Privacy Policy – Privacy & Terms

Privacy Policy


As maintaining the confidentiality of the information you provide is equally important to us, in this Privacy Policy we set out the purpose and manner of data processing and define our obligations with regard to the data entrusted to us.

When you, as an individual, contact us or use our services, whether you are acting on your own behalf or on behalf of another entity (e.g. our client, supplier, etc.), or when we have received your personal data from other sources (e.g. publicly available industry websites or when your data has been disclosed to us as contact details for the purpose of fulfilling contracts), we start processing your personal data. We process all your information responsibly and in accordance with the law.

The following information is intended to explain who we are, how we obtain information and what we do with it in our business, sales and marketing relationships and in relation to contacting us. If anything is not clear to you or is of concern to you, please contact us.

I. Glossary – basic terms

1) “Controller” means the natural or legal person, public authority, entity or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or Member State law, a controller may also be designated by Union law or Member State law, or specific criteria for its designation may be laid down.

2) “Usage data” refers to data collected automatically, generated by the use of the Website or from the Website infrastructure itself (for example, the duration of a visit to the Website).

3) “Personal data” means any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

4) “Processing” means an operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

5) “Data recipient” means a natural or legal person, public authority, entity or other body to whom personal data is disclosed, whether or not a third party.

6) “Consent of the data subjectmeans a freely given, specific, informed and unambiguous demonstration of will by which the data subject, by means of a statement or a clear affirmative action, consents to the processing of personal data concerning him or her.

7) “Cookies” – means IT data, in particular small text files, recorded and stored on the devices through which the User accesses the Website.

8) “Service” – means the website under which the Controller operates the Internet Service, operating in the domain www.Personnel

9) “Device” – means the electronic device through which the User accesses the websites of the Website.

10) “User” – means an entity to whom, in accordance with the Terms and Conditions and the law, electronic services may be provided or with whom an Agreement for the provision of electronic services may be concluded.

11) “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

II. Controller

The controller of your personal data is:

  • Panda Group spółka z ograniczoną odpowiedzialnością with registered office in Poznań, 46 Rubież Street, 61-612 Poznań, RCN: 0000914436, Tax no: 9721244346, contact at:

III. Data Protection Officer

The Controller has appointed a Data Protection Officer, Mr. Mariusz Zajkiewicz, who can be contacted by email by sending correspondence to the email address: or by traditional mail to the mailing address given above with the reference “GDPR”.

You may exercise your rights under Part IX by contacting us at the email address below.

If you have any questions about this Privacy Policy or wish to remove your data from our Website or delete your data, you may contact us:

IV. What personal data do we collect and what is the purpose and legal basis of our activities?

The extent of the data we process depends on the purpose and what information you provide to us, as well as the form of contact you choose and what information is required in connection with our relationship.

Your personal data will be processed for:

1) Marketing of products and services – the basis for processing is Article 6(1)(a) “consent” of the GDPR and Article 173 of the Telecommunications Act,

2) to remember your preferences and settings such as IP address, date and time of login – in which case the basis for processing will be Article 6(1)(a) “consent” of the GDPR,

3) Sending recruitment-related offers, newsletters in accordance with Article 6(1)(a) “consent” of the GDPR,

4) the conclusion or performance of a contract – pursuant to Article 6(1)(b) “necessary for the performance of the contract” of the GDPR and Article 22(1) of the Labour Code,

5) the handling of complaints, claims and requests and, as part of this, to provide a response on the basis of Article 6(1)(c) of the GDPR,

6) the performance of contracts, the provision of offers (also via the website), the possible establishment, investigation, enforcement or defence of claims, which are the realisation of the Controller’s legitimate interest (such as debt collection, conducting court and enforcement proceedings) on the basis of Article 6(1)(f) GDPR,

7) prevention of fraud and abuse – in order to ensure the security of the Services provided in accordance with Article 6(1)(f) of the GDPR.

The legal basis for the above depends on the context of the communication. If these are general enquiries or conversations, the basis will be our “legitimate interest” as an Controller (in line with the purposes indicated above; Article 6(1)(f) GDPR). On the other hand, if the enquiry is for the purpose of entering into a contract or is related to an already concluded contract other than for the provision of our services (as referred to in Section IV(d) above), the legal basis will be “taking action at the request of the data subject prior to entering into a contract” or the need to perform the contract (Article 6(1)(b) GDPR).

By visiting our website, you may consent to our use of cookie technology, which enables our website to function properly, as well as to analyse information about how you use the website.

We process this data in order to improve the quality of our website, to tailor content to visitors’ interests and to continually improve its performance. Some cookies also enable marketing of our products and services on our website.

The legal basis for the use of cookies and similar technologies is your consent, except where their use is necessary for the operation of our website, where we base such use on a legal provision (Article 6(1)(a) GDPR) and our legitimate interests (Article 6(1)(f) GDPR) respectively.

If you have not provided us with your data on your own behalf, i.e. you are acting on behalf of another entity, we process your data in order to establish contact in the context of which you are acting on behalf of a third party, and to conclude or perform a contract with that third party or to carry out a joint venture. The basis for the processing of your personal data for this purpose will be our legitimate interest (Article 6(1)(f) GDPR) – building and maintaining a relationship with the third party on whose behalf you are acting, including entering into and performing relevant contracts with that third party, as well as the intention to build a positive image of the Panda Group.

Notwithstanding the above, your personal data, i.e. primarily your name, email address and telephone number, may be used by us to send you occasional correspondence (e.g. Christmas wishes) or to contact you regarding the promotion of Panda Group products or services. The basis for the processing of your personal data for this purpose will be our legitimate interest (Article 6(1)(f) GDPR) – the desire to maintain our relationship, to build a positive image of Panda Group and to market Panda Group products or services.

In addition, if we process your Personal Data for the purpose of defending against potential claims, the basis for processing your Personal Data for this purpose will be our legitimate interest (Article 6(1)(f) GDPR);

In any case, we only send commercial information to electronic addresses (e-mail/telephone) with your prior consent (legal basis).

Your provision of personal data is voluntary, but necessary in order to respond to your enquiry or for the purpose of correspondence.

In the case of data processing on the basis of consent, we remind you that you may withdraw your previously given consent at any time, without affecting the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal. If, on the other hand, your data is processed on the basis of the legitimate interest of the Controller, you have the right to object to such processing.

The personal data you provide is not subject to automated decision-making or profiling.

The personal data you provide will only be processed in the European Economic Area or in a third country ensuring an adequate level of protection, in accordance with the European Commission’s decision currently in force.

V. How long do we process your data?

As a general rule, data processed on the basis of our legitimate interest will be processed until you object or the purpose for which it was processed has been achieved.

If you participate in the recruitment process, we will process your data until the end of the recruitment process, but no longer than for 12 months.

If you have agreed to participate in subsequent recruitment processes then your data will be processed for a further 12 months from the end of the recruitment process (24 months in total).

If you have participated in the recruitment process, the Controller will store the necessary information for a period of 12 months after the end of the initial recruitment in order to assert possible claims in accordance with Article 6(1)(f) (legitimate interest of the Controller).

If you are not our contractor or business partner, we only store data collected in connection with your current contact, for a period of a few weeks (some cookies), up to a maximum of 5 years (more detailed queries and conversations that may be relevant to our future contact), depending on the category of the individual information.

If you are our contractors or business partners, we store the data collected exclusively in connection with the performance of the contract for a period of 5 years from the end of the accounting year in which the cooperation ended.

Data processed solely on the basis of your consent is processed until you revoke your consent, if any, or until the purpose for which your consent was given has been achieved.

VI. Who actually has access to your personal data?

Only the following persons have access to your personal data

to duly authorised employees or associates of the Controller, who are obliged to maintain their confidentiality and not to use them for purposes other than those for which the Controller obtained the data,

entities that support us in the provision of our services, on the basis of relevant contracts for the entrustment of personal data for processing, such as e-mail marketing platforms, providers of contact tools (instant messaging), providers of legal and advisory services, hosting providers, couriers.

All of these entities have access only to the information that is necessary for them to carry out the specific activities and purpose specified by the Controller.

VII. What are cookies and other similar technologies? How and for what purpose do we use them?

Cookies are small text files sent by a server and stored on your computer, phone, tablet or other device you use to access our services.

It stores information that we may need to adapt to your use of our website and gather statistical data.

When you visit our website, we are able to collect data about the domain name of your internet service provider, browser type, operating system type, IP address, web pages visited, items downloaded, as well as operational data or information about the location of the device used.

We assure you that all information received in this way is used by us exclusively for the purposes set out in this policy and is in no way harmful to you or the device you are using, as it does not make any changes to the configuration.

Cookies used on the website:

1) Technical – includes cookies: necessary for the proper functioning of the website to enable its functionality, but their operation has nothing to do with tracking the user.

2) Analytical – used to analyse users’ behaviour on the website, for statistical and analytical purposes (to improve the operation of the website), but does not contain information that allows identification of any specific user

3) Marketing – used to analyse user behaviour and provide information that identifies the data of a specific user, including for marketing purposes on third party websites.

You may, of course, change your use of cookies, including blocking them completely or deleting them via your browser or service configuration. However, you must bear in mind that such operations may prevent or significantly impede the proper functioning of our website, for example by significantly slowing it down, so we recommend that you do not disable them in your browser.

VIII. How Cookie settings are changed on the most popular search engines.

Mozilla Firefox

Instructions at:


Instructions on the website:


Instructions on the website:

Google Chrome

Instructions at:

IX. User Rights.

A user who has provided personal data to the Controller has the right to:

1) access to their data and receive a copy of their data;

2) rectification (amendment) of your data;

3) deletion of data (the so-called right to be forgotten);

4) restriction of the processing of personal data;

5) to object to the processing of your data as well as to the processing for direct marketing purposes;

6) withdraw consent where the Controller will process the User’s data on the basis of consent, at any time and in any way, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal;

7) lodge a complaint with the President of the Data Protection Authority if the User considers that the processing of personal data violates the provisions of the GDPR.

The complaint can be lodged with:

President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

X. Additional information.

How does Google use the information from the sites or apps that use our services?

XI. Final Provisions.

To the extent not covered by this privacy policy, the relevant provisions of Polish law shall apply. 

The Controller reserves the right to make changes to the privacy policy as a result of changes in legal regulations.

The Controller reserves the right to change the website’s privacy policy, which may result from advances in Internet technology, possible changes in the law on personal data protection and the development of the Website. We will inform users of any changes in a visible and understandable manner.

This Privacy Policy applies from 30th of January 2024