Last updated: 2023-05-17

Table of Contents

  • Scope of processed data
  • Third-party vendor information and data sharing
  • Data processing connected with recruitment purposes
  • The purposes of data processing
  • User rights
  • Cookies and their use, Local Storage
  • Duration of data processing
  • Governing law and disputes
  • Changes in the Policy

This agreement was written in English. By accepting this Privacy Policy you confirm that you fully understand the contents of this agreement and agree to be bound by its terms.

IRONIN SP. Z O.O. SP. K. is committed to protecting the private nature of your personal information. Our procedures ensure that your data is handled responsibly, in accordance with applicable data protection laws and state-of-the-art security measures. Our solutions prevent unauthorized access to your data.

The administrator of your data and your Personal Data Administrator is IRONIN SP. Z O.O. SP. K.; ul. Wspolna 70, 00-687 Warsaw, Poland; The District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register; KRS: 0000665728 NIP: 5252700722 REGON: 366646626, hereafter referred to as “iRonin”, “Data Controller”, “Personal Data Administrator” or “We”.

You can contact us to learn more about data processing and your legal rights. A Data Protection Officer was appointed at iRonin. To communicate with our Data Protection Officer, please email contact@ironin.pl. If you feel that your laws are violated in any way by our data processing activities or that we do not guarantee sufficient measures of data protection, you can make an official complaint by contacting the President of the Personal Data Protection Office (e-mail: contact@ironin.pl, address: Stawki St. 2, 00-193 Warsaw; phone number: +48 22 531 03 00; fax: +48 22 531 03 01).

We select and use appropriate measures (both technical and organizational) to protect personal data that is being collected and processed by us. Access to the collected data is only possible for persons authorized by iRonin. We protect the data against unauthorized access.

Scope of processed data

iRonin protects personal data against its processing in violation of the applicable laws. All collected personal data is processed in accordance with applicable laws, including the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 (“GDPR”). Providing personal information is a voluntary action.

We gather statistics and data regarding your use of our website and your preferences. We use cookies and collected data to enhance your experience, provide communication channels, improve marketing materials and our business offer. We collect selected information about you and your activity when you browse our websites, use our services, or take certain actions while browsing our websites or using our services. This information is collected and used solely with the objective of fulfilling the above-mentioned purposes and related purposes, and any other purposes required by law.

We collect information such as: single visit session duration, amount of time spent on each of our websites/services, traffic source, location based on anonymized IP addresses, device ID, browser and operating system information. We may collect and process other available data which you agreed to share with us by accepting our Privacy Policy or the privacy policy (or terms of service) of a third party vendor. We use Google Analytics Advertising Features, which provide us with data on your estimated (or provided) age, gender, interests, Affinity Category, In-Market Segment and other categories assigned to you by Google’s Platform Products. We also use HotJar to track behaviour analytics to better understand how you interact with our website and your experience. Tracking pixels are used to monitor how visitors arrive at our website and to measure the effectiveness of our digital marketing campaigns. We use Zoho One to manage and automate our marketing processes, allowing us to create reports and dashboards. Meta Platforms Ireland Limited (including Facebook and Instagram) and Twitter Inc are used to collect your data for creating personalised features, content and recommendations. 

We may process your personal data, including: IP address, and the following data if it was provided: e-mail address, first name, last name, phone number, country, city, mailing address and career details. We retain collected personal data as long as is necessary for the fulfilment of the above mentioned purposes.

If you sign up for our newsletter or mailing list (both hereafter referred to as “Newsletter”), we will process your e-mail address and any additional information provided by you, as it is necessary in order to deliver to you the Newsletter you have signed up for, and you expressed your consent to the processing of your Personal Data. This data is stored and processed as long as you wish to receive our mailing services, and your consent to this lasts until you express a deliberate request to delete you from our database by contacting contact@ironin.pl.

If you contact us using our chat widget (provided by Intercom), comment section (provided by Disqus) or using any other available communication tool, you are agreeing to the collecting and processing of data you provide during such communication and data required or collected by the given tool, according to appropriate privacy policies and terms of such tool.

If you contact us using our contact form, you are agreeing to the collecting and processing of data you provide during such communication and of data required or collected by the form, according to the terms of this Privacy Policy. The contact information iRonin collects from you will be used to message you about iRonin’s products and services. You can unsubscribe from receiving these messages at any time, and make the request for iRonin to cease such communication at any time by contacting .

We may provide your personal data to third parties at the request of state authorities authorized to do so. In such an event, the processing of personal data is necessary for compliance with iRonin’s legal obligations.

Third-party vendor information and data sharing

We may provide your personal data and non-personal data to external data processors - our third party vendors. Your personal data may be transferred to, stored and processed outside the European Economic Area. Our third party vendors are fulfilling a required protection level based on the European Commission’s decision (12 July 2016), complying with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.

The scope of data we may deliver to third party companies acting as a processor on our behalf:

  • details about your connecting to our website, including: information about your browser and operating system (screen resolution, screen colors, browser ID, browser type and version, OS, device type, other device details, language, used plugins and their versions), date and time of connection, source of the traffic.
  • details about your behaviour on our site: visited pages on our websites, items clicked, actions taken on our website, event data, web session duration, page view duration.
  • details about your interactions with e-mails you received from us, including: what links were opened, information about e-mail delivery status and if a given e-mail was opened by you.
  • your personal data, including: IP address, e-mail address, demographic data, and the following data if it was provided: first name, last name, phone number, mailing address.

By accepting this Privacy Policy, you agree to share your data with following third-party vendors, and to their Privacy Policy and Terms.

  • Google LLC (including Google Cloud, Google Analytics, Google AdWords) - data is collected and processed to measure user traffic on our site using services that do not require registering an Account. Data range: the amount of time spent on each visited web page, as well as data referring to your search history, location based on anonymized IP address, device ID, your activity and behavior, as well as browser and operating system information, estimated age, gender, interests, Affinity Category, In-Market Segment or other categories assigned to you by Google’s Platform Products. By accepting this Privacy Policy you acknowledge that data connected with your personal information, behavior and details regarding your connection (including your location and IP address) can be transferred to Google LLC (located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States) for processing in accordance with their Privacy Policy  and Terms.
  • Google LLC (reCAPTCHA) - data is collected and processed to provide additional security measures against bots and data scraping tools. By accepting this Privacy Policy you acknowledge that data connected with your personal information, behavior and details regarding your connection (including your location and IP address) can be transferred to Google LLC (located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States) for processing in accordance with their Privacy Policy  and Terms.
  • LinkedIn Corporation - data is collected and processed to measure the effectiveness of marketing campaigns, as well as to improve our marketing materials, the content on our websites, and our offer. By accepting this Privacy Policy, you acknowledge that data connected with your personal information, demographic data, behavior and details regarding your connection (including your location and IP address) can be transferred to LinkedIn Corporation (1000 W. Maude Avenue, Sunnyvale, CA 94085, USA) for processing in accordance with their Privacy Policy  and Terms.
  • Disqus, Inc. - the plugin which we use to enable adding comments to our blog posts. Data is collected and processed in order to enable functionality provided by Disqus. By accepting this Privacy Policy you acknowledge that the information you provide can be transferred to Disqus (717 Market Street, San Francisco, CA 94103, United States) for processing in accordance with their Privacy Policy  and Terms.
  • Intercom – collecting data voluntarily provided in the chat window, as well as user location, IP address and e-mail, for the purpose of answering the queries of users visiting the website. By accepting our Privacy Policy you acknowledge that the information you provide can be transferred to Intercom for processing in accordance with their Terms & Policies.
  • We use Zoho One as our marketing automation platform. By accepting our Privacy Policy you acknowledge that the information  you provide can be transferred to Zoho One for processing in accordance with their Privacy Policy and Terms
  • Meta Platforms Ireland Limited (including Facebook and Instagram) – data is collected and processed to measure the effectiveness of marketing campaigns, as well as to improve our marketing materials, the content on our websites, and our offer. By accepting our Privacy Policy you acknowledge that the information  you provide can be transferred to Meta Platforms Ireland Limited for processing in accordance with their Privacy Policy and Terms
  • Twitter Inc. – data is collected and processed to measure the effectiveness of marketing campaigns, as well as to improve our marketing materials, the content on our websites, and our offer. By accepting our Privacy Policy you acknowledge that the information  you provide can be transferred to Twitter Inc. for processing in accordance with their Privacy Policy and Terms
  • Hotjar Ltd – data is collected to track behaviour analytics to increase effectiveness of our campaigns and to improve your interactions with our website. By accepting our Privacy Policy you acknowledge that the information  you provide can be transferred to Hotjar Ltd for processing in accordance with their Privacy Policy and Terms.

Data processing connected with recruitment purposes

  • TMS (Talent Management System) - data collected after you are redirected to the application form in the following tab of the iRonin website: https://www.ironin.it/careers.html iRonin recruits for its own needs and for the clients to whom we provide services. Therefore, we would like to inform you that Users’ data can also be processed by iRonin’s clients. At the same time, we would like to inform you that by consenting to a particular recruitment process, this consent applies to only the one process. Consent for future recruitment will apply to both recruitment for a specific position included in the job advertisement and for other future recruitment opportunities. This means that we will store Personal Data in our database in order to send you information about job offers tailored to your profile and professional experience. The User may withdraw the consent for further processing at any time, in accordance with the “User rights” section of this Policy.
  • The User’s Personal Data may also be processed should the User receive a recommendation in the form of a document provided to us through our official contact addresses or internal communication tools. In this situation, the person making the recommendation provides us with a CV or other documents containing the data of the recommended person. iRonin verifies the profile of the recommended person, received from the recommender, regarding the consent of the recommended person for the processing of Personal Data that meets the requirements of the GDPR. If the required consent has been given, iRonin has the authority to use this data as part of our recruitment processes.

The purposes of data processing

Your personal data will be processed by the Personal Data Administrator for purposes related to:

  • fulfilling a contract entered into with a given person, which will include sending to them the Newsletter, and managing and monitoring the correctness of the contract and any transactions (Article 6 paragraph 1 point b of GDPR);
  • maintaining accounting and bookkeeping documentation (Article 6 paragraph 1 point c of GDPR)
  • solving conflicts and claiming rights resulting from the claimant’s economic activity - which is a lawful purpose of the Administrator (Article 6 paragraph 1 point f of GDPR)
  • responding to Users (via the e-mail addresses and phone numbers provided by them) who previously made inquiries through Intercom or via other ways of contacting iRonin, including the e-mail addresses provided on the website www.ironin.it. In the case of contacting the User in order to provide a response, the legal basis for the processing of Personal Data is the consent of each User to the processing of personal data (Article 6 paragraph 1 point a of GDPR);
  • evaluating a person as a candidate for employment, consideration of a job application submitted by the User and possible completion of the recruitment process by iRonin, after prior consent of the User to the processing of their data as included in a CV or in an interactive application form - which is a lawful purpose of the Administrator (Article 6 paragraph 1 point f of GDPR);
  • monitoring website traffic, enhancing user experience, providing additional communication channels (e.g. real-time chat and a commenting feature for articles), improving marketing materials and iRonin’s offer. The legal basis is the User’s consent to the processing of Personal Data (Article 6 paragraph 1 point a of GDPR) and the requirements of pursuing legitimate interests by the Data Controller (Article 6 paragraph 1 point f of GDPR).

User rights

Any person whose personal data is collected, stored and processed (hereafter referred to as: “Data Subject” or “User”), has the following rights:

  • the right to request access to their personal data and the information on data processing; in the case of incorrect data the Data Subject holds the right to request data rectification (Article 15 and 16 of GDPR);
  • the right to the restriction of processing of their data in the situations and rules described in Article 18 of GDPR - the Data Subject may request restriction of their data processing where one of the following applies:
  1. the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests a restriction on their use instead;
  3. the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
  4. the Data Subject has objected to the processing of their data, pursuant to Article 21(1) of GDPR, pending verification of whether the legitimate claim of the Data Controller overrides that of the Data Subject.
  • the right to the erasure of personal data, according to Article 17 of GDRP (“right to be forgotten”);
  • the right to personal data portability, according to Article 20 of GDPR - the right to receive from the Data Controller personal data in a structured, commonly used and machine-readable format, and the right to transmit these data to another controller; this right concerns only data provided to the Data Controller by the Data Subject themselves;
  • the right to object at any time, on grounds relating to the Data Subject’s particular situation, to the processing of personal data concerning themselves by the Data Controller for purposes of the Data Controller’s legitimate business (Article 21 of GDPR);

You have the right to access your data (by requesting a copy of all your data), modify the data and delete any given data, as well as to rectify, erase and limit the processing of the data, transfer of the data, object to the processing of the data based on a legitimate interest of iRonin, withdraw consent at any time without affecting the lawfulness of the processing (where the processing takes place on the basis of a consent) carried out based on the consent given before its withdrawal (legal basis: article 7 paragraph 3 GDRP). All the mentioned operations regarding your data can be requested by contacting us at contact@ironin.pl or using the appropriate functionality of the Service provided, if such functionality was made available to the user.

Cookies and their use, Local Storage

We use cookies for the purposes mentioned in The purposes of data processing section and to enable functionalities provided by us and third party vendors (see: Third-party vendors information).

If you do not agree with our using cookies and processing your data, please change your cookies settings in your web browser and reject these terms.

Duration of data processing

Personal data shall be stored only for the period necessary to achieve the particular purpose for which it was provided, or in order to comply with the law. The period of data processing depends on the type of service provided, the purpose of the processing and its legal basis:

  • in the case of processing personal data on the basis of consent, the period of processing continues until you withdraw your consent;
  • in the case of processing personal data based on the justified interest of the data controller, the processing period lasts until the cessation of the above-mentioned interest (e.g. the period of limitation of civil claims) or until the person whose data are concerned objects to further such processing – in situations where such an objection is in accordance with the law;
  • in the case of legal disputes, personal data will be stored and processed at least until the final resolution of a given legal dispute;
  • for accounting-related purposes your data (if applicable) will be stored for a period of 5 years in accordance to the Accounting Act;
  • in the case of a recruitment process, personal data shall continue to be processed within the period of twenty-four months after the completion of the recruitment process;
  • we may store data limited to name and surname, e-mail, application history and information on expressed consents for the purpose of defending against possible claims for a period of 3 years from the deletion of other previously provided data;
  • in case of processing cookies, we will process your personal data for the period within which cookies will be stored on your device.

Governing law and disputes

The governing law is the law governing over the administrator’s registered seat. All disputes shall be resolved through amicable negotiations, and in case of lack of settlement the dispute shall be resolved by the court competent for the registered seat of the Administrator.

Changes in the Policy

Depending on arising needs, we can change, revise and update the Privacy Policy at any moment, without notice or users’ acceptance - please check back periodically for changes. You will be able to see that changes have been made by checking to see the effective date posted at the end of the policy. In the case of significant changes to policies addressing personal data processing, we can also send you separate notifications to the email address you specified, if such an e-mail address was provided.

Last updated: 2023-05-17