Get a demo

Privacy Policy

The controller of personal data is IDENTT Sp. z o.o. with its registered office in Wrocław. You have the right to access your data, to data portability, to rectify it, to erase it or restrict its processing, as well as the right to object to the processing of your data.

To read how we process personal data, click: privacy policy, GDPR clause. Any complaints and requests regarding the exercise of rights related to the processing of personal data may be submitted: by e-mail to: iod@identt.pl, by phone: 71 757 56 58 (call cost according to the operator’s tariff), in writing to the registered address of IDENTT Sp. z o.o., ul. gen. Romualda Traugutta 45, 50-416 Wrocław. You may contact the Data Protection Officer via: e-mail: iod@xver.com or in writing to: IDENTT Sp. z o.o., ul. gen. Romualda Traugutta 45, 50-416 Wrocław (marked “DPO”).

Privacy Policy of IDENTT Spółka z ograniczoną odpowiedzialnością

  1. The addressees of this privacy policy are exclusively natural persons who contact the Controller by telephone or e-mail, including via a contact form, as well as those entering into cooperation as an external entity.
  2. The controller of personal data is IDENTT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Wrocław, ul. gen. Romualda Traugutta 45, 50-416, entered in the register of entrepreneurs maintained by the DISTRICT COURT FOR WROCŁAW-FABRYCZNA IN WROCŁAW, 6TH COMMERCIAL DIVISION OF THE NATIONAL COURT REGISTER under KRS number: 0000586371 (hereinafter referred to as “IDENTT” or “Controller”).
  3. The Controller may be contacted in writing at: ul. gen. Romualda Traugutta 45, 50-416 Wrocław, by e-mail at: kontakt@identt.pl, or by phone at +48 572 651 741.
  4. The Controller has appointed a Data Protection Officer, who can be contacted by phone at: +48 572 651 741 or by e-mail at: iod@identt.pl.
  5. This Privacy Policy contains information regarding the processing by the Controller of personal data of persons using or representing entities using the services provided by the Controller, including persons visiting the Controller’s websites, in particular the website at https://identt.pl, or the Controller’s social media profiles (hereinafter referred to as “Clients”).
  6. The Controller attaches great importance to the protection of privacy and confidentiality of personal data entered or provided by Clients, and with due diligence selects and applies appropriate technical and organisational measures to ensure the protection of processed personal data.
  7. Full access to databases is granted only to persons duly authorised by the Controller. The Controller protects personal data against being disclosed to unauthorised persons, as well as against being processed in violation of applicable law.
  8. Visitors may browse the websites within the services operated by the Controller without registration and without providing personal data.

Legal bases for the processing of personal data

Personal data is processed by the Controller in accordance with the law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) for the purpose of:

  1. establishing commercial relations, including responding to questions asked in connection with contact by Clients (pursuant to Article 6(1)(f) GDPR as the implementation of the Controller’s legitimate interest);
  2. concluding and performing a contract for the provision of services by the Controller (pursuant to Article 6(1)(b) GDPR);
  3. providing the newsletter service under the terms specified in the newsletter service regulations (pursuant to Article 6(1)(b) GDPR);
  4. fulfilling legal obligations incumbent on the Controller relating to tax and accounting obligations (pursuant to Article 6(1)(c) GDPR in conjunction with tax and accounting regulations);
  5. maintaining social media profiles and informing Clients through them about the Controller’s activities, promoting the brand and services, building and maintaining the community associated with the Controller, as well as communicating through available functionalities (pursuant to Article 6(1)(f) GDPR as the implementation of the Controller’s legitimate interest);
  6. marketing of the Controller’s services (Article 6(1)(a) GDPR – consent);
  7. direct marketing (Article 6(1)(f) GDPR – legitimate interest of the controller);
  8. use of the website and ensuring its proper functioning (Article 6(1)(f) GDPR – legitimate interest of the controller – processing is necessary for purposes arising from the legitimate interests of the Controller, consisting in the operation and maintenance of the website);
  9. conducting statistics and analysing traffic on the website (Article 6(1)(f) GDPR – legitimate interest of the controller – processing is necessary for purposes arising from the legitimate interests of the Controller, consisting in conducting statistics and analysing traffic on the website in order to improve the functioning of the website).

The provision of personal data is voluntary; however, the consequence of not providing the data will be the inability to establish a commercial relationship with the Controller or to use the Controller’s services. Withdrawal of consent prevents the Controller from continuing to provide services. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

Basic principles of personal data processing

  1. The Controller applies the data minimisation principle expressed in the GDPR by processing personal data only to the extent necessary to achieve the purposes for which it is collected. The purposes of collecting Clients’ personal data are clearly defined and have their basis in the law. The Controller does not process personal data in a manner inconsistent with these purposes.
  2. The Controller implements Clients’ rights regarding their personal data in accordance with the law, including ensuring the accuracy of Clients’ personal data and responding without undue delay to any requests for rectification or updating of data.
  3. The Controller limits the storage of personal data in accordance with the law, only to the period necessary to achieve the purposes for which it is collected, unless there are reasons allowing for an extension of the storage period.
  4. If personal data is disclosed to other entities, this is done in a secure manner, contractually secured or otherwise compliant with applicable law. This applies in particular to external processors with whom the Controller cooperates and with whom it concludes a separate personal data processing agreement constituting an annex to the cooperation agreement.

Rights of data subjects

A Client whose personal data is processed by the Controller is entitled to the following rights:

  1. The right of access, rectification, restriction, erasure or portability – the data subject has the right to request from the Controller access to their personal data, its rectification, erasure (“right to be forgotten”) or restriction of processing, and has the right to object to processing, as well as the right to data portability. The detailed conditions for exercising the above rights are set out in Articles 15–21 of the GDPR.
  2. The right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of consent granted (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
  3. The right to lodge a complaint with a supervisory authority – a person whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
  4. The right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of personal data concerning them based on Article 6(1)(e) (public interest or official tasks) or (f) (legitimate interest of the controller), including profiling on the basis of those provisions. In such a case, the Controller may no longer process such personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of legal claims.
  5. The right to object to direct marketing – if personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling, to the extent that the processing is related to such direct marketing.

The exercise of rights may be carried out by sending a message to the e-mail address kontakt@identt.pl indicating the specific request. Additionally, the Client’s first name, last name and e-mail address should be provided, as well as the scope of personal data to which the request relates. The Client also has the right to lodge a complaint with the supervisory authority if they consider that the processing of personal data by the Controller violates applicable law.

Recipients of personal data

  1. Clients’ data may be transferred to entities authorised to receive it under applicable law, including competent judicial authorities.
  2. Personal data may also be transferred to trusted recipients such as carriers, entities providing accounting services, partners providing technical services (development and maintenance of IT systems and websites).
  3. As a rule, personal data is not transferred to a third country or international organisation. However, personal data may be transferred to a third country or international organisation, in particular if it is necessary due to a service commissioned by the Client.
  4. If, as part of processing, personal data is transferred to recipients in third countries (outside the European Economic Area), the Controller verifies whether these entities provide guarantees of a high level of protection of the processed personal data. These guarantees result in particular from the obligation to apply standard contractual clauses adopted by the European Commission. The transfer of data may also take place on the basis of an adequacy decision adopted by the European Commission or on the basis of the explicit consent of the data subject.

Cookies

  1. The Controller uses cookies or similar technologies (hereinafter jointly referred to as “cookies”), which should be understood as IT data, in particular text files, intended for use on the Controller’s websites and stored on the end devices of Clients browsing those websites. Information collected using cookies allows services and content to be adapted to the individual needs and preferences of users and is also used to compile general statistics regarding the use of the websites by users. Data collected using cookies is collected solely for the purpose of performing specific functions for Clients and is encrypted in a manner preventing access by unauthorised persons.
  2. The Controller, as a rule, uses two types of cookies – “session” and “persistent”. Session cookies are temporary files that remain on the user’s device until logging out, leaving the website or switching off the software (web browser). Persistent cookies are files that remain on the user’s device for the time specified in the cookie parameters or until they are manually deleted by the user.
  3. The following types of cookies are used within the Controller’s websites depending on their necessity for the provision of services:
    • essential cookies, enabling the use of services available within the websites operated by the Controller, in particular authentication cookies used for services requiring authentication;
    • security cookies, used in particular for detecting abuses in the field of authentication;
    • performance cookies, enabling the collection of information on how the websites are used;
    • functional cookies, enabling the “remembering” of settings selected by the user and the personalisation of the user interface;
    • advertising cookies, enabling the provision of advertising content tailored to the user’s interests.

Legal basis for the use of cookies

  1. Software used for browsing websites (web browser) usually allows the storage of cookies on the end device by default. A Client browsing the Controller’s websites may independently and at any time change the settings regarding cookies, specifying the conditions for their storage and access by cookies to their device. The above changes to settings may be made by the Client using the web browser settings. These settings may be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform each time cookies are placed on the Client’s device. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings.
  2. Using the websites operated by the Controller without changing the cookie settings means consent to the storage of cookies. The Client may withdraw consent at any time by changing the cookie settings.

Version 1.2 (23.03.2026)

 

GDPR

Information on the processing of personal data by the IDENTT Controller. The controller of your personal data obtained in connection with the conclusion and performance of the contract is IDENTT Sp. z o.o. with its registered office in Wrocław, ul. gen. Romualda Traugutta 45, 50-416 Wrocław, entered in the register of entrepreneurs maintained by the District Court Wrocław-Fabryczna, 6th Commercial Division of the National Court Register, under KRS no. 8982215099, NIP 8982215099, share capital of PLN 5,000 (hereinafter “IDENTT” or “we”).

Direct contact with IDENTT regarding matters related to personal data protection is possible in writing to the registered address of IDENTT.

Data Protection Officer. We have appointed a Data Protection Officer whose duties are performed by Sebastian Stecyszyn. You may contact him via his e-mail address: iod@identt.pl.

Purposes and legal bases for processing. If, when concluding the contract, you act as a representative of an IDENTT counterparty (a member of the management board of a company or a proxy) or you have been indicated as a contact person for the performance of the contract or as a person performing the contract (e.g. as an auditor or controller), IDENTT will process your data (in particular your first name and last name, position, business contact details [e-mail or telephone number]) for the purpose of pursuing its legitimate interest consisting in the proper identification of persons representing the other party to the contract and ensuring the proper performance and execution of the contract concluded with your organisation (Article 6(1)(f) GDPR). In all of the above-mentioned cases, IDENTT may also process your personal data for the purpose of fulfilling legal obligations related to the proper accounting and tax settlement of the concluded contract (Article 6(1)(c) GDPR in conjunction with tax law and accounting regulations). Furthermore, the personal data provided by you will be processed for the purposes indicated below, on the basis of the legitimate interest of IDENTT (Article 6(1)(f) GDPR), which consists in:

  1. storing the contract and other related documents for archiving purposes and ensuring accountability (demonstrating compliance with obligations arising from the law),
  2. pursuing potential claims or defending against potential claims related to the performance of the contract.

Source of data. We have obtained your data from our counterparty, and your employer or principal who is a party to the contract with us, in connection with the performance of that contract, or from the National Court Register.

Data retention period. Your personal data will be processed for the period necessary to perform the contract concluded with our counterparty. If your personal data is no longer required for the purpose of performing contractual obligations arising from the contract with our counterparty and for the purpose of fulfilling our legal obligations, it will be deleted, unless its further processing is required by law.

Recipients of data. The recipients of personal data to whom IDENTT discloses or entrusts personal data may include entities providing advisory, administrative, accounting, HR and IT services to IDENTT.

Your rights. In connection with the processing of your personal data by IDENTT, you have the following rights:

  1. the right to access the content of your personal data, i.e. the right to obtain confirmation whether IDENTT processes data and information about such processing,
  2. the right to rectify data if the data processed by IDENTT is inaccurate or incomplete,
  3. the right to request that IDENTT erase the data,
  4. the right to request that IDENTT restrict the processing of data,
  5. to the extent that IDENTT processes your personal data on the basis of a contract and in an automated manner – the right to data portability,
  6. to the extent that IDENTT processes your data on the basis of a legitimate interest (Article 6(1)(f) GDPR) – the right to object to the processing of personal data by IDENTT,
  7. the right to lodge a complaint with the Polish supervisory authority or the supervisory authority of another European Union Member State competent for your place of habitual residence or work or the place of the alleged infringement of the GDPR.

Automated decision-making and profiling. IDENTT will not use personal data for the purpose of making decisions in an automated manner, including profiling.

Ready to get started? Talk to an expert and get a demo
Get a demo