Privacy policy

This Privacy Policy constitutes a set of rules for the processing of personal data on the website administered by S4E S.A. (hereinafter: “the Service”).

This Privacy Policy is addressed to all individuals who visit the Service or contact the Personal Data Administrator (hereinafter: “Users”). The Privacy Policy defines the rules for processing and protecting personal data of individuals using the Service. The purpose of the Privacy Policy is, among other things, to fulfill the information obligation referred to in Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter: “GDPR”.

The Controller of Users’ personal data is S4E S.A., with its registered office in Warsaw (hereinafter: “the Controller”) at ul. Inflancka 4B, 00-189 Warsaw, registered in the District Court for Kraków – Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS number 0000034998, NIP: 676-21-80-819, REGON: 356267368.

§ 2. Contact

Regarding personal data, you can contact the Controller via traditional mail by writing to: S4E S.A., ul. Inflancka 4B/2 piętro, 00-189 Warszawa, or via email to: biuro@s4e.pl.
The Controller has appointed a Data Protection Officer (DPO). This is Marcin Serafin, who can be contacted for all matters related to the processing of personal data and the exercise of rights related to processing, at the email address: iod.S4E@s4e.pl

§ 3. Data processing in connection with service usage

In connection with the User’s use of the Service, the Administrator collects data to the extent necessary for providing individual offered services, as well as information about the User’s activity on the Service. The detailed rules and purposes of processing personal data collected during the User’s use of the Service are described below.

§ 4. Purposes and legal bases for data processing on the service

1. Personal data of all individuals using the Service (including IP address or other identifiers and information collected via cookies or similar technologies) are processed by the Administrator:

• For the purpose of providing electronic services by making content collected on the Service available to Users – in which case the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);
• For the purpose of contact and responding to inquiries from Users regarding the Administrator’s services, sent to the Administrator’s email address – in which case the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting of the need to respond to Users;
• For analytical and statistical purposes – in which case the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting of conducting analyses of User activity and preferences to improve implemented functionalities and provided services;
• For the purpose of potential establishment and assertion of claims or defense against claims – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting of the protection of its rights;
• For the Administrator’s marketing purposes – the rules for processing personal data for marketing purposes are described in the MARKETING section.

2. User activity on the Service, including their personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and actions related to the IT system used to provide services by the Administrator). Information collected in the logs is primarily processed for purposes related to service provision. The Administrator also processes it for technical, administrative purposes, for ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes – in this regard, the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).

 

MARKETING

1. The Administrator processes Users’ personal data for the purpose of carrying out marketing activities, which may include:

• Sending SMS messages about interesting offers or content, which in some cases contain commercial information regarding the Administrator’s products or products of third parties with whom we cooperate;
• Sending electronic correspondence about interesting offers or content, which in some cases contain commercial information regarding the Administrator’s products or products of third parties with whom we cooperate;
• Conducting other types of analytical and statistical activities, as well as those related to direct marketing of our goods and services and those of other entities cooperating with us (sending commercial information electronically).

1. Personal data is processed:

• In the case of sending marketing content to the User – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) in connection with the expressed consent to receive marketing communications.
• In the case of advertising cookies – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), which includes promoting the brand and informing about the offer in accordance with the User’s expressed consent to save advertising cookies.

 

RECRUITMENT

1. The legal basis for processing personal data for recruitment purposes is the legitimate interest of the Administrator, the User’s voluntary consent, and the provisions of the Labor Code.
2. The basic scope of data acquired is specified in the provisions of the Labor Code, i.e., data regarding name, surname, date of birth, and specified contact details. If, for the purpose of recruitment for a specific position, it is necessary to obtain data from the candidate regarding education, professional qualifications, and previous employment history, the necessity of acquiring this data is indicated. This data is also acquired in accordance with the provisions of the aforementioned Article 22¹ § 1 of the Labor Code and on this basis (Article 6(1)(c) of the GDPR).
3. Personal data other than those listed above are processed on the User’s initiative. Providing additional data is voluntary. Additional data are processed based on consent (Article 6(1)(a) of the GDPR).
4. Personal data of Users who submit their application for a given position are also processed:

• For the purpose of conducting the recruitment process. Personal data specified in the Labor Code or possibly in other relevant legal acts (Article 6(1)(c) of the GDPR);
• For the purpose of conducting the recruitment process (in the case of prior consent) other personal data indicated in the recruitment application, including, among others, image and interests, are processed based on consent (Article 6(1)(a) of the GDPR);
• For the purpose of future recruitment processes of the Administrator (in the case of prior consent) data are processed based on consent (Article 6(1)(a) of the GDPR);
• For the purpose of potential establishment and assertion of claims or defense against claims – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting of the protection of its rights.

5. To the extent that personal data is processed based on expressed consent, this consent can be withdrawn at any time, without affecting the legality of processing carried out before its withdrawal. In the case of expressing consent for future recruitment processes, personal data is deleted after two years – unless consent has been withdrawn earlier.

§ 5. Cookies and similar technology

1. Cookies are small text files saved on the User’s device when they use websites. They remember, among other things, their visit and settings. They perform various functions, but the Administrator primarily uses them to enable the User access to the Service and facilitate their use of the services available on the Service.
2. The Administrator also uses cookies for analytical and marketing purposes, but only when the User gives their consent on the cookie banner that appears on the Service. This consent can be withdrawn at any time using the floating “MANAGE COOKIES” button.
3. Cookies are divided into persistent and session cookies – depending on how long they are stored, and into essential and optional cookies – depending on the purposes for which they are used.
4. Advertising cookies are optional. They match advertisements to the interests of Users on and off the Service. Based on these cookies and the User’s activity, their interest profile is created. The Administrator and its partners may install advertising cookies through the Service.
5. Processing data using advertising cookies requires the User’s consent, which can be obtained and withdrawn in accordance with point 2 above.

 

PERMANENT AND SESSION COOKIES

Type	Description
Session cookies	Some cookies are temporary files, stored until you log out, leave the page, or close your web browser. These types of cookies help the Administrator analyze network traffic, enable identification and resolution of technical problems, and facilitate navigation on the Service.
“Persistent” cookies	“Persistent” cookies are stored for a period specified in their parameters or until they are deleted by the User. They help the Administrator remember the User’s settings and preferences to make their next visit more convenient (e.g., they won’t have to re-enter login details).

ESSENTIAL AND OPTIONAL COOKIES

Type	Description
Niezbędne pliki cookie	These cookies are installed to provide access to the Service and its basic functions, therefore they do not require User consent. Without essential cookies, the Administrator would not be able to provide services to the User within the Service.
Opcjonalne pliki cookie	The Administrator uses these cookies only when the User agrees to it. They may be used, for example, for the Administrator’s analytical and advertising purposes.

6. Detailed purposes for using cookies are described on the cookie banner, which appears when the User first visits the Service, and is later accessible via the floating “MANAGE COOKIES” button.

7. The Service uses cookies from the Administrator and its trusted partners. Information about the Administrator’s trusted partners can be found on the cookie banner. Detailed information on how they process User data can be found in their privacy policies.

 

ADMINISTRATOR’S TRUSTED PARTNERS

Type	Description
Analytical service providers	The Administrator cooperates with providers of analytical services and tools, such as Google Analytics, to better understand how the Service operates.

 

MANAGING COOKIE SETTINGS

8. The User can manage cookie settings using the cookie banner. The Administrator provides the Service to the User in accordance with these settings. The cookie banner allows the User to:

• Obtain detailed information about the cookies used on the Service and about trusted partners;
• Express or withdraw consent for the use of optional cookies.
  
  9. The cookie banner appears when the User first visits the Service and remembers their consents. The User can change their settings at any time using the floating “MANAGE COOKIES” button.
  
  10.The User can also manage cookies by changing browser settings. Detailed information on this can be found at the links below.

Browser	Link
Internet Explorer	https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge	https://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plik%C3%B3w-cookie-w-przegl%C4%85darce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox	http://support.mozilla.org/pl/kb/ciasteczka
Google Chrome	http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
Opera	http://help.opera.com/Windows/12.10/pl/cookies.html
Safari	https://support.apple.com/kb/PH5042?locale=en-GB

11. Some cookies are essential for the functioning of the Service, therefore changing browser settings may cause some services not to work correctly, or even prevent the User from using the Service.

§ 6. How long we store your data

1. Except in cases where providing personal data is a legal requirement, providing personal data is entirely voluntary. However, failure to provide it will make it difficult or impossible for us to achieve the purposes stated above.
2. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service provision or order fulfillment, until consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator.
3. The data processing period may be extended if processing is necessary for the establishment and pursuit of potential claims or defense against claims, and thereafter only if and to the extent required by law. After the processing period expires, data is irreversibly deleted or anonymized.

§ 7. Who we share data with

1. In certain cases, if necessary to achieve the purposes described above, personal data will be disclosed to external entities providing services to the Administrator (e.g., IT service providers, CRM providers (customer relationship management services), providers of services and tools for managing cookie consents, analytical and marketing companies).
2. Personal data may also be disclosed to external entities who provide services to the Administrator in the field of legal or tax advice, couriers, postal operators, entities archiving documents, entities providing ICT services, entities providing recruitment agency services, providers of job advertisement publication services, providers of recruitment management systems, IT service providers.
3. With the User’s consent, their data may also be made available to other entities for their own purposes, including marketing purposes. The Administrator informs about each such disclosure in the Privacy Policy.
4. The Administrator reserves the right to disclose selected information regarding the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with applicable law.

§ 8. What rights you have regarding your data

1. The User has the right to access the content of their data and to request its rectification, erasure, restriction of processing, the right to data portability, and the right to object to data processing, as well as the right to lodge a complaint with the supervisory authority dealing with personal data protection.
2. To the extent that the User’s data is processed based on consent, this consent can be withdrawn at any time by contacting the Administrator, in the manner indicated in § 2 of the Policy.
3. The User has the right to object to data processing for marketing purposes if the processing takes place in connection with the Administrator’s legitimate interest, and also – for reasons related to the User’s particular situation – in other cases where the legal basis for data processing is the Administrator’s legitimate interest (e.g., in connection with the implementation of analytical and statistical purposes).

§ 9. Where we send user data

1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with the assurance of an adequate level of protection, primarily through:

• Cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued stating the assurance of an adequate level of Personal Data protection; in some cases, the European Commission additionally requires such a processing entity to participate in programs approved by it that group entities outside the EEA, whose participants are obliged to ensure Personal Data the same protection as they are entitled to in the European Union (detailed information can be found here);
• Application of standard contractual clauses issued by the European Commission; along with required additional security measures, they ensure Personal Data the same protection as they are entitled to in the European Union; contract templates can be found here;
• Application of binding corporate rules, approved by the competent supervisory authority.

1. A copy of detailed information about the safeguards applied by the Administrator when transferring data outside the EEA can be obtained by contacting the Administrator in the manner indicated in § 2 of the Policy.

§ 10. Security of personal data

1. The Administrator continuously conducts risk analysis to ensure that Personal Data is processed by them in a secure manner – primarily ensuring that only authorized persons have access to the data and only to the extent necessary due to the tasks they perform. The Administrator ensures that all operations on Personal Data are recorded and carried out only by authorized employees and collaborators.
2. The Administrator takes all necessary actions to ensure that their subcontractors and other cooperating entities also guarantee the application of appropriate security measures in every case when they process personal data on behalf of the Administrator.

§ 11. Changes to the privacy policy

1. The Policy is continuously reviewed and updated as needed.
2. The current version of the Policy was adopted and is effective as of November 1, 2025.