Privacy Policy

The data controller of your personal data is Andersen sp. z o.o. with its registered office in Warsaw, Poland at the address Rondo Organizacji Narodów Zjednoczonych 1/XXV P., 00-124 Warszawa (Warsaw), and is entered into the Registry of Entrepreneurs by the District Court for the capital city Warsaw in Warsaw, XIIth Commercial Divison of National Court Registry, under KRS no.: 0000773985, NIP 5252782536, REGON No: 382686004.

Contact with the data controller is possible via:

• Mail by sending a letter to the data controller’s address mentioned above;
• Email by sending an email to the address: dpo@andersenlab.com.

We have appointed a Data Protection Officer at Andersen sp. z o.o. in Poland, who is the person responsible for issues connected with the processing of personal data at our company. You may contact the Data Protection Officer by:

• Sending an email to the following address: dpo@andersenlab.com;
• Sending a letter to the postal address: Andersen sp. z o.o., Rondo Organizacji Narodów Zjednoczonych 1/XXV P., 00-124 Warszawa (Warsaw, Poland), for the attention of: Data Protection Officer.

Name of our DPO at Andersen sp. z o.o. (Poland): Ewa Lewańska.

The specific legal basis and purposes for the processing of your personal data are as follows:

If you visit our website, we process your personal data for the purposes of:

• Ensuring stability, performance, and correct functioning of the website or our services;
• Tracking website traffic;
• Verifying the manner in which the website is used;
• Displaying ads within our website;
• Possible prevention of activities not compliant with applicable law.

The data we save, especially within cookie files and logs relating to website visits, may include, in particular, your IP address and the actions you take on the website.

For cookies that are essential for the operation of the website, the legal basis for the processing of your personal data is the provision of Article 6.1.f) of GDPR, stating that processing personal data is allowed when it is necessary for the purposes of the legitimate interests pursued by the controller. Our legitimate interest is connected with the need to prevent technical errors and bugs, ensure site security or prevent abuse and violations of law within the application. For non-essential cookies, such as those used for statistical analysis, marketing personalization, or social media integration, the legal basis for processing is your voluntary, specific, and informed consent pursuant to Article 6.1.a) of GDPR. We only activate these cookies if you provide your consent through our cookie banner.

When you visit our website for the first time, we will inform you about our usage of cookie files and ask you for your explicit consent to store them.

For details on the cookies we use and how to manage them, please refer to our Cookie Policy.

If you use a contact form published on our website and you send us a message via this form or you contact us by a phone or via an email, by using contact details presented on our website, we process your personal data (especially data indicated in a contact form, email message, or given during a phone conversation) in order to answer your question and contact you back.

The necessity to process your personal data in order to answer your questions and contact you constitutes our legitimate interest, and the legal basis for data processing in this regard is the provision of Article 6.1.f) of GDPR.

If you interact with the AI chatbot available on our website, we process your personal data (that you voluntarily provide during the conversation) in order to respond to your inquiries and conduct communication with you.

The necessity to process your personal data for the purposes of handling inquiries and communication with users constitutes our legitimate interest. The legal basis for such processing is Article 6.1.f) of GDPR.

If you apply to a recruitment process conducted by us by submitting your personal data (e.g. via recruitment forms or sending your CV), we process your personal data for the purpose of conducting the recruitment and selecting candidates.

If you give us your consent, we may also process your personal data to contact you about future recruitment opportunities.

The legal basis for processing your personal data during the ongoing recruitment process is Article 6.1.b) of GDPR, which allows the processing necessary for taking steps at your request prior to entering into a contract. The scope of processed data is limited to what is necessary for recruitment and is based on applicable laws regulating recruitment processes.

For any additional data you provide beyond the legal requirements, the legal basis is your consent pursuant to Article 6.1.a) of GDPR.

We process your personal data if:

• You contact us to establish cooperation;
• We provide services to you (you are our customer);
• We use your services or support;
• We have any other kind of business cooperation.

In such cases, the processing is conducted in order to conclude and perform an agreement between you and our company, and the legal basis for the processing of personal data is Article 6.1.b) of GDPR.

We may also process your personal data in order to comply with obligations imposed on the data controller by legal provisions, including tax law or administrative law. The legal basis for personal data processing in this regard is the need for processing data to fulfil the legal obligation to which data controller is subject, in accordance with the provisions of Article 6.1.c) of GDPR.

We process your personal data for the purposes of fulfilling an agreement reached between us and the customer, contractor, or service provider.

The legal basis for the processing of personal data is Article 6.1.f of GDPR enabling us to process personal data when it is necessary for the purposes of legitimate interests pursued by the data controller or a third party.

The legitimate interest in this case is connected with processing personal data for the purposes of fulfilling agreements reached by us and our customer, contractor, or service provider, which requires contacting representatives of the customer, contractor, or service provider.

We have fan pages on social media websites, such as Facebook, Instagram, YouTube, XING, Twitter, and LinkedIn. We also have profiles on other websites like Behance, Dribbble, Clutch, Goodfirms, and Intercom.

If you visit these profiles, we may process your personal data. This occurs in connection with, for example, leaving likes or comments on our posts or sending private messages to us.

We use paid adverts on these social media platforms, which may be displayed to you. In this regard, we process your personal data as a controller, and the legal basis for data processing is our legitimate interest, i.e. promoting our website and services, leveraging statistics and insights about interactions with our content, building and maintaining an online community, and allowing users to interact with our brand. Thus, the basis for data processing is the provision of Article 6.1.f) of GDPR.

Additionally, we may process your data based on Article 6.1.f) of GDPR (our legitimate interest) to ensure the security of the platform, prevent infringement fraud, pursue claims, defend against claims, and maintain the integrity of the services.

If you subscribe to our mailing list, the legal basis for processing personal data in this regard is our legitimate interest: providing you with marketing messages. Consequently, we process your personal data on the basis of Article 6.1.f) of GDPR, which states that the processing of personal data is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller.

However, if specific legal provisions require us to obtain a prior consent before sending marketing messages, we do not send any emails if such a consent has not been given by you.

In order to provide you with the ability to use our services, we are supported by some external companies. Therefore, personal data we process may be transferred to:

• Legal authorities: where required by law, we may disclose your personal data to public authorities or courts;
• Affiliated entities: entities within our corporate group that assist in managing the website and contacting our customers, contractors, job applicants, and other people interested in our services;
• External providers: third-party vendors who help us operate the website, e.g. cloud hosting providers, analytics providers, and support services:

• Amazon Web Services EMEA SARL with its registered office in Luxembourg;
• Microsoft Ireland Operation Limited with its registered office in Dublin;
• Google Ireland Limited with its registered office in Dublin;
• Intercom R&D Unlimited Company based in the USA,
• Chatbase, Inc. based in the US.

• Operators of social media platforms, such as:

• For YouTube – Google Ireland Ltd. and Google LLC based in Mountain View, California. Detailed information on how Google processes data is available in Google’s Privacy Policy;
• For Facebook and Instagram – Facebook Ireland Limited and Facebook Inc. based in California, US. Detailed information on how Facebook (Meta) processes data is available in Meta’s Privacy Policy;
• For LinkedIn – LinkedIn Corp. based in San Francisco, California, US. Detailed information on how LinkedIn processes data is available in LinkedIn’s Privacy Policy;
• For XING – New Work SE based in Hamburg, Germany. Detailed information on how XING processes data is available in XING’s Privacy Policy.

Due to the involvement of companies such as Google, Meta, Chatbase, Inc., Intercom R&D Unlimited Company, or LinkedIn, your personal data may be transferred outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place. These transfers are based either on the EU-U.S. Data Privacy Framework, which provides a recognized legal basis for the transfer of personal data from the EU to the United States, or on Standard Contractual Clauses (SCCs) approved by the European Commission.

• Other service providers: depending on the nature of our relationship, your personal data may also be disclosed to other IT service providers, as well as to entities providing accounting and bookkeeping services, debt collection services, marketing services, our partners, and other entities cooperating with us.

We do our best to store your personal data only for as long as it is actually necessary, and after that, we delete it. The time for which we store your personal data depends on what the type of interaction is:

• If you are a visitor to our website, we process your personal data for as long as you use the website and for up to fourteen months after your last visit;
• If you are our customer (an entity that signed an agreement with us) or its representative, we process your personal data for as long as the agreement between us is binding and for the duration of the limitation of claims (up to three years from termination or expiration of the agreement);
• If you are a person who has messaged us using the contact form on our website, contacted us by telephone or by email, we process your personal data for as long as the contact between you and us lasts. After it ends and three months have passed, we delete the personal data we have collected in this way;
• If you are a person who has interacted with the AI chatbot on our website, we process your personal data for as long as the communication lasts. Once the interaction ends and three months have passed, we delete the personal data collected in this way;
• Data processed for the purposes of fulfilling accountancy and tax obligations shall be processed for a period of five years from the end of the calendar year in which the deadline for payment of tax obligation has lapsed;
• If you are a person who has visited our social media profile, liked or commented on a social media post, or contacted us via the messenger application, we will process your data for as long as our profile exists on the social media website, or until you cease to be a user of the website, whichever comes first;
• If you take part in our recruitment process, we process your personal data for the duration of a specific recruitment process and for up to three years after its completion or the end of our contact;
• If you are a person who subscribed to our mailing list, we process your personal data until you unsubscribe from our mailing list or after the marketing activities based on this mailing list are terminated.

Due to the fact that your personal data is processed, you have the following rights:

You can request confirmation from us that your personal data has been processed and request additional information, including information on what types of personal data are processed and for what purposes.

You have the right to request immediate rectification of incorrect personal data and supplement incomplete personal data.

You have the right to request immediate erasure of your personal data if any of the following criteria apply:

• Personal data are no longer necessary to realize the purposes for which they were collected or are otherwise processed;
• You have revoked consent (assuming this was the basis of processing) and there are no other legal bases for personal data processing;
• You have filed an objection regarding the processing of your personal data and there are no other legally justified bases for personal data processing which override the objection;
• Your personal data have been processed illegally;
• Your personal data have to be erased in order to fulfil a legal obligation;
• The personal data have been collected in connection with providing information society services to a child.

This does not apply to the extent that the processing of personal data is necessary:

• To exercise the right to freedom of expression and information;
• To comply with a legal obligation imposed on the controller requiring data processing;
• To establish, assert, or defend claims.

You have the right to restrict the processing of your personal data if:

• You object to the correctness of the personal data;
• The processing of personal data is illegal but you object to the erasure of your personal data, requesting a restriction of processing instead;
• We do not need your personal data for processing purposes, but you need them to establish, pursue claims, or defend from claims;
• You have filed an objection regarding the processing of your personal data (until we determine whether the legitimate grounds on our side override the grounds for your objection).

You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller. Such a request can only be fulfilled where your personal data is processed on the basis of consent or an agreement and are processed by automated means.

You also have the right to request us to send your personal data directly to another controller, assuming that it is technically possible.

You have the right to file a complaint to an authority competent in matters related to personal data processing – in Poland it is the President of the Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych – PUODO).

If personal data is processed based on consent, you have the right to withdraw it at any time. You can also withdraw consent where a specific activity undertaken by us is based on consent and understanding of regulations on protection of personal data, especially when it comes to sending marketing messages.

Withdrawing consent does not affect the legality and effectiveness of personal data processing until the consent is withdrawn.

You have the right to object to the processing of your personal data, to the extent that the processing is based on our legitimate interest.

Your personal data shall not be used for purposes of automatic decision making, including profiling, as set forth by Article 22.1. and Article 22.4. of GDPR.

The source of your personal data may be our business partners, customers, contractors, or publicly available sources (including the Internet and business registers).

Where personal data is obtained from sources other than directly from you, the categories of personal data concerned may include: identification data, address, contact details, tax identification number, submitted offers, arrangements relating to cooperation, financial terms, as well as the data indicated above in the table concerning the legal bases for the processing of personal data.

Provision of personal data is voluntary, although in scenarios where we process your personal data in order to finalize an agreement, withholding from providing personal data might render provision of services impossible.

Cookie files are small files that enable or facilitate usage of certain functions of the website. They can be saved on your device directly by us or by third parties with whom we cooperate. In connection with our usage of cookies, we may process your personal data, such as your IP address, history of your use of the website, or information about the device or software you use. The cookie files we use are connected with the functioning of our website, monitoring website traffic, maintaining statistics on how the website is used, undertaking marketing activities, preventing errors and technical malfunctions, ensuring security, as well as preventing fraud and violations of applicable laws.

There are the following types of cookies files:

Session cookies: cookies that are stored on your device during the time you use the website (they are deleted when you close your web browser). Session cookies enable the correct use of the website. Blocking them may result in encountering errors or prevent you from using the website.

Persistent cookies: they are stored on your device until they are deleted or until they expire.

Moreover, the cookie files are subdivided into the following categories:

• Essential cookies: these cookies are necessary for the proper display and operation of the website. These cookies can also detect malfunctions of the site and help to fix errors, as well as verify the extent of the user's consent to other cookies. Blocking them may cause the website to malfunction;
• Analytics cookies: these cookies enable the collection of statistics on the use of our website by users. Among other things, they allow us to verify website traffic, count the number of hits, measure how the website is used, and analyze what devices and browsers users are using. We use tools like Google Analytics to conduct analytics activities. These tools may require the use of cookies;
• Marketing cookies: cookies responsible for conducting advertising and marketing activities, in particular related to the use of Google Ads. They also include remarketing activities, i.e. encouraging users to revisit our website. Consenting to the use of these cookies will allow us to target advertising to you, based on your previous activities on our website;
• Third-party cookies: these are cookies associated with the external providers, such as YouTube, Google Maps, Facebook, Instagram, and others mentioned in our Cookie Policy. Accepting them will allow us to link your visit to our website.

You can read detailed information about what cookies may be stored on your device under the cookie information banner displayed on the website. It contains information about specific cookies, their purposes, and how long they will be stored on your device.

For details on the cookies we use and how to manage them, please refer to our Cookie Policy.

The usage of cookie files is based on your consent. A lack of such consent or subsequent deletion of cookie files may render certain functionalities of the website unusable.

You have the option of limiting or disabling cookies on your device. Settings regarding the use of cookies can be found in the settings of your web browser. Web browsers allow you to disable all cookies or certain groups of cookies (e.g. from third parties). If you disable cookies just partly, cookies used within the website may be saved on your device, enabling the website to function properly. If you limit usage of cookie files, using specific services we provide can be problematic and even impossible in some scenarios.