1. Personal data administrator
1.1. The administrator of your personal data is JW_A spółka z ograniczoną odpowiedzialnością with its registered office in Krakow, at Ks. Ignacego Jana Skorupki 11/1, 31-519 Kraków, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000616986, whose registration documentation is stored by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Department of the National Court Register, share capital in the amount of PLN 10,000.00, with NIP number: 6751544353 and REGON number: 364416550 (Administrator).
1.2. The Administrator is also the operator of the Website available at: https://jw-a.pl/ (Website or Website).
1.3. The Administrator also maintains publicly available profiles (Profiles) on social networks:
a. https://www.facebook.com/jwa.team/ provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook).
b. https://www.linkedin.com/company/jw_a/?originalSubdomain=pl provided by LinkedIn Ireland Unlimited Company, 70 Sir John Rogerson’s Quay, Dublin 2, Dublin (LinkedIn).
1.4. You can contact the Administrator using the following contact details: correspondence address: Jana Skorupki 11/1, 31-519 Krakówe-mail address: team@jw-a.pltelephone number: +48 517 275 830.
1.5. The administrator has not appointed a personal data inspector.
2. General information
2.1. This Privacy Policy (Policy) was created in order to present you with the principles of processing and protection of personal data used by the Administrator in relation to personal data of persons using the Administrator’s website available at: https://jw-a.pl/, including persons contacting the Administrator using the contact form available on the Website or using other contact details provided on the Website (Users).
2.2. The Administrator also processes personal data of Users visiting the Administrator’s Profiles referred to in point 1.3. Detailed information in this respect is included in point 5 of this Policy.
2.3. The Administrator attaches particular importance to respecting the privacy of Users whose data he processes.
2.4. The Administrator ensures that all your personal data that we process via the Website, e-mail contact form or in any other way are used by the Administrator only in accordance with applicable law. In particular, the Administrator processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR) and other binding legal provisions.
2.5. This Policy has been introduced:
a. in order to perform the information obligations incumbent on the Administrator in accordance with art. 13 and art. 14 of the GDPR,
b. in order to inform Website users about storing or gaining access to information stored in users’ telecommunications terminal equipment (so-called cookies) in accordance with Article 173 paragraph 1 of the Act of 16 July 2004 Telecommunications Law.
3. Purposes and legal bases of processing personal data
3.1. Your personal data is processed for the following purposes and on the following legal bases:
a. in order to provide services electronically via the Website, including providing you with access to the content collected on the Website and the contact form – in this case, the legal basis for processing is the necessity of processing to conclude and perform the contract (Article 6 (1) (b) of the GDPR),
b. in order to manage the Website, monitor the correctness of its operation and ensure the correctness of the Website operation – in this case, the legal basis for processing is the implementation of the Administrator’s legitimate interest consisting in ensuring the proper operation of the Website (Article 6 (1) (f) of the GDPR),
c. for analytical and statistical purposes – in this case, the legal basis for processing is the implementation of the Administrator’s legitimate interest consisting in conducting analyzes of the Website users’ activity, as well as their preferences in order to improve the functionalities used and services provided (Article 6 (1) (f) of the GDPR),
d. in order to handle communication with you using the contact form or contact details on the Website, by identifying the sender and handling inquiries submitted to the Administrator – in this case: – in the scope of personal data necessary for contact – the legal basis for processing is the necessity of processing to conclude and perform the contract (Article 6 (1) (b) of the GDPR), – in the scope of other personal data – your consent (Article 6 (1) (a) GDPR),
e. for the purpose of direct marketing of the Administrator’s products or services and promotions, including the presentation of offers and marketing content, including in particular in response to inquiries about offers and marketing content addressed to the Administrator – in this case, the legal basis for data processing is the legitimate interest of the Administrator in connection with the consent to contact for marketing purposes in a specific communication channel, if such consent has been given by you (Article 6(1)(f) of the GDPR),
f. in order to consider complaints and complaints in connection with the operation of the Website or other services provided electronically by the Administrator – in this case, the legal basis is the necessity of processing for the conclusion and performance of the contract (Article 6 (1) (b) of the GDPR),
g. in order to possibly establish and pursue claims or defend against them – in this case, the legal basis for processing is the legitimate interest of the Administrator consisting in defending his rights (Article 6 (1) (f) of the GDPR),
h. in order to perform obligations arising from applicable law, e.g. regarding archiving for the purposes of tax and accounting regulations, transfer of data based on decisions of public authorities – in this case, the legal basis for processing is the need to fulfill the legal obligation incumbent on the Administrator (Article 6 (1) (c) of the GDPR).
3.2. If you are a representative of a company or any other entity or person, including a member of its management board, proxy, proxy or any other representative, and on behalf of such entity or person you contact the Administrator using the Website, including the contact form, the Administrator also processes in order to verify your identity, identify persons authorized to represent the entity or person, which you represent, conducting ongoing communication related to the services provided, answering inquiries – in this case, the legal basis for data processing is the legitimate interest of the Administrator consisting in the correct conclusion of the contract, the provision of services and ongoing communication with the client or potential client you represent (Article 6 (1) (f) of the GDPR).
3.3. W związku z korzystaniem z Profili Administratora na portalach LinkedIn oraz Facebook, Administrator przetwarza Państwa dane wyłącznie w związku z prowadzeniem tych Profili, w tym w celu informowania Użytkowników o aktywności Administratora oraz promowania różnego rodzaju usług oraz w celu odpowiedzi na Państwa zapytania kierowane za pośrednictwem tych Profili – w takim przypadku podstawą prawną przetwarzania Państwa danych jest prawnie uzasadniony interes Administratora polegający na promowaniu własnej działalności i usług oraz odpowiadaniu na bieżący kontakt Użytkowników tych profili (art. 6 ust. 1 lit. f RODO). Szczegółowe informacje o takim przetwarzaniu Państwa danych osobowych opisano w pkt 5 niniejszej Polityki Prywatności.
3.4. Based on your personal data, we will not make decisions in an automated manner, nor will they be subject to profiling.
4. Categories and source of origin Personal
4.1. In connection with your use of the Website, the Administrator collects data to the extent necessary to provide individual services offered, as well as information about your activity on the Website.
4.2. The Administrator allows you to contact him via the Website by providing the Website Users with the possibility of using the electronic contact form. Using the form requires providing personal data necessary to contact the Website User and answer the inquiry. The Website User may also provide other data in order to facilitate contact or handling the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to do so results in the inability to handle it. Providing other data is voluntary.
4.3. The Administrator processes personal data provided directly by you (in particular via the form available on the Website), as well as personal data obtained from persons who represent you when using services or other type of contact with the Administrator, your colleagues or other staff, i.e. in connection with Article 14 of the GDPR.
4.4. Depending on what personal data you have provided to us, we may process in particular the following categories of your personal data:a. identification data (e.g. name and surname, company, NIP), b. contact details (registered office or residence address, e-mail address, telephone number, correspondence address).
4.5. In addition, the Website obtains information about Website Users by saving cookies in end devices, m.in. regarding the websites visited by you. Such data may be stored on your computer or other terminal equipment by means of an anonymous tag (identifying your device). More information about cookies can be found in point 11 of the Privacy Policy.
4.6. In addition, the Website may save information about connection parameters (time stamp, IP address, browser and operating system, etc.). More information in this respect can be found in point 12 of the Privacy Policy.
4.7. The Administrator does not envisage the processing of special categories of your personal data. The processing of such personal data may only take place on the basis of your previously given free, separate consent.
5. Administrator's profileson on social networks
5.1. In connection with running Profiles on LinkedIn and Facebook social networks (indicated in point 1.3 of the Policy), the Administrator processes personal data of persons visiting these Profiles.
5.2. The administrators of the data of persons using the Administrator’s Profile on the Facebook social network are both the Administrator and, as a joint controller, i.e. an entity co-responsible for the processing of data of persons using the Administrator’s Profile on this portal – the administrator of Facebook: Facebook Ireland Limited Ltd., address: 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland, on the terms specified in detail in the Privacy Policy of this entity available at: https://www.facebook.com/about/privacy/update.
5.3. The administrators of the data of persons using the Administrator’s Profile on the LinkedIn social network are both the Administrator and, as a joint controller, i.e. an entity co-responsible for the processing of data of persons using the Administrator’s Profile on this portal – the administrator of the LinkedIn portal: LinkedIn Ireland Unlimited Company, address: Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland, on the terms specified in detail in the Policy Privacy of LinkedIn available at: https://pl.linkedin.com/legal/privacy-policy?.
5.4. The data of visitors to the Profiles will not be used for a purpose other than the one for which they were provided. Their processing will be carried out exclusively within the framework of the social networks through which they were transmitted.
5.5. Administrators of social networking sites Facebook and Linkedin may process data for their own purposes, based on other legal bases, as well as collect and process information contained in cookies of persons visiting Profiles, in accordance with the information specified in their privacy policies referred to in points 5.2. and 5.3. Policy.
5.6. Wszelkie dane osobowe zawarte w komentarzach zamieszczanych na Profilach Administratora na portalach społecznościowych Facebook i LinkedIn mogą być również dostępne dla innych użytkowników tych portali społecznościowych.
5.7. On its Website, the Administrator uses referring plug-ins (linking) to the social networks Facebook and LinkedIn. When the Website User uses functions on the Website that contains a plug-in of one of the indicated social networking sites, i.e. Facebook or LinkedIn, it establishes a direct connection to the servers of the relevant social network, and the administrator of this social network receives information that the User has accessed the Website. In such a situation, the administrator or processor may receive your data such as IP number, connection ID, information about the website visited, date and time of using the website, browser information.
5.8. In matters related to the use of Profiles and the above plug-ins, the Website User may contact the Administrator directly using the contact details indicated in point 1.4. of this Policy. The Website User may also, in connection with the use of Profiles and the operation of the above-mentioned plug-ins, contact directly the administrator of a given social networking site, to the addresses indicated by these entities using the following contact details:
a. Facebook: https://www.facebook.com/help/contact/2061665240770586,
b. LinkedIn: https://www.linkedin.com/help/linkedin/ask/ppq.
6. Recipients of data
6.1. The Administrator transfers your personal data only to the extent necessary to achieve the purposes described in this Policy and based on the legal grounds described here and only to their extent. In the case of external entities, outside the control of the Administrator, the Administrator each time verifies the level of protection provided by such entity (recipient of personal data) and on the basis of such verification selects its own service providers and suppliers.
6.2. Taking into account the above, the recipients of your personal data may be:a. Service providers providing IT services for the Administrator, including:
– delivery and maintenance of the Administrator’s internal IT systems,
– providing hosting services and Internet domain,
b. Service providers supporting the Administrator in operational activities, e.g. in the field of receipt of correspondence, accounting services or other ongoing services, including office services,
c. Public administration bodies (in the performance of obligations arising from legal provisions).
6.3. If you use Profiles on LinkedIn and Facebook social networks, the recipients of your data may also be administrators of individual social networking sites who are their joint controllers (whose data is indicated in point 5 of this Policy), as well as recipients indicated by these entities in their own privacy policies referred to in points 5.2. and 5.3. Policy.
6.4. The Administrator does not provide for the transfer of personal data of Website Users to entities located outside the European Economic Area (“EEA”). In the event that your personal data are to be transferred outside the EOC, the Administrator will first verify whether the recipients of the data located outside the EEA ensure a high level of protection of personal data and whether an adequate level of protection of personal data is guaranteed by the provisions of the third country to which the personal data would be transferred (including in particular whether the European Commission has issued a decision stating an adequate level of protection of personal data in such a country). The safeguards we use in such cases are, in particular, the use of standard contractual clauses approved by the European Commission. You have the right to request us to provide you with copies of the standard contractual clauses.
6.5. Information on the possibility of transferring personal data of Profile Users outside the EEA is indicated in the relevant privacy policies of the administrators of the LinkedIn and Facebook social networking sites, referred to in points 5.2. and 5.3. Policy.
7. Data retention period
7.1. We process your personal data only for as long as it is necessary, in particular in relation to services or the handling of complaints.
7.2. After the purpose for which the personal data were processed, they will be irreversibly deleted or anonymized.
7.3. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the Website User’s data are processed until the User’s consent is withdrawn (if the processing is based on the consent given), until the objection is expressed (if the processing is based on the legitimate interest of the Administrator) or for the time of using the Website or correspondence with the Website User, and when the basis for the processing of your personal data is the necessity to perform a legal obligation – for the time necessary to perform this obligation and for the time required by law.
7.4. The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against them, by the period of limitation of claims, if the processing of your personal data will be necessary to establish or pursue possible claims or defend against such claims by the Administrator, and after that time only in the case and to the extent, in which it will be required by law.
8. Your rights
8.1. In the case of processing your data based on the legitimate interest of the Administrator (legal basis: Article 6 (1) (f) of the GDPR), you have the right to object to the processing of personal data at any time (Article 21 of the GDPR). Submitting an objection will result in the Administrator no longer processing this personal data, unless it demonstrates the existence of valid, overriding, legitimate grounds for processing, or grounds for establishing, pursuing or defending claims, about which we will inform you in response to your objection.
8.2. In addition, you have the right to:
a. access your personal data and receive a copy of this data pursuant to Article 15 of the GDPR,
b. rectification of your personal data pursuant to Article 16 of the GDPR,
c. request the Administrator to limit the processing of personal data pursuant to Article 18 of the GDPR, subject to the cases referred to in Article 18(2) of the GDPR,
d. withdraw consent to contact for marketing purposes electronically or via telephone (if such consent has been given by you),
e. request the deletion of personal data on the terms provided for in Article 17 of the GDPR.
8.3. To the extent that the Website User’s data is processed on the basis of consent, it may be withdrawn at any time by contacting the Administrator, which does not affect the lawfulness of data processing before its withdrawal
8.4. If you want to exercise any of your rights described above or have questions about the processing of personal data, you can contact us using the contact details indicated in point 1.4. Policy.
9. Complaints to the supervisory authority
10. Changes
10.1. We may change this Policy from time to time.
10.2. Always up-to-date Policy is available at the address of the Website, i.e.: https://jw-a.pl/o-nas/rodo-pliki-cookies/
11. Cookies
11.1. The Website uses cookies. Cookies are small text files saved by the Website on the Website User’s end device, which the Website can read when reconnecting from this device. Cookies usually contain the name of the website from which they originate, the time of their storage on the end device and a unique number. They are basically divided into two types:
a. session cookies (temporary) – they are deleted after each entry to the Website,
b. persistent cookies – they remain for many visits to the Website.
11.2. The Website uses the following cookies: a. analytical – this type of files measures the number of visits and collects information about traffic on the Website, b. functional – these files associate the preferences of Website Users by remembering the choices made on websites, c. external – used to enable the operation of the Google Analytics tool.
11.3. The entity placing cookies on the Website User’s end device and obtaining access to them is the Administrator, with the exception of external cookies to which the service provider providing the Google Analytics tool has access.
11.4. Cookies do not change the configuration of the device used by the Website User, are not used to install or uninstall any computer programs or interfere with the integrity of the system or data of the Website User.
11.5. You express your consent to the storage or access to cookies by the Administrator on the Website User’s device by means of the software settings (web browser) installed in the end device used by you or by checking checkboxes in the message displayed after entering the Website.
11.6. If the Website User does not want to receive cookies, he can change the browser settings. Software for browsing websites (web browser) usually allows cookies to be stored on the user’s end device by default. Users of the Website may change the settings in this respect. The web browser allows you to delete cookies. It is also possible to automatically block cookies. You can manage and delete cookies at your own discretion. In particular, you can delete all cookies stored on your device, and most web browsers allow you to block cookies. However, if you choose this option, you will have to change your user settings each time you visit our website. Detailed information on this subject and on the management of cookies in your web browser can be found in the help or documentation of the respective web browser.
11.7. Disabling cookies necessary for authentication processes, security, maintaining the preferences of the Website User may hinder, and in extreme cases may even prevent the use of the Website.
11.8. To analyze the behavior and manner of using the Website by Website Users, the Administrator uses the Google Analytics tool, whose provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google Analytics”), in order to create statistics on the functioning of the Website and enable the analysis of activity on the Website.
11.9. Google Analytics uses cookies that are stored on the Website User’s end device and enable the analysis of how the Website User uses the Website.
11.10. Google Analytics does not use the collected data to identify the Website User or combine this information to enable identification. Google Analytics handles the User’s data on the terms set out in detail at: https://support.google.com/analytics/answer/6004245?hl=pl.
11.11. The Administrator informs that the Website User may install an add-on blocking the sending of information to Google Analytics in the search engine, available at: https://tools.google.com/dlpage/gaoptout/
12. Log files of the Website server
12.1. In accordance with the accepted practice of most Services, the Administrator’s Website also stores HTTP requests directed to the Website server (they are identified by URLs). The information stored in server log files is, m.in. the public IP address of the computer from which the request came, the name of the client station, the user name provided in the authorization process, the time of arrival of the request, the URL of the page previously visited by the user, information about the user’s browser. These data are not associated with specific Users of the Website. However, they may occasionally be analyzed to monitor the correctness of the Website, etc.
Last updated: April 2023
Services
Green Building
Strategy and reporting
Climate neutrality
Training and workshops
ESG data management
You will receive an email confirmation of your participation in the recruitment process and information on the next steps.
Good luck!
The HR team
