WRoboCon 2022

PRIVACY POLICY OF NICEPROJECT SP. Z O.O., REGISTERED IN WROCŁAW

I. Policy objectives and data controller

The privacy policy of NiceProject Sp. z o.o., registered in Wrocław (hereinafter: NiceProject), comprises a set of rules and procedures adopted in regard to acquiring and processing personal data. The Policy has been drawn up on the basis of applicable domestic and European (EU) legislation, taking particular account of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR).

Please be advised that this Policy may occasionally be modified or updated. Any updates will be implemented in accordance with the principles related to the security of personal data and current legislation. We recommend reviewing this Policy from time to time in order to monitor modifications made to it.

In accordance with the GDPR, NiceProject is a controller of personal data, i.e. an entity that alone or jointly with others sets the purposes and means of processing personal data. NiceProject is therefore an entity fully responsible for ensuring the security of personal data processed, and protecting the said data from unauthorised use.

In addition to the controller, there may be a so-called processor. We will use this name to refer to any natural or legal person or other body that processes personal data on behalf of the controller, NiceProject.

II. The processing of personal data

Personal data
should be understood as information concerning a person that allows for the said person’s identification, even if in an indirect manner.
The processing of personal data
means an operation or set of operations performed on personal data or sets of such data whether by automatic means (e.g. using computer software) or non-automatic means (e.g. the keeping of written records). Please bear in mind that the processing of personal data also means the collection of these data.

NiceProject processes the following personal data:

  • forename and surname
  • address of residence, domicile and stay
  • PESEL national identification number, NIP tax identification number, REGON business identification number, and series and number of personal identity card
  • bank account number
  • telephone number
  • email address

Because of the specific nature of the services it renders, NiceProject does not process other categories of personal data.

III. Specially protected personal data and children

NiceProject does not intend, within its activities, to process any specially protected personal data, among which we include data revealing racial or ethnic origin, religious or philosophical believes, or trade union membership. Neither do we intend to process genetic data or biometric data for the purpose of explicitly identifying a natural person, or data concerning that person’s health, sex life or sexual orientation. The processing of such personal data is neither purposeful nor in any way justified for the activities conducted by NiceProject.

In situations where the processing of specially protected personal data proves necessary, NiceProject will always do so on one of the following grounds:

  • an obligation or entitlement under applicable law
  • the discovery or prevention of a crime
  • establishing, asserting and defending legitimate claims of NiceProject
  • consent expressly given by the data subject

IV. Acquiring personal data

We obtain personal data solely directly from the data subjects, as follows:

  • in the process of concluding and handling agreements concluded with our employees, collaborators, business partners and counterparties
  • in recruitment processes related to searching for employees, collaborators and business partners, and when determining the terms of their employment or collaboration with them
  • when receiving inquiries via remote means of communication, e.g. by telephone or email
  • while operating the website at www.niceproject.eu when the contact form provided there is used

V. Purposes of processing personal data

We process your personal data that we acquire through, among other things, recruitment processes, the concluding of agreements and their performance, for the following purposes:

  • conducting and handling recruitment processes
  • the conclusion and performance of an agreement between us
  • ensuring the correctness and continuity of the provision of services
  • issuing and receiving invoices and other accounting documents
  • complying with our legal obligations
  • establishing, asserting and defending claims
  • compiling reports, analyses and statistics

VI. Legal grounds for processing personal data

The processing of personal data must take place in accordance with the legislation in force and always be based on lawfully defined grounds for the processing of personal data, which include:

A person’s consent
We can process the personal data of a person who has expressed their consent. Consent also indicates the scope of the processing of the data by defining the purposes of the processing. Consent may be withdrawn at any time. When consent is withdrawn, the controller has to stop processing the personal data embraced by the said consent, unless these data are also being processed on other grounds.
A concluded agreement
Personal data are essential e.g. for concluding an agreement (e.g. when defining the parties to an agreement), and for ensuring the continuity of services provided (e.g. current contact details of the agreement’s parties, and the handling of mutual settlements).
Legal obligation
Applicable legislation may impose an obligation on NiceProject to process personal data for specific purposes anticipated in statutes and other legal acts (e.g. for the detection and prosecution of crimes by the appropriate bodies).
Legally justified interests of NiceProject
NiceProject also processes data when allowed to do so by its legitimate interests used for running, protecting and promoting its activities. Worth pointing out here is that we may only use such grounds in a situation where our interests override the interests and rights of the data subjects (e.g. establishing, asserting and defending claims; brand promotion; or expansion of the scope of activities).
The public interest
NiceProject does not perform tasks carried out in the public interest or participate in the exercising of public authority. Although such grounds do not serve the processing of personal data by NiceProject, we nevertheless inform here of their existence.
Protection of a person’s vital interests
NiceProject does not take measures serving the protection of natural persons’ vital interests. Nevertheless, we point out here that should a special need arise, there also exist such grounds for the processing of personal data.

To summarise the above, NiceProject processes personal data above all on the grounds of consent, agreements, legal obligations and legitimate interests.

VII. Rights of the data subject

Under the GDPR, you have rights that allow you to request the following of us as the data controller:

access to your personal data processed by us:
NiceProject is obliged to answer such questions as: what personal data are processed? On what grounds? For what purpose?
the rectification of personal data in the event of data being inaccurate or other omissions:
Should you notice an error or other inaccuracy in the data processed by NiceProject you have the right to demand the appropriate modification and correction. NiceProject is obliged to carry out such a request immediately.
withdrawal of consent:
If personal data are processed on the grounds of previously granted consent, the person concerned may withdraw their consent for the processing of the said data. The data controller loses the right to process the personal data covered by the consent upon the receipt of a declaration of the consent’s withdrawal. Once again we point out that such a consequence occurs only in relation to data processed solely on the grounds of consent (e.g. it may prove that the data are also processed in connection with the performance of an agreement).
the right to object:
There are two situations in which the data subject has the right to object:
  • when personal data are processed on the grounds of the controller’s legitimate interests
  • when personal data are processed for direct marketing purposes

Exercising the right to object results in the data controller losing the right to process the data in this extent. However, the controller may demonstrate the overriding nature of their interests in the processing of the data in relation to the interests and rights of the data subject.

removal of data (“the right to be forgotten”):
Every data subject has the right to demand the immediate deletion of personal data concerning them. However, such a demand must meet one of the following conditions:
  • the personal data have ceased to be essential for the purposes for which the said data were collected or otherwise processed
  • the data were processed on the grounds of consent of the person who subsequently withdrew their consent the data subject exercised their right to object to the processing of data based on the controller’s legitimate interests, and the controller has not demonstrated their interests as overriding
  • the data were processed in an unlawful manner
  • deletion of the data is a legal obligation
  • limitation of the processing of data: This should be understood as marking personal data with respect to which processing is suspended or deletion is halted depending on the content of the request. This right applies when:
  • the data subject questions the accuracy of the personal data
  • data are processed in an unlawful manner, but the data subject does not want the said data to be deleted the controller no longer needs the data, but they are necessary to the person they concern for the establishing, assertion and defence of claims a person has exercised the right to object in regard to the processing of data on the grounds of the controller’s legitimate interests – until it is established whose interests are overriding
the transfer of data to another controller:
The data subject may, within legally defined limits, request that NiceProject transfer specific personal data to another controller.
lodging a complaint with a supervisory authority:
Every data subject has the right to lodge a complaint with a public body (supervisory authority) regarding what they believe to be irregularities in the processing of personal data by the controller.

VIII. Transfer of personal data

In order to ensure the highest quality of services rendered by NiceProject, and also due to a number of existing legal obligations, your personal data may be transferred to third parties supporting NiceProject in its activities. This group includes the following above all:

  • entities providing accounting and bookkeeping and tax consultancy services
  • entities providing administrative services and services related to human resources (HR)
  • law firms providing us with legal services

IX. Transferring data to other countries and international organisations

The GDPR introduces a uniform personal data protection policy throughout the European Economic Area (EEA). NiceProject does not intend to transfer personal data beyond the EEA or to any international organisations whatsoever. In the event of a change of circumstances, personal data will be transferred solely on the grounds of current legislation, while the data subjects will be informed of this prior to the commencement of the process of transferring the data.

X. Automatic decision-taking

Automatic decision-taking methods are not applied in the services we provide. The automatic taking of decisions is when decisions concerning requests by interested persons are taken without human involvement, on the basis of models and algorithms.

XI. Profiling and direct marketing

NiceProject does not apply the profiling of personal data. We talk of the profiling of data when using algorithms or mathematical models to define customers’ traits, preferences and future behaviours.

XII. The NiceProject website (https://www.niceproject.eu)

Cookies

NiceProject does not use automatic mechanisms, and in particular cookies, in its website www.niceproject.eu for collecting and processing information about how it is used by a user.

What are “cookies”?
Cookies are computer data, in particular in text format, stored on end devices of users and intended for using websites. These cookies enable recognition of the user’s device and the appropriate display of the website tailored to the user’s individual preferences. Cookies usually contain the name of the website they originate from, the duration of their storage on the end device, and a unique number.

Contact Form

The processing of personal data submitted to us via the contact form takes place on the grounds of the consent you give. We need this consent in order to handle the recruitment process, to prepare an offer for you, and to take the preparatory steps for concluding an agreement. From the moment when you are connected to us by an agreement, the basis of the data given in the form changes from consent to agreement. Without the said data it would be impossible for us to provide our services.

XIII. Data Protection Officer

Due to the nature of its activities, NiceProject has not appointed a Data Protection Officer.

XIV. Security, purposefulness and minimising of the processing of personal data

NiceProject has drawn up and implemented appropriate technical and organisational measures designed to ensure the security of personal data and protect it against numerous threats, including: loss, theft, destruction, unauthorised processing, and others. The data processing measures we use serve the principle of purposefulness of processing, according to which personal data is always processed for a specific purpose known to you and, moreover, exclusively for such a purpose. The principle of purposefulness is accompanied by the principle of minimising the processing of data, which requires us to only obtain and process data essential for our activities.

XV. Data retention

As data controller we take all possible measures to ensure that your personal data are processed solely and exclusively for the period when their processing is necessary. We will usually keep the data for the duration of the agreement or until your withdrawal of consent for their processing. There may be times when the data storage period is imposed on us by current legislation. We reserve the right to extend this period in the event of it being necessary to protect our legitimate interests and for establishing, asserting and defending our rights.

XVI. Contact data

The data controller: NiceProject Sp. z o. o. we Wrocławiu ul. Powstańców Śląskich nr 2-4, 53-333 Wrocław e-mail: rodo@niceproject.eu

© Nice Project sp. z o.o. 2023