Information Clauses and Privacy Policy

Hero background

We have an unwavering commitment to information security and privacy

Tuv Nord 27001

ISO 27001 certification allows us to meet the requirements to ensure the security of information and data we process.

Notice on The Processing of Personal Data at SoftKraft

With regard to the processing of your personal data, we inform you - in accordance with Articles 13 and 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, Official Journal of the EU L of 04.05.2016, No. 119, p. 1), hereinafter abbreviated as "GDPR", that:

I. Data Controller

The controller of your personal data is SoftKraft sp. z o.o., represented by Błażej Kosmowski, with its registered office at ul. Powstańców Śląskich 3 , Bielsko-Biała 43-300 Poland.

Website address: https://softkraft.co/

II. The Person Responsible Within The Organisation For Data Protection

The controller has appointed a person responsible for data protection in the organisation, whom you may contact on matters related to data protection, as follows:

  1. at email address:gdpr@softkraft.co

  2. in writing to the Controller's registered address.

  1. The processing of your data is carried out in relation with the performance of the Controller's own tasks or those commissioned by the Controller and prescribed by law.

  2. Processing may also be necessary for the performance of a contract to which you are a party or to take action, at your request, prior to entering into a contract.

  3. There may also be instances where you will be asked to consent to the processing of personal data for a specific purpose and scope.

IV. Categories Of Data Processed

The controller will process the following categories of your data:

Basic identification data, PESEL number, TIN, ID card series and number, telephone number, salary, nationality, email address, work activities, residence data, image, video surveillance areas, user traffic on the organisation's website.

V. Information On The Source Of The Data

We obtained your data from our employees/contractors/cooperating parties/contractors. We also obtain data through cookies files.

VI. Recipients Of Personal Data

In relation to the processing of data for the purposes referred to in point III, the recipients of your personal data may be entities which, on the basis of relevant contracts signed with the Controller, process personal data on the Controller's instructions. Your personal data may also be transferred to third countries on the basis of separate legal regulations.

VII. Period Of Keeping Of Personal Data

  1. Your personal data will be kept only for the time necessary until the purpose for which they were collected has been fulfilled or for the period indicated by law or until you withdraw your consent.

  2. Once the purpose for which your data was collected has been fulfilled, it may be kept for archival purposes only, for the period specified by law.

VIII. Rights Of Data Subjects

Under the terms of the provisions of the GDPR, you have the right to request from the Controller: to access the content of your personal data, to rectify (amend) your personal data, to erase your personal data in the scope of data processed on the basis of your consent, to restrict the processing of your personal data when the correctness of the processing of your personal data is questioned, to port your personal data in the scope of data processed on the basis of your consent, to object to the processing of your data, to withdraw your previously given consent to the processing of your personal data.

IX. Automated Decision-Making, Profiling

Your data may be subject to automated processing. Depending on your consents, selected cookies are processed (e.g. necessary, functional, advertising, analytical cookies). The appropriate settings can be freely changed by you in the "Manage Cookies Preferences" panel located in the footer of our website. Contact details needed for marketing purposes are processed only after you provide them in the contact form.

Information Clause For Cooperating Parties/Clients

In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter abbreviated as "GDPR", we inform you that:

  1. The controller of your personal data is SoftKraft sp. z o.o., with its registered office at ul. Powstańców Śląskich 3 , Bielsko-Biała 43-300 Poland.

  2. You can contact the Data Controller electronically by writing to the email address: gdpr@softkraft.co or in writing to the Administrator's address.

  3. Your personal data will be processed for the purpose of concluding and performing a contract of mandate/ contract for specific work/ contract for the provision of services and for the purpose of fulfilling the Controller's legal obligations.

  4. The recipients of your personal data will be entities authorised by law and entities processing personal data on the basis of relevant agreements signed with and on the instructions of the Controller.

  5. Your personal data may be transferred to third countries (the current list of countries is available via email at gdpr@softkraft.co). The transfer of personal data will take place on the basis of separate legal provisions. Appropriate protection measures have been taken when transferring personal data. You can obtain information about security or copies of the security list from the IT System Administrator by writing to the following e-mail address: security@softkraft.co.

  6. Your personal data will be stored for the duration of the cooperation, until the statute of limitations for claims and for the mandatory retention period for insurance, billing and tax documentation, determined in accordance with separate regulations.

  7. Within the limits of the law, you have the right of access to the content of your data, rectification, erasure, restriction of processing and portability.

  8. If you consider that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the President of the Data Protection Authority.

  9. The provision of your personal data is voluntary, but necessary for the purposes related to the establishment and course of your cooperation with the Controller. Failure to provide data will result in an inability to conclude and perform a contract.

Information Clause For Trainees

In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter abbreviated as "GDPR", we inform you that:

  1. The controller of your personal data is SoftKraft sp. z o.o., with its registered office at ul. Powstańców Śląskich 3 , Bielsko-Biała 43-300 Poland.

  2. You can contact the Data Controller electronically by writing to the email address: gdpr@softkraft.co or in writing to the Administrator's address.

  3. Your personal data will be processed for the purpose of concluding and executing an internship/training contract, fulfilling the Controller's legal obligations.

  4. The recipients of your personal data will be entities authorised by law and entities processing personal data on the basis of relevant agreements signed with and on the instructions of the Controller.

  5. Your personal data may be transferred to third countries (the current list of countries is available via email at gdpr@softkraft.co). The transfer of personal data will take place on the basis of separate legal provisions. Appropriate protection measures have been taken when transferring personal data. You can obtain information about security or copies of the security list from the IT System Administrator by writing to the following e-mail address: security@softkraft.co.

  6. Your personal data will be stored for the duration of the internship, until the statute of limitations for claims and for the mandatory retention period for documentation related to the internship agreement and personal files, established in accordance with separate regulations.

  7. Within the limits of the law, you have the right of access to the content of your data, rectification, erasure, restriction of processing and data portability.

  8. If you consider that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the President of the Data Protection Authority.

  9. Your provision of personal data is voluntary but necessary for the purposes of the establishment and conduct of your internship. Failure to provide data will result in the impossibility to conclude and implement the training agreement.

Information Clause For Employees/Contractors

In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter abbreviated as "GDPR", we inform you that:

  1. The controller of your personal data is SoftKraft sp. z o.o., with its registered office at ul. Powstańców Śląskich 3 , Bielsko-Biała 43-300 Poland.

  2. You can contact the Data Controller electronically by writing to the email address: gdpr@softkraft.co or in writing to the Administrator's address.

  3. Your personal data will be processed in order to conclude and perform the employment/cooperation contract and to fulfil the Controller’s legal obligations.

  4. The recipients of your personal data will be entities authorised by law and entities processing personal data on the basis of relevant agreements signed with and on the instructions of the Controller.

  5. Your personal data may be transferred to third countries (the current list of countries is available via email at gdpr@softkraft.co). The transfer of personal data will take place on the basis of separate legal provisions. Appropriate protection measures have been taken when transferring personal data. You can obtain information about security or copies of the security list from the IT System Administrator by writing to the following e-mail address: security@softkraft.co.

  6. Your personal data will be stored for the duration of the employment relationship or for the period specified in the contract, until the statute of limitations for claims and for the mandatory period of retention of documentation related to the employment relationship and personal files, determined in accordance with separate regulations.

  7. Within the limits of the law, you have the right of access to the content of your data, rectification, erasure, restriction of processing and data portability.

  8. If you consider that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the President of the Data Protection Authority

  9. Your provision of personal data is voluntary, but necessary for the purposes of the establishment and course of your employment. Failure to provide data will result in the impossibility to conclude and perform the contract.

Information Clause For Candidates

In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter abbreviated as "GDPR", we inform you that:

  1. The controller of your personal data is SoftKraft sp. z o.o., with its registered office at ul. Powstańców Śląskich 3 , Bielsko-Biała 43-300 Poland.

  2. You can contact the Data Controller electronically by writing to the email address: gdpr@softkraft.co or in writing to the Administrator's address.

  3. Your personal data will be processed for the purpose of the recruitment process on the basis of your consent (Article 6(1)(a) GDPR), on the basis of the controller's legitimate interest (Article 6(2)(f) GDPR) and/or on the basis of the applicable provisions from the Labour Code.

  4. The recipients of your personal data will be the persons authorised by the Controller, involved in the recruitment process.

  5. Your personal data may be transferred to third countries (the current list of countries is available via email at gdpr@softkraft.co). The transfer of personal data will take place on the basis of separate legal provisions. Appropriate protection measures have been taken when transferring personal data. You can obtain information about security or copies of the security list from the IT System Administrator by writing to the following e-mail address: security@softkraft.co. Your data may also be transferred to our clients during the recruitment process in order to assess qualifications and match the requirements related to the project and/or service.

  6. Your personal data will be kept for the mandatory retention period of the documentation related to this process and until the statute of limitations for claims. Some recruitments in our organisation are continuous, therefore also after the recruitment process has ended, we will keep your personal data in order to be able to contact you for the next process, for which we have asked for your consent.

  7. Within the limits of the law, you have the right of access to the content of your personal data, rectification, erasure, restriction of processing, data portability and the right to withdraw your consent at any time, without affecting the lawfulness of the processing of personal data carried out on the basis of consent before its withdrawal.

  8. If you consider that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the President of the Data Protection Authority.

  9. Your provision of personal data is voluntary but necessary for the recruitment process. Failure to provide data will result in the impossibility of this process.

Information Clause For Surveillance

In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter abbreviated as "GDPR", we inform you that:

  1. The controller of your personal data is SoftKraft sp. z o.o., with its registered office at ul. Powstańców Śląskich 3 , Bielsko-Biała 43-300 Poland.

  2. You can contact the Data Controller electronically by writing to the email address: gdpr@softkraft.co or in writing to the Administrator's address.

  3. Monitoring is used to ensure the safety of employees/contractors and the property protection.

  4. The monitored area includes the offices of SoftKraft Sp. z o. o.

  5. The legal basis for processing is Art. 222 of the Act of June 26, 1974 - the Polish Labour Code Act.

  6. Monitoring records are kept for 14 days.

  7. A person registered by the monitoring system has the right to access personal data.

  8. A person registered by the monitoring system has the right to file a complaint to the supervisory authority - the President of the Office for Personal Data Protection.

  9. The recipients of personal data will only be entities authorised to obtain personal data on the basis of legal provisions and entities that process personal data on the basis of relevant contracts at the Administrator’s request.

Information Clause Regarding the Processing of Personal Data in Connection With an Internal Report

In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 04.05.2016, p. 1, as amended), hereinafter GDPR, the Data Controller informs:

1. Identity and Contact Details of the Data Controller

The Data Controller of your personal data is SoftKraft Spółka z o. o., headquartered in Bielsko-Biała. Correspondence can be sent to:

Your personal data is processed for purposes related to receiving and reviewing reports of irregularities, conducting investigative procedures, and other follow-up actions taken within the scope of these reports, in connection with the fulfillment of legal obligations imposed on the Data Controller and the performance of tasks in the public interest or in the exercise of public authority entrusted to the Data Controller under Article 6(1)(c) and (e) of the GDPR.

3. Information About Data Recipients

Recipients of your personal data may only include entities authorized to receive it under applicable law. A separate category of recipients includes entities processing personal data on behalf of the Data Controller, particularly those with whom service agreements for the IT systems in use have been concluded.

4. Data Retention Period

Your personal data will be retained for the period necessary to achieve the processing purposes specified in point 3 or until the expiration of the obligations imposed on the Data Controller, after which it will be archived in accordance with the periods provided by law.

5. Rights of Data Subjects

Data subjects have the right to:

If you believe that the processing of personal data violates legal provisions, you have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.

6. Information About the Obligation or Voluntariness of Providing Personal Data

Providing your personal data is voluntary.

7. Information on Automated Decision-making, Including Profiling

The personal data processed by the Data Controller will not be used for automated decision-making in individual cases, including profiling as referred to in Article 22 of the GDPR.

Cookies Policy

  1. Our site uses cookies with the primary purpose to make it work more effectively. By continuing to browse through the site you agree to our use of cookies, which is described below.

  2. Cookies are used to improve the services we deliver through, for example, enabling a service to recognize your device so that you do not have to give the same information several times while performing one task or audience measurement.

  3. We use Google Ads to conduct advertising campaigns and Google Analytics to understand how many people come to visit the site and what is particularly popular within the service for those who choose to visit our site. We collect information on which sections of the service they visit, how often, how long they take to visit them and how they interact with the service, e.g. how they move through the service.

  4. Depending on the consents accepted by the user, we collect selected cookies (necessary, functional, advertising, analytical cookies). The appropriate settings can be freely changed by the user in the "Manage Cookies Preferences" panel located in the footer of our website. The information thus gathered is used to improve our website.

  5. The administrator provides the option to contact them using an electronic contact form. Using the form requires providing personal data necessary to establish contact with the User and respond to the inquiry. The User may also provide other data to facilitate contact or handle the inquiry. Before initiating contact, please familiarise yourself with the information clauses regarding the processing of personal data, available on our website.

  6. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary, and with appropriate protection measures. The Administrator always informs about the intention to transfer Personal Data outside the EEA at the stage of their collection.