Privacy Policy

Isolution sp. o.o. dated 15.02.2021

The administrator of the data processed for the purposes stated herein (points 2 and 3 below) is “Isolution sp. z o.o. located in Warsaw, at Eustachego Tyszkiewicza 21, postal code 01-157 Warsaw, entered into the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw, XII Commercial Division of the National Court Register under the KRS number 0000619669, NIP: 5321754449”. (hereinafter referred to as the “Administrator”).

The Administrator can be contacted quickly and effectively at the Administrator’s headquarters, i.e. the address indicated above, as well as by phone or e-mail using the data indicated at the address:

When contacted, the Administrator may request additional information to verify the identity of the person making contact. 

General information

1.1. What is personal data?

Personal data is classified as any information about an identified or identifiable natural person (“data subject”). It will therefore include data such as, for example, name, address, date of birth, telephone number or email address (the list is not exhaustive).

Personal data are processed in accordance with GDPR i.e. REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation / hereinafter “GDPR”). 

1.2 What rights do you have with regards to the processing of your personal data?

You have the right to:

  • access your data, including obtaining a copy of your data; 
  • data portability; 
  • rectify and erase this data;
  • restriction of processing of data; 
  • where decisions (based on data) are made by wholly automated means, you have the right to request a human intervention on the part of the controller, as well as the right to express your point of view and to contest that decision; in this case, the controller shall provide relevant information about the modalities of the decision as well as about the significance and the envisaged consequences of such processing for the data subject; 
  • not be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects or significantly affects the data subject in a similar manner, unless the conditions indicated in GDPR are met;
  • make a complaint to the supervisory authority (the President of the Office for Personal Data Protection) – Stawki 2, Warsaw 00-193.


Right to object

Whenever your personal data will be processed on the basis of Article 6(1)(f) or (e) of the GDPR (see below under point 2), i.e. in the case of so-called legitimate interest or action in the public interest, you can object at any time. You can make an objection using the account details indicated at the beginning of the Privacy Policy. 

(See more on your rights: We also encourage you to read the flyer on your rights available at

1.3. How can you notify us of your desire to exercise your rights?

You can exercise your rights personally in the Administrator’s office, by mail or e-mail (see above for Administrator’s contact details). 

In response to your request, you may be asked to provide data necessary to identify your personal data (e.g. for tracing purposes) or to verify your identity (confirmation that you are the person you claim to be). In this case, personal data will be processed only to the extent necessary to document the correct performance of duties related to the reported request (e.g. correct documentation of withdrawal of consent), for the purpose of defence against claims (Article 6(1)(f) GDPR, the so-called legitimate interest of the Data Controller) and for the performance of obligations under GDPR (e.g. ensuring accountability Article 6(1)(c) GDPR). For these purposes, data will be processed for a maximum period of the statute of limitations for potential related claims.

In accordance with the GDPR, information shall be provided in writing or by other means, including, where appropriate, electronically. If the data subject requests so, the information may be provided orally as long as the identity of the data subject is confirmed by other means.

1.4. What does it mean to process data based on consent? 

If processing of personal data based on consent were to occur (e.g., use of an image for promotional purposes – see more Part 2), remember that: 

  • consent is always voluntary; 
  • consent may be revoked at any time in person at the Administrator’s headquarters, by mail or e-mail (see contact details above); 
  • withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal; 
  • after the withdrawal of consent, the data will no longer be used, they will be deleted or anonymized, which, however, does not exclude the processing of data to the extent necessary to prove that the declaration of withdrawal of consent was recorded and executed, which is a legitimate interest of the data controller related to the defense against claims and demonstrating compliance with the provisions on the protection of personal data (Article 6 (f) GDPR, the so-called legitimate interest of the data controller) – for the maximum period of the statute of limitations of these claims.

1.5. Who has access to personal data? 

Only authorized employees/co-workers acting within the Administrator’s instructions will have access to your personal data. The data may also be disclosed to service providers, e.g. IT service providers supporting the realization of the Administrator’s goals listed below (after having concluded relevant entrustment agreements). The data may also be disclosed to recipients who are separate administrators, e.g. to public administration bodies at their request. 

For electronic communication (Microsoft tools), data is physically stored within the EU but through remote access in specific cases data can be transferred outside the EU:

Microsoft as stated in:

– personal data processing statement

 – a link to the legal conditions for data processing by Microsoft (data entrustment agreement and standard data transfer clauses that legalize the transfer):

Microsoft indicates:

  • We use strong encryption: we encrypt client data using a high standard of encryption both in transit and at rest. Encryption is critical to the design of EROD recommendations. We do not provide any government with our encryption keys or any other way to break our encryption. We defend customer rights: we do not provide any government with direct, unrestricted access to customer data. If the government requests customer data from us, it must follow the applicable legal process.
  • We will only comply with requests if we are expressly compelled to do so. Our first step is always to attempt to redirect or inform customers of such requests, and we routinely refuse or contest them if we believe they are unlawful.
  • We are transparent: we have published information about government requests for customer data for many years. As a result, we disclose more detailed information about these national security warrants twice a year across all of our businesses (consumer, enterprise, and public sector), in addition to our usual report when requested by law enforcement. We have a proven track record of legal success. We have more experience than any other company going to court to determine the limits of government surveillance orders, and we even took one case to the U.S. Supreme Court. 

For details on the purposes of data disclosure, see below where describing specific purposes of the processing (Part 2 and Part 3).

1.6. Is the provision of data voluntary? 

The provision of data is in principle voluntary. Whenever the provision of data will be:

  • voluntary but necessary for specific purposes (e.g. e-mail contact via an online form); or
  • mandatory (e.g. will result from legal regulations)

you will be informed about this separately and explicitly (e.g. on the form through which personal data will be collected). 

1.7. Where does the Administrator obtain the data from? 

As a rule, the Administrator obtains data directly from you. 

We obtain data from other sources for the purpose of tax verification of the contractor / client from publicly available sources (e.g. KRS / CEIDG / taxpayer registers published by public administration bodies), at the stage of signing and realization of the contract in the scope which results from these public sources. If we obtain data from another source you will be informed about it separately and explicitly. 

1.8. What categories of data do we process?

The Administrator processes only ordinary data, including contact details as indicated in point 1.7. 

We do not process special categories of data, i.e. information that could reveal: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person or data concerning health, sexuality or sexual orientation of that person.

1.9. Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy which may be affected by developments in Internet technologies or possible changes in the law relating to the protection of personal data. We will provide notice of any changes in a visible and understandable manner through our website.

1.10. External links

Links to other websites may appear in www. Such websites operate independently of the Administrator and are not supervised by the Administrator in any way. These websites may have their own privacy policies and regulations, with which we recommend that you become familiar.

If you have any doubts about any of the provisions of this Privacy Policy, we are at your disposal – our details can be found in the contact section.

The specific purposes, basis and duration of data processing


Where data processing deadlines are indicated below, they shall be regarded as maximum deadlines. If the purpose of data processing concludes earlier, the controller is obliged to and will delete the data earlier. In particular, the data will be deleted or anonymized.

2.1. Specific purposes

Contact via phone/email


  • to answer the question asked and to continue further correspondence (the basis of Article 6(1)(f) GDPR, i.e. the legitimate interest of the administrator); 
  • signing and realization of a contract – if the correspondence will concern this (the basis of Article 6(1)(b) GDPR); 
  • defense or enforcement of claims (basis: Article 6 (1) (f) GDPR). 

Providing the data is voluntary but necessary to achieve the above mentioned goals. 

The data will be processed until the statute of limitations for claims related to the conducted correspondence, unless an effective objection within the meaning of Article 21 GDPR is raised beforehand. 

2.2. Purposes of using personal data on fanpages (company accounts on social media): 

Data protection principles for social media accounts (administration of facebook fanpage and other social media sites)

Purposes of personal data usage: 

  • managing social media accounts; 
  • technical administration of accounts (creation, publishing);
  • interactions (public or private messages) with Facebook (or other portal) subscribers and other users;
  • usage statistics.

Basis for processing:

(in terms of obtaining information about other users) – Article 6(1)(f) GDOR i.e. legitimate interest of the data controller. 

Categories of obtained data:

Data visible by default on Facebook (or another portal, as appropriate): 

In particular:

Full Name or Alias;

Profile photo or avatar;

Message presentation;


Messages exchanged;

Data made public by the user as part of general Facebook settings;

Platform usage data for the purpose of creating anonymous statistics.

Source of data

Facebook (or other social network) users

Facebook (or other social networking site)

The administrator does not configure and has no data about you from cookies stored by Facebook (or any other social network). The statistical data resulting from these cookies are only made available to the administrator in aggregated (anonymous) form and not individualized. Therefore, only the services (including Facebook) can technically respond to your requests regarding the cookies used.

Voluntariness of providing data

The provision of data is voluntary. The user makes his/her own decisions in this regard. In order to use personalized information, social features or online response services, the user must be a member of the social network.


Access to data exchanged between users is governed by the rules of the particular social network. 

Transfers of data outside the EU

Publications will be accessible due to their presence on Facebook outside the European Union. Data necessary for the compilation of statistics may be processed outside the European Union in accordance with the data management policies implemented by Facebook (or other social network). 

Data processing duration

Data is kept for the duration of the existence of the social network account in question, except for the exercise of the right of deletion or objection by the interested party.

Collection of data (including personal data) through cookies or similar technologies including processing of personal data 

3.1. General information

Cookies are small text files that are placed on your computer by websites you visit. They are commonly used to make websites work better or more efficiently, and to provide information to website owners. The table below explains the cookies we use and why. 

We use the following categories of cookies: session cookies and permanent cookies. 

  • session cookies – remain on the user’s device until leaving the website or switching off the software (web browser);
  • permanent cookies remain on the device for the time specified in the file parameters or until they are manually deleted by the user.

3.2. What purpose does the Administrator use cookies for?

Considering the purpose of using the files, the Administrator uses two categories of cookies: “necessary” and “optional” for the following purposes:

  1. “Necessary” cookies – for the purpose and to the extent necessary for the website to display correctly. This is to provide basic functions such as security, network management and accessibility. You can disable them by changing your browser settings, but this may affect the functioning of the website.

Session cookies may be used on our websites for this purpose. 

  1. “Optional” cookies: 
  2. a) Analytical -> to research the preferences of people using our site and use the results of this research to improve the quality of the website; 

permanent and session cookies may be used. 

The use of this category of cookies is based on your consent. 

Indicated data is not combined with information such as name, email address and other data which makes it possible to easily identify the visitor to the website.

Analytical (Third Party) Cookies: 

Cookies labelling Filenamepurpose
Google Analytics / Provider: Google inc._ga
These cookies are used to collect information about how visitors use our website. We use this information to create reports and to help us improve the website. The cookies collect information in a way that does not directly identify anyone, including the number of visitors to the site and the blog from which visitors visited the site and the pages visited.Read Google’s information on privacy and data protection
Data entrustment occurs. The entrustment agreement is available at: part of the service provided, data may be transferred outside the EEA and Switzerland, primarily to the United States. For this purpose, Google ensures the security of these data flows by:- participation in the Privacy Shield program:

You can withdraw your consent at any time and stop the installation and acquisition of data via cookies. Withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.

3.3. Controlling and deleting cookies

Most browsers offer the ability to accept or decline all cookies. You can also easily change your cookie settings via your browser settings. Please note that if you block all cookies from the Website, you may experience operational difficulties or be unable to use certain features of our website at all.

Managing and deleting cookies varies depending on the browser you use. You can find out exactly how to do this by using your browser’s Help function or by visiting, which explains step-by-step how to control and delete cookies in most browsers.

You can see information about each browser on these pages:

To opt out of Google Analytics across all sites, visit:

3.4. Operational data

Even if no cookies are installed, the website administrator may gain access to the following data characterizing the use of the website (hereinafter: other operational data): 

  1. the ID number assigned to the visitor’s device, 
  2. identificators of termination of the telecommunications network, 
  3. ICT system (type of device, operating system, web browser) used by the Internet user, 
  4. information about the beginning, end and scope of each use of the site. 

To ensure the highest quality of our service, we occasionally analyze log files to determine: which pages are visited most often, which Web browsers are used, whether the structure of the site contains errors, etc.

Usage data is not combined with information such as name, email address and other data that can easily identify a website visitor.

3.5. Personal data protection

Information obtained through the cookie mechanism and usage data may constitute personal data within the meaning of GDPR in certain exceptional situations. If the information indicated above is qualified as personal data, the Administrator is the controller of the personal data. Even in case of doubts whether a certain category of information is personal data the Administrator introduces mechanisms protecting this information as personal data. 

The processing of the above categories of data to the extent that it is necessary for the correct display of the website (“essential” cookies) is based on the so-called legitimate interest of the website administrator (Article 6(1)(f) of the GDPR in conjunction with Article 173(3)(2) of the Telecommunications Law.

For this purpose the following may occur:

  • occasional analysis of log files to determine: which browsers are used by site visitors; which tabs, pages or subpages are most or least frequently visited or viewed; whether the structure of the site contains errors;
  • preventing unauthorized access to the website and the distribution of malicious code, interrupting denial-of-service attacks, and preventing damage to computer and electronic communications systems.

In the above cases, you have the right to object (when the processing is based on Article 6(1)(f) GDPR).

On the other hand, if you agree to the installation of “optional” cookies (analytical cookies provided by Google Analytics), the information collected in this way will be used to research the preferences of people using our website and the results of this research will be used to improve the quality of the website displayed. In this case, the basis for data processing is Article 173(2) of the Telecommunications Law (Journal of Laws of 2004, No. 171, item 1800) in connection with Article 6(1)(a) GDPR. As indicated in Article 174 of the Telecommunications Law, the provisions on personal data protection shall apply to obtain the consent of the subscriber or end user.

You can withdraw your consent at any time and delete cookies from your device. Withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal. You should also delete the files from your browser. 

Recipients of the data: IT entities providing services to the Administrator. 

3.6. Deletion of data collected through cookies and operational data

Your personal data will be deleted or anonymized at most after the expiration of the limitation period for potential claims related to the use of the website (no later than 6 months from the date of recording), or earlier if you make an effective objection. The provision of data is voluntary, but necessary for the aforementioned purposes.