www.icproject.com

Privacy Policy

  • 1. The Personal Data Controller on the website of https://icproject.com, hereinafter referred to as the Website, is nGroup System Sp. z o.o. with its registered office at ul. Malików 150d, 25-639 Kielce, NIP [Tax Identification Number]: 9591926129, REGON [National Official Business Register]: 260468463, entered in the National Court Register (KRS) by the District Court in Kielce, 10th Economic Division of the National Court Register, with KRS number 0000385149, share capital: PLN 5000 (paid up in full), e-mail: support@icproject.com.
  • 2. Respecting your rights as data subjects and respecting the effective provisions of law, notably the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000, hereinafter referred to as the Act) and other governing regulations on personal data protection, we undertake to ensure security and confidentiality of the personal data obtained from you. All our employees have been properly trained in personal data processing and we, as the Personal Data Controller, have implemented proper protections and technical and organisational measures to provide the highest level of personal data protection. We have personal data protection procedures and policies compliant with GDPR in place, thanks to which we ensure compliance with the law and reliability of data processing as well as exercisability of all rights that you are eligible for as data subjects. In addition, if necessary we cooperate with the supervisory authority in the Republic of Poland, i.e. the President of the Personal Data Protection Office (hereinafter referred to as PPDPO).
  • 3. We gather the following personal data on our Website:
    • a) name and surname – they can be processed when you, as the users of our Website (including clients or prospective clients), provide us with them via electronic mail, the contact form available on our Website, the traditional mail or telephone contact in order to use the products and services we offer,
    • b) e-mail address – it can be processed when you, as users of our Website (including clients or prospective clients), provide us with it when contacting us via electronic mail, the contact form available on our Website as well as traditional mail or telephone; we use your e-mail to send you confirmation of orders you have placed, to contact you when it is necessary in the course of execution of your order and to answer your questions regarding our products or services; if you have agreed to receiving marketing content and you have subscribed to our newsletter, we will also send you marketing information several times a month,
    • c) telephone number – we sometimes call you if any unexpected events occur, at the same suggesting the most beneficial solution,
    • d) NIP – we obtain the Tax Identification Number from entrepreneurs and the persons who request issuance of invoices and hold a NIP number,
    • e) device IP address or web browser identifier – information resulting from general terms and conditions of connections on the Internet, such as IP address (and other information included in system logs), is used for technical and statistical purposes, including but not limited to the collection of general demographic information (.e.g. on the region from which the connection comes),
    • f) other data can possibly be downloaded due to certain cases being run or they can be provided by you as users of our Website (including as clients or prospective clients) via electronic mail, the contact form available on our Website, the traditional mail or telephone.
  • 4. The provision of the data specified in the previous point is necessary in the cases it specifies, notably:
    • a) for provision of the services you have ordered on our Website,
    • b) for your registration in our database by creation of an Account, which is voluntary; in such a case, we store the personal data you have provided in our database to facilitate your future use of the services on our Website
    • c) for response to your questions and for contact via electronic mail, the contact form available on the Website, the traditional mail or telephone,
    • d) for provision of the service (subscription) of newsletter – if you would like to be informed about interesting and commercial offers and events, you can subscribe to our newsletter; the subscription is voluntary and you can unsubscribe any time you want.
  • 5. Our Website uses Cookies to adapts its functioning to your individual needs. Therefore, you can agree for the data and information you have entered are stored – as a result they can be used without the need for entering them again when you visit your Website again. The owners of other websites will not have access to those data and information. However, if you do not agree to the personalisation of the Website, we suggest disabling Cookies service in the settings of your web browser.
  • 6. Each of you, as a person using our Website, can choose whether and to what extent you would like to use our services and made your details available, within the scope specified by this Privacy Policy.
  • 7. According to the data minimisation principle, we process only these personal data categories that are necessary for achievement of the purposes specified in Points 3 and 4 above.
  • 8. We process your personal data for the period necessary to satisfy the purposes specified in Points 3 and 4 above. The personal data can be processed for longer periods of time if such right or obligation or ours, acting as the Controller, results from special provisions of law or from the legitimate interests of the Controller, stipulated in Point 10(c) above (i.e. for the period of prescription or completion of proper proceedings, if such have been instigated in the period of prescription) or if the service we are providing is continuous (e.g. subscription to our newsletter).
  • 9. The source of the Personal Data processed by the Controller are the data subjects.
  • 10. The legal basis for processing of your personal data is as follows:
    • a) Art. 6(1)(b) of GDPR, i.e. the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract,
    • b) Art. 6(1)(c) of GDPR, i.e. the processing is necessary for compliance with a legal obligation to which the Controller is subject,
    • c) Art. 6(1)(f) of GDPR, i.e. the processing is necessary for the purposes of the legitimate interests pursued by the Controller, i.e. determination, seeking or defence of claims until their prescription or until proper proceedings end if such have been instigated in such a period, or
    • d) Art. 6(1)(a) of GDPR, i.e. You consent to the processing of your personal data for specific purposes when other legal basis for the processing of your personal data do not apply – e.g. in the the case of provision of the service of newsletter.
  • 11. Your personal data can be provided to a third country or an international organisation as the Controller uses services of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA. If your personal data are sent to third countries, e.g. the United States, HubSpot observes the provisions of law ensuring the same level of data protection as the provisions of the European Union, according to the Privacy Shield. To obtain more information about the Privacy Shield and read the entry regarding HubSpot, go to the website of the Privacy Shield (https://www.privacyshield.gov/welcome).
  • 12. We do not make any personal data available to third parties unless the data subjects grant their explicit consent in this respect. Without the data subject’s consent, their personal data can be made available only to public law entities, i.e. the authorities and the administration (e.g. tax authorities, law enforcement authorities and other entities authorised under the generally applicable provisions of law).
  • 13. If the Application includes the “Like” button or other links to the Controller’s accounts on social media, in the scope of the data including, but not limited to, IP or the web browser identifier and in the scope of the Controller’s use of the following products:
    • a) Facebook (np. Facebook, Messenger, Instagram) – the above data will be processed on terms of joint control with Facebook Ireland Ltd. with its registered office at: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
    • b) Google (e.g. YouTube, Maps) – the above data will be processed on terms of joint control with Google Ireland Ltd. with its registered office at: 4 Barrow St, D04 E5W5, Dublin, Ireland (Google Building Gordon House),
    • c) Twitter – the above data will be processed on terms of joint control Twitter International Company with its registered office at: One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
    • d) If in the cases specified in this point, the personal data are provided to third countries, such provision is carried under Point 11.
  • 14. Personal data can be entrusted for processing to processors handling such data for the benefit of ours as the Personal Data Controller. In such a situation, we as the Personal Data Controller conclude a personal data processing agreement with such a processor. The processor processes the entrusted personal data only for the purposes and in the scope specified in the agreement specified in the previous sentence. We could not run our business regarding the Website if we did not entrust your personal data for processing. As the Personal Data Controller, we entrust personal data for processing to the following entities:
    • a) entities providing hosting services for a website on which our Website runs,
    • b) entities providing us with other services which are necessary for current operation of the Website.
  • 15. We as the Controller do not profile personal data as per GDPR.
  • 16. Under GDPR, each person whose personal data we process as the Personal Data Controller has the right:
    • a) to be informed about the processing of their personal data as stipulated in Art. 12 of GDPR,
    • b) to have access to their personal data as stipulated in Art. 15 of GDPR,
    • c) to correct, supplement, update and rectify the personal data as stipulated in Art. 16 of GDPR,
    • d) to erase their data (the right to be forgotten) as stipulated in Art. 17 of GDPR,
    • e) to restrict the processing as stipulated in Art. 18 of GDPR,
    • f) to transfer the data as stipulated in Art. 20 of GDPR,
    • g) to object to the processing of their personal data as stipulated in Art. 21 of GDPR,
    • h) to withdraw their consent at any time, which will not affect the legitimacy of the processing carried out before such a withdrawal – in the case of the legal basis specified in Point 10(d) above,
    • i) not to be subject to profiling as per Art. 22 of GDPR in conjunction with Art. 4(4) of GDPR,
    • j) to submit a complaint to the supervisory authority (i.e. the President of the Personal Data Protection Office) as stipulated in Art. 77 of GDPR, taking into account the terms of exercise and execution of these rights as stipulated in GDPR.
  • 17. If you would like to exercise your rights specified in the previous Point, use the proper tabs on the Website which allow your to remove your account and the data gathered on our Website or send an e-mail or a written message at the e-mail address or the correspondence address specified in Point 18 below.
  • 18. Any questions, requests and complaints concerning the processing of the personal data by the Controller, hereinafter referred to as the Notifications, are to be sent to the following e-mail address: …, or sent in writing to the following address: ul. Malików 150d; 25-639 Kielce.
  • 19. The Notification should expressly include:
    • a) the details of the person whom the Notification regard,
    • b) the event which is the cause of the Notification,
    • c) the requested demands and their legal basis,
    • c) the expected manner in which the case should be resolved.
  • 20. Each found data protection breach is documented and if any of the situations stipulated in the GDPR or the Act occur, the data subjects and – if applicable – PPDPO – will be informed about it.
  • 21. Any capitalised terms have the meaning defined in the Terms and Conditions of our Website unless the content of this Privacy Policy suggests otherwise.
  • 22. The provisions of this Privacy Policy apply to the applicable extent to all persons with whom we have a legal relationship and of whose personal data we are the Controller, including but not limited to our clients, contractors and newsletter subscribers.
  • 23. Matters not regulated by this Privacy Policy are governed by the generally applicable provisions of law. If there are any discrepancies between this Privacy Policy and the above provisions of law, the provisions of law prevail.