This Policy sets out the rules for the processing and protection of personal data provided by Users in connection with their use of the website www.thecodebrothers.pl (the “Website”).

The controller of personal data contained on the Website is THE CODE BROTHERS Limited Liability Company, with its registered office in Siemianowice Śląskie (41-103), ul. Plac 11 Listopada 5/10, NIP: 643-177-69-32, KRS: 0000947099 (the “Controller”).

For additional information regarding the processing of your personal data, please contact us via email at biuro@thecodebrothers.pl or in writing to the registered office address indicated above.

The Controller reserves the right to amend this Policy. Each Website User is obliged to familiarize themselves with the provisions of the current version. Amendments may result from technological development, changes in applicable laws, or the implementation of new functionalities. Updates will be communicated by posting a new version on the Website or via customary means, including email notices.

In connection with the User’s use of the Website, the Controller processes personal data in the scope necessary to provide services offered, including data provided directly by the User and collected automatically.

Below are the detailed rules and purposes of processing:

Voluntary provision of data:

Providing personal data is voluntary yet necessary to fulfil the purposes described above. Failure to provide data may prevent contract execution or the use of certain services.

Profiling

No automated decision-making, including profiling under Art. 22 GDPR, is carried out.

Data Recipients

The Controller does not make decisions based solely on automated processing, including profiling under Art. 22 GDPR.

• its employees and associates who, based on appropriate and limited authorisation, may access User data in connection with the performance of their professional duties;
• external entities entrusted with the processing of personal data, in particular providers of technical services (e.g., IT service providers, software and infrastructure providers);
• authorised entities, to the extent and under the rules provided for by applicable law.

Transfers outside the EEA

As a rule, the personal data of Users will not be transferred outside the European Economic Area (hereinafter: the “EEA”). However, taking into account the provision of IT support services and infrastructure maintenance by our subcontractors, the Controller may entrust specific activities or IT-related tasks to trusted subcontractors operating outside the EEA, which may result in the transfer of User data outside the EEA. Data recipients located in countries outside the EEA that are covered by an adequacy decision of the European Commission are considered to provide a level of personal data protection consistent with EEA standards.

In the case of recipients located in countries not covered by an adequacy decision of the European Commission, in order to ensure an appropriate level of protection, the Controller or an entity acting on behalf of the Controller concludes agreements with such recipients based on Standard Contractual Clauses issued by the European Commission, or the Controller applies other appropriate safeguards required by personal data protection legislation.

Rights of the Data Subject in Connection with Data Processing

The GDPR grants individuals specific rights regarding the processing of their personal data by data controllers. Accordingly, Users of the Website have the right to:

• access their personal data and obtain a copy of it (Art. 15 GDPR).
• rectify or update their personal data (Art. 16 GDPR),
• erase personal data (Art. 17 GDPR),
• restrict processing (Art. 18 GDPR),
• withdraw consent — where consent is the legal basis for processing (Art. 7(3) GDPR); withdrawal of consent does not affect the lawfulness of processing based on consent
• object to processing where the legal basis is the legitimate interest of the Controller (Art. 21 GDPR),
• lodge a complaint with the President of the Personal Data Protection Office (PUODO), if they believe their personal data is processed in violation of GDPR.

To exercise these rights, Users should contact the Controller at: biuro@thecodebrothers.pl or by sending a written request to the address of the Controller’s registered office indicated above.

Please note that the rights indicated above are not absolute and may not apply in every case of data processing performed by the Controller. Before fulfilling a request, the Controller may be required to verify the identity of the requesting individual as the data subject to whom the request relates.

In connection with the User’s interaction with the Controller’s profiles on social media platforms:

• https://www.facebook.com/thecodebrothers?locale=pl_PL
• https://www.linkedin.com/company/thecodebrothers/?originalSubdomain=pl,
• https://www.instagram.com/the_codebrothers/

the Controller processes personal data of Users.

Below are the purposes, legal bases, and storage periods:

Voluntary provision of data:

Providing personal data is voluntary but may be necessary to engage in interactions within our social media profiles. Without providing such data, participation may not be possible.

Profiling

No automated decision-making, including profiling under Art. 22 GDPR, is carried out.

Data Recipients

The categories of recipients of personal data processed by the Controller depend primarily on the products and services used by the User within the given social media platform, as well as on the User’s consent or applicable legal provisions. The Controller may disclose Users’ personal data, in particular, to:

• its employees and associates who, based on appropriate and limited authorisation, may access User data in connection with the performance of their professional duties;
• external entities entrusted with the processing of personal data of Users, in particular providers of technical services (e.g., IT service providers, providers of information systems), courier and transport companies, entities providing debt collection services, etc.;
• authorised entities, to the extent and under the rules provided for by applicable law.

Transfers outside the EEA

As a rule, the personal data of Users will not be transferred outside the European Economic Area (hereinafter: the “EEA”). However, taking into account the provision of IT support services and infrastructure maintenance by our subcontractors, the Controller may entrust specific activities or IT-related tasks to trusted subcontractors operating outside the EEA, which may result in the transfer of User data outside the EEA. Data recipients located in countries outside the EEA that are covered by an adequacy decision of the European Commission are considered to provide a level of personal data protection consistent with EEA standards.

In the case of recipients located in countries not covered by an adequacy decision of the European Commission, in order to ensure an appropriate level of protection, the Controller or an entity acting on behalf of the Controller concludes agreements with such recipients based on Standard Contractual Clauses issued by the European Commission, or the Controller applies other appropriate safeguards required by personal data protection legislation.

Rights of the Data Subject in Connection with Data Processing

The GDPR grants individuals specific rights regarding the processing of their personal data by data controllers. Accordingly, Users of the Website have the right to:

• access their personal data and obtain a copy of it (Art. 15 GDPR).
• rectify or update their personal data (Art. 16 GDPR),
• erase personal data (Art. 17 GDPR),
• restrict processing (Art. 18 GDPR),
• withdraw consent — where consent is the legal basis for processing (Art. 7(3) GDPR); withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal,
• object to processing where the legal basis is the legitimate interest of the Controller (Art. 21 GDPR),
• lodge a complaint with the President of the Personal Data Protection Office (PUODO) if they believe that personal data is processed in violation of GDPR.

To exercise these rights, Users should contact the Controller at: biuro@thecodebrothers.pl or by sending a written request to the registered office address indicated above.

Please note that the rights indicated above are not absolute and may not apply in every case of data processing performed by the Controller. Before fulfilling a request, the Controller may be required to verify the identity of the requesting individual as the data subject to whom the request relates.

Joint Controllership of Social Media Data

The Controller may process personal data of Users visiting the Controller’s official profiles on social media platforms (i.e., Facebook, LinkedIn, Instagram) in order to analyse how Users interact with the Controller’s content (e.g., following or unfollowing the profile, liking, commenting, sharing posts, and other reactions), which constitutes the Controller’s legitimate interest based on Art. 6(1)(f) GDPR (statistics and profile optimisation). In such cases, the Controller and the operator of the respective social media platform may act as joint controllers with respect to data processing for statistical purposes.

Further information regarding the processing of personal data by social media platform operators is available at:

• in this Policy
• Facebook: www.facebook.com/privacy/policy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy,
• Instagram: https://help.instagram.com/519522125107875 

The platform operator is responsible for notifying Users about data processing for statistical purposes and enabling Users to exercise their rights under GDPR.

As part of the operation of the Website, the Controller may provide links to external websites, including in particular:

• Google Play Store

(details regarding data processing rules you’ll find: here.

• Apple App Store

(details regarding data processing rules you’ll find: here.

These links are provided for the purpose of presenting mobile applications developed by the Controller upon the request of its clients.

The Controller informs that the applications made available under the above links are not owned by the Controller — they are products belonging to the Controller’s clients, and the Controller acts solely as the technical developer. The Controller is not the controller of personal data processed within these applications and is not responsible for the content, functionalities, or privacy policies applicable on the destination websites.
Detailed information on the rules for processing personal data by the owners of these applications must be obtained directly from the respective application owners, in particular by reviewing the privacy policy provided within the application or on the application owner’s website.

The responsibility for informing Users about the processing of personal data on destination websites or within the applications rests solely with the owners of such websites and applications.

1. The Website does not automatically collect any information, except for information contained in cookies.
2. Cookies are small text files stored on the User’s end device that enable the use of the Website and improve its operation. Cookies typically contain the name of the website from which they originate, the duration of storage on the end device, and a unique identifier.
3. The Website uses cookies classified as follows:
   • By duration of storage: Session cookies – created each time the Website is accessed and deleted when the browser window is closed, Persistent cookies – stored on the User’s device for a specified period or until the User deletes them.
   • By source: First-party cookies – originating directly from the Website and stored under the Controller’s domain, Third-party cookies – placed on the Website by external service providers used by the Controller (e.g., Google).
4. Cookies are used for the following purposes:
   • adapting the Website content to User preferences and optimizing Website use; in particular, they allow recognition of the User’s device and proper display of the Website according to technical requirements,
   • creating Website usage statistics (including via Google Analytics) to understand how Users interact with the Website, enabling improvements to its structure and content, displaying personalised advertisements tailored to the interests and online behaviour of Users,
   • displaying personalised advertisements tailored to the interests and online behaviour of Users,
   • analysing the effectiveness of advertising and promotional campaigns.
5. The following types of cookies are used on the Website:
   • Necessary cookies – enable the use of services available through the Website, such as authentication cookies required for accessing secured functionalities;
   • Security cookies – used to ensure Website security, including detecting authentication misuse and preventing fraudulent activities;
   • Performance cookies – enable the collection of information on how Users interact with the Website and allow us to improve its operation and efficiency;
   • Functional cookies – allow the Website to “remember” User-selected settings and personalise the User interface, e.g., language choice, region, font size, Website appearance, etc.;
   • Advertising cookies – enable the delivery of advertising content better tailored to Users’ interests.
6. Third-party cookies (e.g., belonging to service providers or business partners) may be placed and used on the User’s device in order to enable the use of services and technologies provided by external entities that are embedded within the Website. The Website includes buttons, tools or embedded content linking to the services and webpages of the Controller’s partners (e.g., social media plugins such as Facebook or Instagram). The use of such plugins may result in the transmission of information through cookies or similar internet technologies to these external entities and other partners cooperating with the Controller. Therefore, the Controller encourages Users to review the cookie policies of the external entities to which links are provided on the Website.
7. In most cases, the software used for browsing the Website (i.e., the web browser) allows cookies to be stored on the User’s end device by default. In such situations, Users may change their cookie settings at any time. These settings may be modified in particular to: block the automatic handling of cookies in the browser settings, or receive a notification each time cookies are placed on the User’s device. Detailed information on the possibilities and methods for managing cookies can be found in the settings of the web browser software.
8. The Controller informs that restricting the use of cookies may affect certain functionalities available within the Website.
9. Cookies stored on the User’s end device may also be used by advertisers and partners cooperating with the Website operator.
10. Information on managing cookies in individual web browsers — including instructions on how to block the receipt of cookies — can be found on the websites dedicated to each browser:
    • Chrome: support.google.com/chrome/answer/95647
    • Firefox: support.mozilla.org/kb/cookies
    • Internet Explorer: https://support.microsoft.com/help/17442
    • Microsoft Edge: https://support.microsoft.com/help/4468242
    • Opera: https://help.opera.com/pl/latest/web-preferences/#cookies
    • Safari: https://support.apple.com/HT201265. 
11. If the User does not wish cookies or similar technologies to remain stored in the web browser of the device used, they should delete them from their browser after finishing their visit to the Website.