This Privacy Policy sets out the rules for the processing of all information of the nature of personal data that has been obtained by HERODOT Sp. z o.o. z based in Wrocław in connection with the Users' use of information and services available through the website maintained under the domain

Personal Data Controller

1. The personal data Controller (hereinafter called the Controller) is HERODOT Sp. z o.o. with it’s registered office in Wrocław at ul. Powstańców Śląskich 7a, 53 – 332 Wrocław, entered in the Register of Entrepreneurs of the Nation Court Register kept by the District Court for the city of Wrocław – Fabryczna in Wrocław, VI Commercial Division of the National Court Register as KRS number KRS 0000746298, NIP: 8971806431, REGON: 361032055, for and on behalf of which act Kamil Rzeźnicki – President of the Management Board and Maria Mirek -Member of the Management Board, e-mail:

2. The Controller processes Users' personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data (hereinafter referred to as "GDPR"), the Act of 18.07.2002 - on the provision of electronic services and other generally applicable provisions of law.

3. The Controller attaches great importance to the protection of privacy and confidentiality of the Website Users' personal data, with due diligence selects and applies appropriate technical and organizational measures ensuring the protection and processing of personal data.

4. In matters related to the User's data, please contact the following e-mail address:

What information do we collect?

1. Users' personal data is processed on servers that ensure their security. We make every effort to ensure that the data is processed in accordance with the purpose and scope of using our services available through the Website, including subpages, applications and other functionalities made available by the Controller, so as to make the use of the Website as safe and convenient for Users as possible.

2. The website uses the Facebook Pixel, LinkedIn Insight Tag and Twitter Analytics services that collect anonymous information about the website pages visited by its individual Users using cookies.

3. The websites of the Controller's partners to which the links are provided on the website are subject to their own privacy policy (in this regard in the scope of using cookies).

4. Providing data is voluntary, however failure to do so may prevent the use of the Controller's offer.

5. The data will be processed for purposes related to the use of services available through the Website.

6. By using the Website, the User accepts the rules contained in the presented Privacy Policy.

7. The user has the right to lodge a complaint with the supervisory body - the President of the Data Protection Office, if he considers that the processing of his personal data violates the provisions on the protection of personal data.

8. Based on the provisions of the GDPR, the Controller is entitled to proces the User’s personal data in the following circumstances:

  • The User agrees to the processing of the personal data;
  • The processing of the User's personal data will be necessary to fulfill the legal obligation incumbent on the Controller;
  • When it is necessary for the purposes of the legitimate interests pursued by the Controller or by third parties.

9. Period of personal data storage:

  • Cookies: depending on the nature of the data, but no longer than 2 years from the moment the User gives his consent,
  • Analytical data: in the case of consent until its withdrawal, restriction or other actions on your part limiting this consent,
  • Other data: in the case of necessary data for the performance of the contract, for the duration of its performance and until the expiry of the limitation of claims under this contract.

10. Users' personal data may be shared with the following entities:

  • Employees and associates of the Controller who have been authorized for the processing of personal data;
  • Entities processing data on behalf of the Controller;
  • public authorities to whom the data will be transferred due to the conducted proceedings and on the basis of applicable law.

Data Transfer

The Company informs that it uses services offered by global service providers that are part of global organizations such as Notion Labs, Inc., Slack Technologies, Inc., Google LLC, Calamari sp. z o.o. sp. k., Dropbox, Inc., COING Inc. operating in the European Economic Area (“EEA”), which may transfer data to the United States. These companies offer cloud solutions to the Company and declare that they have implemented an adequate level of protection and appropriate safeguards under the GDPR. The processing of personal data also takes place on the basis of the European Commission's standard contractual clauses, which are part of the agreements on data processing concluded between the Employer and the service providers. In relation to the above, the transfer of personal data to processors located outside the EEA takes place on the basis of one of the prerequisites set out in Article 49 of the GDPR, i.e. for the purpose of implementing the agreement concluded between the Contractor and the Principal, as well as contractual obligations arising from the agreement concluded by the controller in the interest of the persons whose data are processed in the aforementioned systems, including via email and using the IT solutions offered by the aforementioned providers. Due to the cancellation of the so-called Privacy Shield (“Privacy Shield”) on EU-US data flows and determining the adequate level of protection and due to the lack of adequate safeguards, the Employer informs that in the above cases it does not provide an adequate level of protection for personal data.

The data may also be transferred within the capital group which includes TISA LAB Sp. z o.o. with headquarters in Wrocław, HERODOT Sp. z o.o. based in Wrocław and TISA AG Ltd. based in Switzerland on the basis of contracts for entrusting the processing of personal data. In these cases, the data is processed in accordance with the decision of the Commission of the European Communities of 26 July 2000 issued pursuant to Directive 95/46 / EC of the European Parliament and of the Council on the adequate protection of personal data in Switzerland (2000/518 / EC).

What rights are the Users entitled to?

The user is authorized to:

1. Requests to obtain a copy of personal data or make it available at the headquarters of HeroDOT (Article 15 GDPR);

2. Request for rectification of personal data (Article 16 of the GDPR);

3. Request to delete your personal data (Article 17 of the GDPR), the so-called "The right to be forgotten");

4. Request to limit the processing of your personal data (Article 18 of the GDPR);

5. Request to transfer your own personal data in a commonly used format to another Data Controller indicated by you (Article 20 of the GDPR);

6. Raising an objection to the processing of personal data (Article 21 of the GDPR);

7. Withdrawal of consent to the processing of personal data, provided that the processing takes place on the basis of a prior consent (Article 7.3 of the GDPR).

The User has the right to withdraw consent to the processing of data provided by the User at any time. The Controller, in the event of becoming aware of the withdrawal of consent, will immediately take steps to delete the stored data.

Profiling, targeting and cookies policy

Data on website traffic is used for profiling and targeting advertisements on external websites - Facebook, Google, Instagram. They are based on non-specific criteria that make it impossible to identify a single user.

Cookies files:

The website automatically collects data in cookie files;

1. Cookies should be understood as IT data, in particular text files, stored in Users' end devices intended for the use of websites;

2. Cookies are used by the Controller only to operate the Website, including to recognize the User's device and display the Website pages in a manner that is delivered to his individual needs, as well as to create anonymous Website statistics and improve the efficiency and effect of using the Website;

3. Cookies are not used to obtain any personal data of Users;

4. The user may consent to the storage of cookies by selecting consent.

Controlling and deleting cookies

The user can change the way cookies are used at any time. Most browsers offer the option of accepting or rejecting all cookies, only accepting certain types, or informing the user each time a website tries to save them. The user can also easily delete cookies that have already been stored on the device by the browser. The options for managing and deleting cookies vary depending on the browser used. You can find all the necessary information by using the Help function in your browser or by visiting the website, where it is explained how to control and delete cookies in the most popular browsers. Remember that blocking all cookies may cause difficulties in operation or completely prevent the use of some of the website's functionalities.

This Privacy Policy may be changed due to technological development and modification of the existing standards. Therefore, the Controller undertakes to periodically and regularly verify the Policy in order to introduce the most up-to-date regulations, both legal and technological.

Information for mobile devices is available on the following pages: