Privacy policy

Solfinity Privacy Policy

  1. Personal data - for which Solfinity sp. z o.o. sp.k. in Warsaw is the Data Controller - are processed in accordance with the provisions of generally applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”).
  2. Services provided by Solfinity sp. z o.o. sp.k. as part of the Website and the B2B Platform, are rendered also in compliance with the requirements of the Act on the Provision of Electronic Services of 18 July 2002 (i.e. Journal of Laws of 2020, item 344).

General provisions

  1. This Privacy Policy (hereinafter “Privacy Policy”) defines the method of collecting, processing and storing personal data of:
    1. The users of solfinity.pl/en,
    2. The customers of Solfinity B2B Platform,
    3. Employees and associates of our clients and contractors,
    4. Training attendees,
    5. Persons contacting the Data Controller by e-mail, telephone, via the contact form and persons contacted by the Data Controller,
    6. Job candidates,
    7. Newsletter subscribers,
    8. Obtained from video monitoring system which covers the Company’s premises.
  2. This Privacy Policy bears an informative character in accordance with Articles 13-14 of GDPR and does not constitute a source of obligations for data subjects.
  3. The Data Controller takes special care to protect the interests of data subjects and applies technical and organisational measures to ensure proper and adequate protection of the processed personal data.

Data Controller

  1. The Data Controller of personal data is Solfinity sp. z o.o. sp.k. with its registered office in Warsaw, ul. Staniewicka 5, Hala DC2, 03-310 Warsaw, tax identification number NIP: 5242567894, entered into the register of entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, the 14th Commercial Division of the National Court Register under number KRS 0000789029.

Contact with the Data Controller

  1. In matters related to the personal data processing, please contact us at [email protected].
  2. You can also send us a message, inquiry or request to our correspondence address: ul. Staniewicka 5, Hala DC2, 03-310 Warsaw.

Purpose and legal basis of data processing

  1. The purpose and basis for processing personal data by the Data Controller each time result from the nature of the relationship between the Data Controller and the data subject.
  2. Each relationship is described separately below so that it is easier for you to find the terms applicable to you.

Users of the Website and social media

  1. The Data Controller processes the data of Website users, i.e. persons visiting solfinity.pl/en.
  2. The data processed about Users is data derived from cookies. Not all data are personal data. Data about Website users do not contain information regarding the user’s identity and do not allow Solfinity to establish identity. However, all data collected from cookies by Solfinity are protected.
  3. Cookies data are processed for the following purposes:
  4. To ensure the proper operation of the Website, i.e. the opening of individual subpages, the content of the Website, and memorising the language the user uses to navigate the Website. For this purpose, relevant cookies are used, which may contain information, among others, about the general location of the user (information about the country where the Website is used), the type of device (e.g. computer, mobile device), the browser used by the user to visit the Website, the operating system. This is standard information necessary to ensure the proper operation of the Website and is obtained under Article 6(1)(f) of GDPR to the extent that it constitutes personal data.
  5. The Data Controller also processes information from cookies to conduct statistical research, i.e. under Article 6(1)(f) of GDPR – the Data Controller’s legitimate interest is to improve the operation of the Website and enable it to be adapted to the needs of the Website users.
  6. In addition, if an optional consent is given, data from cookies may be processed to use personalised marketing on the Website, i.e. display content on the Website that is likely to be in the user’s area of interest; and to use retargeted marketing by providers of social media platforms (e.g. Facebook/Meta, Instagram) and Google. For this purpose, the Data Controller processes information about the users’ activity on the Website, the content the user devoted their time to on the Website, and which content the user got familiar with on the Website. Solfinity develops a general outline of the user’s interests, which is then used to select the content proposed to the user. These activities are simple user profiling. The basis for processing is Art. 6 (1) (a) of GDPR (to the extent that these data constitute personal data).
  7. The Website contains plug-ins for social media, e.g. Facebook, LinkedIn, Instagram, Twitter, and Tik Tok. If the user uses social media or plug-ins, the providers of social media platforms may obtain data about the Website users and use such data to provide their services or for other purposes of their own. Each social media user should read the privacy policy of a given social media platform.
  8. If the user is active in Solfinity’s social media network, e.g. observes a fan page, Solfinity profile, or posts comments, then Solfinity processes the personal data of the social media user to run its fan page and Solfinity’s activity on social media. The legal basis for processing is Article 6(1)(f) of GDPR, i.e. promotional activities of the Solfinity brand and products, in accordance with the regulations of a given social media platform.
  9. The recipients of your data may be entities providing services to us in the area of computer equipment service, IT outsourcing, Website and mail hosting, server delivery, mailing services, marketing, legal services, and entities authorised under the law.
  10. To the extent that we process your data to provide personalised advertising in social media – contact details and information about potential interests will be disclosed to social networks providing tools and services, e.g. Facebook/Meta, YouTube (Google).
  11. Within the scope of personal data processing based on the Data Controller’s legitimate interest, the data are processed until an effective objection to the processing of personal data is lodged.
  12. In a situation where a person has agreed to the use of marketing cookies, the data will be processed until the consent is withdrawn or cookies are cleared.
  13. In connection with the personal data processing, subject to the conditions set out in the provisions of GDPR, the data subject has the following rights: to access personal data, to rectify personal data (update), to delete data, to limit processing, to transfer personal data, to object to the processing of personal data and to lodge a complaint with the supervisory authority.
  14. Providing data processed based on a consent or in connection with an activity in social media is optional.
  15. Details regarding the use of cookies on the Website are set forth in the Solfinity Cookies Policy available on the Website.

Customers and Contractors

  1. The Data Controller may process personal data of the customer and contractor who are natural persons conducting business activity, for the following purposes:
    1. necessary for the conclusion and performance of the contract, i.e. under Article 6(1)(b) of the GDPR,
    2. fulfilling obligations towards tax authorities and accounting obligations, i.e. under Article 6(1)(c) of the GDPR,
    3. responding to e-mails, questions, inquiries and contacting for this purpose, i.e. under Article 6(1)(f) of the GDPR - the Data Controller’s legitimate interest which is the ability to reply to the received message, respond according to an inquiry, settle matters,
    4. pursuing claims or defending rights, based on the Data Controller’s legitimate interest, i.e. under Article 6(1)(f) of the GDPR,
    5. managing the process of submitted complaints, claims under warranty and guarantee, i.e. under Article 6(1)(c) of the GDPR (legal obligation),
    6. sending our promotional materials by traditional means, under Article 6(1)(f) of the GDPR – the Data Controller’s legitimate interest, which is the marketing of own products and services.
  2. The recipients of your data may comprise entities providing accounting services to us, dealing with the maintenance of computer equipment, IT outsourcing, website and mail hosting, server delivery, mailing services, marketing, legal services, and entities implementing a guarantee, warranty, insurance of goods, as well as entities authorized under the law.
  3. We store your data until the expiry of the limitation period for all claims for performance or improper performance of the contract, and until the expiry of the limitation period for the tax liability unless the tax regulations provide otherwise, and for the time set forth in the accounting regulations. In accordance with the provisions of tax and accounting law, the standard period for storing personal data processed for this purpose is up to 6 years. As regards personal data processed based on the Data Controller's legitimate interest, such data are processed until an effective objection to the processing of personal data is lodged.
  4. In connection with the processing of personal data, subject to the conditions set out in the provisions of the GDPR, the data subject has the following rights: to access their data, to rectify personal data (update), to delete data, to limit processing, to transfer personal data, the right to object to the processing of personal data and to lodge a complaint with the supervisory authority.
  5. The obligation to provide personal data results from the law regulating issues related to the implementation of contracts, including the provisions of the Civil Code and tax and accounting regulations. If you refuse to provide the data necessary for us to comply with the law, we cannot establish a legal relationship. Within the remaining scope, providing data is optional but necessary to conclude a contract or to exercise your rights.

B2B Platform Customers

  1. The Data Controller may process personal data of the B2B Platform Customer for the following purposes:
    1. necessary to conclude and perform the Sales Agreement, including the provision of electronic services (management, account creation, account service, transactions, payments), i.e. pursuant to Article 6(1)(b) of the GDPR (performance of the contract, including activities aimed at concluding the contract);
    2. managing the process of submitted complaints, i.e. pursuant to Article 6(1)(c) of the GDPR (legal obligation),
    3. pursuing claims or defending rights, as the implementation of the legitimate interest of the Data Controller, i.e. pursuant to Article 6(1)(f) of the GDPR,
    4. responding to e-mails, questions, inquiries and contacting for this purpose, i.e. pursuant to Article 6(1)(f) of the GDPR - the legitimate interest of the Data Controller ], which is the ability to react to the received message, to respond in accordance with its content,
    5. fulfilling obligations towards tax authorities and accounting obligations, i.e. pursuant to Article 6(1)(c) of the GDPR,
    6. conducting statistical surveys, i.e. pursuant to Article 6(1)(f) of the GDPR – the Data Controller’s legitimate interest, which is to improve the operation of the B2B Platform and enable it to be adapted to the needs of B2B Platform Customers,
    7. obtaining other information from the cookies used for marketing purposes (e.g. researching how a given user uses our website, what contents they prefer on our website, what are their potential interests) – only to the extent that it is regulated in our Cookies Policy available at Solfinity - Cookies Policy. Not all information obtained from cookies constitutes personal data, but to the extent that it can be considered personal data, the basis for data processing shall be consent (Article 6(1)(a) of the GDPR) in connection with consent to using certain cookies – in accordance with our Cookies Policy.
  2. Processing of personal data contained in social media on our profiles and channels – to run our fan pages and social media channels in accordance with the regulations of social media platforms – Article 6(1)(f) of the GDPR. Each time the purpose and basis for the processing of personal data by the Data Controller result from the actions undertaken by the B2B Platform Customer.
  3. Your data may be transferred to entities providing to us accounting services, computer equipment service, IT outsourcing, website and mail hosting, server delivery, mailing services, marketing, legal services, entities performing guarantees, warranties, insurance of goods, operators of electronic payment services, couriers, as well as state authorities and other entities authorized under the law.
  4. Within the scope of the purpose based on the performance of the contract, we shall process data for the duration of the exercise of rights and performance of obligations arising from the legal relationship, and after that time, for the period of limitation of claims in accordance with the provisions of the Civil Code and the Act on Consumer Rights. Within the scope of the submitted complaint, we shall process personal data until such complaint is considered, and in the case of pursuing claims and/or defending rights - until the dispute is resolved, taking into account the relevant limitation periods for claims. As regards data processed based on legitimate interest, we shall process data until an effective objection to the processing of personal data is lodged. If your data is processed based on your consent, we may process your data until the consent is withdrawn.
  5. In connection with the processing of personal data, subject to the conditions set out in the provisions of the GDPR, the data subject has the right to access personal data, rectify personal data (update), delete data, limit processing, transfer personal data, object to the processing of personal data and lodge a complaint with the supervisory body.
  6. The obligation to provide personal data results from the provisions of law regulating issues concerning the performance of contracts, including the provisions of the Civil Code and tax and accounting law. If you refuse to provide the data necessary for us to comply with the law, we shall not be able to establish a legal relationship. In the remaining scope, providing data is optional but necessary to conclude a contract.

Employees and associates of our customers and contractors

  1. The Data Controller may process personal data of employees and associates of customers and contractors to properly perform the contract to which the entity for which they work or with whom such a person cooperates is a party, i.e. under Article 6(1)(f) of the GDPR (legitimate interest, which is to enable contact between the parties to the contract to implement it).
  2. In such a situation, we received the data directly from the employee, co-worker, or employer/entity they represent.
  3. The scope of data comprises the name, surname, business phone and e-mail address, position, place of work/cooperation, other business contact details, contents of correspondence and information about the collaboration, including orders placed.
  4. The recipients of your data may be entities providing computer equipment services, IT outsourcing, website and mail hosting, server delivery, legal services, entities implementing the guarantee, warranty, insurance of goods, and entities authorized under the law.
  5. We store your data until the expiry of the limitation period for all claims for the performance or improper performance of the contract concluded with our contractor, whom you represent or on behalf of whom you act.
  6. In connection with the processing of personal data, subject to the conditions set out in the GDPR, the data subject has the right to access personal data, rectify personal data (update), delete data, limit processing, transfer personal data, object to the processing of personal data and lodge a complaint with the supervisory body.

Training participants

  1. The Data Controller may process personal data of training participants for the following purposes:
    1. to conclude and perform a contract for a training service, i.e. under Article 6(1)(b) of the GDPR – performance of the contract,
    2. to fulfil obligations towards tax authorities and accounting obligations, i.e. under Article 6(1)(c) of the GDPR,
    3. to pursue claims or defend rights, as the implementation of the legitimate interest of the Data Controller, i.e. under Article 6(1)(f) of the GDPR.
  2. The recipients of your data may be entities providing to us accounting services, computer equipment service, IT outsourcing, website and mail hosting, server delivery, lecturers, legal services, and entities authorized under the law.
  3. We store your data until the expiry of the limitation period for all claims for performance or improper performance of the contract and until the expiry of the limitation period for tax liabilities and accounting obligations unless otherwise provided by law. Within the scope of personal data processing based on the Data Controller's legitimate interest, the data shall be processed until an effective objection to the processing of personal data is lodged. If your data is processed based on your consent, we may process such data until the consent is withdrawn.
  4. In connection with the processing of personal data, the data subject has the right to access personal data, rectify personal data (update), delete data, limit processing, transfer personal data, object to the processing of personal data and lodge a complaint with the supervisory body.
  5. The obligation to provide personal data results from the provisions of law regulating issues concerning the performance of contracts, including the provisions of the Civil Code and tax and accounting law. If you refuse to provide the data necessary for us to comply with the law, we shall not be able to establish a legal relationship. In the remaining scope, providing data is optional but necessary to conclude a contract.

Persons contacting the Data Controller by e-mail, telephone, via the contact form and persons contacted by the Data Controller

  1. The Data Controller may process personal data for the following purposes:
    1. to answer questions, also to contact by e-mail, telephone for this purpose, i.e. under Article 6(1)(f) of the GDPR - a legitimate interest consisting in the possibility of providing an answer to a question regarding business activity,
    2. to establish cooperation directly with such a person or employer/entity that such a person represents, i.e. under Article 6 (1) (f) of the GDPR - a legitimate interest consisting in establishing and maintaining relationships as part of business activity.
  2. The above purposes and grounds apply to persons who contact Solfinity sp. z o.o. sp.k. in Warsaw in any matter, other than a contractor, customer, training participant or employee/associate of the contractor or if Solfinity sp. z o.o. sp. k. in Warsaw (by phone and e-mail) contacts such a person in any matter.
  3. Personal data shall be processed until the end of the case, which is the subject of inquiry, contact or objection to the processing of personal data. Henceforth, the Data Controller shall store personal data if obliged to do so under the law for a period set forth therein or to pursue legitimate interests for the period of limitation of claims.
  4. In connection with the processing of personal data, the data subject has the right to access personal data, rectify personal data (update), delete data, limit processing, transfer personal data, object to the processing of personal data and lodge a complaint with the supervisory body.
  5. Providing data is optional; however, it is necessary for responding to inquiries.

Job candidates

  1. The Data Controller may process personal data of job candidates to conduct recruitment processes (assessing job qualifications, abilities, skills for a given position, selecting the best person for our team) pursuant to:
    1. Article 6(1)(b) of the GDPR (taking action at the request of the data subject),
    2. Article 6(1)(c) of the GDPR (legal obligation of the controller, including the obligation resulting primarily under Article 221(1) of the Labour Code),
    3. Article 6(1)(a) of the GDPR (consent expressed in the form of a clearly confirmatory action such as sending application documents in the scope of documents not required by law but provided by you in these documents).
    4. Article 6(1)(f) of the GDPR (legitimate interest of the controller, which comprises the possibility of checking your skills and competences - within the scope of data provided to us during the interview).
  2. Your data may be transferred to entities with which we have concluded a personal data processing agreement, including entities providing services related to the recruitment process, computer equipment maintenance, IT outsourcing, website and mail hosting, server delivery, and entities authorized under the law.
  3. We store your data until the end of the recruitment process.
  4. In connection with the processing of personal data, the data subject has the following rights: access to personal data, rectify personal data (update), delete data, limit processing, transfer personal data, object to the processing of personal data and to lodge a complaint with the supervisory body.
  5. Providing personal data is mandatory to the extent that the provisions of the Labour Code require it. A job candidate who does not provide such data shall be excluded from the recruitment process. Providing data in the remaining scope is optional and does not affect the possibility of joining the recruitment process.

Newsletter subscribers and telephone marketing recipients

  1. The Data Controller may process personal data of newsletter subscribers and persons who have consented to the personal data processing for marketing by phone to send content about the Data Controller’s activities, including their products, services, promotions, training, i.e. under Article 6(1)(a) of the GDPR in connection with Article 10 of the Act on the Provision of Electronic Services or Article 172 of the Telecommunications Law (respectively).
  2. Sending the newsletter by e-mail or a marketing telephone contact apply only if the data subject agrees to receive commercial information by electronic means or orders commercial information by subscribing to the newsletter or for marketing purposes to the provided e-mail address within the meaning of the Act on the Provision of Electronic Services and/or telephone number to which the consent expressed in accordance with the provisions of the Telecommunications Law applies.
  3. The recipients of your data may be entities dealing with the service of computer equipment, IT outsourcing, mailing services, and marketing, as well as entities authorized under the law.
  4. Personal data shall be processed until you unsubscribe from the newsletter, until the end of the newsletter, or until you withdraw your consent or object to processing personal data for marketing purposes.
  5. In connection with the processing of personal data, the data subject has the following rights: to withdraw consent, to access personal data, to rectify personal data (update), to delete data, to limit processing, to transfer personal data, to object to the processing of personal data and to lodge a complaint with the supervisory authority.
  6. Providing data is optional but necessary if you wish to receive a newsletter or marketing information by phone.

Video surveillance data

  1. The Data Controller may process personal data (image) of persons staying on the premises of the company covered by the monitoring system (customers, contractors, guests, employees, co-workers, training participants) to increase the safety of persons and property in the area covered by the monitoring, i.e. under Article 6(1)(f) – the Data Controller’s legitimate interest, which is the desire to increase the security of persons and property.
  2. Personal data can be made available to authorized entities based on legal provisions.
  3. We store personal data for three months from the date of recording, and if the recording may constitute evidence in proceedings conducted under the law or the Data Controller has become aware that it may constitute evidence in such proceedings, the period specified above is extended until the conclusion of the proceedings, and after this period, if necessary - for the time in which the law requires the storage of such data or for the period of limitation of any claims.
  4. Subject to the conditions set out in the provisions of the GDPR, you have the right to request from the Data Controller access to your data, delete your data, limit the processing of your data, as well as to object and lodge a complaint to the supervisory body.

Recipients of data

  1. The Data Controller uses the services of entities that provide sufficient guarantees of personal data security, also by implementing appropriate technical and organizational measures.
  2. Not always personal data is processed or made available to all the mentioned recipients. The Data Controller transfers data only if it is necessary to achieve a given purpose of processing and only to the extent required.
  3. Because the Data Controller uses Google Analytics, Google Ads, Google Suite, Google Search Console, Google DoubleClick, and Facebook Pixel, your data may be transferred to a third country (i.e. a country outside the European Economic Area) – the United States of America. The transfer of personal data to the USA is only possible after the implementation of appropriate protection measures in accordance with the GDPR and the decisions and guidelines of the European Data Protection Board.

Duration of personal data processing

  1. How long we process your data depends on the purpose for which the data were collected and the legal basis of the purpose.
  2. The exact time of personal data processing is specified in the individual information clauses. We encourage you to read this information.

Rights of the data subject

  1. The GDPR has defined several rights that you have in connection with personal data processing. Subject to the conditions set out in the provisions of the GDPR, you have the following rights:
    1. To request access to your data, rectify, delete, limit their processing, transfer data,
    2. To object to personal data processing, if data processing is based on a legally justified legitimate interest,
    3. To lodge a complaint to the supervisory body (President of the Office for Personal Data Protection) if you consider that the processing of your data violates the provisions of the GDPR,
    4. To withdraw your consent for data processing, except that the withdrawal of your consent shall not affect the lawfulness of data processing based on your consent before it has been withdrawn. To withdraw your consent, please contact us at [email protected].
  2. To exercise the abovementioned rights, please contact the Data Controller as indicated in the “Contact with the Data Controller” section.

Data Source

  1. Personal data processed by the Data Controller shall, as a rule, be obtained directly from the data subject or the employer/entity represented by the natural person.
  2. The obligation to provide personal data or the lack of such an obligation also depends on the relationship that the data subject has with the Data Controller, as well as a given process within this relationship.

Final provisions

  1. The Website may contain links to other websites. The Data Controller shall not be responsible for personal data protection rules applied by other data controllers. However, the Data Controller recommends that on moving to other websites, you should read the privacy policies applicable to them.
  2. This document is subject to regular review and update. This Privacy Policy was last updated on 06 June 2023.


pdf.pngDownload in pdf format