Privacy Policy.

I. The Controller of personal data

The Controller of personal data is TRIBE47 Sp. z o.o. with its registered office in Warsaw, al. Ks. J. Poniatowskiego 1, 03-901 Warszawa, entered in the register of businesses held by the District Court for the capital city of Warsaw in Warsaw, 13th Economic Division of the National Court Register under KRS number: 0000734938, (“the Controller”). Contact with the Controller is possible by post to the above address of the Controller’s registered office or by e-mail: [email protected]

II. Data processing

In connection with its business activity, the Controller collects and processes personal data, making every effort to ensure that the processed personal data is adequately secured. Data is collected directly from data subjects. The processing of personal data is based on the applicable law, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“the GDPR”).

III. Purposes and legal basis for data processing

The legal basis for the personal data processing is defined in Article 6 of the GDPR which governs general rules on the compliance of the personal data processing. In any case, the Controller shall process the data relevant to a given case and for the purpose for which it was collected, ensuring its appropriate protection. The controller processes personal data for the purposes related to the conducted business activity, in particular in order to:

  1. answer questions asked in connection with the use of contact forms available at Tribe47  by the user, including pop-ups (pursuant to Article 6 Paragraph 1(b) GDPR);
  2. use the newsletter service, including the provision of business information and information about the events and training, and other informations on the basis of the granted consent (Article 6 Paragraph 1(a) GDPR);
  3.  the conclusion and performance of contracts under Article 6 Paragraph 1(b) of the GDPR;
  4. conduct and settle the outcome of a recruitment process if the user has applied to take part in the recruitment process, on the basis of a legal obligation of the Controller and consent granted (Article 6 Paragraph 1(a) and 1(c) GDPR);
  5. perform of legal obligations incumbent on the Controller under Article 6 Paragraph 1(c) of the GDPR);
  6. protect against claims and asserting claims, are fulfilled under Article 6 Paragraph 1(f) of the GDPR);

To the extent that the data is processed for the contract performance, the provision of the data is a condition for the conduct and settle the outcome of a recruitment process and the contract conclusion. The data provision is voluntary but necessary for the conduct and settle the outcome of a recruitment process and the conclusion and performance of the contract. If personal data is not provided, the recruitment process may not be conducted or contract may not be concluded. Providing certain information is also a legal obligation, e.g. necessary to issue an invoice or a  remuneration.

IV. Data recipients

In connection with the conducted business activity, in some cases, the Controller discloses the data to third parties, in particular, to legal and accounting service providers, couriers and transport companies, providers of IT systems and equipment.

V. Data processing period

If personal data is collected for the purpose of performing an order or concluding a contract, the personal data is stored from the moment of data collecting until the contract termination or contract performance after the moment of its termination. In the case of personal data collection in order to fulfil obligations resulting from the law, the data shall be kept for the period of fulfilling obligations and tasks resulting from individual law provisions. In the case of personal data processing for the purposes of the legitimate Controller’s interests, the data shall be kept for no longer than is necessary to achieve these aims or until a reasoned objection is raised to the processing for such purposes.

In the case of personal data collection on the basis of consent, until the consent is revoked.

The period of personal data processing may be extended when the processing is necessary to establish, assert or defend against a possible claim, and after that period only if required by law and to the extent required by law.

In the case of a recruitment process, personal data shall be processed to the completion of the recruitment process unless the user has agreed to process the data for further recruitment.

VI. Rights related to personal data processing

You have rights to :

− access to their personal data,

− rectify the personal data,

− erase the personal data,

− limit personal data processing,

− object to the personal data processing,

− data portability,

– withdraw the consent at any time, ( if the processing is carried out on that basis, without prejudice to the lawfulness of the processing carried out on the basis of the consent before its withdrawal),

In addition, the data subject has the right to lodge a complaint with the supervisory authority. In Poland, since 25 May 2018, the supervisory authority has been the President of the Office for Personal Data Protection.

VII. Transfer your personal data

Your personal data may be transferred to a third party country/international organization

Your data may be processed on servers located outside of the country of your residence.

Your personal data may be transferred outside the European Economic Area to a third party country, i.e. the USA.

This means that your data shall be transferred only to subjects that comply with the rules determined by the United States Department of Commerce within the EU-US Privacy Shield Framework programs regulating collecting, using and storing personal data from the Member States of the European Union.

In an event of sending data from the EU area to other countries, e.g. the United States, data processors comply with the law regulations that ensure an analogical level of security to that of the European Union’s regulations. Here, you can find up-to-date decisions from the European Commission regarding the adequate level of data protection (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidethee).

Actually, your personal data will be transferred to a third country that is outside the European Economic Area – within the meaning of the GDPR and are stored with the Amazon Web Services server (AWS) in the USA, which applies an appropriate level of protection and adequate security resulting from the GDPR.

VIII. Form of processing

Your data will be processed automatically, as also, will the form of its profiling, however, it will not have any legal effect or similar effect on your situation. Personal data profiling consists of the automatic processing of data, by using them to evaluate some of your information, in particular, to analyze your personal preferences, behaviours and interests.

IX. Final information

Information on personal data processing is updated in order to adapt it to the Controller’s business activity.