Privacy policy

PRIVACY POLICY
7F TECHNOLOGY PARTNERS SP. Z O. O.

Content
I. About us
II. General provisions
III. How do we use your data?
IV. On what terms and on what basis do we process your data?
V. What are your rights?
VI. How will we contact you?
VII. When will we fulfill your request?
VIII. Subcontractors/processors
IX. How will we take care of your data processing?
X. Data retention
XI. Authorizations
XII. Changes in the privacy policy

I. About us

The administrator of personal data is 7F Technology Partners Sp. z o. o. with its registered office in Warsaw (ul. Twarda 18, 00-105 Warszawa, hereinafter referred to as “7F Technology Partners”, “Administrator”, or “Company”)
If you have any questions regarding our processing of your personal data, we have appointed a Data Protection Coordinator who can be contacted:

  • by post to the following address: “RODO” 7F Technology Partners, ul. Twarda 18, 00-105 Warsaw
  • by e-mail: rodo@7f-tp.com

    Personal data is obtained and processed in the manner and on the principles set out in this Policy.

II. General provisions

At 7F Technology Partners, we pay special attention to protecting the privacy of our clients, contractors and employees. One of the key aspects of this process is the protection of the rights and freedoms of natural persons in connection with the processing of their personal data.
We make every effort to ensure that the processing of your data is carried out in accordance with the provisions of the General Data Protection Regulation 2016/679/EC (hereinafter referred to as “GDPR”), the Personal Data Protection Act, as well as specific provisions (contained, among others, in labor law or Accounting Act).
7F Technology Partners is the personal data controller within the meaning of Art. 4 point 7 GDPR. We also use the services of processing entities referred to in Art. 4 point 8 of the GDPR – they process personal data on our (administrator’s) behalf (e.g. accounting or IT companies).
As an entity providing services in the IT industry, we are also a professional data processor, and we conclude contracts with our clients for entrusting the processing of personal data in accordance with Art. 28 GDPR.
We implement appropriate technical and organizational measures to ensure a level of security corresponding to the possible risk of violating the rights and freedoms of natural persons with varying probability of occurrence and threat severity. Our activities in the field of personal data protection are based on adopted policies and procedures as well as regular training to improve the knowledge and competences of staff in this area.3

III. How do we use your data?

Contact details obtained from clients and contractors (e.g. details of their employees) are used to conclude and efficiently implement contracts.
As an employer, we process the data of employees and people who cooperate with us on a basis other than an employment relationship.
We share your data with third parties with your consent or when we are obliged to do so by law.
We use the data entrusted to us for processing in accordance with the documented instructions of the client and legal provisions.

IV. On what terms and on what basis do we process your data?

We make every effort to protect the interests of data subjects, and in particular we ensure that the data is:

  • processed lawfully, fairly and in a transparent manner for the data subject;

  • collected for specific, explicit and legitimate purposes and not further processed in a way that is incompatible with those purposes;

  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • correct and updated, if necessary, (we take steps to ensure that personal data that are incorrect in the light of the purposes of their processing are immediately deleted or rectified);
  • kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which they are processed;
  • processed in a way that ensures their appropriate security, including protection against unauthorized or unlawful processing and accidental loss or destruction.

We most often process your data when it is necessary to perform the contract (provision of services) to which you are a party, or to take action at your request before concluding the contract (Article 6(1)(b) of the GDPR). The data of contact persons are processed on the basis of the legitimate interest of the Company (Article 6(1)(f) of the GDPR) – efficient implementation of cooperation.
We process the personal data entrusted to us in accordance with Art. 28 GDPR.4
We may also process your data on the basis of your consent (Article 6(1)(a) of the GDPR), which may be withdrawn at any time.
In some situations, processing is necessary to fulfill our legal obligation (as the administrator). Such obligations result, for example, from legal provisions, e.g. labor law, tax or accounting obligations (Article 6(1)(c) of the GDPR).
Processing may also be necessary for the purposes of our legitimate interests, for example pursuing claims in connection with our business activities or responding to questions asked to us or requests addressed to us (Article 6(1)(f) of the GDPR).

V. What are your rights?

We take appropriate measures to provide you with all relevant information in a concise, transparent, understandable and easily accessible form, in clear and plain language, and to conduct any communication with you regarding the processing of personal data in connection with your use of your right (if the conditions for its implementation are met) to:

  • information provided when collecting personal data;
  •  information provided upon request – whether data is processed and other issues specified in Art. 15 GDPR – including the right to obtain a copy of data;
  • rectification of data;
  • deletion of data (“right to be forgotten”);
  • restrictions on processing;
  • data transfer;
  • object to processing due to your special situation (when the basis for processing is our legitimate interest);
  • not to be subject to a decision based solely on automated processing (including profiling);
  • information about a data breach.

However, some of the above rights are only available in specific circumstances.
Moreover, if your personal data is processed on the basis of consent, you have the right to withdraw it. Consent may be withdrawn at any time, but its withdrawal does not affect the legality of the processing carried out before its withdrawal.5

If you want to exercise a given right, please contact us:

  • by post to the following address: “RODO” 7F Technology Partners, ul. Twarda 18, 00-105 Warsaw
  • by e-mail: rodo@7f-tp.com

The security of your data is our priority. However, if you believe that we are violating the provisions of the GDPR when processing your personal data, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

VI. How will we contact you?

We provide information in writing or by other means, including, where appropriate, electronically. If you request it, we may provide information verbally if we can confirm your identity by other means. If you submit your request electronically, the information will also be provided electronically, where possible, unless you indicate to us another preferred form of communication.

VII. When will we fulfill your request?

We try to provide information without undue delay – usually within one month of receiving the request. If necessary, this deadline may be extended by a further two months due to the complexity of the request or the number of requests. However, in any case, we will inform you within one month of receiving your request about the action taken and, where appropriate, the extension of this deadline and the reasons for the delay in responding.

VIII. Subcontractors/processors

If we cooperate with entities that process personal data on our behalf, these are processors that provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
We thoroughly check the entities that we entrust with the processing of your data. We conclude detailed agreements with them and periodically check the compliance of processing operations with the content of these agreements and legal provisions.6

IX. How will we take care of your data processing?

To meet legal requirements, we have developed detailed procedures, including the following issues:

  • data protection by design and default data protection,
  • data protection impact assessment,
  • notification of violations,
  • keeping a register of data processing activities,
  • data retention,
  • exercising the rights of data subjects.

We regularly check and update our documentation to be able to demonstrate compliance with legal requirements in accordance with the principle of accountability formulated in the GDPR, and – out of concern for the interests of data subjects – we try to incorporate the best market practices into our procedures.

X. Data retention

We store personal data in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed. After this period, the data is anonymized (removed of features enabling the identification of a given person) or deleted. The deletion of personal data is complete and permanent. In the retention procedure, we ensure that the storage period of personal data is limited to a strict minimum.
We determine the data processing period by referring primarily to legal provisions (e.g. storage time of employee documentation, accounting documents), as well as taking into account our (the administrator’s) justified interest (e.g. determining and pursuing possible claims or defending against them).
If we process data on behalf of another entity, this period is determined by the data controller.
If we have been given consent to process data, we will process it until its withdrawal or until the given processing purpose is achieved.
In the case of concluded contracts, we process data for the period of their implementation, for periods resulting from legal provisions (tax law, accounting act), as well as until the limitation period for any claims expires.7
Our retention procedure covers both paper and electronic data.

XI. Authorizations

We ensure that any person acting under our authorization and having access to your personal data processes them only on our instructions, unless other requirements result from EU or Polish law.

XII. Changes in the privacy policy

The policy is verified on an ongoing basis and updated, if necessary. The current version of the Policy is valid from January 1, 2024.