Your privacy is important to us. This policy explains what personal data we collect from you and how we use it.
At certain times, Tooploox may change or modify our policy at our own discretion, adding or removing information to reflect current practices – in other words, giving you the most up to date information. When this occurs, we will update this policy with the most recent revision date.
We may also retain data when required to comply with legal obligations, enforce agreements or resolve ongoing disputes. Such data will be deleted when no longer required and such incidents have been resolved.
Processing Personal Data
Who is responsible for processing your personal data?
Tooploox Sp. z.o.o is the controller of your personal data.
Our registered office is: ul. Tęczowa 7, 53-601 Wrocław
This is registered with the Register of Entrepreneurs of the National Court Register maintained by the District Court in Wrocław-Fabryczna, VI Commercial Division of the National Court Register.
- We are registered under entry number KRS 0000445336
- Our NIP (ID for taxpaying purposes) is 8992740358
- Our REGON [enterprise ID] is 022047421
How, When and Why do we collect your personal data and for How Long do we store it?
We only store your data via request, when legal consent has been given. This occurs in a number of circumstances:
If you use our contact form, we collect your name and e-mail address. We also collect any additional, optional
information you provide us with. We store your data with the message sent to us, which includes any information
about your project or request, if provided.
This data is used to contact you in regards to your initial request. If this results in successful cooperation, we will continue you to process your data as we provide you with our services. If not, your data is removed after 2 years.
In limited circumstances, we may also use your information for other purposes, where permitted by law. This does not include marketing or advertising purposes.
We store your personal data on Pipedrive’s database, where we retain access. However, we process data on our own personal servers for the purposes of invoicing.
Job Application Form
For job applications with Tooploox, our form requires your full name and e-mail address, as well as the option
to include your phone number. We also require a copy of your CV.
You can request to review your personal data, or request its removal, by contacting us at email@example.com.
3rd Party Applications
Our website uses 3rd party applications that request and use personal data.
Protecting Your Personal Data
We use various technical and organizational security methods, such as encryption, to ensure and maintain the safe storage of your personal data. Your personal data is stored in secured networks and is only accessible by a limited number of people that have been given special, specific rights to access such systems.
Your Personal Data Rights
We recognise and respect your rights to your personal data. You have the right to request:
- Access to your personal data
- Amendments to your personal data
- The complete erasure of your personal data
- Restrictions on how we process or use your data
- Data portability – to obtain and reuse your own personal data
You have the right to object to us processing your personal data in relation to your particular situation. You
are also free to opt-out from direct marketing.
In situations where we have obtained your consent to process your personal data, you also have the right to withdraw this consent at any time. This will not influence the lawful status of any processing that has occured before the withdrawal occurred.
To enact any of your personal data rights, please contact us at firstname.lastname@example.org.
You also have the freedom to lodge a complaint with a supervisory authority. For us, as a Polish company, our supervisory authority is Generalny Inspektor Ochrony Danych Osobowych. You can learn more on the Generalny Inspektor website.
Cookies and Pixel Tags
We receive and record information, which may include personal data, from your browser when you use our website. We use a variety of methods, such as cookies and pixel tags to collect this information, which may include your:
- IP address
- unique cookie identifier, cookie information and information on whether your device has software to access certain features
- unique device identifier and device type
- domain, browser type and language
- operating system and system settings
- country and time zone
- previously visited websites
- information about your interaction with our website such as click behavior and indicated preferences
- access times and referring URLs.
plug-ins. These particles collect data directly from your web browser, processing the data under their own
We use the following cookies:
|__cfduid||Used by Cloudflare content network to identify trusted web traffic||1 year|
|_hp2_id||Used to help with analytics and track new sessions||2 years|
|_hp2_session||Used to help with analytics and track new sessions||session|
|PHPSESSID||A PHP script to help identify sessions||sesson|
|_hjIncludedInSample||Informs Hotjar if the user is included in samples for generating Heatmaps, Funnels and other Recordings||365 days|
|_hjShownFeedbackMessage||Is set when a visitor minimizes or completes Incoming Feedback. It keeps the Incoming Feedback minimized while the user is on other pages set to display it.||365 days|
|gtag.js and analytics.js|
|ga||Distinguishes users||2 years|
|_gid||Distinguishes users||24 hours|
|_gat||Used to set/control request rate. May also be titled _dc_gtm_property-id when used with Google Tag Manager.||1 minute|
|AMP_TOKEN||Includes a token for retrieving Client ID from the AMP Client ID service. It can also have values to indicate opt-outs, inflight requests or errors in retrieving a Client ID.||30 seconds - 1 year|
|_gac_property-id||Includes campaign information for the user. Adwords website conversion tags read this, unless you choose to opt out.||90 days|
|__utmt||Used to set/control request rate.||10 minutes|
|__utmc||Not used in ga.js, but is interoperable with urchin.js. Historically worked with _utmb cookies to determine new user sessions or visits.||End of browser session|
|__utmv||Stores visitor-level custom variable data. It is created when a developer uses _setCustomVAR with a visitor level custom variable. It is updated when data is sent to Google Analytics.||2 years (from each update)|
|__hstc||Stores domain, timestamps and session numbers to anonymously track visitors||2 years|
|hubspotutk||Used on forms to track visitors and avoid duplicating the same users||10 years|
|__hssc||Tracks pageviews and timestamps. Works with __hstc to determine new sessions.||30 minutes|
|__hssrc||Determines new sessions||None|
Third Party Cookies
We also run a number of third party applications that help provide a smooth website experience.
We use Lever for the purposes of recruitment and it uses the following cookies:
Our blog posts use Disqus for comments, which uses the following cookies. These cookies are not controlled by us and help Disqus to track comments and activity across different websites.
We also use Facebook pixels to track visitors from Facebook. These use the following cookies, pixels and tags:
How to manage cookies
Your web browser’s settings can change your preferences regarding cookie storage. Most browsers also let you
review and erase cookies as well. Please be aware, however, that our website will not operate property without
For more information, we refer you to the help pages from browser manufacturers regarding managing cookies in their specific browsers.
- Google Chrome
- Internet Explorer
- Mozilla Firefox
- Safari – Desktop & Mobile
- Android Browser
- Opera – Desktop & Mobile
For browsers not included here, please refer to the appropriate documentation provided by the manufacturer.