This Policy is aimed at informing users of the www.virtuslab.com website (the Website) (the Users) about purposes of and legal bases for processing personal data on the Website, the manner of using the data and about related rights available to the Users. The Users’ personal data are always processed in conformity with applicable laws, including in particular pursuant to the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR).
Who is the Controller?
The Controller is Virtus Lab Sp. z o.o. with registered office in Rzeszów (35-211), Poland, ul. Zofii Nałkowskiej 23, National Court Register entry No. KRS 0000349785, Tax Id. No. (NIP) 5170312965, Industry Id. No. (REGON) 180526627 (the Controller).
The Controller has appointed a Data Protection Officer (DPO) Mr. Mariusz Zajkiewicz, who can be contacted using the email address: dp[email protected] or by traditional mail to the company’s address.
Purposes of, and legal bases for, processing of personal data
- E-mail correspondence:
Personal data are processed to pursue the Controller’s legitimate interests (Art. 6.1.f of the GDPR). Personal data are provided on a voluntary basis, but the provision thereof is necessary to receive a reply from the Controller. In such a case, personal data are processed due to the Controller’s legitimate interests. The Controller’s legitimate interests consist in communicating with an individual who requests of the Controller to provide an answer.The correspondence may be conducted for many reasons which are hard to categorize. The messages may be sent as a result of organizing various events, existing or possible contracts, technical advice, financial settlements, etc.
- Recruitment process and future recruitment processes:
Personal data are processed in order to comply with the Controller’s legal obligations resulting in particular from Art. 22  of the Labour Code (Art. 6.1.c of the GDPR), and to take up activities, at the Candidate’s request, prior to the conclusion of an agreement and to perform an agreement (Art. 6.1.b of the GDPR). In the case of other recruitment data and for the purpose of future recruitment processes – also on the basis of consent of a data subject (Art. 6.1.a of the GDPR). The provision of personal data is a statutory requirement and is necessary for an agreement to be concluded; if they are not provided, it shall be impossible to conclude an agreement. In the case of other recruitment data and for the purpose of future recruitment processes the consent may be withdrawn at any time – without affecting the lawfulness of processing prior to the withdrawal.
- Newsletter distribution:
Personal data are processed on the basis of consent of a data subject (Art. 6.1.a of the GDPR), and in the case of direct marketing – also to pursue the Controller’s legitimate interests (Art. 6.1.f of the GDPR). The Controller sends out a newsletter to the Users who have provided their e-mail address for this purpose. Personal data are provided on a voluntary basis. The User may withdraw their consent at any time – without affecting the lawfulness of processing prior to the withdrawal. In case of sending the Controller’s commercial information, a legal basis for processing, including profiling, involves the Controller’s legitimate interest. The Controller’s legitimate interest consists in carrying out direct marketing activities;
- Conclusion and performance of an agreement:
Personal data are processed in order to take up activities, at the User’s request, prior to the conclusion of an agreement (e.g. to submit an offer) and to perform an agreement (Art. 6.1.b of the GDPR). Providing personal data is necessary for an agreement to be concluded; if they are not provided, it shall be impossible to conclude an agreement;
- Direct marketing of own services, pursuit of and protection against legal claims, fraud prevention, statistics and analytics, ensuring ICT environment security, and application of internal control systems:
Personal data are processed to pursue the Controller’s legitimate interests (Art. 6.1.f of the GDPR). The Controller’s legitimate interest consists in a possibility to undertake the aforementioned activities;
- Financial settlements:
Personal data are processed in order to comply with the Controller’s legal obligations resulting in particular from accounting policies and tax related regulations (Art. 6.1.c of the GDPR). The provision of personal data is a statutory requirement.
Recipients of personal data:
Personal data may be processed by the Controller’s service providers rendering, among others, financial settlements, legal, advisory, consulting, audit, marketing, archiving, IT, courier, postal services, and by the entities from the Virtus Lab Group. A subset of Candidate’s data may be shared with a partner company if a Candidate agrees. The Users’ data will not be shared with any other third parties, unless this proves necessary and the User consents thereto or a data disclosure obligation results from mandatory rules of law, a final and non-appealable court judgment or a final decision of a relevant body. On the Website, there can be references to other webpages. The Controller shall not be liable for the processing of personal data connected with the use of these webpages by the User. Having moved to the other webpages, the User should first consult their privacy policies and personal data protection procedures. The Controller shall not transfer personal data to any third parties outside the EEA or to any international organisations unless this proves necessary, e.g. for the recruitment process. The personal data will be transferred only if the entities comply with GDPR requirements.
What does profiling involve and are any data on the Website subject to profiling?
Profiling consists in any form of automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning a data subject’s work performance, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning the data subject or similarly significantly affects the data subject. Data on the Website may be profiled exclusively with regard to a newsletter, which includes direct marketing, if it has been applied. If, following the Website’s development, personal data were to be profiled, the Controller will inform the Users thereof, and profiling will be carried out in accordance with relevant regulations. In case of profiling, the Controller shall implement appropriate measures safeguarding rights, freedoms and legitimate interests of the Users, including ensuring an option of a human intervention at the Controller’s side and a possibility to express a personal position and challenge a decision.
How can personal data be changed?
The User has the right of access to content of their personal data and the right of rectification and erasure of the personal data, the right to restrict processing of the data, the right to data portability and the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Further, the User has the right to object to processing of their personal data, including in particular to profiling. To this end, the User can contact the Controller at the e-mail address: [email protected]. The User can contact the Controller also otherwise as preferred.
How does the Controller protect personal data?
The Controller protects the Users’ data against unauthorised access, disclosure, change or destruction. In particular, the Controller makes use of data encryption, physical security measures and verification in IT systems. Further, the Controller uses anti-virus software and firewalls. The Users’ data may be accessed exclusively by authorised individuals bound by confidentiality and subcontractors that have entered into personal data sub-processing agreements with the Controller.
How long will personal data be processed?
The Users’ data shall be processed for as long as the Users use the Website. In case of processing personal data:
- in connection with e-mail correspondence – personal data shall be processed for a period necessary to provide the User with an answer or until the User raises an effective objection. The correspondence may be one-time, regular or rare but with new messages every now and then. Therefore, it may be stored due to possible continuation of discussions. Current relevance of personal data is, however, checked at least once a year;
- in connection with recruitment process – the Candidate’s data will be processed for the duration of the recruitment process and as regards any potential claims, for the period of 3 years. In order to use the Candidate’s data in future recruitment processes and in case of other recruitment data, this data will be processed until consent is withdrawn but no longer than for a period of 5 years.
- in connection with newsletter distribution – the Users’ data shall be processed until consent is withdrawn or an objection is effectively raised;
- prior to the conclusion of an agreement or in connection with the performance thereof, personal data shall be processed for the duration of an agreement performance term, and if an agreement has not been concluded – until either party resigns from concluding an agreement, regardless of a reason;
in case of financial settlements – personal data shall be processed for a period of five years from the end of a calendar year when a transaction has been conducted.
Personal data may also be processed upon the lapse of the indicated periods, until any potential legal claims are time-barred or for as long as is possible or required in compliance with applicable laws. In particular, if a processing period based on a given legal basis has expired, this shall not mean that personal data may not be processed based on another legal basis. Upon the lapse of a processing period, in the absence of any bases for processing, personal data shall be permanently deleted or anonymised.
Other data processing related rights of the Users
The Users have the right to file a complaint with the President of the Personal Data Protection Office if they consider that their personal data are processed in breach of mandatory rules of law.
This Policy and any amendments hereto shall apply as of the moment when they are published on the Website.
COOKIES POLICY VIRTUS LAB
This Policy is aimed at informing users of the www.virtuslab.com website (the Website) (the Users) about purposes of storing and gaining access to cookies in the Users’ terminal equipment and about options to set terms of storing or gaining access to the cookies through browser settings or service configuration. The Website’s controller (the Controller) might store the cookies in the Users’ terminal equipment and have access thereto.
What are cookies?
Cookies are information saved in text files sent by the Website to the User’s browser and resent by the User’s browser when the User re-visits the Website. The cookies are stored in the User’s terminal equipment (computer, laptop, smartphone). They are used to maintain the User’s session and to save other data so that the User does not need to enter the same information whenever they use the Website. Among other things, the cookies remember a website name, data of the User’s browser, unique settings and a period for which the data will be stored. Data saved in the cookies are not matched with individual Users of the Website.
Change you settings here:
What kind of cookies are used by the Website?
Session cookies – files stored in a browser’s memory until it is closed, required for the Website’s functionalities to operate correctly.
Permanent cookies – files stored in a browser’s memory for a specific period. Among other things, they guarantee the proper navigation and layout of the Website. A period for which these files are stored depends on a choice which the User can make in their browser settings. This type of the cookies allows for information to be passed to the Website whenever the Website is visited by the User.
Analytics cookies – files stored in a browser’s memory for the purposes of website traffic statistics and analytics. The analytics service is provided by Google Inc., as part of Google Analytics, Hotjar Ltd., as part of Hotjar. Information obtained with the use of those tools is not shared with any entities other than Google/Hotjar, and serves only to report the User’s interactions on the Website.
Advertising cookies – files stored in a browser’s memory in order to match advertising content with the User’s behaviour on the Website. An advertising service is provided by Facebook, Inc. as part of Facebook Pixel, Google, Inc., as part of Google Ads, LinkedIn Corporation as part of LinkedIn Ads, Twitter, Inc. as part of Twitter Ads. Any information obtained in this manner might be shared with advertisers and partners that cooperate with the Controller.
Who is the Controller of the Website?
The Website’s Controller is Virtus Lab Sp. z o.o. with registered office in Rzeszów (35-211), Poland, ul. Zofii Nałkowskiej 23, National Court Register entry No. KRS 0000349785, Tax Id. No. (NIP) 5170312965, Industry Id. No. (REGON) 180526627.
The Controller has appointed a Data Protection Officer (DPO) Mr. Mariusz Zajkiewicz, who can be contacted using the email address: [email protected] or by traditional mail to the company’s address.
The User’s browser might by default allow for storing of the cookies. At any time, the User can set terms of storing and accessing data saved in the cookies, through browser settings. The cookies can be blocked; an option of storing the cookies can be restricted (e.g. by informing the User about installation of the cookies on a case-by-case basis) or access to the cookies can be limited; however, any blocking or restricting of the cookies may affect the Website’s quality or even prevent the proper display of the Website on the User’s terminal equipment. Detailed information on the options and manner of handling the cookies is available in browser settings. More information on cookies management is available in a given browser’s functionalities.
This Policy and any amendments hereto shall apply as of the moment when they are published on the Website.