Privacy Policy
1. General Provisions
The controller of personal data of users of the website https://tenesys.io/privacy-policy/ is TENESYS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Poznań (61-763) at Wroniecka 18/5, KRS: 0000557462, Tax ID: 9721255120, REGON: 36149516300000 (hereinafter: “Controller”). The Website has established an electronic point of contact for direct communication with the authorities of Member States, the Commission, and the Digital Services Board: iod@tenesys.pl. The same point of contact may be used by any Client for direct and prompt communication with the Website. The Website can also be contacted in writing at the following address: Wroniecka 18/5, 61-763 Poznań.
The purpose of this Policy is to define the actions taken with regard to personal data collected through the Controller’s website and related services and tools used by its users, as well as in the course of business activities involving the conclusion and performance of contracts outside the website. If necessary, the provisions of this Policy may be amended.
2. Legal Basis for Processing Personal Data, Purposes, and Retention of Personal Data
Users’ personal data are processed in accordance with the General Data Protection Regulation, i.e., Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, 4.5.2016, p. 1, as amended), the Act on the Protection of Personal Data of 10 May 2018 (consolidated text: Journal of Laws of 2019, item 1781), and the Act on the Provision of Electronic Services of 18 July 2002 (consolidated text: Journal of Laws of 2020, item 344), together with subsequent amendments to the above. The Controller may collect the following data for the following purposes:
I. Performance of a Contract with the Client or Taking Steps at the Request of the Data Subject Prior to Entering into Such Contracts
For this purpose, personal data are processed primarily to enable actions to be taken at the request of the data subject and to enable the Controller to perform contracts for the preparation of infrastructure, maintenance and development of IT systems, contracts for the provision of DevOps services, contracts for the provision of DevOps on Demand services, framework contracts for DevOps work and maintenance of IT systems, partnership agreements, and consulting contracts.
Scope of personal data: first and last name; email address; address (street, house number, apartment number, postal code, city, country), company name, Tax ID, instant messaging identifiers, telephone number.
Legal basis for processing personal data: Article 6(1)(b) of the GDPR (performance of a contract).
Retention period for personal data: We will process personal data for the duration of the business relationship or until the expiration of any claims, whichever occurs later.
II. Establishment, Pursuit, and Enforcement of Claims
For this purpose, personal data are processed to enable the Controller to establish, pursue, and enforce claims.
Scope of data. For this purpose, we may process some of the personal data you provide: first name, last name, address, registered office address, Tax ID, bank account number, email address, telephone number.
Legal basis. The legal basis for processing personal data is Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act, as well as Article 6(1)(b) and (f) of the GDPR, as a legitimate interest—pursuing claims and defending rights.
Retention period for personal data. Personal data will be processed for the limitation period of claims arising from the provisions of the Civil Code. All data processed for accounting and tax purposes are processed for 5 years from the beginning of the year following the financial year in which the operations, transactions, and proceedings were finally completed, settled, accounted for, or time-barred. After the expiration of the above periods, data are deleted or anonymized.
III. Conducting Marketing Activities
For this purpose, personal data are processed primarily to send newsletters regarding our products or services. Please note that you may unsubscribe from receiving the newsletter at any time free of charge by following the instructions contained in each correspondence sent by us. In addition, personal data are processed by us for the purpose of conducting promotional activities.
Scope of data. For this purpose, the Controller processes personal data such as: email address, first name, last name.
Legal basis. The legal basis for processing your data for marketing purposes is your consent to the processing of data for this purpose. The legal basis for processing data is Article 6(1)(a) of the GDPR.
Retention period for personal data. We will process your personal data until you withdraw your consent to receive marketing communications (newsletters) via email. We will process personal data for a maximum of 1 year from the date of the last email opening.
IV. IT Support
For this purpose, your personal data are processed primarily to ensure proper IT support for the contracts we perform, as well as to ensure the proper functioning of the Controller’s website.
Scope of data: Data resulting from cookies, as well as all other data that we process in connection with the Controller’s IT support.
Legal basis: The legal basis for processing your data for IT support purposes is our legitimate interest in ensuring proper support for the platforms operated by the Controller. The legal basis for processing data is Article 6(1)(f) of the GDPR.
Retention period for personal data: We will process your personal data for the duration of cookie storage or for the period specified for other processing purposes (e.g., in the case of processing data in connection with the use of services, we will process data until the expiration of claims arising from the concluded contract).
V. Statistics on the Use of Individual Functionalities, Ensuring IT Security of the Website
For this purpose, personal data are processed to enable the Controller to maintain statistics on the use of individual functionalities and to ensure the IT security of the website.
Scope of data. For these purposes, we process personal data regarding your activity on the websites operated by the Controller, such as: pages and subpages visited, the amount of time spent on each, as well as data regarding your search history, your IP address, location, device ID, and data regarding your browser and operating system.
Legal basis. The legal basis for processing personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Controller in facilitating the use of services provided electronically and improving the functionality of these services.
Retention period for personal data. We will store personal data for the duration of cookie storage on your device (you can independently change cookie storage settings).
VI. Contact with the Client/User—Handling Complaints, Requests, Inquiries
For this purpose, personal data are processed to enable Clients/Users to contact the Controller.
Scope of data. For this purpose, we may process the personal data you provide in connection with submitted inquiries, as well as data regarding the use of our services or the purchase of a product that is the subject of a complaint or request, and data contained in documents attached to the complaint or request. For this purpose, we process first name, last name, email address, telephone number, and instant messaging identifiers.
Legal basis. Our legitimate interest (Article 6(1)(f) of the GDPR), consisting of improving the functionality of our services and better adapting the offer to the needs of buyers. In addition, our legitimate interest is related to building positive relationships between the Controller and the Client/User, based on reliability and loyalty.
Retention period for personal data. We process personal data for the duration of the response to the Client’s/User’s inquiry, complaint, or request. Subsequently, personal data are deleted. At the latest, data are deleted within two months from the date of submission of the complaint, request, or inquiry.
VII. Bookkeeping, Accounting
For this purpose, personal data are processed to enable the Controller to maintain bookkeeping and accounting related to its business activities.
Scope of data. If we issue a VAT invoice or a personalized receipt, we are obliged by applicable law to store these documents and process the personal data contained therein (including: first name, last name, address, name of the business, Tax ID, address of the business) for accounting and bookkeeping purposes.
Legal basis. The legal basis for processing personal data is Article 6(1)(c) of the GDPR, i.e., the necessity for the Controller to fulfill obligations imposed on it by law, and Article 86(1) of the Tax Ordinance, i.e., the Act of 29 August 1997—Tax Ordinance (consolidated text: Journal of Laws of 2022, item 2651, as amended) or Article 74(2) of the Accounting Act, i.e., the Act of 29 September 1994 on Accounting (consolidated text: Journal of Laws of 2023, item 120, as amended).
Retention period for personal data. Personal data are processed by the Controller for the period of retention of accounting, bookkeeping, and tax documentation. Issued personalized receipts and VAT invoices are stored until the expiration of tax obligations, i.e., for 5 years from the beginning of the year following the financial year in which the operations, transactions, and proceedings were finally completed, settled, accounted for, or time-barred.
VIII. Analysis and Statistics
The Controller uses cookies to track website statistics, such as the number of visitors, the type of operating system and web browser used to browse the website, time spent on the website, visited subpages, etc. The Controller uses Google Analytics for this purpose, which involves the use of cookies from Google LLC. Within the cookie settings management mechanism, the user has the option to decide whether the Controller may also use marketing features within the Google Analytics service.
Scope of data. For this purpose, we may process some of the personal data you provide, such as cookies and behavioral data such as the number of visitors, the type of operating system and web browser used to browse the website, time spent on the website, visited subpages.
Legal basis. The legal basis for processing personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Controller in ensuring an appropriate level of services provided.
Retention period for personal data. We will process personal data for this purpose for the duration of research and analysis aimed at improving the operation of available services.
IX. Promotion of Own Services
For this purpose, the Controller uses marketing tools, such as Facebook Pixel, to target advertisements to users. This involves the use of cookies from Facebook. Within the cookie settings management mechanism, the user has the option to decide whether the Controller may use personalized Google AdSense ads in their case.
Scope of data. For this purpose, the Controller may process the following personal data: cookies and behavioral data on how the Controller’s website is used.
Legal basis. The legal basis for processing personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Controller in ensuring an appropriate level of services provided.
Retention period for personal data. We will process personal data for this purpose for the duration of the promotion of our own services.
X. Operating a Contact Form on the Website
For this purpose, the Controller processes Clients’ personal data in order to respond to any inquiries, requests, complaints from Clients, as well as proposals for establishing business cooperation.
Scope of data. For this purpose, the Controller processes the following personal data: first name, last name, email address.
Legal basis. The legal basis for processing personal data is the consent of the data subject, i.e., Article 6(1)(a) of the GDPR.
Retention period for personal data. Personal data will be processed until the withdrawal of any consent. Subsequent withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
XI. Handling Complaints
For this purpose, personal data are processed to enable the Controller to fulfill its obligations related to handling potential complaints submitted by Clients.
Scope of data. For this purpose, the Controller processes the following types of personal data: first name, last name, instant messaging identifiers, email address, telephone number.
Legal basis. The legal basis for processing personal data is Article 6(1)(c) of the GDPR, i.e., the necessity to fulfill a legal obligation imposed on the Controller by generally applicable law.
Retention period for personal data. Personal data will be processed for the duration of the legal obligation imposed on the Controller or, if applicable, until the expiration of any claims related to the concluded contract.
3. Data Sharing
1. The Controller ensures that all collected personal data are used to fulfill obligations to users. This information will not be shared with third parties except in situations where:
a) prior express consent of the persons concerned has been obtained for such action, or
b) the obligation to transfer such data arises or will arise from applicable law, e.g., to law enforcement authorities.
2. In addition, personal data of Clients and Users may be transferred to the following recipients or categories of recipients:
Service providers supplying the Controller with technical, IT, and organizational solutions enabling the Controller to conduct business activities, including the website and electronic services provided through it (in particular, computer software providers, marketing agencies, email and hosting providers, software providers for company management and technical support to the Controller, and product delivery operators)—the Controller shares the collected personal data of the Client with a selected provider acting on its behalf only in cases and to the extent necessary to achieve a given data processing purpose in accordance with this privacy policy.
Providers of accounting, legal, and advisory services providing the Controller with accounting, legal, or advisory support (in particular, accounting offices, law firms, or debt collection companies)—the Controller shares the collected personal data of the Client with a selected provider acting on its behalf only in cases and to the extent necessary to achieve a given data processing purpose in accordance with this privacy policy.
3. The Controller may share anonymized data (i.e., data that do not identify specific Users) with external service providers to better understand the attractiveness of advertisements and services to users, and in this regard, due to the location of software providers, data may be transferred—while maintaining data protection principles—to third countries that, however, ensure standard contractual clauses approved by the European Commission for the processing of personal data or have appropriate authorizations for such activities based on bilateral data processing agreements between the European Union and a given third country, while not being a member of the European Economic Area. These entities in the case of the Controller are:
Google LLC (headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyze website statistics, Google Tag Manager used to manage scripts by easily adding code snippets to a website or application and tracking actions performed by users on the website, Google Ads used to display sponsored links in Google search results and on pages cooperating within the Google AdSense program, Google Workspace enabling comprehensive website editing and coordination of work of people working on it (including Google Drive, Gmail, Google Sheets, Google Forms, Google Looker Studio).
Meta Platforms, Inc. (headquarters: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook Pixel used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build a targeted audience list for future ads.
4. The Controller always informs about the intention to transfer personal data outside the EEA at the stage of their collection.
5. The Controller continuously conducts risk analysis to ensure that personal data are processed by it in a secure manner—ensuring, above all, that access to data is granted only to authorized persons and only to the extent necessary for the tasks they perform. The Controller ensures that all operations on personal data are recorded and performed only by authorized employees and collaborators.
6. The Controller takes all necessary measures to ensure that its subcontractors and other cooperating entities also provide guarantees of applying appropriate security measures in every case where they process personal data on behalf of the Controller.
7. The Controller’s website may use the functionality of Google Analytics, a web analytics service provided by Google, LLC (“Google”). Google Analytics uses cookies to help website operators analyze how visitors use the site. Information generated by the cookie about visitors’ use of the site is generally transmitted to and stored by Google on servers in the United States. In accordance with current IT standards, IP addresses of users visiting the Controller’s website are shortened. Only in exceptional cases is the complete IP address sent to a Google server in the United States and shortened there. On behalf of the Controller, Google will use this information to evaluate the website for its users, compile reports on website traffic, and provide other services related to website traffic and internet usage to website operators. Google will not associate the IP address transmitted as part of Google Analytics with any other data held by Google. More information on how Google Analytics collects and uses data can be found on Google’s official website at: google.com/policies/privacy/partners. In addition, any User can prevent Google from collecting and processing data related to their use of the website by downloading and installing a browser plugin at the following link: http://tools.google.com/dlpage/gaoptout.
8. Furthermore, the Controller uses Google ReCaptcha to prevent spam. More information about cookies used by Google ReCaptcha can be found at the following link: https://cookiedatabase.org/cookie/google-recaptcha/_grecaptcha/. In connection with the use of the Google ReCaptcha service, personal data are transferred to third countries, including in particular the USA.
9. When sharing data with third parties, the Controller makes every effort to ensure that this is done only to entities meeting the criteria and requirements specified in Article 46 or 49 of the GDPR. In appropriate cases, the Controller will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of 16 July 2020, the Controller continues to assess the legal system of countries to which data are transferred and, as necessary, updates measures to ensure appropriate levels of protection.
10. With regard to data transferred to the United States, when sharing data with third parties, the Controller makes every effort to ensure that this is done, in accordance with the European Commission decision of 10 July 2023, only to entities and organizations in the USA that ensure compliance with the new “EU-US Data Privacy Framework.” A list of these organizations has been published by the US Department of Commerce. The transfer of personal data from the EEA to organizations that have joined the “EU-US Data Privacy Framework” program and are on this list is possible without the need to obtain additional authorizations or use legal instruments such as standard contractual clauses or binding corporate rules. However, if a given data importer in the USA has not joined the “EU-US Data Privacy Framework” program, the transfer of personal data to it is possible and will take place after meeting the conditions specified in Article 46 or 49 of the GDPR. In such cases, the Controller will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA.
11. State authorities—we share your personal data if authorized state authorities request it, in particular organizational units of the prosecutor’s office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.
4. User Rights
1. The User whose personal data are processed has the right to:
a) access, rectification, restriction, deletion, or portability,
b) withdraw consent at any time,
c) lodge a complaint with a supervisory authority,
d) object,
e) object to direct marketing.
2. The exercise of the above rights is based on the user’s request sent to the email address: info@tenesys.io. Such a request should include the user’s first and last name.
3. The User ensures that the data provided or published by them on the website are correct.
4. Within what time do we fulfill your request? If, in exercising the rights listed above, you submit a request to us, we will fulfill this request or refuse to fulfill it without delay, but no later than within one month of receiving it. However, if—due to the complex nature of the request or the number of requests—we are unable to fulfill your request within one month, we will fulfill it within the next two months, informing you in advance of the intended extension of the deadline.
5. Right to lodge a complaint—If the processing of personal data violates the law, you may lodge a complaint with the supervisory authority regarding the processing of personal data by the Controller. A complaint may be submitted to the President of the Personal Data Protection Office at the following address: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
5. Cookies
1. “Cookies” are understood as IT data, in particular text files, stored on users’ end devices (usually on the computer’s hard drive or mobile device) used to save specific settings and data by the user’s browser for the purpose of using websites. These files allow the user’s device to be recognized and the website to be displayed appropriately, ensuring comfort during its use. Storing “cookies” therefore enables appropriate preparation of the website and offer according to the user’s preferences—the server recognizes them and remembers preferences such as: visits, clicks, previous actions.
2. “Cookies” contain, in particular, the domain name of the website from which they originate, the time of their storage on the end device, and a unique number used to identify the browser from which the connection to the website is made.
3. The following cookies are used on the Controller’s website:
| Cookie | Domain | Description | Type |
|---|---|---|---|
| __cf_bm | .clutch.co | Cookie set by Cloudflare, used to manage bots and protect the site from attacks. | Necessary |
| _ga | tenesys.io | Cookie set by Polylang, used to remember the user’s preferred language. | Functional |
| _gid | tenesys.io | Google Analytics cookie that anonymously tracks user activity, sessions, and marketing campaigns. | Analytical |
| gat_gtag_UA* | .tenesys.io | Google Analytics cookie, collects data on how users use the site to generate analytical reports. | Analytical |
| bcookie | .tenesys.io | Set by Google Analytics, used to store unique user identifiers. | Analytical |
| li_gc | .linkedin.com | Cookie set by LinkedIn, enabling tracking of the use of embedded services. | Advertising |
| lidc | .linkedin.com | Cookie storing user consent to the use of cookies for purposes other than essential. | Functional |
| ga* | .linkedin.com | LinkedIn cookie that helps in selecting a data center. | Functional |
| dicbo_id | .tenesys.io | Set by Google Analytics, used to store and count page views. | Analytical |
| _fbp | tenesys.io | No information available about this cookie. | Other |
| cf_clearance | .tenesys.io | Cookie set by Facebook, tracking user interactions. | Analytical |
| _gat_UA-* | .clutch.co | No information available about this cookie. | Other |
| _GRECAPTCHA | .tenesys.io | Google Analytics tracks user behavior using this cookie. | Analytical |
| lastExternalReferrerTime | www.google.com | Cookie set by Google reCAPTCHA service, protecting the site from bots. | Necessary |
| lastExternalReferrer | tenesys.io | No information available about this cookie. | Other |
| rc::a | tenesys.io | No information available about this cookie. | Other |
| rc::f | google.com | ReCAPTCHA cookie, used to identify bots and protect against spam attacks. | Necessary |
| rc::b | google.com | ReCAPTCHA cookie, identifying bots to protect the site from spam. | Necessary |
| rc::d-1721131241568 | google.com | ReCAPTCHA cookie that protects the site from bots. | Necessary |
| __cf_bm | google.com | No information available about this cookie. | Other |
| changesOfURL | tenesys.io | No information available about this cookie. | Other |
| rc::c | google.com | Cookie set by the reCAPTCHA service to protect the site from bots. | Other |
4. “Cookies” are used for the purpose of:
a) adapting the content of websites to the user’s preferences and optimizing the use of websites,
b) creating anonymous statistics that, by helping to determine how the user uses the websites, enable improvement of their structure and content,
c) delivering advertising content to website users tailored to their interests.
“Cookies” are not used to identify the user and their identity is not established on their basis.
4. The basic division of “cookies” is their distinction into:
a) Necessary “cookies”—are absolutely necessary for the proper functioning of the website or functionality that the user wants to use, as without them we could not provide many of the services we offer. Some of them also ensure the security of services provided by us electronically.
b) Functional “cookies”—are important for the operation of the website due to the fact that: they serve to enrich the functionality of websites; without them, the website will function correctly, but will not be adapted to the user’s preferences; they serve to ensure a high level of functionality of websites; without them, the level of functionality of the website may decrease, but their absence should not prevent complete use of it; they serve most of the functionality of websites; their blocking will cause selected functions not to work properly.
c) Business cookies – enable the implementation of the business model on which the website is based; blocking them will not render the entire functionality unavailable, but may reduce the level of service due to the website owner’s inability to generate revenue subsidizing its operation. This category includes, for example, advertising cookies.
d) Website configuration cookies – enable the configuration of functions and services on websites.
e) Website security and reliability cookies – enable verification of authenticity and optimization of website performance.
f) Authentication cookies – enable notification when a user is logged in, allowing the website to display appropriate information and functions.
g) Session state cookies – enable the storage of information about how users interact with the website. They may relate to the most frequently visited pages or error messages displayed on certain pages. Session state cookies help improve services and enhance browsing comfort.
h) Process monitoring cookies – enable the efficient operation of the website and its available functions.
i) Advertising cookies – enable the display of advertisements that are more interesting to users and more valuable to publishers and advertisers; cookies may also be used to personalize advertising and to display advertisements outside the website.
j) Location access cookies – enable the customization of displayed information based on the user’s location.
k) Analytics, research, or audience measurement cookies – enable website owners to better understand their users’ preferences and improve and develop products and services through analysis. Typically, the website owner or research company collects information anonymously and processes data on trends without identifying the personal data of individual users.
l) Non-intrusive cookies – include cookies necessary for the proper functioning of the website and required to enable website functionality, but their operation has nothing to do with tracking the user.
m) Research cookies – used to track users, but do not include information that allows (without other data) the identification of a specific user.
5. The use of cookies to customize website content to user preferences does not, as a rule, involve the collection of any information allowing user identification, although this information may sometimes constitute personal data, i.e., data enabling the attribution of certain behaviors to a specific user. Personal data collected using cookies may only be collected for the purpose of performing specific functions for the user. Such data is encrypted in a manner that prevents access by unauthorized persons.
6. Cookies used by this website are not harmful to the user or to the end device they use; therefore, to ensure proper functioning of the service, it is recommended not to disable their handling in browsers. In many cases, software used for browsing websites (web browser) allows by default the storage of information in the form of cookies and other similar technologies on the user’s end device. The user may change the way cookies are used by the browser at any time. To do this, browser settings must be modified. The method of changing settings varies depending on the software used (web browser).
7. Cookies are also used to facilitate user account login, including via social media, and to enable navigation between website subpages without requiring re-login on each subpage. Concurrently, cookies are utilized to secure websites, for example, by preventing unauthorized access.
8. Within cookie technology, the Administrator may use tracking pixels or clear GIFs to collect information about how the user utilizes its services and their response to marketing messages sent via email. A pixel is a software code that allows an object, typically a pixel-sized image, to be embedded on a page, which enables tracking user behavior on the websites where it is placed. Upon providing appropriate consent, the browser automatically establishes a direct connection with the server storing the pixel; therefore, the processing of data collected by the pixel occurs under the data protection policy of the partner who administers the aforementioned server.
9. The Administrator may use web log files (which contain technical data such as the user’s IP address) to monitor traffic within its services, troubleshoot technical issues, detect and prevent fraud, and enforce the terms of the User Agreement.
10. The Administrator does not employ any cross-site tracking technologies, and personal data collected regarding each user is not sold or shared by the Administrator for the purpose of advertising based on multi-contextual behavior analysis across different websites.
11. The Administrator informs that the site does not respond to DNT (Do Not Track) signals; however, the user can disable specific forms of online tracking, including certain analytical data and personalized advertisements, by changing cookie settings in their browser or by using our cookie consent tools (if applicable).
12. Detailed information on changing cookie settings and independently deleting them in the most popular web browsers is available in the browser’s help section and on the following pages:
Google Chrome
Mozilla Firefox
Microsoft Edge
Opera
Safari macOS
Safari iOS/iPad OS
13. Detailed information on managing cookies on a mobile phone or other mobile device should be found in the operating manual of the respective mobile device.
The content of this Privacy Policy was updated on July 16, 2024.
