Privacy Policy

PERSONAL DATA PROTECTION STATEMENT

Wherever Certiget processes personal data, such processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), for the purposes set out in this Data Protection Statement and any additional privacy information we may provide when collecting data.

DATA CONTROLLER

The controller of personal data is Certiget sp. z o.o., with its registered office in Warsaw, ul. Sarmacka 20a/14, 02-972, entered in the Register of Entrepreneurs maintained by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register under KRS number 0001060298, NIP: 9512578741, REGON: 526478579.

You may contact the data controller (Certiget) by:

  • writing to the address: Certiget sp. z o.o., ul. Sarmacka 20a/14, 02-972 Warsaw
  • email: [email protected]
  • Depending on how you use the www.certiget.pl and www.certiget.eu websites and the scope of your consents and interactions, your personal data may be processed for the following purposes:
  • to establish contact, provide the service of offer collection, comparative offer analysis and additional support (legal basis – Article 6(1)(b) GDPR),
  • to establish contact and publish an opinion on the profile of a certification body (legal basis – Article 6(1)(b) GDPR),
  • for analytical and statistical purposes (legal basis – Article 6(1)(f) GDPR),
  • for marketing purposes (including newsletter distribution) and to receive commercial information to the provided email address (legal basis – Article 6(1)(a) GDPR),
  • to fulfil legal obligations imposed on the controller (legal basis – Article 6(1)(c) GDPR).

In order to provide our services, it is necessary for you to provide us with personal data that are required or legally mandatory, to initiate, maintain, and conclude business relationships, and fulfil our contractual obligations. Failure to provide the required data will prevent the conclusion and execution of the contract.

2. Categories of Personal Data Processed

We process the following categories of data necessary for providing our services:

data provided by the User – first name, last name, email address, phone number, NIP (tax ID), REGON (statistical number), company name, street address, city, country, and information about the company related to the scope and pricing of implementation and certification.

We process personal data in accordance with the GDPR and all other applicable laws. There may be additional processing contexts not listed in this Privacy Statement – if legally required, we will provide you with specific information in such cases.

3. Sources of Personal Data

Personal data may originate from the following sources:

  • completed contact forms on www.certiget.pl or forms filled out during a meeting with a Certiget representative,
  • phone conversations, email correspondence, or other communication channels used by Certiget for service delivery,
  • from another person who, with the user’s consent, has provided data for Certiget services,
  • from publicly available sources (e.g., industry directories, contact details on websites or professional networks).

4. Data Retention Period

Your personal data are stored as long as necessary to fulfil our contractual and legal obligations, or as long as we can demonstrate a legitimate interest. If processing is based on your consent, the data will be processed until such consent is withdrawn. Where the legal basis is contract execution, data are stored for the contract duration and afterward for the statute of limitation period of mutual claims.

Once we can no longer justify data processing, the data will be deleted unless retention is required for a limited time (e.g., for legal, tax, or statute of limitation purposes).

Data will be deleted after the service is completed or the request fulfilled, once the matter is resolved and there are no legal obligations to retain them. Where consent is the basis, data will be processed until the goal is achieved or consent is withdrawn.

6. Rights of the Data Subject

Subject to applicable conditions, users have the following rights under the GDPR:

  • right to access data (Article 15 GDPR),
  • right to rectify inaccurate data (Article 16 GDPR),
  • right to erasure of data (Article 17 GDPR),
  • right to restrict data processing (Article 18 GDPR),
  • right to data portability (Article 20 GDPR),
  • right to object to data processing (Article 21 GDPR),
  • if processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing before its withdrawal (Article 7(3) GDPR),
  • right to lodge a complaint with a supervisory authority (Article 77 GDPR) if data processing violates GDPR provisions.

Consent can be withdrawn by clicking the unsubscribe link in an email, sending an email to [email protected] with the subject "Withdrawal of consent for data processing" (the email address used must match the one previously provided), by post to the address above, or in person at our office.

7. Supervisory Authority

The competent supervisory authority for lodging complaints under the GDPR is:

President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, Poland, email: [email protected]

8. Recipients of Personal Data

Personal data may be shared with entities that maintain confidentiality and comply with data protection regulations:

  • certification bodies, training providers, and consulting firms cooperating with Certiget to deliver services related to certification, implementation, and training,
  • service providers and entities acting on behalf of Certiget, including companies in IT, accounting, banking, telecommunications, consultancy, sales, and marketing sectors,
  • authorities entitled by law to access personal data.

9. Automated Decision-Making

We do not use fully automated decision-making as defined by Article 22 of the GDPR. Personal data are not subject to automated decisions. We use analytics tools to inform and tailor recommendations about our offerings. These tools allow us to communicate and advertise according to client needs, including market and opinion research.

If the user consents, this website uses Google Analytics, a web analytics service provided by Google LLC.

10. Social Media Buttons

Certiget websites may use buttons for the following social media platforms:

  • Meta Platforms – Meta Platforms Ireland Limited, 1601 S. California Ave, Palo Alto, CA 94304, USA
  • LinkedIn – LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
  • YouTube – YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA

These buttons display the logos of respective social networks. They are not standard plugins but links with icons. They are only activated when clicked.

Upon clicking, we have no control over the data collected and processing activities. We are not responsible for such processing and are not the "data controller" under GDPR. We are unaware of the full scope, legal basis, purposes, or retention periods. Therefore, the information provided here may be incomplete.

11. Cookies and Similar Technologies

Certiget places and accesses cookies and similar technologies on users' devices (e.g., laptops, smartphones, computers, TVs).

What are cookies?

Cookies are text files stored on a user’s device when visiting a website. They contain the domain name, duration of storage, and a unique identifier. Cookies often store necessary website functions and may include a unique ID without directly identifying a person. Most browsers allow cookies to be set or blocked.

Types of cookies we use:

By duration:

session cookies – temporary, deleted after leaving the site or closing the browser,

persistent cookies – stored until a defined expiration date or manual deletion.

By purpose:

essential cookies – required for authentication,

security cookies – used to detect abuse,

functional cookies – remember settings and personalize the interface,

statistical cookies – collect website/app usage statistics.

Why do we use cookies?

To provide high-quality services and user experience.

Browser settings:

Most browsers allow you to:

accept cookies to enable full website features,

manage cookies per website,

define settings for different cookie types,

block or delete cookies.

Consent for data collection:

By using our website, you consent to Certiget processing your personal data collected during visits, including data in cookies. Consent is voluntary and can be withdrawn at any time by contacting Certiget.

12. Amendments to the Privacy Policy

We reserve the right to amend this Privacy Policy in accordance with applicable data protection regulations and to adjust it as necessary to reflect changes in data protection practices. We will inform users about material changes separately.

Privacy Policy Version 3, Approved on 21/07/2024