Privacy policy
I. Rules for administering your data
General information
This Privacy Policy sets out the rules for the processing of personal data by Utilitia Ltd. with its registered office in Kraków, ul. Świętokrzyska 14, 30‑015 Kraków (hereinafter the Administrator or Utilitia), in connection with:
- running the website utilitia.pl/,
- the provision of training services,
- the organisation of the annual Pełnosprawny Student conferences,
- the provision of accessibility validator services,
- carrying out the validation of market qualifications,
- handling contact and registration forms as well as accessibility declaration generators for websites and mobile applications,
- email and telephone communication,
- fulfilment of the Administrator's legal obligations.
The Administrator ensures that your data is processed in accordance with the provisions of the GDPR, national laws and the best security standards.
Data administrator
You can contact the Administrator of your personal data by correspondence:
- in writing to the address: Utilitia Ltd. ul. Świętokrzyska 14, 30‑015 Kraków,
- by email to the address: biuro@utilitia.pl.
Legal bases and purposes of data processing
The processing of your personal data is based on:
- Article 6(1)(a) GDPR — to the extent and for the purpose for which you have given separate consent,
- Article 6(1)(b) GDPR — for the purpose of performing a contract or actions leading to its conclusion, in particular the registration and management of user accounts,
- Article 6(1)(c) GDPR — for the purpose of fulfilling the legal obligations incumbent on the Administrator,
- Article 6(1)(f) GDPR — for the purpose of pursuing the legitimate interests of the Administrator, in particular ensuring security, the stability of service operation, change auditing, abuse detection, limit handling, backups and the potential establishment, pursuit or defence of claims,
- Article 9(2)(a) GDPR — to the extent and for the purpose for which you have given separate consent to the processing of special categories of data.
Scope of processed data
Depending on the type of cooperation and the method of contact, we may in particular process your:
- identification data,
- contact data,
- data concerning education and experience,
- billing data,
- data related to handling reports and providing services,
- technical data resulting from the use of the website, including electronic services, in particular relating to security, authentication, the user session and API keys,
- data related to the user account, permissions and configuration,
- data related to analyses, reports, schedules and the use of services provided by electronic means,
- data for electronic communication, including information on the delivery status of messages and technical notifications,
- data on special needs (solely with consent).
If the user provides access credentials to the analysed website (e.g. HTTP Basic Auth), this data is stored in encrypted form and used solely for the purpose of providing the service.
Data recipients
The recipients of your personal data may be:
- entities providing services to the Administrator that involve the processing of personal data (in particular IT, cloud, hosting, software and accounting service providers),
- providers of mechanisms protecting forms against abuse, if Cloudflare Turnstile is enabled in a given environment,
- entities authorised to receive personal data under the provisions of law,
- courier or postal companies, payment operators,
- data administrators on whose behalf Utilitia processes your data under data processing agreements.
In the event of entrusting the processing of your personal data to a subcontractor (third party) in accordance with Article 28 of the GDPR, such an entity will only be a subcontractor (third party) verified by us, guaranteeing the implementation of appropriate technical and organisational measures so that the processing of data meets the requirements of the GDPR and protects the rights of the data subjects.
Data retention period
We process your personal data for the period during which we or another processing entity hold one of the legal bases in accordance with the GDPR, and after that period:
- for the period required by applicable law,
- in the case of the Administrator's legitimate interests, for the duration of their pursuit, including ensuring the security of services and in accordance with the adopted data retention rules,
- until consent is withdrawn — in the case of data processed on its basis.
Rights of data subjects
You have the right to:
- access to data,
- rectification of data,
- erasure of data (the right to be forgotten),
- restriction of processing,
- objection to processing,
- data portability,
- withdrawal of consent,
- lodging a complaint with the President of the Personal Data Protection Office (UODO).
You may exercise your rights by contacting us by post to the address of the Administrator's registered office or by email at biuro@utilitia.pl.
Providing personal data is voluntary, but necessary to achieve the purposes indicated in point 3.
Transfer of data outside the EEA
Your personal data will not be transferred to a third country or an international organisation.
Automated decision-making
Your personal data will not be subject to automated decision-making.
Data Protection Officer
The Administrator has appointed a Data Protection Officer. The Officer can be contacted at: biuro@utilitia.pl.
Processing of a minor's data
The Administrator's services are not directed at persons under 16 years of age. The Administrator does not knowingly collect children's data, and in the event of accidentally obtaining it, takes action to delete it or to obtain the consent of a legal guardian – depending on the nature of the matter.
Data processing after establishing cooperation or employment
If you start working for us or participate in any other form of cooperation, we will continue to process your personal data to the extent necessary to carry out these processes, and after the end of our cooperation this data will be archived by us for the period provided for by generally applicable law.
Contact via social media and online platforms
You can contact us via social media or online platforms (e.g. Facebook, etc.). In such a case we process only the data that is visible to us in accordance with your profile settings, or that you voluntarily provide to us in a message. We use this data solely for the purpose of conducting correspondence and handling the matter you have approached us with. The data is not copied to our IT systems unless this is necessary to process your report or further cooperation.
Email contact and traditional correspondence
When contacting us by email or by post, you provide us with the personal data contained in the message. This data is used solely for the purpose of conducting correspondence and handling the matter you have approached us with. This data may be saved in our IT systems if this is necessary to handle your matter or further cooperation. If the information provided is not related to the scope of our activity or there is no need for its further processing, the data may be deleted or anonymised in accordance with the minimisation principle.
Data provided in recruitment processes
In recruitment processes and in other reports, we process only the data necessary to carry out these processes. The Administrator does not require or expect the provision of excessive data, such as information on family or financial situation or copies of identity documents. If such data is sent accidentally, it may be deleted or anonymised in accordance with the minimisation principle.
II. Cookie policy
- The utilitia.pl website uses only cookies and similar technologies that are necessary for its proper operation and for ensuring security (hereinafter collectively: “cookies”).
- Cookies are small text files saved on your device while using the website. They usually contain the domain name, the storage time and an identifier.
- The Administrator uses the following types of cookies:
- session cookies – deleted after the browser is closed, including those necessary for logging in and maintaining the user session,
- persistent cookies – saved for the period specified in the file parameters,
- first-party cookies – necessary for the operation of the website and the protection of forms,
- third-party cookies – used by providers of security tools (e.g. Cloudflare Turnstile) and tools used to remember the cookie banner settings (e.g. OneTrust).
- Cookies are used solely for the following purposes:
- ensuring the correct and secure operation of the website, including maintaining the user session,
- protecting forms against abuse and automatic spam (Cloudflare Turnstile, if enabled),
- remembering the user's choices regarding cookie settings (OneTrust),
- supporting security mechanisms such as CSRF tokens.
- The utilitia.pl website does not use functional, analytical, marketing or other cookies requiring additional user consent.
- You can manage cookies through your browser settings, including deleting them or blocking their operation. Information on how to manage cookies can be found in the browser documentation. Disabling necessary cookies may prevent the correct operation of logging in or forms.
- Cookies used by third parties are processed in accordance with the rules set out in the privacy policies of their providers, i.e.:
- Cloudflare Turnstile,
- OneTrust.
- The use of necessary cookies takes place on the basis of the legitimate interest of the Administrator consisting in ensuring the correct operation and security of the website, including the use of services.
III. Data collected automatically by the server
- While using the website, the server may process technical data, such as: IP address; the time of entering and browsing the site; information about errors during browsing of the website, including the use of services; information about the browser name; the URL from which the redirect to the website occurred.
- As a rule, this data is not associated with a specific person and serves solely to ensure the security and correct operation of the website together with its services, to diagnose problems and to detect abuse.
- This data is used only for the purposes of server administration, maintaining continuity of operation and protecting services.
IV. Final information
- The Administrator reserves the right to update the Privacy Policy. Changes will be published on the website.
- If you consider that we are processing your data unlawfully — you may lodge a complaint with the President of the Personal Data Protection Office (UODO).
- For matters concerning privacy you can contact us by email: biuro@utilitia.pl.