This Privacy Policy explains how KATAMAI sp. z o.o., the operator of devryn.dev, processes personal data of Users of the Website. It is informational in nature and does not create obligations for Users.

§ 1 – Definitions

For the purposes of this Privacy Policy, the capitalised terms used herein have the following meanings:

1. Privacy Policy – this document, which sets out the rules concerning the processing of personal data by the Controller, including the legal grounds, purposes and scope of such processing, as well as the rights of data subjects.
2. Terms of Service – the regulations governing the provision of services by electronic means, which form an integral part of this Privacy Policy.
3. Website – the online service available at https://devryn.dev.
4. Service Provider or Controller – KATAMAI sp. z o.o., with its registered office in Kraków, Poland, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for Kraków–Śródmieście in Kraków, 11th Commercial Division, under KRS number 0000928199, NIP: 6751757072, share capital: PLN 15,000.
5. User – a natural person using the Services in accordance with the Terms of Service.
6. Data Subject – any natural person whose personal data is processed by the Controller.
7. Service – any service provided through the Website for the purpose of meeting the functional needs of the Users.
8. Personal Data – any information relating to an identified or identifiable natural person.
9. Identifiable Natural Person – a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
10. Cookies– data files stored on the User's end device. Cookies contain the name of the website from which they originate, a unique number and the time for which they are stored on the device. The Website uses two principal types: session cookies (stored until the User leaves the Website) and persistent cookies (stored until deleted by the User or until the period set in their configuration expires).
11. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
12. Account– the User's account, created by registration through the Website, constituting a set of resources and permissions in the Service Provider's IT system available to the User, together with the User's personal data.

§ 2 – General Provisions

1. This Privacy Policy is informational in nature, which means that it does not constitute a source of obligations for the Service Provider or the Users of the Website. The Privacy Policy sets out, in particular, the rules concerning the processing of personal data by the Controller, including the legal grounds, purposes and scope of such processing and the rights of data subjects, as well as information on the use of cookies and analytical tools within the Website.
2. The Controller of personal data is the Controller defined above.
3. The Controller may be contacted via e-mail at [email protected].
4. The Controller processes the personal data of the User, including, but not limited to: information as to whether the User conducts business activity, name and surname, business name, address, e-mail address, NIP, telephone number, data concerning contacts initiated by the User, operating data, and data derived from cookies collected in accordance with § 6 of this Privacy Policy, as well as any other data provided by the User when contacting the Controller.
5. In matters not regulated by this Privacy Policy, the Terms of Service shall apply mutatis mutandis. The Terms of Service are available at devryn.dev/terms.
6. Recipients of Personal Data may include service providers supplying the Controller with technical, IT and organisational solutions enabling the Controller to conduct its business activity, including the operation of the Website (in particular, providers of software used to operate the Website, e-mail and hosting providers, and providers of business management and technical support software for the Controller), as well as providers of accounting, legal and advisory services. Should Personal Data be transferred to any entity outside the European Union, the Controller ensures that the transfer shall take place to a country which, in the opinion of the European Commission, ensures an adequate level of protection, or that the entity to which the data is transferred shall provide appropriate safeguards, enforceable data subject rights and effective legal remedies, in particular by entering into an agreement containing standard contractual clauses for data protection.

§ 3 – Provision of Services

1. Personal data is processed for the purpose of providing the Services specified in the Terms of Service and for the purpose of concluding and performing the agreement for the provision of services by electronic means. Such processing is carried out on the basis of Article 6(1)(b) of the GDPR.
2. The data shall be retained until all obligations arising from the agreements concluded with the User have been performed. After the expiry of that period, the Controller may continue to retain the User's personal data for a period during which the User may raise any claims against the Controller in connection with the agreements concluded with the Controller, as well as for a period during which the competent state authorities may request access to such data within the scope of their supervisory activities. In such case, the data shall be processed on the basis of Article 6(1)(f) of the GDPR for the purpose of pursuing the legitimate interest of the Controller.
3. The provision of data is a condition for benefiting from the services specified in the Terms of Service or for concluding the agreement for the provision of services by electronic means described in the Terms of Service.
4. The recipients of the personal data of Users who are Developers may include Recruiters and the entities on whose behalf such Recruiters conduct recruitment processes.

§ 3a – Disclosure of Personal Data to Benefit Providers

1. Where the User uses any of the Benefits referred to in the Terms of Service, the Controller discloses the User's personal data to the providers of the respective Benefits. The providers of Benefits include, in particular:
   • in respect of medical services – an entity of the PZU group (in particular PZU Zdrowie sp. z o.o.);
   • in respect of sports card programmes – Benefit Systems S.A. (the MultiSport programme) or another provider of equivalent services;
   • in respect of financial consultations – financial advisors cooperating with the Controller;
   • in respect of leasing offers – leasing institutions cooperating with the Controller;
   • in respect of the holiday concierge service (following its launch) – the concierge service provider indicated by the Controller on the Website.
2. An up-to-date list of Benefit providers, together with their corporate identification data, is communicated to the User by electronic correspondence sent from [email protected] prior to the User's use of any given Benefit.
3. The scope of the personal data disclosed is limited to the data necessary to provide the relevant Benefit, and includes, in particular: name and surname, e-mail address, telephone number, and – in respect of medical services – also the PESEL number and date of birth; in respect of leasing offers – the data required by the leasing institution to assess the User's leasing capacity.
4. The legal basis for the disclosure of data is Article 6(1)(b) of the GDPR (performance of the agreement for the provision of the Benefit) and, where applicable, Article 6(1)(a) of the GDPR (the User's consent); in respect of special categories of data processed in connection with medical services – Article 9(2)(a) of the GDPR (explicit consent).
5. Within the scope of the services provided by them, the providers of Benefits are separate controllers of personal data. The detailed rules for the processing of personal data by such providers are set out in their respective privacy notices and privacy policies, available on their websites.
6. The provision of data for the purposes of using a Benefit is voluntary; however, failure to provide such data will make it impossible to use the relevant Benefit.
7. Personal data related to the User's use of Benefits is retained by the Controller for the term of the agreement for the provision of the Benefit and, following its termination, for the period necessary for the establishment, exercise or defence of legal claims, in accordance with § 3(2) of this Privacy Policy.

§ 4 – Contact with the Controller and Complaints

1. In the case of Users who have contacted the Controller in order to obtain specific information or by submitting a Complaint, the Controller shall be entitled to process their personal data for the purpose of taking action in connection with the request made through such contact.
2. The processing of data shall be carried out on the basis of the User's consent, expressed by contacting the Controller or by submitting a Complaint.
3. The provision of personal data shall be a condition for the Controller to respond to the question addressed to it and to consider the Complaint.
4. The personal data shall be retained until the response to the question raised by the User has been provided, or until the Complaint has been resolved. The second sentence of § 3(2) of this Privacy Policy shall apply accordingly to such retention.

§ 5 – Rights of the Data Subjects

1. Where the processing of Personal Data is based on consent, the User has the right to withdraw such consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
2. Furthermore, in every case the User has the right to:
   • access their personal data;
   • rectification of Personal Data – the Controller is obliged to correct any errors and inaccuracies and to complete Personal Data where they are incomplete;
   • restriction of the processing of Personal Data;
   • erasure of Personal Data (right to be forgotten);
   • data portability, where the processing is carried out by automated means and is based on consent or on a contract;
   • object – on grounds relating to the User's particular situation – to the processing of personal data concerning them based on Article 6(1)(f) of the GDPR (legitimate interest of the controller), including profiling. In such case, the Controller shall no longer process such personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or where the processing is necessary for the establishment, exercise or defence of legal claims;
   • lodge a complaint with a supervisory authority, which in the case of Polish Users is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).
3. Any requests concerning the exercise of the data subjects’ rights may be addressed by traditional mail to: ul. Stefana Rogozińskiego 6, Kraków, Poland, or by electronic mail to [email protected].

§ 6 – Website Cookies

1. By means of cookies, the Controller collects so-called operating data concerning the Users’ use of the Website, including, but not limited to:
   • identifiers of the User;
   • identifiers of the telecommunications network termination or the IT system used by the User;
   • information on the commencement, termination and scope of each use of the Website;
   • information regarding the User's use of the Website.
2. Such data is used in order to enable the proper functioning of the Website, to tailor its content to the User's preferences and to facilitate and improve the User's use of the Website.
3. The processing of such data is carried out on the basis of the legitimate interest of the Controller, consisting in enabling the operation of the Website and improving its quality.
4. Data from cookies is processed for the period determined by the User in the settings of the browser used by the User.
5. The provision of data is a condition for the use of the Website.
6. Furthermore, if, upon accessing the Website, the User – through the cookie notice displayed at the bottom of the page – consents to the processing of cookie data for other purposes, the Controller shall collect the User's data, as well as data concerning the manner of the User's use of the Website and the actions undertaken on the Website, for the purposes to which the User has consented, namely for profiling, analytical and statistical purposes.
7. In such case, the processing shall be carried out on the basis of the User's consent. The provision of data for such purposes is voluntary.
8. Where data is provided for such purposes, the User has the right to withdraw their consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal. Consent may be withdrawn by contacting the Controller by electronic means at [email protected].
9. Where the User consents to the use of cookies for profiling purposes, the decisions taken by the Controller on that basis shall not concern the conclusion or refusal to conclude an agreement for the provision of Services, nor the possibility of using the Services on the Website. The use of profiling may result in, for instance, improvements to the functioning of the application. Notwithstanding profiling, the data subject decides freely whether to use a given Service. Profiling consists in the automated analysis or prediction of the data subject's behaviour on the Website. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
10. The cookies used by the Controller's services (placed on the User's end device) may be made available to advertisers cooperating with the Controller.
11. The User may, at any time, change the settings of their browser in order to block cookies or to receive information about the placement of cookies on their device on each occasion. Other available options can be checked in the User's browser settings. It should be noted that most browsers accept the storage of cookies on the end device by default. Changes to the User's browser settings may restrict access to certain functionalities of the Website.
12. Information concerning browser settings is available in the browser's menu (help section) or on the browser manufacturer's website.
13. A registered User may, during the login process, select the "keep me logged in" option. Selecting this option results in the transmission to such Registered User's device of a cookie file whose purpose is to remember that person's login data. By activating this function, a person holding an account on the Website is not required to log in again on the device after closing the browser session. Restarting the browser will cause the account holder on the Website to be recognised as a logged-in user.
14. Where a person holding an account on the Website uses devices to which other persons have access, it is recommended not to select the "keep me logged in" option and to log out of the Website on each occasion.

§ 7 – Final Provisions

1. The Controller reserves the right to amend this Privacy Policy in the future. Such amendments may be made, in particular, for the following important reasons:
   • changes in the applicable laws, in particular concerning the protection of personal data, telecommunications law, the provision of services by electronic means and consumer protection, which affect the rights and obligations of the Controller or of the Website User;
   • development of the functionalities or electronic services in connection with the advancement of Internet technology, including the implementation of new technological or technical solutions, having an impact on the scope of the Privacy Policy.
2. The Controller shall, on each occasion, publish information regarding any amendments to the Privacy Policy on its website and shall notify registered Users thereof by sending the new text of the Privacy Policy to the e-mail address provided by them upon registration of the Account.