ENSIS TECHNOLOGY PRIVACY POLICY
SP. Z O.O.

Our Privacy Policy aims to ensure that your personal data is protected and processed in accordance with applicable laws. We care about your privacy and transparency in the collection and use of information.

Processing of personal data

Ensis Technology Sp. z o.o. with its registered office in Warsaw processes personal data for various purposes, and detailed information on this subject can be found below

This Policy may be modified from time to time. The modifications are intended to reflect changes in Ensis Technology's practices regarding the processing of personal data. Significant changes to the Policy will be signaled by means of clearly visible messages posted on www.ensis.technology or additionally through other channels.

Contact GDPR:
Data Protection Officer
Tomasz Ochocki
iod@ensis.technology

INFORMATION CLAUSE FOR JOB CANDIDATES (COOPERATION)

1. [ADMINISTRATOR] The administrator, i.e. the entity deciding on the purposes and methods of processing personal data is Ensis Technology Sp. z o.o. with its registered office in Warsaw (00-105 Warszawa, ul. Twarda 18), KRS 0000762524.
2. [DPO] Ensis Technology has appointed a Data Protection Officer, whom you can contact under iod@ensis.technology.
3. [PURPOSES OF PROCESSING PERSONAL DATA AND LEGAL BASIS] We process data for the following purposes:
a. to carry out the recruitment process, where the legal basis for data processing is:
 1) take the necessary steps to conclude a contract, at your request (Article 6 (1) (b) GDPR),
 2) performance of the obligations incumbent on the Controller, arising from Article 22 (1) § 1 of the Labour Code (Article 6 (1) (c) of the GDPR),
 3) in the scope of data other than necessary for the conclusion of the contract or the performance of the obligations indicated in the Labor Code - Article 6 (1) (a) of the GDPR,
b. in order to pursue the Controller's legitimate interest in establishing, pursuing or defending against such claims related to the recruitment process (Article 6 (1) (f) GDPR).
c. to carry out future recruitment processes - in the event of your additional consent (Article 6 (1) (a) of the GDPR).
4. [DATA RETENTION PERIOD] Data retention period:
a. As a rule, your data will be stored no later than for a period of 3 months after the end of the recruitment for the position for which you applied.
b. When you consent to the processing of data for future recruitment processes, the data will be stored for a period of 3 years from the date of such consent, unless you withdraw this consent beforehand.
c. Where the basis for processing is Article 6 (1) (f) GDPR (in the case of asserting or defending claims related to the recruitment process), the data will be processed until the end of the procedure.
5. [DATA RECIPIENTS] Ensis Technology may disclose data to the following entities:
a. to state authorities or other entities authorised by law — if this is necessary for the performance of legal obligations;
b. entities supporting us in our activities, in particular: suppliers of external IT systems, subcontractors, entities auditing our activities,
c. legal entities — to the extent necessary to ensure the fulfilment of legal obligations or the establishment, exercise and defence of claims.
6. [RIGHTS OF INDIVIDUALS] Any person whose data is processed by Ensis Technology has the right to demand from Ensis Technology:
a. access to your personal data — within the limits of Article 15 GDPR,
b. rectify your personal data — within the limits of Article 16 GDPR,
c. delete your personal data — within the limits of Article 17 GDPR,
d. restriction of the processing of your personal data — within the limits of Article 18 of the GDPR,
e. to object to the processing of your personal data — within the limits of Article 21 GDPR,
f. transfer of your personal data — within the limits of Art. 20 GDPR.
7. [RIGHT OF COMPLAINT] In addition, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
8. [DATA REQUIREMENT] Providing data is voluntary, but necessary for recruitment.
9. [AUTOMATED DECISION-MAKING] Your data will not be subject to automated decision-making.

INFORMATION CLAUSE FOR PEOPLE CONTACTING HELLO@ENSIS.TECHNOLOGY

1. [ADMINISTRATOR] The administrator, i.e. the entity deciding on the purposes and methods of processing personal data is Ensis Technology Sp. z o.o. with its registered office in Warsaw (00-105 Warszawa, ul. Twarda 18), KRS 0000762524.
2. [DPO] Ensis Technology has appointed a Data Protection Officer, whom you can contact under iod@ensis.technology.
3. [PURPOSES OF PROCESSING PERSONAL DATA AND LEGAL BASIS] We process data for the following purposes:
a. handling an inquiry submitted by e-mail, which constitutes the realization of the legitimate interest of Ensis Technology (Art. 6 (1) (f) GDPR),
b. carrying out activities aimed at concluding a contract — in case of interest in the offer (Article 6 (1) (f) GDPR — concerns the data of persons acting on behalf of potential customers — companies and institutions),
c. the establishment, exercise and defence of claims, which constitutes the pursuit of the legitimate interests of Ensis Technology (Article 6 (1) (f) of the GDPR).
4. [DATA RETENTION PERIOD] Your personal data will be stored for a period of 3 months from the response to the enquiry or until a reasoned objection to the processing of the data, whichever is earlier.
5. [DATA RECIPIENTS] Ensis Technology may disclose data to the following entities:
a. to state authorities or other entities authorised by law — if this is necessary for the performance of legal obligations;
b. suppliers of external IT systems, subcontractors,
c. entities auditing our activities,
d. entities providing legal services — to the extent necessary to ensure the fulfilment of legal obligations or the establishment, exercise and defence of claims,
e. companies providing courier and postal services.
6. [RIGHTS OF INDIVIDUALS] Any person whose data is processed by Ensis Technology has the right to demand from Ensis Technology:
a. access to your personal data — within the limits of Article 15 GDPR,
b. rectify your personal data — within the limits of Article 16 GDPR,
c. delete your personal data — within the limits of Article 17 GDPR,
d. restriction of the processing of your personal data — within the limits of Article 18 of the GDPR,
e. to object to the processing of your personal data — within the limits of Article 21 GDPR,
f. transfer of your personal data — within the limits of Art. 20 GDPR.
7. [RIGHT OF COMPLAINT] In addition, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
8. [DATA REQUIREMENT] The provision of data is voluntary.
9. [AUTOMATED DECISION-MAKING] Your data will not be subject to automated decision-making.

INFORMATION CLAUSE FOR CONTRACTORS (INCLUDING SUPPLIERS OF PRODUCTS AND SERVICES TO ENSIS TECHNOLOGY) AND PERSONS APPOINTED TO PERFORM THE CONTRACT?

1. [ADMINISTRATOR] The administrator, i.e. the entity deciding on the purposes and methods of processing personal data is Ensis Technology Sp. z o.o. with its registered office in Warsaw (00-105 Warszawa, ul. Twarda 18), KRS 0000762524.
2. [DPO] Ensis Technology has appointed a Data Protection Officer, whom you can contact under iod@ensis.technology.
3. [PURPOSES OF PROCESSING PERSONAL DATA AND LEGAL BASIS] We process data for the following purposes:
a. performance of a contract with a counterparty or taking action prior to the conclusion of the contract, at the request of the Counterparty (Article 6 (1) (b) GDPR — if you are a contractor; Article 6 (1) (f) GDPR — if you are a person acting on behalf of or on behalf of the counterparty),
b. fulfillment of obligations arising from legal provisions, in particular accounting and tax (Article 6 (1) (c) of the GDPR),
c. the purposes indicated in the content of the consents for the processing of personal data - if such consents were expressed (Article 6 (1) (a) of the GDPR),
d. the establishment, exercise and defence of claims, which constitutes the pursuit of the legitimate interests of Ensis Technology (Article 6 (1) (f) of the GDPR).
4. [DATA RETENTION PERIOD] Data retention period:
a. Where the legal basis for processing is Article 6 (1) (b) GDPR, the data will be processed until the expiry of the limitation periods for claims arising from the contract concluded with the counterparty.
b. Where the basis for processing is Article 6 (1) (f) GDPR, the data will be processed until a reasoned objection has been lodged.
c. Where the basis for data processing is Art. 6 (1) lit. a GDPR, the data will be processed until the consent to the processing is withdrawn.
d. Where the attitude of data processing is Article 6 (1) (c) of the GDPR, the data will be processed for the period indicated in the special provisions.
5. [DATA RECIPIENTS] Ensis Technology may disclose data to the following entities:
a. to state authorities or other entities authorised by law — if this is necessary for the performance of legal obligations;
b. entities supporting us in our business, in particular: suppliers of external IT systems, subcontractors, entities auditing our activities or appraisers,
c. entities providing accounting, personnel, debt collection or legal services — to the extent necessary to ensure the fulfilment of legal obligations or the establishment, exercise and defence of claims,
d. companies providing courier and postal services - in the case of correspondence,
e. banks, insurance companies and other financial and payment institutions - in the event of a need to conduct settlements,
f. intermediaries, agents and agents acting on behalf of the organisation,
g. companies engaged in marketing activities.
6. [RIGHTS OF INDIVIDUALS] Any person whose data is processed by Ensis Technology has the right to demand from Ensis Technology:
a. access to your personal data — within the limits of Article 15 GDPR,
b. rectify your personal data — within the limits of Article 16 GDPR,
c. delete your personal data — within the limits of Article 17 GDPR,
d. restriction of the processing of your personal data — within the limits of Article 18 of the GDPR,
e. to object to the processing of your personal data — within the limits of Article 21 GDPR,
f. transfer of your personal data — within the limits of Art. 20 GDPR.
7. [RIGHT OF COMPLAINT] In addition, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
8. [DATA REQUIREMENT] The provision of data is necessary for the conclusion of contracts and accounting for the activities carried out and for Ensis Technology to comply with the requirements of the law. In the remaining scope (in particular for the processing of data by Ensis Technology for marketing purposes) the provision of data is voluntary.
9. [AUTOMATED DECISION-MAKING] Your data will not be subject to automated decision-making.
10. [DATA SOURCE AND CATEGORIES OF RELEVANT DATA] In the case of collection of data other than from you - the source of the data and the categories of personal data:
a. As a general rule, we process data provided by you. If you have not provided us with your data, we have obtained it from our contractor or from a person acting on behalf of or on behalf of our contractor.
b. We obtain personal data to the extent necessary for the conclusion and execution of the contract, most often these are: name, surname, e-mail address, telephone number.