Get started for free

Privacy Policy

Home / Privacy Policy

Privacy Policy of the website valid from March 31, 2021.

  1. The Data Controller of personal data on the website at the address: www.enovatio.com, hereinafter referred to as the Website, is “ENOVATIO” limited liability company with its registered office in Warsaw, ul. Jacka Odrowąża 15, 03-310 Warsaw, entered into the register of entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS number: 0000143765, VAT ID (NIP): 1132395823, REGON: 015295370, e-mail address: iod@enovatio.com.
  2. Respecting your rights as data subjects (persons whom the data concerns) and in compliance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, GDPR), the Act of 10 May 2018 on the Protection of Personal Data (the Act) and other relevant personal data protection laws, we commit to ensuring the security and confidentiality of the personal data collected from you. All employees have been appropriately trained in personal data processing, and as the Data Controller, we have implemented appropriate safeguards and technical and organizational measures to ensure the highest level of personal data protection. We have implemented data protection procedures and policies compliant with the GDPR, ensuring lawful and reliable data processing as well as enforceability of all rights granted to you as data subjects. Additionally, if necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e., the President of the Personal Data Protection Office (PUODO).
  3. On our Website, we collect the following personal data:

a) First and last name – which may be processed when, as users of our Website (including clients or potential clients), you provide them to us via e-mail, contact form available on our Website, postal mail, or phone contact for the purpose of using our offer.
b) Phone number – may be processed in case of telephone contact from your side (including clients or potential clients), as well as when you provide it to us via e-mail, contact form on the Website, or postal mail, to enable us to contact you if needed in connection with providing services to you, as well as to respond to questions related to our offer.
c) E-mail address – may be processed when, as users of our Website (including clients or potential clients), you provide it to us via e-mail, contact form available on the Website, postal mail, or phone contact; via e-mail we send order confirmations, contact you if needed in connection with order execution, and respond to inquiries related to our offer.
d) Tax Identification Number (NIP) – collected from entrepreneurs and persons who request an invoice and have a NIP.
e) IP address of the device or browser identifier – information resulting from general internet connection rules, such as IP address (and other information contained in system logs), used for technical and statistical purposes, including collecting general demographic data (e.g., about the region from which the connection is made).
f) Other possible data may be collected in the course of handling specific matters or provided by you as users of our Website (including clients or potential clients) via e-mail, contact form, postal mail, or telephone contact.

4. P Providing the data mentioned above is necessary in the cases specified, in particular:
a) to use the services offered on our Website, including without registration (without creating an Account),
b) to execute services ordered by you on our Website,
c) to respond to your inquiries and enable contact via e-mail, contact form, postal mail, or phone,
d) to voluntarily register (create an Account) on our Website; in such a case, we store the data you provide to facilitate future use of services available through the Website until deregistration (Account deletion).

5. Our Website uses Cookies technology to tailor its functioning to your individual needs. Therefore, you may agree that the data and information you enter be remembered, enabling their use in subsequent visits without re-entering them. Owners of other websites will not have access to these data and information. If you do not agree to Website personalization, we suggest disabling Cookies in your browser settings.

6. Each of you, as a user of our Website, may choose whether and to what extent you want to use our services and share your information and data, within the scope set forth in this Privacy Policy.

7. In line with the data minimization principle, we process only those categories of personal data necessary to achieve the purposes described in sections 3 and 4 above.

8. We process personal data for the period necessary to achieve the purposes described in sections 3 and 4. Personal data may be processed longer if such right or obligation arises from specific legal provisions, a legitimate interest of the Controller (described in section 10(c) below), i.e., during the limitation period of claims or until the end of relevant proceedings if they were initiated within the limitation period, or if the service we perform is continuous.

9. The source of personal data processed by the Data Controller are the data subjects themselves.

10. The legal basis for processing your personal data is:
a) Article 6(1)(b) GDPR – necessity for performance of a contract to which you are a party or to take steps at your request prior to entering into a contract, or
b) Article 6(1)(c) GDPR – necessity to comply with legal obligations incumbent on the Controller, or
c) Article 6(1)(f) GDPR – legitimate interests of the Controller, such as establishing, pursuing, or defending claims until the expiration of limitation periods or conclusion of relevant proceedings if initiated within that period, or
d) Article 6(1)(a) GDPR – your consent for personal data processing for specified purposes when no other legal basis applies.

11. Personal data are not transferred by us to third countries or international organizations as defined by GDPR. If personal data were to be transferred to third countries or international organizations, you would be informed in advance, and the Controller would apply safeguards as referred to in Chapter V of the GDPR.

12. We do not disclose any personal data to third parties without your explicit consent. Personal data may be disclosed without your consent only to public law entities, i.e., authorities and administration bodies (e.g., tax authorities, law enforcement, and other entities authorized by generally applicable law).

13. If there is a “Like” button or other links within the Administrator’s social media applications, regarding data such as IP or browser identifier, when the Administrator uses products of:
a) Facebook (e.g., Facebook, Messenger) – such data are processed jointly with Facebook Ireland Ltd., headquartered at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
b) Google (e.g., YouTube, Maps) – such data are processed jointly with Google Ireland Ltd., headquartered at 4 Barrow St, D04 E5W5, Dublin, Ireland (Google Building Gordon House),
c) LinkedIn – such data are processed jointly with LinkedIn Ireland Unlimited Company, headquartered at Wilton Place, Dublin 2, Ireland.
If personal data are transferred to third countries in such cases, it is done according to the rules described in section 11.

14. Personal data may be entrusted for processing to entities processing such data on our behalf as the Data Controller. In such cases, as the Data Controller, we conclude a data processing agreement with the data processor. The data processor processes the entrusted personal data solely for the purposes, within the scope, and under the conditions specified in the processing agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to conduct our activities within the scope of the Website. As the Data Controller, we entrust personal data for processing to the following entities:
a) providing hosting services for the website on which our Website operates,
b) providing other services on our behalf that are necessary for the ongoing operation of the Website.

15. Personal data is not subject to profiling by us as the Data Controller within the meaning of the GDPR.

16. In accordance with the GDPR provisions, every person whose personal data we process as the Data Controller has the right to:
a) be informed about the processing of personal data as referred to in Article 12 of the GDPR,
b) access their personal data as referred to in Article 15 of the GDPR,
c) correct, complete, update, or rectify personal data as referred to in Article 16 of the GDPR,
d) erase data (the right to be forgotten) as referred to in Article 17 of the GDPR,
e) restrict processing as referred to in Article 18 of the GDPR,
f) data portability as referred to in Article 20 of the GDPR,
g) object to the processing of personal data as referred to in Article 21 of the GDPR,
h) in the case of the legal basis mentioned in point 10(d) above – the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,
i) not to be subject to profiling as referred to in Article 22 in conjunction with Article 4(4) of the GDPR,
j) lodge a complaint with the supervisory authority (i.e., the President of the Personal Data Protection Office) as referred to in Article 77 of the GDPR,
taking into account the principles of exercising these rights pursuant to the GDPR.

17. If you wish to exercise your rights referred to in the previous paragraph, please use the appropriate tabs on the Website or send a message by email to the address or in writing to the correspondence address indicated in point 18 below.

18. All inquiries, requests, and complaints regarding the processing of personal data by the Controller, hereinafter referred to as Notifications, should be directed to the following email address: iod@enovatio.com or in writing to the following address: ul. Jacka Odrowąża 15, 03-310 Warsaw.

19. The Notification should clearly indicate:
a) the data of the person or persons to whom the Notification relates,
b) the event that is the reason for the Notification,
c) your demands and the legal basis for these demands,
d) the expected manner of handling the matter.

20. Every identified case of a security breach is documented, and in the event of one of the situations specified in the GDPR or the Act occurring, the persons whose data are affected and, if applicable, the Personal Data Protection Office (PUODO) are informed about such a breach of data protection regulations.

21. All capitalized terms have the meaning assigned to them in the Terms of Use of our Website, unless otherwise results from the content of this Privacy Policy.

22. The provisions of this Privacy Policy apply, to the extent possible, accordingly to all persons with whom we have legal relations and with respect to whom we are also the Data Controller of their personal data, including in particular our clients, contractors, and participants in contests, loyalty programs, or partner programs organized by us.

23. In matters not regulated by this Privacy Policy, the relevant provisions of universally applicable law shall apply. In the event of any inconsistency between the provisions of this Privacy Policy and the aforementioned laws, the laws shall take precedence.

Bądź na bieżąco

Stay informed

Funkcjonalności

Functionalities

Platforma

Platform

Rozwiązania

Solutions

Informacje

Information

Wiedza

Knowledge

© 2025 ENOVATIO. All rights reserved