Privacy Policy

PRIVACY POLICY
§1
Personal Data Processing
Data Administrator
This information applies to personal data processed in connection with the use of this website (the “Website”). The administrator of personal data is Sunbay sp. z o.o. with its registered office in Warsaw, Aleja "Solidarności" 68/121, 00-240 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0001162418, with NIP number 5253039578 and REGON number 541206808 (the “Administrator”).
In matters related to the processing and protection of personal data, you can contact the Administrator via e-mail: [*] or by post to the address of the Administrator's registered office with the note “Personal Data Protection”.
Purposes, legal grounds and data processing period
The Administrator processes personal data provided directly by users, in particular when using the forms available on the Website, conducting correspondence, participating in recruitment processes, and within the framework of business relations. In addition, data collected automatically in connection with the use of the Website, such as device and browser information, IP address, Website usage, subpages visited, traffic data, and statistical and location data, may also be processed.
The Administrator uses only those data for which it has a legal basis, in particular the consent of the data subject, the need to perform a contract or take action prior to its conclusion, a legal obligation incumbent on the Administrator, or the Administrator's legitimate interest. Personal data may be processed in particular for the purpose of responding to inquiries, correspondence, providing information about the Administrator's activities, performing contracts, analyzing the functioning of the Website, detecting and preventing abuse or misuse of the Website, conducting recruitment processes, as well as for the purpose of establishing, investigating, or defending against claims.
Personal data may also be processed for the purpose of fulfilling regulatory obligations. This processing is carried out only to the extent required by law or resulting from the legitimate interests of the Administrator or third parties.
Personal data may be transferred, to the extent necessary and for the necessary period, to entities cooperating with the Administrator. In connection with the use of services provided by certain suppliers (in particular providers of IT, analytical, and marketing tools), personal data may be transferred to third countries.
Personal data is stored for the period necessary to achieve the purpose of processing, and then for the time required by law or until the expiry of the limitation period for claims. In particular, data processed in connection with the contact form is stored for up to 12 months from the end of correspondence, recruitment data for up to 6 months from the end of the recruitment process (and in the case of establishing cooperation – in accordance with labor law provisions), data processed on the basis of marketing consent until its withdrawal, and data related to the performance of contracts for the duration of the contract and 5 years after its termination, in particular for tax and settlement purposes.
Data subjects have the right to access, rectify, delete, restrict processing, transfer data, object to processing, and withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal. Data subjects also have the right to lodge a complaint with the President of the Personal Data Protection Office.
Providing personal data is voluntary, but failure to do so may prevent the achievement of certain objectives, in particular responding to an inquiry, participating in the recruitment process, or concluding a contract.
The Administrator uses appropriate technical and organizational measures to protect personal data against loss, unauthorized access, or unauthorized disclosure.
The Administrator does not make solely automated decisions based on personal data, as referred to in Article 22 GDPR. §2
Cookies
Purpose of using cookies
Cookies are small text files stored on the user's end device (computer, smartphone, tablet) when using the Website. These files most commonly contain: the name of the domain they originate from, their storage time on the device, and a unique number.
The Website uses two main types of cookies: session cookies (automatically deleted when the browser is closed) and persistent cookies (stored for a period specified in their parameters or until deleted by the user).
The Administrator uses cookies in particular for the following purposes:
- ensuring the proper functioning of the Website and its individual features,
- maintaining the user's session and remembering their preferences and settings (e.g. language selection),
- ensuring the security of the Website, including detecting abuse and unauthorised
access,
- remembering the user's decisions regarding consent to the use of cookies,
- conducting statistics and analyses concerning the way users use the Website,
- adapting content displayed on the Website and other services to users' interests (marketing, including remarketing),
-  measuring the effectiveness of marketing and advertising activities.
Categories of cookies
The cookies used on the Website can be divided into the following categories:
- strictly necessary (technical): their purpose is to ensure the proper operation of the Website, the user's session, security mechanisms, and to remember consent choices,
- analytical / statistical: their purpose is to measure Website traffic, analyse user behaviour, and improve content and functionality,
- marketing / advertising: their purpose is to display personalised advertisements, measure campaign effectiveness, remarketing,
- functional: their purpose is to remember user preferences (e.g. language, region), integration with social media, and embedded content.
Managing settings
Upon the user's first visit to the Website, an information banner is displayed enabling the user to grant or refuse consent to the use of individual categories of cookies. The user may accept all cookies, reject cookies other than strictly necessary ones, or adjust their preferences with regard to individual categories.
The user may withdraw consent to the use of cookies at any time.
Notwithstanding the above, the user may manage cookies directly through the settings of the web browser they use.
The Administrator informs that limiting or disabling the use of cookies may affect certain functionalities of the Website, in particular making it difficult or impossible to use part of its resources.
In connection with the use of cookies, users' personal data (including cookie identifiers, IP address, data on activity on the Website) may be transferred to third parties, in particular providers of analytical tools, marketing tools, and social media plug-ins used by the Administrator.
§3
Final provisions
The Administrator reserves the right to modify, amend, or update this Privacy Policy at any time, to the extent necessary to ensure its compliance with applicable laws, regulatory requirements, and changes in the functionality or operation of the Website.