Skip links

Address

Rondo ONZ 1, 00-124 Warszawa

Email

biuro@the-unit.pl

Phone

+48 570 849 303

Privacy Policy

TABLE OF CONTENTS


1. Introduction
2. Data Controller
3. Scope of Collected Data
4. Purposes and Legal Bases for Data Processing
5. Data Recipients
6. Data Retention Period
7. Rights of Data Subjects
8. Transfer of Data to Third Countries
9. Cookies and Similar Technologies
10.Data Security
11.Changes to the Privacy Policy
12.Contact

Introduction

This Privacy Policy defines the principles of processing and protection of personal data of Users using the services oƯered by INCITE HUB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ operating under the business name The Unit (hereinafter "The Unit" or "Controller"). The Privacy Policy complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR") and Polish personal data protection regulations.

Data Controller

The controller of personal data is:
INCITE HUB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
NIP (Tax ID): 5253020314
KRS (National Court Register Number): 0001132368
Registered oƯice: UL. CHMIELNA 2 / 31, 00-020 WARSAW, POLAND operating under the business name The Unit

Scope of Collected Data

The Controller may collect the following categories of personal data:

1. Identification data: first and last name, company name, Tax ID Number (NIP), Business Registry Number (REGON).
2. Contact data: email address, telephone number, correspondence address.
3. Payment data: transaction information, data necessary for payment processing.
4. Technical data: IP address, device and browser data, cookies, website activity data.
5. Communication data: content of correspondence conducted with the Controller.
6. Other data: voluntarily provided by the user in contact forms or while using the services.

Purposes and Legal Bases for Data Processing

Personal data is processed for the following purposes and on the following legal bases:

1. Performance of a contract (Art. 6(1)(b) GDPR) - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
o Provision of services oƯered by The Unit
o User account management
o Processing orders and payments

2. Legitimate interest of the Controller (Art. 6(1)(f) GDPR):
o Direct marketing of own products and services
o Analytics and statistics on service usage
o Ensuring service security
o Establishing, exercising, or defending legal claims
o Conducting analytical and statistical activities

3. Consent of the data subject (Art. 6(1)(a) GDPR):
o Sending commercial information electronically
o Using cookies and similar technologies
o Profiling for marketing purposes

4. Legal obligation (Art. 6(1)(c) GDPR):
o Fulfillment of tax and accounting obligations
o Fulfillment of obligations related to consumer protection
o Responding to oƯicial inquiries from authorized public authorities

Data Recipients

The following categories of recipients may have access to personal data:

1. Authorized employees and associates of the Controller to the extent necessary to perform their oƯicial duties.

2. Entities processing data on behalf of the Controller (processors), including:
o IT and hosting service providers
o CRM software and accounting system providers
o Payment service providers
o Marketing service providers
o Courier and postal companies
o Legal, tax, and accounting advisors

3. Entities authorized under the law, including state authorities and third parties, if necessary to achieve the legitimate purposes of the Controller.

The Controller requires data processing entities to provide appropriate guarantees for implementing technical and organizational measures that ensure an adequate level of data security.

Data Retention Period

Personal data will be stored for the following periods:

1. Data related to contract performance - for the duration of the contract and for the period necessary to establish, exercise, or defend legal claims, i.e., until the limitation period for claims arising from the contract (usually 3-6 years).

2. Data processed on the basis of legitimate interest - until an eƯective objection is submitted or until that interest ceases to exist.

3. Data processed on the basis of consent - until the consent is withdrawn.

4. Data processed for the purpose of fulfilling legal obligations - for the period required by law (e.g., accounting documents - 5 years from the end of the calendar year).

5. Data from cookies and similar technologies - according to the user's browser settings or until these files are deleted. After the retention periods expire, the data will be deleted or anonymized.

Rights of Data Subjects

Individuals whose data is concerned have the following rights under the GDPR: 1. Right of access (Art. 15 GDPR) - the right to obtain information about the processing of personal data and a copy of this data.

2. Right to rectification (Art. 16 GDPR) - the right to request immediate rectification of inaccurate personal data or completion of incomplete data.

3. Right to erasure ("right to be forgotten", Art. 17 GDPR) - the right to request the erasure of personal data in certain cases, e.g., when the data is no longer necessary for the purposes for which it was collected.

4. Right to restriction of processing (Art. 18 GDPR) - the right to request restriction of processing in certain cases, e.g., when the person contests the accuracy of the data.

5. Right to data portability (Art. 20 GDPR) - the right to receive personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller.

6. Right to object (Art. 21 GDPR) - the right to object to the processing of personal data in the case of processing based on the legitimate interest of the Controller, including profiling.

7. Right to withdraw consent (Art. 7(3) GDPR) - in the case of processing data on the basis of consent, the right to withdraw consent at any time, without aƯecting the lawfulness of processing based on consent before its withdrawal.

8. Right not to be subject to decisions based solely on automated processing (Art. 22 GDPR) - the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal eƯects concerning the data subject or similarly significantly aƯects them. 9. Right to lodge a complaint with the President of the OƯice for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw, Poland) if it is considered that the processing of personal data violates the provisions of the GDPR.

To exercise the above rights, please contact the Controller using the contact details provided in the "Contact" section.

Transfer of Data to Third Countries

The Controller may transfer personal data to third countries (outside the European Economic Area) in connection with the use of services of processing entities that have headquarters or infrastructure in such countries.

Data transfer will take place with an adequate level of protection ensured, in particular through:

1. European Commission decisions confirming an adequate level of protection in a given third country.
2. Standard contractual clauses approved by the European Commission.
3. Binding corporate rules.
4. Other appropriate legal safeguards.

In the absence of a decision confirming an adequate level of protection or appropriate safeguards, data may be transferred only if explicit consent has been given for the proposed transfer or if the transfer is necessary for the performance of a contract or pre-contractual measures taken at the request of the data subject.

Cookies and Similar Technologies

The Controller's website uses cookies and similar technologies that serve to collect and process personal and operational data to analyze traƯic on websites and the Internet.

1. Types of cookies used:
o Necessary cookies - enabling the use of services available on the website
o Functional cookies - enabling remembering settings selected by the user
o Analytical cookies - used for statistical and analytical purposes
o Marketing cookies - used to deliver advertising content

2. Managing cookies: The user can change the settings of their web browser regarding cookies at any time, including completely blocking the ability to collect cookies. Information on how to do this can be found in the help menu of the web browser.

3. Consequences of disabling cookies: Limiting or blocking cookies may aƯect some functionalities available on the Controller's website.

Data Security

The Controller implements appropriate technical and organizational measures to ensure the security of personal data, including:

1. Data encryption in transmission (SSL protocol).
2. Regular updating of systems and software.
3. Limiting access to personal data only to authorized persons.
4. Applying physical and logical safeguards.
5. Regular testing, measuring, and evaluating the eƯectiveness of technical and organizational measures.
6. Training staƯ in personal data protection.

Changes to the Privacy Policy

The Controller reserves the right to make changes to this Privacy Policy. Changes will be published on the Controller's website. In the case of significant changes, the Controller may additionally inform users via email or through notifications on the website.

Last update: March 2, 2025

Contact

For matters related to personal data protection, you can contact the Controller:
INCITE HUB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
UL. CHMIELNA 2 / 31
00-020 WARSAW, POLAND
email: biuro@the-unit.pl phone: +48 570 849 303

Information Clause

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we hereby inform you that:

1. The administrator of your personal data is INCITE HUB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, NIP: 5253020314, KRS: 0001132368, with its registered oƯice in Warsaw at UL. CHMIELNA 2 / 31, 00-020 WARSAW, conducting business under the name The Unit, hereinafter referred to as the Administrator;

2. To ensure the proper protection of personal data, the Administrator has appointed a Data Protection OƯicer, who can be contacted by mail at the Administrator’s address or via email at biuro@the-unit.pl;

3. Your personal data, including: i. Identification data – e.g., name and surname; ii. Contact data – e.g., phone number and email; iii. Other data provided for the purpose of the Administrator’s service provision or contract execution;

b. Are or will be processed for the purpose of: i. Providing services by the Administrator, including but not limited to brokerage, professional training, and access to information tools; ii. Providing services electronically, e.g., via email or phone;

c. The legal basis for processing is, among others, the Act of 18 July 2002 on the provision of electronic services, as well as Article 6(1)(b) GDPR, Article 6(1)(c) GDPR, and Article 6(1)(d) GDPR;

d. Marketing and commercial activities; i. Handling submitted inquiries; ii. The legal basis for processing is your consent under Article 6(1)(a) GDPR;

4. If, during service provision, you voluntarily provide sensitive data as defined in Article 9(1) GDPR, the basis for processing will be your explicit consent under Article 6(1)(a) GDPR;

5. The Administrator records telephone conversations to enhance security and improve service quality. Both incoming and outgoing calls are subject to monitoring. The legal basis for processing personal data in this regard is the consent of the individual through the continuation of the phone call with the Administrator (Article 6(1)(a) GDPR) and the legitimate interests pursued by the Administrator (Article 6(1)(f) GDPR);

6. Your personal data may be shared with authorized institutions as required by law and with processors providing services to the Administrator, such as consulting, training, and IT services, with data sharing always limited to the necessary scope;

7. Personal data may be transferred to a third country based on agreements concluded with external companies, ensuring compliance with GDPR principles and legal regulations;

8. Your personal data will be stored for the following periods: i. If cooperation is established, for six years from the end of the calendar year in which the service provision was completed; ii. Until consent is withdrawn, where required, without aƯecting the lawfulness of processing based on consent before its withdrawal; iii. Call recordings – 90 days;

9. You have the right to access, rectify, delete, or restrict the processing of your personal data, as well as the right to data portability and the right to object to data processing, including for direct marketing purposes;

10.You have the right to withdraw your consent at any time, which does not aƯect the lawfulness of processing based on consent before its withdrawal;

11.You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates legal provisions;

12.Providing personal data is voluntary but necessary for the provision of services by the Administrator, including consulting, training, access to information tools, newsletters, commercial and marketing communications, or responding to submitted inquiries;

13.Data provided for expert selection may be processed automatically but will not be subject to profiling.

NEWSLETTER POLICY

I. DEFINITIONS


1. Controller - INCITE HUB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, NIP (Tax ID) 5253020314, KRS (National Court Register Number) 0001132368 with its registered oƯice in Warsaw at UL. CHMIELNA 2 / 31, 00-020 WARSAW, POLAND, operating under the business name The Unit.

2. Newsletter - a free service provided electronically by the Controller, consisting of sending commercial, marketing, and other content related to the Controller's activities to the email address provided by the User.

3. User - a natural person, legal entity, or organizational unit without legal personality that uses the Newsletter service.

4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

II. GENERAL PROVISIONS


1. This Policy defines the rules for using the Newsletter service, including the conditions for providing and using the service, as well as the rights and obligations of the Controller and Users.

2. The Newsletter service is provided by the Controller based on:
• Article 10(2) of the Act of 18 July 2002 on Providing Electronic Services (Journal of Laws 2020, item 344, as amended),
• Article 172(1) of the Act of 16 July 2004 - Telecommunications Law (Journal of Laws 2021, item 576, as amended).

3. Before subscribing to the Newsletter, the User should read this Policy.

III. RULES FOR USING THE NEWSLETTER SERVICE


1. Using the Newsletter service is voluntary and free of charge.

2. To use the Newsletter service, the following is required:
• having an active email address,
• access to an end device with Internet access,
• acceptance of this Policy,
• consent to receive commercial information electronically.

3. Subscribing to the Newsletter is possible through:
• filling out the subscription form on the Controller's website,
• checking the appropriate checkbox during account registration on the website,
• checking the appropriate checkbox when placing an order.

4. To subscribe to the Newsletter, the User provides their email address in the form and consents to receive commercial information electronically by checking the appropriate checkbox.

5. After submitting the subscription form, a verification message with an activation link will be sent to the provided email address. Clicking the activation link is necessary to activate the Newsletter subscription.

6. The User can unsubscribe from the Newsletter at any time by:
• clicking the deactivation link included in each email containing the Newsletter,
• sending an unsubscribe request to the Controller's email address.

IV. SCOPE OF NEWSLETTER CONTENT


1. As part of the Newsletter service, the Controller sends:
• information about products and services oƯered by the Controller,
• information about promotions, discounts, and special oƯers,
• invitations to events organized by the Controller,
• marketing content, including promotional and advertising materials,
• industry and educational information related to the Controller's activities.

2. The frequency of sending the Newsletter depends on the Controller's decision. The Controller reserves the right to change the frequency of sending the Newsletter and its content.

V. PERSONAL DATA


1. The controller of personal data of Users subscribed to the Newsletter is INCITE HUB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, NIP 5253020314, KRS 0001132368 with its registered oƯice in Warsaw at UL. CHMIELNA 2 / 31, 00-020 WARSAW, POLAND.

2. To subscribe to the Newsletter, the Controller collects the following personal data:
• Name and Surname
• Phone number
• Email address.

3. Providing personal data is voluntary, but necessary for the provision of the Newsletter service.

4. Users' personal data is processed on the basis of:
• Article 6(1)(a) GDPR - consent of the data subject to the processing of personal data for the purpose of sending the Newsletter,
• Article 6(1)(f) GDPR - legitimate interest of the Controller in the form of direct marketing of its own products and services.

5. Users' personal data will be processed until:
• withdrawal of consent to receive the Newsletter,
• submitting an eƯective objection to the processing of data for marketing purposes.

6. Users have rights under the GDPR, in particular:
• right of access to personal data,
• right to rectification of personal data,
• right to erasure of personal data,
• right to restriction of processing of personal data,
• right to data portability,
• right to object to the processing of personal data,
• right to withdraw consent to the processing of personal data at any time, without aƯecting the lawfulness of processing based on consent before its withdrawal,
• right to lodge a complaint with the supervisory authority competent for personal data protection (President of the OƯice for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, Poland).

7. Detailed information on the processing of personal data can be found in the Privacy Policy available on the Controller's website.

VI. COMPLAINTS


1. Complaints regarding the Newsletter service can be submitted:
• electronically to the email address: biuro@the-unit.pl,
• by mail to the Controller's registered oƯice address.

2. The complaint should contain:
• User data enabling contact with them and responding to the complaint (name and email address),
• description of the problem that is the basis for the complaint,
• any demands of the User.

3. The Controller will consider the complaint within 14 days from the date of its receipt. The Controller will inform the User about the outcome of the complaint consideration at the provided email address.

VII. LIABILITY


1. The Controller undertakes to provide the Newsletter service with due diligence.

2. The Controller is not liable for:
• interruptions in providing the Newsletter service resulting from technical reasons or other circumstances independent of the Controller,
• non-delivery of the Newsletter due to reasons on the User's side, in particular due to an incorrect email address or blocking of messages by mail servers or anti-spam programs,
• damages caused to third parties, resulting from the User's use of the Newsletter service in a manner contrary to the law or this Policy.

VIII. FINAL PROVISIONS


1. The Controller reserves the right to change this Policy. The Controller will inform Users of the changes by sending relevant information to the email address provided when subscribing to the Newsletter.

2. Changes to the Policy come into force within 14 days from the date of their announcement. Using the Newsletter service after introducing changes is equivalent to accepting the new content of the Policy.

3. In matters not regulated by this Policy, Polish law shall apply, in particular the Civil Code, the Act on Providing Electronic Services, and the GDPR.

4. This Policy comes into force on March 2, 2025.