Information clause on the processing of personal data

In connection with the processing of your personal data , in accordance with Art. Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) (OJ C 133, 11.12.2016, p. 1). EU L of 04.05.2016, No 119, p. 1 and OJ C 104, 11.12.2016, p. 1. EU L of 23.05.2018, No. 127, p. 2), hereinafter referred to as “GDPR”, we inform you that:

  1. Data controller
    The administrator of your personal data is Sybilla Technologies Sp. z o.o. with its registered office in Bydgoszcz ul. Toruń 59, 85-023 Bydgoszcz NIP 9532632892, hereinafter referred to as “Administrator”.
  2. Contact
    The Controller has not appointed a Data Protection Officer. In any matters related to the protection of personal data, you can contact the Administrator as follows:

    1. at the e-mail address:
    2. phone: +48 721 539 365
    3. in writing to the following address: Sybilla Technologies Sp. z o.o. with its registered office in Bydgoszcz ul. Toruń 59, 85-023 Bydgoszcz, with the note “Protection of personal data”.
  3. Grounds for legal processing of your personal data
    The legal basis for the processing of your personal data is:

    1. Article 6 paragraph 1, point b) of the GDPR i.e.: to perform the contract to which you are a party or to take action on your request before concluding the contract;
    2. Article 6 paragraph 1, point c) of the GDPR, i.e.: in connection with the legal obligation in cumbered by the Administrator to keep accounts and tax records, arising from generally applicable laws ( Act of 29.09.1994 on accounting; Act of 29.08.1997 Tax Code);
    3. Article 6 paragraph 1, point b) and c) of the GDPR i.e. forthe purpose of carrying out the sale or purchase of goods and services and for clearing purposes, personal data may be transferred to companies: courier, postal, transport, insurance, debt collection, banks.
    4. Article 6 paragraph 1, point f) of the GDPR:
      1.  for the purpose necessary for the purposes arising from the legitimate interests of the Administrator, consisting in ensuring the continuous and undistorted conduct of business, internal administrative purposes (including the management of services), necessary settlements in connection with the concluded contract, the establishment, recovery, or defense of claims and against claims.
      2. in order to contact persons, identify them, fulfill contracts concluded with the Administrator and pursue possible claims, personal data of persons representing or cooperating with the Administrator on behalf of contractors may be processed, including basic identification data (e.g. name), contact details (e.g. telephone number, e-mail address), address data (address ofthe place of employment), other data related to employment (e.g. employment position),
      3. to identify (register the IP address) of the user providing the Data to the Administrator and consent through the forms available on the website,
    5. Article 6 paragraph 1, point a) and b) GDPR i.e.: for recruitment purposes, based on legal provisions and consent,
    6. in the case of being a natural person representing a legal person or an organizational unit that is the executor of the contract or taking pre-contractual action, as well as an employee or associate of such legal person or entity participating in the conclusion or performance of a contract – Article 6 paragraph 1, point f) of the GDPR, i.e.: for the necessary purposes arising from legitimate interests pursued by the Administrator, consisting in activities related to the establishment of the terms of the contract with the contractor and facilitating communication related to its performance, as well as the identification of persons responsible for the implementation and authorized contacts in the performance of the contract.
  4. Recipients of personal data.
    Personal data, as a rule, will not be transferred to other entities, except:

    1. entities authorized to process them based on legal provisions, in particular public authorities,
    2. entities supporting in the exercise of our rights and obligations and in the provision of services, including accounting, human resources, legal, archiving and destruction of documents, postal, courier, payment services, marketing services, protection of persons and property, service providers in the field of sales platforms, as well as it system providers, providing assistance and technical support for it systems in which your data is processed.
  5. Data processing period
    Your personal data will be processed for the period necessary to fulfill the purpose for which the data were collected and which amounts to:

    1. in the case of performance of contracts and the need to comply with a legal obligation (Article 6 paragraph 1, point b) and c) of the GDPR) – 6 years after the end of the cooperation, unless otherwise specified in the specific provisions,
    2. in the case of consent given – until the consent is withdrawn or the purpose of the processing ceases,
    3. in the case of purposes arising from legitimate interests pursued by the Administrator (Article 6 paragraph, point f) of the GDPR) – until the purpose of processing ceases or your objection to the processing is submitted,
    4. in the case of recruitment – 3 months from its completion, and in the case of consent to future recruitment – 6 months from the submission of documents.
  6. Information about the requirement/voluntary provision of data and the consequences of not providing personal data
    Providing personal data necessary to comply with a legal obligation incumbering the Administrator is a statutory requirementand the data subject is obliged to provide them. In other cases, the provision of data is voluntary, but their absence will prevent the achievement of a specific purpose.
  7. Transfer of personal data to a third country or an inter-national organisation
    Your personal data may be transferred to a third country, i.e. outside the European Economic Area (EEA). The Controller does not, as a general rule, transfer your personal data to a third country or an international organisation, but due to the transnational nature of the flow of data within social networks, it may be transferred to a third country in connection with the use of the websites. However, the Administrator does not have control over what data the provider of websites or plug-ins collects, e.g. Facebook may transfer your data outside the European Economic Area (i.e. european Union countries and Iceland, Norway and Liechtenstein). At the same time, Facebook is EU-US – Privacy Shield certified, i.e. under an agreement between the US and the European Commission, the Commission has found an adequate level of data protection for companies certified by the Privacy Shield.
  8. Access to data
    You have the right of access to the content of your data and the right to rectification, erasure, restriction of processing, right to data portability, the right to object, unless prohibited by other legal provisions. If the processing takes place pursuant to Article 6 paragraph 1, point a) of the GDPR, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.
  9. Right to lodge a complaint with a supervisory authority
    You have the right to lodge a complaint with the President of the Office for Personal Data Protection if you consider that the processing of your personal data violates the law.
  10. Automated decision-making, profiling
    Your personal data is not subject to profiling by the Administrator.
  11. Cookies
    According to art. 173 of the Act of July 16, 2004 Telecommunications Law, the website uses cookies constituting IT data, in particular text files, including in order to: make it easier for you to use the website while browsing it, create statistics that help to understand how you use websites, which allows improving their structure and content. Therefore, you may consent to the data and information entered by you being remembered, so that it will be possible to use them the next time you visit our website without the need to re-enter them. If, however, you do not agree to personalize the website, we suggest disabling cookies in your web browser options. We also inform you that the Administrator’s website contains links to other websites and third-party social applications over which the Administrator has no influence and cannot be held responsible for the privacy practices of these websites and their services. After going to other websites and services, please read the privacy policy applicable there.