Privacy Policy

1. About Us

This policy is directed to users of the website: www.falconlab.pl as well as to clients, employees, subcontractors, and other individuals interested in collaborating with FalconLab.

The data controllers, within the meaning of Article 4(7) of the GDPR and Article 26 of the GDPR, are FalconLab Spółka z ograniczoną odpowiedzialnością, with its registered office at Władysława Warneńczyka 44, 35-612 Rzeszów, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Rzeszów, XII Economic Department of the National Court Register under the numbers KRS 0001159222, REGON: 541056585, NIP: 8133929756, with a share capital of 5000 PLN, fully paid, hereinafter referred to as FalconLab.

For matters related to the processing of your data by the Administrator, you can contact us via email at [email protected], or by phone at +48 797 356 929 or +48 571 930 878.

Personal data is collected and processed in a manner and under the terms set out in this Policy.

2. General Provisions

At FalconLab, we ensure that the processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation 2016/679/EU (hereinafter referred to as "GDPR") and the Personal Data Protection Act.

As FalconLab, we cooperate with entities that process personal data in accordance with Article 4(8) of the GDPR, which act on our behalf as the Administrator. These primarily include IT service providers and hosting providers. We also process personal data provided to us by other administrators in order to deliver the services we offer. The processing is carried out in compliance with applicable legal regulations and the terms specified in the agreements concluded. FalconLab implements appropriate technical and organizational measures to ensure a level of security corresponding to the potential risk of violating the rights or freedoms of individuals, taking into account the likelihood and severity of the threat. Our actions in the field of personal data protection are based on adopted policies and procedures, and our employees and collaborators are required to comply with data protection standards.

At FalconLab, all employees, subcontractors, interns, and trainees who process personal data as part of their duties are required to enter into a personal data processing agreement. This processing is carried out in accordance with the provisions of Article 28 of the GDPR, and the specific terms of cooperation regarding data protection are defined in individual agreements.

Anyone who has access to personal data is required to process it only to the extent necessary to fulfill assigned duties, maintaining confidentiality and in accordance with the internal data protection policies in place at FalconLab. These principles are also outlined in relevant data processing agreements.

3. Purpose, Principles, and Legal Basis for Processing Personal Data

We care about protecting the interests of individuals whose data we process, ensuring that:

  • The data is processed in compliance with applicable regulations, in a fair and transparent manner for the individuals concerned; We collect data only for clearly defined, legitimate purposes and do not use it in a way that is inconsistent with the original purpose;
  • The scope of the processed data is adequate and limited to the minimum necessary for the purposes of processing;
  • The data remains accurate and up to date, with any incorrect information promptly corrected or deleted;
  • We retain the data only for as long as necessary to fulfill the processing purposes, ensuring the ability to identify the individuals concerned;
  • We apply appropriate security measures to protect the data from unauthorized access, unlawful processing, loss, or destruction.

Data may be processed for the following purposes:

  • The conclusion, performance, or termination of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract – based on Article 6(1)(b) of the GDPR;
  • Identifying authorization to represent a party – based on Article 6(1)(b) and (c) of the GDPR;
  • Processing necessary to fulfill legal obligations incumbent on the Administrator, particularly those arising from labor law, as well as other legal acts – based on Article 6(1)(c) of the GDPR;
  • Purposes arising from the legitimate interests pursued by the Administrator or a third party, including, but not limited to, marketing activities, customer satisfaction surveys, quality of service assessment, statistical analysis, creating reports and analyses, pursuing claims or protecting against claims that the Administrator may raise or that may be raised against the Administrator, as well as for archival purposes, security, handling complaints or requests, and ensuring compliance with the accountability principle referred to in Article 5(2) of the GDPR (legal basis: Article 6(1)(c) and (f) of the GDPR);
  • Conducting a recruitment process, in the case of submission of application documents (CV, cover letter). The processing includes both recruitment for a specific position and for future recruitment needs – based on Article 6(1)(a) and (b) of the GDPR; 
  • Marketing and newsletters, including sending commercial information and offers based on the consent given by the user – based on Article 6(1)(a) of the GDPR;
  • For one or more specific purposes for which the data subject has given consent to the processing of their personal data. This consent may be withdrawn at any time.

4. Retention Period of Personal Data

Personal data will be stored for as long as necessary to fulfill the purpose for which it was collected, or until the consent is withdrawn by the data subject – if the processing is based on consent. Data processing will only take place within the scope, time, and purposes in accordance with applicable laws.

5. Your Rights Regarding the Processing of Personal Data

We ensure that all information regarding the processing of personal data is provided in a clear, understandable, and easily accessible manner. Therefore, you have the right to:

  • Information when personal data is collected – to receive detailed information about the processing of your data;
  • Access to data – to obtain confirmation of whether your data is being processed, as well as access to information about it, including the right to obtain a copy of the data (according to Article 15 of the GDPR);
  • Data erasure ("right to be forgotten") – to request the deletion of your personal data in cases provided for by the GDPR;
  • Restriction of processing – to request the temporary suspension of data processing in certain situations;
  • Obtaining copies, rectification, deletion, or transfer of data;
  • Objection to data processing – including objection to processing for marketing purposes or other purposes. You may file an objection by contacting us;
  • Not to be subject to decisions based solely on automated processing – including profiling, if such decisions could have a significant impact on your rights and freedoms;
  • Information about personal data breach – if there is a situation that could threaten your personal data;
  • Withdrawal of consent for data processing – at any time, although the withdrawal of consent does not affect the lawfulness of the processing that occurred before its withdrawal;
  • Filing a complaint with a supervisory authority – if you believe that your data is being processed unlawfully, you can file a complaint with the President of the Personal Data Protection Office (address: ul. Stawki 2, 00-193 Warsaw).


To exercise any of these rights, please contact us at:

• Email address: [email protected]

• Correspondence address: Władysława Warneńczyka st. 44, 35-612 Rzeszów.

6. Contact Methods

We provide information in writing or in another form, including, when possible, electronically. If you request it, we can also provide information orally, provided that we confirm your identity in another way beforehand. If the request is made electronically, the response will also be sent electronically unless you specify a different preferred communication method.

7. Response Time for Your Request

We strive to respond as quickly as possible, typically within one month of receiving the request.

However, if your request is complicated or requires additional actions, this period may be extended by up to two additional months. In such cases, we will inform you within one month of receiving the request, providing the reason for the delay and the expected time for completion.

8. Subcontractors and Data Processors

We share your personal data with third parties only with your consent or when required by applicable law. When cooperating with companies that process data on our behalf, we choose only those that ensure the implementation of appropriate technical and organizational safeguards, ensuring compliance with GDPR requirements and protection of the rights of data subjects.

Each entity to which we entrust the processing of your data is subject to a thorough verification. We enter into data processing agreements with them, and their compliance with applicable regulations and the terms of the contract is subject to regular audits.

Your personal data may be shared with:

a) External data processors acting on our behalf, involved in the execution of our activities:

  • Entities and authorities authorized to process personal data under applicable law, such as banks for financial transactions,
  • Entities cooperating with us in marketing campaigns,
  • Couriers and postal operators,
  • Entities providing IT and hosting services, as well as those maintaining our teleinformatics systems or providing us with teleinformatics tools,
  • Entities offering us legal, tax, and accounting assistance,
  • Providers of training platforms in case of purchasing an online course,
  • Online payment providers in case of purchasing an online course.

b) Other data controllers processing data on their own behalf:

  • Entities cooperating with us in accounting, tax, and legal matters – to the extent that they become data controllers,
  • Entities collaborating with us in marketing and communications activities on social media, in accordance with the rules set by individual platforms.

9. Ensuring the Processing of Your Data

To ensure compliance with legal requirements, we have implemented procedures covering key aspects of data protection, such as:

  • Data protection by design and by default,
  • Risk analysis and assessment of data protection impacts,
  • Reporting data protection violations,
  • Maintaining a record of processing activities,
  • Data retention and deletion policies,
  • Enabling the rights of data subjects.

Our documentation undergoes periodic reviews and updates to ensure compliance with applicable laws and to adjust to changing data protection standards.

10. Data Retention Period

We store personal data only as long as necessary to fulfill the purposes for which it was collected. After this period, the data is anonymized (de-identified) or permanently deleted. Our data retention policies ensure that the storage period is kept to an absolute minimum.

The period for processing data is mainly determined by applicable legal requirements (e.g., regulations regarding the storage of personnel and accounting documentation) and by the legitimate interests of the Controller, such as conducting marketing activities. The retention policy applies to both paper and electronic data.

11. Authorization

We ensure that anyone with access to your personal data acts only on our instructions, unless otherwise stipulated by applicable EU or national laws. Access to data is restricted to authorized individuals, and their access is limited to the minimum necessary.

12. Use of Cookies by the Service

Cookies are data files, mainly text files, that are stored on the User's device and are intended for use on the Service's website. Cookies typically contain the name of the website, the time of storage on the device, and a unique identifier.

The entity placing cookies on the User's device and accessing them is the owner of the website.

The cookie mechanism is not used to gather any information about users of the service or track their navigation. The cookies used on the website do not store any personal data or other information collected from users, and they are used for statistical purposes.

By default, software for browsing websites (browser) allows cookies to be used on the User’s device. In most cases, the software can be configured to automatically block cookies. The configuration options for handling cookies are available in the browser settings. Please note that limiting cookies may impact certain features of the website.

Cookies are used for purposes such as adjusting the website's content to the User's preferences and optimizing the use of the website. Specifically, cookies allow the Service to recognize the User’s device and display the website accordingly to their individual needs; create statistics to understand how users navigate the site, enabling improvements in structure and content; and maintain the User's session (after logging in), so the User does not need to re-enter their login credentials on each page.

The Service uses two main types of cookies: "session cookies" and "persistent cookies." Session cookies are temporary and are stored on the User's device until they log out, leave the website, or close the browser. Persistent cookies are stored on the User's device for the period specified in the cookie settings or until deleted by the User.

The Service uses the following types of cookies:

  • Necessary cookies that enable the use of services available within the Service, such as authentication cookies used for services requiring login,
  • Security cookies used to detect abuses in authentication within the Service,
  • Performance cookies that collect information about how the Service's pages are used,
  • Functional cookies that allow for the "remembering" of selected User settings and personalizing the User interface, such as language, region, font size, and website appearance.
  • Links to other websites are placed on the Service’s pages. The owner of the Service advises reading the privacy policies of these other websites, as they are not responsible for them.

13. Protection of User Data on the Service 

The technical and organizational measures securing data are described in the Security Policy (data protection policy) of the website owner. Specifically, the following protections are implemented:

  • Data automatically collected by the server is secured through an authentication mechanism for accessing the service,
  • Data collected from users during registration is secured by SSL protocol and through the authentication mechanism,
  • Access to website administration is controlled by authentication mechanisms.

14. Transfer of Personal Data to Countries Outside the EEA

Personal data will be transferred to third countries or international organizations outside the EEA only when using Google tools and when using Facebook/Instagram/Messenger tools (personal data may be transferred to the United States, where the servers of these entities are located).

We are required to inform you that when transferring personal data to countries outside the European Economic Area, the transfer is conducted in accordance with the provisions of Commission Implementing Decision (EU) 2023/1795 of July 10, 2023, based on Regulation (EU) 2016/679, which provides an adequate level of protection for personal data under EU-US data protection provisions.

15. Privacy Policy Updates

We reserve the right to make changes to this Privacy Policy at any time to ensure its compliance with applicable laws. Updates may also be made when expanding our services or introducing new features. Any changes will take effect immediately upon publication on our website.

en_GB
en_GB pl_PL