Privacy Policy
Last updated: 2026-06-26
This notice describes how :app processes personal data in the course of providing the SaaS platform.
1. Data Controller
The operator of Pracownik360.pl acts as the data controller. Contact details for privacy matters are available in the customer portal.
2. Categories of Data
We process: account data (name, email); data entered while using the app (reviews, surveys, development plans, notes, organizational roles); technical data (logs, device identifiers, IP address); and data from marketing and demo-access forms (email, optional company name, marketing-consent status, and IP address).
3. Purposes and Legal Bases
Data is used to: deliver the SaaS platform, support, billing and legal obligations (basis: contract performance and legitimate interest); provide demo access and follow up about the product (legitimate interest); and — only with your consent — send materials and marketing communications, including the newsletter (basis: consent, GDPR art. 6(1)(a)). You may withdraw marketing consent at any time (unsubscribe link or by contacting us), without affecting the lawfulness of processing before withdrawal.
4. Sharing and Sub-processors
Information may be entrusted to vetted sub-processors (hosting and email within the EU/EEA) operating under a data processing agreement with appropriate safeguards. Some AI features rely on language-model providers that may process data outside the EEA (e.g. in the USA) — see "AI Processing". Product analytics for signed-in users may use PostHog (EU cloud, eu.posthog.com): user ID, role, company metadata and feature-usage events — not evaluation answers or survey text. Retention: up to 1 year on the free tier.
5. AI Processing
AI features (template generation, report narratives, "HR Copilot", comment analysis) use third-party model providers — including OpenAI, Anthropic and Google — as sub-processors. We minimise data: names are NOT sent to the models (they are stripped before the request), and only anonymised metrics and content are analysed. Providers operate under data processing agreements / Standard Contractual Clauses (SCC) and do not use the transmitted data to train their models. You may object to AI processing — contact your organisation administrator or us.
6. Security and Retention
We use encrypted transport, access controls, and backups. Data is retained for the duration of the contract and as required by law, after which it is deleted or anonymised unless legal obligations dictate otherwise.
7. Data Subject Rights
Individuals can request access, rectification, erasure, restriction, portability, or object to processing. Requests are handled without undue delay in line with GDPR.