Privacy Policy

The Data Controller of your personal data is Andersen sp. z o.o. with its registered office in Warsaw, Poland, address: Rondo Organizacji Narodów Zjednoczonych 1/XXV P., 00-124 Warszawa (Warsaw), entered into the Registry of Entrepreneurs by the District Court for the capital city Warsaw in Warsaw, XIIth Commercial Divison of National Court Registry, under KRS no.: 0000773985, NIP 5252782536, REGON No: 382686004.

A contact with a Data Controller is possible via:

• mail, by sending a letter to the Data Controller’s address mentioned above
• an e-mail by sending a message to the address: dpo@andersenlab.com

We have appointed a data protection officer in Andersen sp. z o.o. in Poland, who is a person responsible for issues connected with processing of personal data in our company. You may contact a data protection officer by:

• sending an e-mail to the following address: dpo@andersenlab.com
• sending a letter to the postal address: Andersen sp. z o.o., Rondo Organizacji Narodów Zjednoczonych 1/XXV P., 00-124 Warszawa (Warsaw, Poland), with a notice: Data protection officer.

Name and surname of our DPO in Andersen sp. z o.o. (Poland): Ewa Lewańska.

The specific legal basis and purposes for processing of your personal data are as follows:

If you visit our website, we process your personal data for purposes of:

• ensuring stability, performance, and correct functioning of the website or our services,
• tracking website traffic,
• verifying the manner in which website is used,
• displaying ads within our website,
• possible prevention of activities not compliant with applicable law.

These data we save especially within cookie files and logs relating to website visits. They may include, in particular, your IP address and the actions you take on the website.

For cookies that are essential for the operation of the website, the legal basis for processing of your personal data is the provision of Article 6.1.f) of the GDPR, stating that processing personal data is allowed when it is necessary for the purposes of the legitimate interests pursued by the controller. Our legitimate interest is connected with the need to prevent technical errors and bugs, ensure site security or prevent abuse and violations of law within the application. For non-essential cookies, such as those used for statistical analysis, marketing personalization, or social media integration, the legal basis for processing is your voluntary, specific, and informed consent pursuant to Article 6.1.a) of the GDPR. We only activate these cookies if you provide your consent through our cookie banner.

When you visit our website for the first time, we will inform you about our usage of cookie files and ask you for your explicit consent to store them.

For details on the cookies we use and how to manage them, please refer to our Cookie Policy.

If you use a contact form published on our website and you send us a message via this form or you contact us by a phone or via an e-mail, by using contact details presented on our website, we process your personal data (especially data indicated in a contact form, e-mail message or given during a phone conversation) in order to answer your question and contact you back.

The necessity to process your personal data in order to answer your question and contact you constitutes our legitimate interest, and the legal basis for data processing in this regard is the provision of Article 6.1.f) of the GDPR.

If you interact with the AI chatbot available on our website, we process your personal data (that you voluntarily provide during the conversation) in order to respond to your inquiries and conduct communication with you.

The necessity to process your personal data for the purposes of handling inquiries and communication with users constitutes our legitimate interest. The legal basis for such processing is Article 6.1.f) of the GDPR.

If you apply to a recruitment process conducted by us by submitting your personal data (e.g., via recruitment forms or sending your resume), we process your personal data for the purpose of conducting the recruitment and selecting candidates.

If you give us your consent, we may also process your personal data to contact you about future recruitment opportunities.

The legal basis for processing your personal data during the ongoing recruitment process is Article 6.1.b) of the GDPR, which allows processing necessary for taking steps at your request prior to entering into a contract. The scope of processed data is limited to what is necessary for recruitment and is based on applicable laws regulating recruitment processes.

For any additional data you provide beyond the legal requirements, the legal basis is your consent pursuant to Article 6.1.a) of the GDPR.

We process your personal data if:

• you contact us to establish cooperation,
• we provide services to you (you are our client),
• we use your services or support,
• we have any other kind of business cooperation.

In such case, the processing is conducted in order to conclude and perform an agreement between us and you, and the legal basis for processing of personal data is the Article 6.1.b) of the GDPR.

We may also process your personal data in order to comply with obligations imposed on the data controller by legal provisions, including in particular tax law or administrative law - the legal basis for personal data processing in this regard is the need for processing the data to fulfil the legal obligation to which data controller is subject, in accordance with the provisions of Article 6.1.c) of the GDPR.

We process your personal data for purposes of concluding or performing an agreement concluded between us and the Client, Contractor, or Service Provider.

The legal basis for processing of personal data is Article 6.1.f of the GDPR, enabling us to process personal data when it is necessary for the purposes of legitimate interests pursued by the Data Controller or third party.

The legitimate interest in this case is connected with processing personal data for purposes of concluding and performing agreements concluded between us and our Client, Contractor, or Service Provider what requires contacting representatives of the Client, Contractor, or Service Provider.

We have fan pages within social media such as Facebook, Instagram, Youtube, Xing, Twitter or LinkedIn. We also have profiles on other websites such as Behance, Dribbble, Clutch, Goodfirms and Intercom.

If you visit these profiles, we may also process your personal data. This also occurs in connection with, for example, leaving likes or comments on our posts or writing private messages to us.

We may also use paid adverts on these social media platforms, which may be displayed to you. In this regard, we process your personal data as a controller, and the legal basis for data processing is our legitimate interest, i.e. promoting our website and services, running statistics and insights about interactions with our content, building and maintaining an online community, allowing users to interact with our brand. Thus, the basis for data processing is the provision of Article 6.1.f) of the GDPR.

Additionally, we may process your data based on Article 6.1.f) of the GDPR (our legitimate interest) to ensure the security of the platform, prevent infringements fraud, pursue claims, defend against claims and maintain the integrity of the services.

If you subscribe to our mailing list, the legal basis for processing personal data in this regard is our legitimate interest, that is, providing you with marketing messages. Consequently, we process your personal data on the basis of Article 6.1.f) of the GDPR, which states that the processing of personal data is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller.

However, if specific legal provisions require us to obtain a prior consent before sending marketing messages, we do not send any e-mails if such a consent has not been given by you.

In order to provide you with the ability to use our services, we use support of some external companies. Therefore, personal data we process may be transferred to:

• legal authorities: where required by law, we may disclose your personal data to public authorities or courts.
• affiliated entities: entities within our corporate group that assist in managing the Website and contacting our Clients, Contractors, job applicants and other people interested in our services.
• external providers: third-party vendors who help us operate the Website, e.g., cloud hosting providers, analytics providers, and support services.

• Amazon Web Services EMEA SARL with its registered office in Luxembourg,
• Microsoft Ireland Operation Limited with its registered office in Dublin,
• Google Ireland Limited with its registered office in Dublin,
• Intercom R&D Unlimited Company based in USA,
• Chatbase, Inc. based in USA,

• operators of social media platforms, such as:

• for YouTube - Google Ireland Ltd. and Google LLC based in Mountain View, California. Detailed information on how Google processes data is available in Google’s Privacy Policy,
• for Facebook and Instagram - Facebook Ireland Limited and Facebook Inc. based in California, USA. Detailed information on how Facebook (Meta) processes data is available in Meta’s Privacy Policy,
• for LinkedIn - LinkedIn Corp. based in San Francisco, California, USA. Detailed information on how LinkedIn processes data is available in LinkedIn’s Privacy Policy,
• for Xing - New Work SE based in Hamburg, Germany. Detailed information on how XING processes data is available in XING’s Privacy Policy.

Due to the involvement of companies such as Google, Meta, Chatbase, Inc., Intercom R&D Unlimited Company or LinkedIn, your personal data may be transferred outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place. These transfers are based either on the EU-U.S. Data Privacy Framework, which provides a recognized legal basis for the transfer of personal data from the EU to the United States, or on Standard Contractual Clauses (SCCs) approved by the European Commission.

• other service providers: depending on the nature of our relationship, your personal data may also be disclosed to other IT service providers, as well as to entities providing accounting and bookkeeping services, debt collection services, marketing services, our partners, and other entities cooperating with us.

We do our best to store your personal data only for as long as it is actually necessary, and after that we delete it. The time for which we store your personal data depends on what is the type of our interaction:

• if you are a visitor to our website, we process your personal data for as long as you use the website and for up to fourteen months after your last visit,
• if you are our Client (entity which concluded an agreement with us) or its representative - we process your personal data for as long as the agreement between us is binding and for the duration of limitation of claims (up to 3 years from termination or expiration of the agreement),
• if you are a person who has written to us using the contact form on our website, contacted us by telephone or by e-mail - we process your personal data for as long as the contact between you and us lasts. After it ends and 3 months have passed, we delete the personal data we have collected in this way,
• if you are a person who has interacted with the AI chatbot on our website, we process your personal data for as long as the communication lasts. Once the interaction ends and 3 months have passed, we delete the personal data collected in this way.
• data processed for purposes of fulfilling accountancy and tax obligations shall be processed for period of 5 years from the end of calendar year in which the deadline for payment of tax obligation has lapsed,
• if you are a person who has visited our social media profile, liked or commented on a social media post or written to us via the Messenger application, we will process your data for as long as our profile exists on such a social media site, however, no longer than for the time that you are a user of such site,
• if you take part in our recruitment process, we process your personal data for the duration of a specific recruitment process and for up to 3 years after its completion or the end of our contact,
• if you are a person who subscribed to our mailing list - we process your personal data until you unsubscribe our mailing list or after the marketing activities are terminated, based on a mailing list.

Due to the fact that your personal data is processed, you have the following rights:

You can request a confirmation from us that your personal data is processed and request appropriate information in this regard, including information on what types of personal data are processed and for which purposes.

You have the right to request immediate rectification of incorrect personal data and supplement incomplete personal data.

You have the right to request immediate erasure of your personal data if any of the following criteria apply:

• personal data are no longer necessary to realize purposes for which they were collected or are otherwise processed,
• you have revoked consent (assuming it is the basis of processing) and there are no other legal bases for personal data processing,
• you have filed an objection regarding processing of your personal data and there are no other legally justified legal bases for personal data processing which override the objection,
• personal data have been processed illegally,
• personal data have to be erased in order to fulfil a legal obligation,
• personal data have been collected in connection with providing information society services to a child.

This does not apply to the extent that the processing of personal data is necessary:

• to exercise the right to freedom of expression and information;
• to comply with a legal obligation imposed on the controller requiring data processing;
• to establish, assert or defend claims.

You have the right to restrict the processing of your personal data if:

• you object to the correctness of personal data,
• processing of personal data is illegal but you object erasure of your personal data, requesting a restriction of processing instead,
• we do not need your personal data for processing purposes, but you need them to establish, pursue claims or defend from claims,
• you have filed an objection regarding processing of your personal data - until we determine whether the legitimate grounds on our side override the grounds for your objection.

You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller. Such request can be fulfilled only where your personal data are processed on basis of consent or an agreement and are processed by automated means.

You also have the right to request from us sending your personal data directly to another controller, assuming that it is technically possible.

You have the right to file a complaint to an authority competent in matters related to personal data processing - in Poland it is the President of Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych - PUODO).

If personal data is processed based on the consent, you have the right to withdraw it at any time. You can also withdraw consent where a specific activity undertaken by us is based on consent in understanding of regulations on protection of personal data, especially when it comes to sending marketing messages.

Withdrawing consent does not affect the legality and effectiveness of personal data processing until the consent is withdrawn.

You have the right to object to processing of your personal data, to the extent that the processing is based on our legitimate interest.

Your personal data shall not be used for purposes of automatic decision making, including profiling, as set forth by Article 22.1. and Article 22.4. of the GDPR.

The source of your personal data may be our business partners, clients, contractors, or publicly available sources (including the Internet and business registers).

Where personal data is obtained from sources other than directly from you, the categories of personal data concerned may include: identification data, address, contact details, tax identification number, submitted offers, arrangements relating to cooperation, financial terms, as well as the data indicated above in the table concerning the legal bases for the processing of personal data.

Provision of personal data is voluntary, although in scenarios where we process your personal data in order to conclude or perform a concluded agreement, withholding from providing personal data might render provision of services impossible.

Cookie files are small files which enable or facilitate usage of certain functions of the Website. They can be saved on your device directly by us or by third parties with whom we cooperate. In connection with using cookies by us, we may process your personal data, such as your IP address, history of your use of the Website, or information about the device or software you use. The cookie files we use are connected with functioning of our Website, monitoring Website’s traffic, maintaining statistics on how the website is used by the users, undertaking marketing activities, preventing errors and technical malfunctions, ensuring security, as well as preventing frauds and violations of applicable law.

There are the following types of cookies files:

Session cookies: cookies that are stored on your device during the time you use the Website (they are deleted when you close your web browser). Session cookies enable the correct use of the Website. Blocking them may result in encountering errors or prevent you from using the Website.

Persistent cookies: they are stored on your device until they are deleted or until they expire.

Moreover, the cookie files are divided into the following categories:

• Essential cookies - these cookies are necessary for the proper display and operation of the website. These cookies can also detect malfunctions of the site and help to fix errors, as well as allow to verify the extent of the user's consents to other cookies. Blocking them may cause the website to malfunction.
• Analytics cookies - these cookies enable the collection of statistics on the use of our website by users. Among other things, they allow us to verify website traffic, count the number of hits, measure how the website is used, and analyse what devices and browsers users are using. We use tools such as Google Analytics to conduct analytics activities. These tools may require the use of cookies.
• Marketing cookies - cookies responsible for conducting advertising and marketing activities, in particular related to the use of Google Ads. They also include remarketing activities, i.e. encouraging users to revisit our website. Consenting to the use of these cookies will allow us to target advertising to you, based on your previous activities on our website
• Third-party cookies - these are cookies associated with the external providers, such as YouTube, Google Maps, Facebook, Instagram and other mentioned in our Cookie Policy. Accepting them will allow us to link your visit to the site.

You can read detailed information about what cookies may be stored on your device under the cookie information banner displayed on the website. It contains information about specific cookies, their purpose and how long they will be stored on your device.

For details on the cookies we use and how to manage them, please refer to our Cookie Policy.

Usage of cookie files is based on your consent. Lack of such consent or subsequent deletion of cookie files may render certain functionalities of the website unusable.

You have the option of limiting or disabling cookies on your device. Settings regarding the use of cookies can be found in the settings of your web browser. Web browsers allow you to disable all cookies or certain groups of cookies (e.g., from third parties). If you disable cookies just partly, cookies used within the Website may be saved on your device, enabling the Website to function properly. If you limit usage of cookie files, using specific services we provide can be limited, and even impossible in some scenarios.