Who we are?
We are Tooploox and MicroscopeIT, or more formally:
- Tooploox sp. z o.o. a limited liability company established in Poland with its registered seat in Wrocław (53-601) at Tęczowa 7;
- MicroscopeIT sp. z o.o., a limited liability company established in Poland with its registered seat in Wrocław (53-603) at Tęczowa 13.
In principle, Tooploox and MicroscopeIT are separate controllers of your personal data under the EU General Data Protection Regulation (“GDPR”). However, we jointly: (i) conduct recruitment processes; (ii) conduct marketing, promotional and sales-related activities, including sending our newsletters and (iii) organize events. We also jointly determine the purposes and means of the processing of your personal data, thus "are joint controllers of your personal data under the GDPR within these 3 areas".
You can contact both Tooploox and MicroscopeIT with all questions relating to your privacy as well as get information about the essence of the arrangements between Tooploox and MicroscopeIT by sending an email to firstname.lastname@example.org (a single point of contact for both controllers).
When and how do we collect your personal data?
We collect your personal data either directly from you or through third parties.
We collect your personal data directly from you when you:
- browse through our website;
- reach out to us using any contact method available on our website, during events which we take part in, through external directories or through our social media channels;
- download content from our website or register for any events that we organize;
- subscribe to our newsletter;
- respond to job postings available in the “Careers” section of our website.
We collect your personal data through third parties (indirectly) from the following sources:
- recruitment agencies, recruitment platforms & recruitment events: in addition to hiring headhunters to work on our behalf, we cooperate with recruitment agencies and recruitment platforms as well as event organizers who have their own databases of work candidates and provide us with personal data of candidates who match our desired profile and might be interested in working for Tooploox. Thus, in recruitment context, we may receive your job application from such entities;
- public sources and professional networking platforms: we use public sources (e.g. Crunchbase, apollo.io, angel.co, public commercial registers) to reach out to companies and people who may be interested in our services. We collect your name, the name of the company you represent, designation/job role, email address and telephone number (where available) from these sources. We also use professional networking platforms such as LinkedIn to do so;
- our business representatives and our network: we rely on our business representatives and client network to get new leads. Thus, we may receive information related to your name, company you represent, designation/job role and email address through recommendations from our customers or directly from our business representatives, both of whom have established professional/personal connections directly with you;
- organizers of events that we participate in: we take part in various events and conferences relating to technology and startups. If available, we use networking possibilities provided by organizers of such events. In this case, we receive your name, the name of the company you represent, designation/job role, and email address from the organizers of such events;
- information received prior to/during fulfilment of contractual services: when we negotiate a new contract with the company that you work for or that you represent we may receive your personal data from your colleagues or from your employer. This may include your name, designation/job role, company you represent, telephone number and email address.
You can get information about the source from which we received your personal data by sending an email at email@example.com.
What do we use your personal data for and how long do we keep it?
Establishing business relationships
We process personal data that you provide when you contact us with business enquiries to respond to your message, including to prepare an offer or an estimate for you. The processing of your personal data in this context is based on our legitimate interest - the need to respond to business enquiries which we receive.
You are not obliged to give us your personal data when contacting us, however we may not be able to properly respond to your enquiry if you refuse to provide or give incorrect personal data. We will process your personal data until your matter is resolved.
When we collect your personal data through third parties (indirectly) we will process it to reach out to you and establish a business relationship directly with you or with the organization which you work for. The processing of your personal data in this context is based on our legitimate interest - direct marketing of our services. We will process your personal data for this purpose until you object against such processing.
Maintaining business relationships
We process your personal data obtained in connection with the provision of our services to enter into and perform a contract concluded between you and Tooploox or MicroscopeIT. The processing of your personal data is either based on the contract itself (when you are a party to such contract) or is based on our legitimate interest - the need to ensure smooth performance of a contract concluded between your employer and us (in all other cases). We will also process your personal data gathered in this context to fulfill legal obligations imposed by Polish tax and accounting laws.
When you are a party to a contract with Tooploox you must give us your personal data to be able to enter into such a contract. Failure or refusal to do so, will make it impossible to conclude it. In all other cases, you are not obliged to give us your personal data, however we may not be able to properly perform the contract concluded with your employer if you refuse to provide or give incorrect personal data. We will process your personal data for all of the purposes mentioned above for the whole period of our cooperation and additionally for a legally prescribed period of keeping accounting and tax records.
We will also process your personal data gathered in connection with the provision of our services to pursue our legitimate interests which include:
- direct marketing of our services (e.g. offering you new or additional services);
- internal business analytics (e.g. monitoring of lead pipeline and pipeline value;
- preparing financial metrics);
- protection against or pursuing legal claims which may arise in connection with our cooperation.
We will process your personal data for these purposes until you object against such processing or until all legal claims connected with our cooperation become time-barred, whichever earlier.
Organization of marketing events
We process personal data that you provide when you register for our events for marketing purposes, including organization of the event, sending post-event materials and follow-ups.
The processing of your personal data in this context is based on our legitimate interest - direct marketing of our services. Taking part in our events is completely voluntary, however you may not be able to register if you refuse to provide or give incorrect personal data. We will process your personal data until you object against such processing.
Digital marketing, digital content & newsletter
We process personal data that you provide when you sign up for our newsletter or download content available on our website for marketing purposes, including making the content that you are interested in available to you and sending our newsletter to you. The processing of your personal data in this context is based on our legitimate interest - direct marketing of our services.
Subscribing to our newsletter or downloading our content is completely voluntary, however you may not be able to receive the requested content or our newsletter if you refuse to provide or give incorrect personal data. We will process your personal data until you object against processing or unsubscribe from our newsletter, whichever earlier.
We process any personal data that:
- you provide when you respond to job postings available in the “Careers” section of our website or
- that we receive from recruitment agencies, recruitment platforms or recruitment events organizers (jointly as “our recruitment partners”)
to consider your application for the position which you applied for and conduct the recruitment process itself.
The processing of your personal data is necessary to enter into contract with you and - to the extent indicated therein - is based on the provisions of the Polish Labour Code. To the extent indicated in the Polish Labour Code you are legally required to give us your personal data to be able to take part in the recruitment process.
We process all other types of your personal data which you provide (e.g. your image or information about your interests) on the basis of your voluntary consent which you express by sending your application to us or our recruitment partners. Providing this information is completely voluntary and is not required to take part in the recruitment process. If you do not want us to process any such data about you, simply do not include it in your application.
We may also process your personal data gathered in connection with recruitment to protect ourselves against or pursue any legal claims which may arise in connection with our negotiations and cooperation. The processing of your personal data in such cases is based on our legitimate interest.
If you agree to the processing of your personal data for the purpose of any future employment opportunities we will process your personal data for a period of 2 years since we received your application. If you do not give us your consent, we will delete your personal data immediately after the recruitment process for the position for which you have applied ends.
Disclosure of your personal data
Depending on the context in which we obtained your personal data the following categories of entities may gain access to your personal data:
- providers of services which help us run our business (e.g. payment processors, external accounting, headhunters, legal and business advisors);
- providers of cloud computing, productivity and collaboration tools and software which we use to run our business (e.g. tools such as Lever, G Suite, Office 365, Slack, Asana);
- hosting services providers (e.g. Amazon AWS, Google Cloud Platform);
- providers of tools which help us run marketing campaigns and organize events (e.g. tools such as Hubspot, Freshmail, SendGrid, EventBrite) as well as external sales and marketing consultants.
We also share information about your use of our sites with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services (see Cookies for more information).
Where required or permitted by law, we may also provide your personal data to regulators and law enforcement agencies.
What are your rights?
You have a right to:
- access your data: you have the right to access the information that we have on you. If you choose to exercise this right, upon your request, we will also make sure to provide you with a copy of the data we process about you and information about how we process them. We will fulfill your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request, we may charge you with an administrative fee.
- rectification of data, erasure and restriction of processing: if you believe that the information we have about you is incorrect, you are welcome to contact us, so we can update it and keep your data accurate. We will automatically delete information about you after it is no longer needed for the purposes it was collected for. Nonetheless, if at any point you wish for us to delete information about you, you have the right to do so. You also have the right to obtain restriction of processing of your data.
- data portability: in case the processing of your personal data is based on a contract or your consent, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You can also request us to transmit such data to another controller if it is technically feasible.
- withdrawal of consent and the right to object to processing: If the processing of your data is based on a consent, you have the right to withdraw your consent at any time. Remember that withdrawal of consent will not affect the lawfulness of processing based on this consent before its withdrawal. In case the processing of your data is based on our legitimate interest you have the right to object to such processing.
In order to comply with requests concerning your rights, if the information that you provide is insufficient to identify you, we will ask you to give us some additional information that we will use to verify your identity. If you fail to provide such information we may refuse to fulfil your request.
We do not use any information provided by you for the purposes of automated decision-making, including profiling.
International data transfers
Whenever possible, we will try to use processors which process personal data within the European Economic Area (“EEA”). In case there is a need for us to use processors located outside of the EEA, we will only disclose personal data to them provided that appropriate international data transfer safeguards described in the GDPR are in place.
If you have further questions about international data transfers that we make or want to obtain a copy of the safeguards that are in place to guarantee the legality of the transfer you can contact us by sending an email at firstname.lastname@example.org.
How to contact us and seek additional help?
- for Tooploox: email@example.com;
- for MicroscopeIT: firstname.lastname@example.org.
We hope that we will be able to answer all your questions and settle all disputes amicably. Nonetheless, if you think that your rights were not observed or that your privacy was harmed, you can always lodge a complaint with a data protection authority - the President of the Polish Personal Data Protection Office.
Cookies and similar technologies
Cookies we use can be divided into the following categories:
- statistics & analytics cookies which make it possible for us to understand how you interact with our website by collecting and reporting anonymous and aggregated statistical data;
- marketing & remarketing cookies which make it possible for us to track visitors across our website and advertise our services online.
Please note that we make use of social plugins and advertising tools from Google, Facebook and LinkedIn. This means that - depending on your device settings and your consent - the information about your use of our website may be combined with other information that you’ve provided to Google, Facebok and LinkedIn or that they’ve collected from your use of their service. These parties collect data directly from your web browser, processing the data under their own privacy policies (see below for relevant links).
What types of information do we gather through cookies?
By using cookies, we gather the following information:
- your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences;
- information about the device that you use to connect with our website (e.g. the type of device that you are using, the system under which it operates, your network information and unique device identifiers such as your MAC address);
- information about your approximate geographic location inferred from your IP address;
- metadata about your interactions with our website - whenever you use it, some metadata which provides high-level information about the way you use our website is generated (e.g. the way you navigate the website, the features and functionalities that you interact with, third party services and integrations that you use).
What cookies do we use?
We use two types of cookies:
- session cookies, which remain on your device until a web browser session is completed or the web browser is closed;
- persistent cookies, which remain on your device until their expiry date or until you delete them, but no longer than 2 years.
The table below lists all types of cookies that we use on our website:
|Statistics & analytics||_ga||Cookies used by Google Analytics to create unique IDs for your session and enable us to gather statistical data about the use of our website.||2 years|
|_hjid||Cookies used by Hotjar to create unique ID and ensure that statistical data about your use of our website are collected and attributed properly. Hotjar cookies record your behaviour on our website and allow us to see - through aggregated and anonymous data - which parts of our website are used most frequently and how. Please refer to HotJar cookie information for more details.||Session|
|__hssc||Cookies used by Hubspot to track visitors across our website. Please refer to HubSpot’s Knowledge Base for more information.||30 minutes|