and use of them by Facebook and LinkedIn, as well as information on your rights and the possibility of changing settings for privacy protection, please refer to the relevant privacy policy of the following services: (i) Facebook: https://www.facebook.com/privacy/explanation, (ii) LinkedIn: https://pl.linkedin.com/legal/privacy-policy.

If you do not want social media to collect data about you through our Website, you should log out of them before visiting our Website. You can also prevent plug-ins from being loaded on the Website completely by using the appropriate extensions for your browser.

3. What personal data we process

We may process the following categories of information about you:

  1. data of persons contacting the Controller:
    • name and surname,
    • telephone number,
    • e-mail address,
    • other data that may be included by the sender in the content of the message and in the documents attached to it or provided during a telephone conversation.
  2. operational data concerning all Website users:
    • IP address of the device,
    • date and time of the server,
    • location of the end device from which the user connects to the Website,
    • technical parameters of the device and software used by the user,
    • data on the content viewed on the Website (the way of moving between subpages of the Website, browsing time, frequency of visits),
    • data on the source from which the user came to the Website,
    • geographical location (country),
    • preferred language (device interface language),
    • mouse actions (movements, locations, clicks) and keystrokes,
    • referrer URL and its domain,
    • device screen resolution,
    • online identifiers, internet protocol addresses and device identifiers.

4. To whom we disclose your personal data

In our business activities, we use the support of specialized external entities that may or must have access to some of your data – these are, among others, entities providing services in the field of IT, accounting, legal, hosting, mailing system providers, analytical and marketing tools providers, social plug-in providers, as well as our trusted partners and associates. Data of Website users may also be disclosed to external entities providing us with services related to cookie files.

The data of all users of the Website and persons contacting us are processed in the IT system, partly in the so-called public cloud computing provided by third parties.

Information related to your use of the Website may also be accessed by recipients authorized by law to receive it (e.g. state administration authorities in the event of such a request).

Some of the operations described above involve the transfer of your personal data to the so-called third countries (outside the European Economic Area), where the GDPR does not apply. However, this is always based on the legal instruments provided for in the GDPR, guaranteeing adequate protection of your rights and freedoms.

In the case of the transfer of personal data to a third country within the meaning of the GDPR, when the European Commission has not issued a decision on the adequate protection of personal data for those countries (in accordance with Article 45 of the GDPR), we take appropriate measures to ensure an adequate level of data protection in the event of transfer. These include the European Union’s standard contractual clauses or binding internal data protection regulations. In cases where this is not possible, we base the transfer of data on the exceptions described in Article 49 of the GDPR, in particular express consent or the necessity of the data transfer to fulfil the terms of the contract or to perform pre-contractual activities. The legal basis for data transfers to third countries is therefore, unless otherwise stated, the consent referred to in Article 6 section 1 letter a) of the GDPR in conjunction with Article 49 section 1 letter a) of the GDPR. At the same time, we would like to inform you that in the case of sending data to a third country for which there is no decision on adequate protection of personal data or adequate guarantees, there is a possibility and risk that authorities in the third country in question (for example, intelligence services) will gain access to the transferred data for the purpose of collection and analysis, and that the possibility of enforcing the rights of data subjects cannot be guaranteed.

5. How long we process your personal data

Your personal data related to your visit to our Website will be processed for the duration of your use of the Website, and in justified cases also later for the period necessary for the limitation of claims specified in the relevant regulations.

Personal data provided via the means of communication selected by you will be stored no longer than it is necessary to provide a response, and after that time they may be stored only in justified cases for the period necessary to expire claims specified in the relevant regulations.

The processing of your personal data contained in cookies lasts until the possibility of their use is disabled. You can do this by deleting cookies and changing cookie settings in your browser.

The processing of your personal data based on consent as a legalization condition lasts until the consent is withdrawn.

6. How do we enable you to realize your rights

We make every effort to ensure that you are satisfied with the cooperation with us. Remember, however, that you have many rights that will allow you to influence the way we process your personal data, and in some cases, stop such processing. These rights are:

  • the right of access by the data subject (regulated in Article 15 of the GDPR)

Article 15
Right of access by the data subject

  1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
    (a) the purposes of the processing;
    (b) the categories of personal data concerned;
    (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    (f) the right to lodge a complaint with a supervisory authority;
    (g) where the personal data are not collected from the data subject, any available information as to their source
    (h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  1. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
  2. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  3. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
  • right to rectification of your data (regulated in Article 16 of the GDPR)

Article 16
Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • right to erase your data (regulated in Article 17 of the GDPR)

Article 17
Right to erasure (‘right to be forgotten’)

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    (b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
    (c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
    (d) the personal data have been unlawfully processed;
    (e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    (f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
  1. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  2. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
    (a) for exercising the right of freedom of expression and information;
    (b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    (c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
    (d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    (e) for the establishment, exercise or defence of legal claims.
  •  right to restrict of processing of your data (regulated in Article 18 of the GDPR)

Article 18
Right to restriction of processing

  1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
    (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
    (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
    (d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
  1. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  2. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
  •  right to object to the processing of your data (regulated in Article 21 of the GDPR)

Article 21
Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
  • right to data portability of your data (regulated in Article 20 of the GDPR)

Article 20
Right to data portability

  1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
    (a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
    (b) the processing is carried out by automated means.
  1. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  2. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  3. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

To exercise any of the rights described above, please contact us, e.g. by e-mail to the address we used to contact you, or to the following address: office@ptt-consulting.com

7. Complaint to the supervisory authority

According to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data has violated or violates the provisions of the GDPR.

In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych). Detailed information (including contact details) can be obtained on the website available at: https://uodo.gov.pl/en

If you want to contact another supervisory authority responsible for the protection of personal data – visit the website of the European Data Protection Board available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

8. Is submitting personal data necessary for concluding an agreement with us

Your personal data obtained in connection with the use of our Website are not collected in order to conclude a contract with you within the meaning of the GDPR.

Providing the personal data selected by you when contacting us via the communication channel selected by you is completely voluntary, but in most situations it may be necessary to respond to your inquiry.

You do not have to provide us with information contained in cookies. You can prevent this by deleting cookies and changing cookie settings in your web browser. Detailed information on the possibilities and ways of handling cookies are available in the browser settings. Remember, however, that changing the cookie settings in such a way that the possibility of using the information contained in them will be blocked may cause difficulties in using the Website and other websites.

9. How do we obtain your personal data

We obtain the data of Website users and persons contacting us only for them.

We obtain other data, including anonymous operational data and personal data related to the use of cookies, in an automatic manner – however, these are usually not personal data within the meaning of the GDPR.

10. Automated decision-making, profiling

We do not make decisions solely based on automated processing of your personal data, including profiling, within the meaning of the GDPR.