Privacy policy / Personal data protection

basic principles of security and protection of personal data in force in
ThinkIT Consulting, LTD based in Warsaw, Poland

ThinkIT Consulting, LTD based in Warsaw, address: 68A, Syta St., 02-993 Warsaw, Poland, TAX ID 7010334077, registered in the Register of Entrepreneurs in Court National Register under number: KRS 0000410635 [further: ThinkIT] operates with special respect for privacy and takes special care in the protection of personal data.

Due to the provisions of the Regulation of the European Parliament and of the Council (UE) 2016/679 dated April 27th, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repeal of the directive 95/46/WE (General Data Protection Regulation), [further: GDPR] being on force since May 25th., 2018., and also the provisions of the new Act on the Protection of Personal Data dated May 10th., 2018 (Journal of Laws 2018, position 1000), which serves the application of GDPR, bearing in mind the principles contained in these provisions, we have adopted these principles of security and protection of personal data in force in ThinkIT, which are primarily to minimize any risks related to any violation of the basic principle of protection of personal data entrusted to us.

By implementing the provisions of these assumptions and generally applicable law, any correspondence addressed to us, including via e-mail, is subject to protection. This also applies to website users of www.thinkit.pl. We want everyone who visits our website or corresponds to us, he knows exactly how he could protect his privacy. Therefore, we encourage you to read the basic principles of security and protection of personal data in force at ThinkIT, including the Privacy Policy, providing information about our actions as the administrator of your data and your rights related to the processing of your personal data by us, including in connection with cooperation with us.

Information on the processing of personal data

1. According to Art. 13 sec. 1-2 of the GDPR Regulation, please be advised that the administrator of your personal data is ThinkIT Consulting, LTD, based in Warsaw, address: 68A, Syta St., 02-993 Warsaw. Relevant contact details can also be found on the website www.thinkit.pl in the Contact tab.

2. Using the website www.thinkit.pl, by sending us correspondence, including electronic correspondence, by cooperating, you accept the principles of our policy, which you can read on our website.

We collect your personal data:

  • to provide services based on your consent (the basis of Article 6 (1) (a) of the GDPR)
  • in order to participate in the recruitment and admission process, including waiting for a vacancy, based on your consent (the basis of Article 6 (1) (a) of the GDPR)
  • in order to conclude a contract based on your interest in our offer (the basis of Article 6 (1) (b) of the GDPR);
  • for the performance and on the basis of a contract, when we have concluded it (the basis of Article 6 (1) (b) of the GDPR);
  • for archival (evidence) purposes, which are the implementation of our legitimate interest in securing information in the event of a legal need to prove facts (the basis of Article 6 (1) (f) of the GDPR);
  • in order to possibly establish, investigate or defend against claims being the implementation of our legitimate interest in this interest (the basis of Article 6 (1) (f) of the GDPR);
  • in order to test customer satisfaction, which is the implementation of our legitimate interest in determining the quality of our service and the level of satisfaction of our customers with the services provided (the basis of Article 6 (1) (f) of the GDPR),

3. Personal data processed for the purposes set out above will be kept only to the extent necessary during the term of the contract or the period indicated in your consent or until its withdrawal, and during the transition period in order to exercise the rights of the parties under the contract, bearing in mind in particular the limitation periods for such claims due to the parties. In the event that legal proceedings are commenced, personal data may be kept until the conclusion of such proceedings, including for any potential appeal periods, and then either deleted or archived in accordance with applicable law. As a rule, we will retain your personal data for as long as required or permitted by applicable law. We will then delete your personal data from our systems and records and / or take appropriate steps to keep it secret so that the owner cannot be identified.

4. Under the terms of applicable law (e.g. GDPR), you have the following rights:

  • You have the right to obtain confirmation from us as to whether the personal data concerning you is being processed and, if any, request access to the personal data, and the right to obtain a copy of the personal data that is being processed. If you request additional copies, we may charge you a reasonable fee based on administrative costs.
  • Right to rectification: You have the right to rectify inaccurate personal data processed about you.
  • Right to erasure (right to be forgotten): You have the right to ask us to erase your personal data. In the event of exercising the right to be forgotten, we will cease to process your personal data and delete it in a manner ensuring security, unless there are special cases limiting the right to be forgotten, i.e. the existence of a legal provision that requires the processing of personal data, a situation in which processing data is necessary to establish, assert or defend claims.
  • Right to restriction of processing: You have the right to request that the processing of your personal data be restricted. In this case, the relevant data will be marked and may be processed by us only for specific purposes, unless there are special cases limiting the right to be forgotten, e.g. the existence of a legal provision that requires the processing of personal data, a situation in which data processing is necessary to establish, pursue or defend claims. Such a right may not exist, in particular if the processing of personal data is necessary to take steps prior to entering into a contract or to perform an already concluded contract, or to fulfill obligations under the law.
  • Right to data portability: You have the right to receive the personal data about you that you have provided to us in a structured, commonly used and readable format and the right to transfer this personal data to another person without obstruction by us.
  • Right to object: You have the right to object to our processing of your personal data and we may be required to stop processing your personal data. If you exercise your right to object, your personal data will no longer be processed by us for such purposes. There are no costs associated with exercising this right. Such a right may not exist, in particular if the processing of personal data is necessary to take steps prior to entering into a contract or to perform an already concluded contract, or to fulfill obligations under the law.

4. In the case of complaints, you also have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State where you are usually resident or where the alleged breach of personal data protection has occurred.

5. As a rule, your data will not be disclosed to third parties. The above does not apply to supervisory authorities, controlling bodies, courts and government bodies, in accordance with applicable law, as well as external advisers acting as controllers (e.g. lawyers, accountants, auditors, etc.) and other authorized persons involved in the processing of personal data. We enter into contracts with external service providers or other companies as part of normal business activities to perform specific tasks, e.g. related to human resources or IT, i.e. to ensure secure systems and networks, legal advice.

6. Whenever an element of such cooperation is also the processing of personal data, we guarantee the conclusion of an agreement with such entities on entrusting the processing of personal data, guaranteeing their protection to an extent at least the same as that applicable in ThinkIT. By concluding appropriate data transfer agreements based on standard contractual clauses (2010/87 / EU and / or 2004/915 / EC) referred to in Art. 46 (5) GDPR or other appropriate measures available via the contact details below, we have determined that all recipients will ensure an adequate level of protection of employee data and that appropriate technical and organizational security measures will be applied to protect employee data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against any other unlawful form of processing.

7. In case of doubts as to the scope and purpose of the processing of your personal data, and the rights you are entitled to in this connection, please contact us at the following e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it. , by calling +48 22 111 00 42 or in writing to the address of our registered office indicated above.

8. We transfer your personal data outside the country in which you are located only to the extent required by generally applicable regulations or agreements concluded with, for example, contractors. In any case, the transfer is considered to provide an adequate level of data protection from the perspective of European data protection law (Article 45 GDPR). By concluding appropriate data transfer agreements based on standard contractual clauses (2010/87 / EU and / or 2004/915 / EC) referred to in Art. 46 (5) GDPR or other appropriate measures available via the contact details below, we have determined that all other recipients located outside the EEA will provide an adequate level of protection of employee data and that appropriate technical and organizational security measures will be applied to protect employee data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against any other unlawful form of processing.


9. Providing your data is voluntary, but it is necessary to conclude a contract, establish cooperation or employment.

10. We collect all data in two ways:

  • Information provided voluntarily when sending correspondence to us, including in the form of e-mails, during a telephone or direct conversation, by filling out a form on our website, by concluding a contract, including in paper form;
  • Information obtained while using our website - these may include:
  1. Information in server logs - our servers automatically record data such as page requests sent by the user, date and time of the request, device data (e.g. hardware model), browser type, visitor's country, operating system type, IP address and so-called cookies.
  2. IP address - each computer connected to the Internet is assigned a unique number, i.e. an IP address. On its basis, you can, for example, identify the country from which a given user connects to the network.
  3. Cookies - small text files sent by a website that is visited by an Internet user to the Internet user's device (computer, smartphone, etc.).
    We use cookies to:
    - make it easier for users to use the website - cookies recognize the user's device and properly display the website, tailored to his individual needs,
    - create anonymous website statistics - thanks to this, we can better understand the expectations of our users and develop the website to make it even more user-friendly.

We control our methods of collecting, storing and processing information, including your personal data. Safety issues are very important to us. We use security systems, including server security devices, and physical security measures that, in our opinion, minimize the risk of a breach in the protection of personal data. We provide access to data only to those employees and entities that must have access to them in order to process them only for the purposes provided to them on the basis of appropriate authorizations. We will try to verify the level of threats and risks on an ongoing basis, as well as make any necessary changes to the applied security measures, if necessary.