Privacy policy


This Privacy Policy applies to the processing of your personal data, the administrator of which is the Administrator of your personal data is Incat Sp z o.o. with headquarters in Wrocław, ul. Braniborska 40, 53-680 Wrocław. It is listed in the Register of Entrepreneurs, kept by the District Court of Wrocław-Fabryczna in Wroclaw, VI Commercial Department of the National Court Register under the KRS number: 0000599310, NIP: 8992782575, REGON: 363642190, share capital in the amount of PLN 100,000.00 (hereinafter referred to as: “Company” or “Administrator”).

If you have any questions or comments, please contact us via:
• e-mail address:,
• mail correspondence addressed to: Incat Sp.z o.o., ul. Braniborska 40, 53-680 Wroclaw (with an annotation Personal Data Protection).

As part of this document, we would like to inform you in a transparent manner:
• why and how the Company collects, processes and stores your personal data,
• on what legal basis this personal data is processed,
• what are your rights and our obligations in relation to this processing.



The following capitalized phrases used in the Privacy Policy are given the following meaning:

Administrator, Company or INCAT – means Incat sp z o.o. with headquarters in Wrocław, ul. Braniborska 40, 53-680 Wrocław, KRS 000059931;
Personal Data – information about an identified or identifiable natural person;
Cookies – a small file saved on the user’s computer, which stores settings and other information used on the pages visited by him;
Privacy Policy – this document. It specifies the rules according to which Incat processes Personal Data.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on the protection of data) (Journal of Laws UE. L. of 2016, No. 119, p. 1), in force from May 25, 2018;
User – any person using the website


Types of personal data


Contact form:

Our portal allows you to send an inquiry to the Company via the contact form. If you choose this contact channel, the Company may collect the following Personal Data:

• first name and last name;
• e-mail adress;
• other information disclosed by you in the sent message, e.g., CV, if you express your willingness to participate in future recruitments conducted by the Company through the contact form. 

Providing the data specified above is voluntary, but necessary to answer the inquiry received. The data mentioned above will be processed by the Company in order to fulfill your instructions or to provide information.

In a situation where a response to a User inquiry requires telephone contact by the Company, the Company may require you to re-provide with the personal data provided in the contact form in order to confirm your identity.


Phone calls and e-mails:

We have also provided you with a telephone number and e-mail address on our website.

If you choose any of the above-mentioned contact channels, the Company will collect all information that you decide to provide to our employee or an entity cooperating with the Company during a conversation or in an e-mail.


Data collected automatically:

When using the Portal, the Company may automatically collect your data in the following scope:

IP and device data:

The Company may collect Users’ IP addresses. An IP address is a number assigned to the end device of a website visitor. In addition, the Administrator may collect information about the operating system and the type of your web browser and its version.

Activity data on the Portal

The Company may collect data based on your activity on the Portal, and in particular the date and duration of the visit and the sequence of activities on the website. In the case that you find the INCAT website using links on other websites, the Administrator will also collect data from which page you were redirected to the Portal and information about advertisements from which such a redirection occurred.


The website uses files called cookies. They are saved by the Administrator on the end device of the person visiting the website, if the web browser allows it. A cookie file usually contains the name of the domain it comes from, its “expiry time” and an individual, randomly selected number identifying this file. The information collected using this type of file enables the development of general statistics of visits to our website.

The company uses two types of cookies:

  • Session cookies: after the browser session ends or the end device is turned off, the saved information is deleted from the device’s memory. The mechanism of session cookies does not allow for the collection of any personal data or any confidential information from User’s end device.
  • Persistent cookies: they are stored in the memory of the User’s end device and remain there until they are deleted or expired. The mechanism of persistent cookies does not allow the collection of any Personal Data or any confidential information from User’s end devices.

The Company uses cookies for analysis and research as well as audience audit, in particular to create anonymous statistics that help to understand how Users use the website, which allows for the improvement of its structure.

The cookie mechanism is safe for the end devices to use when browsing the Portal. This way, it is not possible for viruses or other unwanted software or malware to affect the terminal equipment. Nevertheless, web browsers have the option of limiting or disabling the access Cookies have to the terminal device.

If these options are used, some of our services or certain parts of our Portal may become unavailable or may malfunction.

If you exercise this option, some of our Services or parts of our portal may become inaccessible to you or may not function properly.

Below are instructions on how to change the settings of the most commonly used web browsers regarding the use of cookies:

1. Internet Explorer: <link:>
2. Mozilla Firefox: <link:>
3. Chrome: <link:>
4. Safari: <link:>
5. Opera: <link:>


Legal grounds, purposes and periods of data processing


The company processes the User’s Personal Data:

1. on the basis of your express, voluntary and prior consent (Article 6 (1) (a) of the GDPR) – for the purpose of processing personal data for the purposes of future recruitment. Each consent granted may be withdrawn at any time. Please note that the withdrawal of consent is effective only in the future and does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
2. processing is necessary to pursue the legitimate interests of the Company (Article 6 (1) (f) of the GDPR) and does not excessively affect your interests or fundamental rights and freedoms. Please note that when processing personal data on this basis, we always strike a balance between our legitimate interest and your privacy. Such “legitimate interests” are:
• determining or pursuing civil law claims by the Company as part of its operations, as well as defense against such claims;
• answering an inquiry received through any contact channel;
• conducting marketing analysis using cookies collected from the Portal.



Personal data is processed only for a specific purpose and to the extent necessary to achieve it and for as long as it is necessary. The objectives pursued by the Company and entities related to the Company by processing personal data and the periods for which it processes them are listed below.

Purpose of processing -> Processing period:

Regardless of the above periods, your data may be processed by the Company for the purposes of determining or pursuing civil law claims by the Company as part of its business, as well as defense against such claims – for the relevant limitation periods for such claims, i.e. in principle not longer than 6 years from the event giving rise to the claim.

Purpose of processing 

Processing Period 

Answering an inquiry received or for contact purposes. 

The period necessary to complete this task and withdraw the consent given. 

Processing of Personal Data for the purposes of future recruitments. 

Until the withdrawal of consent, but no longer than for a period of 3 years. 

Conducting marketing analysis using Cookies collected from the Portal. 

Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the Portal or turning off the software (web browser). 

“Persistent” Cookies are stored in the User’s terminal device for the time specified in the parameters of the Cookie file or until they are deleted by the User. 

Regardless of the above periods, your data may be processed by the Company for the purposes of determining or pursuing civil law claims by the Company as part of its business, as well as defense against such claims – for the relevant limitation periods for such claims, i.e. in principle not longer than 6 years from the event giving rise to the claim.


All employees who gain access to Users’ personal data must comply with internal rules and processes related to the processing of personal data in order to protect it and ensure confidentiality. They are also required to follow all the technical requirements and organizational security measures in place to protect personal data.

We have implemented appropriate technical and organizational measures to protect personal data against unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, or access, and against any other illegal forms of processing. These security measures have been implemented by taking into account the technical possibilities, implementation costs, processing risks, and the nature of Personal Data.


Personal Data may be transferred to recipients and other third parties to the extent that they are necessary for them to perform the tasks ordered by the Company. The recipients or other third parties may be considered:

• entities related to the Company personally or by capital, subsidiaries of the Company and special purpose vehicles;
• entities processing personal data at the request of the Company, such as entities providing document archiving services, accounting services.
These types of entities do not independently decide how to process your personal data. They process personal data only to the extent that it is necessary for the conduct of business by the Company. The company has control over the operation of such entities by means of appropriate contractual provisions to protect your privacy.

• any national public administration authorities (e.g. the Police), authorities of other EU Member States (e.g. authorities established to protect personal data in other Member States) or courts, if required by applicable national or EU law or at their request;
• legal or tax advisers;
• providers of IT systems and hosting services;
• courier or postal service providers.



Personal data will not be transferred to countries outside the European Economic Area (“EEA”), which includes EU Member States, Iceland, Liechtenstein and Norway.



Each person has the right to access their personal data processed by the Company. If you believe that any information relating to you is incorrect or incomplete, please submit a request for rectification. The company will correct such information immediately.


In addition, you have the right to:

1. withdraw your consent if the Company has obtained such consent to the processing of personal data (provided that such withdrawal does not violate the lawfulness of data processing carried out before the withdrawal);
2. obtain a copy of your personal data;
3. request the deletion of your personal data in cases specified in the provisions of the GDPR;
4. request to limit the processing of your personal data in cases specified in the provisions of the GDPR;
5. to object – for reasons related to your particular situation – to the processing of your personal data, if such processing is carried out in order to implement the public interest or legitimate interests of the Company;
6. data transfer, i.e. receipt of personal data provided to the Company in a structured, commonly used and machine-readable format and to request that such personal data be transferred to another personal data controller without obstruction by the Company and subject to its own confidentiality obligations.
The company will verify your requests, demands or objections in accordance with the applicable provisions on the protection of personal data. However, it should be remembered that these rights are not absolute; the regulations provide for exceptions to their application.

In response to your request, the Company may ask you to verify your identity or provide information that will help the Company better understand the situation. The company will make every effort to explain its decision to you if your requests are not met.



To execute the above rights, please send an e-mail to or contact the Company by correspondence at ul. Braniborska 40, 53-680 Wrocław.

If you are not satisfied with the way in which the Company processes your personal data, please notify us of the problem, and we will investigate any irregularities. Please report your concerns using the contact details provided above.

If you have any objections to the Company’s reaction, it is also possible to file a complaint to the competent authority for the protection of personal data. In Poland, this authority is the President of the Personal Data Protection Office.

In order to keep your personal data up-to-date and accurate, we may ask you from time to time to check and confirm the personal data we hold about you, or to inform us of any changes to that personal data (such as a change of e-mail address). We encourage you to regularly check the correctness, up-to-date and completeness of the processed personal data.