Update: The latest update to our Privacy Policy was made on May 12, 2025.

In accordance with Article 13 (1) – (2) and Article 26 (1) – (3) of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as GDPR, we inform you that:

I Personal data controllers

The Personal Data Controllers are:

PRETIUS LOW-CODE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its seat in Warsaw (02-092), Żwirki i Wigury Street, No. 16A, KRS 0000880639, NIP: 5223196623, REGON: 388089930 – hereinafter referred to as “Co-Controller 1”.

And

PRETIUS SOFTWARE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its seat in Warsaw (02-092), Żwirki i Wigury Street, No. 16A,  KRS 0000303474, NIP: 5272657685, REGON: 142980511 – hereinafter referred to as “Co-Controller 2”.

– hereinafter collectively referred to as the “Co-Controllers”.

II Joint arrangements between the controllers

As part of the concluded Joint Controller Agreement dated 1.06.2022, the responsibilities of the Co-Controllers have been agreed upon regarding the fulfillment of their obligations under the GDPR it has been agreed that:

1. The Co-Controllers will process personal data based on jointly agreed objectives and methods of processing in connection with joint recruitment, business and marketing activities. 
2. Co-Controller 2 is responsible for enabling you to exercise your rights under the GDPR, i.e. information obligation and exercise of rights as a data subject. Regardless of this arrangement, you may exercise your rights against either of us. In such a case, Co-Controller 1 will forward your request to Co-Controller 2 for enforcement.
3. The substantive content of the arrangements Co-Controllers shall make available upon your request as a data subject.

III Source of contact (point of contact)

To facilitate contact, the Co-Controllers have designated a point of contact appropriate for data protection matters at e-mail address: rodo@pretius.com.

IV Objectives and legal basis for processing personal data

Personal data will be processed by the Co-Controllers for the objectives of:

1. Conducting recruitment,
2. Acquiring, fostering and maintaining business relationships,
3. Marketing and advertising activities,
4. Handling all correspondence in the above areas.

It is pointed out that if the Co-Controllers wish to process personal data for the objective other than the objective for which the data was originally collected – before further processing, they are required to inform the person to whom the data relates of the different – new objective and to provide all information in accordance with Article 13(2) of the GDPR.

Subject to the above mentioned objectives, the following objectives and legal bases for the processing of personal data are assumed for each of them:

Recruitment

Personal data of persons participating in the recruitment and those with whom cooperation has been concluded will be processed for the objective of concluding and executing the contract (i.e. on the basis of Article 6(1)(b) GDPR), as well as on the basis of the Co-Controllers’ legitimate interest of defending against possible claims.

Subject to the objective of recruitment – we point out that we may process your personal data referred to in Article 22 [1] of the Labor Code during recruitment. In this case, the basis for processing is the actions taken before signing the contract. If you disclose more personal data, then the basis for their processing will be your consent (i.e. under Article 6(1)(a) of the GDPR).

Disclosure of your data is voluntary, but to the extent under Article 22 [1] of the Labor Code it is necessary to enable you to participate in the recruitment. Failure to provide personal data may make it difficult or impossible to cooperate.

Acquiring, fostering and maintaining business relationships

In this regard, personal data is processed on the basis of joint contractual obligations, i.e. to take action at the request of that person prior to signing a contract with them, or in connection with the performance of the concluded contract (i.e. on the basis of Article 6(1)(b) GDPR).

In addition, we may process your data in order to comply with a legal obligation under the law – in particular tax law and financial reporting regulations (i.e. on the basis of Article 6.1. lit. c) GDPR).

On the basis of our legitimate interest, we may process your data for the realization or defense against possible claims arising from a contract we have concluded with you (i.e. on the basis of Art. 6 par. 1. lit. f) GDPR).

Provision of your data is voluntary and necessary to enable you to sign a contract with us and to perform it.

In connection with our business, we also collect personal data during thematically diverse business meetings. We would like to point out that we process the personal data obtained in this way only for the objectives of fostering and maintaining business relationships, within the framework of the business network we create. The legal basis for processing in this case is legitimate interest (i.e. under Article 6(1)(f) of the GDPR). Provision of data for this objective is always voluntary, and processing is carried out only on the basis of the specific objective(s) for which they were collected.

For the purposes of acquiring business relations, we collect personal data from publicly available sources (e.g. Internet search engines) in order to present a proposal for business cooperation. We process such personal data to propose a business cooperation model in the form of an e-mail message, a message in business social media (such as LinkedIn), or a phone conversation. The legal basis for processing in this case is a legitimate interest (i.e. pursuant to art. 6 sec. 1 letter f of the GDPR). We may also process personal data based on the consent granted to us to the extent and for the purpose specified in the content of the consent (i.e. pursuant to art. 6 sec. 1 letter a of the GDPR). Processing takes place only on the basis of the specific purpose/purposes for which data was collected. We respect any decision to discontinue processing personal data for this purpose.

Marketing and advertising activities

With regard to marketing activities, we process personal data based on the consent given for the objective of informing, promoting and undertaking marketing activities (including statistical objectives) by the Co-Controllers to the company’s current and potential customers in connection with the exercise of their legitimate interest (i.e. based on Article 6(1)(f) GDPR) to promote their own brand and services.  We may also process personal data on the basis of consent given to us, to the extent and for the objective specified in the content of the consent (i.e. on the basis of Article 6(1)(a) GDPR).

The Co-Controllers process personal data of users visiting their profiles maintained on social media. This data is processed solely in connection with the operation of the profile, including for the objective of informing users about the activities of the Co-Controllers and promoting various events, services and products. The legal basis for processing personal data for this objective is its legitimate interest (Article 6(1)(f) GDPR), which is to promote the brand. 

Providing data for marketing and advertising objectives is voluntary. In addition, providing data necessary for statistical analysis of users of the Website is voluntary. However, you can use the so-called incognito mode to browse the site without sharing information about your visit to the Site with the Co-Controllers. Using incognito mode, and therefore not providing data, does not affect your ability to use the Website.

Correspondence handling

If you contact us via email, website, social media or postal mail, we process your personal data on the basis of our legitimate interest in responding to your request (i.e., under Article 6(1)(f) of the GDPR).

Providing your data is voluntary, but necessary to enable us to contact you to respond to your request. Failure to provide them may make it difficult or impossible for us to process your case.

V Period of data processing

The period of data processing is determined based on the objective of processing and the lawful base in place:

1. Where personal data are processed on the basis of consent, the period of processing shall last until such consent is withdrawn or the objective of processing for which consent was given ceases – whichever event occurs first;
2. Where personal data are processed on the basis of a legitimate interest, the period of processing shall last until the aforementioned interest ceases to exist (e.g. the statute of limitations for civil law claims) or until the data subject successfully objects to further such processing – in situations where such an objection is available under the law;
3. Where the basis for the processing of personal data is a contract, then personal data shall be processed for the period necessary for its execution extended by the period resulting from the accounting and bookkeeping reporting prescribed by law;
4. Where the basis for processing is the fulfillment of a legal obligation incumbent on the Controller, then the period of processing results from the provisions of law.

VI Sources of personal data

We process data that we receive from you, for example, via email, submitted through our website, and in CVs/cover letters that you submit to us. In such cases, you have full control over how much data you disclose to us. We may also process your data disclosed to us by a third party (e.g., a recruitment agency, our clients) or obtained from publicly available sources (e.g. Internet search engines).

VII Your rights

In accordance with the general principles under the GDPR – you have the following data protection rights:

1. Right of access to data and receive a copy thereof,
2. Right to rectification of data,
3. Right to erasure of data (‘right to be forgotten’),
4. Right to restrict data processing,
5. Right to data portability,
6. Right to object data processing (when the basis of processing is the legitimate interest of the Co-Controllers),
7. Right to withdraw consent (when the basis of processing data is consent),
8. Right to lodge a complaint with the President of the Personal Data Protection Office.

The exercise of the above rights is subject to the conditions set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC – GDPR. If we reject your request, you will receive a response with reasons.

The right to erasure is granted only in the circumstances listed in the provisions of the GDPR, i.e.:

1. The data will no longer be needed for the objectives for which it was collected by the Co-Controllers in the first place,
2. You will withdraw your consent to data processing, which was the only basis for data processing,
3. You will object to data processing,
4. Your data will be processed unlawfully,
5. Your data should be erased in order to fulfill a legal obligation.

Co-Controllers may refuse to erase personal data if any of the conditions listed in the GDPR are met, e.g. if the processing is necessary to fulfill a legal obligation or to establish, perform or defend legal claims.

You have the right to restrict data processing only in the circumstances listed in the provisions of the GDPR, i.e.:

1. You notice that your data is incorrect – you can request restriction of their processing for the period necessary for us to verify them,
2. Your data is processed unlawfully but you object to their erasure – you can request restriction of their use instead 
3. Your data will no longer be necessary for us, but may be needed to defend or enforce claims,
4. You raise an objection to the processing – until we determine whether our legitimate interests override the grounds for the objection.

You have the right of data portability only in cases where the legal basis for processing your personal data is consent or the performance of a contract, and the processing is carried out by automated means.

In some situations, we may reject your objection to processing based on the legitimate interests of the Co- Controllers when there are valid legitimate grounds for processing that override the interests or fundamental rights and freedoms of the data subject, or when there are grounds for establishing, enforcing or defending legal claims. The Co-Controllers do not have this right if the data is processed for direct marketing objectives.

VIII Recipients of personal data

Your personal data may be disclosed to third parties who process personal data on behalf of the Co-Controllers, e.g., accounting service providers, IT service providers, or partners providing internal management and data sharing tools used by the Co-Controllers to fulfill the goals indicated in this Privacy Policy – with these entities processing data under contract with us and in accordance with our instructions.

We may also disclose your personal data to other recipients if this is necessary for the specific objective of the processing, such as banks, postal operators, law firms, our clients, recruitment software providers.

Your personal data may also be disclosed to entities authorized by law, including judicial authorities.

IX Social media processing and data co-management

The Co-Controllers process personal data as part of the social media profiles and accounts they maintain on Facebook, LinkedIn, Twitter, and the YouTube platform. 

Personal data is processed for:

1. To manage fan pages and groups on social media sites such as Facebook, LinkedIn, according to the rules set by the administrators of these sites and in accordance with the rules of these sites,
2. Inform through fan pages and social media accounts about the Co-Controllers’ activities and initiatives, including the promotion of events, services and products,
3. Communicate through the available functionalities of these services, such as responses to reactions, comments and private messages,
4. Analyze the activity of users of our profiles, including for the gathering of data on the number of likes, comments and shares of our profile or content posted on it, for statistical and advertising needs through the tools provided by social networks.

The basis for data processing is the legitimate interest of the Co-Controllers to promote their brand, take care of their image, conduct direct marketing and provide opportunities for contact and effective communication.

To the extent that the processing of data for statistical and advertising objectives, as well as data analysis for the objective of displaying statistics on fan page user activity, the Co-Controllers are service providers:

1. Meta Platforms Ireland Limited – you can access the privacy policy here: https://www.facebook.com/privacy/policy,
2. LinkedIn Ireland Unlimited Company – you can access the privacy policy here: https://www.linkedin.com/legal/privacy-policy
3. Twitter International Unlimited Company – you can access the privacy policy here: https://twitter.com/en/privacy
4. Youtube – you can access the privacy policy here: https://policies.google.com/privacy?hl=pl

The rules of co-maintaining data and the rules of processing personal data by the above providers as independent data controllers are available on the websites they operate.

X Automatic data collection

Cookies are small text files that are placed on your computer by websites you visit. They are commonly used to enable websites to function or operate more efficiently, as well as to provide information to the site owners.

Our site uses the following types of cookies:

1. Necessary cookies – necessary for the proper functioning of our website. It is not possible to turn them off – they are necessary for the provision of electronic services,
2. Functional cookies – allow the site to remember any choices you make on the pages (e.g., adjusting the page, changing the font, etc.). They additionally provide services of adding comments on the site/blog,
3. Analytical (statistical) cookies – used to analyze user behavior on our website. They allow us to analyze traffic on the site, improve its efficiency and improve the performance of the site,
4. Performance cookies – used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors,
5. Marketing cookies – record your visit to our website, the pages you visit and the links you follow. The information we collect helps us make our website and the content displayed on it more relevant to your interests. Additionally, we will be able to measure the effectiveness of our marketing or outreach efforts. We may share information with third parties for this specific purpose. 

The processing of personal data in connection with the use of functional, analytical (statistical), performance and marketing cookies, is subject to the user’s consent to their use (separately) through the cookie consent management platform. This consent can be withdrawn at any time through this platform.

We analyze the data we collect using solutions from third-party providers. In particular, your data may be transferred for functional, analytical, statistical, performance or advertising purposes to the organizations responsible for the tools used on the website: Google Universal Analytics, Google Tag Manager, Microsoft Clarity, Facebook Pixel, Linkedin Insight Tag, Leadfeeder. The information generated by cookies relates to your use of our website and does not allow you to be identified due to the extension providing anonymous IP address recording. However, it must be noted that some tools might use an IP address shortening method which in some cases might allow for approximate user identification.

In addition, we use social media plug-ins. Data collected in connection with social media plug-ins can only be transferred between your web browser and the selected social media operator. We have no way of knowing what data is collected and transmitted. Therefore, we encourage you to read the data processing information on the social media operators’ websites.

XI Transfer of personal data to third countries

The Co-Controllers also cooperate with suppliers located outside the European Economic Area (EEA). Accordingly, personal data may be transferred outside the EEA when necessary and with an adequate degree of protection.

The data might be transferred outside of the EEA based on: Standard Contract Clauses and decisions of the European Commission defining the adequate level of data protection according to the Data Privacy Framework (DPF).

XII Changes to privacy policy

We may change this Privacy Policy at any time, especially if there is a change in regulations, technology or the way our website operates. You can always find the most current version of our Privacy Policy on our website.