Document with gold ribbon bookmark for saved content

Privacy Policy

Learn how your personal data is collected, used, and protected in accordance with the GDPR and applicable data protection regulations.

Data Controller

The controller of your personal data is Piotr Siemieniak UP Secure with registered office in 80-395 Gdańsk, ul. Olsztyńska 3A/31 with EU taxpayer identification number (VAT ID / NIP) PL-582-159-65-68.

Your personal data may be processed for the following purposes, each under its respective legal basis:

Business Relations

Legal basis: Article 6(1)(b) of the General Data Protection Regulation (performance of a contract or pre-contractual measures).

Your data is processed for the purposes of business relationships, which include:

  • Responding to inquiries
  • Presenting our services and offerings (including voice calls, video calls, email communication)
  • Preparing contracts for delivery of our services

Training and Education

Legal basis: Article 6(1)(b) of the General Data Protection Regulation (performance of a contract or pre-contractual measures).

Your data is processed for the purposes of training and education events organized either directly by the controller or organized directly by the customer. Processing involves:

  • Sending calendar invitations to an event
  • Sending email or SMS reminders to an event
  • Issuing and sending certificates

Marketing

Legal basis: Article 6(1)(a) of the General Data Protection Regulation (consent).

Your data is processed for marketing activities, which include email marketing, SMS marketing, direct calling, and social media messaging. We send messages on a regular basis related to offered products and services, including but not limited to:

  • Articles related to privacy, data protection and security
  • Information about offered services and software solutions created or sold by the controller
  • Information regarding offered on-site and online training sessions
  • Information regarding social communities managed by the controller

Recruitment

Legal basis: Article 6(1)(a) of the General Data Protection Regulation (consent).

Your data is processed for the purposes of current or future recruitment processes depending on the choices made in the application form.

Data Retention

Business Relations and Training:

  • 30 days after a resignation before an event
  • 5 years (counting from the end of the current calendar year) after an event has been conducted
  • 1 year (counting from the end of the current calendar year) for the issued certificate document
  • Indefinitely for certificate ID and completion date without any personal data to enable certification validation for the future

Marketing and Recruitment:

Your personal data will be processed until you withdraw your consent. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Data Recipients

Your data may be processed by the following categories of recipients, including but not limited to:

  • Software development and software maintenance providers
  • Email hosting providers
  • External sales and marketing service providers

Your data will not be shared with external entities who would be qualified as separate data controllers to your data without your direct consent unless it is required by law.

The data controller will not sell your personal data.

International Data Transfers

We may transfer your personal data to third countries only under a valid legal basis that includes but is not limited to use of standard data protection clauses, approved codes of conduct, approved certification mechanism or basing on an adequacy decision.

Your Rights

In relation to the processing of your personal data, you have the right to:

  • Access your personal data and obtain a copy of the data being processed (Article 15 GDPR)
  • Rectify inaccurate or incomplete personal data (Article 16 GDPR)
  • Erase your personal data (“right to be forgotten”) where there is no legitimate basis for continued processing (Article 17 GDPR)
  • Restrict the processing of your personal data in certain circumstances (Article 18 GDPR)
  • Data portability — receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller (Article 20 GDPR)
  • Object to the processing of your personal data on grounds relating to your particular situation (Article 21 GDPR)
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before the withdrawal (Article 7(3) GDPR)
  • Lodge a complaint with a supervisory authority if you believe your personal data is being processed in violation of applicable data protection regulations

Consequences of Not Providing Personal Data

Providing your personal data is voluntary. However, failure to provide the data necessary for the performance of a contract or pre-contractual measures (business relations, training) may prevent us from delivering the requested services, issuing certificates, or responding to your inquiry. Failure to provide consent for marketing communications or recruitment processing will not have any legal implications — you will simply not receive marketing messages or be considered in recruitment processes, respectively.

Sections