Privacy policy
23.06.2025
DATA PROTECTION OFFICER
Krzysztof Gołaszewski
[email protected]
INFORMATION CLAUSES
Job applicants
Contractors
Employees
1. Introduction
- The data controller within the meaning of the General Data Protection Regulation (GDPR) is DANXILS sp. z o.o. (Swobodnia 35, 05-180 Swobodnia; VAT ID 5311719061) (the Controller). Contact with the Controller is possible:
1) by postal correspondence (to the address indicated in section 1 above),
2) by email (at [email protected])
3) by phone (at +48 885 581 989) - The Controller has appointed a Data Protection Officer (DPO). Contact with the DPO is possible:
1) by postal correspondence (to the address indicated in section 1 above, with the note “DPO”),
2) by email (at [email protected]). - This document (Privacy Policy) applies to the service available at https://danxils.com/ (the Service) as well as social media accounts managed by the Controller.
- The Privacy Policy does not apply to other websites linked to from the Service or from social media accounts managed by the Controller. Visitors to other websites should review the privacy policies of those websites.
- The current version of the Privacy Policy is effective from June 23, 2025.
2. General Information on the Use of Personal Data
- The information provided in this section applies to all processing operations indicated in the further part of the Privacy Policy.
- Data processing is carried out in accordance with applicable law, in particular the GDPR.
- Recipients of the data may be entities cooperating with the Controller in carrying out the purposes specified in the Privacy Policy, as well as entities authorized to receive data based on legal provisions.
- Subjects whose personal data are processed within the operations specified in the Privacy Policy have the right to request from the Controller access to their data, rectification, deletion, restriction of processing, or data portability — under the conditions set out in the GDPR. The exercise of these rights can be done, in particular, by contacting the Controller or the DPO (using the contact methods indicated in section 1 above).
- In cases where the legal basis for data processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), the subjects have the right to object to the processing of their data (under conditions analogous to those in point 4 above).
- Subjects also have the right to lodge a complaint with the supervisory authority (President of the Office for Personal Data Protection; https://www.uodo.gov.pl/en).
- Unless otherwise indicated, providing data is voluntary but necessary for the provision of a specific service by the Controller. Refusal to provide data may result in the inability to provide that service.
- Subjects will not be subject to automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR.
3. Detailed Information on the Processing of Personal Data
3.1 Contact Form
- The Controller processes personal data for the purpose of handling inquiries submitted through the contact form available at https://danxils.com/contact/
- The personal data processed may include first name, last name, email address, telephone number, company name, as well as any other information provided by the contact form.
- The purpose of processing the personal data is to address the matter submitted through the contact form, which may, in particular, involve the preparation of an offer (pursuant to Article 6(1)(f) of the GDPR — legitimate interest).
- The data will be processed for the period necessary to resolve the matter, unless an effective objection is filed earlier.
3.2 Contact by Email or Telephone
- The Controller, processes personal data submitted through email messages sent to email addresses within the danxils.com domain or by telephone numbers managed by the Controller.
- The scope of the data may include in particular, first name, last name, contact details (email or telephone), as well as other information provided by email or telephone.
- The purpose of processing personal data is to resolve matters submitted by email or telephone (pursuant to Article 6(1)(f) of the GDPR — legitimate interest).
- The data will be processed for the period necessary to resolve the matter, unless a valid objection is submitted prior to that.
3.3 User Account
- The Controller processes personal data for the purpose of creating and using an account on the website https://service.danxils.com/Login/home/services.
- The scope of the data includes the account ID and account password.
- The purposes of processing personal data are:
a. to enable the creation of a user account (pursuant to Article 6(1)(b) of the GDPR — performance of a contract and steps prior to its conclusion),
b. to provide services through the user account (pursuant to Article 6(1)(b) of the GDPR — performance of a contract),
c. to analyze users’ usage of the service (pursuant to Article 6(1)(f) of the GDPR — legitimate interest). - The data will be processed for the duration of the account’s existence.
3.4.1 LinkedIn
- The Controller processes data for the purpose of managing the social media account on LinkedIn, accessible at https://www.linkedin.com/company/danxils-sp-z-o-o/ .
- Within the scope specified in the document https://legal.linkedin.com/pages-joint-controller-addendum, the Controller and LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland) act as joint controllers within the meaning of Article 26 of the GDPR. Information regarding data processing within LinkedIn is available at https://pl.linkedin.com/legal/privacy/eu.
- The scope of the data includes first name, last name, and other information disclosed by the LinkedIn user (in accordance with their privacy settings).
- The purpose of processing personal data is to promote the Controller’s brand, respond to inquiries, and engage in other interactions within the LinkedIn social media service (pursuant to Article 6(1)(f) of the GDPR — legitimate interest).
- The data will be processed for the duration of the Controller’s presence on LinkedIn or until the user deletes their own LinkedIn account, unless a valid objection is submitted earlier.
4. Cookies Policy and Other Technologies
- The Controller uses cookies on the Service.
- The use of cookies does not result in:
1) the collection of information enabling the identification of the person visiting the Service,
2) any changes to the configuration of the device used to browse the Service. - Detailed information about the types of cookies, their purpose, retention periods, and so forth, is available in the “Cookie Settings” option located in the legal footer of the Service.
- Visitors to the Service may make choices regarding the use of cookies, particularly through the “Cookie Settings” option on the Service or by configuring their web browser accordingly. Below are instructions for managing cookie settings in the most popular web browsers:
INFORMATION CLAUSE FOR JOB APPLICANTS
The controller of your personal data within the meaning of the General Data Protection Regulation (GDPR) is DANXILS sp. z o.o. (Swobodnia 35, 05-180 Swobodnia; NIP 5311719061) (Controller).
You may contact the Controller by email at: [email protected] or by phone at: +48 885 581 989.
The Controller has appointed a Data Protection Officer (DPO), who can be contacted at: [email protected].
Your personal data will be processed for the purposes and for the periods indicated below:
| Data Subject | Purpose and Legal Basis | Retention Period |
| Applicants for positions based on employment contracts | 1. Activities aimed at concluding an employment contract (Art. 6(1)(b) GDPR). 2. Fulfillment of legal obligations, in particular those under the Labour Code and Accounting Act (Art. 6(1)(c) GDPR). 3. Defence against potential claims related to the recruitment process (Art. 6(1)(f) GDPR). | Duration of the recruitment process. Retention period required by law (especially the Labour Code). Until the expiry of limitation periods for potential claims, as defined by the Civil Code. |
| Applicants for positions based on civil law contracts | 1. Activities aimed at concluding a civil law contract (Art. 6(1)(b) GDPR). 2. Fulfillment of legal obligations, in particular those under the Civil Code (Art. 6(1)(c) GDPR). 3. Defence against potential claims related to the recruitment process (Art. 6(1)(f) GDPR). | Duration of the recruitment process. Retention period required by law (especially the Civil Code). Until the expiry of limitation periods for potential claims, as defined by the Civil Code. |
The processing includes the following categories of personal data: First name(s), surname, contact details (e.g., email, phone number) and, where necessary for the position, education, professional qualifications, and employment history.
Additionally, the Controller processes information voluntarily provided by you that goes beyond the above scope, such as photos, interests, etc., based on your consent (Art. 6(1)(a) GDPR). This data will be processed until you withdraw your consent.
Recipients of your data may include entities cooperating with the Controller in the recruitment process, in particular IT solution providers.
Your data may be transferred outside the European Economic Area. In such cases, the Controller will implement appropriate safeguards in accordance with the GDPR to ensure adequate data protection, especially by applying standard contractual clauses.
You have the right to request from the Controller access to your data, rectification, erasure, restriction of processing, and data portability – in accordance with the GDPR.
Where the legal basis for data processing is:
- Your consent (Art. 6(1)(a) GDPR) – you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
- The legitimate interests of the Controller (Art. 6(1)(f) GDPR) – you have the right to object to such processing.
You may exercise your rights in particular by contacting the Controller or the DPO.
You also have the right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office, www.uodo.gov.pl).
Providing data (to the extent required by law) is voluntary but necessary to participate in the recruitment process. Failure to provide the data may prevent participation in recruitment.
Your data will not be subject to automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR.
21.05.2025
INFORMATION CLAUSE FOR SOLE TRADERS / REPRESENTATIVES OF CONTRACTORS / CONTACT PERSONS INDICATED IN THE CONTRACT
The Controller of your personal data within the meaning of the General Data Protection Regulation (GDPR) is DANXILS sp. z o.o. (Swobodnia 35, 05-180 Swobodnia; Tax ID No. 5311719061) (the Controller). You may contact the Controller by e-mail at [email protected] or by telephone at +48 885 581 989.
The Controller has appointed a Data Protection Officer (DPO), who can be contacted at [email protected].
Your personal data will be processed for the following purposes and for the indicated periods:
| Data Subject | Purpose and Legal Basis | Retention Period |
| Sole traders | 1. Performance of the contract (Art. 6(1)(b) GDPR). 2. Compliance with legal obligations, especially accounting and tax settlements (Art. 6(1)(c) GDPR). 3. Defense against possible claims related to contract performance (Art. 6(1)(f) GDPR). 4. Direct marketing of the Controller’s products and services (Art. 6(1)(f) GDPR). 5. Marketing of products and services of entities within the Inter Cars Capital Group (Art. 6(1)(a) GDPR). | Period required by law (in particular accounting laws). Limitation periods for potential claims (according to civil law). Until possible withdrawal of consent for marketing communications. |
| Representatives of contractors, including top management members or proxies | 1. Verification of the person concluding the contract on behalf of the contractor (Art. 6(1)(f) GDPR). 2. Defense against possible claims related to contract performance (Art. 6(1)(f) GDPR). | Limitation periods for potential claims (according to civil law). |
| Contact persons indicated in the contract | 1. Performance of activities specified in the contract (Art. 6(1)(f) GDPR). 2. Defense against possible claims related to contract performance (Art. 6(1)(f) GDPR). | Limitation periods for potential claims (according to civil law). |
The processing covers the following categories of personal data:
- for sole traders: first name, last name, contact details (email, phone), tax identification number (NIP) / business registry number (REGON), business address or correspondence address, and other data provided during cooperation,
- for representatives of contractors or contact persons indicated in the contract: first name, last name, position, contact details (email, phone), and other data provided during cooperation.
Data recipients may include entities cooperating with the Controller in contract execution, in particular IT solution providers, couriers, and postal service providers. In case of consent to marketing of products and services within the Inter Cars Capital Group, recipients will also include these entities.
You have the right to request from the Controller access to your data, rectification, deletion, restriction of processing, or data portability, in accordance with the GDPR.
Where the legal basis for processing is:
- Consent (Art. 6(1)(a) GDPR) – you have the right to withdraw it at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal;
- Legitimate interest of the Controller (Art. 6(1)(f) GDPR) – you have the right to object to the processing of your data.
These rights can be exercised primarily by contacting the Controller or the DPO.
You also have the right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office; www.uodo.gov.pl).
Providing your data is voluntary but necessary for the conclusion and performance of the contract. Refusal to provide data may prevent the conclusion or execution of the contract.
Your data is obtained directly from you, and additionally:
- Publicly available registers (National Court Register KRS, Central Registration and Information on Business CEIDG, etc.) (sole traders),
- Publicly available registers or entities cooperating with the Controller (representatives of contractors),
- Entities cooperating with the Controller (contact persons indicated in the contract).
Your data will not be subject to automated decision-making, including profiling, as referred to in Article 22(1) and (4) GDPR.
21.05.2025
INFORMATION CLAUSE FOR EMPLOYEES
The controller of your personal data, within the meaning of the General Data Protection Regulation (GDPR), is DANXILS sp. z o.o. (Swobodnia 35, 05-180 Swobodnia; NIP 5311719061) (the Controller). You can contact the Controller by email at: [email protected] or by phone: +48 885 581 989.
The Controller has appointed a Data Protection Officer (DPO), who can be contacted by email at: [email protected].
Your personal data will be processed for the following purposes and periods:
| Purpose and Legal Basis | Legal Basis | Storage Period |
| Employment administration (maintaining personnel files, payroll, travel reimbursements, training, qualification improvement, etc.). | Performance of the contract forming the basis of employment (Article 6(1)(b) of the GDPR). Compliance with legal obligations, in particular those arising from the Labour Code (Article 6(1)(c) of the GDPR). Enhancement of employee qualifications as the Controller’s legitimate interest (Article 6(1)(f) of the GDPR). Fulfilment of rights or obligations related to employment (Article 9(2)(b) of the GDPR). | Duration of employment. As required by law (in particular the Labor Code). |
| Ensuring compliance of the Controller’s activities with occupational health and safety (H&S) regulations. | Compliance with legal obligations, in particular those arising from the Labour Code (Article 6(1)(c) of the GDPR). Fulfilment of rights or obligations related to employment (Article 9(2)(b) of the GDPR). | As required by law (in particular the Labor Code). |
The Controller may also process data for the purpose of establishing, exercising, or defending against legal claims related to the above purposes, based on legitimate interests (Art. 6(1)(f) GDPR), for the period during which such claims may be pursued or defended (according to the Civil Code).
Additionally, the Controller may process information voluntarily provided by you beyond the scope indicated above, such as a photo, interests, etc., based on your consent (Art. 6(1)(a) GDPR). This data will be processed until such consent is withdrawn.
Recipients of the data may include entities cooperating with the Controller in fulfilling the aforementioned purposes, in particular IT solution providers, financial institutions, postal service providers, etc.
Your data may be transferred outside the European Economic Area. In such cases, the Controller will take appropriate measures, as specified in the GDPR, to ensure adequate data security, particularly through standard contractual.
You have the right to request from the Controller access to your data, rectification, erasure, restriction of processing, or data portability – in accordance with the GDPR.
If the legal basis for processing is:
- your consent (Art. 6(1)(a) GDPR, Art. 9(2)(a) GDPR) – you have the right to withdraw your consent at any time (withdrawal does not affect the lawfulness of processing prior to the withdrawal),
- the Controller’s legitimate interest (Art. 6(1)(f) GDPR) – you have the right to object to the processing.
You may exercise these rights by contacting the Controller or the DPO.
You also have the right to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office; https://www.uodo.gov.pl/en).
Providing personal data (within the scope specified by law) is voluntary but necessary for fulfilling the Controller’s purposes under those regulations. Failure to provide data may prevent the realization of such purposes.
Your data will not be used for automated decision-making, including profiling, as referred to in Article 22(1) and (4) GDPR.
21.05.2025