Privacy Policy

This Privacy Policy (hereinafter referred to as „"Policy”) defines the rules and conditions for the processing of personal data of Users visiting or using services provided via the website located in the domain: https://firma.altom.pl  (hereinafter referred to as the "Website") and the use of cookies or other similar technologies within the Website by ALTOM sp. z o. o. with its registered office in Gniezno.

General information about the Personal Data Administrator

The website is operated by ALTOM spółka z ograniczoną odpowiedzialnością with its registered office in Gniezno (62-200) at ul. Roosevelta 116a, entered into the register of entrepreneurs of the National Court Register under the number 0001074910 (hereinafter referred to as the "Administrator").

You can contact the Administrator via:

  1. traditional mail by sending correspondence to the following address: ul. Roosevelta 116a,
  2. e-mail: rodo@altom.pl

1. Introductory provisions

  1. Users' personal data are processed in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR) and the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000, as amended).
  2. The Administrator attaches great importance to protecting the privacy and confidentiality of Users' personal data and carefully selects and applies appropriate technical and organizational measures to ensure the protection of processed personal data.
  3. The Controller shall take all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Controller.

2. Data processing by the Administrator

  1. The processing of personal data of Website Users is carried out in accordance with the principles set out in the GDPR.
  2. Administrator:
    1. ensures transparency of data processing.
    2. informs about the processing of data at the time of collection, in particular about the purpose and legal basis of personal data processing, unless it is not obliged to do so under separate provisions.
    3. ensures that data is processed only to the extent necessary for the indicated purpose and only for the period in which it is necessary.
  3. The scope of personal data processed by the Administrator within the Website may vary depending on which services or functionalities of the Website the User uses.
  4. Within the Website, the processing of personal data by the Administrator is possible in connection with:
  5. communication via e-mail or traditional means, by telephone,
  6. communication via the contact form,
  7. sending the User information about the Administrator and its products and activities (Newsletter);
  8. monitoring and analysing user activity and preferences (analytical, statistical and marketing purposes);
  9. maintaining a profile on Facebook, Instagram and YouTube;
  10. submitting application documents via the recruitment form.
  11. The Website Administrator may use IP addresses collected during internet connections for technical purposes related to server administration. Furthermore, IP addresses are used to collect general, statistical demographic information (e.g., about the region from which the connection originates), allowing for the tailoring of marketing content to the individual preferences of the User.
  12. The Administrator may process third-party data provided by Users on the Website for the purpose of communicating with the Administrator. By providing such data, the User represents that he or she has the appropriate consent from such third parties to provide the data to the Administrator.
  13. Users visiting the Website can browse the website without prior registration or providing personal data.
  14. The Administrator provides Users with a secure and encrypted connection when transmitting personal data on the Services. The Administrator uses SSL certificates.
  15. The Administrator indicates that it also operates other websites, links to which may be found on the Website. The scope and purposes of personal data processing may vary depending on the website. Detailed information in this regard is provided in the privacy policy specific to each website.

3. Purposes and legal basis for processing personal data on the Website

Personal data are processed by the Administrator only for purposes related to its activities:

Objective:Legal basis:
CONTACT FORMS
in order to identify the User and process the inquiry sent via the provided formArticle 6(1)(f) of the GDPR (processing in connection with the legitimate interest of the Controller, which is the ability to process an inquiry sent via a form)
in order to identify the User and conduct and resolve the recruitment process for a given position, as well as for future recruitment purposes (if you have given your consent)Article 6 paragraph 1 letter c) of the GDPR (in the scope of: name and surname, date of birth, contact details), Article 6 paragraph 1 point cb) of the GDPR in connection with Article 221 § 1 points 4-6 of the Labour Code (in the scope of education, professional qualifications and course of previous employment), Article 6 paragraph 1 letter a) of the GDPR (other than the above-mentioned personal data) and/or (depending on the basis of employment) Article 6 paragraph 1 letter a) of the GDPR (processing on the basis of consent to processing for one or more specific purposes, Article 6 paragraph 1 letter a) of the GDPR – for the purpose of future recruitment.
COMMUNICATION BY E-MAIL, TRADITIONAL MAIL, AND BY PHONE
in order to communicate and resolve the matter to which the correspondence relates, establish business relations, answer a question – in the case of communication not related to the services provided to the User or the contract concluded with the UserArticle 6(1)(f) of the GDPR (processing in connection with the legitimate interest of the Controller, which is the possibility of contacting and resolving the matter to which the correspondence relates)
NEWSLETTER
Newsletter subscriptionArticle 6(1)(a) of the GDPR (consent of the data subject)
MARKETING
marketing of own servicesArticle 6, paragraph 1, letter f of the GDPR (processing in connection with the pursuit of the Controller's legitimate interests, i.e. marketing of the services provided by the Controller and analysis of their quality)
COOKIES
processing cookiesArticle 6, paragraph 1, letter f of the GDPR (processing in connection with the implementation of the legitimate interests of the Administrator, which are: enabling the operation of the basic functions of the Website, and in relation to analytical (statistical) and marketing cookies, for which the Administrator obtained the User's consent to save cookies on his device - the ability to evaluate and improve the operation of the Website and create statistics)
OTHER
pursuing, securing or defending against claimsArticle 6(1)(f) of the GDPR (processing in connection with the Controller's legitimate interests, i.e. pursuing, securing or defending against claims)
conducting analyses of User activity,
as well as their preferences in order to improve the functionalities used and the services provided (analytical, statistical and marketing purposes)
Article 6, paragraph 1, letter f of the GDPR (processing in connection with the legitimate interest of the Controller, which is the analysis of Users' activities and preferences in order to improve the functionalities used and the services provided)

4. Control of personal data processing

  1. The user is obliged to provide complete, current and true data.
  2. The Administrator exercises the rights of Users regarding their personal data in accordance with the law, including ensuring the accuracy of Users’ personal data and promptly responding to requests regarding their rights.
  3. The Administrator limits the storage of personal data – in accordance with legal provisions – only to the period necessary to achieve the purposes for which they are collected, unless there are justified reasons allowing for an extension of the data storage period.
  4. If personal data is shared with other entities, this is done in a secure, contractually secured manner or in another manner consistent with applicable law.
  5. The Administrator ensures that personal data is processed in a secure manner and guarantees that only authorized persons have access to the data and only to the extent necessary for the activities they perform.

5. Rights of data subjects

  1. Providing personal data by Users is always voluntary, however, failure to provide data marked as necessary makes it impossible to use the services provided via the Website, including in particular the conclusion of a training participation agreement and an account management agreement.
  2. Each User whose personal data is processed by the Administrator has the right to:
    1. The right to withdraw consent – legal basis: Article 7 of the GDPR
      A data subject has the right to withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject is informed of this before giving consent. Withdrawing consent must be as easy as giving it.
    2. The right to access data – legal basis: Article 15 of the GDPR
      The data subject is entitled to obtain confirmation as to whether or not personal data concerning him or her are being processed and, where applicable, access to them and to information such as the purposes of processing, the categories of personal data concerned and information on recipients or categories of recipients.
    3. The right to rectify data – legal basis: Article 16 of the GDPR
      A data subject has the right to request immediate rectification of inaccurate personal data concerning them. Taking into account the purposes of processing, a data subject has the right to request the completion of incomplete personal data, including by providing an additional statement.
    4. The right to be forgotten (deletion of data) – legal basis: Article 17 of the GDPR
      The data subject has the right to request the immediate deletion of personal data concerning him or her, and the Controller is obliged to delete personal data without undue delay if one of the following circumstances occurs:
      • personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
      • the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
      • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
      • personal data were processed unlawfully;
      • personal data must be erased in order to comply with a legal obligation under Union law or the law of the Member State to which the Controller is subject;
      • the personal data were collected in connection with the provision of information society services referred to in Article 8(1) of the GDPR.
    5. The right to restrict processing – legal basis: Article 18 of the GDPR
      The data subject has the right to request the restriction of processing in the following cases:
      • the data subject questions the accuracy of the personal data – for a period enabling the Controller to check the accuracy of such data;
      • the processing is unlawful and the data subject opposes the erasure of personal data, requesting instead the restriction of their use;
      • The controller no longer needs the personal data for the purposes of processing, but the data subject requires them to establish, pursue or defend legal claims;
      • the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the Controller override the grounds for objection of the data subject.
    6. The right to data portability – legal basis: Article 20 of the GDPR
      The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format, and has the right to transmit this personal data to another controller without hindrance from the Controller, if:
      • the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
      • processing is carried out in an automated manner.
    7. The right to object to data processing – legal basis: Article 21 of the GDPR
      The data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller may no longer process the personal data unless he or she can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
    8. The right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (address: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw).
  1. In order to exercise the rights indicated in paragraph 2, it is necessary for the User or another data subject to submit a request and send it to the e-mail address rodo@altom.pl or by traditional mail to the following address: ALTOM sp. z o. o., ul. Roosevelta 116, 62-200 Gniezno.
  2. The User may at any time request that we cease processing their personal data. The Administrator will cease processing personal data unless further processing is required by law.

6. Data recipients

  1. User data may be made available to entities authorized to receive them under applicable law, including relevant judicial authorities.
  2. User data may be made available to other entities if it is necessary for the purposes of communication or use of the Administrator's services.
  3. Personal data may also be transferred to trusted service providers, in particular: partners providing technical services (development and maintenance of IT systems and the website), hosting service providers, entities providing marketing services to the Company (including Website management services), providers of marketing and traffic analysis systems, providers of cookies, plug-ins and other analytical and social media tools.
  4. Personal data may be transferred to a third country/international organization if required or related to the services the User uses on the Website. If, as part of the processing, personal data are transferred to recipients in third countries, such transfer will be based on an adequacy decision issued by the European Commission, or on standard contractual clauses in accordance with the European Commission's decision, or on another legal basis, such as the express consent of the data subject.

7. Data storage period (Data retention)

  1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing.
  2. The Administrator limits the storage of personal data in accordance with legal provisions, only to the period necessary to achieve the purposes for which they are collected, unless there are justified reasons allowing for an extension of the data storage period.
  3. Personal data processed for the marketing of own products or services offered based on a legitimate interest will be processed until the data subject objects. Personal data processed for the purpose of taking other actions in connection with the Controller's legitimate interest will cease to be processed if the data subject objects to their processing or until the purpose for which they were processed expires, for example, the statute of limitations for claims expires. Personal data processed on the basis of separate consent will be processed for the period of its validity (until its revocation, for the period for which it was granted, or until the purpose for which the processing expires). In the case of personal data processed for the purpose of fulfilling the Controller's legal obligations, until the Controller is subject to obligations in this regard.
  4. Personal data processed for the purpose of performing a contract (e.g. for the provision of a newsletter service) or for the purpose of concluding a contract will be stored for the period necessary for the conclusion and/or performance of the contract, and after its expiry for the period necessary to secure or pursue any claims or to fulfill the Controller's legal obligation (arising from tax or accounting regulations), as well as for the time needed to comply with the law.
  5. The Administrator may process personal data by automated means, including profiling. However, automated processing will not lead to decisions having legal effects or significantly impacting the User's situation. This processing may affect the selection of advertisements displayed or the selection of products and services offered. Users may receive special offers via personalized email or online advertising.
  6. The Administrator does not process personal data in a way that would involve making solely automated decisions regarding the User.

8. Cookies and similar technologies

  1. The Administrator uses cookies or similar technologies (hereinafter collectively referred to as "„cookies"”) which should be understood as IT data, in particular text files, stored on Users' end devices, if the web browser allows it. Cookies are intended for the functionality of the Website, e.g., remembering data and saving browsing preferences. The purpose of cookies is to facilitate browsing the Website's resources on subsequent visits.
  2. Cookies may be used for the following purposes:
    • functional cookies – ensure the proper functioning of the Website and its basic functions. Without them, the Website cannot be used properly. These cookies are exempt from the requirement to obtain user consent. You can change your browser settings to block them, but the Website will not function properly.
    • analytical (statistical) cookies – enable the collection of analytical data, i.e., counting page views and website traffic, which allows the Administrator to evaluate and improve its performance and allows for the creation of statistics that help understand how Website Users use the website in order to make improvements based on the analysis of this data. To process these files, the Administrator requires your consent.
    • marketing cookies – These cookies are used to create a user profile in order to display tailored content across advertising networks, particularly the Google network, and social media platforms. The Administrator requires your consent to process these cookies.
  1. Two basic types of cookies may be used on the Website: "session cookies" and "persistent cookies." "Session" cookies are temporary files that are stored on the User's end device until logging out, leaving the website, or disabling the software (web browser). "Persistent" cookies are stored on the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
  2. When the User visits the website, a banner informing them that it uses cookies is displayed. If the User selects "Allow all," it means they accept all cookies placed on the Website and confirms that they have read the information about cookies and their purposes, as well as the cases in which data collected using cookies is transferred to the Administrator's partners. The User may withdraw consent at any time, but this does not affect the lawfulness of actions performed based on consent before withdrawal. The User can change consent settings by clicking the "Manage consent" button at the bottom of the website.
  3. In the case of functional (essential) cookies, User consent is not required, as such cookies ensure the full and uninterrupted functioning of the Website, including user authentication and ensuring service security. These cookies are exempt from the requirement to obtain User consent in accordance with Article 399, paragraph 3 of the Act of 12 July 2024 – Electronic Communications Law (Journal of Laws, item 1221, as amended).
  4. If you do not want our cookies to be stored on your device, you can select the "Reject all" option. By selecting this option, you reject all but the essential cookies used on the Website.
  5. Restrictions on the use of cookies may affect some of the functionalities available on the Website and, in extreme cases, prevent the use of the Website.
  6. Cookies placed on the Website User's end device may also be used by partners cooperating with the Website operator.
  7. We recommend that you read the privacy policies of these companies to learn how they use cookies used in statistics: Google Analytics Privacy Policy
  8. Cookies may be used by advertising networks, particularly the Google network, to display advertisements tailored to the user's use of the Website. For this purpose, they may store information about the user's navigation path or the duration of their stay on a given page.
  9. In terms of information about User preferences collected by the Google advertising network, the User can view and edit information derived from cookies using the tool: https://adssettings.google.com
  10. If you do not wish to receive cookies, you can specify the conditions for storing or accessing this information through the software settings installed on your device or through service configuration. We recommend verifying your browser settings for this purpose. Please note that disabling cookies required for authentication, security, and maintaining user preferences may impede, and in extreme cases, even prevent, your use of the Website.

9. Changes to the Privacy Policy

  1. The policy is reviewed on an ongoing basis and updated as necessary.
  2. The change will be made by publishing a new Privacy Policy on the Website.