Felhasználási Feltételek

PRIVACY POLICY AND DATA PROCESSING

Welcome to the SENTIONE.COM website (the “Website”) operated by SentiOne S.A. with its registered office in Gdańsk, at ul. Lęborska 3B, 80-386 Gdańsk, hereinafter referred to as “SentiOne” or the “Company.”

SentiOne places great importance on safeguarding the privacy of individuals and the personal data processed in connection with our activities.

As a responsible and transparent organization, we undertake to provide clear information about the processing of personal data in accordance with applicable laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). This privacy policy (“Policy”) presents the key information related to the processing of personal data in our operations.

This Policy describes how we collect, use, and protect the personal data you provide, the purposes and legal bases for processing, and your rights as a data subject regarding your personal data.

DATA CONTROLLER
The data controller is SentiOne S.A., with its registered office in Gdańsk, at ul. Lęborska 3B, 80-386 Gdańsk, registered in the Register of Entrepreneurs of the National Court Register maintained by the Gdańsk-Północ District Court in Gdańsk, VII Commercial Division of the National Court Register, under KRS number 0000904567, NIP: 5252520285, REGON: 145863272 (the “Controller”).

CONTACT FOR DATA PROTECTION MATTERS
If you have any questions or concerns about how SentiOne processes your personal data, wish to exercise your rights under the GDPR, or report a data breach, please contact our Data Protection Officer:

Email: privacy@sentione.com
Mail: SentiOne S.A., ul. Lęborska 3B, 80-386 Gdańsk

JOINT CONTROLLERS
In connection with the operation of the Website and as the owner of SentiOne profiles on websites and social media platforms, to achieve our business objectives and provide high-quality services, SentiOne processes your personal data jointly with other entities within the scope of joint controllership arrangements.

Each joint controller independently determines the purposes and means of data processing, in accordance with the GDPR. The scope of their responsibilities may vary depending on the context or platform. SentiOne is responsible solely for the personal data it processes itself within these joint controllership arrangements.

Further information regarding joint controllership can be found in the chapter “Detailed Information on Data Processing.”

TRANSFER OF PERSONAL DATA
Personal data will be transferred by the Controller only to trusted entities with which the controller has entered into appropriate cooperation agreements, such as: entities providing and managing IT systems or solutions used on the Website or Company, entities supporting the operation and servicing of the Website, providers of accounting, legal, marketing, event, postal, courier services, and online payment operators.

Personal data will generally not be transferred outside the European Economic Area (EEA) nor disclosed to international organizations. However, if, as the Controller, we use providers outside the EEA, we will exercise due diligence to ensure that processing is compliant with applicable laws and occurs under conditions approved by the European Commission, particularly in terms of providing an adequate level of personal data protection.

EXERCISING YOUR RIGHTS
In relation to the processing of your personal data, you have the right to:

Withdraw consent to processing (if processing is based on your consent);
Access your personal data;
Request the rectification of your personal data;
Request the erasure or restriction of processing of your personal data;
Object to processing based on legitimate interests (unless overriding legal grounds are applicable) or for direct marketing purposes;
Object to automated decision-making affecting you significantly;
Data portability, i.e., receive your data in a machine-readable format or transfer it to another controller;
Lodge a complaint with the supervisory authority, in Poland, the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

To exercise your rights or if you have any questions regarding this policy, the processing of your personal data, or your rights to data protection, we encourage you to contact our Data Protection Officer at: privacy@sentione.com.

DETAILED INFORMATION REGARDING THE PROCESSING OF YOUR PERSONAL DATA
We may process your personal data in various ways and in different situations, depending on whether you are a Partner, Customer, Supplier, or User of our website, whether you use our fan pages or social media accounts, or if you are interested in cooperation or employment with SentiOne.

We exercise particular diligence to protect the interests of data subjects, and in particular, we ensure that the data we collect is:

processed in accordance with the law;
collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes;
substantively correct and adequate in relation to the purposes for which they are processed, and stored in a form that allows identification of the data subjects no longer than necessary to achieve the purpose of processing.

Below, we provide information on the processing of personal data organized into sets dedicated to categories of individuals and their relationship with SentiOne, enabling you to quickly find the information relevant to you.

Users (current and potential) of the website in the domain SentiOne.com and other standalone web pages (landing pages) created by us, as well as our accounts on social media platforms (fan pages)
We have obtained your personal data:

directly from you during the conclusion and execution of agreements, e.g., the Website agreement;
from your employer, e.g., in connection with your use of services dedicated to your employer within the Website;
directly from you, while using the Website or interacting on our social media accounts;
from an authorized entity acting on your behalf.

We may process personal data within the scope of: contact details (e.g., email address, phone number), identification data (e.g., name, surname or company name), data necessary for financial settlements and documentation (NIP, address of the individual or business), payer information, transactions, payment methods, information about user accounts on social media (to the extent necessary for logging into the Website), cookie contents, access information to the Website (e.g., IP addresses, browser parameters), unstructured information (content with potential or likely personal data, e.g., activity on the website, comments, correspondence sent to us, information shared in conversations with chatbots and voice bots).

On the Website, using cookies, we utilize operational, analytical, and marketing support tools provided by our partners or social media platforms.

More details can be found in our Cookie Policy.

Purposes of processing data and legal grounds

Establishing communication and maintaining relationships with a potential User of the website or through social media services — processing is necessary for the legitimate interests of the controller, consisting of maintaining communication with potential clients and supporters of the brand (art. 6(1)(f) GDPR).
Fulfilling the provisions of the Agreement — processing is necessary for the performance of pre-contractual activities and for the implementation of its provisions, including providing services of the website and communication and maintaining relationships with the User of the website, in accordance with the regulations accepted by the User (art. 6(1)(b) GDPR).
Initiating communication and maintaining business relationships — processing is necessary for the legitimate interests of the controller consisting of purchasing goods and services necessary for conducting business (art. 6(1)(f) GDPR).
Maintaining accounting and tax documentation — processing is necessary to fulfill a legal obligation resulting from Article 74 of the accounting act and other laws applicable to taxpayers (art. 6(1)(c) GDPR).
Pursuing claims and protecting against claims — processing is necessary for the legitimate interests of the controller (art. 6(1)(f) GDPR).
Marketing of own services, when processing is necessary for purposes arising from the legitimate interests of the controller (art. 6(1)(f) GDPR), and in the case of execution via a designated communication channel [email], based on the consent granted in this scope (art. 6(1)(a) GDPR in conjunction with art. 398(1) of the Act on Electronic Communications).
Marketing of own services may be preceded by profiling, understood as automated matching of shared content according to Customer interests or needs, when processing is necessary for purposes arising from the legitimate interests of the controller (art. 6(1)(f) GDPR), and in the case of profiling that significantly influences your decisions, only if such consent has been granted (art. 6(1)(a) GDPR).

Duration of Processing

Your personal data will be processed for the period during which you remain an active User of the Website, and thereafter for the period necessary to comply with legal obligations, pursue or defend against potential claims, but not longer than 6 years.
Data is processed accordingly for the period:
1. Until you submit a valid objection/request for data deletion — applies to points 1, 3, 6, and 7 above, excluding email communication;
2. Until the termination or expiration of the contract — applies to point 2 above;
3. 5 years from the end of the calendar year in which the contract was terminated or expired — applies to point 4 above;
4. For the statute of limitations on claims — applies to point 5 above;
5. Until you withdraw consent — applies to points 6 and 7 above.
Your personal data processed in social media services:

Data collected in private messages — processed for the time necessary to respond to your inquiries or until the cooperation ends;
Data contained in comments under a selected publication — available until deleted by the author of the publication or comment;
Personal data collected by social media platforms, e.g., history of posts, activity history — retained according to the rules set out in those platforms’ regulations;
Statistical data regarding persons visiting product pages or the Company’s fanpage — processed for the duration of the data’s availability in informational services or social media platform services.

The controller does not archive personal data or your activity in social media services.
Data processed for the purpose of sending marketing information will be processed until you withdraw your consent, provided that the withdrawal of this consent does not affect the lawfulness of the processing carried out before the withdrawal.

Joint Controllership
SentiOne, as the creator of profiles on the social media platforms listed below, is a joint controller of the personal data published on these profiles, along with:

Facebook, Instagram, WhatsApp, Messenger, Threads – Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland; more about privacy: https://www.facebook.com/privacy/center/
X (formerly Twitter) – X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; more about privacy: https://x.com/pl/privacy
LinkedIn – LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA; represented in Europe by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; more about privacy: https://pl.linkedin.com/legal/privacy/eu and https://pl.linkedin.com/legal/privacy-policy
YouTube, Google My Business, Google Play – Google LLC, 901 Cherry Ave, San Bruno, CA 94066, USA; more about privacy: https://policies.google.com/?hl=pl
TikTok – TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; more about privacy: https://www.tiktok.com/legal/page/eea/privacy-policy/pl
Wykop sp. z o.o., ul. Grodziska 8, 60-363 Poznań, Poland; more about privacy: https://wykop.pl/polityka-prywatnosci-i-cookies
Reddit Inc., 548 Market St. #16093, San Francisco, CA 94104, USA; more about privacy: https://www.reddit.com/policies/privacy-policy

Each of the above joint controllers independently decides on the purposes and means of processing data, but to varying extents. SentiOne is responsible solely for the processing of its own personal data.

When using social media services independently and separately from SentiOne as the owner of a business account on these platforms, and when you communicate with us via these media, the platforms also process your data. If you create an account on the Company’s social media services, the platforms managing these accounts undertake further processing of your data for their own purposes, as detailed in their Privacy Policies. If you have any questions or requests directed to the owners of social media platforms, please contact them directly.

Furthermore, the joint controllers of your personal data in the scope of settlement and invoicing

For users using the Website from Germany – SentiOne Deutschland GmbH, Leopoldstrasse 154, 80804 Munich, Federal Republic of Germany, Tax Identification Number 301500365.
For users using the Website from the Czech Republic – SentiOne Česká Republika s.r.o., Výstavní 2968 / 108, 703 00 Ostrava, Czech Republic, VAT ID: CZ01807650, Company ID: 01807650.

Additional Information
Providing data is voluntary but necessary for concluding and executing the Agreement, as well as for using the functionalities of the Website and profiles on social media platforms.

Processing data in the process of marketing our own services may be preceded by profiling, understood as automated matching of shared content according to the interests or needs of the customer. If profiling significantly affects your decisions, the mechanism is activated only after you give your consent.

In connection with offering, within the Website, based on a concluded contract, of services and functionalities involving sharing selected information, the use of standard profiling mechanisms for Users is necessary to tailor the type and form of delivered content and communication to each of them.

Personal data may be transferred, based on the Decision of the European Commission of July 10, 2023, on adequate data protection measures pursuant to the EU-US Data Privacy Framework, to Stripe Inc. (the payment operator), based in the USA, at 354 Oyster Point Boulevard, South San Francisco, California, 94080, which is listed on the Data Privacy Framework List.

Additionally, personal data will not be transferred to a third country/international organization. However, if required, personal data may be transferred using standard contractual clauses adopted by the European Commission, in accordance with the verification procedure or in another legally permitted manner, in compliance with the GDPR.

Data subjects in the SentiOne database
Your personal data were obtained from publicly available sources, including social media platforms or websites where you have an account and provided your personal data during registration or use of the service or website.

Personal data may be processed within the scope of: identification data (name, surname, or username on the platform), unstructured content (content with potential or probable personal data, e.g., activity in the service, comments, notes, opinions, article contents, etc.).

Purposes of data processing and legal grounds

Providing services by SentiOne to Clients involving delivering content from social media, portals, websites relevant to the Client’s subject matter, in particular regarding the Brand, products, or services of the Client — processing is necessary for the legitimate interests of the controller, consisting of providing services within the scope of the main business activity (art. 6(1)(f) GDPR).
Pursuing claims and defending against claims — processing is necessary for the legitimate interests of the controller (art. 6(1)(f) GDPR).

Duration of processing
Your personal data may be stored in the SentiOne database for no longer than 3 years. Data are processed respectively for the period:

Until you submit a valid objection/request for data deletion or until the purpose of processing ceases — applies to point 1 above;
Statute of limitations for claims — applies to point 2 above.

Additional information
Personal data will not be transferred to a third country/international organization. However, if required, personal data may be transferred based on standard contractual clauses adopted by the European Commission, in accordance with verification procedures or other legally permitted methods, in compliance with the GDPR.

Current or potential Clients of our other Services
Your personal data were obtained from: directly from you, during negotiation, conclusion, and execution of contracts; from an entity authorized to act on your behalf; from publicly available sources.

Your personal data may be processed within the scope of: contact data (e.g., phone number, email address), employment data (position, place of employment), and identification data (name, surname), as well as data necessary for financial settlements, e.g., NIP, business address, data of the entity authorized for settlements.

Purposes of data processing and legal grounds

Establishing communication and maintaining business relationships — processing is necessary for the legitimate interests of the controller, consisting of purchasing goods and services necessary for conducting business (article 6(1)(f) GDPR).
Fulfilling the provisions of the Agreement — processing is necessary for the performance of pre-contractual activities and the execution of the contract (article 6(1)(b) GDPR).
Maintaining accounting and tax documentation — processing is necessary to fulfill a legal obligation under article 74 of the Accounting Act and other laws applicable to taxpayers (article 6(1)(c) GDPR).
Pursuing claims and defending against claims — processing is necessary for the legitimate interests of the controller (article 6(1)(f) GDPR).
Marketing of own services, when processing is necessary for purposes arising from the legitimate interests of the controller (article 6(1)(f) GDPR), and in the case of communication via a specific channel [phone, email], based on the consent granted for this purpose (article 6(1)(a) GDPR in conjunction with art. 398(1) of the Act on Electronic Communications).
Marketing of own services may be preceded by profiling, understood as automated matching of shared content according to the interests or needs of the client, when processing is necessary for purposes arising from the legitimate interests of the controller (article 6(1)(f) GDPR), and where profiling significantly influences your decisions, only if you have given your consent (article 6(1)(a) GDPR).

Duration of processing
Data are processed respectively for the period:

Until you submit a valid objection/request for data deletion or until the purpose of processing ceases — applies to points 1, 5, and 6 above, excluding email and phone communication;
Until the termination or expiry of the contract — applies to point 2 above;
5 years from the end of the calendar year in which the contract was terminated or expired — applies to point 3 above;
For the statute of limitations on claims — applies to point 4 above;
Until you withdraw your consent — applies to points 5 and 6 above.

Other information
Providing data is voluntary but necessary for concluding and executing the contract. Processing data in the marketing of own services may be preceded by profiling, understood as automated matching of shared content according to client interests or needs. If profiling significantly affects your decisions, the mechanism is activated only after you give your consent.

Personal data will not be transferred to a third country or international organization. If required, personal data may be transferred based on standard contractual clauses adopted by the European Commission, in accordance with verification procedures or other legally permitted methods, in compliance with the GDPR.

Current and potential suppliers of services, devices, or software
Your personal data were obtained from you directly, in connection with the process of negotiation and execution of the contract, or from publicly available sources.

Purposes of data processing and legal grounds

Establishing communication and maintaining relationships with the supplier — processing is necessary for the legitimate interests of the controller, consisting of purchasing goods and services necessary for conducting business (article 6(1)(f) GDPR).
Conducting evaluations and classifications of suppliers of goods and services, as well as assessing their work quality — processing is necessary for the legitimate interests of the controller, in order to perform these assessments (article 6(1)(f) GDPR).
Fulfilling the provisions of the contract — processing is necessary for the performance of activities before concluding the contract and for executing its provisions (article 6(1)(b) GDPR).
Maintaining accounting and tax documentation — processing is necessary to fulfill a legal obligation resulting from article 74 of the Accounting Act and other laws applicable to taxpayers (art. 6(1)(c) GDPR).
Pursuing claims and defending against claims — processing is necessary for the legitimate interests of the controller (article 6(1)(f) GDPR).

Period of processing
Data are processed appropriately for the period:

Until a valid objection/request for data deletion is submitted — applies to points 1–2 above.
Until the termination or expiration of the contract — applies to point 3 above.
5 years counted from the end of the calendar year in which the contract was terminated or expired — applies to point 4 above.
Statute of limitations for claims — applies to point 5 above.

Other information
Providing data is voluntary but necessary for concluding and executing an Agreement.

There is no automated decision-making, including profiling, involved in the personal data processing. Personal data will not be transferred to a third country or international organization. If required, personal data may be transferred based on standard contractual clauses adopted by the European Commission, in accordance with verification procedures or other legally permitted methods, in compliance with the GDPR.

Representatives/employees of our business clients or service, device, or software providers, collectively referred to as Contractors
Your personal data were obtained from you directly, in connection with the negotiation process and the execution of the contract from the contractor you represent, or from publicly available sources.

Your personal data may be processed within the scope of: contact data (e.g., phone number, email address), employment data (position, place of employment), and identification data (name, surname).

Purposes of data processing and legal grounds

Conducting ongoing communication related to trade and economic relations with the contractor — processing is necessary for the legitimate interests of the controller, consisting of maintaining business relationships (article 6(1)(f) GDPR).
Pursuing claims and defending against claims — processing is necessary for the legitimate interests of the controller, involving the protection of the entrepreneur’s interests (article 6(1)(f) GDPR).
Marketing of own services, when processing is necessary for purposes arising from the legitimate interests of the controller (article 6(1)(f) GDPR), and in the case of communication through a designated channel [phone, email], based on the consent given for this purpose (article 6(1)(a) GDPR in conjunction with art. 398(1) of the Act on Electronic Communications).
Marketing of own services may be preceded by profiling, understood as automated matching of shared content according to customer interests or needs, when processing is necessary for purposes arising from the legitimate interests of the controller (article 6(1)(f) GDPR), and where profiling significantly influences your decisions, only if you have given your consent (article 6(1)(a) GDPR).

Duration of processing
Data are processed respectively for the period:

Until you submit a justified objection/request for data deletion or until the purpose of processing ceases — applies to points 1, 3, or 4 above;
Until the statute of limitations for claims — applies to point 2 above;
Until you withdraw your consent — applies to points 3 and 4 above.

Other information
Providing data is voluntary but necessary for concluding and executing a contract with a business client or contractor. Processing in the marketing of own services may be preceded by profiling, understood as automated matching of shared content according to customer interests or needs. If profiling significantly influences your decisions, the mechanism is activated only after you give your consent.

Persons communicating with us
Your personal data were obtained directly from you via the contact form, email, or phone correspondence.

Your personal data may be processed within the scope of contact data (e.g., phone number, email address), employment data (position, place of employment), identification data (name, surname), and other data you share with us during communication.

Purposes of data processing and legal grounds

Registering correspondence and providing responses — processing is necessary for the legitimate interests of the controller, consisting of timely responding to letters, timely settling of payments with suppliers, maintaining quality of cooperation with contractors and interested parties (article 6(1)(f) GDPR).
Pursuing claims and defending against claims — processing is necessary for the legitimate interests of the controller, involving the protection of the entrepreneur’s interests (article 6(1)(f) GDPR).

Duration of processing
Data are processed respectively for the period:

Until a justified objection/request for data deletion is submitted or until the purpose of processing ceases — applies to point 1 above.
Until the statute of limitations for claims — applies to point 2 above.

Other information
Providing data is voluntary but necessary to receive a response to the inquiry. Processing of personal data does not involve automated decision-making, including profiling.

Personal data will not be transferred to a third country or international organization. However, if required, personal data may be transferred based on standard contractual clauses adopted by the European Commission, in accordance with verification procedures or other legally permitted ways, in compliance with the GDPR.

Persons Interested in cooperation or employment at SentiOne
Your personal data was obtained from you directly, in connection with the negotiation process and the conclusion and execution of the contract, or from publicly available sources. In the process of creating your recruitment profile, we may collect the following categories of your personal data:

Contact data (e.g., phone number, email address);
Employment data (position, place of employment);
Identification data (name, surname);
Other data you choose to share with us during the recruitment process or that we generate in connection with your application.

It cannot be excluded that data of a special category (within the meaning of Article 9 GDPR), e.g., health information, may appear in the process; such data will only be processed if you voluntarily provide it along with your application.

Additionally, during recruitment, we may obtain the following information:

Evaluation of competences: Based on your application and observations made during the process, we may generate assessment information and opinions about your candidacy, and we may also request you to undergo competence evaluation, assessments of your skills, personality traits, or cognitive abilities;
References: We may decide to obtain references from persons or institutions from your employment history. We will contact only those people whose contact details you provided and only after obtaining your consent.

Purpose and legal grounds of data processing

Conducting and settling the recruitment process for the position you applied for:

Based on article 6(1)(b) GDPR, i.e., to take necessary actions at your request before concluding an Agreement — regarding the data provided in the recruitment process, specified in art. 221 of the Labor Code of June 26, 1974, and based on your consent, i.e., article 6(1)(a) GDPR, regarding data beyond the scope specified in art. 221 §1 of that law;
Based on article 6(1)(f) GDPR, i.e., for the purpose of pursuing or defending against claims — in relation to data generated during the recruitment process;

2. Consideration of your recruitment profile, i.e., your application and other information generated related to your application, for future recruitment processes — based on your consent, i.e., art. 6(1)(a) GDPR, for up to 12 months from the date of granting consent;

3. Establishing, pursuing, or defending against claims, based on art. 6(1)(f) GDPR — in order to assess the risk of claims against us and take defenses when necessary.

Period of data processing
Your personal data will be processed for the duration of the specific recruitment process, and after that for a period during which claims by any party may be asserted, i.e., 6 months from the application submission date. If you withdraw from the recruitment process while it is ongoing, your data will be stored for the same period — 6 months from the application submission date, to address any potential claims.

In the case of your consent for future recruitment processes, your data will be processed for that purpose until the consent is revoked, but no longer than 12 months from the date of the application and granting consent.

Joint controllership – jobboard-type websites

SentiOne and recruitment portals, such as Pracuj.pl, are joint controllers of your personal data when you respond to our job offer via such portals.

Each of these joint controllers independently decides on the purposes and means of processing data, but to varying extents. SentiOne is responsible only for the personal data it processes itself.

When you use „jobboard” websites independently and separately from SentiOne as the owner of the recruitment account, and communicate with us via these portals, they also process your data. If you create an account on a website like Pracuj.pl, the companies managing these websites undertake further processing of your data for their own purposes, as detailed in their privacy policies. The privacy policy of the Pracuj SA Group (pracuj.pl) is available on the e-Recruiter website.

Additional information
Providing personal data is voluntary, but necessary to participate in the recruitment process, as specified in art. 221 §1 of the labor code. The processing of personal data does not involve automated decision-making, including profiling. Personal data will not be transferred to any third country or international organization.

Cookies and other tracking technologies in the services
Within the Website and on standalone websites created by us (landing pages), we use information stored via cookies, which are data stored on end devices used to access websites (e.g., computer, tablet, phone). Usually, they contain the name of the website they come from, the duration of storage on your device, and a unique number, such as when you visit our website. For more information, see the Cookie Policy.

Final provisions
All questions or matters related to the processing and protection of personal data should be directed to the controller in writing, by email, or by phone, at the following data:
SentiOne Spółka Akcyjna
ul. Lęborska 3B, 80-386 Gdańsk
Contact email: privacy@sentione.com.

In addition, concerning Users from the Czech Republic, questions or issues related to data processing and protection can be addressed to: SentiOne Česká Republika s.r.o., Výstavní 2968 / 108, 703 00 Ostrava, or email privacy@sentione.com.

In addition, concerning Users from Germany, questions or issues related to data processing and protection can be addressed to: SentiOne Deutschland GmbH, Leopoldstrasse 154, 80804 Munich, Germany, Steueridentifikationsnummer 301500365, or email privacy@sentione.com.

We develop our competences, modernize processes, and subject our adopted data processing model and security measures to audits; as a result, there may be changes in the messages directed to you and made available here. We reserve the right to update them. Privacy policy changes may also occur due to legal amendments or updates concerning data processing purposes.

Changes in the documents will be published in the Service under the Privacy Policy tab.

Date of last update: 2025-12-01