Table of Contents
This agreement was written in English. By accepting this Privacy Policy you confirm that you fully understand the contents of this agreement and agree to be bound by its terms.
IRONIN sp. z o.o. sp. k. is committed to protecting the private nature of your personal information. Our procedures ensure that your data is handled responsibly, in accordance with applicable data protection laws and state-of-the-art security measures. Our solutions prevent unauthorized access to your data.
The administrator of your data and your Personal Data Administrator is IRONIN sp. z o.o. sp. k.; Wólczyńska 57, 01-908 Warszawa, Poland; registered by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register under KRS no.: 0000665728, NIP no.: 5252700722 REGON no.: 366646626, hereinafter referred to as: “iRonin”, “Data Controller”, “Personal Data Administrator” or “We”.
You can contact us to learn more about data processing and your legal rights.
A Data Protection Officer was appointed at iRonin.
To communicate with our Data Protection Officer, please email at: contact@ironin.pl .
If you feel that your laws are violated in any way by our data processing activities or that we do not guarantee sufficient measures of data protection, you can make an official complaint by contacting the President of the Personal Data Protection Office (e-mail: kancelaria@uodo.gov.pl , address: Stawki Street 2, 00-193 Warsaw; phone number: +48 22 531 03 00; fax: +48 22 531 03 01).
We select and use appropriate measures (both technical and organizational) to protect personal data that is being collected and processed by us. Access to the collected data is only possible for persons authorized by iRonin. We protect the data against unauthorized access.
Scope of processed data
iRonin protects personal data against its processing in violation of the applicable laws. All collected personal data is processed in accordance with applicable laws, including the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 (“GDPR”). Providing personal information is a voluntary action.
We gather statistics and data regarding your use of our website and your preferences. We use cookies and collected data to enhance your experience, provide communication channels, improve marketing materials and our business offer. We collect selected information about you and your activity when you browse our websites, use our services, or take certain actions while browsing our websites or using our services. This information is collected and used solely with the objective of fulfilling the above-mentioned purposes and related purposes, and any other purposes required by law.
We collect information such as: single visit session duration, amount of time spent on each of our websites/services, traffic source, location based on anonymized IP addresses, device ID, browser and operating system information. We may collect and process other available data which you agreed to share with us by accepting our Privacy Policy or the privacy policy (or terms of service) of a third party vendor. We use Google Analytics Advertising Features, which provide us with data on your estimated (or provided) age, gender, interests, Affinity Category, In-Market Segment and other categories assigned to you by Google’s Platform Products. We also use HotJar to track behaviour analytics to better understand how you interact with our website and your experience. Tracking pixels are used to monitor how visitors arrive at our website and to measure the effectiveness of our digital marketing campaigns. We use Zoho One (including SalesIQ, PageSense, Sites and Analytics) to manage and automate our marketing processes, allowing us to create reports and dashboards. Meta Platforms Ireland Limited (including Facebook and Instagram) and Twitter Inc are used to collect your data for creating personalised features, content and recommendations. Albacross Nordic AB is used to identify the domains used to view our website as well as to generate B2B leads.
We may process your personal data, including: IP address, and the following data if it was provided: e-mail address, first name, last name, phone number, country, city, mailing address and career details. We retain collected personal data as long as is necessary for the fulfilment of the above mentioned purposes.
If you sign up for our newsletter or mailing list (both hereafter referred to as “Newsletter”), we will process your e-mail address and any additional information provided by you, as it is necessary in order to deliver to you the Newsletter you have signed up for, and you expressed your consent to the processing of your Personal Data. This data is stored and processed as long as you wish to receive our mailing services, and your consent to this lasts until you express a deliberate request to delete you from our database by contacting contact@ironin.pl.
If you contact us using our chat widget (provided by Intercom), comment section (provided by Disqus) or using any other available communication tool, you are agreeing to the collecting and processing of data you provide during such communication and data required or collected by the given tool, according to appropriate privacy policies and terms of such tool.
If you contact us using our contact form, you are agreeing to the collecting and processing of data you provide during such communication and of data required or collected by the form, according to the terms of this Privacy Policy. The contact information iRonin collects from you will be used to message you about iRonin’s products and services. You can unsubscribe from receiving these messages at any time, and make the request for iRonin to cease such communication at any time by contacting us at: contact@ironin.pl .
We may provide your personal data to third parties at the request of state authorities authorized to do so. In such an event, the processing of personal data is necessary for compliance with iRonin’s legal obligations.
Third-party vendor information and data sharing
We may provide your personal data and non-personal data to external data processors - our third party vendors. Your personal data may be transferred to, stored and processed outside the European Economic Area (“EEA”). When transferring data do countries outside the EEA, we make every effort to ensure that our partners provide an adequate level of data protection. You have the right to obtain the information about the safeguards we apply to the transfer of Personal Data outside EEA by contacting us at: contact@ironin.pl .
The scope of data we may deliver to third party companies acting as a processor on our behalf are as follows:
- details about your connecting to our website, including: information about your browser and operating system (screen resolution, screen colors, browser ID, browser type and version, OS, device type, other device details, language, used plugins and their versions), date and time of connection, source of the traffic.
- details about your behaviour on our site: visited pages on our websites, items clicked, actions taken on our website, event data, web session duration, page view duration.
- details about your interactions with e-mails you received from us, including: what links were opened, information about e-mail delivery status and if a given e-mail was opened by you.
- your personal data, including: IP address, e-mail address, demographic data, and the following data if it was provided: first name, last name, phone number, mailing address.
By accepting this Privacy Policy, you agree to share your data with following third-party vendors, and to their Privacy Policy and Terms:
- Google LLC (including Google Cloud, Google Analytics, Google AdWords) - data is collected and processed to measure user traffic on our site using services that do not require registering an Account. Data range: the amount of time spent on each visited web page, as well as data referring to your search history, location based on anonymized IP address, device ID, your activity and behavior, as well as browser and operating system information, estimated age, gender, interests, Affinity Category, In-Market Segment or other categories assigned to you by Google’s Platform Products. By accepting this Privacy Policy you acknowledge that data connected with your personal information, behavior and details regarding your connection (including your location and IP address) can be transferred to Google LLC (located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States) for processing in accordance with their Privacy Policy and Terms.
- Google LLC (reCAPTCHA) - data is collected and processed to provide additional security measures against bots and data scraping tools. By accepting this Privacy Policy you acknowledge that data connected with your personal information, behavior and details regarding your connection (including your location and IP address) can be transferred to Google LLC (located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States) for processing in accordance with their Privacy Policy and Terms.
- LinkedIn Corporation - data is collected and processed to measure the effectiveness of marketing campaigns, as well as to improve our marketing materials, the content on our websites, and our offer. By accepting this Privacy Policy, you acknowledge that data connected with your personal information, demographic data, behavior and details regarding your connection (including your location and IP address) can be transferred to LinkedIn Corporation (1000 W. Maude Avenue, Sunnyvale, CA 94085, USA) for processing in accordance with their Privacy Policy and Terms.
- Disqus, Inc. - the plugin which we use to enable adding comments to our blog posts. Data is collected and processed in order to enable functionality provided by Disqus. By accepting this Privacy Policy you acknowledge that the information you provide can be transferred to Disqus (717 Market Street, San Francisco, CA 94103, United States) for processing in accordance with their Privacy Policy and Terms.
- Intercom – collecting data voluntarily provided in the chat window, as well as user location, IP address and e-mail, for the purpose of answering the queries of users visiting the website. By accepting our Privacy Policy you acknowledge that the information you provide can be transferred to Intercom for processing in accordance with their Terms & Policies.
- We use Zoho One (including SalesIQ, PageSense, Sites and Analytics) as our marketing automation platform. By accepting our Privacy Policy you acknowledge that the information you provide can be transferred to Zoho One for processing in accordance with their Privacy Policy and Terms.
- Meta Platforms Ireland Limited (including Facebook and Instagram) – data is collected and processed to measure the effectiveness of marketing campaigns, as well as to improve our marketing materials, the content on our websites, and our offer. By accepting our Privacy Policy you acknowledge that the information you provide can be transferred to Meta Platforms Ireland Limited for processing in accordance with their Privacy Policy and Terms.
- Twitter Inc. – data is collected and processed to measure the effectiveness of marketing campaigns, as well as to improve our marketing materials, the content on our websites, and our offer. By accepting our Privacy Policy you acknowledge that the information you provide can be transferred to Twitter Inc. for processing in accordance with their Privacy Policy and Terms.
- Hotjar Ltd – data is collected to track behaviour analytics to increase effectiveness of our campaigns and to improve your interactions with our website. By accepting our Privacy Policy you acknowledge that the information you provide can be transferred to Hotjar Ltd for processing in accordance with their Privacy Policy and Terms.
- Albacross Nordic AB – data is collected to identify the domains used to view our website as well as to generate B2B leads. By accepting our Privacy Policy you acknowledge that the information you provide can be transferred to Albacross Nordic AB for processing in accordance with their Privacy Policy and Terms.
Data processing connected with recruitment purposes
- TMS (Talent Management System) - data collected after you are redirected to the application form in the following tab of the iRonin website: https://www.ironin.it/careers.html iRonin recruits for its own needs and for the clients to whom we provide services. Therefore, we would like to inform you that Users’ data can also be processed by iRonin’s clients. At the same time, we would like to inform you that by consenting to a particular recruitment process, this consent applies to only the one process. Consent for future recruitment will apply to both recruitment for a specific position included in the job advertisement and for other future recruitment opportunities. This means that we will store Personal Data in our database in order to send you information about job offers tailored to your profile and professional experience. The User may withdraw the consent for further processing at any time, in accordance with the “User rights” section of this Policy.
- The User’s Personal Data may also be processed should the User receive a recommendation in the form of a document provided to us through our official contact addresses or internal communication tools. In this situation, the person making the recommendation provides us with a CV or other documents containing the data of the recommended person. iRonin verifies the profile of the recommended person, received from the recommender, regarding the consent of the recommended person for the processing of Personal Data that meets the requirements of the GDPR. If the required consent has been given, iRonin has the authority to use this data as part of our recruitment processes.
The purposes of data processing
Your personal data will be processed by the Personal Data Administrator for purposes related to:
- fulfilling a contract entered into with a given person, which will include sending to them the Newsletter, and managing and monitoring the correctness of the contract and any transactions (Article 6 paragraph 1 point b of GDPR);
- maintaining accounting and bookkeeping documentation (Article 6 paragraph 1 point c of GDPR)
- solving conflicts and claiming rights resulting from the claimant’s economic activity - which is a lawful purpose of the Administrator (Article 6 paragraph 1 point f of GDPR)
- responding to Users (via the e-mail addresses and phone numbers provided by them) who previously made inquiries through Intercom or via other ways of contacting iRonin, including the e-mail addresses provided on the website www.ironin.it. In the case of contacting the User in order to provide a response, the legal basis for the processing of Personal Data is the consent of each User to the processing of personal data (Article 6 paragraph 1 point a of GDPR);
- evaluating a person as a candidate for employment, consideration of a job application submitted by the User and possible completion of the recruitment process by iRonin, after prior consent of the User to the processing of their data as included in a CV or in an interactive application form - which is a lawful purpose of the Administrator (Article 6 paragraph 1 point f of GDPR);
- monitoring website traffic, enhancing user experience, providing additional communication channels (e.g. real-time chat and a commenting feature for articles), improving marketing materials and iRonin’s offer. The legal basis is the User’s consent to the processing of Personal Data (Article 6 paragraph 1 point a of GDPR) and the requirements of pursuing legitimate interests by the Data Controller (Article 6 paragraph 1 point f of GDPR).
User rights
Any person whose personal data is collected, stored and processed (hereafter referred to as: “Data Subject” or “User”), has the following rights:
- the right to request access to their personal data and the information on data processing; in the case of incorrect data the Data Subject holds the right to request data rectification (Article 15 and 16 of GDPR);
- the right to the restriction of processing of their data in the situations and rules described in Article 18 of GDPR - the Data Subject may request restriction of their data processing where one of the following applies:
- the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
- the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests a restriction on their use instead;
- the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
- the Data Subject has objected to the processing of their data, pursuant to Article 21(1) of GDPR, pending verification of whether the legitimate claim of the Data Controller overrides that of the Data Subject.
- the right to the erasure of personal data, according to Article 17 of GDRP (“right to be forgotten”);
- the right to personal data portability, according to Article 20 of GDPR - the right to receive from the Data Controller personal data in a structured, commonly used and machine-readable format, and the right to transmit these data to another controller; this right concerns only data provided to the Data Controller by the Data Subject themselves;
- the right to object at any time, on grounds relating to the Data Subject’s particular situation, to the processing of personal data concerning themselves by the Data Controller for purposes of the Data Controller’s legitimate business (Article 21 of GDPR);
The User has the right to access his/her data (by requesting a copy of all your data), modify the data and delete any given data, as well as to rectify, erase and limit the processing of the data, transfer of the data, object to the processing of the data based on a legitimate interest of iRonin, withdraw consent at any time without affecting the lawfulness of the processing (where the processing takes place on the basis of a consent) carried out based on the consent given before its withdrawal (legal basis: article 7 paragraph 3 GDPR). All the mentioned operations regarding your data can be requested by contacting us at contact@ironin.pl or using the appropriate functionality of the Service provided, if such functionality was made available to the user.
Cookies and their use, Local Storage
We use cookies for the purposes mentioned in The purposes of data processing section and to enable functionalities provided by us and third party vendors (see: Third-party vendors information ).
If you do not agree with our using cookies and processing your data, please change your cookies settings in your web browser and reject these terms.
Duration of data processing
Personal data shall be stored only for the period necessary to achieve the particular purpose for which it was provided, or in order to comply with the law. The period of data processing depends on the type of service provided, the purpose of the processing and its legal basis:
- in the case of processing personal data on the basis of consent, the period of processing continues until you withdraw your consent;
- in the case of processing personal data based on the justified interest of the data controller, the processing period lasts until the cessation of the above-mentioned interest (e.g. the period of limitation of civil claims) or until the person whose data are concerned objects to further such processing – in situations where such an objection is in accordance with the law;
- in the case of legal disputes, personal data will be stored and processed at least until the final resolution of a given legal dispute;
- for accounting-related purposes your data (if applicable) will be stored for a period of 5 years in accordance to the Accounting Act;
- in the case of a recruitment process, personal data shall continue to be processed within the period of twenty-four months after the completion of the recruitment process;
- we may store data limited to name and surname, e-mail, application history and information on expressed consents for the purpose of defending against possible claims for a period of 3 years from the deletion of other previously provided data;
- in case of processing cookies, we will process your personal data for the period within which cookies will be stored on your device.
Specific Regulations Concerning Digital Services Act (DSA)
Due to publication of the Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/WE (“Digital Services Act”), hereinafter referred to as “DSA”, iRonin ensures that our Privacy Policy complies with above-mentioned regulation.
In accordance with Articles 11 and 12 of DSA, iRonin designates the following contact points:
- For Member States’ authorities, the Commission and the Board referred to in Article 61, pursuant to Article 11 section 1 of the DSA: contact@ironin.pl
- For recipients of services, pursuant to Article 12 section 1 of the DSA: contact@ironin.pl
- Communication can be carried out in Polish and English.
Pursuant to Article 14 paragraph 1-4 of DSA, iRonin shall assess whether the content published by the Users complies with the law and Privacy policy. As unacceptable content iRonin considers especially the contents that:
- Are used to conduct competitive activity (such as promoting competing Internet platforms)
- Are used to conduct unauthorised advertising, marketing activities (placing of advertisements, promotion of products, services, collections etc.)
- Are used to conduct activities prohibited by law (e.g. extorting money from users)
- Advocate or praise violence
- Incite to hatred on national, ethnic, racial, religious or due to lack of religious beliefs
- Insult individual because of their gender, sexual, national, ethnic, racial religious or irreligious affiliation
- infringe on the personal rights of any third parties
- contain vulgarisms or have offensive nature
- violate existing legal order or public decency in any other way.
In case of finding the content unacceptable, iRonin reserves the right to moderate it particularly by:
- refusal to publish the content,
- removal of the content,
- preventing access to content,
- content deposition,
- suspension or termination of User’s account.
If the User finds that our moderating measures violate their law in any way, you can make an official complaint by contacting the above-mentioned President of the Personal Data Protection Office.
iRonin shall act in a diligent, objective and proportionate manner in applying and enforcing the restrictions referred to above, with due regard to the rights and legitimate interests of all parties involved, including the fundamental rights of the recipients of the service, such as the freedom of expression, freedom and pluralism of the media, and other fundamental rights and freedoms as enshrined in the Charter.
In accordance with article 15 of DSA, iRonin undertakes to make publicly available, in a machine-readable format and in an easily accessible manner, at least once a year, clear, easily comprehensible reports on any content moderation that we engaged during the relevant period. Those reports shall include information specified in Article 15 paragraph 1 of DSA.
Pursuant to Article 16 of DSA, any individual or entity may notify iRonin of the presence on our service of specific items information that the individual or entity considers illegal content. The submission of notices shall be possible with the use of designated contact point (contact@ironin.pl). In order to facilitate the submission of notices, they should contain following elements:
- a sufficiently substantiated explanation of the reasons why the individual or entity alleges the information in question to be illegal content;
- a clear indication of the exact electronic location of that information, such as the exact URL or URLs, and, where necessary, additional information enabling the identification of the illegal content;
- the name and email address of the individual or entity submitting the notice, except in the case of information considered to involve one of the offences referred to in Article 3 to 7 of Directive 2011/93/EU;
- A statement confirming the bona fide belief of the individual or entity submitting the notice that the information and allegations contained therein are accurate and complete.
If the notice contains the electronic contact information of the individual or entity that submitted it, iRonin shall, without undue delay, send a confirmation of receipt of the notice to that individual or entity. iRonin shall also, without undue delay, notify that individual or entity of our decision in respect of the information to which the notice relates. The individual or entity may appeal against the decision via designated contact point. iRonin reserves the right to use automated means for notice processing and decision-making.
Pursuant to Article 17 of DSA, on the ground that the information provided by the recipient of the service is illegal content or incompatible with our terms and conditions, iRonin shall provide a clear and specific statement of reasons to any affected recipients of the service of any of the following restrictions:
- Any restrictions of the visibility of specific items of information provided by the recipient of the service, including removal of content, disabling access to content, or demoting content;
- Suspension, termination or other restriction of monetary payments;
- Suspension or termination of the provision of the service in whole or in part;
- Suspension or termination of the recipient of the service’s account.
iRonin commits to act in accordance with the Article 17 paragraph 3 of DSA and contain all necessary information in regard of the statement of reasons. If the User disagrees with our decision, you can make an official complaint by contacting the above-mentioned President of the Personal Data Protection Office.
In case of becoming aware of any information giving rise to a suspicion that a criminal offence involving a threat to the life or safety of a person or persons has taken place, is taking place or is likely to take place, iRonin shall promptly inform the law enforcement or judicial authorities of the Member State or Member States concerned of our suspicion and provide all relevant information available. If iRonin cannot identify with reasonable certainty the Member State concerned, we shall inform the law enforcement authorities of the Republic of Poland or inform Europol, or both.
Governing law and disputes
The governing law is the law governing over the administrator’s registered seat. All disputes shall be resolved through amicable negotiations, and in case of lack of settlement the dispute shall be resolved by the court competent for the registered seat of the Administrator.
Changes in the Policy
Depending on arising needs, we can change, revise and update the Privacy Policy at any moment, without notice or users’ acceptance - please check back periodically for changes. You will be able to see that changes have been made by checking to see the effective date posted at the end of the policy. In the case of significant changes to policies addressing personal data processing, we can also send you separate notifications to the email address you specified, if such an e-mail address was provided.
Last updated: 2024-05-10