Privacy Policy

1. General Information

The following Privacy Policy sets forth the rules for storing and accessing data on the devices of users of the website for the purpose of providing electronic services by the controller, as well as the rules for collecting and processing users’ personal data that they have provided personally and voluntarily through the tools available on the website.

2. Definitions

1. Administrator – Sages sp. z o.o., with its registered office in Warsaw at ul. Nowogrodzka 62c.
2. Personal Data – information about an identified or identifiable natural person, including the device’s IP address, location data, online identifier, and information collected through cookies and similar technologies.
3. Policy – this privacy policy.
4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016.
5. Website – the controller’s website available at www.sages.pl.
6. User – any natural person visiting the website.

3. Data Controller and Contact Information Regarding Personal Data Protection

The controller of users’ personal data is Sages sp. z o.o., with its registered office in Warsaw at ul. Nowogrodzka 62c. The controller has appointed a data protection officer who can be contacted at the controller’s registered office address or by email: iod@sages.pl.

4. Purposes and legal basis for processing personal data on the website

In connection with the use of the website, the controller collects personal data to the extent necessary to provide specific services.

Use of the website

1. The personal data of users accessing the website, including IP addresses and information collected via cookies, is processed:
   • to provide services electronically and make content available on the website,
   • to establish, pursue, or defend against claims.
2. User activity on the website may be recorded in system logs for technical, administrative, security, analytical, and statistical purposes.

Provision of Services Through the Website

1. Personal data is processed:
   • to provide the services available through the website,
   • to fulfill legal obligations, particularly tax and accounting obligations,
   • for analytical and statistical purposes,
   • to assess satisfaction with the cooperation, products, or services,
   • to establish, pursue, or defend against claims,
   • for the controller’s marketing purposes.
2. If a user posts data regarding other individuals on the website, they may do so only in compliance with applicable laws and while respecting the personal rights of those individuals.
3. Providing data is voluntary but necessary to achieve the stated purposes.

Contact Forms

1. The administrator enables contact via electronic forms. Using them requires providing the data necessary to establish contact and handle the inquiry.
2. This data is processed to handle the inquiry and for analytical and statistical purposes.
3. Providing data is voluntary but necessary to respond.

Job Applicants or Potential Collaborators

1. The Data Controller allows applicants to submit applications using the forms available on the website.
2. Candidates’ data is processed for the purpose of conducting the recruitment process, fulfilling legal obligations, defending against claims, and potentially considering candidates in future recruitment processes, provided the candidate consents to this.
3. Providing data is voluntary, but within the scope specified by labor law, it is necessary to participate in the recruitment process.

Marketing

The controller processes users’ personal data for the purpose of conducting marketing activities, including direct marketing of goods and services, sending commercial information electronically, and telemarketing activities. Such activities are conducted only if the user has given their explicit consent, which they may withdraw at any time.

5. Cookie Policy

1. Personal data may be processed to ensure the basic functionality of the website, and, upon your consent, also to tailor services, offers, and communications to your preferences, analyze website traffic, and provide social media features.
2. When registering for promotional events or downloading materials, data may be processed by EventLabs sp. z o.o., the owner of the Evenea.pl website.
3. The administrator uses MailChimp, owned by Rocket Science Group LLC, to manage newsletters.
4. The website may use embedded YouTube and Vimeo content, which activates relevant cookies when videos are played.

Types of Cookies

Essential Cookies

1. These ensure the proper functioning of the website and its basic features. Without them, using online services may be difficult or impossible.
2. The administrator uses its own cookies to ensure the proper functioning of the website.
3. The website may feature an online chat service provided by ALEASYSTENT sp. z o.o. (Czater.pl), which also uses relevant cookie technologies.

Analytical cookies

1. They enable the analysis of website traffic, performance evaluation, and how users navigate the site.
2. The administrator uses Google Analytics to track website statistics.
3. The administrator also uses Hotjar, which allows for the analysis of user behavior using, among other things, heat maps, session recordings, and surveys.

Marketing and advertising cookies

1. These are used to personalize advertising content and run advertising campaigns on third-party websites.
2. The website uses Google Ads and conversion tracking.
3. The website also uses the Facebook pixel.
4. The administrator may use the LinkedIn Insight Tag.

Consent to the installation of cookies

1. A cookie banner is displayed when you visit the website. Selecting the “Accept All” option constitutes consent to all cookies used on the website.
2. User consent is not required for essential cookies.

Refusal to Accept Cookies

If you do not want cookies to be stored on your device, you can select the “Reject All” option.

Modifying cookie settings

You can manage your cookie preferences in detail by selecting the “Customize all” option on the cookie banner or by clicking “Change cookie preferences” in the website footer.

Withdrawing consent

1. Data tracking can also be disabled using tools provided by Google: https://tools.google.com/dlpage/gaoptout/
2. Most browsers allow you to manage cookies in your preferences settings.
3. You can also click “Change cookie preferences” on the website.

Changes to the Cookie Policy

The administrator reserves the right to change this cookie policy at any time. Any changes will be published on the privacy policy page.

6. Retention Period for Personal Data

1. The retention period depends on the type of service and the purpose of processing, specifically:
   • use of the website – for the duration of service provision and until an effective objection is raised,
   • provision of services – for the duration of service provision and for the period required by law,
   • contact forms – until an effective objection is raised,
   • recruitment – generally 6 months, and up to 12 months with consent for future recruitment,
   • marketing – until an objection is raised or consent is withdrawn.
2. The processing period may be extended if necessary to establish, pursue, or defend against claims, and thereafter only to the extent required by law.

7. User Rights

1. The user has the right to access, rectify, erase, restrict the processing of, and transfer their data, as well as the right to object and lodge a complaint with the competent supervisory authority.
2. To the extent that data is processed based on consent, you may withdraw your consent at any time by contacting the controller or by writing to iod@sages.pl.
3. You also have the right to object to the processing of your data for marketing purposes and in other cases based on the controller’s legitimate interests.

8. Recipients of Data

1. In connection with the provision of services, personal data may be disclosed to entities supporting the controller, in particular IT system providers, banks, payment processors, accounting and legal firms, consulting firms, marketing agencies, subcontractors, trainers, lecturers, and entities providing delivery, printing, archiving, and training services.
2. The controller may disclose selected information to competent authorities or third parties if such an obligation arises from legal provisions.

9. Information on Automated Processing

The Controller does not process personal data in an automated manner and does not profile data subjects.

10. Transfer of data outside the EEA

The level of personal data protection outside the European Economic Area may differ from that provided by European law. The Controller transfers data outside the EEA only when necessary, ensuring an adequate level of protection, in particular by:

1. cooperating with entities from countries covered by a European Commission decision,
2. conducting a data transfer impact assessment,
3. using standard contractual clauses issued by the European Commission.

11. Changes to the Privacy Policy

This policy is reviewed on an ongoing basis and updated as necessary. The current version of the policy was adopted and became effective on July 30, 2024.