1. General Provisions

The data controller of the users' personal data for the website https://tenesys.io/privacy-policy/ is TENESYS LIMITED LIABILITY COMPANY with its registered office in Poznań (61-763) at 18/5 Wroniecka Street, KRS: 0000557462, NIP: 9721255120, REGON: 36149516300000 (hereinafter: the "Controller"). The service has designated an electronic contact point for direct communication with the authorities of the member states, the Commission, and the Digital Services Council: iod@tenesys.pl. The same contact point can be used by any client for direct and rapid communication with the service. You can also contact the service in writing at its address: Wroniecka 18/5, 61-763 Poznań or Al. Niepodległości 761/1.3, 81-838 Sopot. The purpose of the Policy is to outline the actions taken regarding the personal data collected through the Controller’s website and the related services and tools used by its users, as well as for the purposes of concluding and executing contracts through means other than the website. This Policy may be amended if necessary.

2. Legal Basis for Personal Data Processing, Purposes, and Storage of Personal Data

Users' personal data are processed in accordance with the General Data Protection Regulation (GDPR), i.e., Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119 of 2016, p. 1, as amended), the Polish Personal Data Protection Act of May 10, 2018 (Journal of Laws 2019, item 1781), and the Polish Act on Providing Electronic Services of July 18, 2002 (Journal of Laws 2020, item 344), together with subsequent amendments to these acts. The Controller may collect the following data for the following purposes:

I. Execution of contracts with clients or actions taken at the request of the data subject before the conclusion of such contracts.

In this context, personal data are processed primarily to enable actions to be taken at the request of the data subject and to enable the Controller to execute agreements concerning infrastructure preparation, system maintenance, and development, DevOps services, DevOps on Demand services, framework agreements for DevOps work and IT system maintenance, partnership agreements, and consulting agreements. Scope of personal data: first and last name; email address; address (street, house number, apartment number, postal code, city, country); company name, VAT ID, online messenger IDs, phone number. Legal basis for data processing: Article 6(1)(b) of the GDPR (execution of a contract). Data retention period: Personal data will be processed for the duration of the business cooperation or until the expiration of any potential claims, whichever occurs later.

II. Establishing, pursuing, and enforcing claims

In this context, personal data are processed to enable the Controller to establish, pursue, and enforce claims. Scope of personal data. We may process some of the personal data you provide, such as first and last name, address, business address, VAT ID, bank account number, email address, phone number. Legal basis. The legal basis for data processing is Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act, as well as Article 6(1)(b) and (f) of the GDPR, i.e., the legitimate interest in pursuing claims and defending rights. Data retention period: Personal data will be processed for the limitation period specified in the Civil Code. Any data processed for accounting and tax purposes will be retained for 5 years, starting from the beginning of the year following the fiscal year in which the transactions were completed, settled, or became statute-barred. After the expiration of these periods, the data are deleted or anonymized.

III. Marketing activities

Personal data are processed in this context to send newsletters about our products or services. Please note that you can unsubscribe from the newsletter at any time by following the instructions included in every email we send. Additionally, we process personal data for promotional activities. Scope of personal data: email address, first and last name. Legal basis: The legal basis for processing personal data for marketing purposes is your consent. The legal basis is Article 6(1)(a) of the GDPR. Data retention period: We will process your personal data until you withdraw your consent to receive marketing communications (i.e., the newsletter) via email. We will process personal data for a maximum of 1 year from the date of the last email opened.

IV. IT Support

Personal data are processed in this context mainly to provide adequate IT support for the agreements we execute and to ensure the proper functioning of the Controller’s website. Scope of personal data: Data from cookies and any other data we process related to IT support. Legal basis: The legal basis for processing your data for IT support purposes is our legitimate interest in ensuring the proper support of platforms operated by the Controller. The legal basis is Article 6(1)(f) of the GDPR. Data retention period: We will process your personal data for the duration of the cookie storage period or the period specified for other purposes (e.g., in the case of processing related to the use of services, we will process data until the expiration of any claims from the concluded contract).

V. Usage statistics and IT security of the service

Personal data are processed in this context to allow the Controller to compile statistics on the use of certain functionalities and ensure the IT security of the service. Scope of personal data: In this context, we process personal data related to your activity within the websites operated by the Controller, such as the pages and subpages visited, the time spent on each, as well as data concerning your search history, IP address, location, device ID, and information regarding your browser and operating system. Legal basis: The legal basis for processing personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Controller in facilitating the use of services provided electronically and improving their functionality. Data retention period: We will store your personal data for the duration of the cookie storage on your device (you can change the cookie storage settings yourself).

VI. Client/User contact – handling complaints, requests, inquiries

Personal data are processed in this context to allow Clients/Users to contact the Controller. Scope of personal data: In this context, we may process personal data provided in connection with inquiries, as well as data related to the use of our services or the purchase of a product that is the cause of the complaint or request and data included in the documents attached to the complaint or request. We process the first and last name, email address, phone number, and online messenger IDs for this purpose. Legal basis: Our legitimate interest (Article 6(1)(f) of the GDPR), which relates to improving the functionality of our services and better tailoring the offer to customers' needs. Furthermore, our legitimate interest relates to building positive relations between the Controller and the Client /User, based on reliability and loyalty. Data retention period: Personal data will be processed for the duration of the response to the Client's/User’s inquiry, complaint, or request. Subsequently, the personal data will be deleted. Personal data will be deleted no later than two months after the date of submission of the complaint, request, or inquiry.

VII. Accounting and bookkeeping

Personal data are processed in this context to allow the Controller to carry out accounting and bookkeeping related to its business activities. Scope of personal data: If we issue a VAT invoice or a personal receipt, we are obliged by applicable law to retain these documents and process the personal data contained in them (including: first and last name, address, company name, VAT ID, business address) for accounting and bookkeeping purposes. Legal basis: The legal basis for processing personal data is Article 6(1)(c) of the GDPR, i.e., the necessity to fulfill obligations imposed on the Controller by law, and Article 86(1) of the Tax Ordinance Act, i.e., the Polish Tax Ordinance Act of August 29, 1997 (Journal of Laws 2022, item 2651, as amended), or Article 74(2) of the Polish Accounting Act of September 29, 1994 (Journal of Laws 2023, item 120, as amended). Data retention period: Personal data are processed by the Controller for the duration of the retention of accounting, bookkeeping, and tax documentation. Issued personal receipts and VAT invoices are retained until the expiration of tax liabilities, i.e., for 5 years, starting from the beginning of the year following the fiscal year in which the transactions were completed, settled, or became statute-barred.

VIII. Analysis and statistics

The Controller uses cookies to track website statistics such as the number of visitors, the type of operating system, and the browser used to view the site, the time spent on the site, the pages visited, etc. The Controller uses Google Analytics for this purpose, which involves the use of cookies from Google LLC. In the cookie settings management tool, the user can decide whether the Controller will be able to use marketing features within Google Analytics. Scope of personal data: In this context, we may process certain personal data provided by you, such as cookies and behavioral data such as the number of visitors, type of operating system, and browser used to view the site, time spent on the site, and pages visited. Legal basis: The legal basis for processing personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Controller in ensuring an adequate level of service quality. Data retention period: Personal data will be processed for the duration of research and analysis aimed at improving the functioning of the available services.

IX. Promotion of our services

The Controller uses marketing tools such as Facebook Pixel to target ads to users. This involves the use of cookies from Facebook. In the cookie settings management tool, the user can decide whether the Controller will use personalized Google AdSense ads. Scope of personal data: In this context, the Controller may process the following personal data: cookies and behavioral data regarding the use of the Controller’s website. Legal basis: The legal basis for processing personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Controller in ensuring an adequate level of service quality. Data retention period: Personal data will be processed for the duration of the promotion of the Controller’s services.

X. Contact form on the website

In this context, the Controller processes clients' personal data to respond to inquiries, requests, complaints, as well as proposals for business cooperation. Scope of personal data: In this context, the Controller processes the following personal data: first name, last name, email address. Legal basis: The legal basis for processing personal data is the consent of the data subject, i.e., Article 6(1)(a) of the GDPR. Data retention period: Personal data will be processed until the expiration of any consent. The subsequent withdrawal of consent does not affect the legality of the data processing from the period before the consent was withdrawn.

XI. Handling complaints

In this context, personal data are processed to allow the Controller to fulfill its obligations regarding the handling of potential complaints submitted by clients. Scope of personal data: In this context, the Controller processes the following types of personal data: first name, last name, online messenger IDs, email address, phone number. Legal basis: The legal basis for processing personal data is Article 6(1)(c) of the GDPR, i.e., the necessity to fulfill a legal obligation imposed on the Controller under applicable laws. Data retention period: Personal data will be processed for the duration of the legal obligation imposed on the Controller or until the expiration of any claims related to the concluded contract.

3. Data Sharing

1. The Controller ensures that all collected personal data are used to fulfill obligations toward users. This information will not be shared with third parties except in the following situations:

a) prior explicit consent has been given by the persons concerned for such action, or
b) if the obligation to transfer the data arises or will arise from applicable laws, e.g., to law enforcement authorities.

2. Additionally, clients' and users' personal data may be transferred to the following recipients or categories of recipients:

- service providers supplying the Controller with technical, IT, and organizational solutions that enable the Controller to conduct business activities, including the website and services provided electronically via the website (in particular, software providers, marketing agencies, email and hosting service providers, software providers for company management, and providers of technical assistance to the Controller and the product delivery operator) - the Controller shares collected client data with selected providers acting on its behalf only when and to the extent necessary to achieve the specified data processing purpose in accordance with this privacy policy.
- providers of accounting, legal, and advisory services providing the Controller with accounting, legal, or advisory support (in particular, accounting firms, law firms, or debt collection companies) - the Controller shares collected client data with selected providers acting on its behalf only when and to the extent necessary to achieve the specified data processing purpose in accordance with this privacy policy.

3. The Controller may share anonymized data (i.e., data that do not identify specific users) with external service providers to better understand the attractiveness of advertisements and services to users. In this context, due to the location of software providers, data may be transferred—ensuring protection principles are followed—to third countries that provide standard contractual clauses approved by the European Commission for personal data processing or have relevant permissions based on bilateral data processing agreements between the European Union and the third country in question, which is not part of the European Economic Area. These entities, in the case of the Controller, include:

- Google LLC (address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics, which is used to analyze website statistics, Google Tag Manager, which manages scripts by easily adding code snippets to the site or app and tracking user actions on the website, Google Ads for displaying sponsored links in Google search results and on partner websites as part of the Google AdSense program, Google Workspace for comprehensive site editing and coordination of work on the site (including Google Drive, Gmail, Google Sheets, Google Forms, Google Looker Studio); - Meta Platforms, Inc. (address: 1601 Willow Road, Menlo Park, CA 94025, USA) for Facebook Pixel, which is used to track ad conversions, optimize them based on collected data and statistics, and build audience lists targeted for future ads.

4. The Controller will always inform you of the intention to transfer personal data outside the EEA at the time of data collection.

5. The Controller continuously performs risk assessments to ensure that personal data are processed securely—ensuring above all that access to the data is granted only to authorized persons and only to the extent necessary for the tasks they perform. The Controller ensures that all operations on personal data are recorded and carried out only by authorized employees and associates.

6. The Controller takes all necessary actions to ensure that its subcontractors and other cooperating entities also provide guarantees of appropriate security measures whenever they process personal data on the Controller’s behalf.

7. The Controller's website may use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies to help website operators analyze how visitors use the site. Information generated by cookies about users' use of the website is generally transmitted to and stored by Google on servers in the United States. According to current IT standards, the IP addresses of website users are shortened. Only in exceptional cases is the full IP address sent to Google's server in the United States and shortened there. On behalf of the Controller, Google will use this information to evaluate the website for its users, compile reports on website traffic, and provide other services related to website traffic and internet usage to website operators. Google will not combine the IP address transmitted within Google Analytics with any other data held by Google. For more information on how Google Analytics collects and uses data, please visit Google's official site at google.com/policies/privacy/partners. Furthermore, each user can prevent the collection and processing of data related to their use of the website by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout.

8. Furthermore, the Controller uses Google reCAPTCHA to prevent spam. More information about cookies used by Google reCAPTCHA can be found at the following link: https://cookiedatabase.org/cookie/google-recaptcha/_grecaptcha/. Due to the use of the Google reCAPTCHA service, personal data are transferred to third countries, especially to the USA.

9. The Controller takes all possible efforts to ensure that personal data are shared only with entities that meet the criteria and requirements set forth in Articles 46 or 49 of the GDPR. Where appropriate, the Controller will rely on EU standard contractual clauses and other safeguards to allow for transfers outside the EEA. In compliance with the Court of Justice of the European Union's ruling of July 16, 2020, the Controller continues to assess the legal framework of countries where data are transferred and updates measures as necessary to ensure adequate protection levels.

10. In terms of data transferred to the United States, the Controller ensures that when data are shared with third parties, this only occurs—according to the European Commission's decision of July 10, 2023—with entities and organizations in the USA that comply with the new "EU-US Data Privacy Framework." The list of these organizations has been published by the U.S. Department of Commerce. The transfer of personal data from the EEA to organizations participating in the "EU-US Data Privacy Framework" and included on this list is possible without additional approvals or legal instruments such as standard contractual clauses or binding corporate rules. However, if a U.S. data importer has not joined the "EU-US Data Privacy Framework," the transfer of personal data to them will occur after fulfilling the conditions set forth in Articles 46 or 49 of the GDPR. In such cases, the Controller will rely on EU standard contractual clauses and other safeguards to allow for transfers outside the EEA.

11. Government authorities - we provide your personal data to government authorities if requested by authorized government entities, particularly units of the public prosecutor's office, police, President of the Personal Data Protection Office, President of the Office of Competition and Consumer Protection, or President of the Office of Electronic Communications.

4. User Rights

1. A user whose personal data are being processed has the right to:
a) access, rectification, restriction, deletion, or transfer,
b) withdraw consent at any time,
c) file a complaint with the supervisory authority,
d) object,
e) object to direct marketing,

2. The exercise of the above rights is based on a request sent by the user to the email address: info@tenesys.io. Such a request should include the user’s first and last name.

3. The user ensures that the data they provide or publish on the website are correct.

4. How long do we take to fulfill your request? - If you submit a request to exercise any of the rights mentioned above, we will fulfill the request or refuse it promptly, but no later than within one month of receiving it. However, if—due to the complexity of the request or the number of requests—we are unable to fulfill your request within a month, we will fulfill it within the next two months, informing you in advance of the intended extension.

5. Right to file a complaint - If the processing of personal data violates the law, you may file a complaint with the supervisory authority regarding the processing of personal data by the Data Controller. Complaints can be submitted to the President of the Personal Data Protection Office at the address: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.

5. Cookies

1. "Cookies" refers to computer data, particularly text files stored on users' end devices (usually on a computer hard drive or mobile device) used by the user's browser to store certain settings and data for browsing websites. These files allow the user's device to be recognized and display the website accordingly, ensuring convenience when using the site. Storing cookies allows the website and offer to be appropriately tailored to the user's preferences—the server recognizes the user and remembers preferences such as visits, clicks, previous actions.

2. "Cookies" particularly contain the name of the website domain from which they originate, the time they are stored on the end device, and a unique number used to identify the browser connecting to the website.

3. The Controller’s website uses the following cookies:

Below is a list of cookies, divided by their name, domain, description, and type:

Cookie: __cf_bm Domain: .clutch.co Description: Cookie set by Cloudflare, used to manage bots and protect the site from attacks. Type: Necessary
Cookie: _ga Domain: tenesys.io Description: Cookie set by Polylang, used to remember the user’s preferred language. Type: Functional
Cookie: _gid Domain: tenesys.io Description: Google Analytics cookie, which anonymously tracks users' activity, sessions, and marketing campaigns. Type: Analytical
Cookie: gat_gtag_UA* Domain: .tenesys.io Description: Google Analytics cookie, collects data on how users use the website to generate analytical reports. Type: Analytical
Cookie: bcookie Domain: .tenesys.io Description: Set by Google Analytics, used to store unique user identifiers. Type: Analytical
Cookie: li_gc Domain: .linkedin.com Description: Cookie set by LinkedIn, enabling the tracking of embedded services usage. Type: Advertising
Cookie: lidc Domain: .linkedin.com Description: Cookie that stores the user's consent for cookie usage for non-essential purposes. Type: Functional
Cookie: ga* Domain: .linkedin.com Description: LinkedIn cookie, helps choose the data center. Type: Functional
Cookie: dicbo_id Domain: .tenesys.io Description: Set by Google Analytics, used to store and count page views. Type: Analytical
Cookie: _fbp Domain: tenesys.io Description: No available information about this cookie. Type: Other
Cookie: cf_clearance Domain: .tenesys.io Description: Cookie set by Facebook, tracking user interactions. Type: Analytical
Cookie: _gat_UA-* Domain: .clutch.co Description: No available information about this cookie. Type: Other
Cookie: _GRECAPTCHA Domain: .tenesys.io Description: Google Analytics tracks user behavior via this cookie. Type: Analytical
Cookie: lastExternalReferrerTime Domain: www.google.com Description: Cookie set by Google reCAPTCHA service, protecting the site from bots. Type: Necessary
Cookie: lastExternalReferrer Domain: tenesys.io Description: No available information about this cookie. Type: Other lastExternalReferrer
Cookie: rc::a Domain: tenesys.io Description: No available information about this cookie. Type: Other
Cookie: rc::f Domain: google.com Description: reCAPTCHA cookie, used for bot identification and spam protection. Type: Necessary
Cookie: rc::b Domain: google.com Description: reCAPTCHA cookie, identifying bots to protect the site from spam. Type: Necessary
Cookie: rc::d-1721131241568 Domain: google.com Description: reCAPTCHA cookie, protecting the site from bots. Type: Necessary
Cookie: __cf_bm Domain: google.com Description: No available information about this cookie. Type: Other
Cookie: changesOfURL Domain: tenesys.io Description: No available information about this cookie. Type: Other
Cookie: rc::c Domain: google.com Description: Cookie set by reCAPTCHA service to protect the website from bots. Type: Other

4. Cookies are used to:

a) customize the content of websites to the user's preferences and optimize the use of websites,
b) create anonymous statistics to help improve the structure and content of websites by identifying how users interact with them,
c) provide website users with advertising content tailored to their interests.

Cookies are not used to identify the user, and their identity is not determined based on them.

4. The basic division of cookies is as follows:

a) Essential cookies - are absolutely necessary for the proper functioning of the website or functionalities that the user wishes to use. Without them, we would not be able to provide many of the services we offer. Some also ensure the security of services provided by us electronically.
b) Functional cookies - are important for the operation of the website because:
- they serve to enhance the functionality of websites; without them, the website will work properly but will not be customized to the user's preferences,
- they ensure a high level of website functionality; without them, the functionality of the website may decrease, but their absence should not completely prevent its use,
- they serve most website functionalities; blocking them will cause certain features to malfunction.
c) Business cookies - allow the implementation of the business model on which the website is based; blocking them will not result in the unavailability of all functionalities but may reduce the quality of service due to the inability of the website owner to generate revenue to subsidize its operation. These include advertising cookies.
d) Configuration cookies - allow setting website functions and services.
e) Security and reliability cookies - allow verifying the authenticity and optimizing the performance of websites.
f) Authentication cookies - notify when the user is logged in, so the website can display relevant information and features.
g) Session state cookies - store information about how users use the website. They may relate to the most frequently visited pages or error messages displayed on some pages. Cookies used to store "session state" help improve services and increase the browsing experience.
h) Process cookies - ensure the smooth operation of the website and its available functions.
i) Advertising cookies - allow for displaying ads that are more interesting to users and more valuable to publishers and advertisers; they may also be used for personalizing advertising and displaying ads outside of websites.
j) Location-based cookies - allow displaying information tailored to the user's location.
k) Analytics, research, or audience audit cookies - allow website owners to better understand users' preferences and, through analysis, improve and develop products and services. Typically, the website owner or research company collects anonymous information and processes data on trends without identifying personal information of individual users.
l) Harmless cookies - include cookies necessary for the proper operation of the website and essential for enabling its functionality; however, they are not related to tracking the user.
m) Tracking cookies - used to track users but do not include information that can (without other data) identify a specific user.

5. Using cookies to customize website content to the user's preferences generally does not mean collecting any information that identifies the user, although sometimes this information may be personal data, i.e., data that can attribute certain behaviors to a specific user. Personal data collected using cookies may be collected solely for the purpose of performing certain functions for the user. Such data are encrypted in a way that prevents unauthorized access.

6. Cookies used by this site are not harmful to the user or their end device, so to ensure the proper functioning of the service, it is recommended not to disable them in browsers. In many cases, software used for browsing websites (internet browser) by default allows cookies and other similar technologies to be stored on the user's end device. Users can change the way cookies are used by the browser at any time. To do this, change the browser settings. The method for changing settings varies depending on the software (internet browser) used. Appropriate instructions can be found on the subpages, depending on the browser used.

7. Cookies are also used to facilitate logging into a user account, including via social media, and to allow transitions between subpages on websites without the need to log in again on each subpage. At the same time, cookies are used to secure websites, e.g., to prevent unauthorized access.

8. As part of cookie technology, the Controller may use tracking pixels or clear GIFs to collect information about how the user uses its services and responds to marketing messages sent via email. A pixel is a piece of code that allows embedding an object on a page, usually a one-pixel-sized image, that enables tracking of user behavior on the websites on which it is placed. After giving the appropriate consent, the browser automatically establishes a direct connection to the server storing the pixel, so the processing of data collected by the pixel takes place within the data protection policy of the partner administering the server.

9. The Controller may use internet log files (which contain technical data such as the user's IP address) to monitor traffic within its services, troubleshoot technical problems, detect and prevent fraud, and enforce the Terms of Service.

10. The Controller does not use any cross-site tracking technologies, and the personal data collected for each user are not sold or shared for behavioral advertising across different websites.

11. The Controller informs that the site does not respond to Do Not Track (DNT) signals. However, the user can disable certain forms of network tracking, including some analytics data and personalized ads, by changing cookie settings in their browser or using our cookie consent tools (if applicable).

12. Details on how to change cookie settings and delete them in the most popular web browsers are available in the browser's help section and on the following pages (just click on the relevant link):

a) Google Chrome
b) Mozilla Firefox
c) Microsoft Edge
d) Opera
e) Safari macOS
f) Safari iOS/iPad OS

13. Details on managing cookies on a mobile phone or other mobile device should be found in the user manual of the specific mobile device.

15. The content of this Privacy Policy was updated on July 16, 2024.