Privacy Policy

1. General Information
   1. This Privacy Policy outlines the rules governing the collection, processing, and protection of your Personal Data. The policy is addressed to all Users of the Administrator’s Website, as well as those using the Newsletter service and the Contact Form.
   2. This Policy sets out the rules for the processing of Personal Data by the Data Administrator, which is:
      EMBS GROUP SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA
      with its registered office at Aleja Sosnowa 2a, 30-224 Kraków, Poland
      KRS 0000524180 NIP 6772383145 REGON 123231543
      email address: gdpr@embs-group.com
      (hereinafter referred to as the “Administrator”)
      Contact regarding the processing of Personal Data is possible via email correspondence at: gdpr@embs-group.com or the Administrator’s registered office address.
   3. This Policy may be amended and updated in the event of changes in practices related to the processing of Personal Data (taking into account, among other things, current case law and guidelines of the PUODO) or alterations in generally applicable law. The Administrator will inform Users appropriately about changes to the Policy by posting relevant information on the Website, and in the case of Users using the Newsletter service, by directing this information directly to the User’s provided email address.
   4. Using the Administrator’s Website requires the User to familiarize themselves with the content of this Privacy Policy and, in the case of subscribing to the Newsletter, to accept it.
   5. Providing Personal Data to the Administrator is voluntary; however, in the case of processing data recorded in necessary cookies or communication with the Administrator via the Contact Form, providing data will be an essential condition for achieving the indicated purposes and the proper functioning of the Website.
2. Definitions
   1. Administrator means the entity that decides how and for what purposes Personal Data are processed. The Administrator is responsible for ensuring that the processing complies with applicable data protection law.
   2. Personal Data means any information about any identified or identifiable natural person.
   3. Processing, Process, or Processed means any actions related to Personal Data, performed in an automated or non-automated manner, such as: acquiring, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, arranging or combining, restricting, erasing, or destroying.
   4. Processor means any person or entity that Processes Personal Data on behalf of the Administrator (other than an employee of the Administrator).
   5. Website: https://embs-group.com/
   6. Administrator’s Fanpage on social media:
      
      • LinkedIn under the link: https://www.linkedin.com/company/embs-group/?originalSubdomain=pl
   7. Electronic Services: services provided via the Website. The provision of Electronic Services to Users on the Website is carried out under the conditions specified in this Policy.
3. Processing of Users’ Personal Data
   1. The Administrator may acquire Users’ Personal Data, in particular, in the following cases:
      
      1. Providing Personal Data by Users (e.g., email, phone contact, via the Contact Form or in any other way) based on Article 6(1)(f) of the GDPR (legitimate interest of the Administrator – responding to a message, inquiry) in connection with the need to handle the reported matter or inquiry.
      2. Pursuing claims and taking actions in connection with the defense of the Administrator’s rights, conducting legal proceedings, and, among others, enabling the use of the Website via cookies, preventing fraud when using the Website, in particular, handling, maintaining, improving, and providing all its functions, as well as creating summaries, analyses, and statistics for the Administrator’s internal purposes. This includes, in particular: reporting, marketing research, planning the development of the Website and Newsletter, development work, creating statistical models based on Article 6(1)(f) of the GDPR (the aforementioned legitimate interest of the Administrator).
      3. Acquiring Users’ Personal Data published on social media (Administrator’s Fanpage) (e.g., acquiring information from Users’ private profiles on social media, to the extent that this information is visible as public) based on Article 6(1)(f) of the GDPR (legitimate interest of the Administrator – promoting its activities and services, maintaining a social media profile (Fanpage), building and strengthening relationships with customers, conducting analyses and statistics regarding the popularity and functioning of the profile, as well as establishing, pursuing, and defending against potential claims related to the use of the profile, responding to contact).
      4. Expressing consent by the User to the processing of provided Personal Data to send the Newsletter, based on Article 6(1)(a) (consent), sending commercial information – Newsletter, providing marketing content via electronic communication, under Article 398 and the Electronic Communications Law.
      5. Acquiring or requesting that Users provide Personal Data during their visits to the Administrator’s websites or when using any functions or resources available on or through the Website, including both their own and third-party cookies. When Users visit the Website, their devices and browsers may automatically provide certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to the Website, and other technical information regarding communication), some of which may constitute Personal Data. During the visit to the Website, no Personal Data of Users will be stored by the Administrator without an appropriate legal basis. In the scope of cookies, the Administrator, apart from necessary cookies, will obtain the User’s consent each time to install other cookies (including third-party cookies, such as Google Analytics). Providing the consent above is optional and does not affect your ability to use the Website. Processing is based on Article 6(1)(a) (consent – in the scope of other than necessary cookies) and 399 of the Electronic Communications Law (legal provision – in the scope of required cookies).
      6. Contact Form based on Article 6(1)(f) of the GDPR (legitimate interest of the Administrator to respond to an inquiry directed by the User).
      7. Recruitment Form based on Article 6(1)(f) and Article 9(1) of the GDPR (consent) as well as Article 6(1)(b) and (c) of the GDPR (for the purpose of recruitment).
   2. Providing Personal Data is voluntary; it is not a statutory obligation. In some instances, without providing Personal Data, it is not possible to use the full functionality of the Website or Newsletter services. Categories of Users’ Personal Data processed by the Administrator may, in particular, include:
      
      1. Personal Data: first name(s), last name(s).
      2. Contact data: company data, job title, email address, phone number.
      3. Content of communications: all communications (inquiries, statements, views, and opinions) sent via the Contact Form or published on the Administrator’s Website or its Fanpages by the User.
      4. IP number, cookies, and information on how to use the Website and Newsletter while using the Website or Newsletter.
      5. Image: in the case of publishing opinions, leaving a comment, clicking the “Like” button on the Administrator’s social media profile (Fanpage) (if the User has shared their image on their private account on this portal).
      6. Behavioral data (consent to Google Ads): Information about User activity on websites, clicks on ads, data on time spent on the site, and interactions with content.
   3. The Administrator uses fanpage-type profiles on social media. Public data shared by Users of social media may be used for:
      
      1. Responding to private messages.
      2. Conducting discussions within comments under individual posts.
      3. Sharing our posts with people following our Fanpage.
      4. Marketing by informing about our services and ourselves through posts we place on our Fanpage, including sponsored posts displayed to a broader audience of Users.
      5. Statistics by presenting data on the visibility of our posts, their reach, the number of interactions; data given to us by social media owners are statistical data, but they are created based on observations of behaviors on our Fanpage.
   4. Currently, the Administrator’s Website uses redirects to the following social media portals (Fanpage): LinkedIn.
   5. Upon liking the Administrator’s post, leaving a comment, sending a private message, subscribing to the channel, the Administrator, together with:
      
      • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
        becomes the Administrator of your Personal Data shared on their Fanpage in the scope of processing data for statistical and advertising purposes.
   6. In connection with the above, we encourage you to familiarize yourself with the privacy policy:
      
      • LinkedIn: https://pl.linkedin.com/legal/privacy-policy
4. Sharing Personal Data with Third Parties
   1. The Administrator may share Users’ Personal Data:
      
      1. To persons authorized by the Administrator to process data.
      2. To entities entrusted with data processing, e.g., technical service providers and advisory service providers.
      3. To other administrators, if required by law or in good faith, that such action is necessary to comply with applicable law, particularly in response to a court order or state authorities.
   2. If we engage a third party to Process Users’ Personal Data, under an agreement with such an entity, the Processor will be obliged to:
      
      1. Process only the Personal Data indicated in prior written instructions of the Administrator; and
      2. Apply all measures to protect the confidentiality and security of Personal Data and ensure compliance with all other requirements of generally applicable law.
   3. Due to the use of LinkedIn services, data may be transferred by these entities to third countries, the United States of America (USA) or China, in connection with their internal sharing by these entities to: Meta Platforms Inc. Google LLC (USA) or Beijing ByteDance Technology Co Ltd. (China) over which the Administrator has no control.
5. Third-Party Services
   1. The Website may contain features or links that redirect to sites and services provided by third parties, which we do not manage. The information you provide on these sites or services will be subject to their respective privacy policies and data processing procedures.
   2. The Administrator is not responsible for the procedures related to processing by independent administrators of websites and service providers.
   3. We encourage you to familiarize yourself with the privacy and security policies of third parties before providing them with information.
6. Data Protection
   1. The Administrator informs that it has implemented appropriate technical and organizational measures to protect Personal Data, including safeguards against accidental or unlawful destruction, loss, alteration, unauthorized publication, unauthorized access, and other unauthorized and illegal forms of Processing, as required by applicable law.
   2. The Administrator is not responsible for the actions or omissions of Users. Users are responsible for ensuring that all Personal Data is transmitted to the Administrator securely.
   3. Personal Data will not be subject to automatic profiling, i.e., automated decision-making regarding the User, which involves decisions made by technical means without human involvement, and has legal effects on the profiled person or otherwise significantly affects the profiled person.
7. Data Accuracy
   1. The Administrator takes all appropriate measures to ensure that:
      
      1. The Administrator processes Users’ Personal Data accurately and, if necessary, updates it.
      2. All Users’ Personal Data processed by the Administrator, which is incorrect (considering the purpose for which they are processed), will be deleted or corrected without undue delay.
   2. The Administrator may, at any time, request that Users verify the accuracy of the Personal Data that has been processed.
8. Data Minimization
   1. The Administrator takes all appropriate measures to ensure that the scope of Users’ Personal Data Processed is limited to the Personal Data adequately required for the purposes indicated in this Policy.
9. International Data Transfer
   1. Personal Data may be shared and processed outside the European Economic Area (the European Economic Area consists of the European Union, Iceland, Liechtenstein, and Norway, collectively referred to as “EEA”). If Personal Data is transferred outside the EEA, the Administrator requires appropriate safeguards. The Administrator will fulfill its obligations under Chapter V of the GDPR to ensure the correctness of such processing, including in accordance with European Commission decisions on the adequate level of privacy protection under the EU-US Data Privacy Framework.
10. Personal Data Retention Period
    1. The criteria determining the duration of the period in which the Administrator stores Users’ Personal Data are as follows: the Administrator stores copies of Users’ Personal Data in a form allowing identification, only as long as necessary to achieve the purposes indicated in this Policy, unless generally applicable law requires a more extended period of storing Personal Data. The Administrator may, in particular, store Users’ Personal Data for the entire period necessary to establish, exercise, or defend claims (limitation of claims by Article 118 of the Civil Code).
    2. Personal Data is stored:
       
       1. For 30 days from the moment of contact (phone, email from the Website), Personal Data may be processed for an extended period if, as a result of the submitted inquiry, the User decides to use the Administrator’s services (Newsletter).
       2. In the case of using our services (concluding a contract) for the duration of the contract and the period necessary to consider submitted complaints until the resolution of any disputes and settlement of the parties, considering the appropriate limitation periods for claims.
       3. For internal administrative purposes of the Administrator, as well as other data processing purposes, where the legal basis is the legitimate interest of the Administrator, Personal Data will be stored until the legitimate interests of the Administrator constituting the basis for data processing are fulfilled or earlier objection to such processing, after the Administrator has conducted a proper analysis of the User’s interest and the Administrator’s processing basis.
       4. In the case of data processed on our Fanpage until an objection to their further processing is submitted by clicking “dislike,” withdrawing the like of the entry, deleting the comment to the entry, or canceling the subscription.
       5. In the case of using our Newsletter services for the duration of the service or until the consent to send commercial information electronically is withdrawn.
11. Google Analytics
    1. The Administrator uses the Google Analytics tool provided by Google LLC, whose infrastructure is located at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Administrator indicates that Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA) has joined the EU-US Data Privacy Framework Agreement, thereby ensuring an adequate level of security for the processing of Personal Data by the GDPR.
    2. Google Analytics allows:
       
       1. Tracking Website traffic: information about the number of Users, number of visits, sources of entries (e.g., ads, search engines, social media).
       2. Monitoring User behavior: analysis of which pages are most frequently visited, time spent on the site, and bounce rate.
       3. User segmentation: demographic, geographic, and technological data (e.g., device type, browser).
       4. Tracking goals and conversions: analysis of how Users perform specific actions, such as making purchases, signing up for newsletters, or downloading materials.
    3. Google Analytics processes data that may include:
       
       1. IP addresses: used to identify the geographical location of Users, which, in combination with other data, may constitute Personal Data.
       2. Cookies: storing unique User and session identifiers, enabling tracking of their activity, only after obtaining the appropriate consent from the User.
       3. Technical data: g., browser type, operating system, screen resolution, internet service provider.
    4. The Administrator utilizes IP address anonymization, which prevents the identification of Users (the last octet of the IP address is masked before storing or processing data).
    5. The Administrator processes data using the indicated tool to provide analyses and reports on Website traffic and the effectiveness of marketing activities based on the legitimate interest of the Administrator and the User’s consent (acceptance of Google Analytics cookies). The Administrator has concluded a data processing agreement with Google (Data Processing Agreement), regulating the issue of data security as required by law.
    6. The Administrator uses Consent Mode, allowing the measurement of traffic and conversions on the Website even if the User does not consent to the storage of cookies, while maintaining full compliance with the GDPR requirements, where a tracking code is implemented that allows the collection of only basic, anonymized, and aggregated data regarding the time of visit to the Website, information about the referring page, and allowing the measurement of conversions from advertising campaigns. If the User consents to specific types of data processing (Google Analytics cookies), the appropriate tags will function properly. If consent is not given, the tools will still function, albeit in a limited mode, collecting anonymous data without the ability to identify the User. The Consent Mode tool helps meet the requirements of the GDPR and the ePrivacy Directive, respecting Users’ decisions regarding cookie consent.
    7. The data retention period for Google Analytics cookies is 14 months.
    8. We encourage you to familiarize yourself with Google’s Privacy Policy available at: https://policies.google.com/privacy?hl=en
    9. The User can configure the browser to block cookies related to Google Analytics. Google Analytics uses cookies such as _ga, _gid, and _gat.
    10. The User can also use the Google Analytics blocking plugin. Google offers a browser add-on to block Google Analytics, which can be downloaded from the official site: https://tools.google.com/dlpage/gaoptout?hl=en (https://tools.google.com/dlpage/gaoptout?hl=en. After installing the plugin, it will prevent data from being sent to Google Analytics from all visited sites.
12. Cookies
    1. While using the Website, User data is automatically collected. This data may include:
       
       1. IP address.
       2. Domain name.
       3. Browser type.
       4. Operating system type.
    2. This data may be collected by:
       
       1. Cookies
       2. Google Analytics system; and
       3. May be stored in server logs.
    3. Cookies are small pieces of text information stored by the browser on the hard drive of your computer or the memory card of your smartphone. During subsequent visits to the Website, the data stored in the cookie file is sent back to the Website. This allows the Website to recognize you and tailor the content to your needs.
    4. To improve our Website, provide the most relevant content, and analyze how Users use our Website, we may use cookies.
    5. We may process data contained in cookies for:
       
       1. Personalizing the Website: remembering User information so that the User does not have to re-enter this information during subsequent visits.
       2. Providing tailored ads, content, and information to the User.
       3. Monitoring aggregated site usage metrics, such as the total number of visitors and pages viewed.
    6. We use the following types of cookies:
       
       1. Session cookies, which are temporary files stored on the visitor’s device until they leave the Website.
       2. Persistent cookies, which are stored on the end-user’s device for the time specified in the file parameters or until they are manually deleted.
    7. Cookies can be divided into the following categories:
       
       1. Necessary cookies, which ensure the proper functioning of the Website, security, and maintaining a session; these are default files installed, without them, the Website cannot function properly.
       2. Statistical cookies, which allow the collection of information on how the Website is used.
       3. Functional cookies, which allow remembering the choices made by people visiting the Website, e.g., language selection, font size.
       4. Marketing cookies, to tailor the content and form of ads.
    8. We use analytics and similar services that include third-party cookies. While using the Website, third-party cookies may be used to enable the Website’s functionality and integrated sites, or to analyze the effectiveness of advertising campaigns and collect anonymous information about the Website’s use for statistical purposes.
    9. This Privacy Policy does not govern the use of third-party cookies. Each third party sets its own rules for using cookies in its privacy policy. We encourage you to familiarize yourself with the details related to data processing within Google Analytics, as outlined in the explanations provided by Google: https://support.google.com/analytics/answer/6004245.
    10. The User can manage consents for selected cookies at any time using the dedicated tool available on the Website. At the same time, we inform you that a lack of consent, deletion, blocking, or limiting the placement of cookies may cause difficulties or even prevent you from using the Website.
13. Newsletter
    1. The Administrator provides the Newsletter service electronically. The Newsletter service involves sending information about offers, promotions, and events related to the Administrator’s activities to the email address provided by the User. The Administrator indicates that the Newsletter will not be sent at regular intervals (e.g., monthly); instead, it will be sent irregularly, depending on the promotional activities undertaken by the Administrator.
    2. The service is provided by law, specifically the Act of July 18, 2002, on the provision of electronic services and the Regulation of the European Parliament and Council (EU) 2016/679 (GDPR).
    3. To use the free Newsletter service, the User must have an active email address and voluntarily consent to receiving commercial information electronically. Subscription to the Newsletter is done by filling out the form available on the Administrator’s Website (providing Personal Data in the form of first name and last name, job title, company name, and email address) and accepting this Privacy Policy, which regulates the rules for data processing and service provision. Sending a message in this way constitutes the User’s declaration of intent to subscribe to the Newsletter.
    4. The Administrator is not responsible for the User providing false data or the non-delivery of the Newsletter due to reasons beyond the Administrator’s control (e.g., technical issues on the side of the internet service provider).
    5. The Administrator undertakes to provide the service in accordance with the Policy and applicable laws, protecting Users’ Personal Data by the GDPR and the Personal Data Protection Act. The User undertakes to use the service in compliance with the law and this Policy and not to provide content of an unlawful nature.
    6. The Newsletter service is provided for an indefinite period. The User has the right to unsubscribe from the Newsletter at any time by withdrawing consent to the provision of this service. The declaration of withdrawal of consent can be sent at any time to the email address or the Administrator’s registered office address indicated in Chapter I. After unsubscribing, the User’s email address will be promptly removed from the subscriber database.
14. Contact Form
    1. The Administrator provides a service of responding to inquiries directed to the Administrator via the Contact Form, particularly related to its offer.
    2. Questions, Suggestions, and Complaints can be sent via the Contact Form. For this purpose, it is necessary to provide the company name, job title, email address, and enter the message content. Then, click the “Send” button. Not providing an email address will prevent the User from receiving a response to the inquiry.
    3. The Administrator will make every effort to respond to the inquiry within no more than 48 hours.
15. Provision of Services Electronically
    1. It is prohibited for Users to provide content of an unlawful nature.
    2. The User is obliged to use the Administrator’s Website and offered Services in compliance with the law, good practices, using data consistent with the actual state, and in no other way acting contrary to the provisions of this Policy. The Administrator is not responsible for the User providing false data or the non-delivery of the service due to reasons beyond the Administrator’s control (e.g., technical issues on the side of the internet service provider).
    3. The User is obliged to maintain confidentiality and not disclose to third parties any information obtained in connection with the provision of Services by the Administrator, including commercial, organizational, technological, and financial information.
    4. The technical requirements necessary to use the Services provided electronically are access to the Internet, a device enabling its use such as a computer, laptop, or other portable device with a web browser, access to email and a configured email account, any properly configured version of a web browser supporting, among others, cookie files (Internet Explorer, Opera, Mozilla Firefox, Safari, Google Chrome).
    5. Using Services on the Internet, despite the Administrator’s security measures aimed at preventing or significantly hindering system hacking (hacker attacks), may involve the risk of unwanted infection of the IT system by malicious software. Therefore, the Administrator additionally recommends using updated antivirus software and the appropriate system firewall.
    6. The User has the right to file a complaint regarding the provision of services electronically. Complaints should be submitted in writing to the Administrator’s registered office address or by email to the address indicated in Chapter I. The complaint should include the User’s first name and last name, email address (submitted via email), a description of the problem that is the basis of the complaint, and the User’s request related to the complaint. The Administrator will consider the complaint within 14 days of its receipt. The User will be informed of the result of the complaint consideration through the same communication channel.
16. Users’ Rights in Connection with the Processing of Their Personal Data
    1. You have the following rights in connection with the processing of Personal Data:
       
       1. Right of access to Processed Personal Data: on this basis, the Administrator, at the request of the person concerned, provides information about the processing of their Personal Data, including primarily the purposes and legal bases of processing, the scope of the data held, the entities to whom Personal Data are disclosed, and the planned date of their deletion. As part of the right of access to data, the person concerned may also request information about who their Personal Data is shared with and whether they are subject to profiling and automated decision-making. The person concerned also has the right to obtain a copy of their data.
       2. Right to rectify data: on this basis, the Administrator, at the request of the person concerned, removes any inconsistencies or errors regarding the Processed Personal Data and supplements or updates it if it is incomplete or has changed.
       3. Right to delete data: on this basis, the Administrator, at the request of the person concerned, deletes data whose processing is no longer necessary to achieve any of the purposes for which they were collected, consent to their processing has been withdrawn, or an objection has been raised, and it is not required for the establishment, exercise, or defense of the Administrator’s claims.
       4. Right to restrict and transfer processing: on this basis, the Administrator, at the request of the person concerned, ceases to perform operations on these Personal Data to the extent permitted by law and also issues these Personal Data in a format that allows them to be read by a computer.
       5. Right to complain: using this right, a person who believes that their Personal Data are being processed in violation of applicable law may lodge a complaint with the President of the Office for Personal Data Protection (Stawki 2, 00-193 Warszawa, Poland).
       6. Right to object: the person concerned may at any time object to the processing of Personal Data for the purposes for which they were collected and are processed, including direct marketing. If Personal Data is processed for direct marketing purposes, the person concerned has the right to object at any time to the processing of their Personal Data in this regard.
       7. Right to withdraw consent: if we process Personal Data based on the consent given, the person concerned may withdraw this consent at any time. Withdrawal of consent does not mean that the processing of Personal Data up to that point was illegal; it does not affect the legality of previous processing, but will result in Personal Data no longer being used for these purposes from the moment of withdrawal of consent.
    2. A request regarding the exercise of the rights described above can be submitted traditionally to the Administrator’s registered office address or via the email address indicated in Chapter I.
    3. The request should, as far as possible, precisely indicate what the request concerns, i.e., in particular, the recipient of the request and which of the rights described above the person submitting the request wishes to exercise. If the Administrator is unable to determine the content of the request or identify the person submitting it based on the submitted application, they will request additional information from the applicant.