§ 1 General provisions

1. This document constitutes the Privacy Policy, which specifies the rules for the functioning of the website and the principles regarding the processing of personal data.
2. In order to ensure the integrity and confidentiality of data, the DataController has implemented procedures that allow access to data only to authorized persons and only to the extent necessary for the tasks performed by them. The Data Controller employs organizational and technical solutions to ensure that all operations on personal data are logged and performed only by authorized individuals. 

§ 2 Data Controller

1. The Administrator of personal data is Mindz IT Sp. z o.o. Sp. komandytowa with its registered office in Wrocław, Skarbowców 23a, 53-025 Wrocław, entered into the Register of Entrepreneurs kept by the District Court for Wrocław-Fabryczna in Wrocław, the 9th Commercial Department of the NationalCourt Register under the KRS number: KRS [National Court Register No.]:0000657771, NIP [Tax Identification Number]: 8992806123, REGON [NationalRegistry of Economic Units]: 366310381.
   
2. The Personal Data Controller may be contacted as follows:
   - by email: office@mindz.it,
   - by mail at the address: Mindz IT Sp. z o.o. Sp. k., Skarbowców 23a,53-025 Wrocław, Poland.

§ 3 Processing of Personal Data

1. Purposes, legal basis and data retention period:
   - to handle inquiries sent via the contact form, which is the DataController’s legitimate interest in responding to requests sent via the contact form, (legal basis: Article 6 (1) (f) of the GDPR), for the duration of the correspondence,
   - to pursue claims or defend against claims, which is the legitimate interest of the administrator (legal basis: Article 6 (1) (f) of the GDPR), fora period corresponding to the period of limitation of claims,
   - in connection with maintaining a profile on LinkedIn for informing Users about the Data Controller's activities and promoting services, as well as communicating with Users through functionality available on LinkedIn. The legal basis for processing personal data of Users visiting the Data Controller's profile on LinkedIn is the legitimate interest of the Data Controller in promoting its own brand, building, and maintaining a community associated with the brand(legal basis: Article 6(1)(f) of the GDPR). We process the data for a period enabling the pursuit of our legitimate interests or until an effective objection to data processing is raised,
   - to pursue claims or defend against claims, which constitutes the legitimate interest of the Data Controller (legal basis: Article 6(1)(f) of theGDPR), for a period corresponding to the statute of limitations for claims.
   
2. The Data Controller may process the following personal data: first name, last name, email address, phone number, company name, tax identification number (NIP).
3. Providing personal data is voluntary, but it may be necessary in the case of inquiries made through the contact form. The scope of required data is indicated in the contact form. Failure to provide personal data may result in the inability to effectively perform the above activity.

§ 4 Data recipients

1. The Data Controller does not disclose personal data to other entities, with the exception of state authorities, in particular the Police, the PublicProsecutor's Office, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection, and theNational Tax Administration authorities.
   
2. In addition, personal data may be disclosed to processors on behalf of and on behalf of the Data Controller, on the basis of the concluded contract for entrusting the processing of personal data, in order to provide services specified in the contract to the DataController.
3. The Data Controller uses only the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.

§ 5 Rights of Data Subjects

1. Each person whose data is processed has the right to:
   - access – obtain confirmation from the data controller whether their personal data is being processed (Article 15 of the GDPR),
   - rectify – request the rectification of their inaccurate personal data or the completion of incomplete data (Article 16 of the GDPR),
   - delete data – request deleting of their personal data if the data controller no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR),
   - limit processing – request the limitation of processing of their personal data (Article 18 of the GDPR) when:
      · the accuracy of the personal data is contested by the data subject, for a period enabling the data       controller to verify the accuracy of the data,
      · the processing is unlawful, and the data subject opposes the erasure of the data and requests the       restriction of their use instead,
       · the data controller no longer needs the data, but they are required by the data subject for the       establishment, exercise, or defense of legal claims,
       · the data subject has objected to the processing pending the verification of whether the legitimate       grounds of the data controller override those of the data subject,
   - transfer data – receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller where the processing is based on consent or a contract and is carried out by automated means (Article 20 of the GDPR),
   - object – object to the processing of their personal data for legitimate purposes of the data controller, including profiling, on grounds relating to their particular situation (Article 21 of the GDPR),
   - withdraw consent at any time and without giving a reason if the data subject has previously given consent to the processing of their personal data.
   
2. In order to exercise the aforementioned rights, the data subject should contact the Data Controller and inform the Data Controller of which right, to what extent, the data subject wishes to exercise.
3. Requests regarding the exercise of data subjects' rights can be submitted via email: office@mindz.it or in writing to the address: Mindz IT Sp. z o.o. Sp. komandytowa, Skarbowców 23a, 53-025 Wrocław, Poland.
4. If, upon receipt of the request, the DataController is unable to determine the content of the request or identify the requester based on the notification made, the Data Controller will request additional information from the requester.
5. A response to the request will be provided within one month from the date of its receipt. If an extension of this period is necessary, the data controller will inform the requesting person of the reasons for such an extension. The response will be sent to the email address from which the request was sent, and in the case of requests submitted in writing, the response will be sent by registered mail to the address indicated by the requesting person, unless the content of the request indicates a request for feedback to be sent to an email address.

§ 6 Right to Lodge a Complaint with the Supervisory Authority

1. The data subject has the right to lodge a complaint with the supervisory body dealing with the protection of personal data, which in Poland is thePresident of the Personal Data Protection Office with its seat in Warsaw, Stawki 2, 00-193 Warszawa.
   
2. Contact with the President of the Personal Data Protection Office is possible:
   - by mail: Biuro Prezesa Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa,
   - through the electronic submission mailbox available on the website: https://www.uodo.gov.pl/pl/p/kontakt,
   - by phone (the Office Infoline): 606 950 000.

§ 7 Transfer of Data to Third Countries (outside the European Economic Area)

1. The data subject has the right to lodge a complaint with the supervisory body dealing with the protection of personal data, which in Poland is the President of the Personal Data Protection Office with its seat in Warsaw, Stawki 2, 00-193 Warszawa.
2. The data controller, using tools that support its current operations, provided, for example, by Google, may transfer personal data to a country outside the European Economic Area where the collaborating entity maintains tools for processing personal data in cooperation with the data controller. In such cases, the data controller applies compliance mechanisms provided for in the GDPR, including the standard contractual clauses established by the European Commission.
   

Cookies Policy

§ 1 Cookies

1. The website utilizes the operation of cookies. Cookies are small text files that are stored by the ICT system on the User's ICT system (computer, phone, tablet) while browsing the website, allowing for the subsequent identification of the user upon reconnecting to the website from the device (e.g., computer, phone, tablet) on which they were stored. These files are intended to ensure the proper functioning of the Website.
   
2. Each person visiting the Website has the option to choose the scope of cookie technology usage and give their corresponding consent. Depending on the chosen scope of cookie usage, data about the visitor's activities on the Website may be collected through cookies.
3. The cookies used by the website are not harmful to the visitor or the end device used by the visitor.

§ 2 Types of Cookies Used

1. The website uses two types of cookies:
   - Session cookies – these are stored on the user's device and remain there until the end of the browser session. The stored information is permanently deleted from the device's memory at that point. The session cookie mechanism does not allow for the retrieval of any data or confidential information from the User's device,
   - Persistent cookies – these are stored on the User's device and remain there until they are deleted. Ending the browser session or turning off the device does not remove them from the user's device. The persistent cookie mechanism does not allow the collection of any data or confidential information from the User's device.
   
2. The website uses the following types of cookies:
   Essential cookies (4) ­– necessary for the functioning of the Website, such as browsing theofferings, logging into an account, and placing orders. The Website cannotfunction properly without these cookies.
   ‍

1. Statistical cookies (4) ­– enable the Administrator to understand how differentUsers behave on the website by collecting and reporting anonymous information, utilizing tools provided by Google Analytics among others.
   ‍

1. Marketing cookies (2) ­– used to track Users on the website. The goal isto display ads that are relevant and interesting to individual users, thereby being more valuable to third-party publishers and advertisers of the website.
   ‍

3. The Administrator utilizes Google Analytics services provided by Google Ireland Limited. These services help the Administrator gather statistics and analyze traffic on the website. The collected data is processed within the scope of these services to generate statistics that enable proper administration of the website. By using these services, the Administrator collects data such as the sources of website visitors, their behavior on the website, information about the devices and browsers used to access the website, IP and domain information, geographical data, and demographic data (age, gender).
   

§ 3 Social Media Tools

1. The Website uses social media plugins from social networking services, which may result in the placement of cookies from other entities on the user's device, particularly from platforms such as LinkedIn.
   
2. LinkedIn – The Administrator utilizes social media plugins from the Linkedin.com service on the website. If a user is logged intoLinkedIn and visits the website https://mindz.it, LinkedIn may directly associate the visit to the https://mindz.it website with the user's LinkedIn profile. Please refer to LinkedIn's Privacy Policy for more information.
   

§ 4 Managing Cookies

1. 1.  The functioning of cookies can be modified by managing the scope of cookie technology usage and expressed consent within the settings on the website (depending on the tools implemented by theAdministrator or by adjusting the settings of the internet browser). When using internet browser settings, the method of deleting cookies may vary depending on the specific browser used. Detailed information about the possibilities and methods of handling cookies is available in the help section of the specific internet browser used by the user. Nonetheless, if the use of cookies is uncomfortable for any reason for the visitor of the website, the Administrator reminds that it is possible to opt-out of cookies and prevent the internet browser from storing them.
   
2. During the first visit to the website, it is possible to configure cookie preferences by clicking on the Change settings button located on the banner containing information about cookies. Clicking on the Change settings button will redirect to a page where personal preferences can be configured.
   
3. 1.  Restricting the use of cookies on a device for cookies aimed at facilitating or enhancing the use of the website may impact the proper functioning of the website. For example, in some cases, it may significantly hinder the user experience on the website.