Privacy policy

Thank you for your interest in our company. Data protection is of particular importance to the management of Heller Consult Sp. z o.o.. The use of the websites of Heller Consult Sp. z o.o. is generally possible without providing personal data. However, if an interested party wishes to use our special services via our website, processing of personal data may be required. If processing of personal data is required and there is no legal basis for such processing, we usually seek the consent of the data subject. The protection of personal data is of particular importance to the management of Heller Consult Sp. z o. o. and we are committed to safeguarding your data to the greatest extent possible.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject is always in compliance with the General Data Protection Regulation and in accordance with the national data protection regulations of Heller Consult Sp. z o.o.. With this privacy policy, our company strives to inform the public about the nature, scope and purpose of the personal data collected, used and processed. In addition, data subjects are informed of their rights under this privacy policy.

As the controller, Heller Consult Sp. z o.o. has implemented technical and organizational measures to ensure the greatest possible protection of personal data processed through this website. Nevertheless, Internet data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, any interested person wishing to use our special services may provide us with personal data (contact information) in other ways, such as by telephone.

The privacy policy of Heller Consult Sp. z o. o. is based on the terminology used by the European directive and regulatory body for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain in advance the terminology used.

Definitions

Administrator.

A controller is a natural or legal person, public body or authority that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of such processing are specified in Union or Member State law, the controller or specific criteria for its designation may be provided for in Union or national law.

Processor.

A processor that is a natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.

Recipient.

A recipient is a natural or legal person, agency or other entity to whom personal data is disclosed, whether or not it is a third party. Government bodies that may receive personal data in accordance with EU or national law in connection with a specific mission are not considered beneficiaries.

Third party.

A third party is a natural or legal person, public authority or body other than the data subject, controller, processor and persons directly authorized to process personal data by the controller or processor.

Personal data.

Personal data is any information relating to an identified or identifiable natural person, hereinafter referred to as a “person of interest” or “user.” A natural person is considered identifiable, directly or indirectly, in particular by association with an identifier such as a name, identification number, location data, Internet identifier, or by one or more specific characteristics including physical or physiological condition, and when the genetic, mental, economic, cultural or social identity of that natural person can be identified.

Person of interest, data subject, user

Any identified or identifiable natural person whose personal data is processed by the controller.

Consent

Consent is any freely given and unequivocally expressed in the form of a statement or other unambiguous act confirming by means thereof, by the data subject, in this particular case, that the data subject consents to the processing of personal data.

Data processing by the controller.

Means any process or series of operations related to personal data, such as collecting, gathering, organizing, arranging, storing, adapting or modifying, reading, querying, using, with or without the help of automated procedures; disclosure through submission, dissemination or other form of assurance, linkage, restriction, deletion or destruction.

Service.

The website of which Heller Consult Sp. z o. o. is the administrator.

Limitation of processing.

Restriction of processing is the marking of stored personal data to limit further processing.

Data profiling.

Profiling is any kind of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects concerning an individual, in particular aspects relating to the individual’s work, economic situation, health, personal characteristics and also to analyze or predict the individual’s preferences, interests, behavior, whereabouts or relocation of that individual.

Pseudonymization.

Pseudonymization involves processing personal data in such a way that the personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person. Pseudonymization is a means of implementing the anonymization of personal data.

Name and address of the controller.

The responsible controller of personal data within the meaning of the General Data Protection Regulation and other data protection legislation in the Member States of the European Union and other legislation of a data protection nature is:

  • Heller Consult Sp. z o.o.
  • Chałubińskiego 8, 36p.
  • 00-613 Warsaw,
  • Poland
  • tel: +48 22 501 45 10
  • fax: +48 22 621 80 53
  • E-mail: hc@heller-consult.pl
  • Service: https://heller-consult.pl/

Contact details of the data protection officer

  • Personal data protection inspector
  • Chałubińskiego 8, 36p.
  • 00-613 Warsaw,
  • Poland
  • phone: +48 22 501 45 10
  • E-mail: inspektorochronydanychosobowych@heller-consult.pl

Any data subject may contact our Data Protection Officer at any time with any questions or suggestions regarding data protection.

Purposes and legal basis of data processing.

The Administrator collects personal data for marketing purposes, including to the extent necessary to provide the services offered, as well as statistical information about the activity of Users on the website owned by the Administrator. Personal data of all persons who have agreed to receive marketing content in the form of a newsletter or (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the administrator:

For the purpose of providing electronic services – in terms of providing content related to initiatives related to the Administrator’s activities or, in justified cases, information related to the Administrator.

For the purpose of providing contact forms for offers – then the legal basis of processing is the necessity of processing for the performance of the contract (Article 6(1)(b) GDPR);

For analytical and statistical purposes – in which case the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR), consisting of conducting analyses of Users’ activities, as well as their preferences in order to improve the functionalities used and services provided;

For the Administrator’s marketing purposes. The principles of processing personal data for marketing purposes are described in the section “Marketing”

Contact forms (and handling of data acquired through the form). The administrator provides the possibility to make contact using electronic contact forms on the sites it owns. Using the form requires providing personal data necessary to contact the User and respond to the inquiry. The User may also provide other data to facilitate contact or handling of the inquiry. Provision of data marked as mandatory is required in order to accept and service the inquiry, and failure to provide such data will result in the impossibility of service. Provision of other data is voluntary.

Data from contact forms are processed for the purpose of identifying the sender and handling his/her inquiry sent through the form provided – the legal basis for processing is the necessity of processing for the performance of the service contract (Article 6(1)(b) GDPR);

for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting of keeping statistics on queries submitted by Users.

The Administrator processes Users’ personal data in order to carry out marketing activities, which may consist in:

  • providing Users electronically with marketing content corresponding to their interests;
  • directing e-mail notifications of interesting offers or content, which in some cases contain commercial information;
  • conducting other types of activities related to direct marketing of goods and services (sending commercial information by e-mail and telephone).

Profiling. In order to carry out marketing activities, the administrator in some cases uses profiling. This means that through automatic data processing, the controller evaluates selected factors concerning the User, in order to provide information in accordance with the User’s preferences and also to collect information of a statistical nature.

The website of Heller Consult Sp. z o.o. collects a series of general data and information each time a user accesses it. These general data and information are stored in server log files. They relate to information including:

  1. browser types and versions,
  2. the operating system used by the access system,
  3. The website from which the access system accesses our website (known as Resellers),
  4. sub-network sites that can be accessed via (5) date and time of access to the website,
  5. the Internet protocol address (IP address),
  6. Internet service provider of the access system, and
  7. other similar data and information used in case of attacks on our information systems.

Using this general data and information, the administrator does not draw conclusions about a person. Rather, this information is required in order to

  • correctly deliver the content of our website,
  • in order to optimize the content of our website and advertise it,
  • to ensure the continued operation of our information systems and our website technology, and
  • to provide law enforcement agencies with information necessary for law enforcement in the event of a cyber attack.

This anonymously collected data is statistical data and is further evaluated by the controller to enhance data protection and data security in our company to ultimately ensure the best possible level of protection for the personal data we process. The anonymized data from the server log files are stored separately from all personal data provided by the affected person.

Cookies. The Administrator processes data, including personal data collected through cookies and other similar technologies, for marketing purposes in order to obtain statistical information about the preferences of Users. uses its own cookies and those of external entities, in accordance with the disposition of the Telecommunications Law of July 16, 2004. Processing of personal data then includes profiling of Users, however, statistical information does not allow identification of individual Users. The use of data collected through this technology for marketing purposes, takes place on the basis of the legitimate interest of the administrator and only on condition that the User has consented to the use of cookies. Consent to the use of cookies can be expressed through the appropriate configuration of the browser, and can be withdrawn at any time, in particular by clearing the history of cookies and disabling cookies in the browser settings, which is covered in the Cookie Policy.

Direct Marketing. If the User has agreed to receive marketing information via e-mail and other means of electronic communication, the User’s personal data will be processed for the purpose of sending such information. The basis for data processing is the legitimate interest of the administrator to send marketing information within the limits of the consent given by the User (direct marketing). The User has the right to object to the processing of data for direct marketing purposes, including profiling. Data will be kept for this purpose for the duration of the administrator’s legitimate interest unless the User objects to receiving marketing information.

Social networks. The administrator processes personal data of Users visiting administrator profiles maintained on social media: Facebook, Twitter, and profiles maintained on other portals of which Heller Consult Sp. z o.o. is the administrator. These data, are processed exclusively in connection with running the profile, in order to inform the User about the Administrator’s activities and to promote various events, services and products, as well as to communicate with the User through the functionalities available in social media. The legal basis for the Administrator’s processing of personal data for this purpose is its legitimate interest (Article 6(1)(f) GDPR) in promoting its own brand and building and maintaining a brand-related community.

Acquisition of statistical data. The Administrator and other entities providing services to the Administrator use cookies to monitor website traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the website is used by the User, to create statistics and reports on the functioning of the website). Google does not use the collected data to identify the User, nor does it combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners. The acquisition of data is carried out through the administrator’s services, and the processing is secured through the anonymization of the User’s data, which is provided by the processor (processor) The administrator does not acquire data for the purpose of tracking Users online, does not use tools that enable such activities, and does not carry out activities related to cooperation with other entities aimed at obtaining such information.

Routine deletion and blocking of personal data

The Administrator shall process and store your personal data only for the period of time necessary to achieve the purpose of storage or, as the case may be, by European directives or regulations, or by any other legislator in laws or regulations that stipulate other conditions for the storage period.

If the purpose of storage is disregarded or the retention period specified in the European directives and regulations or any other relevant national laws expires, your personal data will be routinely blocked or deleted in accordance with statutory provisions.

Data retention period. The period of data processing by the controller depends on the type of service provided and the purpose of processing. As a general rule, data are processed for the duration of the service provided or the execution of the order, until the withdrawal of the consent given or the filing of an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the controller. The data processing period may be extended in cases where the processing is necessary to establish and assert or defend against possible claims, and thereafter only in the case and to the extent required by law. After the expiration of the processing period, the data shall be irreversibly deleted or anonymized.

Rights of the User.

Any User (interested person) who consents to the processing of his data by Heller Consult sp. z o.o. has the right to:

The right to confirm

Every data subject (interested party, user) has the right, as granted by European regulators, to require the controller to verify that his or her personal data is being processed. If the data subject wishes to exercise this right to confirmation, he or she may contact an employee of the controller at any time.

Right to information about the processing of personal data.

Any person affected by the processing of personal data has the right, at any time, to obtain from the controller information about the personal data stored about him and a copy of such data. On this basis, to the person making such a request, the controller shall provide information about the processing of personal data, which may include:

  • purposes of processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data have been disclosed or are yet to be disclosed, in particular to recipients in third countries or international organizations
  • if possible, the intended duration of storage of personal data or, if this is not possible, the criteria for determining this duration
  • the existence of the right to rectification or erasure of personal data concerning the person, or restriction of processing by the person responsible, or the right to object to such processing
  • the existence of the right to appeal to the supervisory authority
  • if the personal data is not collected from the data subject: All available information about the source of the data
  • the existence of automated decision-making, including profiling in accordance with Articles 22(1) and 4 of the General Data Protection Regulation (GDPR), and, at least in those cases, the existence of relevant information about the logic and scope hereof or the intended impact of such processing on the data subject. In addition, the data subject has the right to access personal data transferred to a third country or an international organization. In such a case, the data subject has the right to obtain information about the relevant guarantees related to the transfer.

If the data subject wishes to exercise this right of rectification, he or she may contact an employee of the controller at any time.

Right of rectification

Any data subject (user) affected by the processing of personal data has the right granted by the European legislator to request the immediate correction of inaccurate personal data concerning him or her. In addition, the data subject has the right to request the filling in of incomplete personal data, including by means of a supplementary notification, taking into account the purposes of the processing.

If the data subject wishes to exercise this right to rectification, he or she may contact an employee of the controller at any time.

Right of revocation (right to be forgotten)

Any person affected by the processing of personal data has the right granted by European directives and regulators to demand that the controller immediately erase the personal data concerning them, provided that one of the following reasons is met and the processing is not required:

  • The personal data has been collected for such purposes or otherwise processed for which it is no longer needed.
  • The data subject withdraws the consent on the basis of which the processing was conducted in accordance with Article 6(1)(a) GDPR Article 9(2)(a) GDPR and there is no other legal basis for the processing.
  • The data subject objects to the processing and there are no legitimate reasons for the processing or data objects.
  • Personal data has been processed unlawfully.
  • Erasure of personal data is necessary to comply with a legal obligation under EU or national law to which the controller is subject.

If one of the above reasons is correct, and the person concerned wishes to initiate the erasure of personal data stored by Heller Consult sp. z o.o., he or she may contact an employee of the controller at any time. An employee of Heller Consult sp. z o.o. will arrange for the immediate fulfillment of the request for assistance.

If personal data has been made public by Heller Consult sp. z o.o., and if our company as the responsible party is obliged to erase the personal data in accordance with Article 17 (1) of the General Data Protection Regulation (GDPR), Heller Consult sp. z o.o. shall take appropriate measures, taking into account available technology and implementation costs also of a technical nature, to inform other data controllers who process the published personal data that the data subject has requested the erasure of all links to the personal data or copies or replicas thereof, if processing is not required. An employee of Heller Consult Sp. z o. o. will order the necessary steps on a case-by-case basis.

Right to limit processing

Any user affected by the processing of personal data has the right, granted by a European directive and regulatory authority, to require the controller to restrict processing if one of the following conditions applies:

  • The accuracy of the personal data is disputed by the data subject for a period of time that allows the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject refuses to erase the personal data, and instead requests a restriction on the use of the personal data.
  • The controller no longer needs the personal data for processing purposes, but the data subject requires the controller to assert, exercise or defend legal claims.
  • The data subject has an objection to the processing in accordance with Article 21(1) of the General Data Protection Regulation (GDPR), and it is not yet clear whether the legitimate reasons of the responsible person outweigh the interests of the data subject.

If one of the aforementioned conditions is met, and the person concerned wishes to request the restriction of personal data stored by Heller Consult sp. z o.o., he or she may contact an employee of the controller at any time. An employee of Heller Consult sp. z o.o. will initiate the restriction of processing.

Portability of data

Any person affected by the processing of personal data has the right under European directives and regulations to obtain personal data concerning him or her provided by the data subject to the controller in a structured, common and computer-readable format. In addition, he has the right to transfer such data to another controller without hindrance from the controller to whom the personal data has been transferred, as long as this is technically feasible and, if so, the rights and freedoms of others are not affected. The condition is that the processing is based on consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR) or in Article 9(2)(a) of the General Data Protection Regulation (GDPR) or on a contractual basis in accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR) and the processing is carried out by automated means. An exception is processing if it is necessary for the performance of a task of public interest or a task of public authorities; which has been delegated to the controller.

To assert the right to data portability, the data subject may at any time contact an employee of Heller Consult Sp. z o. o.

Right to object

Any person affected by the processing of personal data has the right granted by a European legislative body to object to the processing of his or her personal data at any time on grounds relating to his or her particular situation under Article 6(1)(e) or (f) of the General Data Protection Regulation (GDPR). This also applies to profiling based on these provisions.

In the event of an objection, Heller Consult sp. z o.o. shall no longer process the personal data unless we can prove compelling reasons for the processing that deserve protection and that outweigh the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defense of legal claims.

If Heller Consult sp. z o.o. processes personal data for the purpose of direct mailings, the data subject has the right to object at any time to the processing of personal data for such advertising. This also applies to profiling, insofar as it is related to such direct correspondence. If the data subject notifies Heller Consult sp. z o.o. to cease direct marketing, Heller Consult sp. z o.o. will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her for scientific or historical purposes or for statistical purposes pursuant to Article 89 par. 1 of the General Data Protection Regulation (GDPR), unless such processing is necessary for the fulfillment of a task of public interest.

To exercise the right to object, the person concerned may directly contact an employee of Heller Consult sp. z o. o.

Automatic decisions in individual cases, including profiling

Any data subject affected by the processing has the right granted by a European legislative body not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on him or her or similarly significantly affects him or her; if the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorized by the legislation of the European Union or of the Member States to which the controller is subject and such legislation provides for appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, or (3) with the express consent of the data subject.

If the decision (1) is required for the conclusion or performance of a contract between the person concerned and the responsible person, or (2) is made with the express consent of the data subject, Heller Consult sp. z o.o. shall take appropriate measures to protect the rights and freedoms, as well as the legitimate interests of the data subject, including at least the right of the person to intervene with the controller, to express his or her own position and to contest the controller’s decision.

The right to withdraw consent for data protection purposes

Any person affected by the processing of personal data has the right, granted by the European Directive and the regulator, to revoke consent to the processing of personal data at any time. If the data subject wishes to assert his or her right to withdraw consent, he or she may contact a staff member of the controller at any time.

Right to complain

If the processing of personal data is deemed to violate the provisions of the GDPR or other data protection laws, the data subject may file a complaint with the President of the Office for Personal Data Protection.

Data protection in application documents and recruitment process

The controller collects and processes the personal data of candidates for processing into the application process. Processing may also take place electronically. This is the case, in particular, if the candidate submits the relevant application documents to the controller by electronic means, for example, via e-mail of a web form available on the website. If the controller enters into an employment contract with the candidate, the data provided will be stored for the purposes of the employment relationship in accordance with the law. If, on the part of the controller, no employment contract is concluded with the candidate, the application documents will be automatically deleted two months after the rejection decision is announced, unless the deletion excludes other legitimate interests of the controller. Other legitimate interests in this sense include, for example, the burden of proof in a procedure under the General Equal Treatment Act (GDPR).

Privacy policy regarding the use and application of Google Analytics

This website uses the “Google Analytics” service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyze the use of the website (service) by users. The service uses “cookies” – text files stored on the device. The information collected by cookies is usually sent to a Google server in the USA and stored there.

This site accesses IP anonymization. The IP address of users is abbreviated in EU member states and the European Economic Area. This reduction eliminates the personal reference of your IP address. Under the terms of the agreement that website operators have with Google Inc. they use the collected information to compile an assessment of activity on the site and to provide Internet services.

You can prevent cookies from being stored on your device by making the appropriate settings in your browser. There is no guarantee that you will be able to access all features of this site without restrictions if your browser does not allow cookies.

In addition, you can use a browser plug-in to prevent information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link takes you to the appropriate plug-in: https://tools.google.com/dlpage/gaoptout?hl=en-GB

Here is more information about the use of Google Inc. data: https://support.google.com/analytics/answer/6004245?hl=en

Click here to disable Google Analytics http://tools.google.com/dlpage/gaoptout.

Legal basis for processing

Article 6 I letter a of the General Data Protection Regulation (GDPR) serves as our legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in processing operations necessary for the delivery of goods or the provision of any other service or performance, the processing is based on: Article 6 I letter b of the General Data Protection Regulation (GDPR). The same principle applies to processing operations that are necessary for the performance of pre-contractual activities, for example, in the case of inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Article 6 I letter c of the General Data Protection Regulation (GDPR). In rare cases, processing of personal data may be required to protect the vital interests of the data subject or another individual. This would be the case, for example, if a visitor to our facility was injured and his or her name, age, health insurance or other relevant information would have to be provided to a doctor, hospital or other third party. Then the data processing would be based on Article 6 I letter d of the General Data Protection Regulation (GDPR). Finally, the data processing may be based on Article 6 I letter f of the General Data Protection Regulation (GDPR). Under this legal basis, processing operations that are not covered by any of the above legal bases are required if the processing is necessary to protect the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject prevail. Such processing operations are specifically permitted to us because they have been explicitly mentioned by a European legislative body.

Legitimate interests in processing that are pursued by the controller or a third party

If the processing of personal data is based on Article 6 I letter f of the General Data Protection Regulation (GDPR) is our legitimate interest in conducting our business for the benefit of all our employees and our shareholders.

Duration of storage of personal data

The criterion for the duration of storage of personal data is the relevant statutory retention period. After the expiration of this period, the relevant data will be routinely deleted if it is no longer necessary to fulfill the terms of the contract or its conclusion.

Legal or contractual provisions for the provision of personal data; the necessity of entering into a contract; the data subject’s obligation to provide personal data; the possible consequences of failure to do so.

We clarify that the sharing of personal data is partly required by law (e.g., Tax regulations) or also due to contractual provisions (e.g., Contracting party information)

Existence of automated decision-making

As a responsible company, we refrain from automated decision-making or profiling.

Applications.

User applications regarding the activities described in the section “User’s rights” can be addressed:

  1. in electronic form. Via the e-mail account from which the User’s consent to data processing was granted, to inspektorochronydanych@heller-consult.pl
  2. In written form. To the correspondence address of the administrator: Heller Consult Sp. z o.o. with its registered office at 8 Chałubińskiego Street, 00-613 Warsaw with a note “Request for User Data”.

The request should specify what data operation it relates to (obtaining a copy of the data, restricting processing), what processing the request relates to (e.g. use of a particular service, activity on a particular website, receiving a newsletter containing commercial information to a particular email address, etc.).

In a situation where the administrator will not be able to determine the request on the basis of the information received from the User, the User will be contacted to clarify the information. A response to the request will be provided to the email address from which the consent for data processing was given, and in the case of consents sent by letter, by regular mail within 30 calendar days of receipt of the request. If it is necessary to extend this deadline, the controller will inform the applicant of the reasons for the extension.

Security of personal data.

The Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide guarantees to apply appropriate security measures whenever they process personal data on behalf of the Administrator. The Administrator shall conduct a risk analysis on an ongoing basis to ensure that personal data is processed by it in a secure manner – ensuring, above all, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. The administrator ensures that all operations on personal data are recorded and performed only by authorized employees and associates.

Control of policy changes

The privacy policy is reviewed on an ongoing basis and updated as necessar