Privacy Policy - Security Hub

1. GENERAL INFORMATION AND DEFINITIONS

This Privacy Policy outlines the key information regarding what happens to your personal data when you visit our website www.securityhub.pl, or otherwise contact us or enter into business relations with us. The Privacy Policy also includes information about the use of cookies and similar technologies on our Website.

Definitions:

“controller”: an entity which, alone or jointly with others, determines the purposes and means of the processing of personal data; unless otherwise indicated in this Policy, the controller is Optima Partners;
“personal data”: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Optima Partners” or “we”: Optima Partners Spółka z ograniczoną odpowiedzialnością sp.k., with its registered office in Warsaw (ul. Puławska 145, 02-715 Warsaw);
“Policy”: this “Privacy Policy”.
“GDPR”: Regulation (EU) 2016/679 of the European Parliament and of the Council of 7 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Website”: the website operated by Optima Partners at www.securityhub.pl;
“User”: any person browsing the Website.

2. PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE USE OF THE WEBSITE

In connection with Users’ use of the Website, Optima Partners—as the controller—collects and processes personal data, as well as information on Users’ activity on the Website. Information about Users, including personal data, is collected via:

Providing personal data in electronic forms (e.g., in a contact form).
Using cookies stored on Users’ end devices (e.g., computers, smartphones, tablets, etc.).
Collecting data from so-called system logs.

The rules and purposes of processing personal data collected during Users’ use of the Website are described below.

2.1. Use of the Website

For Users who browse the Website, Optima Partners collects and processes personal data such as IP address or other identifiers and information collected via cookies for the following purposes:

To provide Users with the content available on the Website—the legal basis for processing is the necessity to perform a contract for the provision of services by electronic means (Article 6(1)(b) GDPR).
For analytical and statistical purposes—the legal basis for processing is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR) consisting in conducting analyses and statistics on Users’ activity and preferences in order to improve the Website’s functionality and the services provided.
To establish and pursue potential claims (e.g., in the event of unlawful actions by a User in connection with the use of the Website) or to defend against claims—the legal basis for processing is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR) consisting in the protection of its rights.
For the marketing purposes of Optima Partners and other entities—the rules for processing personal data for marketing purposes are described in the section on marketing.

User activity on the Website, including information concerning certain aspects of Website usage and some personal data (e.g., IP number), is automatically recorded in the server’s system logs. This is a special software used to store a chronological record of events and actions relating to the IT system supporting the Website. Such information includes:

Resources viewed on the Website (identified by URL addresses).
Time the request reached the server and the time the response was sent.
The User’s station name (identified via the HTTP protocol).
Information on errors occurring while browsing the Website.
The URL of the page previously visited by the User (the referrer link)—if access to the Website occurred via a hyperlink.
Information on the User’s browser.
Information on the User’s IP address.
Pages of the Website visited by the User.

Data stored in system logs are processed by Optima Partners in connection with providing services consisting in making the Website available to Users. Optima Partners also processes this data to administer the Website, for technical purposes, to ensure the security of its IT system and to manage that system, as well as for analytical and statistical purposes. In this respect, the legal basis for processing personal data is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR).

2.2. Information provided in electronic forms

In certain areas of the Website, Optima Partners provides the option to contact us or send an enquiry using electronic forms (e.g., a request-for-proposal form, a call-back form).

Using a form requires providing personal data necessary to contact you and handle your enquiry. You may also provide other data to facilitate contact or the handling of your enquiry. Providing personal data marked as mandatory is required in order to submit and process the enquiry; failure to provide such data will result in the inability to send the enquiry. Providing other data (not marked as mandatory) is voluntary and not necessary to send the enquiry, but it may help to handle it and provide a response.

Personal data collected via electronic forms are processed for the purpose of identifying the sender and handling their enquiry. The legal basis for processing is the legitimate interest of Optima Partners, consisting in responding to your enquiry and—where applicable (if the enquiry concerns initiating a business relationship or sending an offer)—preparing and sending an offer and initiating and maintaining business relations (Article 6(1)(f) GDPR).

2.3. Newsletter

Optima Partners provides a newsletter service to Users who, for this purpose, have provided their email address in the appropriate form on the Website. The newsletter service consists in periodically sending to the User’s email address notifications about content of interest primarily related to IT security; newsletter messages may also include marketing content (commercial information) concerning Optima Partners or its business partners. As part of the newsletter distribution, the processing of personal data (such as an email address) is based on the User’s consent to receive the newsletter (Article 6(1)(a) GDPR).

2.4. Marketing

Optima Partners may process Users’ personal data collected through cookies for the purpose of carrying out marketing activities consisting in displaying advertisements tailored to the User’s preferences. The processing of personal data will then also include profiling of Users. This means that, through automated data processing, Optima Partners or its trusted provider evaluates selected factors relating to Users in order to analyse their behaviour or create forecasts, so as to display better-matched advertisements.

Serving behavioural advertising to Users is enabled by using cookies from Optima Partners’ trusted partners (in particular within the Google advertising network). These partners collect information from cookies for advertising purposes. The use of personal data collected through this technology for marketing purposes requires the User’s consent. Such consent may be withdrawn at any time; withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. More information on behavioural advertising can be found in the cookies section.

3. PROCESSING OF PERSONAL DATA IN CONNECTION WITH OPTIMA PARTNERS’ BUSINESS ACTIVITIES

3.1. Processing of personal data in business relations

As part of its business operations, Optima Partners collects and processes personal data in order to establish and maintain business relations. This occurs, for example, during business meetings, trainings, industry events, in connection with handling requests for proposals or exchanging business cards.

The legal basis for processing personal data in such cases is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR), namely building and maintaining a contact network for the purposes of conducting its business.

In connection with cooperation with business partners (e.g., business and institutional clients, suppliers), Optima Partners processes personal data of persons indicated as contact persons in relations with Optima Partners (e.g., project managers, decision-makers, persons responsible for contract performance). The data of such persons are processed by Optima Partners for the purpose of communicating with business partners and maintaining contact with them.

The legal basis for processing personal data in such cases is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR), namely communication and maintaining contact with business partners.

3.2. Email and postal correspondence

If email or traditional correspondence is addressed to Optima Partners, and such correspondence is not related to services provided to the sender or to another contract concluded with the sender, the personal data contained in such correspondence are processed solely for the purpose of communication and handling the matter to which the correspondence relates.

The legal basis for processing personal data in such cases is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR), namely handling correspondence addressed to Optima Partners as part of its business activities.

3.3. Occasional (greetings) correspondence

For business partners (e.g., business and institutional clients) and other persons with whom Optima Partners maintains ongoing relations, Optima Partners may occasionally send greetings correspondence, in line with customary practice in Poland (e.g., postcards or emails with Easter or Christmas greetings).

The legal basis for processing personal data in such cases is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR), namely maintaining good relations with clients, business partners and other persons cooperating with Optima Partners.

3.4. Conclusion and performance of contracts

Optima Partners also processes personal data in connection with the conclusion and performance of contracts with clients and suppliers. This includes, in particular, data of persons who have concluded a contract with Optima Partners, as well as data of persons representing entities that have concluded a contract with Optima Partners, and data of coordinators or other persons authorised to contact Optima Partners.

In certain cases, personal data are not provided to Optima Partners by the data subject but by an Optima Partners counterparty. This applies in particular to data of designated contact persons, coordinators or certain employees of the counterparty who participate in contract performance.

To conclude and perform a contract with Optima Partners, providing certain personal data is necessary and constitutes a contractual requirement (e.g., company details, representatives’ details). Failure to provide such data will result in the inability to conclude and perform the contract.

Personal data are processed:

For the purpose of concluding and performing a contract concluded with the data subject—the legal basis for processing is the necessity to conclude and perform the contract (Article 6(1)(b) GDPR). With regard to data provided optionally by the data subject, the legal basis is consent (Article 6(1)(a) GDPR).
For the purpose of concluding and performing a contract where the data subject is not a party to that contract (e.g., management board members, shareholders/partners, attorneys-in-fact, coordinators, contact persons). The legal basis for processing is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR), namely identifying persons acting on behalf of or for the benefit of the counterparty and concluding and performing the contract with the counterparty.
For the purpose of fulfilling statutory obligations imposed on Optima Partners, in particular those arising from tax and accounting regulations. The legal basis for processing is compliance with a legal obligation to which Optima Partners is subject (Article 6(1)(c) GDPR).
For the purpose of establishing and pursuing potential claims or defending against such claims. The legal basis for processing personal data is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR) consisting in the protection of its rights.

3.5. Recruitment

In recruitment processes, Optima Partners requests candidates to provide only those personal data that are specified by labour law provisions, in particular the Labour Code. However, if a job application contains additional personal data, Optima Partners will consider that the candidate consents to the processing of such data for recruitment purposes.

Candidates’ personal data are processed:

For the purpose of fulfilling legal obligations related to the recruitment process, including primarily the Labour Code—the legal basis for processing is a legal obligation to which Optima Partners is subject (Article 6(1)(c) GDPR in conjunction with the provisions of the Labour Code, in particular Article 22[1] § 1).
For the purpose of conducting the recruitment process with respect to data not required by law, as well as for future recruitment processes. The legal basis for processing personal data is the candidate’s consent (Article 6(1)(a) GDPR).
For the purpose of establishing or pursuing potential claims related to the recruitment process or defending against such claims. The legal basis for processing is the legitimate interest of Optima Partners (Article 6(1)(f) GDPR) consisting in the protection of its rights.

4. RECIPIENTS OF PERSONAL DATA

Optima Partners may disclose processed personal data to external entities (data recipients). These are primarily hosting providers, other IT service providers, entities providing accounting, audit, legal, consulting, recruitment or marketing services, entities providing financial services (e.g., banks), as well as postal or courier service providers. Data are transferred to recipients in accordance with applicable law.

Personal data processed by Optima Partners may also be disclosed to competent public authorities (e.g., courts, law enforcement authorities) or third parties that submit a request for such information. Disclosure occurs only where there is an appropriate legal basis (e.g., a legal provision requiring disclosure of personal data) and in accordance with applicable law.

5. TRANSFERS OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

The level of personal data protection outside the European Economic Area (EEA) differs from that ensured by European law (GDPR). For this reason, Optima Partners transfers personal data outside the EEA only where an adequate level of protection is ensured, primarily by means of:

cooperating with entities processing personal data in countries in respect of which the European Commission has issued an adequacy decision;
using the European Commission’s standard contractual clauses;
for transfers to the USA—cooperating with entities participating in the Data Privacy Framework.

6. STORAGE PERIOD OF PERSONAL DATA

The period for which Optima Partners processes personal data depends on the purpose of processing. In some cases, the storage period may also result from legal provisions.

Where personal data are processed on the basis of Optima Partners’ legitimate interest (e.g., maintaining business relations), data are processed for a period enabling the pursuit of that interest or until a valid objection to processing is raised.

If processing is based on consent, data are processed until the consent is withdrawn, unless they are no longer necessary earlier for the purpose for which they were collected.

Where processing is necessary for the conclusion and performance of a contract, data will be processed for the duration of such contract.

The processing period may be extended where processing is necessary to establish, pursue or defend against potential claims or to demonstrate proper fulfilment of tax obligations or other public liabilities. In such a case, data are stored until the limitation of claims, liabilities or obligations. After that period, data are stored only to the extent required by law (e.g., regarding the storage of accounting and tax records, storage and archiving of employment documentation, etc.).

7. RIGHTS OF DATA SUBJECTS

Data subjects whose personal data are processed by Optima Partners have the following rights in relation to their data:

Right to request access to personal data from the controller: This means that any data subject may obtain from Optima Partners information on how and to what extent Optima Partners processes their personal data and, additionally, may obtain a copy of their personal data. If a request for access includes a request for a copy of the data, Optima Partners may charge a fee for the second and subsequent copies, of which the data subject will be informed. The amount of the fee will reflect the actual administrative costs of handling the request.
Right to request rectification of personal data: This means that any data subject may request that Optima Partners rectify (correct) their personal data, e.g., if they have been incorrectly recorded or if they have changed.
Right to request erasure of personal data: This means that any data subject may request that Optima Partners erase personal data if there is no basis for Optima Partners to process such data or if other circumstances provided for by the GDPR apply.
Right to request restriction of processing of personal data: This means that any data subject may request that Optima Partners process their personal data only to a limited extent until their objection to processing or their request for rectification is examined, or where the data subject wishes the data to be retained in connection with their claims or where unlawful processing has been found.
Right to data portability: Where processing is based on consent (Article 6(1)(a) GDPR) or on a contract (Article 6(1)(b) GDPR) and is carried out by automated means (e.g., by computer), the data subject has the right to request that Optima Partners provide the personal data they have supplied in a structured, commonly used and machine-readable format. The data subject may then transmit such personal data to another controller of their choice. Furthermore, where technically feasible, subject to appropriate security standards, Optima Partners may, at the request of the data subject, transmit the personal data directly to the other controller indicated. The right to data portability must not adversely affect the rights and freedoms of others.
Right to object to processing: Where personal data are processed by Optima Partners on the basis of legitimate interests (Article 6(1)(f) GDPR), the data subject may object to such processing on grounds relating to their particular situation. The objection will be assessed in terms of the existence of compelling legitimate grounds for processing by Optima Partners which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. If a valid objection is raised, Optima Partners may no longer process the personal data covered by the objection.

If a data subject objects to the processing of their data for direct marketing purposes, Optima Partners will no longer process the data for such purposes. No justification or indication of a particular situation is required to object to processing for direct marketing purposes.

Right to withdraw consent to the processing of personal data: To the extent that personal data are processed by Optima Partners on the basis of consent, the data subject may withdraw such consent at any time by contacting Optima Partners (e.g., via the email address or postal address indicated in the Policy). Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority: If a data subject believes that Optima Partners’ processing of their personal data infringes the law, they have the right to lodge a complaint with the supervisory authority responsible for data protection. In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).

The rights referred to above are exercised in accordance with the GDPR.

8. SECURITY OF PERSONAL DATA

At Optima Partners, we conduct ongoing risk analyses to ensure that personal data are processed securely. Access to personal data at Optima Partners is granted only to authorised persons and only to the extent necessary for the tasks they perform. We also ensure that all operations on personal data are recorded and carried out only by authorised employees and collaborators.

We take all measures to ensure that our subcontractors and other entities cooperating with us also provide adequate security and protection measures whenever they process personal data on our behalf.

9. COOKIES AND SIMILAR TECHNOLOGIES

Our Website uses cookies. Cookies are small text files that are saved and stored on the User’s end device (e.g., computer, tablet or smartphone memory). Cookies typically contain the name of the website from which they originate, the time they are stored on the User’s device and a unique identifier.

Two fundamental types of cookies are used on the Website: “session” and “persistent”. “Session” cookies are temporary files stored on the User’s end device until the User leaves the Website or closes the browser. “Persistent” cookies are stored on the User’s end device for the period specified in the cookie parameters or until the User deletes them.

The table provides information on the cookies used, which we can categorise as follows:

Necessary – required for the proper functioning of the site (e.g., PHP session).
Functional – facilitate the use of the site (e.g., remembering the language).
Analytical – used to create anonymous visit statistics that help improve the site.

Cookie name	Provider	Purpose / Function	Category	Storage period
PHPSESSID	First-party	Maintains the user session; enables the site to function correctly.	Necessary	Until the end of the session
_gat_gtag_UA_36279321_3	Google	Throttle request rate—used by analytics tools	Analytical	1 day
_ga	Google	User identifier for statistical purposes	Analytical	2 years
_gid	Google	Distinguishes users for statistical purposes	Analytical	1 day
_ga_3XFM5CFR61	Google	Supports analysis of traffic and user behaviour	Analytical	2 years
pll_language	First-party	Stores the selected interface language	Functional	1 year

9.1. Consent to cookies

Storing cookies on the User’s device and accessing them requires the User’s consent (this does not apply to cookies necessary for carrying out the transmission of a communication over the Internet or strictly necessary to provide an online service explicitly requested by the User—in such cases consent is not required). The User may withdraw consent at any time (e.g., by clearing the cookie history or disabling cookies in the browser settings).

The User may give consent to the use of cookies, among other ways, through the settings of the web browser they use. Web browsers typically allow cookies to be stored by default. Through the browser settings, the User may define the conditions for storing or accessing cookies and similar technologies, including completely blocking cookies from the Website or deleting cookies stored on the device. Automatic blocking of cookies is also possible. Detailed information can be found in the help section or documentation of the web browser.

Please note that disabling cookies necessary for authentication processes, security and maintaining User preferences may hinder the use of the Website.

10. CONTACTING OPTIMA PARTNERS

You can contact us on matters relating to personal data and privacy:

by email: biuro@optimapartners.pl
by phone: +48 22 395 51 88
by post to the registered office address: Optima Partners spółka z ograniczoną odpowiedzialnością sp.k., ul. Puławska 145, 02-715 Warsaw

11. CHANGES TO THE POLICY

The Policy is subject to ongoing review and will be updated where necessary.