Privacy Policy
www.folga.com.pl

Dear User!

Your privacy is very important to us and that is why we strive to ensure appropriate privacy and security standards every day. The purpose of this document is to provide you with the most important information about the methods, purposes and principles of processing your personal data by us, which we receive in connection with your use of our website (hereinafter referred to as the Portal).

We assure you that we process your personal data in accordance with the law, including the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, so-called GDPR), including in particular that we process your data for clearly defined purposes and in accordance with those purposes.

§ 1. 

[Personal data administrator]

  1. The controller of your personal data is FOLGA Spółka z ograniczoną odpowiedzialnością (formerly: FOLGA SA) with its registered office in Toruń (87-100) at ul. Grudziądzka 110 – 114/304, entered into the register of entrepreneurs of the National Court Register maintained by the District Court in Toruń, 7th Commercial Division of the National Court Register under the number: 1142532, using the Tax Identification Number (NIP): 9562344169 and the Regon number 38228625600000.
  2. The Company has appointed a Data Protection Officer, whom you can contact in one of the following ways: 
    1. electronically – by sending a message to the e-mail address: iod@must-consulting.pl,
    2. using the contact form available on the Portal or
    3. traditionally – by sending a letter to our address indicated above.
  3. The Company makes special efforts to protect the privacy of Users by carefully selecting and applying appropriate technical measures, including IT and organizational measures, ensuring the protection of processed data, in particular protecting data against making it available to unauthorized persons, disclosure, loss and destruction, unauthorized modification, as well as against its processing in violation of applicable laws.

§2.

[Scope of application]

  1. The provisions of this Policy apply to all – current, former and future Users of the website,
  2. The Company reserves that the content contained on the website is not directed at Users under 16 years of age and therefore any personal data of such Users are not collected by the Company intentionally.

§3.

[Scope, purpose and duration of processing]

The table below presents the scope, purpose and duration of processing of Users’ personal data and the legal basis for each data processing process.

Data CategoryPurpose of processingData typeLegal basisProcessing time
Functional and analytical dataWe collect this data to continually improve and develop the website by analysing how you use it. 
In particular, this will include data such as the history of browsing the website and the manner of browsing it.Art. 6 sec. 1 lit. a GDPRUntil cookies are deleted, but no longer than for a period of 1 year from the date of entering the website.
Device and network informationWe collect this data to ensure the security and proper functioning of the Portal.This will include information about your device (such as IP address, location, device name, and its software) and network data, including the type of connection used, performance data, and cookies.Article 6, section 1, letter f of the GDPRWhen you use the Portal.
Contact detailsWe collect this data in order to respond to your message sent using the contact form provided on the Portal.This will primarily be your email address, but if you choose traditional correspondence, it will be your delivery address or telephone number.Article 6, section 1, letter f of the GDPRFor a period of 30 days from the date of response to your message, but no shorter than the period of e-mail correspondence.
Contact and marketing informationWe collect this data for the purpose of sending the newsletter and commercial information.This will be your identification data (name and surname) and contact data (e-mail address).Art. 6 sec. 1 lit. a GDPRUntil consent is withdrawn.
Data
Analytical and marketing		This data is used to analyze how our website is used, as well as for advertising purposes (learning about users' needs and personalizing their experience and displaying appropriate advertisements)This will be data primarily for the purpose of researching the behavior of website users and analyzing this behavior. . In the case of Google Analytics, this will also be approximate geolocation data, browser version, device model, device brand, operating system version, screen resolution, platform version.Art. 6 sec. 1 lit. a GDPRThe data will be stored for a period of 12 months, but no later than until the consent is withdrawn.

§4. 

[Disclosure of personal data]

  1. The Company declares that the personal data of Users will be made available to entities with which the Company cooperates within the scope of the Portal's activities. In particular, these will be:
    1. accounting and administrative services provided by MKG Consulting Sp. z o. o. with its registered office in Toruń (KRS 730214)
    2. hosting services provided by cyber_Folks SA based in Poznań,
    3. analytical services provided by Microsoft Ireland Operations Limited and Microsoft Corporation based in the United States of America,
    4. analytical and marketing services provided by Google Ireland Limited and Google LLC, as well as Meta Platforms Inc. based in the United States of America and Meta Platforms Ireland Ltd in Ireland,
    5. marketing services provided by Meta Platforms Inc. based in the United States of America and Meta Platforms Ireland Ltd in Ireland.
    6. electronic message sending services provided by Getresponse SA based in Gdańsk.
  2. The Company may also transfer your data to Folga OUT Sp. z o. o. with its registered office in Toruń (KRS 1060240), with which the Company is personally related, in order to respond to your inquiry about an offer for a process outsourcing service or an inquiry about a job offer for people seeking employment.
  3. Users’ personal data may also be made available to entities other than those indicated in paragraphs 1 and 2 above, provided that this is necessary to ensure the proper functioning of the Portal.
  4. In cases specified in applicable law, Users’ personal data may be made available to public authorities or judicial authorities.
  5. The Company undertakes to provide the User with an up-to-date list of entities to which his/her personal data is made available, at each User's request.
  6. The User acknowledges that: a) Meta, Google and third parties may use cookies cookies, web beacons and similar technologies to collect or receive information from the website and elsewhere on the internet and use it to provide measurement, targeting and advertising delivery services, b) you may opt out of the collection and use of the information referred to above for ad targeting in your browser settings and you may also use the following choice sites: http://www.aboutads.info/choices and http://www.youronlinechoices.eu/.

§5.

[Transfer of personal data outside the EEA and to international organisations]

  1. In connection with the Company's use of services of entities with headquarters, establishments, data centers or subcontractors in countries outside the European Economic Area, Users' personal data may be transferred to third countries within the meaning of the GDPR. For example, such data transfer occurs within the framework of services provided by Microsoft Corporation, Google LLC and Meta Platforms Inc. with headquarters and servers in the United States of America.
  2. In each case referred to in paragraph 1 above, such transfer shall take place in accordance with the provisions of the GDPR and on the principles provided for therein. In particular, on the basis of decisions of the European Commission establishing an adequate level of data protection in a given third country, including the decision of the European Commission of 10 July 2023 establishing an adequate level of protection of personal data ensured by the so-called EU – US Data Privacy Framework, which regulates the exchange of personal data between EOP and the United States of America, with Google LLC and Meta Platforms Inc. being participants in the program Data Privacy Framework Program. For Microsoft Clarity, Microsoft uses Standard Contractual Clauses in its agreement with Microsoft Ireland Operations Limited.
  3. Users' personal data will not be transferred to international organizations.

§6.

[Rights of data subjects]

  1. In connection with our processing of your personal data, you have the following rights:
    1. the right to access data – which means a request to provide you with information about what of your data is processed by us and how it is done,
    2. the right to request the rectification or supplementation of your data,
    3. the right to request the restriction of the processing of your data – in certain cases, pursuant to Article 18 of the GDPR, you may request that we limit the processing of your personal data,
    4. the right to request the transfer of your personal data,
    5. the right to object to further processing of your personal data – when filing an objection, you must indicate how your specific situation prevents us from processing your personal data.
  2. the right to access data – which means a request to provide you with information about what of your data is processed by us and how it is done,
  3. the right to request the rectification or supplementation of your data,
  4. the right to request the restriction of the processing of your data – in certain cases, pursuant to Article 18 of the GDPR, you may request that we limit the processing of your personal data,
  5. the right to request the transfer of your personal data,
  6. the right to object to further processing of your personal data – when filing an objection, you must indicate how your specific situation prevents us from processing your personal data.
  7. In addition, if the User finds that the Company processes his/her personal data in breach of the provisions of the GDPR, he/she may file a complaint with the President of the Personal Data Protection Office.
  8. Each of the above-mentioned rights may be exercised by the User in one of the ways indicated in § 1 section 2 of the Policy.
  9. If you believe that the Company is processing your personal data unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

§7.

[Voluntary provision of personal data]

The User acknowledges that they provide personal data on a completely voluntary basis, but failure to provide personal data may make it impossible (e.g. in the event of failure to provide an e-mail address in the contact form, failure to consent to cookies) or make it difficult to use the Portal.

§8.

[File Information cookies]

  1. By using Our website, you accept Our use of so-called cookies. They usually contain the domain name of the website from which they originate, the time they are stored on the device and a unique number. These files do not identify the user and it is not possible to determine your identity based on them. However, these files allow you to determine your habits and preferences.
  2. Web browsers usually allow information to be stored in cookies by default. However, you can change this at any time from your browser. Comprehensive information is available in the settings:

§9. 

[Policy Changes]

The current Privacy Policy is effective from 18/02/2025. The Company reserves the right to change the Policy at any time. Any changes will be published on the Portal and will be effective in the future. 

Principles of personal data processing by FOLGA Sp. z o. o. in Toruń

Who is the administrator of your personal data?FOLGA Spółka z ograniczoną odpowiedzialnością with its registered office in Toruń (87-100) at ul. Grudziądzka 110-114, entered into the register of entrepreneurs of the National Court Register maintained by the District Court in Toruń, 7th Commercial Division of the National Court Register under the number: 1142532, using the Tax Identification Number (NIP): 9562344169 and the Regon number 382286256, e-mail address biuro@folga.com.pl, hereinafter referred to as FOLGA.
What are the purposes and basis of our processing of your personal data?          Depending on the processing context, we collect and process personal data for the purposes
Job candidatesWe collect and process your personal data for the purposes of: conducting the recruitment process for a vacant position at FOLGA based on art. 6 sec. 1 letter c of the GDPR in connection with the provisions of the Labor Code, and in the scope of data provided voluntarily – based on art. 6 sec. 1 letter a of the GDPR,conducting the recruitment process for a vacant position at FOLGA's contractor (the user's employer), based on art. 6 sec. 1 letter bw in connection with art. 6 sec. 1 letter a of the GDPR,sharing your personal data with other entities from the FOLGA Group in order to take part in the recruitment process conducted by that entity, based on art. 6 sec. 1 letter a of the GDPR,legitimate purposes of FOLGA, i.e. in order to share your personal data for the purposes of presenting your data to potential employers users, based on art. 6 sec. 1 letter f of the GDPR.
ContractorsWe collect and process your personal data for the purposes of: executing the contract concluded with FOLGA and taking actions prior to its conclusion, on the basis of art. 6 sec. 1 letter b of the GDPR, related to the implementation of obligations arising from legal provisions, including in particular accounting regulations, on the basis of art. 6 sec. 1 letter c of the GDPR, related to the legitimate interests of FOLGA, i.e. for analytical purposes, but also for the purposes of implementing FOLGA's image or marketing policy and to ensure the safety of property and people, including IT security, on the basis of art. 6 sec. 1 letter f of the GDPR.
Employees and collaborators of contractorsWe collect and process your personal data in the legitimate interests of FOLGA, i.e. in order to perform the contract between FOLGA and a given contractor or to establish such cooperation, pursuant to Article 6 paragraph 1 letter f of the GDPR.
Who can we share your personal data with?Your data may be transferred to entities whose services we use within the scope of FOLGA's business. In particular, these will be entities providing accounting, HR, IT, banking, postal and legal services. Your data will also be transferred to other entities from the FOLGA Group, if you consent to this. At your request, we will provide information on the entities to which your personal data is made available.  
Do we transfer your personal data to third countries or international organizations?In connection with FOLGA's use of various IT and electronic services provided by entities with their registered offices or establishments in third countries, your data may also be transferred to other third countries. These will be in particular the United States of America, where entities such as Google, Microsoft, ZOOM and others are headquartered. FOLGA takes the necessary measures to ensure adequate protection of your data, and the providers of these services ensure that in the event of data being transferred to third countries, such transfer takes place on the basis of mechanisms permitted by the GDPR, including in particular on the basis of the decision of the European Commission of 10 July 2023 stating the adequate level of protection of personal data provided by the so-called EU - US Data Privacy Framework. Your personal data is not and will not be transferred to international organizations.
How long do we store your personal data?Your personal data will be stored by FOLGA for a period of 6 years from the end of the calendar year in which the cooperation ended, unless the law provides otherwise. After this period, they will be deleted.
What are your rights in relation to the processing of your personal data by FOLGA?In connection with the processing of your personal data by FOLGA, you have the following rights: the right to access the content of your data, the right to rectify or supplement it, the right to request that FOLGA delete this data, unless there are grounds for its further processing, the right to request that FOLGA restrict the processing of your data, to the extent provided for in the GDPR, the right to transfer your data in a commonly used format, provided that the processing is carried out in an automated manner based on your consent, the right to object to the further processing of your data by FOLGA, the right to withdraw consent to the processing of your data, which you provided voluntarily based on consent.
How can you exercise your rights?You can exercise your rights by sending an appropriate request: in writing to the FOLGA address or in electronic form to the FOLGA e-mail address.
Do you have the right to complain to the President of the Personal Data Protection Office?You have the right to file a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data by FOLGA Sp. z o. o. violates the GDPR.
Does FOLGA use profiling?We automatically process your personal data in order to determine which position with our contractor would be most advantageous for you.
Do you have the right to withdraw your consent to the processing of personal data?You may withdraw your consent to the processing of your personal data by FOLGA at any time, which we process based on consent. However, withdrawing consent does not affect the lawfulness of the processing of such data before its withdrawal. You can make a declaration of withdrawal of consent by sending such a request: in writing to the FOLGA address or in electronic form to the FOLGA e-mail address.
  Is providing personal data voluntary?  Providing personal data is voluntary and is a contractual requirement, however failure to provide the requested data may make it difficult or impossible to conclude or perform the contract.