montrose_logo

Privacy Policy

Read our Privacy Policy to learn more

Privacy policy of the website

  1. The Personal Data Administrator on the website at: www.montrosesoftware.com, hereinafter referred to as the Website, is Montrose Software (Polska) Sp. z o.o. based in Krakow and address: ul. Twardowskiego 65, 30-346 Kraków, registered in the District Court for Kraków - Śródmieście in Kraków, 11th Commercial Division of the National Court Register, under KRS number 0000442963, NIP 676-246-09-15, REGON: 122734584, e-mail address: biuro@montrosesoftware.com.

  2. Respecting your rights as subjects of personal data (data subjects) and respecting applicable law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection), hereinafter referred to as the GDPR, the Act of May 10, 2018 on the protection of personal data (Journal of Laws 2018, item 1000, hereinafter referred to as the Act) and other relevant provisions on the protection of personal data, we undertake to maintain the security and confidentiality of personal data obtained from you. All employees have been properly trained in the processing of personal data, and as the Personal Data Administrator, we have implemented appropriate safeguards as well as technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and policies for the protection of personal data in accordance with the GDPR, thanks to which we ensure compliance with the law and reliability of data processing processes, as well as the enforceability of all your rights as data subjects. Additionally, if necessary, we cooperate with the supervisory body in the territory of the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).

  3. We collect the following personal data on our website:

    1. name and surname - may be processed when, as users of our website (including clients or potential clients), you provide them to us via e-mail, the contact form available on our website, traditional mail or by telephone, in order to use our offer,

    2. telephone number - may be processed in the event of telephone contact on your part (including as customers or potential customers), and also when you provide it to us via e-mail, the contact form available on our website or traditional mail, in order to enabling us to contact you if there is such a need in connection with the provision of services to you, as well as to answer questions related to our offer,

    3. e-mail address - may be processed when, as users of our Website (including customers or potential customers), provide it to us in the event of contact via e-mail, the contact form available on our Website, as well as via traditional mail or by telephone contact; via e-mail address, we send you an order confirmation, we contact you if there is such a need related to the execution of the order, as well as answer questions related to our offer;

    4. Device IP address or browser ID - information resulting from the general principles of Internet connections, such as the IP address (and other information contained in system logs), are used for technical and statistical purposes, in particular to collect general demographic information (e.g. .about the region from which the connection is made),

    5. possibly other data may be collected as part of specific matters or may be provided by you as users of our Website (including customers or potential customers) via e-mail, the contact form available on the Website, traditional mail or by telephone contact.

  4. Providing the data indicated in the preceding point is necessary in the cases specified therein, including in particular:

    1. in order to use the services offered on our Website,

    2. in order to answer your questions and enable contact via e-mail, the contact form available on the Website, traditional mail or telephone contact,

    3. for voluntary registration (creating an Account by you) on our Website; in such a situation, we store the data provided by you to facilitate the use of services available on our Website in the future until you deregister (delete the Account),

  5. Our website uses cookie technology to adapt its functioning to your individual needs. Therefore, you can consent to the data and information entered by you being remembered, so that it will be possible to use them the next time you visit our website without the need to re-enter them. The owners of other websites will not have access to this data and information. However, if you do not agree to personalize the Website, we suggest disabling cookies in the options of your web browser.

  6. Each of you, as a person using our Website, has the option to choose whether and to what extent he wants to use our services and provide information and data about himself, to the extent specified in this Privacy Policy.

  7. In accordance with the principle of minimization, we process only the categories of personal data that are necessary to achieve the goals referred to in point. 3 and 4 above.

  8. We process personal data for the period necessary to achieve the goals listed in point. 3 and 4 above. Personal data may be processed for a longer period, if such a right or obligation imposed on us as the Administrator results from specific legal provisions, from the legitimate interest of the Administrator referred to in point. 10 lit. c below (i.e. for the period of limitation of claims or completion of relevant proceedings, if they were initiated during the limitation period) or when the service we provide is continuous.

  9. The source of the Personal Data processed by the Administrator are the data subjects.

  10. The legal basis for the processing of your personal data is:

    1. art. 6 sec. 1 lit. b GDPR, i.e. indispensability to perform a contract to which you are a party or to take steps at your request prior to entering into a contract, or

    2. art. 6 sec. 1 lit. c GDPR, i.e. necessity to fulfill the legal obligations incumbent on the Administrator, or

    3. art. 6 sec. 1 lit. f GDPR, i.e. the legitimate interest of the Administrator, which is the determination, investigation or defense of claims until their expiry or until the completion of the relevant proceedings, if they were initiated within this period, or

    4. art. 6 sec. 1 lit. a GDPR, i.e. your consent to the processing of personal data for specific purposes, when other legal grounds for the processing of personal data do not apply.

  11. Personal data is not transferred by us to a third country or an international organization within the meaning of the provisions of the GDPR. In the event that personal data are transferred to a third country or an international organization, you will be informed in advance, and the Administrator will apply the safeguards referred to in Chapter V of the GDPR.

  12. We do not disclose any personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorized by generally applicable law).

  13. In the case of the button "Like it!" or other links as part of the Application to the Administrator's accounts in social media, in the scope of data regarding in particular IP or internet browser ID, if the Administrator uses the products:

    1. Facebook (e.g. Facebook, Messenger, Instagram) - the above data is processed on the basis of co-administration with Facebook Ireland Ltd. with its registered office at: 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland,

    2. Google (e.g. YouTube, Maps) - the above data is processed on the basis of co-administration with Google Ireland Ltd. with its registered office at: 4 Barrow St, D04 E5W5, Dublin, Ireland (Google Building Gordon House).

    3. LinkedIn - the above data is processed on the basis of co-administration with LinkedIn Ireland Unlimited Company with its registered office at: Gardner House, 2 Wilton Place, Dublin 2 Ireland.

    4. Twitter - the above data is processed on the basis of co-administration with Twitter International Company with its registered office at: The Academy, 42 Pearse Street, Dublin 2, Ireland.

    5. Medium - the above data is processed on the basis of joint administration with VeraSafe Ireland Ltd. located at: Unit 3D North Point House (North Point Business Park) New Mallow Road Cork T23 AT 2P Ireland.

    6. GitHub - the above data is processed on the basis of co-administration with GitHub BV with its registered office at: Vijzelstraat 68-72, 1017 HL Amsterdam, the Netherlands

    7. If, in the cases referred to in this point, the transfer of personal data to third countries takes place, it is done on the terms set out in point. 11.

  14. Personal data may be entrusted for processing to entities processing such data on our behalf as the Personal Data Administrator. In such a situation, as the Personal Data Administrator, we conclude an agreement to entrust the processing of personal data with the processor. The processing entity processes the entrusted personal data only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to run our business on the Website. As the Personal Data Administrator, we entrust personal data for processing to the following entities:

    1. providing hosting services to the website on which our Website operates,

    2. providing us with other services that are necessary for the current functioning of the Website.

  15. Personal data are not profiled by us as the Administrator within the meaning of the provisions of the GDPR.

  16. In accordance with the provisions of the GDPR, each person whose personal data we process as the Personal Data Administrator has the right to:

    1. to be informed about the processing of personal data referred to in art. 12 GDPR,

    2. access to your personal data, as referred to in art. 15 GDPR,

    3. correcting, supplementing, updating, rectifying personal data referred to in art. 16 GDPR,

    4. deletion of data (the right to be forgotten), as per art. 17 GDPR,

    5. restriction of processing referred to in art. 18 GDPR,

    6. transfer the data referred to in art. 20 GDPR,

    7. object to the processing of personal data, as referred to in art. 21 GDPR,

    8. in the case of the legal basis referred to in point 10 lit. d above - the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,

    9. not being subject to the profiling referred to in Art. 22 in connection with art. 4 point 4 of the GDPR,

    10. lodging a complaint to the supervisory body (i.e. to the President of the Personal Data Protection Office) referred to in art. 77 GDPR, taking into account the rules of using and exercising these rights resulting from the provisions of the GDPR.

  17. If you want to exercise your rights referred to in the preceding point, please send a message by e-mail to the e-mail address or in writing to the correspondence address referred to in point 18 below.

  18. All inquiries, requests and complaints regarding the processing of personal data by the Administrator, hereinafter referred to as Application, should be sent to the following e-mail address: biuro@montrosesoftware.com or in writing to the following address of the Administrator: ul. Twardowskiego 65, 31-042 Krakow.

  19. The content of the Application should clearly indicate:

    1. data of the person or persons to whom the Application relates,

    2. the event that is the reason for the Application,

    3. present your requests and the legal basis for these requests,

    4. indicate the expected way of settling the matter.

  20. Each identified breach of security is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and the President of the Office for Personal Data Protection are informed about such a breach of the provisions on the protection of personal data.

  21. The provisions of this Privacy Policy apply to the possible extent, respectively, to all persons with whom we are in legal relations and for whom we are also the Administrator of their personal data, in particular in relation to our clients and contractors.

  22. In matters not covered by this Privacy Policy, the relevant provisions of generally applicable law shall apply. In the event of non-compliance of the provisions of this Privacy Policy with the above provisions, these provisions shall prevail.

Cookies policy

I. DEFINITIONS

  1. Administrator – Montrose Software (Polska) Sp. z o.o. Krakow (31-046), ul. Twardowskiego 65, registered in the District Court for Kraków - Śródmieście in Kraków, 11th Commercial Division of the National Court Register No. 0000442963, NIP: 6762460915, REGON: 122734584 e-mail address: biuro@montrosesoftware.com, correspondence address: ul. Twardowskiego 65, 30-346 Krakow.

  2. Cookies – IT data, small text files, saved and stored on the Devices through which the User uses the Administrator's website.

    1. Device - an electronic device through which the User gains access to the Administrator's website.

    2. User - means an entity for which, in accordance with the Regulations and legal regulations, services may be provided electronically or with which an Agreement for the provision of electronic services may be concluded.

II. USE OF COOKIES

  1. The Administrator uses cookies via the website.

  2. Information collected on the basis of cookies is used for the purpose of proper optimization of the website, as well as for statistical and advertising purposes.

  3. Cookies record the activity of the website User by recognizing the Device, thanks to which the website is displayed in a manner optimized to the individual preferences of the User.

  4. The solutions used on the website are safe for Users' Devices using the Administrator's website. It is not possible for dangerous or malicious software to enter Users' Devices.

  5. The administrator uses two types of cookies:

    1. Session cookies: these are files that are stored on the User's Device and remain there until the end of the browser session. The saved information is then permanently deleted from the Device's memory. The session cookies mechanism does not allow the collection of any personal data or any confidential information from the User's Device.

    2. Persistent cookies: they are stored on the User's Device and remain there until they are deleted. Ending a browser session or turning off the Device does not delete them from the Device. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from the User's Device.

III. WAYS TO DETERMINE THE CONDITIONS OF STORAGE OR ACCESSING COOKIES

  1. The User has the option to limit or disable the access of Cookies to his Device. If this option is used, the use of the Administrator's website will be possible, except for functions that, by their nature, require cookies.

  2. The User may independently and at any time change the settings for Cookies, specifying the conditions for their storage and access by Cookies to the User's Device. Changes to the settings referred to above can be made by the User using the web browser settings or by using the service configuration. These settings can be changed in particular in such a way as to block the automatic handling of Cookies in the web browser settings or to inform about their every posting on the Device. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings.

  3. The User may at any time delete Cookies using the functions available in the web browser he uses.

  4. Restricting the use of Cookies may affect some of the functionalities available on the Administrator's website.v

Information clause of the Personal Data Administrator for Candidates for employees and associates

  1. Montrose Software (Polska) Sp. z o.o. Krakow (31-046), ul. Twardowskiego 65, registered in the District Court for Kraków - Śródmieście in Kraków, 11th Commercial Division of the National Court Register No. 0000442963, NIP: 6762460915, REGON: 122734584 is the Administrator of Personal Data (hereinafter referred to as the Administrator) of candidates for employees and associates, hereinafter referred to as Candidates.

  2. Respecting the rights of Candidates as subjects of personal data (data subjects) and respecting applicable law, including in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection), hereinafter referred to as the GDPR, the Act of May 10, 2018, on the protection of personal data (Journal of Laws 2018, item 1000), hereinafter referred to as the Act, and other relevant provisions on the protection of personal data, the Administrator undertakes to maintain the security and confidentiality of personal data obtained from Candidates. All employees of the Administrator who process personal data in the scope of their duties have been properly trained in the processing of personal data, and the Administrator has implemented appropriate security and technical and organizational measures to ensure the highest level of personal data protection. The administrator has implemented procedures and a Personal Data Protection Policy in accordance with the provisions of the GDPR and the Act, thanks to which it ensures compliance with the law and reliability of data processing processes, as well as the enforceability of all rights of Candidates as data subjects. In addition, if necessary, the Administrator cooperates with the supervisory body in the territory of the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).

  3. Candidates' personal data are processed by the Administrator in order to: a) recruiting employees and associates, b) for the purposes of future recruitment, provided that theCandidate agrees to such processing.

  4. Providing personal data is voluntary, but necessary for the Candidate's participation in the recruitment process. In particular, the Administrator has the right to request Candidates to provide or document the personal data indicated in art. 221 § 1 of the Act of June 26, 1974 - Labor Code (i.e. Journal of Laws of 2018, item 917, as amended) or personal data necessary to conclude a civil law contract./

  5. In accordance with the principle of minimization expressed in the provisions of the GDPR, the Administrator processes only those categories of personal data that are necessary to achieve the objectives referred to in the preceding point, unless the Candidate agrees (through a declaration or clear confirmation) to the processing of more personal data provided voluntarily by the Candidate in the CV or in the cover letter. Lack of consent referred to in the preceding sentence, or its withdrawal, will not constitute grounds for unfavorable treatment of the job applicant, and will not cause any negative consequences for such a person (in particular, this lack will not be considered as a reason justifying the refusal of employment).

  6. The administrator processes personal data for the period necessary to achieve the goals listed in point. 3 above. In addition, if the Candidate expresses consent to the processing of personal data for the purposes of future recruitment, referred to in point 3 lit. b above, the Administrator will process such data for the indicated purpose for a period of three years from the date of giving such consent or until the consent is withdrawn by the Candidate before the expiry of this period, which will not affect the lawful processing of data before the consent is withdrawn. Personal data may be processed for a period longer than indicated in this point, if such an obligation imposed on the Administrator results from specific legal provisions.

  7. The source of personal data processed by the Administrator are Candidates, i.e. data subjects.

  8. The legal basis for the processing of Candidates' personal data is:

    1. art. 6 sec. 1 lit. b GDPR, i.e. the necessity to take action at the request of the Candidate before concluding the contract, or

    2. art. 6 sec. 1 lit. a GDPR, i.e. the Candidate's consent to the processing of personal data for specific purposes, when other legal grounds for the processing of personal data do not apply, which primarily concerns the processing of special categories of personal data (sensitive data) of the Candidate and the processing of the Candidate's data for the purposes of future recruitment.

  9. Candidates' personal data may be transferred to a third country within the meaning of the provisions of the GDPR.In the event that personal data are transferred to a third country, Candidates will be informed in advance, and the Administrator will apply the safeguards referred to in Chapter V of the GDPR.

  10. The administrator does not provide personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorized in generally applicable law, such as ZUS or the Tax Office) in cases provided for by generally applicable law.

  11. Personal data may be entrusted for processing to entities processing such data for the Administrator. In such a situation, the Administrator concludes a contract for entrusting the processing of personal data with the Processor. The processing entity processes the entrusted personal data, but only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. The Administrator entrusts the personal data of Candidates to IT companies that provide hosting services, support internet domains and handle computer systems used by the Administrator.

  12. Candidates' personal data are not subject to profiling by the Administrator within the meaning of the provisions of the GDPR.

  13. Pursuant to the provisions of the GDPR, candidates have the right to:

    1. to be informed about the processing of personal data referred to in art. 12 GDPR,

    2. access to your personal data, as referred to in art. 15 GDPR

    3. correcting, supplementing, updating, rectifying personal data referred to in art. 16 GDPR,

    4. deletion of data (the right to be forgotten), referred to in art. 17 GDPR,

    5. restriction of processing referred to in art. 18 GDPR,

    6. transfer the data referred to in art. 20 GDPR,/

    7. object to the processing of personal data, as referred to in art. 21 GDPR,

    8. in the case of the legal basis referred to in point 7 lit. b above - the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,

    9. not being subject to the profiling referred to in Art. 22 in connection with art. 4 point 4 of the GDPR,

    10. lodging a complaint to the supervisory body (i.e. to the President of the Personal Data Protection Office) referred to in art. 77 GDPR, taking into account the rules of using and exercising these rights resulting from the provisions of the GDPR.

  14. If Candidates want to exercise their rights referred to in the preceding point, please send a message by e-mail or in writing to the e-mail address or correspondence address referred to in point 15 below.

  15. All inquiries, requests and complaints regarding the processing of personal data by the Administrator, hereinafter referred to as Application, should be sent to the following e-mail address: biuro@montrosesoftware.com or in writing to the following address of the Administrator: ul. Twardowskiego 65, 31-042 Krakow.

  16. The content of the Application should clearly indicate:

    1. data of the person or persons to whom the Application relates,

    2. the event that is the reason for the Application,

    3. present your requests and the legal basis for these requests,

    4. indicate the expected way of settling the matter.

  17. Each identified breach of security is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and the President of the Office for Personal Data Protection are informed about such a breach of the provisions on the protection of personal data.

Information clause of the Personal Data Administrator for Clients

  1. Information clause of the Personal Data Administrator for Clients Montrose Software (Polska) Sp. z o.o. Krakow (31-046), ul. Twardowskiego 65, registered in the District Court for Kraków - Śródmieście in Kraków, 11th Commercial Division of the National Court Register No. 0000442963, NIP: 6762460915, REGON: 122734584 is the Administrator of Personal Data (hereinafter referred to as the Administrator) its customers with whom it has concluded a sales contract or for the provision of services, by the Administrator, hereinafter referred to as Clients.

  2. Respecting the rights of Customers as subjects of personal data (data subjects) and respecting applicable law, including in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection), hereinafter referred to as the GDPR, the Act of May 10, 2018, on the protection of personal data (Journal of Laws 2018, item 1000), hereinafter referred to as the Act, and other relevant provisions on the protection of personal data, the Administrator undertakes to maintain the security and confidentiality of personal data obtained from Clients. All employees of the Administrator who process personal data in the scope of their duties have been properly trained in the processing of personal data, and the Administrator has implemented appropriate security and technical and organizational measures to ensure the highest level of personal data protection. The administrator has implemented procedures and a Personal Data Protection Policy in accordance with the provisions of the GDPR and the Act, thanks to which it ensures compliance with the law and reliability of data processing processes, as well as the enforceability of all rights of Clients as data subjects. In addition, if necessary, the Administrator cooperates with the supervisory body in the territory of the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).

  3. Clients' personal data are processed by the Administrator in order to: perform contracts and provide services resulting from legal relations between the Administrator and the Clients.

  4. In accordance with the principle of minimization expressed in the provisions of the GDPR, the Administrator processes only those categories of personal data that are necessary to achieve the objectives referred to in the preceding point.

  5. Providing personal data is voluntary, but necessary for the conclusion and implementation of contracts concluded by the Administrator with Clients.

  6. The administrator processes personal data for the period necessary to achieve the goals listed in point. 3 above. Personal data may be processed for a period longer than indicated in the preceding sentence, if such a right or obligation imposed on the Administrator results from specific legal provisions or from the legitimate interest of the Administrator referred to in point. 7 lit. c below (i.e. for the period of limitation of claims or completion of relevant proceedings, if they were initiated during the limitation period).

  7. The source of the Personal Data processed by the Administrator are the Clients, i.e. the data subjects. The administrator may also process the data of employees of its Clients on the basis of sharing, if the contract concluded with the Client requires the use of them.

  8. The legal basis for the processing of Clients’ personal data is:

    1. Art. 6 sec. 1 lit. b GDPR, i.e. indispensability to perform the contract concluded between the Administrator and the Client or to take action at the Client's request before concluding the contract, or

    2. art. 6 sec. 1 lit. c GDPR, i.e. necessity to fulfill the legal obligations incumbent on the Administrator, or

    3. art. 6 sec. 1 lit. f GDPR, i.e. the legitimate interest of the Administrator, which is the determination, investigation or defense of claims until their expiry or until the completion of the relevant proceedings, if they were initiated within this period, or

    4. Art. 6 sec. 1 lit. a GDPR, i.e. the Client's consent to the processing of personal data for specific purposes, when other legal grounds for the processing of personal data do not apply.

  9. The personal data of Clients are not transferred to a third country or an international organization within the meaning of the provisions of the GDPR. In the event that the personal data of Contractors are transferred to a third country or an international organization, Clients will be informed in advance, and the Administrator will apply the safeguards referred to in Chapter V of the GDPR.

  10. The administrator does not provide personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorized in generally applicable law, such as ZUS or the Tax Office).

  11. Personal data may be entrusted for processing to entities processing such data for the Administrator. In such a situation, the Administrator concludes a contract for entrusting the processing of personal data with the Processor. The processing entity processes the entrusted personal data, but only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence.

  12. Without entrusting personal data for processing, the Administrator would not be able to conduct his business and implement concluded contracts. The administrator entrusts the personal data of Clients:

    1. IT companies providing hosting services, servicing internet domains and servicing computer systems used by the Administrator,

    2. companies providing postal, courier and shipping services to the Administrator - for the purpose of delivering correspondence,

    3. companies providing the Administrator with other services that are necessary for the current activity of the Administrator,

  13. Clients' personal data are not subject to profiling by the Administrator within the meaning of the provisions of the GDPR

  14. Pursuant to the provisions of the GDPR, clients have the right to:

    1. to be informed about the processing of personal data referred to in art. 12 GDPR,/

    2. access to your personal data, as referred to in art. 15 GDPR,

    3. correcting, supplementing, updating, rectifying personal data referred to in art. 16 GDPR,/

    4. deletion of data (the right to be forgotten), referred to in art. 17 GDPR,/

    5. restriction of processing referred to in art. 18 GDPR,

    6. transfer the data referred to in art. 20 GDPR,

    7. object to the processing of personal data, as referred to in art. 21 GDPR,

    8. in the case of the legal basis referred to in point 8 lit. d above - the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,

    9. not being subject to the profiling referred to in Art. 22 in connection with art. 4 point 4 of the GDPR,

    10. lodging a complaint to the supervisory body (i.e. to the President of the Personal Data Protection Office) referred to in art. 77 GDPR, taking into account the rules of using and exercising these rights resulting from the provisions of the GDPR.

  15. If Clients want to exercise their rights referred to in the preceding point, please send a message by e-mail or in writing to the e-mail address or correspondence address referred to in point 15 below.

  16. All inquiries, requests and complaints regarding the processing of personal data by the Administrator, hereinafter referred to as Application, should be sent to the following e-mail address: biuro@montrosesoftware.com or in writing to the following address of the Administrator: ul. Twardowskiego 65, 31-042 Krakow.

  17. The content of the Application should clearly indicate:

    1. data of the person or persons to whom the Application relates,

    2. the event that is the reason for the Application,

    3. present your requests and the legal basis for these requests,

    4. indicate the expected way of settling the matter.

  18. Each identified breach of security is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and the President of the Office for Personal Data Protection are informed about such a breach of the provisions on the protection of personal data.

Information clause of the Personal Data Administrator for Employees

  1. Information clause of the Personal Data Administrator for Employees (regardless of the basis of employment) Montrose Software (Polska) Sp. z o.o. Krakow (31-046), ul. Twardowskiego 65, registered in the District Court for Kraków - Śródmieście in Kraków, 11th Commercial Division of the National Court Register No. 0000442963, NIP: 6762460915, REGON: 122734584 is the Administrator of Personal Data (hereinafter referred to as the Administrator) its customers with whom it has concluded a sales contract or for the provision of services, by the Administrator, hereinafter referred to as Employees.

  2. Respecting the rights of Employees as subjects of personal data (data subjects) and respecting applicable law, including in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection), hereinafter referred to as the GDPR, the Act of May 10, 2018, on the protection of personal data (Journal of Laws 2018, item 1000), hereinafter referred to as the Act, and other relevant provisions on the protection of personal data, the Administrator undertakes to maintain the security and confidentiality of personal data obtained from Employees. All employees of the Administrator who process personal data in the scope of their duties have been properly trained in the processing of personal data, and the Administrator has implemented appropriate security and technical and organizational measures to ensure the highest level of personal data protection. The administrator has implemented procedures and a Personal Data Protection Policy in accordance with the provisions of the GDPR and the Act, thanks to which it ensures compliance with the law and reliability of data processing processes, as well as the enforceability of all rights of Employees as data subjects. In addition, if necessary, the Administrator cooperates with the supervisory body in the territory of the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).

  3. Employees' personal data is processed by the Administrator in order to perform the employment contract or a civil law contract concluded by the Administrator with an employee. According to the principle of minimization expressed in the provisions of the GDPR, the Administrator processes only the categories of personal data that are necessary to achieve the goals referred to in the preceding sentence.

  4. Providing personal data is voluntary, but necessary for employment and the implementation of the relationship work for the Administrator. In particular, the Administrator has the right to request the Employees to provide or document the personal data indicated in art. 22 1 of the Act of June 26, 1974 - Codework (Journal of Laws of 2018, item 917, as amended) or personal data necessary to conclude and implement civil law contract.

  5. The administrator processes personal data for the period necessary to achieve the goals listed in point. 3 above. Personal data may be processed for a longer period than indicated in the preceding sentence, in the event that such a right or obligation imposed on the Administrator results from specific ones legal provisions (e.g. in the field of keeping accounting or employee documentation) or legally the legitimate interest of the Administrator, referred to in point 7 lit. c below (i.e. for the limitation period claims or termination of relevant proceedings, if they were initiated during the limitation period). The source of the Personal Data processed by the Administrator are the Employees, i.e. the data subjects.

  6. The legal basis for the processing of Employees’ personal data is:

    1. Art. 6 sec. 1 lit. b GDPR, i.e. necessity to perform the contract concluded between the Administrator and An employee, or

    2. art. 6 sec. 1 lit. c GDPR, i.e. necessity to fulfill legal obligations incumbent on Administrator, or

    3. art. 6 sec. 1 lit. f GDPR, i.e. the legitimate interest of the Administrator, which is the determination, investigation or defense of claims until their expiry or until the completion of the relevant proceedings, if they were initiated within this period, or

    4. Art. 6 sec. 1 lit. a GDPR, i.e. the Employees' consent to the processing of personal data for specific purposes, when other legal grounds for the processing of personal data do not apply.

  7. The personal data of Employees are not transferred to a third country or an international organization within the meaning of the provisions of the GDPR. In the event that the personal data of Employees are transferred to a third country or an international organization, Employees will be informed in advance, and the Administrator will apply the safeguards referred to in Chapter V of the GDPR.

  8. The administrator does not provide personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorized in generally applicable law, such as ZUS or the Tax Office).

  9. Employees' personal data is made available to the insurer for the purpose and to the extent necessary for implementation a purchased insurance policy or a company that provides access to sports facilities (sports card),on the basis of contracts concluded by the Administrators with such entities, subject to consent by the Employee to provide personal data.

  10. Personal data may be entrusted for processing to entities processing such data for the Administrator. In such a situation, the Administrator concludes a contract for entrusting the processing of personal data with the Processor. The processing entity processes the entrusted personal data, but only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence.

  11. Without entrusting personal data for processing, the Administrator would not be able to conduct his business and implement concluded contracts. The administrator entrusts the personal data of Employees:

    1. IT companies providing hosting services, servicing internet domains and servicing computer systems used by the Administrator,

    2. companies providing postal, courier and shipping services to the Administrator - for the purpose of delivering correspondence,

    3. companies providing the Administrator with other services that are necessary for the current activity of the Administrator,

  12. Employees’ personal data are not subject to profiling by the Administrator within the meaning of the provisions of the GDPR.

  13. Pursuant to the provisions of the GDPR, Employees have the right to:

    1. to be informed about the processing of personal data referred to in art. 12 GDPR,

    2. access to your personal data, as referred to in art. 15 GDPR,

    3. correcting, supplementing, updating, rectifying personal data referred to in art. 16 GDPR,

    4. deletion of data (the right to be forgotten), referred to in art. 17 GDPR,

    5. restriction of processing referred to in art. 18 GDPR,

    6. transfer the data referred to in art. 20 GDPR,

    7. object to the processing of personal data, as referred to in art. 21 GDPR,

    8. in the case of the legal basis referred to in point 7 lit. d above - the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,

    9. not being subject to the profiling referred to in Art. 22 in connection with art. 4 point 4 of the GDPR,

    10. lodging a complaint to the supervisory body (i.e. to the President of the Personal Data Protection Office) referred to in art. 77 GDPR, taking into account the rules of using and exercising these rights resulting from the provisions of the GDPR.

  14. If Employees want to exercise their rights referred to in the preceding point, please send a message by e-mail or in writing to the e-mail address or correspondence address referred to in point 14 below.

  15. All inquiries, requests and complaints regarding the processing of personal data by the Administrator, hereinafter referred to as Application, should be sent to the following e-mail address: biuro@montrosesoftware.com or in writing to the following address of the Administrator: ul. Twardowskiego 65, 31-042 Krakow.

  16. The content of the Application should clearly indicate:

    1. data of the person or persons to whom the Application relates,

    2. the event that is the reason for the Application,

    3. present your requests and the legal basis for these requests,

    4. indicate the expected way of settling the matter.

  17. Each identified breach of security is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and the President of the Office for Personal Data Protection are informed about such a breach of the provisions on the protection of personal data.

Information clause of the Personal Data Administrator for Contractors

  1. Information clause of the Personal Data Administrator for Contractors Montrose Software (Polska) Sp. z o.o. Krakow (31-046), ul. Twardowskiego 65, registered in the District Court for Kraków - Śródmieście in Kraków, 11th Commercial Division of the National Court Register No. 0000442963, NIP: 6762460915, REGON: 122734584 is the Administrator of Personal Data (hereinafter referred to as the Administrator) its customers with whom it has concluded a sales contract or for the provision of services, by the Administrator, hereinafter referred to as Contractors.

  2. Respecting the rights of Contractors as subjects of personal data (data subjects) and respecting applicable law, including in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection), hereinafter referred to as the GDPR, the Act of May 10, 2018, on the protection of personal data (Journal of Laws 2018, item 1000), hereinafter referred to as the Act, and other relevant provisions on the protection of personal data, the Administrator undertakes to maintain the security and confidentiality of personal data obtained from Contractors. All employees of the Administrator who process personal data in the scope of their duties have been properly trained in the processing of personal data, and the Administrator has implemented appropriate security and technical and organizational measures to ensure the highest level of personal data protection. The administrator has implemented procedures and a Personal Data Protection Policy in accordance with the provisions of the GDPR and the Act, thanks to which it ensures compliance with the law and reliability of data processing processes, as well as the enforceability of all rights of Contractors as data subjects. In addition, if necessary, the Administrator cooperates with the supervisory body in the territory of the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).

  3. The personal data of the Contractors are processed by the Administrator in order to perform the contracts linking the Administrator with the Contractors. Pursuant to the principle of minimization expressed in the provisions of the GDPR, the Administrator processes only those categories of personal data that are necessary to achieve the purposes referred to in the preceding sentence.

  4. Providing personal data is voluntary, but necessary for the conclusion and implementation of contracts concluded by the Administrator with Contractors.

  5. The administrator processes personal data for the period necessary to achieve the goals listed in point. 3 above, taking into account the legitimate interest of the Administrator, referred to in point. 7 lit. b. Personal data may be processed for a period longer than indicated in the preceding sentence, if such a right or obligation imposed on the Administrator results from specific legal provisions or from the legitimate interest of the Administrator referred to in point 7 lit. c below (i.e. for the period of limitation of claims or completion of relevant proceedings, if they were initiated during the limitation period).

  6. The source of the Personal Data processed by the Administrator are the Contractors, i.e. the data subjects. The administrator may also process the data of employees of its Contractors on the basis of sharing, if the contract concluded with the Contractor requires the use of them.

  7. The legal basis for the processing of Contractors' personal data is:

    1. Art. 6 sec. 1 lit. b GDPR, i.e. indispensability to perform the contract concluded between the Administrator and the Contractor or to take action at the Contractor's request before concluding the contract, or

    2. art. 6 sec. 1 lit. c GDPR, i.e. necessity to fulfill the legal obligations incumbent on the Administrator, or

    3. art. 6 sec. 1 lit. f GDPR, i.e. the legitimate interest of the Administrator, which is the determination, investigation or defense of claims until their expiry or until the completion of the relevant proceedings, if they were initiated within this period, or

    4. Art. 6 sec. 1 lit. a GDPR, i.e. the Contractor's consent to the processing of personal data for specific purposes, when other legal grounds for the processing of personal data do not apply.

  8. The personal data of Contractors are not transferred to a third country or an international organization within the meaning of the provisions of the GDPR. In the event that the personal data of Contractors are transferred to a third country or an international organization, Contractors will be informed in advance, and the Administrator will apply the safeguards referred to in Chapter V of the GDPR.

  9. The administrator does not provide personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorized in generally applicable law, such as ZUS or the Tax Office).

  10. Personal data may be entrusted for processing to entities processing such data for the Administrator. In such a situation, the Administrator concludes a contract for entrusting the processing of personal data with the Processor. The processing entity processes the entrusted personal data, but only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting personal data for processing, the Administrator would not be able to conduct his business and implement concluded contracts. The administrator entrusts the personal data of Contractors:

    1. IT companies providing hosting services, servicing internet domains and servicing computer systems used by the Administrator,
    2. companies providing postal, courier and shipping services to the Administrator - for the purpose of delivering correspondence,
    3. companies providing the Administrator with other services that are necessary for the current activity of the Administrator,
  11. Contractors' personal data are not subject to profiling by the Administrator within the meaning of the provisions of the GDPR. Pursuant to the provisions of the GDPR, contractors have the right to:

    1. to be informed about the processing of personal data referred to in art. 12 GDPR,

    2. access to your personal data, as referred to in art. 15 GDPR,

    3. correcting, supplementing, updating, rectifying personal data referred to in art. 16 GDPR,

    4. deletion of data (the right to be forgotten), referred to in art. 17 GDPR,

    5. restriction of processing referred to in art. 18 GDPR,

    6. transfer the data referred to in art. 20 GDPR,

    7. object to the processing of personal data, as referred to in art. 21 GDPR,

    8. in the case of the legal basis referred to in point 7 lit. d above - the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,

    9. not being subject to the profiling referred to in Art. 22 in connection with art. 4 point 4 of the GDPR,

    10. lodging a complaint to the supervisory body (i.e. to the President of the Personal Data Protection Office) referred to in art. 77 GDPR, taking into account the rules of using and exercising these rights resulting from the provisions of the GDPR.

  12. If Contractors want to exercise their rights referred to in the preceding point, please send a message by e-mail or in writing to the e-mail address or correspondence address referred to in point 14 below.

  13. All inquiries, requests and complaints regarding the processing of personal data by the Administrator, hereinafter referred to as Application, should be sent to the following e-mail address: biuro@montrosesoftware.com or in writing to the following address of the Administrator: ul. Twardowskiego 65, 31-042 Krakow.

  14. The content of the Application should clearly indicate:

    1. data of the person or persons to whom the Application relates,

    2. the event that is the reason for the Application,

    3. present your requests and the legal basis for these requests,

    4. indicate the expected way of settling the matter.

  15. Each identified breach of security is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and the President of the Office for Personal Data Protection are informed about such a breach of the provisions on the protection of personal data.

logo
Our Offices
Kraków / Poland
ul. Twardowskiego 65,
30-346 Kraków, Poland
New Jersey / USA
351 Hartford Rd,
South Orange NJ 07079, USA
Reviewed on
Google logo

5.0/5.0

Google star 0Google star 1Google star 2Google star 3Google star 4
Clutch logo

4.9/5.0

Clutch star 0Clutch star 1Clutch star 2Clutch star 3Clutch star 4
Certificates
ISO Logo

ISO/IEC

27001:2022

ISO

9001:2015

2024© Montrose Software. All Rights Reserved.