Privacy and Cookie Policy

Privacy and Cookie Policy

This privacy and cookie policy contains information about the processing of your personal data, and the use of cookies at tb4hr.com and light.tb4hr.com.

The controller of your personal data is Toolbox for HR Services Sp. z o.o. Our office is located in 00-351 Warsaw, Poland, at ul. Zajecza 15. In matters related to the processing of personal data, you can contact us by email, by writing to: info@tb4hr.com

The controller applies organizational and technical safeguards to ensure protection of personal data processing suitable to threats and categories of data. As a personal data controller, we make sure that personal data of users of our website are processed in accordance with the provisions of the General Data Protection Regulation (GDPR) and the provisions of Polish law.

Your data will be processed:
To provide you with the possibility of using all the functionalities of the Website; we process your personal data for the purposes specified below, based on the relevant legal basis.

Creating and maintaining a user account requires the processing of personal data such as:
name,
e-mail address.
The processing of personal data for the above purpose is based on Article 6(1)(b) GDPR, whereunder we can process personal data necessary for the performance of a contract or in order to take steps to enter into a contract;

Handling a complaint requires the processing of personal data such as:
name;
e-mail address.
The processing of personal data for the above purpose is based on Article 6(1)(b) GDPR, whereunder we can process personal data necessary for the performance of a contract or in order to take steps to enter into a contract;

Sending email notifications requires the processing of personal data such as:
name;
e-mail address.

The processing of personal data for the above purpose is based on Article 6(1)(f) GDPR, whereunder we can process personal data necessary for the purposes of our legitimate interests, including in the case when we provide you with information about activities related to the execution of orders and services, to improve their quality.

Sending marketing information - newsletter requires the processing of personal data such as:
name;
e-mail address.
The processing of personal data for the above purpose is based on Article 6(1)(f) GDPR, whereunder we can process personal data necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, where the legitimate interest pursues by the Controller is sending commercial information, to which you have granted your consent.

Issuing a VAT invoice and fulfilling other obligations under tax law (e.g. retention of accounting records) requires the processing of personal data such as:
first and last name;
business name;
address of residence/registered office;
NIP (tax ID)/PESEL (personal ID) number;
order number.
The processing of personal data for the above purpose is based on Article 6(1)(c) GDPR, whereunder we can process personal data necessary for compliance with a legal obligation to which we are subject;

Compliance with obligations related to the protection of personal data (e.g. creation of appropriate registers)
requires the processing of personal data such as:
name;
e-mail address.
The processing of personal data for the above purpose is based on Article 6(1)(c) GDPR, whereunder we can process personal data necessary for compliance with a legal obligation to which we are is subject, and Article 6(1)(f) GDPR whereunder we can process personal data necessary for the purposes of our legitimate interests, including in the case of proper exercise of your rights under the GDPR.

Establishment, exercise or defence of legal claims requires the processing of personal data such as:
user name (login);
name and surname (if provided);
e-mail address;

address of residence/registered office/for service (if provided);
business name (if provided);
NIP (tax ID) number (if provided);
IP;
order number.
The processing of personal data for the above purpose is based on Article 6(1)(f) GDPR, whereunder we can process personal data necessary for the purposes of our legitimate interests, including in the case of establishment, exercise or defence of legal claims of clients or third parties.

Archiving and gathering evidence requires the processing of personal data such as:
user name (login);
name and surname (if provided);
e-mail address;
address of residence/registered office/for service (if provided);
business name (if provided);
Tax ID number (if provided);
IP;
order number.
The processing of personal data for the above purpose is based on Article 6(1)(f) GDPR, whereunder we can process personal data necessary for the purposes of our legitimate interests, including in the case of holding evidence for the occurrence of certain facts, which may be demanded by the public authorities.

Analysis of activity of application users requires the processing of personal data such as:
date and time of visiting the application;
type of operating system;
approximate location;
type of web browser used to browse the application;
time spent on the application;
visited subsites;
subsite where the form was filled in.
The processing of personal data for the above purpose is based on Article 6(1)(f) GDPR, whereunder we can process personal data necessary for the purposes of our legitimate interests, including in the case of obtaining information on activity of the application users.

We also process your personal data to analyse your preferences and behaviours and create your profile for marketing purposes (profiling) and direct marketing as well as application features development (applies to people using a user account):
Analysis and profiling for marketing purposes: To know your personal preferences and behaviours in order to present you information about products, new products and promotions offered by the application. In order to create it, we will process your personal data provided by the user's account registration form, information related to your activity within the user account over the last 24 months (order history), frequency and method of using the user's account (i.e. via a mobile application/website), your opinions and suggestions, location data (if you enable this option on your device or in your browser), cookies and similar technologies for collecting data about your activities, i.e. visited places and activity on our application, technical information about your device (IP address/MAC, operating system and browser type);
Direct marketing: For direct marketing purposes, i.e. to inform you about products, new products and promotions offered by the application, we will process data from the profile;
In order to send you personalised advertisement and information about products, we will process your data in an automated manner, which will include profiling thereof - however, this will not have any legal effects on you, nor will it significantly affect for your situation.
The legal basis for the processing of the above data is the legitimate interest consisting in the need to examine through the application your preferences and behaviours for the purposes of preparing and presenting information about products, new products and our promotions that we think may interest you and will be tailored to your needs (profiling) and direct marketing of our products referred to above (Article 6(1)(f) GDPR).

We will transfer your data for the following period of time:

complying with legal obligations arising from the GDPR concerning the exercise of your rights and, consequently, archiving your requests to us or informing you about the threats to your privacy - until the limitation periods lapse;
compliance with tax law obligations - for the period set out under tax law;
conclusion and performance of the contract - when you register an account with us or buy something - until the lapse of the limitation periods for claims, if any, arising from the performance of the contract;
sending you a newsletter, i.e. information about new products and promotions - until your personal data is no longer useful, unless you previously withdraw your consent to receive the above-said content, or until you raise an objection;
creating your profile based on your preferences and likes in order to send you a personalised advertisement - until you raise an objection.

Providing personal data is voluntary, but necessary in order to:
register your account or make a purchase;

receive information about new products and promotions in the form of a newsletter;
presenting personalised advertisements or granting discounts.

Data recipients
The recipient of your personal data will be external entities that process data on our behalf under processing agreements (e.g. a company providing us with hosting services, an accounting office) as well as other our subcontractors. The data may also be transferred to public or private entities, if such an obligation is imposed under generally applicable laws.

Due to our use of tools (such as Google Analytics), we transfer your data to the United States of America under Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176). You can get a copy of the data transferred to a third country from us.

Rights
Under the GDPR, you have certain rights in connection with the processing of your personal data:
the right to be informed what personal data concerning you are processed by us and to received copies thereof (so called right of access). The first copy of the data is free of any charges, whereas we may charge a fee for each subsequent copy thereof;
if the processed data become outdated or incomplete (or otherwise inaccurate), you have the right to rectify thereof;
in certain cases you may request us to delete your personal data, e.g. when we no longer need your data for the purposes communicated to you; when you effectively withdraw your consent for data processing (unless we are authorized to process your data under a different legal basis); if the processing would be contrary to laws; or if we are obliged to delete the data by operation of law;
in the event that we process your personal data on the basis of your consent granted to us to process your personal data, or to perform the agreement concluded with you, you may transfer your data to another controller;
in the event that we process your personal data on the basis of your consent granted to us to process your personal data, you may withdraw such consent at any time;
if you determine that the personal data are inaccurate, processed contrary to laws, or that we do not need certain data, you may also request that we do not carry out any operations on the data for a given period of time required by you (e.g. to verify the accuracy of data or seek claims), but solely store them.
we process your personal data, among others, in order to carry out marketing activities regarding our products and services. The basis for such processing is so-called ‘legitimate interests pursued by the controller’. In the case of such processing, you have the right to object. Consequently, we will stop processing personal data for the purpose described above;
you have a right to lodge a complaint with the President of the Office of Personal Data Protection if you determine that the processing of your personal data breaches the GDPR.

We use a server that, in order to analyse the IT system operations, automatically saves in the server logs information about the device used by the users to connect to the platform, i.e. information about the type of device and browser used by the user, about the user's computer IP, date and time of entry, text description of the event, qualification of the event.
Through most commonly used browsers, you can check whether cookies have been installed on your device, as well as delete installed cookies and block them from being installed in the future via a website or other sites. However, deleting or blocking cookies may cause problems when using the website. For more information about deleting, modifying or blocking cookies, please visit http://www.cookiecentral.com/faq/.
According to international NAI standards (https://www.networkadvertising.org/), we store cookies for up to five years.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Session Cookies. We use Session Cookies to operate our Service.
Preference Cookies. We use Preference Cookies to remember your preferences and various settings Security Cookies. We use Security Cookies for security purposes
Use of Data

Data of other user profiles you browse

We handle profile data in several ways, we do not view or process in any way shape or form any profile data that is not explicitly listed here. These data are processed on your browser and do not leave your browser (we do not process theese data within the meaning of the GDPR):
Profile’s Name

These data are processed on your browser and leave your browser reaching our encrypted API. They are not used to directly retrace a given profile and hence do not constitute personal data:
Profile’s Url

Profile’s Job Roles and Companies
Profile’s Degrees, Graduation Subjects and Attended Schools
Profile’s job description
Profile’s Current and past City

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy

Our Service does not address anyone under the age of 18 (hereinafter: “children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children have provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers.

Any matters not governed by this Privacy Policy will be subject to personal data protection laws. Any changes to this Privacy Policy will be notified by e-mail.
The Policy enters into force as of July 10th 2021 Information about any amendments to the Policy will be made available by e-mail or on our website.