Information notes:

Potential partners
Clients and their representatives
Service providers and their representatives
Newsletter subscribers
Blog users
Participants of offline educational events
Job candidates
Persons interested in a career in Merixstudio
Facebook users
Subjects who required from us execution of their rights
Participants of contests organized by Merixstudio
Participants of workshops, trainings, and other similar events organized by Merixstudio (online)

INFORMATION NOTE FOR POTENTIAL PARTNERS | GDPR

Dear Sir/Madam,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

1. The controller of your personal data is the company MERIXSTUDIO Sp. z o.o. with headquarters in Poznań (61-129) at. Małachowskiego 10, entered into the register of entrepreneurs of National Court Register maintained by District Court Poznań – Nowe Miasto i Wilda in Poznań, VIII Commercial Division under the number 0000938427, holding the numbers TAX-EU: 7822905423 and REGON: 520724706, with a share capital of 200.000,00 PLN (hereinafter referred to as “Merixstudio”).

WHERE DO WE HAVE YOUR DATA FROM:

2. We have gathered your personal data from publicly available sources.

WHAT SORT OF YOUR PERSONAL DATA IS PROCESSED BY US:

3. We only process your identification data (first name, surname, image), employment data (job position, place of employment), and contact data (contact address, e-mail address, and phone number).

WHY DO WE PROCESS YOUR DATA:

4. We only process your personal data in order to establish business contacts with you or your employer – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as the endeavor to create contact network in relation to controller’s business activity – for period necessary to achieve the controller’s legitimate interest, but no longer than until you effectively place an objection to processing of your personal data. Your personal data may be processed longer if we obtain another legal basis to do so (such as conclusion and execution of the contract or defending against possible claims resulting from its execution), which we will inform you about promptly after we obtain a new legal basis for processing of your personal data.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us only to our hosting providers, electronic mail providers and e-mails dispatch providers.

6. Your personal data may be transferred outside the European Economic Area, due to the fact that Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS

7. Due to the protection of your personal data, you have the right to:

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. More information regarding the protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR CLIENTS AND THEIR REPRESENTATIVES | GDPR

Dear Sir/Madam,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

1. The controller of your personal data is the company MERIXSTUDIO Sp. z o.o. (i.e. limited company) with headquarters in Poznań (61-129) at. Małachowskiego 10, entered into the register of entrepreneurs of National Court Register maintained by District Court Poznań – Nowe Miasto i Wilda in Poznań, VIII Commercial Division under the number 0000938427, holding the numbers TAX-EU: 7822905423 and REGON: 520724706, with a share capital of 200.000,00 PLN (hereinafter referred to as “Merixstudio”).

WHERE DO WE HAVE YOUR DATA FROM:

2. We have gathered your personal data from publicly available sources.

WHAT SORT OF YOUR PERSONAL DATA IS PROCESSED BY US:

3. We only process your identification data (first name, surname, image), employment data (job position, place of employment) and contact data (contact address, e-mail address and phone number).

WHY DO WE PROCESS YOUR DATA

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us only to our hosting providers, electronic mail providers and e-mails dispatch providers.

WHAT ARE YOUR RIGHTS:

7. Due to the protection of your personal data, you have the right to:

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. More information regarding protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in point 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR SERVICE PROVIDERS AND THEIR REPRESENTATIVES | GDPR

Dear Sir/Madam,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

The controller of your personal data is the company MERIXSTUDIO Sp. z o.o. (i.e. limited company) with headquarters in Poznań (61-129) at. Małachowskiego 10, entered into the register of entrepreneurs of National Court Register maintained by District Court Poznań – Nowe Miasto i Wilda in Poznań, VIII Commercial Division under the number 0000938427, holding the numbers TAX-EU: 7822905423 and REGON: 520724706, with a share capital of 200.000,00 PLN (hereinafter referred to as “Merixstudio”).

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:

a)in order to conclude the contract – based on art. 6 par. 1 pt. b) of GDPR, alternatively (in relation to representatives of our clients) art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as the endeavor to conclude the contract with the client – until the end of negotiation process regarding conclusion of the contract.
b) in order to execute the contract – based on art. 6 par. 1 pt. b) of GDPR, alternatively (in relation to representatives of our clients) art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as the execution of the contract – until the fulfillment of the contract, its termination or cessation.
c) in order to perform our tax responsibilities – based on art. 6 par. 1 pt. c) of GDPR in relation to the Accounting Act and art. 86 of the Tax Ordinance Act – until cessation of 5 year period accounted from the end of the tax year during which the controller’s tax obligation appeared.
d) in order to pursuit our possible claims or defend against your possible claims which may arise in connection with our cooperation – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller – until cessation of the termination period of the last from our mutually available claims or until the finalization of the legal proceedings regarding our mutually available claims.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is:

a) in relation to you data mentioned in par. 2 pt. a), b) and d) above – required to conclude our agreement – otherwise we will not be able to conclude and perform the contract between us;
b) in relation to your data mentioned in par. 2 pt. c) above – mandatory (as a legal obligation resulting from the Accounting Act and the Tax Ordinance Act) – otherwise we will not be able to conclude and perform the contract between us.

4. Due to the fact that negotiations or consultations related to the conclusion or performance of the contract may take place at our headquarters, we would also like to inform you that video monitoring operates within our company's premises. The purpose of monitoring is to ensure the safety of people and property within our premises and its legal basis is art. 6 par. 1 pt. f) of GDPR – the legitimate interest of the controller is to implement the above-mentioned objective. Materials obtained from monitoring will be stored for a period of 30 days, after which they will be destroyed in a way that prevents their reproduction. Exceptionally, in the case in which the recordings are evidence in legal proceedings or the controller has learned that they may constitute evidence in such proceedings, the time limit specified in the preceding sentence is extended until the end of the relevant proceedings.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) invoicing software service providers;
d) accountancy service providers;
e) legal service providers;
f) mail service providers;
g) IT service providers;
h) our subcontractors.

6. Your personal data may be transferred outside the European Economic Area, due to the fact that:
Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.
To some extent, hosting services (regarding cloud computing services) are provided also by Atlassian, Inc. company incorporated in USA together with Atlassian Pty Ltd. company incorporated in Australia. The legal basis for transfer of your personal data to the aforementioned companies and the legal mechanism protecting this transfer are also the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

7. Due to the protection of your personal data, you have the right to:

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. More information regarding protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in point 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR MERIXSTUDIO NEWSLETTER SUBSCRIBERS | GDPR

Dear Subscriber,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

WHY DO WE PROCESS YOUR DATA:

2. We process your personal data in order to deliver our Merixstudio newsletter to you – based on art. 6 par. 1 pt. a) of GDPR which is your consent, given by you as you checked the appropriate checkbox containing your consent statement – such data will be processed by us as long as we have your consent, until you revoke it.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, but required to receive our newsletter – ceasing to process your personal data will prevent this purpose.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

4. Your personal data may be disclosed by us to our hosting provider, electronic mail provider and provider of the newsletter dispatch service.

5. Your personal data may be transferred outside the European Economic Area – due to the fact that The Rocket Science Group LLC company incorporated in USA is our provider of the newsletter dispatch service, while Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to The Rocket Science Group LLC and Google LLC and their subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

6. Due to the protection of your personal data, you have the right to access your personal data and receive their copies (art. 15 of GDPR);

6.1. access your personal data and receive their copies (art. 15 of GDPR);
6.2. rectify your personal data and supplement them if necessary (art. 16 of GDPR);
6.3. erase your personal data or restrict their processing (art. 17-18 of GDPR);
6.4. object to the processing of your personal data (art. 21 of GDPR);
6.5. transfer your personal data (art. 20 of GDPR);
6.6. lodge a complaint with a competent supervisory authority – the President of Personal Data Protection Office – address: Stawki 2, 00-193 Warsaw, https://uodo.gov.pl – (art. 77 of GDPR).

7. You also have the right to withdraw, at any time, your consent to processing of your personal data referred to in par. 2 above, however, the withdrawal of your consent will not affect the lawfulness of processing of your personal data within the period of validity of your consent and after withdrawal of your consent we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. More information regarding protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR MERIXSTUDIO BLOG USERS | GDPR

Dear User,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

WHY DO WE PROCESS YOUR DATA:

2. We process your personal data in order to write and manage our Merixstudio blog (under following address: https://www.merixstudio.com/blog/) – based on art. 6 par. 1 pt. a) of GDPR which is your consent, given by you as you post your entry under our post – such data will be processed by us  as long as we have your consent, until you revoke it – in particular by self-deleting your entry or by requesting that we delete entries posted by you within our blog.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, but required to achieve the purpose referred to in par. 2 above – ceasing to process your personal data will prevent this purpose.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

4. Your personal data may be transferred outside the European Economic Area – due to the fact that:
a) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.
b) While using our blog you may post your comments through a dedicated Disqus plugin used by us in our blog. To make it possible you must have your account in Disqus service maintained by a separate controller of your personal data – Zeta Global Corp. company incorporated in USA. In such case, the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

5. Due to the protection of your personal data, you have the right to:

5.1. access your personal data and receive their copies (art. 15 of GDPR);
5.2. rectify your personal data and supplement them if necessary (art. 16 of GDPR);
5.3. erase your personal data or restrict their processing (art. 17-18 of GDPR);
5.4. object to the processing of your personal data (art. 21 of GDPR);
5.5. transfer your personal data (art. 20 of GDPR);
5.6. lodge a complaint with a competent supervisory authority – the President of Personal Data Protection Office – address: Stawki 2, 00-193 Warsaw, https://uodo.gov.pl – (art. 77 of GDPR).

6. You also have the right to withdraw, at any time, your consent to processing of your personal data referred to in par. 2 above, however, the withdrawal of your consent will not affect the lawfulness of processing of your personal data within the period of validity of your consent and after withdrawal of your consent we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. More information regarding protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR PARTICIPANTS OF EDUCATIONAL EVENTS | GDPR

Dear Participant,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:

a) in order to organize and perform the training, workshops, conference or other similar events (hereinafter referred to as “the event”) – based on art. 6 par. 1 pt. b) of GDPR, – until the end of the event.
b) in order to control the number of participants and ensure safety throughout the event – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller – until the end of the event.
c) in order to promote the events organized by us – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as promotion of its services – until you object to it – to the extent in which we record and process your image in materials in which this image is a part of a larger whole (concerns materials not focused on you – for example when you are one of the people included in the wider picture).
d) in order to select the participants who are most interested in participation in the event and have knowledge adequate to the topics discussed in the course of the event – based on art. 6 pat. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as the optimal selection of event participants in terms of their knowledge and motivation to participate in the event – until the end of the event.
e) in order to adjust the content presented during the event in which you participate – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as organization of workshops, trainings and other similar events adjusted to knowledge and skills of participants of such events – until the end of the event.
f) in order to promote the events organized by us – based on art. 6 par. 1 pt. a) of GDPR which is your consent – until you withdraw your consent – to the extent in which we record and process your image in materials in which this image is not a part of a larger whole (concerns materials focused on you, not including you as one of many people – for example an interview with you or an individual photography).

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, but (apart from the data mentioned in par. 2 pt. f above) required for your participation in events organized by Merixstudio – ceasing to process your personal data will prevent implementation of this purpose.

4. We would also like to inform you that a video monitoring system including 4 cameras operates within our company's premises so when the events (in particular training or workshops) take place within our premises your image will be recorded. The purpose of monitoring is to ensure the safety of people and property within our premises and its legal basis is art. 6 par. 1 pt. f) of GDPR – the legitimate interest of the controller which is to implement the above-mentioned purpose. Materials obtained from monitoring will be stored for a period of 30 days, after which they will be destroyed in a way that prevents their reproduction. Exceptionally, in the case in which the recordings are evidence in legal proceedings or the controller has learned that they may constitute evidence in such proceedings, the time limit specified in the preceding sentence is extended until the end of the relevant proceedings.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) event registration service providers;
d) social media providers (Facebook, Twitter, YouTube, LinkedIn, Instagram);
e) mail service providers;
f) our subcontractors.

6. Your personal data may be transferred outside the European Economic Area – due to the fact that:

a) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission;
b) photos from trainings and workshops as well as other promotional materials may be published by us in social media, which may lead in consequence to disclosure of your personal data to providers of following social media portals: Facebook (Meta Platforms, Inc.), Instagram (Meta Platforms, Inc.), LinkedIn (LinkedIn Corporation), Twitter (Twitter, Inc.) and YouTube (Google LLC), all incorporated in USA. Your personal data processed within the aforementioned social media portals is generally controlled by the following companies incorporated in Ireland: Facebook Ireland ltd. (Facebook and Instagram), LinkedIn Ireland Unlimited Company (LinkedIn), Twitter International Company (Twitter) and Google Ireland ltd. (YouTube). In some cases however, a certain amount of your personal data (such as basic identification data revealed by you while registering your account) may be transferred by the aforementioned Irish companies to their related US companies. In such case, the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

7. Due to the protection of your personal data, you have the right to:

8. You also have the right to withdraw, at any time, your consent to processing of your personal data referred to in par. 2 pt. e) above, however, the withdrawal of your consent will not affect the lawfulness of processing of your personal data within the period of validity of your consent and after withdrawal of your consent we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

9. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
10. More information regarding protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
11. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in point 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR JOB CANDIDATES | GDPR

Dear Candidate,

Regarding the requirements resulting from General Data Protection Regulation (referred to in this document as “GDPR”) which entered into force on 25th of May 2018, we want you to know:

WHO WE ARE:

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:

if you apply for employment based on a labor contract:

a) in order to conduct the recruitment process and your data, within the scope indicated in art. 221 §1 of Labor Code, will be processed by us based on art. 6 par. 1 pt. b) of GDPR in conjunction with art. 221 §1 of Labor Code, while your remaining data, which have been disclosed by you voluntarily during the recruitment process, will be processed based on art. 6 par. 1 pt. a) of GDPR or art. 9 par. 2 pt. a) of GDPR which is your consent – for a period of one month until conclusion of recruitment process in which you have participated, unless you withdraw earlier your consent on processing your personal data disclosed by you voluntarily – in such case these data will be processed until withdrawal of your consent.
b) in order to verify your right to take up and perform employment in the territory of Republic of Poland (concerns foreigners) – based on art. 6 par. 1 pt. b) of GDPR in conjunction with provisions of chapter 16 of Act on the promotion of employment and labor market institutions – until the end of recruitment process – subject to provisions of pt. c) – d) below.
c) in order to perform recruitment process for job position which may be available in the future – based on art. 6 par. 1 pt. a) of GDPR which is your consent – for a period of validity of your consent, however no longer than two years from obtaining it from you.
d) in order to defend against your possible claims, if within one month from conclusion of recruitment process for the position you have applied for, you will question the results of the recruitment carried out by us – based on art. 6 par. 1 pt. f) of GDPR, which is a legitimate interest of the controller – for a period of 3 years from the end of recruitment for the position you have applied for, but no longer than until: (i) your explicit and documented acceptance of the results of recruitment or (ii) final termination of litigation regarding the recruitment process in which you’ve participated; nonetheless, we stipulate that if during the aforementioned one month period no complaint or any similar motion regarding concluded recruitment process reaches us, we will assume that you don’t question the results of recruitment process and we will stop processing your personal data for that purpose.

if you want to be self-employed (cooperate under b2b contract):

e) in order to conclude a contract between us – based on art. 6 par. 1 pt. b) of GDPR – which is taking up the activities on your demand before conclusion of the contract (if it is you who is sending us your application / cooperation offer and is initiating contact with us) or based on art. 6 par. 1 pt. f) of GDPR, which is the legitimate interest of the data controller, resting in the effort to conclude the contract with service provider (if you have been recommended to us by another user of recruitment application used by us (hereinafter referred to as “the App”) and it is us who are initiating contact with you) – until the end of negotiation of the contract between us, although, if we won’t start negotiation / won’t contact you in 90 days from receipt of your application / cooperation offer, we will delete your personal data disclosed to us in your application / cooperation offer after expiration of the aforementioned 90 day period;
f) for purpose, on legal basis and for period indicated in pt. d) above – taking into account the nature of the recruitment process in which you participate (leading to cooperation based on b2b contract).

WHERE DID WE OBTAIN YOUR PERSONAL DATA:

3. We have obtained your personal data either directly from you - when you decided to take part in the recruitment process carried out by us, sent us cooperation offer or showed us your interest in taking up such cooperation, or from another user of the App - through this application - if you have been recommended to us by another App’s user as potential candidate for the position we want to fill in the course of recruitment process carried out by us using the eRecruiter app or a candidate for cooperation with us.

WHICH CATEGORIES OF YOUR PERSONAL DATA ARE PROCESSED BY US:

4. We process the categories of your personal data which you decided to disclose to us in the course of the recruitment process carried out by us in which you decided to participate through the App or by sending us cooperation offer or showing your interest in such cooperation via the App. In case we obtained your personal data not directly from you – when you have been recommended to us by another App user as potential candidate for the position we want to fill in the course of recruitment process carried out by us using the App or candidate for b2b cooperation – we process the categories of your personal data which you decided to make public in the App – such as your first name, your second name, your image and place of residence.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

5. In case you participate in the recruitment process in which we offer employment based on labor contract, provision of your personal data indicated in art. 221 §1 of Labor Code and in chapter 16 of the Act on the promotion of employment and labor market institutions is mandatory (as a legal obligation resulting from the aforementioned regulations) and you are obliged to disclosed these data – otherwise we will not be able to conduct the recruitment process with you participating in it.  Provision of remaining data is voluntary and you don’t have to disclose them to us.

6. In case you want to cooperate as self-employed person (based on b2b contract), provision of your personal data required to fill the recruitment form prepared by us is voluntary, however needed by us to process your application and take up further steps necessary to conclude a contract between us.

7. Regardless of the legal basis of our cooperation which you want to choose, due to the nature of the recruitment process carried out via the App, provision of your e-mail address is required. Your e-mail address will be used to contact you and to verify your profile in the App. If you don’t want to disclose your e-mail address and you want to contact us using other contact data, you can choose other form of communicating us – such us traditional written form (post). Your e-mail address will be processed by us based on our legitimate interest (contacting you and verification of your account in the App) – based on art. 6 par. 1 pt. f) of GDPR – for a period indicated in par. 2 pt. a) or e) above.

8. Due to the fact that sometimes the recruitment process may partially take place at our headquarters, we would also like to inform you that video monitoring system operates within our company's premises. The purpose of monitoring is to ensure the safety of people and property within our premises and its legal basis is art. 6 par. 1 pt. f) of GDPR – the legitimate interest of the controller understood as implementation of the above-mentioned purpose. Materials obtained from monitoring will be stored for a period of 30 days, after which they will be erased in a way that prevents their reproduction. Exceptionally, in the case in which the recordings are evidence in legal proceedings or the data controller has learned that they may constitute evidence in such proceedings, the time limit specified in the preceding sentence is extended until the end of the relevant proceedings.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

9. our personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) mail service providers;
d) providers of recruitment applications;
e) legal service providers.

10. Your personal data may be transferred outside the European Economic Area – due to the fact that Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

11. Due to the protection of your personal data, you have the right to access your personal data and receive their copies (art. 15 of GDPR);

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority – the President of Personal Data Protection Office – address: Stawki 2, 00-193 Warsaw, https://uodo.gov.pl – (art. 77 of GDPR);
g) withdraw, at any time, your consent to processing of your personal data referred to in par. 2 above, however, the withdrawal of your consent will not affect the lawfulness of processing of your personal data within the period of validity of your consent and after withdrawal of your consent we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

12. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
13. More information regarding protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
14. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in point 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR WHO IS INTERESTED IN A CAREER IN MERIXSTUDIO | GDPR

Hello,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data in order to arrange your visit with us which may help you get to know us a little more and help you make a decision if it is worth considering cooperation with us in the future – hence based on art. 6 par. 1 pt. a) of GDPR which is your consent – for a period of one month since the arranged date of your last visit with us, unless you withdraw earlier your consent on processing your personal data disclosed by you – in such case these data will be processed until withdrawal of your consent or unless you will inform us about cancelling your visit – then we will stop processing your personal data without delay.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, however required for arranging your visit with us.

4. Due to the fact that the your visit may take place at our office, we would also like to inform you that video monitoring system operates within our office. The purpose of monitoring is to ensure the safety of people and property within our premises and its legal basis is art. 6 par. 1 pt. f) of GDPR – the legitimate interest of the controller understood as implementation of the above-mentioned purpose. Recordings obtained from monitoring will be stored for a period of 30 days, after which they will be destroyed in a way that prevents their reproduction. Exceptionally, in the case in which the recordings are evidence in legal proceedings or we learn that they may constitute evidence in such proceedings, the time limit specified in the preceding sentence is extended until the end of the relevant proceedings.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. our personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers.

WHAT ARE YOUR RIGHTS:

7. Due to the protection of your personal data, you have the right to access your personal data and receive their copies (art. 15 of GDPR);

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to the processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority – the President of Personal Data Protection Office – address: Stawki 2, 00-193 Warsaw, https://uodo.gov.pl – (art. 77 of GDPR);
g) withdraw, at any time, your consent to the processing of your personal data referred to in par. 2 above, however, the withdrawal of your consent will not affect the lawfulness of the processing of your personal data within the period of validity of your consent and after withdrawal of your consent, we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. More information regarding protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in point 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR FACEBOOK USERS | GDPR

Dear Guest,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, in relation to the fact, that we run a fanpage on Facebook social media, which enables your interaction with us (reactions to our posts, tagging places and users, etc.) and our website includes a social media plugin which redirects to Facebook portal enabling fast interaction with us, we want you to know:

WHO WE ARE:

2. The joint controller of your personal data – based on appropriate arrangements – is Facebook Ireland Limited company with its registered headquarters at 4 Grand Canal Square, Grand Cana Harbour, Dublin 2, Ireland. The essential content of the arrangements between the joint controllers is available on the webpage of the Facebook portal under following link: https://www.facebook.com/legal/controller_addendum (information regarding terms and conditions for processing of personal data can also be found under following address: https://www.facebook.com/legal/terms/page_controller_addendum). We also want you to know that:

a) responsibility for performance of information obligation resulting from art. 13-14 of GDPR towards you rests on us;
b) Facebook Ireland Limited is responsible for ensuring execution of your rights listed in art. 15-20 of GDPR in relation to personal data stored by Facebook Ireland Limited company during their collaborative processing by us and Facebook Limited Company.

WHY DO WE PROCESS YOUR DATA:

3. We may process your personal data:

a) for purpose of running our fanpage on Facebook portal effectively and enabling your interaction with us through this fanpage by presenting you with information regarding initiatives undertaken by us and our other activity and also with information related to promotion of various events, services and products, based on art. 6 par. 1 pt. f) of GDPR, which is a legitimate interest of the controller resting in promotion of our mark and enhancement of our services, until you lodge a well-founded objection to processing of your personal data;
b) for purpose of promoting our webpage in social media services to which social media plugins installed on our webpage redirect to, based on art. 6 par. 1 pt. f) of GDPR, which is a legitimate interest of the controller resting in promotion of our mark, until you lodge a well-founded objection to processing of your personal data;
c) for purpose of statistics and analytics, based on art. 6 par. 1 pt. f) of GDPR, which is a legitimate interest of the controller resting in promotion of our mark and enhancement of our services, until you lodge a well-founded objection to processing of your personal data;
d) for purpose of pursuing our potential claims or defending against your potential claims which may arise in connection with our interaction – based on art. 6 par. 1 pt. f) of GDPR which is a legitimate interest of the controller resting in securing his rights – until cessation of the termination period of the last from our mutually available claims or until the finalization of the legal proceedings regarding them;

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

4. Providing personal data by you for purposes indicated in par. 3 pt. a) – c) is entirely voluntary and may result only from your initiative, while we may process your personal data for purpose indicated in par. 3 pt. d) as effect of providing us with your data for other purposes and only if a dispute or reasonable risk of dispute between us occurs.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us to:

a) owner of Facebook social media portal;
b) providers of hosting services, including cloud computing services;
c) providers of legal services – if justified in a particular situation;
d) if justified in a particular situation, also to police, attorney’s office, courts and other authorized public authorities.

6. Your personal data may be transferred outside the European Economic Area – due to the fact that:

a) Facebook Ireland Limited company with its registered seat in Ireland is a joint controller of your personal data and in justified circumstances it may transfer your personal data to its related companies with their registered headquarters in USA (in particular to Meta Platforms, Inc.). In such case the legal basis for transfer of your personal data to such entities and the mechanism securing your personal data are the Standard Contractual Clauses enacted by the European Commission;
b) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism securing this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

7. Due to protection of your personal data you have the right to:

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you. Details regarding processing of your personal data by provider of Facebook portal may be found under following link: https://www.facebook.com/about/privacy – information provided therein result in conclusion that provider of Facebook portal may process your personal data in automated manner, which may have effect, inter alia, on extent of content displayed to you on Facebook portal.
9. More information regarding the protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in point 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR DATA SUBJECTS WHO REQUESTED FROM US EXECUTION OF THEIR RIGHTS AVAILABLE UNDER ARTICLES 15 – 22 OF GDPR:

Dear Petitioner,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:

a) in order to analyze and process the requests filed by you under the articles 15-22 of GDPR – based on art. 6 par. 1 pt. c) of GDPR in conjunction with articles 15-22 of GDPR which is our legal obligation – for period required to analyze and process requests filed by you (basically no longer than 3 months from receipt of the requests filed by you);
b) in order to pursuit our potential claims or defend against your potential claims which may arise in connection with requests filed by you – based on art. 6 par. 1 pt. f) of GDPR which is a legitimate interest of the data controller – until cessation of the termination period of the last from our mutually available claims or until the finalization of the legal proceedings regarding them (basically no longer than 6 years from receipt of the requests filed by you).

WHAT CATEGORIES OF YOUR PERSONAL DATA DO WE PROCESS:

3.We proces following categories of your personal data:
        3.1. first name and last name;
        3.2. contact data provided by you (which may include: e-mail address, phone number, home address, address for service and other contact data provided by you);
        3.3 any other potential data provided by you – for example in order to verify your identity (which may include your birth date or PESEL number).

HOW DO WE ACQUIRED YOUR PERSONAL DATA:

4. We acquired your personal data from you.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Disclosure of your personal data referred to in this information note is voluntary, however required for analysis and processing of your requests. Refusing to disclose the aforementioned personal data, as well as any other potential data which my by required by us in order to verify your identity, will prevent processing of your requests.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

6. Your personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) mail service providers;
d) legal service providers.
e) in justified cases also to police, attorney office, courts and other authorized public authorities.

7. Your personal data may be transferred outside the European Economic Area, due to the fact that Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

8. Due to protection of your personal data you have the right to:

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. More information regarding protection of your personal data can be found in our Privacy policy available in English – under the following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in point 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.

INFORMATION NOTE FOR PARTICIPANTS OF CONTESTS ORGANIZED BY MERIXSTUDIO GDPR:

Dear Participant,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:
a) in order to organize and perform the contest in which you participate based on our agreement (terms and conditions of the contest) – based on art. 6 par. 1 pt. b) of GDPR, – until the end of the contest;
b) in order to promote the contests organized by us – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as promotion of its services – until you object to it – to the extent in which we record and process your image in materials in which this image is a part of a larger whole (concerns materials not focused on you – for example when you are one of the people included in the wider picture);
c) in order to promote the contests organized by us – based on art. 6 par. 1 pt. a) of GDPR which is your consent – until you withdraw your consent – to the extent in which we record and process your image in materials in which this image is not a part of a larger whole (concerns materials focused on you, not including you as one of many people – for example an interview with you or an individual photography);
d) in order to perform our tax duties resting on us as the payers of the income tax – based on art. 6 par. 1 pt. c) of GDPR in relation to provisions of the Tax Ordinance and Act on Personal Income Tax (in particular art. 30 sub. 1 pt. 2 and art. 41 and 42 of the Act on Personal Income Tax dated 26 July 1991) – for period of 5 years from the end of the fiscal year in which our tax obligation occurred;
e) in order to perform our accounting duties – based on art. 6 par. 1 pt. c) of GDPR in relation to provisions of the Tax Ordinance and Act on Personal Income Tax (in particular art. 86 of the Tax Ordinance) – for period of 5 years from the end of the fiscal year in which the particular tax event occurred;
f) for the purpose of potential execution of claims and defending against the claims which may be mutually available to us in relation to your participation in the contest organized by us – based on art. 6 par. 1 pt. f) of GDPR, which is our legitimate interest – until cessation of the limitation period of the last of the mutually available claims or until the final conclusion of the judicial proceedings related to our mutually available claims;
g) in order to enable your participation in the survey performed in relation to the contest organized by us, as well as to inform you about correctness of of the answers given to the questions constituting the contest assignment – based on art. 6 par. 1 pt. a) of GDPR, which is your consent – until you revoke such consent.

DO WE HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data for purposes indicated in:
a) sub. 2 pt. a) – b) above is voluntary, however necessary for your participation in the contest organized by us – otherwise your participation in the contest will not be possible;
b) sub. 2 pt. d) – e) above is mandatory (as a legal obligation resulting from the legal provisions indicated there) and you are required to disclose such data – otherwise you will not be able to participate in our contest and collect the reward;
c) sub. 2 pt. f) is required for your participation in the contest and cessation of their processing for these purposes will prevent achieving them, as well as your participation in the contest;
d) sub. 2 pt. c) and g) is absolutely voluntary.

4. We would also like to inform you that a video monitoring system including 4 cameras operates within our company's premises so when the contest takes place within our premises your image will be recorded. The purpose of monitoring is to ensure the safety of people and property within our premises and its legal basis is art. 6 par. 1 pt. f) of GDPR – our legitimate interest which is to implement the above-mentioned purpose. Materials obtained from monitoring will be stored for a period of 30 days, after which they will be destroyed in a way that prevents their reproduction. Exceptionally, in the case in which the recordings are evidence in legal proceedings or we have learned that they may constitute evidence in such proceedings, the time limit specified in the preceding sentence is extended until the end of the relevant proceedings.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) social media providers (Facebook, Twitter, YouTube, LinkedIn, Instagram);
d) mail and courier service providers;
e) photographic services providers;
f) our subcontractors;
g) accountancy services providers;
h) legal services providers;
i) National Revenue Administration;
j) in certain situatons also to Police, Attorney Office, judicial courts, as well as other authorized bodies and institutions of public authority.

6. Your personal data may be transferred outside the European Economic Area – due to the fact that:
a) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission;
b) photos from trainings and workshops as well as other promotional materials may be published by us in social media, which may lead in consequence to disclosure of your personal data to providers of following social media portals: Facebook (Meta Platforms, Inc.), Instagram (Meta Platforms, Inc.), LinkedIn (LinkedIn Corporation), Twitter (Twitter, Inc.) and YouTube (Google LLC), all incorporated in USA. Your personal data processed within the aforementioned social media portals is generally controlled by the following companies incorporated in Ireland: Facebook Ireland ltd. (Facebook and Instagram), LinkedIn Ireland Unlimited Company (LinkedIn), Twitter International Company (Twitter) and Google Ireland ltd. (YouTube). In some cases however, a certain amount of your personal data (such as basic identification data revealed by you while registering your account) may be transferred by the aforementioned Irish companies to their related US companies. In such case, the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

7. Due to protection of your personal data you have the right to:

ADDITIONALLY:

INFORMATION NOTE FOR PARTICIPANTS OF WORKSHOPS, TRAININGS, AND OTHER SIMILAR EVENTS ORGANIZED BY MERIXSTUDIO | GDPR:

Dear Participant,
According to the General Data Protection Regulation (GDPR) in force since 25 th of May 2018, we want you to know:

WHO WE ARE:

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:

a) in order to organize and perform the training, workshops, conference or other similar events (hereinafter referred to as “the event”) – based on art. 6 par. 1 pt. b) of GDPR, – until the end of the event;
b) in order to promote the events organized by us as well as inform and remind you about the method, time and place of their taking place – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as promotion of its services – until you object to it.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, but required for your participation in events organized by Merixstudio – ceasing to process your personal data will prevent implementation of this purpose.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

4. Your personal data may be disclosed by us to:

5. Your personal data may be transferred outside the European Economic Area – due to the fact that:

a) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission;
b) content of (online) trainings and workshops and promotional materials may be published by us in social media, which may lead in consequence to disclosure of your personal data to providers of following social media portals: Facebook (Meta Platforms, Inc.), Instagram (Meta Platforms, Inc.), LinkedIn (LinkedIn Corporation), Twitter (Twitter, Inc.) and YouTube (Google LLC), all incorporated in USA. Your personal data processed within the aforementioned social media portals is generally controlled by the following companies incorporated in Ireland: Facebook Ireland ltd. (Facebook and Instagram), LinkedIn Ireland Unlimited Company (LinkedIn), Twitter International Company (Twitter) and Google Ireland ltd. (YouTube). In some cases however, a certain amount of your personal data (such as basic identification data revealed by you while registering your account) may be transferred by the aforementioned Irish companies to their related US companies. In such case, the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

6. Due to protection of your personal data you have the right to:

ADDITIONALY:

7. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on
you.

8. More information regarding protection of your personal data can be found in our Privacy policy available in English – under following address: https://www.merixstudio.com/pages/privacy-policy/ and in Polish – under following address: https://www.merixstudio.com/pages/polityka-prywatnosci/.

9. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in point 1 above with the postscript "Personal data" or to our e-mail address: odo@merixstudio.com.