The privacy policy governs the obligations of the personal data controller towards natural persons whose personal data are processed in connection with the professional activities of eq system companies, and informs about the rights of the above-mentioned natural persons.
The privacy policy applies to all operations carried out by eq system companies as part of their business activities which involve the processing of personal data, including operations carried out using websites and web applications and social media provided by companies, hereinafter referred to as the Websites.
We declare that the Websites operate at an appropriate technical level. The services will be characterized by due diligence, respect for the rules of professionalism, and compliance with applicable law, in particular the law protecting the privacy of natural persons:
Data Controller – each of the eq system group companies separately, within the scope of their business activities, or jointly, where appropriate, i.e.:
eq system technology sp. z o.o. with its registered office at the address: ul. św. Antoniego 50, 41-303 Dąbrowa Górnicza, entered in the Register of Entrepreneurs kept by the District Court in Katowice, 8th Commercial Division of the National Court Register under number KRS 0000108452, NIP 6370102776, and
eq system sp. z o.o. with its registered office at the address: ul. św. Antoniego 50, 41-303 Dąbrowa Górnicza, entered in the Register of Entrepreneurs kept by the District Court in Katowice, 8th Commercial Division of the National Court Register under number KRS 0000175772, NIP 6292263139 and
eq system consulting sp. z o.o. with its registered office at the address: ul. św. Antoniego 50, 41-303 Dąbrowa Górnicza, entered in the Register of Entrepreneurs kept by the District Court in Katowice, 8th Commercial Division of the National Court Register under number KRS 0000486510, NIP 6793096787.
Contact with the Controller is possible at the joint address, as indicated above, or by e-mail at the joint address: info@eqsystem.pl
Personal data – any information related to an identified or identifiable natural person: one or more specific factors determining the physical, physiological, genetic, psychological, economic, cultural or social identity of a natural person, including device IP number, location data, Internet identifier and information collected using cookies and other similar technology.
Processing of personal data – any automated or non-automated operation or set of operations performed on personal data or in personal data filing systems, including: collecting, recording, organizing, structuring, retaining, adapting or modifying, searching, consulting, using, disclosing through transmission, distribution or otherwise sharing, alignment or combination, restriction, erasure or destruction of personal data.
Contact Person – any natural person representing a company or an institution with which the Data Controller intends to establish or has established business contacts, in particular visiting the Websites, using their functionalities or using one or more services provided by the Data Controller.
Job Candidate – any natural person who has submitted their application to be employed with the Data Controller’s company.
When receiving business contacts from companies and institutions, conducting meetings, talks and correspondence related to the identification of requirements to prepare offers for products and services that are best tailored to the expectations of potential customers, and when concluding contracts for deliveries, licences or services, we process the following personal data of the Contact Persons: name, surname, business e-mail address, business telephone number, name and address of the company or institution, and the organizational unit represented by the contact person, job position or function in the above-mentioned company or institution. These data may:
When receiving applications from Job Candidates, we process their personal data:
Notwithstanding the foregoing, specific data referred to further in the policy may be collected automatically via cookies, active on the Websites, based on the activity of the Contact Person, Job Candidate or other persons using the Websites.
In order to conduct marketing activities intended for companies and institutions, we process the personal data of Contact Persons based on the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR). Our legitimate interest involves the use of the business personal data of the Contact Person for marketing of our products and services only in professional B2B contacts with the company or institution represented by the Contact Person.
Data related to the activities of Contact Persons on the Website, collected via cookies or other similar technologies, are processed by the Data Controller to provide electronic services that involve sharing the content collected on a specific Website – in this case, the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR) and for analytical and statistical purposes – in this case, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as analysing the activities of Contact Persons and their preferences to improve the functionality and quality of the services provided.
Our websites www.eqsystem.pl and www.xprimer.pl contain a link to out company profile on Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). This plugin on our website is marked with the Facebook logo and is used to connect to our Facebook profile. Facebook may then obtain the information that you have visited our site from your IP address. If you visit our site while logged in to your Facebook profile, Facebook will record information about the visit. Even if you are not logged in, Facebook is able to obtain information about your IP address.
We assure you that Facebook does not provide us with information about the data collected and how these data are used. We are not aware of the purpose and scope of the data collected by Facebook. For additional information regarding privacy on Facebook, please contact Facebook directly or read their privacy policy at: https://www.facebook.com/about/privacy/
The activities of the Contact Person who has their profile on the Website is recorded in system logs (a special database used to store chronological records containing information about activities performed on the Website). The information collected in these logs is processed mostly for purposes related to the performance of the contract for the provision of services, which the Data Controller concluded with the company or institution represented by the Contact Person. The Data Controller also processes such data for technical and administrative purposes, to ensure the security of the Website and to manage it, and for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as caring for the quality of services provided electronically and statistical analysis of these services.
We use Facebook, LinkedIn and YouTube social media for PR and promotional purposes, we share information about our achievements and planned events, thus we are the Controller for the personal data of users of these media who visit our company profiles. We administer and manage company profiles created in these media, including by publishing information, responding to posts and comments, and overseeing the content posted by users. We perform these activities based on the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as the possibility of running and managing company profiles. On the same basis, we also perform activities aimed at ensuring ICT security, preventing fraud and financial crimes, and ensuring the possibility of pursuing and defending claims.
Social media operators record behaviours of their users through cookies and other similar technologies by themselves, including whenever they interact with eq system company profiles. The full scope and purposes of the processing of personal data on social media are determined by their operators:
As an administrator of our own company profiles, we have access to general aggregated statistics, provided by the operators of various social media, regarding the interests and demographic data of users visiting our company profiles, but we do not have access to any personal data used by social media operators when generating such statistics. If the user has their own profile on a specific social media platform, we have access to information that the user has set as public, on the same terms as other users of the social media platform. For more information on the user’s rights in the field of data protection in connection with the generation of website statistics and the possibility of using them directly in interactions with social media, please visit:
If the Contact Persons has filled in the form to receive materials or information, the Data Controller will provide the service that involves sharing the material and mailing to those persons. Providing one’s data and ticking off appropriate consents is required to provide the service in the appropriate scope, otherwise we will not be able to provide such service. The basis for the processing of personal data to provide the service that involves sending materials and mailing is the performance of the contract (Article 6(1)(b) of the GDPR).
If any activities and contents related to the marketing of products and services are intended for the Contact Person who has filled in the contact form, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).
When making analyses and generating statistics, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as improving the functionalities of the Websites and sending mailings with more relevant contents.
In order to assert, pursue or defend against claims – the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as enabling the Data Controller to defend their rights.
If the Contact Persons have filled in the form on the webinar platform to participate in the event (webinar, video-conference, presentation, etc.), the Data Controller will provide the service that involves participation in the event to those persons. Providing one’s data and ticking off appropriate consents is required to provide the service in the appropriate scope, otherwise we will not be able to provide such service. The basis for the processing of personal data to provide the service that involves participation in the event is the performance of the contract (Article 6(1)(b) of the GDPR).
If any activities and content related to the marketing of products and services are intended for the Contact Person who has filled in the participation form, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).
When using analyses and statistics, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as the evaluation of the event by participants to better plan subsequent events, improve the content presented and forms of communication.
In order to assert, pursue or defend against claims – the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as enabling the Data Controller to defend their rights.
If the Data Controller, together with the company or institution represented by the Contact Person, carries out any activities to conclude a contract or has concluded a contract for the delivery of products and/or provision of services, the Contact Person’s data will be processed on the basis of legitimate interest of the Data Controller, such as the preparation and performance of the contract, and to assert and defend the Controller’s rights (Article 6(1)(f) of the GDPR).
During the recruitment process, based on the right under Article 22¹ of the Labour Code, we process the following personal data: first name, middle name and surname, date of birth, contact details, education, professional qualifications, employment history. The basis for the processing of the above-mentioned personal data is the legal obligation (Article 6(1)(c) of the GDPR).
In order to carry out the recruitment process, if it is necessary to process personal data other than those indicated above, provided via the contact form posted on the Website, in the Job Candidate’s application or other documents supplied, the basis for processing is the Job Candidate’s consent (Article 6(1)(a) of the GDPR).
In order to verify the skills and abilities of the Job Candidate, presented in the application and required to work in a specific position, the processing of the data obtained in this way is based on our legitimate interest (Article 6(1)(f) of the GDPR). In addition, if there is a legal need to prove facts or demonstrate the fulfilment of obligations stemming from the recruitment process, the legal basis for the processing of personal data will be the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).
The use of personal data provided by the Job Candidate for future recruitment processes will be possible, provided that the Job Candidate agrees to the processing of personal data provided via the contact form posted on the Website, in the Job Candidate’s application or other documents. In this situation, the basis for processing is such consent (Article 6(1)(a) of the GDPR).
In order to conduct marketing activities, we collect information about the business needs related to the position/function held by the Contact Person to best adjust our marketing communication, and tailor the product and service offer to the needs of the company or institution represented by the Contact Person. We process this information in our IT systems supporting the proper completion of the services we provide.
Profiling, within the above-mentioned meaning, is not used for the purposes of automatic decision-making and is based on our legitimate interest (legal basis: Article 6(1)(f) of the GDPR), such as conducting marketing communication that will be tailored to the needs of the Contact Person and primarily to the needs of the company or institution represented by the Contact Person.
Our activities only pertain to professional relations.
Websites, in particular web pages, use cookies (“cookies”), which are stored on the end device used by the Contact Person, Job Candidate or other person using the Website, e.g. notebook, smartphone, etc. Cookies usually contain information such as: the name of the domain they come from, the duration of storage on the end device, and a unique identifier. The information contained in cookies is read each time the above-mentioned persons visit our web pages. They may also be used by the trusted external providers of tools for presenting relevant content, monitoring traffic and activities on web pages, cooperating with eq system companies.
Cookies are not used to process or store personal data and cannot be used to directly identify the above-mentioned persons, and they do not change the configuration in the web browser and end device.
Name | Character | Storage | Purpose | More information: | ||
cookieconsent_status | necessary | 365 days | it stores the status of the pop-up with info about cookies | |||
SERVERID | necessary | until the end of the session | Maintaining a safe session for the user during the visit. | |||
Third party cookies | ||||||
_GRECAPTCHA | necessary | 179 days | It supports the reCaptcha mechanism for risk assessment (human/bot identification) | https://developers.google.com/recaptcha/docs/faq#does-recaptcha-use-cookies | ||
_fbp | advertising | 90 days | It is set by Facebook to display ads on Facebook or in the Facebook advertising network to users who have previously visited our web page. | https://developers.facebook.com/docs/marketing-api/conversions-api/parameters/fbp-and-fbc/ | ||
fr | advertising | 90 days | It is set by Facebook to display relevant advertisements to users and to measure and improve advertisements. The cookie also tracks user behaviour on web pages that have a Facebook pixel or Facebook social plugin. | https://www.facebook.com/policies/cookies | ||
Google Analytics | _ga | analytical | 2 years | It is used to analyse visitors, sessions and campaigns, to track site usage, and it stores information anonymously (assigning a random identifier) to identify unique visitors | https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage | |
_gid | analytical | 1 day | It is used to analyse visitors, sessions and campaigns, to track site usage, and it stores information anonymously (assigning a random identifier) to identify unique visitors | |||
_dc_gtm_UA-37412241-1 | analytical | 1 minute | It is used by GTM to load GA | |||
_gat | analytical | 1 minute | It does not store data about the user, and it allows to limit the number of queries to Google servers | |||
Hotjar | _hjFirstSeen | functional | 1 day | It identifies whether this is the user’s first session | https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookie-Information | |
_hjTLDTest | functional | until the end of the session | It sets a unique session identifier. This allows to obtain data on visitor behaviour for statistical purposes. | |||
_hjid | functional | 1 year | It identifies the user (unique ID) | |||
_hjAbsoluteSessionInProgress | functional | 30 minutes | It identifies which user’s visit this is | |||
SalesManago | smforms | functional | persistent (10 years) | It stores the parameters of the contact form (data populated in the form) | https://support.salesmanago.com/contact-monitoring-principles-of-operation-and-scope-of-collected-data/ | |
smvr | functional | persistent (10 years) | It stores information about users’ preferences/behaviour | |||
smuuid | functional | persistent (10 years) | It identifies the user (unique ID) | |||
smg | functional | persistent (10 years) | It identifies the user | |||
_smvs | functional | 1 day | It stores information about users’ preferences/behaviour | |||
_smvc | functional | persistent (10 years) | It is used to collect information about visits | |||
The user is able to change the settings related to the use of cookies, or even disable them, by themselves through the configuration options of the web browser, but if the user blocks cookies, they should take into account the risk of improper functioning of the Website. If you do not limit the use of cookies in the configuration options of your web browser, it means that cookies will be saved on your end device, and thus the Website will access them.
Our Websites use network service analysis mechanisms of Google Inc. (Gordon House, Barrow Street, Dublin 4, Ireland): Google Analytics, Google Double Click and Google Tag Manager, which use cookies that enable the analysis of the way the Websites are used. The information collected by cookies is processed and archived on Google servers located in the USA.
Social media (Facebook, LinkedIn, YouTube), in which the Data Controller runs company profiles, record the behaviour of their users through cookies and other similar technologies, including whenever they interact with eq system company profiles. The full scope and purposes of the processing of personal data on social media are determined by their operators.
We disclose the personal data of the Contact Person to the following categories of trusted recipients:
The Controller reserves the right to disclose selected information about the Contact Person to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.
We disclose the Job Candidate’s personal data to authorized employees and associates of the eq system group, participating in the recruitment process, and providers of hosting services and tools which may be used by the Job Candidate to upload their application.
We retain personal data for marketing purposes until the Contact Person opts out of receiving marketing and commercial information from the eq system group (withdraws their consent or raises an objection), but for not longer than a period 5 years counted from the date of recording their last activity in contacts related to marketing activities of eq system companies, unless the further retention of the Contact Person’s personal data is required by law or is necessary to perform contracts or resolve disputes, or the Contact Person’s activity may indicate interest in services or products offered by the eq system group. After the occurrence of the circumstances or the expiry of the period referred to above, the personal data of the Contact Person will be erased or anonymized.
The processing of personal data while performing contracts that involve the delivery of supplies, the grant of a licence or the provision of services will generally continue throughout the duration of the contract. The data processing period may be extended if the processing is necessary to assert, pursue or defend against any claims, and after this period, only if and to the extent that it is required by law. After the expiry of the processing period, the data will be irreversibly erased or anonymized.
For company profiles on social media run by the Data Controller, the data will be processed until the user cancels the like or ceases to follow the company profile.
For recruitment, the personal data of Job Candidates will be processed until the end of the recruitment for the position for which the Job Candidate has applied or – provided that they has consented to the processing of personal data for the purposes of future recruitment – for two years from the date of filing of the application, unless the Job Applicant withdraws earlier their consent to the processing of personal data.
We will not transfer directly the personal data of Contact Persons outside the territory of the European Union, however, due to the Controller’s use of cloud solutions provided by Microsoft, the data may be transferred – on the basis of standard data protection clauses – to a third country. The standard contractual clauses used by Microsoft in accordance with the templates approved by the European Commission are available at: https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx.
It cannot be ruled out that in connection with the use of IT solutions of our other providers who use hosting services offered by global third parties (e.g. Microsoft, Google, Amazon), personal data may be processed outside the territory of the European Union. In that case, we assure you that the transfer of data will take place on the basis of an appropriate decision of the European Commission or on the basis of appropriate regulations or an agreement with the provider, containing standard data protection clauses, as adopted by the European Commission.
We will not transfer any personal data of Job Candidates outside the territory of the European Union.
The data subject has the right to:
When using eq system company profiles on social media, the user will be able to exercise their rights by themselves, using the appropriate tools provided by operators, including management of “likes” and followed pages, private messages, privacy settings of the user’s own profile.
For more information on the user’s data protection rights on social media, please visit:
Facebook: https://www.facebook.com/privacy/explanation
LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL
Google/YouTube: https://policies.google.com/privacy
The Data Controller analyses the risk on an ongoing basis to ensure that the personal data are processed by them in a safe manner, providing access to data only to authorized persons and only to the extent that it is necessary for the tasks performed by them. The Data Controller ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
The Controller takes all necessary steps to ensure that their suppliers, subcontractors and other cooperating entities guarantee the use of appropriate security measures, whenever they process personal data on behalf of the Data Controller.
Contact with our Data Protection Officer is possible by post, at the address: ul. Św. Antoniego 50, 41-303 Dąbrowa Górnicza, by telephone at: +48 32 262 60 22 or e-mail at: iod@eqsystem.pl.
In matters not covered by this privacy policy, the provisions of the GDPR shall apply. The policy may be verified on an ongoing basis and updated, where necessary. We reserve the right to change individual provisions of the privacy policy without prior notice. The data subject may read, at any time, the current version of the privacy policy available on the website https://www.eqsystem.pl or https://www.xprimer.pl, under “Privacy Policy”.
Our clients
tel.+48 32 420 74 20
kontakt@eqsystem.pl
eq system sp. z o.o.
ul. św. Antoniego 50
41-303 Dąbrowa Górnicza
NIP 629 22 63 139
KRS 0000175772
REGON 278119464
eq system technology sp. z o.o.
ul. św. Antoniego 50
41-303 Dąbrowa Górnicza
NIP 637 01 02 776
KRS 0000108452
REGON 270535105
BDO 000308806
eq system consulting sp. z o.o.
ul. św. Antoniego 50
41-303 Dąbrowa Górnicza, Poland
NIP 6793096787
KRS 0000486510
REGON 122987434
eq system scandinavia oy
tel. +358 40 5570411
kari.juntunen@eqsystem.fi
Copyright © 2019 by eq system. All Rights Reserved.
