Who collects and process your Personal Data

We can collect information about you that can directly or indirectly identify you (“Personal Data”) when:

• you use our website https://transformagency.com/ (“Website”) or social media users;
• we provide our services on websites audit, development services, support and maintenance services (“Services”);
• we receive your Personal Data from our clients, partners and clients of our partners.

Please note that our Website may provide links to third-party websites, applications and services, which are operated and provided by the independent providers. These providers shall have their own privacy policies, cookies policies, as well as terms and conditions, which we encourage you to review before using their services. We are not responsible for the processing activities conducted by third- party providers via their websites, applications and/or services.

This Privacy Policy provides for (1) visitors (users) of Website or social media users; (2) our clients and partners; and (3) clients of our partners, end- customers (including potential end-customers) of our clients, partners and clients of our partners. Unless expressly provided otherwise, all of the following terms apply to all of the above categories of data subjects.

The controller of your Personal Data who determines purposes and means of the processing is TRANSFORM AGENCY Ltd (TRANSFORM AGENCY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ), registered in the Republic of Poland under Registration Number 7011086227, legal address: Republic of Poland, Warsaw, 02-001, Aleje Jerozolimskie street, house 89, apt. 43 (“we”, “us”, “our”, etc.).

We collect Personal Data in the following ways: if you provide it to us; or automatically by electronic means, including with the help of cookies, when you use our Website. If you contact us in social networks, we may also collect information about you available on such social network.

We may periodically update this Privacy Policy. Your continued use of our Services or the Website after the effective date of the updated Privacy Policy will be subject to the new Privacy Policy. If we make any major changes to our Privacy Policy and will need your explicit consent for further processing of your Personal Data, we will request your consent or your renewed consent (in case it was obtained previously).

If you do not agree with this privacy policy, please do not request our services or use our website

Which Personal Data do we collect and process

We respect your privacy and aim to limit the Personal Data that we collect from you to the amount which is strictly necessary to fulfil the purposes of processing. Categories of Personal Data that we process are specified below.

Purpose of the processing, Type of Personal Data, Legal ground for the processing

(1) Visitors (users) of our Website or social media users

To consider and reply to incoming queries

You may contact us via social media, via the form “Contact us” on the Website or via other means of communication with a question/request/complaint, etc. We will process Personal Data you provide to give feedback.

• first name,
• last name,
• email,
• information available on social media if you contact us in social networks,
• other data that you provide in your query

The legitimate interest based on the balance of interests:

• your interest in receiving the feedback;
• our interest to process you question/request/complaint in order to give you feedback.

If you decide to proceed with our Services, your Personal Data will be further processed based on the legal ground of the performance of a contract (for more information please refer above)

To send our newsletter

You may subscribe to our newsletter to receive information about news, special offers, digests, latest information on our Services and for other marketing purposes. Our newsletter may include host mailings (communications promoting the third party's goods and services and (or) enclosing third party’s material).

(2) Our clients and partner

To establish a contractual relationship with you and provide you with our services

On the basis of a contract concluded with you, we will provide you with our Services. We will be communicating with you via email, messengers, online-meetings, etc.

• name of the company,
• signatory’s first and last name,
• signatory title,
• email address,
• billing address,
• any other information provided by you

Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

Please note that provision of this Personal Data is a contractual requirement (or a requirement necessary to enter into a contract) and if you would like to make use of our Services you are obliged to provide such data. Otherwise, we will not be able to provide you with our Services.

To send our newsletter

Please note that Personal Data that we process to establish contractual relationship with you may be used for the marketing purposes of our own similar Services. This includes sending newsletter for the persons clearly linked to their organization or company which is our client or partner in the context of the position they hold.

You may unsubscribe from future newsletter in each email that we send you. Your refusal applies to marketing; however, we may still process it for other purposes if we have the necessary legal ground (e.g. performance of the contract with you).

• Personal data that we process to establish and fulfil contractual relationship

The legitimate interest based on the balance of interests:

• your interest is in discovering similar Services that you may be interested in;
• our interest is in business development and distribution of our Services.
• We do not use automated decision-making and profiling.
• Please, note, that signed contract with you may change the composition of processed Personal Data, Personal Data retention periods and other terms of processing, in which case the terms of the contract prevail over this Privacy Policy.

Term of Personal Data processing and place of storage

• We retain your Personal Data for as long as it is necessary to fulfil the purposes specified in the section “Which Personal Data do we collect and process”. The time limit is 5 (five) years, except for the data of our clients and partners specified in the contract with such clients and partner, we are obliged to keep during the term of the contract, but not less than for 10 (ten) years. Once this time period has expired, we will delete your data as soon as possible.
• We securely store your data at cloud Zoho servers which are physically located within the European Union.
• We also take security precautions such as:
  • Measures of pseudonymisation and encryption of Personal Data;
  • Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • Measures for ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
  • Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing;
  • Measures for user identification and authorisation;
  • Measures for the protection of data during transmission;
  • Measures for the protection of data during storage;
  • Measures for ensuring physical security of locations at which Personal Data are processed;
  • Measures for ensuring events logging;
  • Measures for ensuring system configuration, including default configuration;
  • Measures for internal IT and IT security governance and management;
  • Measures for certification/assurance of processes and products;
  • Measures for ensuring data minimisation;
  • Measures for ensuring data quality;
  • Measures for ensuring limited data retention;
  • Measures for ensuring accountability;
  • Measures for allowing data portability and ensuring erasure;
• When processing and transmitting data, the HTTPS protocol is used. To ensure the security of data storage and processing, SSL certificates and other information protection tools are used. When processing data, caching may be performed.

Third persons and your Personal Data

Third persons that we share your personal data with

We may share your Personal Data collected and processed by us but only for the purposes specified in sections “Which Personal Data do we collect and process” and “Cookies” with the companies (third persons) specified in clause 4.1.3 below.

Please note that some of these companies (or some of their offices/group members) may be located outside the European Union (international data transfers) including in the countries which do not ensure an adequate level of protection of your Personal Data. Where this is the case, we meet the strict conditions of Personal Data transfers from the member states of European Union to other countries by using the Standard Contractual Clauses (SCC) adopted by the European Commission to ensure that Personal Data are properly protected or relying on other derogations compliant with GDPR. In case you want to check the relevant SCC, the links to them are provided in clause 4.1.3. If the link is not provided and you want to check the SCC, please, contact us by using one of the contact means specified in section “Contact us”.

The list of third persons with whom we may share your Personal Data:

Name of such third person

Its privacy policy and SCC (if applicable)

Zoho ecosystem

Zoho chat-bot, Zoho CRM and Zoho Analytics

https://www.zoho.com/privacy.html and https://www.zoho.com/salesiq/google-user-data-policy.html

Transfer to the countries specified here based on the Data Processing Addendum

Project management systems

Atlassian (Jira and Trello)

https://www.atlassian.com/legal/privacy-policy

Transfer to the countries specified here based on the Atlassian Data Processing Addendum

Microsoft Teams

https://privacy.microsoft.com/en-gb/privacystatement

Transfer to the countries specified here based on the Microsoft Products and Services Data Protection Addendum

Third-party cookies providers (analytics and advertising services)

Google Analytics

https://policies.google.com/privacy?hl=en

Transfer to the USA and Singapore based on Google Ads Controller-Controller Data Protection Terms and Google Ads Data Processing Terms

Google Ads

https://policies.google.com/privacy?hl=en

Transfer to the USA and Singapore based on Google Ads Controller-Controller Data Protection Terms and Google Ads Data Processing Terms

LinkedIn Ads

https://www.linkedin.com/legal/privacy-policy

Transfer to the USA based on LinkedIn Data Processing Agreement

Facebook Ads

https://www.facebook.com/privacy/policy

Transfer to the countries specified here based on the Data Processing Terms and Facebook European Data Transfer Addendum

Instagram Ads

https://www.facebook.com/privacy/policy

Transfer to the countries specified here based on the Data Processing Terms and Facebook European Data Transfer Addendum

Atlassian (Jira and Trello)

https://www.atlassian.com/legal/privacy-policy

Transfer to the countries specified here based on the Atlassian Data Processing Addendum

Microsoft Teams

https://privacy.microsoft.com/en-gb/privacystatement

Transfer to the countries specified here based on the Microsoft Products and Services Data Protection Addendum

Other

We may also transfer Personal Data to our partner developers, other companies from our group as well as to or affiliated/related companies.

4.1.4. Please note that the list of third-parties is subject to change since it highly depends on which Services we provide. For example, the project management platforms may change from project to project.

Third persons that may instruct us to process your Personal Data

• We may have access to the Personal Data of the end-customers (including potential end-customers) of our clients, clients of our partners, partners and clients of our partners while providing our Services to our clients and partners. We process such Personal Data strictly within the requests of our clients and partners and we will not use Personal Data received by this way for any other purposes except for performing our obligations under the contract with our clients and partners.
• We process such Personal Data exclusively on behalf of and in the interests of our clients and partners, which means that we act as the processor (not controller) in the present case.
• If you have any questions regarding the processing of your Personal Data, where the controllers are our clients, partners and clients of our partners (in particular, questions about obtaining and/or withdrawing consent to the processing of Personal Data, requests to stop processing your Personal Data), you need to contact them directly.

Your rights under the GDPR

You have following rights under the GDPR:

• The right of access to your Personal Data meaning that you can receive a copy of the Personal Data that we hold about you, as well as other supplementary information.
• The right to rectification of your Personal Data which is incomplete or inaccurate.
• The right to erasure of your Personal Data meaning that you can ask us to delete or remove your Personal Data in certain circumstances.
• The right to restrict processing of your Personal Data if (a) the accuracy of the Personal Data is contested by you, (b) the processing is unlawful and you oppose the erasure of the Personal Data, (c) we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, and (d) you have objected to processing pending the verification whether the legitimate grounds override this.
• The right to data portability. Please note that this right only applies to information that we processed based on your consent or contract.
• The right to object to the processing of your Personal Data where we are relying on a legitimate interest and there is something about your particular situation that makes you want to object to the processing on this ground. We will no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
• If your explicit consent serves the basis for Personal Data processing, you have the right to recall your consent to process your Personal Data by at any time. If we have no other grounds for processing your Personal Data, after you send us a request to withdraw consent, we will stop processing your Personal Data that we were processing under your consent.
• Right to lodge a complaint with a supervisory authority if you consider that our processing of your Personal Data infringes the relevant legislation.
• You may exercise these rights by means of an email sent to our email address or written notice sent to the address of our registered office. We will address your request as early as possible and no longer that within one month. Please note that this period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In this case, we will inform you of the extension within one month of receipt of your request and will explain you the reasons for the delay.
• Note that if you ask us to delete your Personal Data, we may retain your Personal Data as necessary to comply with our legal obligations or resolve disputes.

Cookies

• We may collect your Personal Data via cookies when you visit our Website.
• Cookie is a simple text file sent by our Website to your web browser to uniquely identify you and/or function properly and/or to store information or settings in the corresponding browser, effectively, in your computer or mobile device or other internet connectable devices. As you browse through our Website, a record of your activities may be collected and stored by us. We use following types of cookies:
  • Strictly necessary cookies: necessary cookies help make our Website usable by enabling its basic functions. Our Website cannot function properly without these cookies.
  • Analytical cookies: these cookies (such as Google Analytics cookies) allow us to measure traffic, analyze user behavior, to count visits and traffic sources so we can measure and improve the performance of our Website.
  • Advertising cookies: these cookies (such as Google Ads, LinkedIn Ads, Facebook Ads, Instagram Ads cookies) may be used to build a profile of your interests and show you relevant adverts on other websites or apps. If you do not allow these cookies, you will experience less personalised advertising.
• We may create and implement our cookies or cookies from third-party providers (for more information please refer to section “Third persons and your Personal Data”).
• You can generally activate or later deactivate the use of cookies through a functionality built into your browser or you can also contact us with the request to disable particular categories of cookies but it may lead to certain restrictions in terms of using specific features of our Website.
• Cookies, except for strictly necessary cookies (without which our Website cannot function properly and which do not contain Personal Data), are processed based on your explicit consent received via cookies banner.
• We retain your Personal Data collected via cookies as long as you browse our Website and 5 (five) years after. Once this time period has expired, we will delete your data as soon as possible.

Contact us

• Would you have any questions regarding the processing of your Personal Data by us, do not hesitate to contact us under the email address: [email protected] or by means of a written notice sent to the address of our registered office: Republic of Poland, Warsaw, 02-001, Aleje Jerozolimskie street, house 89, apt. 43.
• Be also informed, that since we are registered under the law of the Republic of Poland, the personal data authority overseeing us regarding the Personal Data processing is Personal Data Protection Office. In case you have any doubts how we process your Personal Data, you may contact the personal data authority of the Republic of Poland anytime.