Security & Compliance
Last updated: 2026-01-25
Pracownik360.pl takes data security and regulatory compliance very seriously. Because we store conversation records and commitments, we treat the system as trust-critical and apply appropriate safeguards.
1. GDPR Compliance
Pracownik360.pl is fully compliant with the General Data Protection Regulation (GDPR). All personal data is processed in accordance with GDPR requirements, and users have full access to their rights, including the right to access, rectify, delete, and port their data.
2. Data Encryption
All data transmitted between browsers and servers is encrypted using TLS 1.3 protocol. Data stored in databases is also encrypted. We use the latest cryptographic standards to ensure maximum security of information.
3. Infrastructure and Hosting
Our servers are located in data centers within the European Union, ensuring compliance with GDPR data location requirements. All data centers have security certifications (ISO 27001) and are regularly audited. We implement data redundancy and automatic backups.
4. Access Control
We implement multi-level access control. All users must use strong passwords, and access to sensitive data is restricted to authorized personnel only. The system logs all user activities for security monitoring and auditing purposes.
5. Backups and Data Recovery
We perform regular automatic backups of all data. Backups are stored in secure locations geographically separated from the main data center. We have tested data recovery procedures that allow for rapid system restoration in case of failure.
6. Security Audits
We regularly conduct security audits of our systems, including penetration testing and code reviews. Any identified vulnerabilities are immediately remediated. We work with external security experts to ensure the highest standards of data protection.
7. Incident Response
We have a developed security incident response plan. In case of a detected security breach, we immediately take corrective actions and notify relevant authorities and users in accordance with GDPR requirements (within 72 hours).
8. Certifications and Standards
Our security practices comply with international standards, including ISO 27001 (information security management). We regularly update our procedures in accordance with industry best practices and legal requirements.
9. Data Retention and Deletion
Data is retained only for the period necessary to fulfill the purposes for which it was collected, or as required by law. After contract termination or upon user request, data is securely deleted or anonymized in accordance with secure data deletion procedures.
10. User Responsibilities
Users are responsible for maintaining the security of their accounts, including using strong passwords and not sharing login credentials with third parties. We recommend regular password changes and using two-factor authentication when available.