Privacy Policy

Last update: 27.08.2025

01

General Provisions

1. The data controller is 3Soft S.A., with its registered office in Katowice, ul. Gawronów 6 (hereinafter referred to as “3Soft” or the “Controller”).

2. Whenever this document refers to the service, it means the website operating at https://www.3soft.pl, managed by the Controller.

3. Due to the right to privacy and the protection of personal data of individuals who have entrusted 3Soft with their data – in particular, 3Soft’s clients, participants of events organized by 3Soft, 3Soft’s contractors and their employees, members of the media, persons contacting 3Soft for information regarding the offer – 3Soft informs that the collected data is processed in accordance with national and European law and under conditions ensuring the security of such data, and it is stored on secured servers.

4. This document complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as the “GDPR,” the text of which is available on the website of the European Union at: http://data.europa.eu/eli/reg/2016/679/oj.

5. We respect your right to privacy and care for the security of your data. For this purpose, we use, among others, a secure communication encryption protocol (SSL).

6. The purpose, scope and categories of data recipients processed by the Controller depend on the activities undertaken by you within the scope of individual products or services of the Controller, including depending on the functionalities of the service used.

7. We have appointed a Data Protection Officer, Mr. Paweł Bociąga, with whom you may contact regarding the protection of your personal data at the following e-mail address: iod@3soft.pl or in writing at our registered office address indicated in point 1.

8. The general information included in this Privacy Policy constitutes the basic information obligation regarding the processing of your personal data. If you remain in a specific relationship with us, e.g. if you are a representative of our contractor, a job applicant, or a member of our corporate bodies, you are subject to specific clauses set out below:

  • Information on monitoring: See
  • Information for contractors (including their representatives and personnel): See
  • Information for job applicants: See
  • Information for members of corporate bodies: See
  • Information for shareholders: See
02

Purpose, Legal Basis and Principles of Personal Data Processing

1. Each time you visit our website, general user data is automatically transmitted to our server by your browser. This includes: the type and version of the browser you are using, the current IP address of the internet connection, the computer’s operating system, the URL of the referring page (last visited website), date and time of the server request.

2. Processing the above data is necessary to run and display our website on your device. The data received is generally processed in an aggregated and anonymized manner (meaning that it does not allow identification of you by a third party using reasonable means).

3. The legal basis for processing data as part of the service is Article 6(1)(f) GDPR. The purpose of data processing is to protect our legitimate interest in the correct, efficient, and secure operation of our website, through which we wish to reach users.

4. The Controller processes personal data:
a. in accordance with data protection laws;
b. in accordance with this Privacy Policy and internal regulations;
c. to the extent and purpose necessary to carry out 3Soft’s activities, in particular for:

  • selling offered products and services,
  • organizing events,
  • conducting marketing activities,
  • responding to questions and providing information to third parties.

5. The Controller processes personal data:

a. under Article 6(1)(b) GDPR – for the purpose of taking steps to conclude and perform contracts (including telephone and email contact, sending documents related to services provided, etc.) – until the contract is performed;

b. under Article 6(1)(c) GDPR – to fulfill legal obligations incumbent on the Controller, in particular those arising from tax law – until such obligations are fulfilled or expire;

c. under Article 6(1)(f) GDPR – for purposes arising from the legitimate interests pursued by the Controller, in particular for establishing, pursuing and defending claims, for archiving and statistical purposes, and for communication, marketing, promotional and sales activities, including direct marketing – until the completion of these activities, but not longer than until an objection is raised or until claims expire / legitimate interest ceases;

d. under Article 6(1)(a) GDPR and the Polish Act of 12 July 2024 – Electronic Communications Law – in the case of consent to the use of the User’s electronic address for sending marketing content, promoting own services and sending commercial information within the meaning of the Polish Act of 18 July 2002 on the provision of electronic services – until consent is withdrawn.

6. Your personal data may be transferred to the following recipients:

a. entities within the 3Soft capital group, such as subsidiaries and affiliates within the meaning of the Polish Commercial Companies Code,

b. other entities cooperating with 3Soft in achieving processing purposes, including IT service providers, event organizers, intermediary platforms, and entities cooperating with the Controller in providing sales services, on the basis of agreements regulating data processing,

c. entities authorized under generally applicable laws.

7. Providing personal data is voluntary but necessary to achieve the purposes of processing indicated above. The Controller may also obtain certain data from your employer, contractors, publicly available sources such as public registers or professional networking platforms, as well as from partners and intermediaries, e.g. event organizers you participated in or online tool providers such as LinkedIn.

8. The service operated by 3Soft is of informational nature. The purposes of processing indicated in the Contact Form available on our website are related to communication with you regarding the message sent through the Contact Form, in order to respond to the question asked and provide the information you requested. The legal basis will in this case be the legitimate interest pursued by the Controller, i.e. contacting you – Article 6(1)(f) GDPR; as well as consent expressed voluntarily by entering data into the Contact Form and sending it to us – Article 6(1)(a) GDPR.

9. The Contact Form collects the following data: name, e-mail address and optionally a telephone number and company name. Optionally, you may share other personal data within the content of the message – such disclosure is voluntary and based on your choice. The above data is necessary to provide, as it allows us to respond to the question asked or to provide appropriate information.

10. We reserve the right to process data after the termination of the legal relationship that is the basis for processing or withdrawal of consent, but only to the extent necessary for the pursuit of potential claims before a court or if national, EU or international law obliges us to retain data.

    11. Deletion of personal data may take place upon withdrawal of consent or lodging a legally permissible objection to the processing of personal data, in cases permitted by law.

    12. Your personal data will be processed for the period necessary to achieve the purposes for which the data is processed or until an objection is raised, if the basis for processing is the Controller’s legitimate interest, or until consent is withdrawn, if the basis is consent. Afterwards, the Controller may store the data until the statute of limitations for potential claims expires or until the obligation to retain data resulting from the law expires.

    13. Your personal data may be processed only by authorized persons and by the Controller’s subcontractors – these are entities used by the Controller to perform its obligations, in particular IT service providers.

    14.The Controller does not share personal data with other entities except those authorized under relevant legal provisions (e.g. law enforcement authorities).

    15. 3Soft protects personal data by applying appropriate technical and organizational security measures to prevent accidental or intentional modification of such data, their loss, destruction, or unauthorized access.

    16. As part of certain processes, the Controller undertakes activities that may be considered profiling to a limited extent (e.g. for analyzing advertisement view data and measuring their effectiveness). These activities are carried out only in relation to data concerning user activity on websites and online applications for purposes related to ad targeting and marketing activities, including creating content tailored to your interests. These activities do not involve solely automated decision-making that would produce legal effects concerning you or similarly significantly affect you.

    03

    User Rights

    1. Right of access to personal data – the right to information on the processing of personal data – on this basis, the Controller provides the requesting person with information on the processing of personal data, including in particular the purposes and legal bases for processing, the scope of data held, the entities to which personal data are disclosed, and the planned date of their deletion;

      2. Right to obtain a copy of data – on this basis, the Controller provides a copy of the processed data relating to the requesting person;

      3. Right to rectification – on this basis, the Controller removes inconsistencies or errors concerning the processed personal data and supplements or updates them if they are incomplete or have changed;

      4. Right to erasure – on this basis, you may request the deletion of data whose processing is no longer necessary for any of the purposes for which it was collected;

      5. Right to restriction of processing – on this basis, the Controller ceases operations on personal data, except for operations for which the data subject has given consent, and continues to store the data in accordance with the adopted retention rules or until the reasons for restricting processing cease to exist (e.g. a supervisory authority issues a decision allowing further processing);

      6. Right to data portability – on this basis, to the extent that data is processed in connection with a concluded contract or consent given, the Controller issues the data provided by you in a format readable by a computer. It is also possible to request that such data be transferred to another entity – provided that there are technical possibilities on both the Controller’s side and that of the other entity;

      7. Right to object to data processing for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes, without having to justify such objection;

      8. Right to object to other data processing purposes – the data subject may at any time object to the processing of personal data based on the Controller’s legitimate interest. Such an objection should be justified and will be assessed by the Controller;

      9. Right to withdraw consent – if data is processed on the basis of consent, the data subject has the right to withdraw it at any time, which does not affect the lawfulness of processing carried out prior to withdrawal. A statement of withdrawal of consent should be sent by e-mail;

      10. Right to lodge a complaint – if you believe that the processing of personal data violates the GDPR or other data protection laws, you may lodge a complaint with the President of the Polish Personal Data Protection Office.

      11. To exercise these rights, contact the Controller through the Data Protection Officer at: iod@3soft.pl

      04

      Data Transfer

      1. The Controller may, in connection with the use of certain services, transfer personal data to third countries, i.e. countries outside the European Economic Area (EEA). Your data may only be transferred to third countries or entities in respect of which the European Commission has issued a decision confirming an adequate level of data protection. The list of such countries can be found on the European Commission’s website at the relevant link.

      2. In the absence of a European Commission decision confirming adequate protection under Article 45(3) GDPR, your data may be transferred to a third country only on the basis of: binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the Polish supervisory authority and approved by the Commission, an approved code of conduct or an approved certification mechanism (Article 46 GDPR).

      3. If no adequacy decision has been issued and no appropriate safeguards under Article 46 GDPR apply, including binding corporate rules, we will ask you for explicit consent to such transfer to a third country or international organization, informing you in advance of the risks associated with such transfer under Article 49(1)(a) GDPR.

      4. In connection with the transfer of data outside the EEA, you may request information on the relevant safeguards, obtain a copy of these safeguards, or information on where they have been made available, by contacting us at the address indicated in § 1.

      5. The European Commission has adopted an implementing decision recognizing an adequate level of protection for secure and trusted transfers of data between the EU and the US. This means that from that date onwards, data transfers from the EU to organizations in the US listed in the “Data Privacy Framework List” (https://www.dataprivacyframework.gov/s/participant-search) can be based on that adequacy decision, without relying on transfer tools under Article 46 GDPR.

      6. The Controller, due to the use of providers that store data on US servers (e.g. Microsoft Corporation, Google LLC), may transfer your personal data to countries outside the EEA. However, these subcontractors have joined the program referred to in point 5 and thus guarantee an adequate (high) level of data protection required by European regulations.

      05

      Cookies and Similar Technologies

      The website www.3soft.pl uses cookies and similar technologies. Cookies are small text files sent by a web server and stored by the browser’s software on your computer. Similar technologies are solutions for collecting data from the browser or end device that use locally available objects or storage, such as flash cookies or HTML5 cookies, as well as other application monitoring technologies. When the browser reconnects with the website, the site recognizes the type of device used by the user. Cookies and similar technologies make it easier to use previously visited websites. Additional information on cookies and similar technologies can be found in the Cookies Policy: https://www.3soft.pl/polityka-cookies.

      06

      Social Media

      1. The Controller has public profiles on social networking sites Facebook and LinkedIn. As a result, it processes data left by people visiting these profiles (e.g. comments, likes, online identifiers). Personal data of such people is processed to enable activity on the profiles, to effectively manage the profiles by presenting users with information about initiatives and other activities, in connection with promoting various events, services and products, for statistical and analytical purposes, as well as for pursuing and defending against claims. The legal basis for processing personal data on social media is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of promoting its brand and improving the quality of services provided, and if necessary, pursuing claims and defending against claims.

      2. Cookies and plugins of various social media networks are built into our website. The purpose of these services is to allow you to browse and share our content with your contacts and networks. These providers are:

      • Facebook, operated by Meta Platforms Ireland Limited, Merrion Road Dublin 4 D04 X2K5 Ireland (“Facebook”). An overview of Facebook plugins and their appearance can be found at: https://developers.facebook.com/docs/plugins
      • LinkedIn, provided by LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, California 94085, USA, and in the EU by LinkedIn Ireland Unlimited Company, Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). An overview of LinkedIn plugins and their appearance can be found at: https://developer.linkedin.com/plugins#

      3. Social media tools collect information about previously visited websites, IP address, browser information, and the date and time of the server request. When using any of the social media functions (e.g. clicking the “Share” button, leaving a comment), this information is also transmitted by the browser directly to the provider for storage.

      07

      Server Logs

      1. Using the service involves sending queries to the server on which this website is stored.

      2. Each query directed to the server is recorded in server logs. Logs include, among others, your IP address, server date and time, browser and operating system information.

      3. Logs are stored on the server. Data recorded in server logs is not associated with specific individuals using the website and is not used to identify you. Server logs constitute auxiliary material used for website administration, and their content is not disclosed to anyone other than those authorized to administer the server.

      08

      Changes to the Privacy Policy

      1. The Controller reserves the right to change this Privacy Policy at any time, in particular for legal, organizational or technical reasons, such as (i) adapting to technological changes, business expectations or market conditions, (ii) adapting to new legal regulations, case law, interpretations, positions of authorities or social expectations, or (iii) preventing the risk of abuse or harm, violation of laws or third-party rights, and ensuring security.

      2. The Controller will notify the user of any changes by publishing new terms on this website. Further use of the service will be deemed acceptance of the new terms.

      3. A change in the URLs contained in the Privacy Policy, as well as the location of content and further information or resources available at those URLs, does not constitute a change in the terms. The parties will be bound by the terms as amended to reflect the above changes.

      4. Changes enter into force on the date of publication.

      Contact

      Let’s talk

      We’re eagerly waiting for
      a message from you!

      Contact form

      Formularz kontaktowy ENG