Privacy Policy

Last Updated: [12.02.2024]

At OCAS IT Sp. z o.o., we value your privacy and are committed to protecting your personal data. This privacy policy ("Policy") explains how and why we collect, store, and use personal data. It also provides information about your rights with respect to your personal data.

This Policy applies to both personal data provided to us by individuals and organizations. We may use personal data provided to us for the purposes outlined in this Policy or as disclosed at the point of collection.

Please read this Policy in conjunction with the Terms of Use of OCAS IT Sp. z o.o. and, when applicable, with the Agreement between the Customer and OCAS IT Sp. z o.o.

What terms are used in this Privacy Policy?

In this Policy:

  1. - "Affiliate" means any company, corporation, or other entity that directly or indirectly controls, is controlled by, or is under common control with either OCAS IT Sp. z o.o. or the Customer.
  2. - "Agreement" refers to the General Terms and Conditions of OCAS IT Sp. z o.o., any order form or contract proposal accepted by the Customer, documentation relating to the Services, and applicable Special Terms and Conditions of OCAS IT Sp. z o.o.
  3. "OCAS IT Sp. z o.o." means OCAS IT Sp. z o.o., a legal entity registered in Europe, with the following details
    1. - NIP (Tax Identification Number): 8971915605
    2. - REGON (National Business Registry Number): 523920098
    3. - KRS (National Court Register): 0001008210
    4. - Address: Sw. Mikolaja street 30/31/1C, 50-043 Wroclaw, Poland
    5. - Email:
  4. - "Customer" means the legal or natural person subscribing to the Services.
  5. - "Data Protection Legislation" refers to EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation or GDPR) and Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, as well as any relevant national legislation and regulations implementing them.
  6. - "Services" encompass the products and services of OCAS IT Sp. z o.o. and its Affiliates to which the Customer has subscribed under the Agreement.
  7. - "User" refers to visitors of the Websites and/or users of the Services on behalf of the Customer.
  8. "You" and "Your" refer to Customers, individuals associated with Customers, Users, contacts, suppliers, and job applicants.
  9. "We," "Us," and "Our" refer to OCAS IT Sp. z o.o.
  10. "Websites" refer to all internet pages and applications provided and operated by OCAS IT Sp. z o.o.
  11. Terms such as "personal data," "processing," "data subject," "data controller," "data processor," and "supervisory authority" have meanings as set out in applicable Data Protection Legislation.

What personal data do we collect and process?

Depending on your relationship with us, OCAS IT Sp. z o.o. may act as a data controller or data processor for your personal data. Our contact details are provided above

Who is responsible for your personal data?

Depending on your relationship with us (e.g., customer, vendor, applicant), we may collect and process some of the following personal data from you:

  1. - Contact Data, including your name, address, telephone number, language, educational or professional background, tax status, employee number, job title and function, seniority, and other personal data relevant to our Services.
  2. - Financial and Payment Data, including bank account information and other data necessary for processing payments and fraud prevention.
  3. - Business Information, including information provided in the course of Agreements or voluntarily provided by you or your organization.
  4. - Communication Information, including the content of communications exchanged between you and us or between you and other Users.
  5. - Profile and Usage Data, including your preferences for receiving marketing information from us, your communication preferences, and information about how you use our Services and Websites.
  6. - Technical Data, including information collected during your visits to the Websites (e.g., IP address, login data, browser type, device type, time zone setting).
  7. - Geolocation Data, including information about your locations or estimated time of arrival collected during your use of the Services.
  8. - Physical Access Data, relating to details of your visits to our premises.
  9. - If you provide information about any person other than yourself (e.g., family members, employees, counterparties, suppliers), you must ensure that they understand how their information will be used and that they have given their permission for you to disclose it to us.

How do we collect your personal data?

We collect personal data in various ways:

  1. - When you use any of our Services.
  2. - When you seek advice from us.
  3. - When you offer to provide or provide services to us.
  4. - When you correspond with us by phone, email, or other electronic means, or in writing.
  5. - When you provide other information directly to us, including in conversations with our staff, external providers, or consultants.
  6. - When you browse, complete a form, make an enquiry, or interact on our Websites or other online platforms.
  7. - When you attend our events or sign up to receive information from us.
  8. - By making inquiries from your organization or other organizations with which you have dealings.
  9. - By making inquiries from third-party sources such as government agencies, credit reporting agencies, database and information service providers, or publicly available records.

How will we use your personal data and on what basis?

We will use your personal data for the following purposes and on the following legal bases:

  1. - Providing information about our Services.
  2. - Registering you as a new customer or supplier.
  3. - Managing and administering our relationship with you and your organization, including processing payments, accounting, auditing, billing, and collection.
  4. - Conducting identity verification, credit checks, fraud prevention, and anti-money laundering checks.
  5. - Providing customer support, including responding to your requests and complaints.
  6. - Notifying you about changes to our terms or privacy policy.
  7. - Conducting market research and analysis.
  8. - Administering and protecting our business and our websites.
  9. - Delivering content and advertisements to you and measuring the effectiveness of that content and those advertisements.
  10. - Improving the content and navigation of our websites.
  11. - Sending you personalized marketing communications.

The processing is necessary for compliance with a legal obligation to which we are subject, including:

  1. - Complying with applicable laws, regulations, court orders, government and regulatory requests, and industry standards.
  2. - Performing audits, complying with export controls, and filing reports to regulatory authorities.
  3. - Managing and auditing our business operations, complying with internal policies and procedures, and managing risk and legal claims.
  4. - Coordinating with law enforcement agencies and other governmental bodies, as permitted by applicable laws.

The processing is necessary for the legitimate interests pursued by us or by a third party, including:

  1. - Protecting our business interests and legal rights, including but not limited to use in connection with legal claims, compliance, regulatory, and investigative purposes (including disclosure of such information in connection with legal process or litigation).
  2. - Administering and managing our relationships with Affiliates, including transferring personal data between Affiliates.
  3. - Administering, operating, and improving our Services.
  4. - Managing and securing our communications, networks, and other systems.
  5. - Detecting, preventing, or investigating security breaches, fraud, and other prohibited or illegal activities.
  6. - Complying with requests from your organization (e.g., to provide information to your employer or business partner about your use of the Services).
  7. - Keeping our records accurate and up to date.

The processing is necessary for the establishment, exercise, or defense of legal claims, including:

  1. - Exercising our rights and enforcing our legal obligations and rights arising from contracts or other agreements.
  2. - Pursuing or defending against legal claims in court or in other dispute resolution proceedings.

The processing is based on your consent, including:

  1. - Sending you marketing communications when we do not have an existing business relationship with you or when required by applicable law.
  2. - Using cookies or similar tracking technologies on our websites as described in our Cookies Policy.

Who may have access to your personal data?

Your personal data may be shared with the following categories of recipients:

  1. - Our Affiliates, including entities in which we hold a majority share, are controlled by us, or are under common control with us.
  2. - Service Providers, including third parties that provide services on our behalf, such as payment processing, IT and system administration, hosting, research and analytics, marketing, customer support, and data enrichment.
  3. - Professional Advisers, including lawyers, auditors, insurers, and other professional advisers.
  4. - Regulators and Authorities, including tax authorities, courts, and governmental bodies to comply with our legal and regulatory obligations.
  5. - Business Partners, including third parties with whom we partner to offer joint marketing and promotional activities.
  6. - Acquirers and Merger Parties, in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
  7. - Compliance with Legal Obligations: We may also disclose your personal data to third parties when required by law or in order to comply with legal obligations, including responding to requests from law enforcement authorities and court orders.

How do we protect your personal data?

We take the security of your personal data seriously and implement appropriate technical and organizational measures to safeguard it. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a legitimate need to know. We have procedures in place to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long will we retain your personal data?

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

How can you manage your personal data?

You have certain rights with respect to your personal data, subject to local Data Protection Legislation. These rights may include:

  1. - Access: You have the right to request a copy of the personal data we hold about you.
  2. - Correction: You have the right to request correction of any incomplete or inaccurate personal data we hold about you.
  3. - Erasure: You have the right to request the deletion or removal of your personal data when there is no compelling reason for us to continue processing it.
  4. - Restriction: You have the right to ask us to suspend the processing of your personal data in certain circumstances.
  5. - Object: You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground.
  6. - Data Portability: You have the right to request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
  7. -Withdraw Consent: If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time.

Information about data subject rights.

According to the GDPR, the data subject has the following rights:

  1. - Right to access (Article 15);
  2. - Right to rectification (Article 16);
  3. - Right to erasure (Article 17);
  4. - Right to restriction of processing (Article 18);
  5. - Right to object to processing (Article 21);
  6. - Right to data portability (Article 20).

Information about the right to object.

If processing is based on lit. (a) of Article 6(1) GDPR (consent) or Article 9(2) related to special categories of personal data, i.e., based on the data subject's consent, we inform you that you have the right to withdraw your consent at any time. However, the withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

These rights can also be exercised with our organization:

Information about the appeals procedure.

The user has the right to lodge a complaint with the supervisory authority, which in the Republic of Poland is the President of the Office for Personal Data Protection, if the user believes that the processing of their data violates the provisions of the GDPR.

Automated decision-making and profiling.

OCAS IT does not undertake any measures regarding automated decision-making (e.g., creditworthiness analysis) or profiling (e.g., information about the preferences or behavior of the data subject) within the meaning of Article 22 of the GDPR.

How can you contact us?

If you have any questions about this Policy or would like to exercise any of your rights, please contact us using the following contact details:

  1. - OCAS IT Sp. z o.o.
  2. - Website: []
  3. - Address: Sw. Mikolaja street 30/31/1C, 50-043 Wroclaw, Poland
  4. - Email:

Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. We will notify you of any material changes by posting the updated Policy on our Websites and updating the "Last Updated" date at the beginning of this Policy. We encourage you to check this page regularly to stay informed about how we collect, process, and protect your personal data

Effective Date: [14.12.2022]