Who is the personal data controller?
The data controller for the processing of personal data described below is Cybercom Poland sp. z o.o. with its registered office in Warsaw, ul. Hrubieszowska 2, 01-209 Warsaw entered into the register of entrepreneurs kept by the Regional Court for the Capital City of Warsaw in Warsaw, 12th Commercial Department under KRS number: 0000036076, Tax Identification Number: 951-17-89-996; REGON: 01284093700000, share capital: PLN 1,251,200.00, or such Cybercom member company, listed under this link, that is a contracting party for the purposes of providing or receiving services or the entity you have contacted with or is contacting you (“Cybercom”, “we”, “us” or “our”).”
You can find contact details at the bottom of this policy.
The web site www.cybercom.com
Cybercom cares about the privacy of those who visit its websites. We are responsible for ensuring that personal data collected by us on our sites is used only for its intended purpose. We protect it from unauthorized access and use.
What personal data do we process?
a. to provide our website services consisting in making available to you the content of the website – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) letter b) of the GDPR);
b. to measure traffic patterns and statistics on the website – then the legal basis for processing is our legitimate interest consisting in conducting analyzes of users’ activity, as well as their preferences in order to improve the functionalities and services provided (Article 6 (1) letter f) of the GDPR);
c. to determine claims or defend against them – the legal basis for processing is a legitimate interest of the controller consisting in the protection of its rights (Article 6 (1) letter f) of the GDPR.
If you voluntarly complete a survey, we will process your personal data based on your consent (Article 6 (1) (a) of the GDPR) to analyze the response / results and improve our services based on these responses / results.
When you provide us with your personal information using the “Contact Us” tool, we will process your data to respond to your question or request. Using this tool requires providing personal information necessary for us to contact you in order to respond or make requests (Article 6 (1) (b) of the GDPR). It is possible to provide additional data to facilitate contact or service of the query. Providing data marked as mandatory is required to service the request, and failure to do so results in the inability to service the query. Providing other data is voluntary and takes place on the basis of consent (Article 6 (1) (a) of the GDPR).
If you provide personal data in the Events tab, we will process your personal data based on your consent in order to manage event records and event handling (Article 6 (1) (a) of the GDPR).
If you subscribe to our Newsletter, we will process your data to send information about our activities and news that we think may be of interest to you. Subscribing to the Newsletter means giving consent (Article 6 (1) (a) of the GDPR) and is voluntary. We will store your data for this purpose until you withdraw your consent, which may happen at any time.
Personal data provided in the Career tab (via our Teamtailor recruitment tool) or provided directly to us in connection with applying for a job in Cybercom (eg by e-mail) are used by us for recruitment. For more information about our use of data contained in your job application, please see “Recruitment data”.
Business contact details
Cybercom processes personal data regarding contact persons and representatives of potential, current and former customers and other Cybercom contractors, in the scope including, in particular, name, surname, position, name and contact details of the person representing given entity, business telephone number and business e-mail address as well as information on contacts or relationships with Cybercom (“business contact details”).
We can obtain business contact details directly from the person concerned (e.g. by sending us an e-mail, calling us, or in the form of a business card), as well as by the represented entity or obtained from publicly available sources (e.g. companies’ registers, professional profiles such as LinkedIn™ or the website of the represented entity).
Business contact details are processed primarily to maintain and develop business relationships with the represented entity, as well as other purposes that constitute legitimate interests of Cybercom, in accordance with Article 6 (1) (f) of the GDPR (such as business correspondence, taking necessary actions to conclude or necessary to perform the contract with the entity that the person represents, internal reporting and evaluation and optimization of the quality of services, assessment and development of sales opportunities, analysis of client’s satisfaction, business development activities consisting in establishing business contacts), as well as to fulfilling legal obligations (e.g. to issue invoices, document the services provided, proper identification of the represented entity, prevention of violations and corruption) (Article 6 (1) (c) of the GDPR), and, if the processing of personal data is related to services provided to the data subject or other contract concluded with such a person, the basis for processing is necessary to perform the contract (Article 6 (1) (b) of the GDPR). The business contact details can be processed by Cybercom also on the basis of a separate consent granted by a given person (e.g. in order to receive from us ordered marketing materials) (Article 6 (1) (a) of the GDPR). In such cases, personal data is processed on the basis of this consent, to the extent and for the purpose set out in it.
Business contact details will be processed for a period necessary to achieve the goals described above (for example in the scope of contract conclusion and implementation – for a period until the conclusion of the contract or its implementation, and after that for the period and to the extent required by law or for achieving by Cybercom of its legitimate interest as the data controller).
In order to fulfill your rights related to the processing of your personal data by us (including the right to object to the processing or withdrawal of your consent), please contact us at DPM@cybercom.com. If you have any comments regarding the processing of personal data, for example if you believe that we do not exercise your rights as a data subject, you have the right to lodge a complaint with the supervisory authority. More details about how to exercise your rights and contact details of the supervisory authorities can be found in the section “What rights do I have as a data subject” and “How to use the rights related to personal data”.
Cybercom processes personal data of users visiting Cybercom profiles carried out in social media (LinkedinTM, FacebookTM, InstagramTM, TwitterTM). These data are processed only in connection with running a profile, including to inform users about the activity of Cybercom and to promote various types of events, services and products. The legal basis for the processing of personal data for this purpose by Cybercom is its legitimate interest (Article 6 (1) l(f) of the GDPR to promote its own business.
By clicking the “Apply” or “Submit” button in our recruitment tool, i.e. Teamtailor, or otherwise sending a job application to Cybercom, you agree to the processing by Cybercom of your personal data contained in the application form and attached documents in order to recruit for the position indicated in the announcement in accordance with the conditions described below.
Personal data provided to us will be processed for recruitment to which you apply. If we have chosen another person in the recruitment process, your personal data will be deleted. However, if you have given additional consent to use your data in future recruitment processes carried on by Cybercom, we will retain your data for a period of 2 years from submitting the application (unless you withdraw your consent beforehand). You can express your consent for participation in future recruitment at the time of first registration in our recruitment system by selecting the appropriate consent box. You can also give your consent for the above by indicating the below in your CV:
“I agree to the processing by Cybercom of my personal data contained in the job application form, in the attached CV and made available to Cybercom in a different way during the recruitment process, for future recruitment conducted by Cybercom within two years from the day of submitting the application. “
If in the recruitment process you applied for, we decided to choose another person, we will send you a message about the possibility of staying in our recruitment database and we will ask you to give us permission to process your data in future Cybercom recruitment processes. If you do not give your consent within 14 days of sending such a message, your data will be permanently deleted from our database.
The controller of your personal data will be such Cybercom member company that runs a recruitment you decided to apply for or you consented to participate in future recruitments. The basis for the processing of personal data to the extent required by law is our obligations resulting from the applicable laws, in particular the Labor Code (Article 6 (1) (c) of the GDPR), to the extent where disclosed to us data is not required by law, the legal basis for processing is your consent (Article 6 (1) (a) of the GDPR). Your consent is always voluntary and may be withdrawn at any time by sending a declaration to: firstname.lastname@example.org, but this does not affect the legality of the processing of your data.
At any time, you have the right to access the data, the right to rectify it, the right to delete data, the right to limit processing and the right to transfer data. Please see more at “What rights do I have as an individual” and “How to exercise your rights as a data subject”.
Cybercom does not take automated decisions, including decisions resulting from profiling in relation to job applicants.
Your browser should include precise instructions explaining how to control the acceptance of cookies.
We use two types of cookies. The first saves a file for a long time on the user’s computer. It is used, for example, for functions that tell the user what is new since their last visit to the site. The second type of cookie is called a session cookie and is temporarily stored in the user’s computer’s memory during the time the user is surfing the site. Session cookies are deleted when the browser is closed or shortly thereafter.
Cybercom uses Google Analytics as a web statistics tool. This feature stores cookies on your computer. Data collected by Google Analytics is used to better understand our visitors and how they use the site.
Google Analytics cookies, domain: google-analytics.com
Use this link for more information about cookies set by Google
The site displays videos from Cybercom’s YouTube channel. The videos are displayed using YouTube’s movie player, and cookies are used when the videos are played.
YouTube cookies, domain: youtube.com
Use this link for more information about cookies from YouTube (Google): www.google.com/intl/en/policies/technologies/types/
AddThis is used to allow visitors to recommend Cybercom on social networks like Facebook and Twitter.
AddThis cookies, domain: addthis.com
Use this link for more information about cookies from AddThis
Cybercom uses a social plugin from Facebook on some pages.
If you visit a page with a Facebook plugin, a link is made to the Facebook server and the plug-in sends information to the browser. In this way, information is sent to the Facebook server, such as which of our web pages you have visited. If you are logged into Facebook, Facebook will add this information to your Facebook account.
If as a visitor you have previously received a cookie from Facebook, either because you have an account there, or have visited facebook.com, information about this cookie is sent to Facebook when you visit a web page with a Facebook plugin.
Use this link for more information about cookies from Facebook: https://www.facebook.com/help/cookies
The storage period
The data storage period depends on the type of service provided and the purpose of the processing. As a rule, the website user’s data is processed while using the website. Where the data is processed based on the legitimate interest of Cybercom, it will be erased after achieving such legitimate interest or until receiving an effective objection to the processing of data. Where the data is processed based on the consent, the processing takes place until its withdrawal. In the scope of a contract performance, the data is processed for a period until the conclusion of the contract and after that for a period and to the extent required by law or for achieving by Cybercom of its legitimate interest as the data controller.
The data storage period may be extended if the processing is necessary to identify potential defenses or defend against them, and after that time if and to the extent required by law.
To which recipients do we transfer personal data?
To achieve the purposes, we may share your personal data with our sub-processors. Such sub-processor provide storage services, advertising services and services for troubleshooting and correction of any defects in our website and other IT tools we use. Personal data submitted under the tab Jobs is used for recruitment. Teamtailor AB is a sub-processor to Cybercom for the processing of personal data in the recruitment service and a special privacy notice is found in the service.
Cybercom uses Episerver AB as supplier for the hosting. Episerver AB is a sub-processor to Cybercom for personal data in the hosting service.
Cybercom uses Disqus, Inc to provide an online public comment sharing platform where users may login and create profiles to participate in conversations with peers.
Personal data may also be disclosed to subcontractors that Cybercom engages to perform a service, i.e. the dispatch of invitations.
Personal data may be transferred to companies within the Cybercom Group.
Personal data may be disclosed to the police or other authority provided that Cybercom is required to disclose the information by law or by the ruling of an authority.Some of our sub-processors may process your personal data outside the European Economic Area (EEA). However, a transfer will only occur, if there is a legal ground for the transfer, e.g. by (i) executing EU standard data protection clauses with the recipient of the personal data, or (ii) ensuring that the country has an adequate level of protection of personal data, as decided by the EU Commission, or (iii) for transfers to and processing in the USA, ensuring that the recipient holds self-certifying registrations under the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce’s International Trade Administration.
Please note that as the provider of IT services we use is also a non-EU entity, i.e. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, with whom we have concluded EU-approved standard contract clauses, thus providing the required protection measures.
In order to keep your personal data secure, we have implemented a number of technical and organizational security measures. For example, we maintain high levels of technical security in all systems (including traceability, disaster recovery, access limitations etc.) and we have adopted policies to ensure that our employees only access personal data on a need-to-know basis.
Personal Data about Children
Our websites and services are not directed towards data subjects under the age of sixteen (16) and we request that such individuals do not provide personally data information through our websites or other communication means. If we detect that personal information has been collected from a data subject under 16 years of age we will take the appropriate steps to cause this information to be deleted.
What rights do I have as an individual?
Generally, you are entitled to the following basic rights under applicable laws:
- The right to access: you may at any time request to access your personal data.
- The right to rectification:you are entitled to obtain rectification of inaccurate personal data and to have incomplete personal data completed.
- The right to erasure (“right to be forgotten”):under certain circumstances (including processing on the basis of your consent), you may request us to delete your User Data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
- The right to object:to certain processing activities conducted by us in relation to your personal data, such as our processing of your personal data based on our legitimate interest. The right to object also applies to processing of your personal data for direct marketing purposes.
- The right to restriction of processing:you may under certain circumstances request from us to restrict the processing of your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
- The right to data portability:you are entitled to receive your personal data (or have your personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format.
How to exercise your rights as a data subject
You may wish to exercise your rights as a data subject. These rights are not absolute and therefore a request to exercise certain rights will not always result in the requested action.
A request for records or other request related to personal data being processed by Cybercom, must be made in writing, by using the below form Please make sure to fill in correctly, print and sign it. You may then either scan the form and email it to email@example.com or post the form to: Cybercom Group AB, Att. Data Protection Manager (DPM), Box 7574, 103 93 Stockholm, Sweden.
Form in English for Sweden: Request form
Form in English for Finland: Request form
Form in Polish for Poland: Formularz żądania
Form in English for Denmark: Request form
We would appreciate if you informed us if there is anything that you are not satisfied with when it comes to processing of personal data. If you have complaints about our processing of personal data, for example, if you do not think we fulfill your rights as a data subject, you are entitled to contact the supervisory authorities.
You may contact the supervisory authority using the following contact data:
Box 8114, 104 20 Stockholm
PL 800, 00521 Helsinki, Finland
Urząd Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warszawa
Borgergade 28, 5.
1300 København K
You may also contact the supervisory authority in other EU country where you have your habitual residence or your place of work or at the place of the alleged infringement, on the conditions stipulated by law.
This policy is verified on an ongoing basis and updated if necessary. The current version of this policy has been adopted and is effective from April 29, 2019.