The following privacy policy (“Privacy Policy“) sets out our policies regarding your personal data, including the website https://boombitsa.com/ (hereinafter: “the Website”).
The Privacy Policy is covered by the Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive) Journal of Laws of the European Union L. of 2016 No. 119, page 1), hereinafter referred to as: “GDPR” and provisions of Polish related acts, including Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2018, item 1000, as amended), Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2020, item 344, as amended).
The data controller of your personal data is BoomBit Spółka Akcyjna with its registered office in Gdańsk at Zacna 2 street, 80-283 Gdańsk, e-mail: privacy@boombit.com (hereinafter: “Data Controller“).
This privacy policy contains information on the processing of personal data that you can share with us, including when using the Website and using cookies on our Website. Our goal is to ensure the protection of your personal data.
How we use cookies?
When operating our Website or generally supporting our Service we may use cookies and similar technologies. Specifically, we use these technologies for general analysis of our Website traffic, for marketing analytics and for direct marketing purposes as well as to provide multilingual content to our users. You have control over the use of cookies via settings of your internet browser, where you can disable cookies at any time and via our cookies bar, where you can grant consent for the use of cookies where such consent is required by ePrivacy laws.
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
You can change the settings for cookies in your web browser.
Google Analytics
This service from Google Inc. is an analytics tool that stores information in cookies to generate statistics about traffic on our sites. This functionality is not indispensable for browsing and serves to monitor the website’s performance and improve it. When using Google Analytics, we do not process any personal information or other identifiers usable for indirect identification (e.g., IP address) of the data subjects. However, this does not mean that your personal data is not processed by Google Inc., the Google Analytics controller. The main cookie used by Google Analytics is the _ga file. More about the types of cookies used by Google Inc. you can learn here: https://policies.google.com/technologies/types?hl=en_US or see information above.
In addition to reporting on our website usage statistics, Google Analytics, along with some advertising cookies, can be used to show you more relevant ads from Google Inc. (based on your search and activity history within our website), as well as to measure the interactions with display ads from Google Inc. Google Analytics also uses cookies on our website to analyze your behavior, which are stored on the website’s end-user device (computer, tablet, smartphone). Google anonymizes part of the end user’s IP address of our website as soon as it is collected, thereby enhancing your privacy. Google Inc. uses the information collected during the use of the website to evaluate your use of our website, to provide us with activity reports on the website and to provide us with other services related to the use of our website and the use of the Internet.
This data processing by Google Analytics can be prevented by appropriately setting up an Internet browser where you can install the browser plug-in (available on the following link): https://tools.google.com/dlpage/gaoptout?hl=en. Clicking on this link will save your opt-out cookie to your web browser, which will prevent future data from being accessed when you visit our website https://boombitsa.com//. For more information on the processing of your personal information by Google Inc. when using Google Analytics, you can read their Privacy Policy available at:
https://policies.google.com/technologies/partner-sites?hl=en_US
How to Enable & Disable Cookies in Your Browser
How to Enable & Disable Cookies on Your Mobile Device?
The purposes of personal data processing and the legal basis
The Data Controller processes personal data as part of the following.
- Operation of the https: https://boombitsa.com// website:
- conducting traditional and e-mail correspondence and telephone contact – personal data contained in this correspondence / voice message is processed only to communicate and resolve the matter to which correspondence / voice message applies, pursuant to art. 6(1)(f) of the GDPR, which is the legitimate interest of the Data Controller.
- online contact forms – personal data is processed in order to identify the sender and service his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of services, art. 6 (1)(b) of the GDPR; in the scope of optional data, the legal basis for processing is the consent art. 6 (1)(a) of the GDPR.
- performance of the contract – implementation of the rights and obligations arising from the contract pursuant to art. 6 (1)(b) of the GDPR.
- handling complaint processes – registration and consideration of reported complaints as well as defense against possible claims or pursuing claims – art. 6(1)(f) of the GDPR, which is the legitimate interest of the Data Contoller.
- conducting marketing activities of Data Controller’s products / services – art. 6(1)(a,f) of the GDPR, which is the legitimate interest of the Data Controller.
- use of data for statistical, analytical and reporting purposes based on the legitimate interest of the Data Controller, i.e. improving the quality of services and adapting them to the needs of the users of – art. 6(1)(f) of the GDPR.
- use for accounting, tax and other purposes related to the performance of legal obligations – art. 6(1)(c) of the GDPR, in connection with art. 86(1) of the Act of August 29, 1997, Tax Code, in connection with art. 106e and 106g of the Act of 11 March 2004 on tax on goods and services, in connection with art. 9 (1) of the Act of February 15, 1992 on corporate income tax, in connection with art. 71 (1) of the Accounting Act of September 29, 1994
- Maintaining social media profiles
- The Data Controller has public profiles on social media: Facebook, Instagram, Twitter, Youtube, TikTok and Linkedin. Therefore, it processes the data that visitors to these profiles leave (including comments, likes, online identifiers). Personal data of such persons are processed in order to enable them to be active on profiles, in order to efficiently run profiles, by presenting users with information about the Data Controller’s initiatives and other activities, and in connection with the promotion of various events, services and products for statistical and analytical purposes, alternatively they may be processed for the purpose of pursuing claims and defending against claims.
- The legal basis for the processing of personal data is the Data Controller’s legitimate interest – art. 6(1)(f) of the GDPR, consisting in promoting one’s own brand and improving the quality of services provided, if necessary – pursuing claims and defending against claims.
- if, as part of certain processing purposes, our organization is the data controller together with another entity, information in this regard will be provided separately, including under the terms of use of the Facebook social network, on which Data Controller maintains a profile available at: https://www.facebook.com/legal/terms/page_controller_addendum .
- Processing of personal data of contractors and their employees
- In connection with the conclusion of contracts as part of its activities, the Data Controller obtains data of persons involved in the implementation of such contracts from contractors / clients (e.g. persons authorized to contact, executing orders, etc.). The scope of the transferred data is limited to the extent necessary to perform the contract and usually does not include information other than the name and business contact details.
- such personal data is processed in order to implement the legitimate interest of the Data Controller and his contractor – art. 6(1)(f) of the GDPR, consisting in enabling the correct and effective performance of the contract. Such data may be disclosed to third parties involved in the performance of the contract.
Depending on the purpose of processing personal data, providing them may be a condition for concluding a contract (e.g. in the case of concluding a contract) or it may be voluntary, but necessary to use our services or necessary to consider a complaint.
Providing personal data for marketing purposes is voluntary. If you do not agree to the processing of personal data left as part of using our Website and its functionality, personal data will not be processed for this purpose.
- Recruitment
As part of recruitment, the Data Controller expects personal data to be provided (e.g. in a CV or curriculum vitae) only to the extent specified in the labor law. The Data Controller does not require any additional information. If the submitted applications contain additional data, in addition to the indicated provisions of labor law, their processing will be based on the consent of the candidate – art.6 (1)(a) of the GDPR. Expressing consent in this case is voluntary, and such consent may be revoked at any time.
- employment contract – the data will be processed in order to perform the obligations arising from legal provisions related to the employment process – the legal processing is the legal obligation incumbent on the Data Controller art. 6(1)(c) of the GDPR in connection with art. 221 § 1 of the Labor Code);
- civil law contract – the data will be processed in order to conduct the recruitment process – the legal basis for the processing of data contained in the application documents is to take action before concluding the contract at the request of the data subject – art. 6 (1)(b) of the GDPR;
- recruitment – in the scope of data not required by law, as well as for the purposes of future recruitment processes – the legal basis for processing is consent – art. 6 (1)(a) of the GDPR;
- verification of the candidate’s qualifications and skills – the data will be processed on the basis of the Data Controller’s legitimate interest – art. 6 (1)(f) of the GDPR. The Data Controller’s legitimate interest is verification of job candidates;
- determination or investigation by the Data Controller of any claims or defense against claims – the data will be processed on the basis of the legitimate interest of the Data Controller – art. 6 (1)(f) of the GDPR;
- the Data Controller will process your personal data, including in subsequent recruitments, if you give consent, which can be revoked at any time.
Data retention periods
The data retention period depends on the purpose for which this processing is carried out. Detailed rules regarding the periods of data storage are described below:
- to implement the contract – for the duration of the contract and for settlements after its termination;
- to handle complaint processes – until the expiration of contractual claims. It will usually be
a period of 2 years.
- to conduct marketing activities – until consent is withdrawn or objection is raised;
- to use the data for statistical, analytical and reporting purposes – for the duration of the contract, and then no longer than for the period after which the contractual claims expire – usually a period of 3 years;
- to fulfill accounting, accounting, tax and other legal obligations – no longer than for a period of 5 years from the end of the calendar year in which the tax obligation arose;
In the event of your consent to the use of personal data for future recruitment purposes, your data will be stored for 24 months.
Data Sharing
The recipients of your personal data may be external companies supporting the Data Controller on the basis of commissioned services with which relevant data processing agreements have been concluded. In connection with conducting operations that require processing, personal data is disclosed to external entities, including in particular suppliers responsible for operating IT systems, entities providing legal or accounting services, couriers or marketing agencies.
Personal data may be transferred to third countries and international organizations when entities established in these countries have implemented appropriate safeguards for the personal data being processed. If personal data is transferred outside the EEA, the Company uses Standard Contractual Clauses as safeguards for countries where the European Commission has not found an adequate level of data protection.
Data subject rights
You have the right to:
- withdraw your consent if the Data Controller has obtained such consent to process personal data (provided that such withdrawal does not violate compliance with the right to data processing carried out prior to withdrawal).
- request removal of your personal data; on this basis, you can request the deletion of data processing of which is no longer necessary to achieve any of the purposes for which it was collected.
- request to limit the processing of your personal data – if such a request is made, the Data Controller ceases to perform operations on personal data – with the exception of operations that the data subject has agreed to – and their storage, in accordance with accepted retention rules or until the reasons for limiting of data processing cease to exist.
- express an objection – the data subject may at any time oppose – for reasons related to his particular situation – the processing of personal data which is based on the legitimate interest of the Data Controller (e.g. for analytical or statistical purposes); the opposition in this respect should include a justification.
- data transfer – on this basis – to the extent that the data is processed in an automated manner in connection with the concluded contract or consent – the Data Controller issues data provided by the person to whom it relates, in a format that allows data to be read by
a computer. It is also possible to request for this data data be sent to another subject, however, provided that there are technical possibilities in this regard both on the part of the Data Controller and the indicated entity.
- submit a complaint to the Office for Personal Data Protection – if it is considered that the processing of Personal Data violates the provisions of the GDPR or other provisions regarding the protection of personal data, the data subject may file a complaint to the body supervising the processing of personal data competent for the habitual residence of the data subject, his place of work or the place of the alleged infringement. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
The Data Controller will verify your requests or objections in accordance with applicable provisions on the protection of personal data. However, it should be remembered that these rights are not of
an absolute nature; regulations provide for exceptions to their application.
Should you wish to obtain information or exercise one or more of the rights mentioned above, please send an email to: dpo@boombit.com
Services and functions within the Website will expand over time. This means, among others, that in the future, the Data Controller may introduce changes to this document. The changes will be announced in such a way that information about changes in the Privacy Policy will be placed as part of the Website. With each change, a new version of the Privacy Policy will appear with a new date. All major changes will be highlighted accordingly. This document is for information purposes only.
The current version of the Cookies Policy applies from 6th of September 2023.