Privacy Policy

Privacy Policy

  1. Who We Are
  2. What Data We Collect
  3. How We Use Your Data
  4. Where We Obtain Your Data
  5. Who We May Share Your Data With
  6. How Long We Keep Your Data
  7. Your Rights
  8. Do We Transfer Data Outside the European Union?
  9. Cookies and Analytics Technologies
  10. How to Contact Us
  11. Changes to This Privacy Policy
  12. Who We Are

 

1. Who We Are

The controller of your personal data is Certiget sp. z o.o., with its registered office in Warsaw (02-972), Poland, at ul. Sarmacka 20A/14, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0001060298, VAT ID (NIP) 9512578741 (hereinafter referred to as “Certiget”, “we”, “us” or the “Controller”).

Certiget is an independent platform that supports organisations in selecting certification bodies, comparing certification offers, obtaining information about certification bodies, and accessing services related to management systems, including consulting, implementation and training services.

You can contact us using the following details:

E-mail: [email protected]

Telephone: +48 797 123 382

Contact form: https://certiget.pl/kontakt

The Controller has assessed its obligation to appoint a Data Protection Officer in accordance with Article 37 of Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”). As of the publication date of this Privacy Policy, Certiget is not required to appoint a Data Protection Officer.

If you have any questions regarding the processing of your personal data or wish to exercise your rights, please contact us using the contact details provided above.

 

2. What Data Do We Collect?

The scope of personal data we collect depends on how you use our websites, forms and services.

We only collect data that is necessary for specific purposes and do not require information that is not needed to provide our services.

When You Contact Us

If you contact us via our contact form, e-mail or telephone, we may process:

  • your name and surname,
  • e-mail address,
  • telephone number,
  • organisation name,
  • the content of your message and any information you provide during our communication.

When You Use Our Certification Offer Comparison Service

If you use our certification offer comparison form or request us to obtain offers from certification bodies on your behalf, we may process:

  • your name and surname,
  • e-mail address,
  • telephone number,
  • job title,
  • organisation name,
  • organisation address,
  • information about your organisation's activities,
  • information regarding planned or existing certifications,
  • other information necessary to obtain offers or carry out the comparison process.

When You Use Consulting, Implementation or Training Services

Depending on the scope of the service provided, we may process:

  • contact details of individuals involved in the project,
  • training participants' details,
  • information relating to the client organisation,
  • information necessary to deliver the service.

When You Publish a Review

If you publish a review relating to a certification body or another organisation presented by Certiget, we may process:

  • your name and surname or review author name,
  • e-mail address used to verify the review,
  • review content,
  • review rating.

Your e-mail address is not published and is used solely for the administration and verification of reviews.

When You Subscribe to Our Newsletter

If you subscribe to our newsletter, we process:

  • your e-mail address.

When You Represent a Certification Body or a Certiget Partner

We may process:

  • your name and surname,
  • job title,
  • e-mail address,
  • telephone number,
  • organisation details,
  • information relating to services offered, accreditations and certifications.

When You Use Our Websites

When you use certiget.pl or certiget.eu, certain technical information may be collected automatically, including:

  • IP address,
  • device type,
  • web browser type,
  • operating system,
  • website activity data,
  • information stored through cookies and similar technologies.

Further information regarding cookies and analytics technologies can be found in the section "Cookies and Analytics Technologies".

 

3. How We Use Your Data

We process your personal data only when it is necessary to provide our services, fulfil our legal obligations, or operate and develop the Certiget platform.

Below, we explain the purposes for which we process personal data and the legal basis for such processing.

Handling Enquiries and Communication

If you contact us via our contact form, e-mail, telephone or other communication channels, we use your data to:

  • respond to your enquiry,
  • communicate with you,
  • provide information about our services,
  • take steps prior to entering into a contract.

Legal basis: Article 6(1)(b) GDPR (taking steps at the request of the data subject prior to entering into a contract) and Article 6(1)(f) GDPR (our legitimate interest in handling correspondence and communicating with users).

Comparing Certification Offers and Obtaining Quotations

If you use Certiget's services related to obtaining or comparing certification offers, we use your data to:

  • analyse your organisation's needs,
  • identify suitable certification bodies,
  • prepare comparison reports,
  • obtain certification quotations,
  • negotiate certification terms and conditions,
  • support the selection of a certification body.

As part of this service, we may share necessary information with certification bodies in order to obtain quotations or facilitate the certification process.

Legal basis: Article 6(1)(b) GDPR (performance of a contract or taking steps prior to entering into a contract).

Delivery of Consulting, Implementation and Training Services

If you use consulting, implementation or training services provided by Certiget or its partners, we use your data to:

  • prepare proposals and quotations,
  • deliver projects,
  • organise training courses,
  • communicate regarding service delivery,
  • issue training attendance confirmations or certificates.

Legal basis: Article 6(1)(b) GDPR.

Publishing and Verifying Reviews

If you publish a review regarding a certification body or another organisation presented by Certiget, we use your data to:

  • publish the review,
  • present ratings and user experiences,
  • verify the authenticity of reviews,
  • prevent abuse and fraudulent activity.

Legal basis: Article 6(1)(b) GDPR (provision of the review publication service) and Article 6(1)(f) GDPR (our legitimate interest in maintaining the credibility and reliability of reviews published on our platform).

Maintaining the Certification Body Directory

We operate a directory of certification bodies that provides information about organisations active in the certification market.

For this purpose, we may process professional and business contact details of individuals representing certification bodies, obtained either directly from those organisations or from publicly available sources.

Legal basis: Article 6(1)(f) GDPR (our legitimate interest in maintaining, developing and improving the certification body directory).

Marketing and Newsletter Communications

If you consent to receiving marketing communications, we may use your e-mail address to:

  • send newsletters,
  • provide information about Certiget services,
  • inform you about new features, reports, training opportunities and events.

Legal basis: Article 6(1)(a) GDPR (your consent).

You may withdraw your consent at any time.

Compliance with Legal Obligations

In certain circumstances, we are required to process personal data in order to comply with legal obligations, including obligations arising from tax, accounting and other applicable laws, as well as for the establishment, exercise or defence of legal claims.

Legal basis: Article 6(1)(c) GDPR.

Website Analytics and Service Improvement

We may use information relating to the use of our websites in order to:

  • analyse website traffic,
  • improve website functionality,
  • ensure security,
  • develop and improve our services.

Where required by applicable law, such activities are carried out only after obtaining the user's appropriate consent.

Legal basis: Article 6(1)(f) GDPR and, where applicable, user consent for cookies and similar technologies.

 

4. Where We Obtain Your Data

In most cases, we obtain personal data directly from you.

This may occur through:

  • forms available on certiget.pl and certiget.eu,
  • communication by e-mail,
  • telephone contact,
  • subscribing to our newsletter,
  • publishing reviews,
  • using our certification, training or implementation-related services.

Data Provided by Organisations

In certain cases, your personal data may be provided to us by the organisation you represent, where this is necessary for the delivery of services provided by Certiget, such as:

  • obtaining certification quotations,
  • providing consulting services,
  • delivering implementation services,
  • organising training courses.

Data Obtained from Publicly Available Sources

As part of maintaining our certification body directory and publishing industry-related information, we may obtain data from publicly available sources, including:

  • organisation websites,
  • public business registers,
  • accreditation registers,
  • official industry directories,
  • professional profiles published in connection with a person's professional or business activities.

In such cases, we process only business-related and professional information necessary to present information within the Certiget directory or to provide our services.

Data Collected Automatically

When you use our websites, certain information may be collected automatically, including:

  • IP address,
  • device and browser information,
  • website activity data,
  • information stored through cookies and similar technologies.

Further information can be found in the section "Cookies and Analytics Technologies".

 

5. Who We May Share Your Data With

We do not sell your personal data.

However, we may share your data with organisations that help us provide our services or where such sharing is necessary to fulfil the purpose for which the data was collected. The scope of data shared is always limited to what is necessary for the relevant purpose.

Certification Bodies

If you use services related to comparing certification offers, obtaining certification quotations or receiving support in selecting a certification body, we may share selected information with certification bodies for the purpose of:

  • preparing a quotation,
  • assessing the feasibility of providing certification services,
  • conducting the certification process,
  • contacting you regarding the submitted quotation.

Once the data has been received, the certification body becomes an independent controller of your personal data and is responsible for its further processing in accordance with its own privacy policy and applicable laws.

Contractors and Associates

Your data may be accessed by contractors, associates and subcontractors acting on behalf of Certiget, including consultants, trainers and subject matter experts delivering services to our clients.

Such persons are required to maintain confidentiality and may process personal data only to the extent necessary to perform their assigned tasks.

IT Service Providers and Business Support Tools

We may use service providers that support the operation of our websites, IT systems and electronic communications, including providers of:

  • website hosting and maintenance services,
  • e-mail services,
  • analytics tools,
  • online communication tools,
  • cloud-based services.

These providers may include, among others:

  • Google Workspace,
  • Microsoft 365,
  • OpenAI,
  • MyDevil,
  • home.pl.

These organisations process personal data in accordance with applicable data protection laws and contractual arrangements concluded with Certiget.

Accounting, Tax, Audit and Legal Service Providers

Where necessary, personal data may be shared with organisations providing services on our behalf, including:

  • accounting services,
  • tax advisory services,
  • audit services,
  • legal services.

Public Authorities

We may disclose personal data to public authorities or other entities authorised to receive such data where required by law or pursuant to a legally binding request issued by a competent authority.

 

6. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected or for the period required by applicable law.

Once the relevant retention period has expired, personal data is deleted or anonymised unless further retention is required by law or is necessary for the establishment, exercise or defence of legal claims.

Type of DataPurpose of ProcessingRetention Period
Data submitted through contact forms or correspondenceHandling enquiries and communicating with usersUp to 3 years after the end of communication
Data relating to certification offer comparison and quotation servicesDelivery of services and handling potential claimsUp to 6 years after completion of the service
Data relating to consulting, implementation and training servicesService delivery and project documentationUp to 6 years after completion of the service
Data relating to published reviewsPublication and verification of reviewsFor the duration of publication and up to 3 years after removal of the review
Data processed on the basis of marketing consentNewsletter and marketing communicationsUntil consent is withdrawn or up to 3 years after the user's last activity
Data relating to accounting and tax obligationsCompliance with legal obligationsFor the period required by law, but not less than 5 years from the end of the relevant tax year
Technical and analytical dataEnsuring security and analysing website performanceIn accordance with the configuration of the tools used and cookie settings

Where applicable law requires a longer retention period than those indicated above, we will retain the data for the period required by such law.

Where processing is based on consent, personal data may be processed until that consent is withdrawn, unless another legal basis justifies further processing.

 

7. Your Rights

The GDPR grants you a number of rights regarding the processing of your personal data.

You may exercise these rights at any time by contacting us using the contact details provided in this Privacy Policy.

Depending on the circumstances, you have the right to:

Access Your Data

You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, to receive a copy of the data and information regarding how it is processed.

Rectify Your Data

If your personal data is inaccurate or incomplete, you have the right to request that it be corrected or updated.

Erase Your Data

In certain circumstances, you may request the deletion of your personal data.

This right is not absolute and may not apply where we are legally required to retain the data or where processing is necessary for the establishment, exercise or defence of legal claims.

Restrict Processing

In certain situations, you may request that we restrict the way in which we process your personal data.

Data Portability

Where processing is based on your consent or a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.

Object to Processing

You have the right to object to the processing of your personal data where such processing is based on our legitimate interests.

Upon receiving your objection, we will assess whether there are compelling legitimate grounds that justify continued processing.

Withdraw Your Consent

Where we process your personal data based on your consent, you may withdraw that consent at any time.

The withdrawal of consent does not affect the lawfulness of processing carried out before the consent was withdrawn.

How to Exercise Your Rights

To exercise any of your rights, please contact us:

E-mail: [email protected]

Telephone: +48 797 123 382

We may request additional information necessary to verify your identity where required to process your request.

We aim to respond to most requests within one month of receipt. In exceptional circumstances, this period may be extended in accordance with the GDPR.

Right to Lodge a Complaint

If you believe that your personal data is being processed in violation of applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority.

In Poland, the supervisory authority is:

President of the Personal Data Protection Office (UODO)
ul. Stawki 2
00-193 Warsaw
Poland

Telephone: +48 22 531 03 00

Website: https://uodo.gov.pl

 

8. Do We Transfer Data Outside the European Union?

As a general rule, we seek to process personal data within the European Union (EU) and the European Economic Area (EEA).

However, due to the use of certain IT services and business support tools, your personal data may be transferred outside the EU/EEA, particularly to the United States.

This may involve services provided by:

  • Google (Google Workspace, Google Analytics, Google Ads, YouTube),
  • Microsoft (Microsoft 365),
  • OpenAI,
  • Zoom.

Personal data is transferred only where necessary for the use of these services and in compliance with applicable data protection laws.

How Do We Protect Data During International Transfers?

Where personal data is transferred outside the EU/EEA, we implement appropriate safeguards required by the GDPR, including:

  • adequacy decisions issued by the European Commission,
  • Standard Contractual Clauses (SCCs),
  • participation of the service provider in the EU–U.S. Data Privacy Framework,
  • other safeguards permitted under applicable data protection laws.

The exact scope of data transferred depends on the services you use and the functionalities utilised when accessing our websites or services.

If you would like further information regarding international data transfers or the safeguards we apply, please contact us using the contact details provided in this Privacy Policy.

 

9. Cookies and Analytics Technologies

Our websites use cookies and similar technologies that help ensure the proper functioning of the website, analyse how it is used and support the development of our services.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website.

Among other things, they allow us to:

  • display the website correctly,
  • remember selected user preferences,
  • analyse how visitors use the website,
  • measure the effectiveness of marketing activities.

What Types of Cookies Do We Use?

Essential Cookies

These cookies are necessary for the proper operation of the website and its core functionalities.

Their use does not require user consent.

Functional Cookies

These cookies enable the website to remember your preferences and provide enhanced functionality and personalisation.

Analytics Cookies

These cookies help us understand how visitors interact with our websites, allowing us to improve their functionality, performance and user experience.

Marketing Cookies

These cookies help us measure the effectiveness of marketing activities and deliver more relevant advertising content.

What Tools Do We Use?

Depending on the functionality of the website, we may use tools such as:

  • Google Analytics,
  • Google Ads,
  • YouTube.

Providers of these services may use their own cookies in accordance with their respective privacy policies.

Managing Cookies

You can control the use of cookies through your web browser settings.

You may also delete previously stored cookies or restrict their use.

Please note, however, that disabling certain cookies may affect the proper functioning of some website features and services.

Changes to the Technologies We Use

As our services evolve, the scope of analytics and marketing technologies we use may change.

The most up-to-date information regarding the tools and technologies used is always available in this Privacy Policy.

 

10. How to Contact Us

If you have any questions regarding this Privacy Policy, the way we process your personal data, or if you wish to exercise your rights, you may contact us using any of the methods below:

Certiget sp. z o.o.
ul. Sarmacka 20A/14
02-972 Warsaw
Poland

E-mail: [email protected]

Telephone: +48 797 123 382

Contact Form:
https://certiget.pl/kontakt

We make every effort to respond to enquiries and requests without undue delay.

 

11. Changes to This Privacy Policy

We may periodically update this Privacy Policy to reflect changes in:

  • applicable laws and regulations,
  • the way we provide our services,
  • technologies used by Certiget,
  • processes relating to the processing of personal data.

The current version of this Privacy Policy is always available on:

Where significant changes affect the way personal data is processed, we may publish additional information on our websites or contact users directly where required by applicable law.

 

 

Last Updated: 01 June 2026

Document Version: 5.0