Privacy policy

As of 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "Regulation" or "GDPR") and the Act on the Protection of Personal Data of 10 May 2018 have entered into force. (Journal of Laws of 2018, item 1000). Both regulations establish a revised system of personal data protection, replacing the previously applicable Polish Act of 29 August 1997 on the protection of personal data. Personal data - any information concerning an identified individual or that allows for the clear identification of that person (determining their identity). These can be both textual data and biometric data (e.g. fingerprints), a person's image (e.g. photos, videos) and other types of data. In every case where we can establish a person's identity based on data, we are dealing with personal data and simultaneously, the data subject. The new law places a strong emphasis on the transparency of data processing rules, including the fulfillment by the Data Controller of information obligations towards the data subject. Striving to ensure transparency in the scope of processing your personal data, as well as compliance with the provisions of the GDPR, we inform you that 41Hubs Sp. z o.o. based in Gdańsk, further referred to as "41Hubs" or "Company", processes your personal data as their data controller. This document has been prepared in such a way that you will find all the necessary information required by the Regulation (GDPR) regarding the processing of your personal data.

The Data Controller of your personal data is 41Hubs based in Gdańsk, tax identification number NIP: 5832852130.

If you want to contact us regarding the processing of personal data, you can do so by email at: developers@41hubs.com

We process your personal data whenever:

1. You place orders for training and consultancy services,
2. Provide consultancy services,
3. When you participate in our organised trainings, conferences, competitions and promotional activities,
4. When you subscribe to our newsletter.

Providing data is voluntary, however, some of your data may be necessary for us to provide the service. Some of your data is necessary for us to meet the requirements specified by law, as mentioned below.

We only process data that is necessary to achieve the purpose for which it was collected. Depending on the type of activity, the scope of data may vary if:

1. You submit orders to us, and we process your data, including your first and last name, phone number, address, and email address;
2. You carry out orders;
3. You participate in events organised by us (e.g. trainings), we process your data, including your first and last name, phone number, email address;
4. You use our website, including the pages you visit, and data read by cookies and similar technologies;
5. We communicate with you electronically or via telecommunications terminal equipment (after obtaining your prior consent to such communication), then (depending on the form of communication), we process data such as: your name, phone number, email address.

We process your personal data in order to take actions at your request (e.g. respond to an enquiry or request), to provide services, including handling any complaints or pursuing claims arising from contracts. Processing some of your personal data is also necessary to fulfil our obligations under the law, such as the obligation to store certain data for a specified period, collect certain information for user verification and identification, or provide data to eligible authorities or entities. We also process your data using cookies If we decide to process your data for a different purpose than we collected it for, we will inform you and ask for your consent, if required by law.

Personal data is processed in accordance with applicable law, in particular with the provisions of the GDPR regarding personal data.

1. Consent given by you, or
2. Consideration of your request or claim, or
3. Conclusion and implementation of a contract, or
4. Pursuit of the data controller's legitimate interests, or
5. Fulfillment by us of obligations arising from applicable law.

The processing time for each case is as follows:

1. In the event that we process your data based on a contract, the processing will continue for as long as the contract is in force and the limitation period for any claims,
2. If you have given consent for processing for a specific purpose, we will process your personal data until you withdraw your consent,
3. The data that we process as part of our legitimate interest will be processed for as long as this interest persists.

Data recipients are individuals authorised by the Data Controller to utilise the data in the execution of their official duties, to whom the Company entrusts the performance of such activities. In some situations, we have the right to transfer your data if necessary for us to fulfil our obligations and comply with applicable laws. When performing certain tasks (including document destruction, data storage, accounting and payroll services, legal services, marketing services, IT services), we utilise the assistance of external entities. In justified cases, the relevant authorities will also receive them from us. In such cases, we entrust personal data to subcontractors to achieve a specific purpose on our behalf (based on a Data Processing Agreement), while still remaining the Data Controller of your data and being responsible for their security. We will only pass on data to three groups:

1. Individuals authorised by us, our employees, associates, and members of the company's governing bodies who require access to the data in order to effectively carry out their responsibilities.
2. Data processors to whom we will assign this task for the specific purpose (e.g. accounting office, law firm, IT company);
3. Other data recipients (e.g. law enforcement authorities, banks).

We do not disclose your data with individuals or third parties, except in situations where:

1. You have provided voluntary consent for such disclosure. The consent given earlier can be revoked by you at any time, in the same simple way it was given;
2. Disclosure is necessary for the performance of the contract or provision of the service.

In special cases, your data may be disclosed to entities authorised to do so under applicable law (e.g. law enforcement authorities, an auditor for the examination of the Company's financial statements). Each request for disclosure is thoroughly examined by us, and data is only transferred if, as a result of this analysis, we determine that there is a valid and effective legal basis for disclosing your data to these entities.

Our partners are mainly based in Poland and other countries of the European Economic Area (EEA). Some of our suppliers are based outside the EEA territory. As your data may be transferred outside the EEA, we have ensured that our suppliers provide guarantees of a high level of personal data protection. These guarantees result in particular from the commitment to apply standard contractual clauses adopted by the Commission (EU) or participation in the "Privacy Shield" programme established under Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield.

We use cookies and other identification technologies on our websites, applications, email messages and online advertisements for the purposes described in this policy. Cookies are small text files stored in the browser or on the device by websites, applications, online media and advertisements. We use cookies and similar technologies for the following purposes:

1. Remembering user preferences and settings;
2. Determining the popularity of content;
3. Running advertising campaigns and measuring their effectiveness;
4. Analysing traffic and trends on websites, overall understanding of online behaviours and interests of people using our services.

We may also allow others to provide us with measurement and analysis services, display advertisements on our behalf across the Internet, and track and report on the results of these advertisements. These entities may use cookies, web navigation signals, Software Development Kits and other technologies to identify the user's device when visiting our website or using our services, as well as when visiting other websites and using other internet services.

The Data Controller makes every effort to ensure physical, technical, and organisational measures to protect personal data from accidental or intentional destruction, accidental loss, alteration, unauthorised disclosure, use or access, in accordance with all applicable regulations.

In relation to the processing of your personal data, you have the following rights:

1. To information about the processing of your personal data, also known as the 'information obligation' (in accordance with Articles 12 and 13 of the GDPR),
2. To access the content of your personal data (in accordance with Article 15 of the GDPR),
3. To rectify your personal data (in accordance with Article 16 of the GDPR), i.e. the correction of incorrect data and completion of incomplete data,
4. To restrict the processing of your personal data (in accordance with Article 18 GDPR),
5. To transfer your personal data to another Data Controller (in accordance with Article 20 of the GDPR),
6. To object to the processing of data for reasons related to your particular situation (in accordance with Article 21(1) of the GDPR), however, this right is not absolute - i.e. despite your objection, we may still process your personal data if we demonstrate that there are important, legitimate grounds for processing, overriding your rights and freedoms, or grounds for establishing, pursuing or defending claims.
7. To object to the processing of your personal data carried out for the purposes of direct marketing, including profiling, to the extent that the processing is related to such direct marketing. This objection does not require justification or conditions for effectiveness - therefore, we will no longer be able to process your personal data for direct marketing purposes.
8. To delete your personal data (in accordance with Article 17 GDPR) - the so-called "right to be forgotten", you can use this right for example, when:
   •   41Hubs processes your personal data unlawfully,
   •   You object to the processing of data for marketing purposes,
   •   The data must be deleted in order for 41Hubs to comply with its legal obligations;
9. You also have the right to lodge a complaint with the supervisory authority, i.e. President of the Personal Data Protection Office.

Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. You can exercise the above rights by submitting a relevant statement to us (Data Controller):

We would like to draw your attention to the fact that from time to time we post links on the website leading to other websites not administered by us. We cannot be held responsible for the content of these sites or for the level of privacy protection implemented by the administrators of these sites. We also encourage you to familiarise yourself with the privacy policy implemented by these websites before providing them with your personal data.

We may update this policy from time to time. If we make significant changes, we will notify you by email. Within the limits permitted by the applicable law, using our services following such notification signifies agreement to the updates to this policy. We encourage you to periodically review this policy for the latest information on our privacy practices. We also provide access to previous versions of our privacy policy.