The Controller of personal data is QuantUp Sp. z o.o. with its principal business location at ul. Litewska 30/9, 51-354 Wrocław, Poland, NIP 8952210039 („Data Controller”). In all matters regarding personal data processing you may contact the appointed Data Protection Officer, e-mail iod@quantup.pl

In the activities of Data Controller, personal data are obtained:
2.1. in order to enter into a contract and for the performance of a contract regarding providing our services (pursuant to article 6 (b) GDPR)*;
2.2. for the purpose of organizing events, lectures – upon the received consent specifying the subject and purpose of data processing (pursuant to article 6 (a) GDPR);
2.3. for the purpose of work recruitment (pursuant to article 6 (b) GDPR), if applicant provides Data Controller with additional personal information not required by appropriate provisions of law, those personal information shall be processed on the basis of applicant’s consent (article 6 (a) GDPR), which may be withdrawn at any given time, without prejudice to the lawfulness of processing based on the consent before its withdrawal;
2.4. for the purposes of legitimate interests pursued by the Data Controller (pursuant to article 6 (a) GDPR) which include:
a) communication with you as our clients or users of our services, including through the use of our website contact form, telephone and email communication and through social media applications, or a newsletter,
b) by collecting cookies – for adjusting our website to user’s preferences, creating statistic data analysis, research, and website traffic auditing,
c) for the establishment, exercise or defence of legal claims which may potentially arise. * Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union of 2016, L 119/1 with amendments).

Providing Data Controller with personal data for the purpose of entering into or performing a contract is voluntary. However, refusal to provide Data Controller with personal information can make it impossible for Data Controller to provide services or may prevent you from attending certain events organized by Data Controller. Refusal to provide necessary information will make it impossible to take part in recruitment proceedings. Providing Data Controller with information collected within cookies is also voluntary, however changes to cookies settings may influence the performance of Data Controller’s website or social media accounts.

Your personal data will be processed for the period of:
4.1. duration of a contract, including providing you with our services, and after its termination for the period of time required by the appropriate provisions of law (such as accounting Act or other) or for the time specified in GDPR as the limitation period for claims;
4.2. for the duration of recruitment proceedings, and thereafter for the time specified in GDPR as the limitation period for claims; however if an applicant has given his or her consent for processing personal data for the purpose of future recruitment proceedings, such personal data will be processed until the consent is withdrawn;
4.3. until legitimate interests pursued by the Data Controller are fulfilled or until a justified objection is made on grounds relating to your particular situation;
4.4. if personal data are processed on the basis of your consent – until the consent is withdrawn or a purpose of the consent is fulfilled;
4.5. regarding data collected in cookies – until objection is made or until you change settings of your Internet browser

Your personal data may be transferred to entities which provide Data Controller with services, including maintenance of IT infrastructure, accounting services or services in computing cloud, on the basis of a data processing agreement obliging such processor to keep all information confidential. In order to assure safety of your personal data all data processors are obliged to fulfill requirements set out in GDPR provisions and other relevant data protection regulations. Data recipients may include entities from outside the European Union (including Google LLC, Atlassian, Inc., Zendesk, Inc.), on the grounds of legal safeguards approved by the European Commission i.e. Standard Contractual Clauses or other authorised grounds of transfer).

As data subject you are entitled to exercise the following rights:
6.1. access to the personal data – the right to obtain specific information about personal data processing, as well as to request a copy of the data;
6.2. rectification of personal data – the right to request correcting or completing inaccurate data;
6.3. erasure of personal data – the so-called right to be forgotten, in the situation where the processing of data is no longer legally justified;
6.4. restriction of processing – the right to request limited processing for the purposes of storage or other operations with the use of data, for the duration of justified reasons;
6.5. objection to the processing – in view of a particular situation of a person whose data are being processed;
6.6. data portability – the right to receive data in a structured, commonly used and machine-readable format, in the scope in which the data are processed on the basis of performing a contract or given consent;
6.7. making complaint against the processing of personal data to the relevant supervisory body, i.e. Chair of the Office for the Protection of Personal Data (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa) or other competent authority which may be established under relevant provisions of law.

Cookies are IT data, text files in particular, which are stored on the device which a user browses through our website with. Cookies collected through our website are used for statistical purpose and to improve performance of its functions. Data accumulated in logs are used solely for the purpose of server administration and for creating the statistical analysis. Such data contain information which is automatically obtained during a user’s access to our website, and include the public IP address of the device requesting access (which may be directly user’s IP), name of the client station – identification carried out by the http protocol (if possible), username provided in the authorization process, query arrival time, first line of http request, http response code, number of bytes sent by the server, the URL address of the site previously accessed by the user (referrer link), information of the web browser used, information about the transmission and reports of possible errors. You can change the settings regulating the access and storage of cookies using the settings of your browser or the end appliance with which you browse through the content of our website. Cookies are used to adapt the content of a website to the users’ preferences, to create statistics and to analyze users’ behavior, as well as supplementary materials used in server administration. Information included in cookies are not disclosed to any persons outside administration of a website and IT infrastructure. Cookies serve as a material to prepare general statistics of website visitors and created for website traffic auditing. Such general statistic summary does not include information allowing for personal identification of a particular visitor. In order to trace the activity and create statistics, Google tools are used, including Google Analytics. Cookies may be used by advertising networks, especially Google, to display adverts adapted to the way the user utilizes the service. To this end, they may store the information about the user’s navigation path or the length of time of accessing given website. Detailed information about the scope and the rules of gathering data in relation to this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners

If you wish to exercise any of your rights as data subject, or have a query in any other matter regarding personal data processing, please contact the appointed Data Protection Officer at iod@quantup.pl