Privacy Policy

We care about your privacy. Your data is safe with us and is processed in accordance with the General Data Protection Regulation 2016/679 of 27 April 2016 (hereinafter: “GDPR”). We present to you the following policy to inform you about data processing and the rules on which it will take place.

1. What is personal data?

Information that identifies you or enables you to be identified, e.g. name, surname, telephone number or e-mail address. DAC collects your data in connection with the activities of DAC, for the purposes of contract implementation and marketing activities.

2. Who is responsible for processing personal data and who can be contacted in the DAC?

The administrator of your personal data is DAC S.A. with its registered office in Gdańsk (80-394) at ul. Kołobrzeska 14 (hereinafter referred to as “DAC”).

If you have questions about the processing of personal data and the exercise of rights related to data processing, please contact DAC:

  • by directing correspondence to the following address: DAC S.A., ul. Kołobrzeska14, 80-394 Gdańsk
  • by electronic contact at the e-mail address: gdpr@dac.digital

3. For what purpose does DAC process your personal data and on what legal basis?

DAC processes the personal data of DAC employees and associates in terms of name and surname, date of birth, address, education and previous employment. Personal data is processed for the purpose of performing an employment contract or civil law contract, as well as for financial and accounting purposes.

DAC processes personal data provided by you in the contact form available on the website www.dac.digital in terms of name, email address, company name, position or telephone number, as well as the data contained in the content of the inquiry. Providing this data is voluntary, however, as regards the email address – necessary for us to answer the question addressed to us. Providing data more widely than an email address can help us understand the context of the case, and also enable telephone contact, which in certain cases can speed up the response.

DAC processes clients’ personal data. Personal data is processed only for the purpose of performing the contract.

As part of its activities, DAC collects and processes personal data based on:

  • art. 6 clause 1 lit. f) GDPR – for the purposes of legitimate interests pursued by the data controller, which is the DAC: to provide services to clients, marketing its services, including to inform about events organized by the DAC or in which the DAC participates and about DAC activities, as well as for analytical, statistical and to ensure IT security related to the dac.digital website;
  • art. 6 clause 1 lit. b) GDPR – to perform contracts concluded by the DAC with customers, to cooperate with suppliers and other entities cooperating with DAC;
  • art. 6 section 1 letter c) and art. 6 clause 1 point a) GDPR – to recruit people interested in working or cooperating in a DAC;
  • art. 6 clause 1 letter c) GDPR – in the scope of fulfilling legal obligations incumbent on DAC.

4. Who can DAC transfer personal data to?

Personal data may be shared with other recipients in order to comply with the DAC legal obligation, based on your consent or for purposes arising from the legitimate interests of the DAC or a third party.

Recipients may be in particular: authorized employees and associates of DAC, institutions authorized by law to collect your personal data on the basis of relevant legal provisions.

In addition, data may be transferred to entities processing personal data at the request of DAC to their authorized employees, whereby such entities process data on the basis of a contract with the DAC only in accordance with DAC instructions and on condition that confidentiality is maintained.

5. Will your personal data be sent to a third country (outside the European Union)?

Some of our subcontractors may process your personal data in countries outside the European Union (“third countries”). However, if your data is transferred to third countries outside the EU, DAC will use appropriate instruments to ensure the security of your personal data and will only transfer data if there are legal grounds for such transfer, e.g. in the form of standard contractual clauses, or that the country to which the data is transferred has an adequate level of personal data protection, or in the case of data transfer and processing in the US, ensuring that the receiving entity is certified by the Privacy Shield Program.
Due to the fact that www.dac.digital uses tools such as Google Analytics, Google Adwords, Facebook Pixel and GitLab, your data may be transferred to a third country (USA). In such a front.

6. How long will DAC process (store) your data?

Personal data will be processed for the period necessary to achieve the purposes of the processing, i.e.

  • in the scope of implementation of the contract concluded with the DAC – until its completion, and after that time for the period required by law or for the implementation of any claims;
  • in the scope of given employees and co-workers – for the period of employment or cooperation, and after its termination a maximum of 10 years from the end of the employment relationship or until the expiry of the limitation periods related to the performance of a civil law contract or the limitation of obligations arising from legal provisions;
  • in the scope of fulfilling legal obligations incumbent on the DAC in connection with conducting business and implementation of concluded contracts – until such obligations are fulfilled by the DAC;
  • in the field of direct marketing based on the consent until the consent for such processing is withdrawn;
  • until the legitimate interests of the DAC on which the processing is based are fulfilled or until you object to such processing unless there are legitimate grounds for further processing of the data.

7. What rights do you have regarding personal data?

You have the right to:

  • request access to your personal data and the right to rectify it, limit the processing of personal data or to delete it;
  • to the extent that the basis for the processing of personal data is consent, you have the right to withdraw your consent to the processing of personal data at any time;
  • object at any time to the processing of personal data:
    • for reasons related to your particular situation, when the DAC processes data for purposes arising from legitimate interests (Article 21 (1) of the GDPR),
    • for purposes related to direct marketing, including profiling for marketing purposes to the extent that the processing of your data is related to direct marketing (Article 21 (2) of the GDPR);
  • requests to transfer personal data processed for the purpose of concluding and performing a contract or processed on the basis of consent. The transfer consists of receiving from the DAC your personal data in a structured, commonly used machine-readable format and sending such data to another data administrator;
  • submitting a complaint to the supervisory body, i.e., to the President of the Office for Personal Data Protection, if it is found that the processing of your personal data violates the provisions of the GDPR.

8. Where do we obtain your personal data, and what are their categories?

First of all, the personal data collected by DAC comes directly from you. DAC also processes certain categories of personal data that were not obtained directly from you. Personal data may be obtained, among others from:

  • persons representing you on the basis of a power of attorney;
  • entities to which you have given consent to be transferred.

9. Website trafic monitoring and analysis

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.