Privacy policy

1. General information

This Privacy Policy sets out the rules for processing personal data of users of the website operated by Twenty Twenty.

The Controller processes personal data in accordance with applicable laws, in particular:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),
  • the Polish Act of 10 May 2018 on Personal Data Protection.

2. Data Controller

The Data Controller is:

Twenty Twenty
Kołat 2, 87-620 Kikół, Poland
NIP: 4660348958
REGON: 340914350

Contact:

Phone: +48 505 78 20 20
Email: office@twentytwenty.com.pl

Correspondence address:
Rysia 4C/7, 87-800 Włocławek, Poland

The Controller has not appointed a Data Protection Officer.

3. Scope of processed personal data

The Controller may process the following personal data:

  • first and last name,
  • email address,
  • phone number,
  • data contained in messages sent via contact forms,
  • data provided during the recruitment process (including CVs and application documents),
  • IP address and technical data related to the device, browser, and operating system, processed automatically in connection with the operation and security of the website,
  • data contained in cookies.

Providing personal data is voluntary but necessary to achieve the specified purposes.

4. Purposes of data processing

Personal data is processed for the purpose of:

  • responding to inquiries submitted via the contact form,
  • conducting correspondence related to the Controller’s business activity,
  • taking steps to conclude or perform a contract,
  • conducting recruitment processes,
  • ensuring proper operation and security of the website,
  • fulfilling the Controller’s legal obligations,
  • pursuing or securing potential claims.

5. Legal basis for processing

Personal data is processed on the basis of:

  • Article 6(1)(a) GDPR – consent (where applicable),
  • Article 6(1)(b) GDPR – performance of a contract or pre-contractual steps,
  • Article 6(1)(c) GDPR – compliance with a legal obligation,
  • Article 6(1)(f) GDPR – legitimate interest of the Controller (in particular website security and operation).

6. Contact and recruitment forms

The website provides forms enabling direct contact with the Controller and submitting recruitment applications.

Contact form

Processed data:

  • name and surname,
  • email address,
  • phone number,
  • message content.

The data is processed solely to respond to the inquiry and conduct related correspondence.

Recruitment form

Processed data:

  • name and surname,
  • email address,
  • phone number,
  • additional information provided by the candidate,
  • application documents (e.g. CV).

The data is processed solely for recruitment purposes.

7. Recipients of personal data

Personal data may be transferred to entities providing hosting, IT, and website security services to the Controller, as well as telecommunications and postal service providers.

To the extent necessary to ensure website security and proper operation, data may also be transferred to entities located outside the European Economic Area (e.g. the United States). Such transfers are carried out using appropriate safeguards, in particular standard contractual clauses approved by the European Commission.

Data submitted via contact and recruitment forms is not transferred outside the European Economic Area.

8. Data retention period

Personal data is stored:

  • for the period necessary to achieve the processing purpose,
  • for the period required by law,
  • until consent is withdrawn (where applicable),
  • in the case of recruitment – for the duration of the recruitment process and thereafter in accordance with applicable regulations.

9. Data subject rights

Data subjects have the right to:

  • access their personal data,
  • rectify their data,
  • erase their data,
  • restrict processing,
  • data portability,
  • object to processing,
  • withdraw consent at any time (where consent is the legal basis),
  • lodge a complaint with the relevant supervisory authority.

10. Cookies

The website uses cookies to ensure proper operation and security and for statistical purposes.

Technical cookies are necessary and do not require consent. Statistical cookies are used only with the user’s consent.

Users may change or withdraw their consent at any time via the Cookie Declaration available on the website.

11. Data security

The Controller applies appropriate technical and organizational measures to protect personal data, including:

  • SSL encryption,
  • server-level security measures,
  • restricted access to data,
  • internal data protection procedures.

12. Automated decision-making

Personal data is not used for automated decision-making or profiling.

13. Personal data breach procedure

In the event of a personal data breach, the Controller takes immediate steps to limit the effects of the breach and informs the competent supervisory authority and data subjects where required by law.

14. Changes to the Privacy Policy

The Controller reserves the right to amend this Privacy Policy. The current version is always available on the website.

15. Final provisions

This Privacy Policy is effective as of the date of its publication on the website.