PRIVACY POLICY

1.The controller of your personal data is:

• Altkom Software & Consulting sp. z o.o., KRS: 0000448403, NIP (Tax ID): 7123276080, REGON (Statistical ID): 061512913 and
• Altkom Experts sp. z o. o., KRS: 0000532755, NIP (Tax ID): 7123291369, REGON (Statistical ID): 360236318 hereinafter referred to as joint controllers (Controller(s)).

The companies have their registered office in Warsaw, ul. Chłodna 51, 00-867 Warsaw.

2.If you have any questions about how and to what extent we process your personal data, or regarding your rights in connection with such processing, please contact us by email or by traditional mail at the following addresses:

• asc@altkomsoftware.pl
• Altkom Software & Consulting sp. z o.o., ul. Chłodna 51, 00-867 Warsaw
• Altkom Experts Sp. z o.o., ul. Chłodna 51, 00-867 Warsaw.

3.The Controller has appointed a Data Protection Officer, Mr Mariusz Zajkiewicz, who can be contacted by means of traditional mail by sending correspondence to the company’s address marked GDPR or by sending an email to the following address: iod@altkomsoftware.com.

4.Below, we indicate the purposes for which we process your personal data, the legal basis for such processing, as well as the period for which we will retain your personal data in relation to a specific purpose:

• To respond to your inquiry submitted via the electronic form available on the website or in another form (e.g. by mail or email). The basis for the processing of your personal data is Article 6(1)(a) of the GDPR, i.e. the consent you have given. We will keep your personal data until we have provided a final response and completed the correspondence, but no longer than 2 months;
• To carry out the recruitment process on the basis of Article 6(1)(a) of the GDPR (consent) if we receive more personal data from you than is legally required under Article 22 (1) of the Labour Code. The period for which your personal data will be processed is described in point 5 below;
• To carry out the recruitment process on the basis of Article 6(1)(b) of the GDPR (taking action prior to the conclusion of an agreement) and Article 22 (1) of the Labour Code. The period for which your personal data will be processed is described in point 5 below;
• To establish cooperation after successful recruitment. The basis for the processing is Article 6(1)(b) of the GDPR – taking action prior to entering into an agreement or for the purpose of concluding an agreement at the request of the data subject. The data retention period is 10 years in accordance with the Labour Code in case of employment agreement and 5 years counted from the end of the calendar year in which the civil agreement was terminated in accordance with the Civil Code;
• To comply with the legal obligation to prepare and retain documentation. The legal basis for the processing of data in this case is: Article 6(1)(c) of the GDPR. Personal data will be retained for the period required for the storage of accounting documents and documents confirming the conclusion and performance of the agreement, as specified by national legislation. In the case of the performance of an agreement or order on your behalf, the Controller will process the personal data contained in invoices, accounting records or other documentation confirming the conclusion and performance of the agreement for the purpose of preparing and retaining documents in accordance with applicable laws, the data will be retained in compliance with applicable laws for no longer than 5 years from the year in which the cooperation ends;
• To pursue the Controller’s legitimate interests on the basis of Article 6(1)(f) of the GDPR (quotation, performance of the agreement, establishment, exercise and defence of claims, debt collection, conducting court, arbitration and mediation proceedings, for audit purposes). The data will be retained in compliance with applicable laws but no longer than 5 years from the end of the year in which the cooperation ends.

5.Duration of data processing for recruitment purposes:

• If you participate only in the current recruitment process, your personal data will be processed for the duration of the recruitment, but no longer than 24 months;
• If you consent to participate in future recruitment processes, your personal data will be processed for a period of 36 months from the start date of the current recruitment;
• Once the agreement is concluded, the data will be processed for a period of 5 years for civil law agreements and 10 years for employment agreements.

6.With whom do we share your personal data?

Państwa dane osobowe, w zakresie w jakim będzie to niezbędne, możemy udostępniać:

• With entities entitled to receive such data on the basis of applicable law (e.g. courts, legal protection authorities, administrative authorities, supervisory authorities);
• With entities processing your personal data on our behalf (e.g. service providers, entities operating our IT systems and tools, entities providing advisory or consulting services and, in the case of recruitment, the company Traffit, etc.).

In every case of sharing or entrusting your personal data, we will ensure that only the minimum amount of information necessary to achieve the purpose of data processing is disclosed.

7.What rights do you have in relation with the processing of your personal data by the Controller?

In relation to the processing of your personal data by the Controller, you have the following rights:

• Pursuant to Article 15 of the GDPR – the right to access to your personal data, including the right to obtain a copy of the personal data being processed;
• Pursuant to Article 16 of the GDPR – the right to rectify any of your personal data that is incorrect: outdated or inaccurate, and the right to have it completed if it is incomplete;
• Pursuant to Article 17 of the GDPR, in the cases specified therein – the right to erasure of personal data (the so-called “right to be forgotten”). This right generally allows you to request that the Controller erase your personal data without undue delay, however, in accordance with Article 17 of the GDPR, there are exceptions to this right (in particular, when the data is needed for the establishment, exercise or defence of legal claims);
• Pursuant to Article 18 of the GDPR – the right to request the Controller to restrict the processing of personal data. In practical terms, this right may involve temporarily blocking access to your personal data or transferring it to another system;
• The right to lodge a complaint with the supervisory authority responsible for personal data protection, i.e. the President of the Personal Data Protection Office – in the event that the processing of personal data is considered to be in breach of the GDPR;
• Pursuant to Article 21 of the GDPR – the right to object to the processing of personal data.

To exercise the above rights, you should contact the Controller or the Data Protection Officer indicated in sections 1 and 2.

Your requests will be fulfilled without undue delay, but no later than within 30 days of their receipt. This period may be extended by a further 30 days due to the complexity of the request or the number of requests, of which you will be informed accordingly.

If the processing of personal data is based on your consent, you have the right to withdraw your consent at any time, whereby the withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of that consent before its withdrawal.

The withdrawal of consent will result in your data being removed from our database.

8.Personal Data Security

The Company applies technical and organisational measures to protect your personal data against unlawful or unauthorised access or use, as well as against accidental destruction, loss or breach of data integrity.

The principle of ensuring security has guided us in the design of the IT infrastructure, the design of standards and business practices. Our security procedures include, in particular: access security, backup system, monitoring, review and maintenance, as well as security incident management.

As part of ensuring the security of the personal data processing, we undertake to take into account:

• Confidentiality – we will protect personal data from accidental disclosure to third parties;
• Integrity – we will protect personal data from unauthorised modification;
• Availability – we will provide access to your data by authorised persons if required.

Each employee and associate with access to your personal data has the appropriate authorisation and is obliged to maintain confidentiality.

COOKIE POLICY

1. WEBSITE ACCESSIBILITY

The website https://www.altkomsoftware.com/ can be viewed on any device with Internet access using any web browser (the latest version of the browser is recommended).

2. WHAT ARE COOKIES AND WHAT ARE THEIR FUNCTIONS?

Cookies, also referred to as “ciasteczka” in Polish, are small text files sent by a web server and stored on the user’s side. Cookies allow the information they contain to be read only by the server that created them. Cookies contain various types of information about the user of a given website and their history of interaction with the website. Thanks to this information, the owner of the server that sent the cookies can find out which websites the user visited before accessing their site, identify the user’s IP address, as well as check whether any errors occurred while displaying the page. However, it should be noted that this data is not associated with specific individuals browsing the website, but only with the computer connected to the Internet on which the cookie was stored.

3. PRIVACY

Page encryption (SSL/ TLS):

• An *.altkomsoftware.pl certificate has been issued for the domain https://www.altkomsoftware.com/. The certificate ensures the confidentiality and integrity of data transmission, as well as the server authentication;
• Communication encryption is enabled across the entire domain to ensure user security. Communication is encrypted with a 256-bit key and the independent certificate issuer – Certum Domain Validation CA SHA2 – provides a guarantee that you are on an authentic, original website https://www.altkomsoftware.com/;
• Detailed information about the certificate can be obtained by clicking on “More information” in the browser bar and then selecting “View certificate”;
• The browser may display a warning that the connection is not secure if the website contains images sourced from “http://” instead of “https://”. However, during the validity period of this Policy, no such elements are present on the website.

The website includes embedded Google Analytics code.

This tool is used for web analytics and helps to improve the website in line with user needs. Google Analytics collects anonymous information and records website trends without identifying individual users. Like many other services, the Google Analytics tool uses its own cookies to analyse user activity on the website. These files are used to store information, e.g. the start time of the current visit and whether the user has previously visited the website, and which website referred the user to the current page.

Google Analytics uses the following types of cookies, which are permanent cookies except for the “__utmc” cookie, which is a temporary cookie. The provided cookie expiration date is the maximum possible. In fact, the date depends on the user’s actions – e.g. deleting cookies, changing the device, reinstalling the browser:

• Name: __utma

Expiration date: 2 years from the time of initial creation or the most recent update. Description: Google Analytics cookie that makes it possible to determine the number of unique users (defined as a specific browser on a specific computer) visiting the website. The cookie tracks the number of visits to the site, the time of the first visit, the previous visit and the current visit.

• Name: __utmb

Expiration date: 30 minutes from the time of initial creation or the most recent update. Description: Google Analytics cookie that helps determine the number of visits by a unique user to the website (defined as a specific browser on a specific computer). Used in conjunction with the __utmc cookie (described below). The cookie tracks the duration of a visit – its start and end time.

• Name: __utmc

Expiration date: 30 minutes from the time of initial creation or the most recent update. Description: Google Analytics cookie that helps determine the number of visits by a unique user to the website (defined as a specific browser on a specific computer). Used in conjunction with the __utmb cookie (described above). The cookie tracks the duration of a visit – its start and end time.

• Name: __utmz

Expiration date: 6 months from the time of initial creation or the most recent update. Description: Google Analytics cookie that helps determine how a unique user arrived at the website (specific browser on a specific computer). The cookie tracks the source of the visit to the blog and how the blog was navigated.

If the User does not consent to the collection of anonymised statistical data about their activity on the website, they may disable the Google Analytics tool in their browser by downloading and installing the add-on (available for the browsers Mozilla Firefox, Google Chrome, Apple Safari, Opera, Microsoft Internet Explorer) or disable cookies in their browser.

The website uses Get Response tools.

GetResponse is an email marketing tool that enables the collection of data from users who choose to voluntarily leave their contact data in a form on a website. The collected information is used for further communication to which the user has previously given informed and voluntary consent.

The website includes tools provided by suppliers: Google, LinkedIn, Meta and YouTube process cookie data in accordance with their own rules and regulations. In their case, data collection mechanisms are used to collect information about user behaviour.

The site uses tools such as Hotjar.

Hotjar is an analytical tool used, among other things, to record user sessions on our website and to create a traffic map (heatmap) that shows how users navigate the site. Based on the data collected, we can analyse user behaviour and make changes to the structure of the website to make it more intuitive, attractive and user-friendly.

4. HOW DO WE USE THE INFORMATION OBTAINED FROM COOKIES?

Typically, the data is used to automatically recognise a specific user by the server, which can then generate a dedicated page for that user. This enables, for example, the customisation of services of websites, support for login functionality and certain contact forms.
The company, publisher of the website https://www.altkomsoftware.com/, uses cookies to optimise the use of the website and to adapt its content to the user’s preferences. Cookies are also used to create anonymous, aggregated statistics, excluding any personal identification of the user. This helps us to understand how users interact with the website and allows us to improve its structure and content. In addition, the Company may place or allow an external entity to place cookies on user’s device in order to ensure the proper functioning of the website. This helps to monitor and verify the website’s performance. This entity may include, among others, Google, which collects the data needed by the Company.
The user can configure their browser to prevent cookies from being stored on their device or to have them automatically deleted after a specified period of time. These settings can therefore be adjusted to block the automatic handling of cookies in the browser settings or to notify the user each time cookies are sent to their device. Unfortunately, as a consequence, this can lead to problems with the display of certain websites or the unavailability of certain services.

.

5. HOW TO CHANGE COOKIE SETTINGS IN THE MOST POPULAR BROWSERS:

• Mozilla Firefox Instructions at: https://support.mozilla.org/enUS/kb/storage?as=u&utm_source=inproduct&redirectslug=permission-storedata&redirectlocale=en-US
• Opera Instructions at: https://help.opera.com/pl/latest/security-and-privacy/
• Safari Instructions at: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
• Google Chrom Instructions at: https://support.google.com/chrome/answer/95647?hl=pl&co=GENIE.Platform%3DDesktop

7. WHOSE PERSONAL DATA DO WE PROCESS?

The Controller (Joint Controllers) processes, among others, the personal data of:

• Users of the Company’s website – https://www.altkomsoftware.com/ – i.e. individuals submitting inquiries via the Company’s website (electronic forms);
• Clients who are natural persons;
• In the case of clients who are legal persons or organisational entities without legal personality – personal data of persons authorised to represent such entities, employees and associates of such clients;
• Service providers who are natural persons, as well as employees and associates of such service providers;
• Potential employees or associates;
• Potential clients – including data obtained by the Company’s representatives in the course of sales or marketing activities (e.g. during meetings or business correspondence, as well as during conferences or other events, tenders, negotiations, etc.).

8. PROVISION OF PERSONAL DATA

Regardless of how your personal data is provided to the Company, you will always receive detailed information regarding its processing.
In the case of data collected by the Company’s representatives in the scope of purchasing, sales or marketing activities – the provision of personal data is fully voluntary, however, failure to provide such data may result in the inability to contact you in the future.
The provision of your personal data is, in any case, entirely voluntary, however, it is necessary to take action at your request as the data subject. Failure to provide the data will make it impossible for the Company to take the action requested.

Policy dated 11 April 2025