The data controller of your personal data is The data controller of your personal data is BoomBit Spółka Akcyjna with its registered office in Gdańsk at Zacna 2 street, 80-283 Gdańsk, e-mail: email@example.com (hereinafter: “Data Controller“).
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
You can change the settings for cookies in your web browser.
This service from Google Inc. is an analytics tool that stores information in cookies to generate statistics about traffic on our sites. This functionality is not indispensable for browsing and serves to monitor the website’s performance and improve it. When using Google Analytics, we do not process any personal information or other identifiers usable for indirect identification (e.g., IP address) of the data subjects. However, this does not mean that your personal data is not processed by Google Inc., the Google Analytics controller. The main cookie used by Google Analytics is the _ga file. More about the types of cookies used by Google Inc. you can learn here: https://policies.google.com/technologies/types?hl=en_US or see information above.
How to Enable & Disable Cookies in Your Browser
How to Enable & Disable Cookies on Your Mobile Device?
The purposes of personal data processing and the legal basis
The Data Controller processes personal data as part of the following.
- Operation of the https: https://qa.house/ website:
- conducting traditional and e-mail correspondence and telephone contact – personal data contained in this correspondence / voice message is processed only to communicate and resolve the matter to which correspondence / voice message applies, pursuant to art. 6(1)(f) of the GDPR, which is the legitimate interest of the Data Controller.
- online contact forms – personal data is processed in order to identify the sender and service his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of services, art. 6 (1)(b) of the GDPR; in the scope of optional data, the legal basis for processing is the consent art. 6 (1)(a) of the GDPR.
- performance of the contract – implementation of the rights and obligations arising from the contract pursuant to art. 6 (1)(b) of the GDPR.
- handling complaint processes – registration and consideration of reported complaints as well as defense against possible claims or pursuing claims – art. 6(1)(f) of the GDPR, which is the legitimate interest of the Data Contoller.
- conducting marketing activities of Data Controller’s products / services – art. 6(1)(a,f) of the GDPR, which is the legitimate interest of the Data Controller.
- use of data for statistical, analytical and reporting purposes based on the legitimate interest of the Data Controller, i.e. improving the quality of services and adapting them to the needs of the users of – art. 6(1)(f) of the GDPR.
- use for accounting, tax and other purposes related to the performance of legal obligations – art. 6(1)(c) of the GDPR, in connection with art. 86(1) of the Act of August 29, 1997, Tax Code, in connection with art. 106e and 106g of the Act of 11 March 2004 on tax on goods and services, in connection with art. 9 (1) of the Act of February 15, 1992 on corporate income tax, in connection with art. 71 (1) of the Accounting Act of September 29, 1994
- Maintaining social media profiles
- The Data Controller has public profiles on social media: Facebook, Instagram, Twitter, Youtube, TikTok and Linkedin. Therefore, it processes the data that visitors to these profiles leave (including comments, likes, online identifiers). Personal data of such persons are processed in order to enable them to be active on profiles, in order to efficiently run profiles, by presenting users with information about the Data Controller’s initiatives and other activities, and in connection with the promotion of various events, services and products for statistical and analytical purposes, alternatively they may be processed for the purpose of pursuing claims and defending against claims.
- The legal basis for the processing of personal data is the Data Controller’s legitimate interest – art. 6(1)(f) of the GDPR, consisting in promoting one’s own brand and improving the quality of services provided, if necessary – pursuing claims and defending against claims.
- Processing of personal data of contractors and their employees
- In connection with the conclusion of contracts as part of its activities, the Data Controller obtains data of persons involved in the implementation of such contracts from contractors / clients (e.g. persons authorized to contact, executing orders, etc.). The scope of the transferred data is limited to the extent necessary to perform the contract and usually does not include information other than the name and business contact details.
- such personal data is processed in order to implement the legitimate interest of the Data Controller and his contractor – art. 6(1)(f) of the GDPR, consisting in enabling the correct and effective performance of the contract. Such data may be disclosed to third parties involved in the performance of the contract.
Depending on the purpose of processing personal data, providing them may be a condition for concluding a contract (e.g. in the case of concluding a contract) or it may be voluntary, but necessary to use our services or necessary to consider a complaint.
Providing personal data for marketing purposes is voluntary. If you do not agree to the processing of personal data left as part of using our Website and its functionality, personal data will not be processed for this purpose.
As part of recruitment, the Data Controller expects personal data to be provided (e.g. in a CV or curriculum vitae) only to the extent specified in the labor law. The Data Controller does not require any additional information. If the submitted applications contain additional data, in addition to the indicated provisions of labor law, their processing will be based on the consent of the candidate – art.6 (1)(a) of the GDPR. Expressing consent in this case is voluntary, and such consent may be revoked at any time.
- employment contract – the data will be processed in order to perform the obligations arising from legal provisions related to the employment process – the legal processing is the legal obligation incumbent on the Data Controller art. 6(1)(c) of the GDPR in connection with art. 221 § 1 of the Labor Code);
- civil law contract – the data will be processed in order to conduct the recruitment process – the legal basis for the processing of data contained in the application documents is to take action before concluding the contract at the request of the data subject – art. 6 (1)(b) of the GDPR;
- recruitment – in the scope of data not required by law, as well as for the purposes of future recruitment processes – the legal basis for processing is consent – art. 6 (1)(a) of the GDPR;
- verification of the candidate’s qualifications and skills – the data will be processed on the basis of the Data Controller’s legitimate interest – art. 6 (1)(f) of the GDPR. The Data Controller’s legitimate interest is verification of job candidates;
- determination or investigation by the Data Controller of any claims or defense against claims – the data will be processed on the basis of the legitimate interest of the Data Controller – art. 6 (1)(f) of the GDPR;
- the Data Controller will process your personal data, including in subsequent recruitments, if you give consent, which can be revoked at any time.
Data retention periods
The data retention period depends on the purpose for which this processing is carried out. Detailed rules regarding the periods of data storage are described below:
- to implement the contract – for the duration of the contract and for settlements after its termination;
- to handle complaint processes – until the expiration of contractual claims. It will usually be
a period of 2 years.
- to conduct marketing activities – until consent is withdrawn or objection is raised;
- to use the data for statistical, analytical and reporting purposes – for the duration of the contract, and then no longer than for the period after which the contractual claims expire – usually a period of 3 years;
- to fulfill accounting, accounting, tax and other legal obligations – no longer than for a period of 5 years from the end of the calendar year in which the tax obligation arose;
In the event of your consent to the use of personal data for future recruitment purposes, your data will be stored for 24 months.
The recipients of your personal data may be external companies supporting the Data Controller on the basis of commissioned services with which relevant data processing agreements have been concluded. In connection with conducting operations that require processing, personal data is disclosed to external entities, including in particular suppliers responsible for operating IT systems, entities providing legal or accounting services, couriers or marketing agencies.
Personal data may be transferred to third countries and international organizations when entities established in these countries have implemented appropriate safeguards for the personal data being processed. If personal data is transferred outside the EEA, the Company uses Standard Contractual Clauses as safeguards for countries where the European Commission has not found an adequate level of data protection.
Data subject rights
You have the right to:
- withdraw your consent if the Data Controller has obtained such consent to process personal data (provided that such withdrawal does not violate compliance with the right to data processing carried out prior to withdrawal).
- request removal of your personal data; on this basis, you can request the deletion of data processing of which is no longer necessary to achieve any of the purposes for which it was collected.
- request to limit the processing of your personal data – if such a request is made, the Data Controller ceases to perform operations on personal data – with the exception of operations that the data subject has agreed to – and their storage, in accordance with accepted retention rules or until the reasons for limiting of data processing cease to exist.
- express an objection – the data subject may at any time oppose – for reasons related to his particular situation – the processing of personal data which is based on the legitimate interest of the Data Controller (e.g. for analytical or statistical purposes); the opposition in this respect should include a justification.
- data transfer – on this basis – to the extent that the data is processed in an automated manner in connection with the concluded contract or consent – the Data Controller issues data provided by the person to whom it relates, in a format that allows data to be read by
a computer. It is also possible to request for this data data be sent to another subject, however, provided that there are technical possibilities in this regard both on the part of the Data Controller and the indicated entity.
- submit a complaint to the Office for Personal Data Protection – if it is considered that the processing of Personal Data violates the provisions of the GDPR or other provisions regarding the protection of personal data, the data subject may file a complaint to the body supervising the processing of personal data competent for the habitual residence of the data subject, his place of work or the place of the alleged infringement. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
The Data Controller will verify your requests or objections in accordance with applicable provisions on the protection of personal data. However, it should be remembered that these rights are not of
an absolute nature; regulations provide for exceptions to their application.
Should you wish to obtain information or exercise one or more of the rights mentioned above, please send an email to: firstname.lastname@example.org
The current version of the Cookies Policy applies from 21th of August 2023.