The purpose of this privacy policy (hereinafter the Policy) is to set out the terms and conditions for the processing of personal data from individuals (hereinafter User or you) who are users of our website, as well as the personal data of others (including our business partners and persons representing them, job applicants and persons who contact us on other matters) provided by post, email, telephone, in person at the Administrator’s premises or by any other means.

The Policy also contains information on the rights of individuals in relation to the processing of their personal data.

Personal data Administrator

The Administrator of your personal data is SHOPAI Sp. z o.o. (SHOPAI), ul. Walentego Roździeńskiego 2A, 41-946 Piekary Śląskie, entered in the Register of Entrepreneurs kept by the X WYDZIAŁ GOSPODARCZY KRAJOWEGO REJESTRU SĄDOWEGO under KRS number 0000650423, NIP 4980266127, REGON 366001208 (Administrator or us). You can contact us by sending an e-mail to: [email protected]

We process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; OJ EU.L.2016.119.1; hereinafter RODO).

1. Purposes and legal basis for processing personal data, data retention period

If you are party to a contract with us or intend to enter into a contract with us, the data that we process about you constitutes contact data and other data necessary for the conclusion and performance of the contract. This data has been obtained directly from you. We may also obtain or verify your data by means of publicly available registers (e.g. CEIDG, KRS).

We process your data for the following purposes and on the following legal grounds:

1. to establish cooperation and to conclude and perform the contract between us (Article 6(1)(b) RODO),
2. to keep the Administrator’s accounting records concerning the cooperation, in accordance with the Administrator’s legal obligation (Article 6(1)(c) RODO), resulting in particular from the Tax Ordinance Act of 29 August 1997, the Accounting Act of 29 September 1994 and the Value Added Tax Act of 11 March 2004,
3. the fulfillment of the Administrator’s legitimate interest (Article 6(1)(f) RODO), consisting of:
   1. carrying out activities which make up the improvement and coordination of the Administrator’s work, including keeping internal records (e.g. correspondence records),
   2. establishing, investigating and defending against claims.

The provision of data is a prerequisite for the conclusion of the contract and failure to do so will result in the impossibility of concluding and performing the contract.

Personal data shall be stored for the period necessary for the performance and settlement of the existing cooperation or the establishment of future cooperation, as well as until the expiry of the periods resulting from the relevant legal provisions (i.e. the expiry of the statute of limitations for tax obligations relating to accounting records), which may be extended by the statute of limitations for civil law claims, if applicable.

2. Representatives, contact persons, employees and agents of our customers or business partner

We process your contact data and data related to your function or relationship with the entity on whose behalf you are acting (as standard, this includes your name, position, place of work, business email address and business telephone number, possibly also information indicating your authority to represent the entity). We have obtained this data directly from you or received it from the entity on whose behalf you are acting. We may also obtain or verify your data by means of publicly available registers (e.g. KRS).

We process your data for the following purposes and on the following legal bases:

1. the fulfillment of the Administrator’s legitimate interest (Article 6(1)(f) RODO), consisting of:
   1. providing information and contacts necessary for the conduct of business, including the establishment and execution of cooperation with the entity on whose behalf you are acting, as well as the handling and execution of activities undertaken by you,
   2. carrying out activities which make up the improvement and coordination of the Administrator’s work, including keeping internal records (e.g. correspondence recording),
   3. establishing, asserting and defending against claims.
2. to comply with our legal obligations (Article 6(1)(c) of the DPA), including the obligation to keep accounting records relating to cooperation with the entity on whose behalf you are acting, in accordance with the Tax Ordinance Act of 29 August 1997, the Accounting Act of 29 September 1994 and the Value Added Tax Act of 11 March 2004.

The provision of data is voluntary, but failure to do so will result in the impossibility of carrying out cooperation with the entity on whose behalf you are acting.

Personal data shall be stored for the period necessary for the performance and settlement of the existing cooperation or the establishment of future cooperation, as well as until the expiry of the periods resulting from the relevant legal provisions (i.e. the expiry of the statute of limitations for tax obligations relating to accounting records), which may be extended by the statute of limitations for civil law claims, if applicable. 

3. Participation in recruitment

Personal data is processed for the purpose of conducting the recruitment process for the offered position and selecting a suitable person for employment in the position specified in the job offer, including the assessment of the candidate’s qualifications, abilities and skills for the job.

Depending on whether the recruitment process leads to the conclusion of a contract covered by the employment relationship and thus the provisions of the Labour Code, or whether it leads to the conclusion of a civil law contract or a contract for the provision of services, the legal basis for the processing of personal data is different:

• In the case of recruitment for positions for which contracts covered by the employment relationship and thus the provisions of the Labour Code are envisaged, the legal basis for the processing of personal data is:
  • In the case of the provision of personal data in a broader scope than specified in the employment legislation, the legal basis for their processing for the aforementioned purpose is consent (Article 6(1)(a) RODO). This applies to the results of the competency tests as well as any data contained in the curriculum vitae (CV), cover letter or provided during interviews. We do not request you to hand over the above data, however, we consider the provision of such data as equivalent to your consent to its processing.

• We would like to point out that the provision of the personal data indicated in point I. a) above by the candidate is mandatory under the applicable labour legislation. Failure to do so will result in your inability to participate in the recruitment process being conducted. The provision by the candidate of the personal data indicated in point I. b) above is voluntary. We declare that failure to provide such data cannot be the basis for unfavourable treatment of an applicant for employment, nor can it cause any negative consequences towards him/her, in particular it cannot constitute a reason justifying the refusal of employment.

2. In the case of recruitment for positions for which civil law or service contracts are envisaged, the legal basis for the processing of personal data is consent (Article 6(1)(a) RODO). This applies to any data contained in a curriculum vitae (CV), cover letter or provided during interviews.

We would like to point out that the provision of personal data by the applicant for the purpose of concluding the aforementioned contracts is voluntary, as such voluntariness is presupposed by the granting of consent. However, we would like to point out that your consent for us to process your personal data such as your first name(s) and surname, date of birth and contact details as well as – for certain positions – information about your education, professional qualifications and previous employment history, is necessary for your application to be taken into consideration as part of the recruitment process.

Personal data will be processed until the end of the recruitment process. 

4. Use of our social networks

Because we want to keep in touch with you, we have social media accounts where you can visit us and interact with us (e.g. leave a comment, like or share a post). In this case, processing of your personal data takes place. Detailed rules for the processing of your personal data can be found in the Social Media Policy published on our social media account www.linkedin.com/company/yosh-ai/.

5. Exercising your rights under the RODO

We process the data provided by you in order to process your request, as well as the data held by us which is necessary to process your request.

We process your data for the following purposes and on the following legal bases:

1. to process a request for personal data, in accordance with the Administrator’s legal obligation (Article 6(1)(c) RODO) under the provisions of the RODO, including carrying out verification of your identity,
2. the fulfilment of the legitimate interest of the Controller (Article 6(1)(f) RODO) to establish, assert and defend against claims, as well as to handle possible administrative proceedings related to the exercise of data subjects’ rights.

The provision of data is necessary to process your application and failure to do so will result in your application not being processed.

The data shall be stored until the expiry of the statute of limitations for data subjects’ claims arising from the exercise of their rights under Articles 12-22 of the RODO (i.e. the statute of limitations for claims for infringement of personal rights), as well as for the period necessary to handle any administrative proceedings related to the exercise of data subjects’ rights.

6. Contacting the Administrator on other matters

If you just want to contact us, the data we process about you are the contact data and the data resulting from your message. We obtained this data directly from you. 

Your personal data is processed in order to pursue our legitimate interest in providing service to your message and possibly answering questions arising from it.

The legal basis for the processing of your personal data is our legitimate interest (Article 6(1)(f) RODO) as described above. 

The provision of personal data is voluntary, but is necessary for us to deal with your message. Refusal to provide personal data will result in us not being able to handle your message and therefore deleting it.

The data is stored for the time necessary to handle the message sent to us.

Your rights under RODO

You have the right to:

• request access to your personal data, rectification, erasure or restriction of processing, as well as the right to data portability,
• where the processing of your personal data is based on our legitimate interest – the right to object at any time to the processing of your personal data on grounds relating to your particular situation,
• where the basis for the processing of your personal data is our legitimate interest in direct marketing – the right to object at any time to the processing of your personal data for the purposes of carrying out marketing activities.

Where you have consented to the processing of your personal data or to receive information from us (e.g. commercial information), you also have the right to withdraw your consent without affecting the lawfulness of the processing or dispatch of information carried out on the basis of your consent prior to its withdrawal. If we intend to process your data on the basis of consent, we will inform you in advance and take steps to ensure that you have the opportunity to give your consent; consent is always voluntary and there are no negative consequences for not giving your consent.

You also have the right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw.

Recipients of personal data

Data may be passed on to recipients, in particular:

• providers of services to us to the extent necessary to fulfil the purposes described above, e.g. accounting services, IT service and support companies, legal and tax consultancy, banking, financial and insurance services, postal and telecommunications operators, marketing services, safety and security, translators, linguists, compliance verification (audits), whereby these entities will only have access to the data in order to perform their duties and to the extent necessary to do so,
• other controllers, when and to the extent necessary to fulfil the purposes described above, including affiliated companies,
• law enforcement and state authorities, when this is required by applicable law, including tax authorities in connection with the performance of tasks relating to tax obligations.

Personal data may be transferred by us to affiliated entities established outside the European Economic Area (EEA), primarily by entering into partnerships with processors of personal data in countries for which a relevant decision of the European Commission stating an adequate level of protection has been issued.

Use of personal data for automated decision-making, including profiling

Your personal data will not be used for automated decision-making, including profiling

Cookies and similar technologies

The website uses cookies which are text files that are stored on your terminal device (e.g. phone, tablet, computer) and are intended for the use of our website. Cookies do not cause configuration changes to your device or the software installed on your device. 

Cookies do not allow us to access your device with which you use the website or information about you, except for information about how you use our website and the data you choose to share with us (including personal information you provide to us automatically due to your browser settings).

We use cookies based on our legitimate interest (Article 6(1)(f) of the RODO), which is the proper and secure functioning of the Website (including ensuring the security of your accounts and the information stored in them, maintaining your session after logging in, authentication on the Website, making payments), as well as providing analysis and statistics on the use of the Website.

We use the following cookies:

1. System cookies – this group of cookies is essential for the proper functioning of the Website and to ensure security in the use of the Website. By law, the use of these cookies does not require your consent.
2. Analytical cookies – this group of cookies helps us to understand how different users use the Website so that we can improve its structure and content.

Please see below for details of the cookies we use, including their lifespan:

Cookie file	Category	Description of use	Lifespan
_ga	Analytics		1y
_gid	Analytics		1y
_gat_gtag_UA_164629258_16	Analytics		1y
_ga_8DVMSNGB82	Analytics		1y
VISITOR_INFO1_LIVE	Functional		6mo
YSC	Functional		Session

Analytical tools used – Google Analytics

We use Google Analytics, i.e. a web statistics and web analytics tool providing insight into website traffic, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as Google). We use this tool to compile statistics for the purpose of adapting the content of our website to our users’ preferences and optimising it on an ongoing basis.

You can prevent the installation of cookies by using the appropriate setting on your browser. You can also prevent Google from collecting data collected by cookies and about your use of the website by installing the Google Analytics embedding blocker add-on available here. You can find more information about Google Analytics here.

Due to the use of Google Analytics, personal data acquired in connection with the use of the website may be transferred outside the European Economic Area. The transfer of personal data in this case is based on the standard contractual clauses concluded by the Administrator with the tool provider. We encourage you to read the personal data processing agreement, including the content of the standard contractual clauses that form part of it.

Information on how Google uses the data collected when you use its partners’ sites and applications is available here.

Managing cookie settings

Our website will usually display a message before cookies are stored on your device. You can manage your cookie settings through your browser (which will allow you to disable the acceptance of all or some cookies). Your browser may ask you to confirm that you have changed your settings. Please note, however, that blocking all cookies may result in you not being able to access certain parts of our website. 

In the links below, you will find information from the most popular web browsers on how to manage cookies yourself while browsing the website:

• Chrome
• Microsoft Edge 
• Firefox
• Opera
• Safari

You can verify the status of your current privacy settings for the web browser you are using at any time, e.g. using the following links:  http://www.aboutads.info/choices, http://www.youronlinechoices.eu/.

Security

We secure your personal data against unlawful access to unauthorized persons, interception of data by unauthorized persons, destruction, loss, damage or alteration, and processing of personal data in a manner incompatible with the provisions of the RODO.

In order to secure the data, we apply technical and organizational measures that meet the requirements of the RODO, in particular the measures listed in Article 24 and Article 32 of the RODO, ensuring the confidentiality, integrity and availability of the processing services for the personal data provided.

Our affiliates, our trusted partners and third-party service providers have committed to processing data in accordance with the security and privacy requirements we have adopted.

Policy changes

We review the Policy regularly and reserve the right to make changes. If that the content of the Policy needs to be updated, please let us know. 

Date of last update of the Policy: 11.08.2022 r.