Policy Privacy

I. GENERAL INFORMATION

This privacy policy applies to all cases in which Justtag sp. z o.o. is a data controller and processes personal data. It applies both to cases in which Justtag sp. z o.o. processes personal data obtained directly from the data subject, as well as to cases in which Justtag sp. z o.o has obtained personal data from other sources. Protection of your personal data is particularly important to us. We process your data only on the basis of the applicable legal regulations, i.e. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (‘GDPR’), and the Act of 10 May 2018 on personal data protection. Justtag sp. z o.o. is a member of IAB (Interactive Advertising Bureau - Internet Industry Employers Association), i.e. association of entities from the Internet industry, whose goal is to undertake activities aimed at representing the interests of these entities, promotional activities and ensuring legal protection. Justtag sp. z o.o. acknowledges the principles adopted by IAB within the IAB Europe Transparency & Consent Framework, i.e. the structure which aims to create a standard of personal data processing and unifying the principles of their processing in order to better protect them. In all matters regarding the processing of personal data and the exercise of rights related to data processing, you can contact the Data Protection Inspector appointed by Justtag sp. z o.o. by e-mail at iod@justtag.com or by letter sent to the registered office address indicated below:

‍

Justtag Sp. z o.o.

Al. Ujazdowskie 13

00-567 Warszawa

‍

II. DEFINITIONS

‍

Data Controller/Company/Justtag sp. z o.o. – Data controller within the meaning of Article 4(7) of GDPR; the Data Controller is Justtag sp. z o.o. with its registered office at: Al. Ujazdowskie 13, 00-567 Warsaw, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw, Warsaw, 12th Commercial Division of the National Court Register under KRS number 0000463888, with tax identification number (NIP) 7010382337.

‍

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

‍

Personal Data – information about an identified or identifiable natural person (‘data subject’); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as first and last name, identification number, location data, internet identifier or one or more factors specific to an individual's physical, physiological, genetic, mental, economic, cultural or social identity.

‍

Cookie files, Identifiers - (also known as ‘Cookies’), and other user identifiers - mean small information files sent by the website that the User visits and which are then saved on the User's end device (computer, laptop, smartphone, tablet, etc.) that the User uses when browsing the website. These files may contain, among other things, information about the way the User uses the website. User – a natural person whose personal data are saved in the Cookies placed on websites by the Data Controller.

‍

III. PERSONAL DATA

‍

OUR POURPOSES OF DATA PROCESSING:

a) Contact by phone or e-mail

in this case, the basis for data processing is the consent of the data subject (Article 6(1)(a) of the GDPR) and the legitimate interest of the administrator (Article 6(1)(f) of the GDPR), which is expressed in the need to ensure contact with customers / contractors. The data is processed for the purpose of direct contact with the data subjects and will be processed until the consent is withdrawn or deleted as a result of periodic data review

‍

b) Keeping accounting records

in this case, the basis for data processing is art. 6 sec. 1 lit. c) GDPR, and the administrator's actions are taken in order to fulfill the legal obligations incumbent on the administrator and resulting from generally applicable regulations. The data will be processed until the obligations arising from generally applicable regulations expire;

‍

c) Exercise of the right to claims

in this case, the basis for data processing is the legitimate interest of the administrator (Article 6(1)(f) of the GDPR), which is expressed in the need to ensure the possibility of defending against claims of the entities whose data is processed or pursued against them. The data will be processed until claims expire;

‍

d) Recruitment of employees

in this case, the basis for data processing is the consent of the data subject (Article 6(1)(a) of the GDPR), the legitimate interest of the administrator (Article 6(1)(f) of the GDPR), which is expressed the need to recruit new employees and fulfill the legal obligation incumbent on the administrator related to the implementation of tasks resulting from the Labor Code (Article 6(1)(c) of the GDPR). Providing us with data is voluntary and involves the possibility of participating in the recruitment process. The scope of the processed data is specified in art. 22¹ §1 of the Labor Code and contains additional data provided to us by job candidates. The data will be processed for a period of 6 months from the end of the recruitment process or until the consent is withdrawn;

‍

e) Social media profiles (fanpages)

in this case, the basis for data processing is the consent of the data subject (Article 6(1)(a) of the GDPR) and the legitimate interest of the administrator (Article 6(1)(f) of the GDPR), which is expressed in marketing the administrator's services. In this case of personal data processing, we treat comments posted on our fanpages and private messages sent to us as your consent to data processing. The scope of the processed data is consistent with the data made available to us on our social profiles, and this data will be processed until the consent is withdrawn. Additionally, we would like to inform you that visiting the fanpages and interacting with them in any way will also give the social network access to your personal data as a separate Data Controller. To find more information about the processing of personal data by Facebook, click here:

https://www.facebook.com/privacy/explanation

‍

To find information about the processing of personal data by Linkedin click here:

https://www.linkedin.com/legal/privacy-policy

‍

f) Access to the KoalaMetrics service

The data are processed for the purpose of providing the KoalaMetrics service. The scope of the processed data includes: the user's advertising ID, information about WiFi networks within the range of the user of the application, signal strength, and time of appearance within the range of a given network, as well as information about the device model, operating system, set language, and time zone. The basis for data processing is Article 6(1)(a) of GDPR, i.e., the consent of the data subject to marketing activities concerning Justtag products and services and third parties (including analysis and profiling of the data for marketing purposes). The data will be subject to profiling and an automated decision-making process in marketing activities. The data will be processed until the withdrawal of consent or deletion after a periodical update review. We provide personal data to the following categories of entities processing data on behalf of the Data Controller:

‍

a) Entities owning the servers on which the Data Controller stores personal data, our trusted partners, an entity providing financial and human resources services to Justtag sp. z o.o., entities providing consulting services, a law firm cooperating with us, entities providing postal and courier services, and authorized state authorities.

‍

b) Other administrators who cooperate with Justtag Sp. z o. o. in the scope of the provision of marketing services by the Company, such as profiling, in particular Audience Solutions S.A. as an entity with technological solutions that enable the combination of various identifiers relating to one entity, such as a cookie identifier, an advertising identifier recognized by applications in order to create or edit a user profile - which allows you to adjust advertising and website content to the interests of a given Internet user.

More information on data processing by Audience Solutions S.A can be found at:

‍https://audience-solutions.com/privacy-policy-en.pdf

‍

In the scope referred to above, personal data may be transferred to recipients whose seats are located outside the European Economic Area. In case the data are transferred to any country, in relation to which the European Commission's decision on the determination of the appropriate level of protection was issued, the personal data are protected at the level ensured by the EU law. In other cases, personal data are transferred based on the application of standard EU data protection clauses in contracts between the Data Controller and recipients. To obtain a copy of the standard EU data protection clauses applied by the Data Controller, please contact us directly.

‍

‍

IV. RIGHTS OF PERSONS WHOSE DATA ARE PROCESSED BY THE DATA CONTROLLER

The GDPR grants certain rights to persons whose data is processed, which in turn means that we, as the administrator, have certain obligations towards you. Justtag Sp. z o. o. provides appropriate technical and organizational means to fulfill them.

‍

Right to access data

You are entitled to obtain confirmation whether we process your personal data and access to information about the purposes of processing, categories of relevant personal data, the period of their storage, and recipients of this data (along with information on the security measures applied if your data is transferred to a 3third country or an international organization). If the data has not been collected from you, you also have the right to information about its source.

‍

Right to rectification

If your data is incorrect, you can request immediate rectification or completion of incomplete personal data.

‍

The right to delete data ("Right to be forgotten")

When you exercise this right, we are required to delete your personal data as soon as possible if:

• The collected data are no longer necessary for the purposes for which they were collected and processed;

• You have withdrawn the consent on which the processing is based;

• You have objected to the processing, and there are no overriding legitimate grounds for processing, or you have objected to the processing of your data for direct marketing purposes, including profiling;

• Personal data has been processed unlawfully or must be deleted in order to comply with a legal obligation provided for by law;

• Personal data has been collected in connection with offering information society services;

• Regardless of which circumstances are met, if we need to delete your personal data, we are also obliged to take reasonable steps to inform data controllers processing this data about your deletion request

‍

Right to restriction of processing

You have the right to request the restriction of the processing of your data in cases where:

• You question their correctness - for a period of time, allowing us to check the correctness of the data;

• The processing of personal data is unlawful, but as the data subject, you oppose their erasure, requesting the restriction of their use instead;

• We no longer need this personal data for the purposes of processing, but you need it to establish, pursue, or defend claims;

• You have objected to the processing until it is determined whether the legitimate grounds on our part override the grounds for your objection.

‍

If we rectify, delete, or restrict the processing of your personal data, we must inform each recipient to whom we have disclosed this fact, unless this proves impossible or involves disproportionate effort. If you request it, we will also inform you about recipients informed by us.

‍

‍

Right to object to data processing

You have the right to object to the processing of your data based on the legitimate interest of the administrator.

‍

Right to data portability

In certain cases, you have the right to receive your personal data in a structured, commonly used format and make it available to another administrator. You can also request that we send your data to another administrator, and we will do it, if it is technically possible. You also have the right to lodge a complaint with the supervisory body - the President of the Office for Personal Data Protection. If you want to exercise any of your rights, you can contact the Data Protection Officer (DPO) appointed by us.

‍

IOD Mariusz Chojnowski

iod@justtag.com

Justtag Sp. z o.o.

Aleje Ujazdowskie 13

00-567 Warszawa

‍

V. DATA SECURITY

Personal data processed by us is stored on dedicated servers, and only authorized employees of the Data Controller have access to it. Taking care to provide appropriate protection measures, all our systems are designed with data protection and data security in mind. We strive to secure the confidentiality of the data processed by us, both in technological (by using appropriate equipment and tools), organizational (procedures related to data processing have been introduced), and personal scope (authorizations to process data have been granted to particular people, and we conduct periodic training of employees). Apart from HR and financial data, which are processed specially, the Data Controller does not collect any sensitive or personal data, the disclosure or possible theft of which could cause damage to the data subject.

‍

VI. INFORMATION ABOUT COOKIES

Generally, when visiting our website you can use it without providing any personal information, however, some user behavior is subject to server-layer login and serves the purpose of server administration and efficient operation of the website.

‍

Web server logs collected by the hosting operator may include such information as:

1. Date and time of access to our website

2. IP address 3. Browser type and version

4. The operating system used by the access system

5. Subpages visited on our website

6. The referring site from which the system gained access to our website

7. Information about errors that may occur during the execution of http transcriptions. The above data are collected automatically and result from the operation of cookies and the use of Google Adwords and Google Analytics tools.

‍

This is done for the following purposes:

1. Proper display of our website content

2. Statistical analysis

3. Ensuring safety.

‍

‍

Our website uses cookies.

1. Cookie files (so-called ‘cookies’) are IT data, in particular text files, which are stored on your terminal device and are designed to use websites. Cookies usually contain the name of the website from which they come, the time they are stored on your terminal device, and a unique number.

2. We are the entity that places cookies on your terminal device and obtains access to them.

3. Cookies are used to implement important marketing techniques.

4. Within the framework of our website, two basic types of cookies are used: ‘session’ (session cookies) and ‘persistent’ (persistent cookies). Session cookies are temporary files that are stored on your terminal device until you log out, leave the website, or turn off the software (web browser). ‘Persistent’ cookies are stored in your terminal device for the time specified in the parameters of the cookies or until they are deleted by the User.

5. Web browsing software (web browser) usually, by default, allows you to store cookies on your terminal device. You can change your settings in this area. The Internet browser allows you to delete cookies. It 5is also possible to automatically block cookies. Detailed information on this subject can be found in the help section or documentation of the Internet browser.

6. Restrictions on the use of cookies may, however, affect some features available on our website.

7. Cookie files placed on your terminal device may also be used by entities cooperating with us, in particular companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), and are subject to their own privacy policy.

‍

How can you manage cookies, and how can you give and withdraw consent?

‍

1. If you do not want to receive cookies, you can change your browser settings. We reserve the right to disable the use of cookies necessary for authentication processes, security, and maintenance of your preferences, which may make it more difficult, and in extreme cases, may prevent you from using our website.

‍

2. To manage your cookie settings, select the web browser you are using from the list below and follow the instructions:

a) Edge;

b) Internet Explorer;

c) Chrome;

d) Safari;

e) Firefox;

f) Opera Mobile devices: a) Android; b) Safari (iOS); c) Windows Phone;

‍

VII. CHANGE OF THE PRIVACY POLICY

We reserve the right to make periodic changes to this privacy policy to ensure that it meets the applicable legal requirements and the requirements of technological progress. The contents of the www.justtag.com website are protected by copyright, and their copying, distribution or actions of a similar nature require our consent.

Last update: 7th April 2025

‍

‍