Data Administrator

The Administrator of the data is:

ITSG Sp. z o.o.
Pl. Inwalidów 10
01-522 Warsaw, Poland
Registered KRS number: 0000268782
VAT number: PL5252382251

Personal data

Personal data is any information on an identified or possible to be identified natural person by one or a few special aspects defining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, including the IP No. of the device, data on the location, Internet identifier and information gathered via cookie files and other similar technology.


Policy applies to this privacy policy.


The Regulation of the European Parliament and of the Council (EU) 2016/679 of 07 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. 


On-line website and mobile applications broadcast by the Administrator, which this Policy shall be applied to. 


User is any natural person visiting the Website or using one or more services or functionalities rendered available at the Website.

Data processing in the connection with the use of the website

In connection with the use of the Website by the User, the Administrator shall gather data in the scope necessary for rendering particular services offered at the Website as well as the information on the User’s activity at the Website. Detailed principles and objectives of processing of personal data gathered during the User’s use of the Website are described below.

Objectives and legal grounds for data processing at the website 

Use of the Website 

Personal data of all persons using the Website (including the IP address or other identifiers and information gathered via cookies files or other similar technologies) and not being the registered Users (i.e. persons who do not have an account or a profile at the Website) shall be processed by the Administrator:

– for the purpose of rendering electronic services in the scope of giving access to the content of the Website to the Users – the necessity of processing in order to perform the agreement constitutes the legal grounds for processing (Article 6 section 1 letter b) of RODO),

– for analytical and statistical purposes – the Administrator’s substantiated interest, consisting in the performance of analyses of the Users’ activity and their preferences,for the purpose of correction of functionalities applied and services rendered, shall constitute the legal basis for processing (Article 6 section 1 letter f) of RODO),

– for the purpose of possible determination, seeking or defending claims – the Administrator’s substantiated interest, consisting in defending its rights, shall constitute the legal basis for processing (Article 6 section 1 letter f),

– The Controller may also use cookies for marketing purposes, including sending behavioural advertisements to the Users. To this end, the Controller may store information and access information which is already stored in a telecommunications end device of the User (computer, telephone, tablet, etc.). The Controller may also use re-targeting and re-marketing tags which recognise and give information to different third party cookies. These tags personalize Customer experience and the advertisements displayed to Customer based off Customer activity across any other websites using the same tags. The use of cookies and personal information collected by means of cookies for marketing purposes, especially as far as promotion of third-party services and products is concerned, requires the User’s consent. The consent may be withdrawn at any time. The legal grounds for processing Personal Data shall be the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), in connection with the User’s consent.

The User’s activity at the Website, including their personal data, shall be registered in system logs (a special computer programme used for storing chronological records, containing information on events and actions relating to the IT system used for rendering services by the Administrator). Information gathered in logs shall be processed mainly for purposes connected with rendering services. The Administrator also processes the data for technical, administrative purposes, for purposes of ensuring the security of the IT system and the IT system management, as well as for analytical and statistical purposes – the Administrator’s substantiated interest shall constitute the legal basis for processing in this respect (Article 6, section 1, letter f) of RODO). 

Contact forms 

The Administrator shall ensure the possibility of contacting the Administrator with the use of electronic contact forms. The use of the form shall require providing personal data necessary to contact the User and to provide the response to the inquiry. The User may also provide other data in order to facilitate contact or handle the inquiry. The provision of data marked as obligatory shall be required to accept and handle the inquiry and the failure to provide thereof shall result in the lack of possibility of handling the inquiry. Provision of the remaining data is voluntary. 

Personal data are processed

– in order to identify the sender and handle the inquiry sent via the form – the necessity to process in order to perform the services agreement shall constitute the legal grounds for processing (Article 6, section 1, letter b) of RODO),

– for analytical and statistical purposes – the substantiated interest of the Administrator, consisting in keeping the statistics of inquiries submitted by Users via the Website, in order to improve the functionalities thereof, shall constitute the legal basis for processing (Article 6 section 1 letter f) of RODO).


The Administrator shall process the Users’ personal data for the purpose of implementing marketing actions which may consist in sending e-mail notifications on interesting offers or contents, which in some cases contain commercial information (newsletter service).


The Administrator renders the newsletter service to persons who provided their e-mail address for that purpose. Provision of data shall be required for the purpose of rendering the newsletter service and the failure to provide thereof shall result in the lack of possibility of sending thereof. 

Personal data shall be processed

– for the purpose of rendering the newsletter sending service – the necessity of processing to perform the agreement shall constitute the legal grounds for processing (Article 6, section 1, letter b) of RODO),

– in case of sending marketing contents within the framework of the newsletter to the User – the Administrator’s substantiated interest shall constitute the legal basis for processing, including profiling (Article 6, section 1, letter f) of RODO), in connection with the consent expressed for receiving the newsletter,

– for analytical and statistical purposes – the Administrator’s substantiated interest, consisting in performance of analyses of the Users’ activity at the Website, for the purpose of improvement of functionalities applied, shall constitute the legal basis for processing (Article 6 section 1 letter f) of RODO),

– for the purpose of possible determination, seeking or defending claims – the Administrator’s substantiated interest shall constitute the legal basis for processing (Article 6 section 1 letter f).

Social media

The Administrator shall process personal data of Users visiting the Administrator’s profiles run in social media (Facebook, LinkedIn, Twitter). The data shall be processed only in connection with keeping the profile, including for the purpose of informing the Users about the Administrator’s activity and promoting events, services and products of various kinds. The Administrator’s substantiated interest consisting in the promotion of its own brand shall constitute the legal basis for personal data processing by the Administrator (Article 6, section 1, letter f) of RODO). 

Cookie files and similar technology

Cookie files are small text files, installed at the device of the User viewing the Website. Cookies usually contain the name of the website domain which they come from, the time of storage thereof at the user’s device and the unique number. In this Policy information pertaining to cookies applies also to similar technologies used within the framework of the Website.

Service cookies

The Administrator shall use the so-called service cookies mainly for the purpose of providing the User with services rendered in an electronic manner and for the purpose of the services’ quality improvement. Therefore, the Administrator and other entities rendering analytical and statistical services thereto use cookie files, storing the information or obtaining the access to information already stored in the User’s telecommunications device (computer, telephone, tablet etc.). Cookies used for that purpose comprise:

– cookies with the data introduced by the User (session identifier) for the session duration (user input cookies),

– authentication cookies used for services which require authentication for the duration of the session,

– cookies used for assuring security e.g. used for detecting abuse as regards authentication (user centric security cookies),

– multimedia player session cookies (e.g. flash player cookies) for the duration of the session; user interface customization cookies, for the duration of the session or slightly longer, 

– cookies used for monitoring of traffic at the website i.e. data analytics, including:– Google Analytics cookies (i.e. cookies used by the Google company – i.e. the entity which the Administrator entrusted with personal data processing – for the purpose of performing the analysis of the manner of using the Website by the User, including preparation of statistics and reports concerning the Website functioning). 


We work with SharpSpring Inc., DBA SharpSpring Technologies Inc. which is the provider of SharpSpring- a “marketing automation” system that automates the analysis of customer traffic on the site, the delivery of marketing content, the personalization of the offers presented, or the handling of e-mail marketing (by sending newsletters).

To do so, SharpSpring installs (or may install) the following cookies:

Type of cookieCookie nameDescription
Targeting cookies or advertising cookieskoitk
Tracking cookies and session ID tokens. These cookies are used to track visitors and the forms they submit.

You can learn more on the SharpSpring website: and

SharpSpring Inc., DBA SharpSpring Technologies Inc.

Personal Data Processing Period

The period of data processing by the Administrator depends on the kind of the service rendered and the objective of processing. In principle, data are processed within the time of the service provision or order implementation by the time of withdrawal of the consent expressed or raising an effective objection against data processing in cases when the Administrator’s substantiated interest constitutes the legal basis for data processing. 

Data processing period may be extended in case if processing is necessary to determine, seek or defend against possible claims and after that period only in case and in the scope in which this is required under legal regulations. Upon the lapse of the processing period, data are irrevocably removed or anonymized. 

User rights

The User shall have the right of access to data contents and to request the correction, removal, limitation of processing thereof, the right of transfer the data and the right of raising an objection against data processing as well as the right of filing a complaint to the supervision authority competent for personal data protection.To the extent to which the User’s data are processed under the consent, the consent may be withdrawn at any moment, by means of contacting the Administrator.

Right to erasure

At any moment the User shall have the right to raise an objection against processing of their data for direct marketing purposes, including profiling, if the processing takes place in connection with the Administrator’s substantiated interest. 

The User shall also have the right, at any moment, to raise an objection against the processing of their data for reasons related to their special situation in cases when the Administrator’s substantiated interest constitutes the legal basis for processing (e.g. in connection with implementation of analytical and statistical objectives, including profiling). 

Data Recipients

In connection with performance of services, personal data shall be disclosed to external entities, including in particular to suppliers responsible for handling IT systems used for rendering services and to entities related to the Administrator, including the companies from its group.

In case of obtaining the User’s consent, their data may be rendered available also to other entities for their own purposes, including marketing purposes.

The Administrator reserves the right to disclose the information concerning the User to competent authorities or third parties which raise a request for providing such information, based on relevant legal grounds and in accordance with applicable legal regulations.

Transfer of data outside the European Economic Area

The level of personal data protection outside the European Economic Area (EEA) differs from the one ensured by the European law. For the aforementioned reason, the Administrator shall transfer personal data outside the EEA only when this is necessary and assuring a relevant level of protection, in particular by means of:

– cooperation with personal data processing entities in countries with respect to which a relevant decision of the European Commission was issued; 

– the application of standard contractual clauses issued by the European Commission;

– the application of binding corporate rules approved by a competent supervision body;

– in case of the transfer of data to the USA – cooperation with participants of the Privacy Shield programme approved under the decision of the European Commission.The Administrator always informs about the intention of transferring personal data outside the EEA at the stage of collection thereof.

Personal Data Security

The Administrator carries out, on regular basis, the risk analysis for the purpose of ensuring that the personal data are processed by the Administrator in a secure manner which assures, above all, that only authorized persons have access to the data and only in the scope in which it is necessary due to the tasks performed by them. 

The Administrator cares for all the operations with the use of personal data to be registered and made only by authorized employees and colleagues.The Administrator takes up any necessary measures for its subcontractors and other cooperating entities to provide the guarantee of application of relevant security measures in each case of processing personal data at the Administrator’s order.

Contact details

The Administrator can be contacted about any matter concerning personal data protection by:

Phone: +48 22 322 84 51
ITSG Sp. z o.o.
Pl. Inwalidów 10
01-522 Warsaw, Poland

Updates of the Privacy Policy

The Policy is verified on regular basis and updated if necessary. The current version of the Policy was adopted on and it applies from 15 July of 2021.

Join our newsletter

Subscribe to the newsletter to stay updated with the latest industry news
and our activities such as blogs and events!