The controller of your personal data is: CODEVENOM Software Development & Consulting Contact email: office@codevenom.co

We collect only the data necessary for communication, service delivery, and compliance with legal obligations. Depending on how you interact with our website, we may collect: 1. Identification data (e.g., name and surname, company name) 2. Contact data (e.g., email address, phone number) 3. Message content submitted via contact forms or email 4. Technical data (e.g., IP address, browser type, device, operating system) 5. Website usage data (e.g., statistics, analytics) We do not intentionally collect special category (sensitive) personal data. However, if you voluntarily provide such data (e.g., in the content of a message or in recruitment documents), we will process it only to the extent necessary to achieve the purpose for which it was provided.

We may collect your data when you: 1. Fill in a contact form on our website 2. Contact us via email or other communication channels 3. Browse our website (e.g., via cookies and analytics tools)

We process personal data for the following purposes: 1. Responding to inquiries and business communication 2. Providing services, as well as developing and improving our services 3. Ensuring the security, stability, and proper functioning of the website 4. Fulfilling legal obligations (e.g., accounting and tax) We do not sell personal data and we do not use it for automated decision-making or profiling.

We process personal data on the basis of one or more of the following legal grounds: 1. Consent (Article 6(1)(a) GDPR) – e.g., when you contact us voluntarily or consent to specific actions 2. Steps taken prior to entering into or performing a contract (Article 6(1)(b) GDPR) – e.g., handling a request for a quote 3. Legal obligation (Article 6(1)(c) GDPR) – e.g., accounting and tax obligations 4. Legitimate interests pursued by the controller (Article 6(1)(f) GDPR) – e.g., business communication, security, establishing, pursuing, or defending claims

Your data may be processed by trusted service providers acting on our behalf, such as: 1. Hosting and infrastructure providers 2. Email and communication services 3. Analytics and security tools These providers process data under appropriate agreements (e.g., data processing agreements) and only to the extent necessary. We do not share personal data with third parties for their own marketing purposes.

If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, in particular Standard Contractual Clauses (SCC) or other GDPR-compliant transfer mechanisms.

We retain personal data only for as long as necessary to achieve the purposes described in this policy or as required by law. Once the purpose of processing no longer applies, the data is securely deleted or anonymized. For recruitment data, the retention rules described in the "Recruitment (GDPR)" section apply.

Under the GDPR, you have the right to: 1. Access your personal data 2. Rectify inaccurate personal data or complete incomplete data 3. Request deletion of your data (in certain cases) 4. Restrict processing 5. Object to processing (where the legal basis is legitimate interest) 6. Data portability (where applicable) 7. Withdraw consent at any time (where processing is based on consent) – without affecting the lawfulness of processing carried out before withdrawal To exercise your rights, contact us at: office@codevenom.co. You also have the right to lodge a complaint with the supervisory authority: the President of the Personal Data Protection Office in Poland (PUODO).

10.1. Controller The controller of personal data in the recruitment process is CODEVENOM. For recruitment matters and for exercising data subject rights, contact: recruitment@codevenom.co. 10.2. Purposes of processing We process data for the purposes of: 1. Conducting the current recruitment process 2. (Optional) Conducting future recruitment processes – only if you provide separate consent 3. Communicating with the candidate regarding recruitment and ensuring the security and integrity of the process 10.3. Scope of data We process data provided in the form and in application documents (e.g., CV, portfolio, links). The scope of data we may request during recruitment under labor law is set out, in particular, in Article 22¹ of the Polish Labour Code. If you provide data beyond the required scope, we will process it only where legally permitted (including, where required, on the basis of your consent). 10.4. Legal basis 1. Current recruitment: - steps taken prior to entering into a contract (Article 6(1)(b) GDPR) and/or - legal obligation (Article 6(1)(c) GDPR) to the extent arising from labor law 2. Future recruitment: - your consent (Article 6(1)(a) GDPR) – if you tick a separate checkbox 3. Legitimate interest (Article 6(1)(f) GDPR): - ensuring process security, maintaining correspondence, establishing, pursuing, or defending claims 10.5. Retention period 1. Current recruitment: we retain data until the recruitment process is concluded and then delete it, unless another legal basis applies for further retention. 2. Future recruitment (if you consent): we retain data for 24 months from the date consent is given or until consent is withdrawn – whichever occurs first. 3. After the above periods, data is securely deleted or anonymized, including deletion of files/attachments. 10.6. Withdrawal of consent Where processing is based on consent (e.g., future recruitment), you may withdraw it at any time by contacting us at: office@codevenom.co. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. 10.7. Data recipients Data may be processed by our tool and infrastructure providers (e.g., hosting, email), only under appropriate agreements and only to the extent necessary to conduct recruitment.

Our website may use cookies and similar technologies to ensure proper functioning and to analyze traffic. You can manage or disable cookies through your browser settings. Details may be provided in a separate Cookie Policy (if published).

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse. However, no method of transmission over the Internet is completely secure.

We may update this Privacy Policy from time to time. Any changes will be published on this page together with the update date.

If you have any questions about this Privacy Policy or how we process personal data, contact us at: office@codevenom.co.