ImproveIT Solutions Privacy Policy

At IMPROVEIT SOLUTIONS LLC, your privacy is of utmost importance to us. This Privacy Policy outlines how we collect, process, disclose, and use your personal information.

1. Introduction

IMPROVEIT SOLUTIONS LLC (referred to as “Controller”) is committed to ensuring the privacy and security of our website users’, clients’ and partners’ personal data. We collect and use your data only for specified purposes and ensure it is processed lawfully and fairly.

Note: We do not collect or process personal data from individuals unless we have a contractual obligation or explicit consent from the data owner or controller, in accordance with applicable regulations.

We process your personal data only if we have one of the legal grounds specified in the GDPR, including your explicit and voluntary consent where necessary. Consent is given by actively checking the box when filling out the form, clicking the “Accept all” button on the Cookie banner, or entering into a written contract.

2. Types of Data Collected and Processing Purposes

The Controller is registered in Warsaw, Poland, at Adama Branickiego str, nr 2, lok. U3, 02-972, the number KRS: 0001024810, number NIP 9512563828.

3. Relationships with Developers and Other Specialists

Non-Disclosure Agreements:

The Controller ensures that all developers and specialists engaged are subject to thorough checks regarding their business reputation, including the absence of violations related to the handling of confidential information.

We require developers and specialists to enter into non-disclosure agreements (NDAs) before they can fulfill partners’ technical assignments or perform additional functions. These agreements are designed to protect confidential information and include provisions for personal liability in cases such as:

Disclosure of information

Loss of data storage devices

Failure to take measures to ensure strict confidentiality

Response to incidents related to the processing and storage of confidential information

Monitoring and Compliance:

we take special responsibility for the regular monitoring of compliance with the terms of NDAs by developers and specialists. These agreements are regularly updated to align with best practices and standards.

Information Security Standards:

we ensure that all developers and specialists adhere to stringent information security measures, use software appropriately, and comply with the highest standards of personal data protection.

4. Types of Data Collected and Processing Purposes

We collect personal data for the following purposes:

– Contact and Queries: To respond to questions submitted via contact forms on our website (e.g., Name, Email Address, Phone Number, Company Name, content of your message), based on Article 6(1)(f) GDPR.

– Marketing and Communication: To send marketing content, newsletters, and event invitations with your consent (e.g., Email Address, Name, Subscription preferences, interaction data with marketing emails), based on Article 6(1)(a) GDPR).

– Recruitment: To manage job applications and recruitment processes (e.g., Name, Contact Information, CV, Cover Letter, Work Experience, Education, Skills, desired salary, references), based on Article 6(1)(b) and 6(1)(a) GDPR).

– Service Offers: To prepare personalized offers for our services (e.g., Email Address, Name, Subscription preferences, interaction data with marketing emails), based on Article 6(1)(b) GDPR).

– Website Functionality: To improve website structure and content based on user interaction (e.g., IP Address, Browser Type, Device Information, pages visited, time spent on site, referral sources, interaction data), based on Article 6(1)(f) GDPR).

– Legal and Security Purposes: To safeguard against claims and ensure the security of our services (e.g. technical and usage data, identification and contact details (limited), data related to security incidents, and data necessary for legal defence) based on Article 6(1)(f) GDPR).

5. Data Retention

We retain personal data only as long as necessary:

– Contact Queries: Up to 12 months after the last interaction.

– Marketing Communication: Until consent is withdrawn.

– Recruitment: For the duration of the recruitment process or up to 24 months if consent is given for future recruitment, unless otherwise specified in the agreement.

– Service Offers: For the duration of offer negotiations and up to 12 months after the last contact, unless otherwise specified in the agreement.

The storage period may be extended if an agreement is concluded between the parties, in which case the data shall be stored for the duration of the agreement and after its expiry in accordance with the requirements of the legislation on document storage.

– Legal Compliance: Data related to financial transactions is stored in accordance with tax legislation; data required for legal proceedings is stored until their completion.

6. Data Sharing

We may share your data with:

– Authorized Entities: As required by law, including judicial authorities.

– Service Providers: Entities that support our operations, including IT service providers and marketing agencies, under strict data protection agreements such as hosting providers (Google Cloud/AWS), CRM systems (HubSpot/Salesforce), email providers (Mailchimp/SendGrid), analytics platforms (Google Analytics, Hotjar), payment service providers (Stripe, PayPal), financial institutions etc.

– Business Partners and Clients: With your explicit consent, data may be transferred to partner companies that provide services or to clients for the implementation of joint projects in which you are a team member.

– Affiliated Entities: Data may also be shared with affiliated entities within our corporate group for operational purposes, such as providing integrated services, improving our offerings, or conducting joint business activities. These entities are also bound by appropriate data protection measures to ensure the security and confidentiality of your data.

7. Conditions of Access to Personal Data

The procedure for third-party access to personal data is governed by the terms of consent provided by the client or other data owners, in accordance with applicable legal requirements.

– Access Rights: The owner of personal data has the right to receive information about themselves from any entity involved in processing their personal data. To request access, the individual must provide their surname, name, patronymic, place of residence (or stay), and details of the document verifying their identity, except where otherwise stipulated by law. –

– Access Fees: Access to personal data about oneself is provided free of charge.

– Timeliness of Access: Delays in granting access to personal data are not permitted. Deferral of access to the personal data is allowed if the necessary data cannot be provided within 30 calendar days from the date of receipt of the request. In this case, the total period for resolving the issues raised in the request may not exceed 45 calendar days. The notice of postponement shall be communicated in writing that submitted the request, explaining the procedure for appealing such a decision.

8. User Rights

You have the following rights concerning your personal data:

– Access and Rectification: To exercise this right, please send a request to [email protected], clearly stating your full name and the specific data you wish to access or correct.

– Deletion and Restriction: You can request the deletion or restriction of your data by contacting us at [email protected]. Please note that certain legal obligations may require us to retain some data.

– Data Portability: To request a copy of your data in a structured, machine-readable format, send your request to [email protected].

– Objection: Object to processing based on our legitimate interests by sending a request to [email protected].

– Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal by sending a request to [email protected].

– Lodge a Complaint: If you believe your data rights have been violated, you have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) in Poland, whose contact details can be found on their official website (uodo.gov.pl ).

9. Cookies and Tracking

We use cookies to enhance your experience on our website. These include:

– Security Cookies: Used to ensure the security of our website and detect any misuse.

– Performance Cookies: Help us analyze how users interact with our website, enabling us to improve functionality.

– Functional Cookies: Allow us to remember user preferences and personalize your experience.

Cookies do not store personal data and are not used for direct identification. You can manage your cookie preferences through your browser settings.

You can manage your cookie settings and withdraw your consent at any time by changing them in your browser settings.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction.

These measures include encryption, access controls, and regular security audits. To this end, we have implemented the following measures:

– Technology and Encryption: Personal data is processed and stored on MacBook Pro computers using the XTS-AES-128 encryption algorithm and FileVault encryption. Regular updates to macOS are installed, with encryption of storage media activated.

– Operational Procedures:

Software and Internet Usage:

Strict prohibition on the use of unlicensed, questionable, or potentially harmful software, and visiting non-task-related websites.

Password and Access Management:

Adherence to password policies based on the National Institute of Standards and Technology (NIST) recommendations.
Prohibition on disclosing account identification data (logins, passwords) or transferring hardware security systems to third parties.

Data Handling:

Prohibition on transferring data storage devices to third parties.
Restrictions on accepting email correspondence from unverified sources and containers with questionable content.

Depending on the nature of the technical tasks and the specifics of the partner’s or client’s information handling protocols, third-party licensed services may be used for remote storage, encryption, backup, and other specialized information security tools under a separate agreement.

Incident Response:

Immediate action is taken in response to unauthorized access, loss, or damage to confidential information storage media or hardware security systems.

11. International Data Transfers

We may transfer your data outside the European Economic Area (EEA) only when necessary and with appropriate safeguards, such as:

– Adequacy Decision: Transfers to countries recognized by the European Commission as providing adequate data protection.

– Standard Contractual Clauses: When no adequacy decision is in place.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other operational considerations.

13. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

Address: Adama Branickiego str, nr 2, lok. U3, 02-972, Warsaw, Poland.