In accordance with Article 13(1)–(2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) — hereinafter referred to as GDPR,

we inform you that:

I. Data Controller

The controller of your personal data is:

PRETIUS SCI PROSTA SPÓŁKA AKCYJNA with headquarters in Warsaw (02-092), Poland, ul. Żwirki i Wigury nr 16a, KRS: 0001039651, NIP: 5223260060, REGON: 525459806

– hereinafter referred to as “Controller.”

II. Contact point

To facilitate communication, the Controller has appointed a dedicated contact point for matters concerning personal data protection. You can reach us via email, by phone, or by writing at the company’s registered office address.

III. Purposes and legal bases for processing personal data

The personal data you provide will be processed by the Controller for the following purposes:

Should the Controller intend to process your personal data for a purpose other than that for which it was initially collected, you will be informed about the new purpose and provided with all relevant information in accordance with Article 13(2) of GDPR.

Below, we outline the specific purposes and legal bases for processing your personal data:

Supporting and maintaining business relationships

In this context, personal data is processed based on mutual contractual obligations, i.e., in order to take action at the request of the person before concluding a contract or in connection with the performance of a concluded contract (pursuant to Article 6(1)(b) of GDPR). Additionally, we may process your data to fulfill a legal obligation arising from legal provisions, particularly tax law and financial reporting regulations (pursuant to Article 6(1)(c) of GDPR). Based on our legitimate interest, we may process your data to enforce or defend against potential claims arising from the contract we have entered into with you (pursuant to Article 6(1)(f) of GDPR). Providing your data is voluntary but necessary to allow you to enter into and perform a contract with us.

In connection with our business operations, we also collect personal data during various business meetings. We indicate that the personal data obtained in this way is processed solely for purposes related to supporting and maintaining business contacts within the business network we are creating. The legal basis for processing in this case is legitimate interest (pursuant to Article 6(1)(f) of GDPR). Providing data for this purpose is always voluntary, and processing is carried out solely for the specific purposes for which the data was collected.

Marketing activities

In terms of marketing activities, personal data is processed based on consent to inform, promote, and carry out marketing actions (including statistical purposes) by the Controller towards current and potential customers, in connection with the legitimate interest of promoting its own brand and services (pursuant to Article 6(1)(f) of GDPR). We may also process personal data based on consent given for a specific purpose (pursuant to Article 6(1)(a) of GDPR).

Moreover, the Controller processes personal data of users visiting its profiles on social media platforms. This data is processed solely in connection with the management of the profile, including to inform users about the Controller’s activities and to promote various events, services, and products. The legal basis for processing personal data in this regard is the legitimate interest (Article 6(1)(f) of GDPR), which involves promoting the brand.
Providing data for marketing purposes, including statistical analysis, is voluntary, and you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to its withdrawal.

Handling correspondence

If you contact us via email, a contact form on our website, social media, or traditional mail, the processing of your personal data will be based on our legitimate interest to respond to your inquiry (in accordance with Article 6(1)(f) GDPR).

Providing your data is voluntary, but necessary for us to communicate with you and respond to your inquiry. Failure to provide data may make it difficult or impossible to handle your request.

IV. Data retention period

The period for which personal data is processed is determined by the purpose of processing and the legal basis. Specifically:

V. Sources of personal data

We process personal data that you provide to us directly, for example, when using the contact form on our website, via email, or through other communication channels. You decide what information to share with us.

Additionally, we collect data automatically through cookies and similar technologies, which help us analyze user activity on our website and customize our services to your preferences. For details about the data we collect through these means and how to manage it, please refer to the section on cookies.

VI. Your rights

In accordance with GDPR, you have the following rights regarding the processing of your personal data:

The exercise of these rights is subject to the conditions outlined in GDPR. If we refuse your request, you will receive a response with an explanation.

The right to erasure applies in specific cases, such as when:

We may refuse to erase personal data if any of the exceptions under GDPR apply, such as when the processing is necessary to comply with a legal obligation or to establish, exercise, or defend legal claims.

The right to restrict data processing applies only in cases specified by the GDPR, namely:

The right to data portability applies only when the legal basis for processing personal data is either consent or the performance of a contract, and the processing is carried out by automated means.

In certain cases, we may reject your objection to data processing based on our legitimate interest if there are compelling legitimate grounds for processing that override the interests or fundamental rights and freedoms of the data subject, or if the processing is necessary for the establishment, exercise, or defense of legal claims. The Controller does not have this right if the data is processed for direct marketing purposes.

VII. Recipients of personal data

Your personal data may be disclosed to third parties that process personal data on behalf of the Controller, such as entities providing accounting services, IT service providers, or partners supplying internal management and data-sharing tools used by the Controller to achieve the purposes outlined in this Privacy Policy. These entities process data under a contract with us and in accordance with our instructions.

We may also disclose your personal data to other recipients if it is necessary for the fulfillment of specific processing purposes, such as banks, postal operators, law firms, our clients, or recruitment software providers.

Furthermore, your personal data may be disclosed to entities authorized under the law, including judicial authorities.

VIII. Processing in social media and joint controllership

The Controller processes personal data as part of its profiles and accounts on social media platforms, including Meta, LinkedIn, X (formerly Twitter), and YouTube.
Personal data is processed for the following purposes:

The legal basis for processing personal data in this context is the Controller’s legitimate interest in promoting its brand, maintaining its public image, conducting direct marketing, and ensuring effective communication.

Where data is processed for statistical and advertising purposes, as well as for analyzing user activity, the service providers act as joint controllers of the data. These service providers include:

The rules governing joint controllership and the principles for processing personal data by the aforementioned providers, acting as independent data controllers, are available on their respective websites.

IX. Cookies and automated data collection

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites function or to work more efficiently, as well as to provide information to website owners.
Our website uses the following types of cookies:

The processing of personal data in connection with the use of functional, analytical (statistical), performance, and marketing cookies is subject to the user’s consent, provided through the cookie management platform (Cookie Bar). Each consent can be granted individually for a specific category of cookies, and the user has the right to withdraw consent at any time via the same platform.

We analyze the collected data using solutions provided by third-party vendors. Specifically, your data may be transferred for functional, analytical (including statistical), performance, or marketing purposes to organizations responsible for the tools used on our website, such as Google Analytics, Microsoft Clarity, Meta Pixel, LinkedIn Insight Tag, Leadfeeder, HubSpot.

Where possible, we use anonymization or IP address truncation mechanisms. Detailed information about this is displayed through the cookie consent management platform. However, please note that certain tools may employ methods such as IP address truncation, which in some cases may allow approximate user identification.

Additionally, we use social media plugins. Data collected in connection with these plugins is transferred exclusively between your web browser and the selected social media operator. We do not have control over which data is collected and transferred. Therefore, we encourage you to review the privacy policies of the respective social media operators.

X. Transferring personal data to third countries

The Controller collaborates with service providers based outside the European Economic Area (EEA). As a result, personal data may be transferred outside the EEA when necessary, with appropriate levels of protection ensured.

In such cases, the legal basis for data processing will either be Standard Contractual Clauses or a decision by the European Commission confirming an adequate level of data protection under the Data Privacy Framework.

XI. Changes to the Privacy Policy

We may amend this Privacy Policy at any time, particularly in the event of changes in legislation, technology, or the operation of our website. You can always find the most current version of our Privacy Policy on our website.