EN | PL | DE | SE

Privacy and Cookies Policy
DataRiseLab Sp. z o.o.

Document History
Version Date Author Description
1.0 21.03.2025 Lidia Lesiak
Anna Hałubiec
Łukasz Wrona		 First version of the policy.

Dear Sir or Madam,

We would like to inform you that in practice we apply Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE (hereinafter: GDPR). As a Company committed to maintaining high standards in the protection of the personal data of our Clients and Contractors, we provide below important information regarding the processing of your personal data, of which we are the Administrator.

In this Privacy Policy, we explain what personal data we may collect, how we use it, how long we store it, to whom we share or transfer it when using our website or our services. The document also contains information on cookies and similar technologies.

I. GENERAL INFORMATION ON PERSONAL DATA PROCESSING

1. DATA CONTROLLER

The controller of personal data obtained in the course of cooperation or provided by you while navigating our website (https://datariselab.de/) is DataRiseLab sp. z o.o., ul. Kawalerzystów 28/2, 53-004 Wrocław, NIP: 8992918419, REGON: 521328007, KRS: 0000955086, (hereinafter also referred to as the Company).

2. CONTACT REGARDING DATA PROCESSING

In all matters relating to the processing of your personal data by the Company, please contact us by sending an e-mail to the following address: contact@datariselab.com.

3. SOURCES OF DATA OBTAINING

Data, of which the Company is the Administrator, was obtained directly from you, in connection with the established cooperation, via the contact form available on the website https://datariselab.de/contact/, as well as provided during a telephone conversation or e-mail correspondence in the process of offering / negotiating contracts for the provision of services offered by the Company. Providing data is voluntary, but necessary for the conclusion of the contract and implementation of cooperation between the Administrator and the Supplier / Recipient of the service.

4. SCOPE OF DATA PROCESSED BY THE ADMINISTRATOR

Depending on the purpose for which they were obtained, your personal data may be processed to the following extent:

    • Customers / Business Partners: in particular identification data, contact details, company name, NIP, REGON, bank account number, identification data of your employees / representatives, settlement history, data concerning the concluded contract and history of services provided.
    • Candidates for work at DataRiseLab: identification data (name, surname) and contact data, information on education, professional qualifications and previous employment history, as well as other data indicated by the candidate, provided voluntarily in the recruitment process.
    • Potential Clients / Contractors or persons contacting the Company via the contact form, e-mail, telephone or during personal contact: data in the form of name, surname, e-mail address, telephone number, content of the message, possibly job title, company data, if the person is a representative / employee of a business entity.
    • People visiting our website: information about your online behavior, in particular the services that are viewed on our Website, the links you click, the way you navigate and scroll through our Website, information about the device you use to browse the Website, such as the IP address and its location, device identification, technical parameters of the device, such as the operating system and its version, the browser you are using and its version, as well as data collected through cookies and similar technologies enabling device identification.

5. PURPOSES OF PERSONAL DATA PROCESSING

Your personal data will be processed for the purpose of

    • performance of the contract,
    • taking steps to conclude a contract,
    • presenting the offer of services provided by DataRiseLab Company,
    • identifying the sender and handling their inquiry sent by e-mail, via the contact form available at https://datariselab.de/contact/ or a message sent using the linkedIn channel or other social media (Instagram https://www.instagram.com/datariselab?igsh=MTZ4bHk3eHhqdHU4cg== , Facebook https://www.facebook.com/profile.php?id=100089604437844&mibextid=wwXIfr).
    • conducting recruitment, including, but not limited to, assessing job candidates. This type of processing is for the purpose of taking appropriate steps prior to entering into a contract or is based on your consent;
    • conducting correspondence,
    • marketing of products and services offered by the Administrator,
    • accounting services (e.g. issuing invoices for services performed may involve the processing of personal data, etc.),
    • determining, pursuing possible claims, compensation and defending against such claims,
    • handling complaints,
    • conducting statistical analyses,
    • storing for archival (evidence) purposes, in order to secure information in the event of a legal need to prove facts,
    • other activities for which your voluntary consent will be obtained, including those relating to cookies on our website.

6. LEGAL BASIS FOR PERSONAL DATA PROCESSING

Your personal data, depending on the purpose for which they were obtained, will be processed on the basis of Article 6 paragraph 1 letters a), b), c) and f) of the General Data Protection Regulation of 27 April 2016 (GDPR):

    • Article 6, paragraph 1, letter a) of the GDPR, i.e. activities for which your voluntary consent has been obtained, e.g. for the purpose of sending commercial information electronically to the e-mail address provided by the User, including information on current services and new products in the DataRiseLab offer, acceptance of cookies on the website: https://datariselab.pl/, https://www.datariselab.com/ , https://datariselab.de/ , https://www.datariselab.se/ .
    • Article 6, paragraph 1, letter b) of the GDPR, i.e. processing is necessary for the preparation and implementation of the cooperation agreement with DataRiseLab, as well as to take action at the request of the data subject – in particular to respond to questions sent by electronic means of communication (such as SMS, telephone call, contact form) or traditional correspondence – in connection with the expressed interest in cooperation.
    • Article 6, section 1, letter c) of the GDPR – i.e. processing is necessary to fulfil the legal obligations incumbent on the Company, such as conducting financial settlements, including tax settlements.
    • Article 6, section 1, letter f) of the GDPR – i.e. processing is necessary for the purposes of the legitimate interests of the Company, such as:
          • marketing of DataRiseLab’s own services – in the case of clients with whom we have a concluded contract or other business relationship,
          • conducting correspondence,
          • handling complaints,
          • any need to determine, pursue possible civil law claims, compensation and defend against such claims, to conduct statistical analyses,
          • storage for archival (evidence) purposes, in order to secure information in the event of a legal need to prove facts,
          • analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in conducting analyses of your activities in order to improve the functionalities used and for the purpose of determining the optimal directions of development of the Company.

7. RIGHTS OF PERSONS TO WHOM THE DATA CONCERN

As the Personal Data Administrator, DataRiseLab sp. z o.o. ensures the right to:

    • request from the Administrator access to the content of your personal data, its rectification, deletion or limitation of the processing of personal data;
    • raise an objection to the processing;
    • data transfer;
    • lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the provisions of the GDPR;
    • if the processing is based on your consent, the Administrator ensures the right to withdraw consent to the processing of personal data for a specific purpose. Withdrawal of consent does not affect the lawfulness of processing that took place before the withdrawal of consent.

8. PERIODS OF PERSONAL DATA PROCESSING

    • Personal data processed on the basis of a contract will be processed for the period necessary to perform the contract, and after its termination for the period required by law.
    • Personal data collected in the current recruitment process will be stored until its completion, for a maximum period of 6 months. During this time, we will process this data for the purpose of the first recruitment, in the event of the need to re-select a candidate for the same position that was the subject of the previous recruitment, to employ an additional candidate for the same position or in the event of a situation related to claims related to recruitment.
    • In the event that the candidate consents to the use of personal data for future recruitment purposes, the data will be stored for a period of 2 years, starting from the year following the year of submitting the application documents to the Company. After that time, the data will be deleted.
    • Personal data may also be processed after the purpose for which they were obtained has been achieved if there is a legal basis for further processing, for example:
        • processing is necessary to fulfil a legal obligation incumbent on the Controller – e.g. processing data for purposes related to bookkeeping, which is based on accounting regulations – 5 years;
        • processing is necessary for the purposes of legitimate interests pursued by the Administrator – e.g. for the purpose of establishing, pursuing or defending claims arising from business activities – 3 years.
    • Personal data processed on the basis of consent will be processed until it is withdrawn.

9. TRANSFER OF PERSONAL DATA

  • Personal data may be transferred mainly to external entities providing and supporting our Company’s IT systems, providers of legal, advisory or accounting services, etc. These entities will process your data only on our behalf, on the basis of the necessary agreements and with the provision by these entities of appropriate measures to protect data.
  • The recipients of your personal data may only be institutions authorized by law (e.g. police, prosecutor’s office, court, etc.)
  • The Controller transfers personal data outside the EEA only when necessary and with an adequate level of protection, in particular through:
      • cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued;
      • application of standard contractual clauses issued by the European Commission;
  • The Company informs that as part of cooperation with entities providing IT and hosting services and ensuring maintenance of programs used by the Company, your personal data may be transferred to the following entities:
      • cloud, IT and technical service providers, e.g. Microsoft, Google;
      • providers of research, analytical and statistical tools, as well as operators of marketing tools, such as Google as part of the Google Analytics service, LinkedIn, the provider of the Sales Navigator service, which help us analyse, optimise the Website or personalise content and offers for you;
      • hosting company cyber_Folks S.A. ul. Franklina Roosevelta 22, 60-829 Poznań, responsible for the maintenance and service of the website datariselab.de

10. RULES FOR TRANSFERRING DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

In the case of data transfer outside the European Economic Area (EEA), the basis for the transfer are data processing agreements containing standard contractual clauses (SCCs) approved by the European Commission, in accordance with Article 46, 47 or Article 49 paragraph 1 of the GDPR.

On this basis, data is appropriately secured and processed in the EU before being transferred outside the EEA. Each of our suppliers ensures that data is transferred with an appropriate level of protection and enables the exercise of the rights of data subjects, in accordance with Articles 15-22 of the GDPR. Details on the implementation of these rights can be found in the regulations or privacy policies of our suppliers.

On July 10, 2023, the European Commission adopted a decision establishing an adequate level of protection for personal data in the United States under the EU-US Data Privacy Framework. This allows for the legal transfer of data from the EU to organizations in the United States that have self-certified and are included on the list maintained by the US Department of Commerce. In such a case, the legal basis for transferring personal data to an entity with an active DPF certificate is Article 45 of the GDPR. In the absence of a certificate, the legal basis for transferring data will be Article 46 of the GDPR or Article 49 of the GDPR.

The current status of the US-based service provider can be checked on the website https://www.dataprivacyframework.gov/s/participant-search/ 

The Data Privacy Framework (DPF) program introduces a number of safeguards that limit access by US intelligence services to personal data, as well as other mechanisms that ensure a level of protection comparable to that in force in the EU. As part of the program, an independent appeal body was established in the US – the Data Protection Review Court, to which European Union citizens can submit complaints regarding the processing of their personal data.

We inform you that as of the date of approval of this Policy, entities supporting us with headquarters or transfer links in the US (transnational data flow within the Group), providing us with IT tools (e.g. Microsoft, Google), have an active DPF certificate and are therefore considered safe for data.

II INFORMATION ABOUT THE WWW.DATARISELAB.DE WEBSITE AND OTHER DOMAINS (.com, .pl, .se)

This part of the Policy applies to the website operating at the url address: https://datariselab.de/ (or .com, .pl, .se) depending on the domain.

The operator of the service is DataRiseLab Sp. z o.o., which is the Administrator of your personal data in relation to the data provided voluntarily on the Service. The Service uses personal data to present the offer or information regarding DataRiseLab.

The provider of hosting services (technical maintenance) for the Company’s website is Cyber_Folks S.A. with its registered office in Poznań, which processes the personal data of the Users of our website as a processor, based on a data processing agreement, in accordance with Art. 28 of the GDPR.

The Service performs the functions of obtaining information about users and their behavior by saving cookies (so-called “cookies”) in the end devices used by users of the website www.DataRiseLab.de.

You can use our service without revealing your identity or providing personal data. However, when you decide to provide your data via the forms available on the Company’s website, you cease to be anonymous users for us.

1. USE OF COOKIES AND SIMILAR TECHNOLOGIES

As part of the www.DataRiseLab.de website, we use cookies that are used to collect information such as IP address, browser type, device type and how the Site is used. Cookies allow us to customize the content of the Site to the needs of users and improve the efficiency and functionality of the Site.

Cookies are small text files saved on the user’s device that allow us to recognize the user and customize the site to their needs. Users can change the cookie settings in their web browser at any time.

Cookies can be divided into the following categories:

    • Essential cookies: These cookies are installed to allow access to the website and its basic functions. They do not require your consent, as they are necessary to provide the services available on the website. Without them, it is not possible to use the full functionality of the website.
    • Optional cookies: These are only used with your consent and include:
    • Functional: They allow us to remember your preferences or choices, such as your username, language, text size and other elements that can be customized to provide personalized content.
    • Analytical and performance: They are used to collect anonymous data about how Users use the website. They allow us to understand which parts of the website are working well and which ones need improvement, so that we can improve the performance of the website and better adapt it to your needs. By using these cookies, website owners can track which pages are visited most often, how quickly the page loads and how to improve the overall user experience of the website to make your experience as good as possible.
    • Advertising: Used to present advertisements tailored to your interests and preferences. This information, combined with data about your activities on other websites, is used to create a profile of your interests.

The following cookie technologies may be used on our website:

Google Analytics – a tool provided by Google Inc. based in the USA, using performance cookies. It helps website owners understand how users use them. It ensures the creation of statistics and their analysis in order to optimize our websites. The data collected does not allow the identification of the user, so your data is anonymous to us. More information about the tool is available at the link: https://policies.google.com/technologies/partner-sites. In addition, using the following link: https://tools.google.com/dlpage/gaoptout you can disable activities measured by Google Analytics.

Social tools – our website uses plugins, buttons and other social media tools, hereinafter collectively referred to as “plugins”, provided by social media services such as LinkedIn (provided by LinkedIn Ireland Unlimited Company), Facebook, Instagram (provided by Meta Platforms, Inc. based in the USA). When you display our website containing a plugin from a social media service, your browser sends information about your visit to the administrator of that social media service. The plugins collect certain information about you, such as your user ID, the website you are visiting, the date and time, and other information about your web browser. Detailed information about the processing of information collected by plugins by social media services can be found in the privacy policies of the respective service providers:

It is possible to disable cookies yourself or configure the option of notification of received cookies in your browser – then you will not receive cookies from our site or the files will be collected to the extent you prefer. Below are instructions for the most popular browsers:, e.g.

You can also use our website in a mode that blocks the ability to collect data about your visit, the so-called incognito mode. Using our website without changing browser settings, i.e. with default acceptance of cookies and the technologies used, means that you agree to their use in the manner specified in this Policy.

    LIST OF COOKIES USED BY DATARISELAB

    • For the service https://datariselab.pl/

    Type of cookies Domain Description Type Duration
    HSID .google.pl This cookie is designed to protect your account from unauthorized access, ensuring safe use of Google services. It stores encrypted account information and login time and is used for authentication and protection against “session hijacking” attacks. In combination with the “SID” file, it provides an additional layer of security, effectively preventing attempts to intercept data sent in forms and unauthorized interference with the user’s account. Necessary 8 months, 6 days
    __Secure-1PSID .google.pl Protects the user’s login session and supports secure access to Google services. Supports user authentication and protection against fraud and abuse (e.g. session hijacking attacks). Necessary 8 months, 6 days
    SID .google.pl Used to store user session and authentication data. Helps secure your account on Google services. Necessary 8 months, 6 days
    _D_* .datariselab.pl Google Analytics sets this cookie to store and count page views. Analytical / Performance 1 year, 1 month, 4 days
    _ga .datariselab.pl The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and tracks site usage for the site analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. Analytical 1 year, 1 month, 4 days
    APISID .google.pl The APISID cookie stores user preferences and session data, which allows content and advertising to be tailored to your interests. Also used to secure Google services. Advertising 8 months, 6 days
    SAPISID .google.pl Used to secure your session and to personalize the content and ads you see based on your activities across Google services.

    Advertising

     

    		 8 months, 6 days
    SSID .google.pl It enables personalization of Google content based on encrypted user data, saving user preferences (including language and interface layout). At the same time, it supports session security by preventing unauthorized access. Functional 1 year, 21 days
    __Secure-1PAPISID .google.pl Used by Google to profile user interests and to display personalized ads on Google services. Protects user data. Advertising 8 months, 6 days
    __Secure-3PAPISID .google.pl It enables personalization of advertisements on websites using Google services, based on user interests. Advertising 8 months, 6 days
    __Secure-3PSID .google.pl Used for targeting ads on the Google Network. Creates a profile of visitors’ interests in order to display more relevant, user-friendly ads. Advertising 8 months, 6 days
    Type of cookies Domain Description Type Duration
    _D_* .datariselab.com Google Analytics sets this cookie to store and count page views. Analytical/ Performance 1 year, 1 month, 4 days
    _ga .datariselab.com The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and tracks site usage for the site analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. Analytical 1 year, 1 month, 4 days
    APISID .google.com The APISID cookie is used by Google to store information about the user and their preferences on sites that use Google services. This allows for personalization of advertising and increases the security of the user session. Advertising 1 year, 21 days
    APISID .google.pl The APISID cookie stores user preferences and session data, which allows content and advertising to be tailored to your interests. Also used to secure Google services. Advertising 8 months, 6 days
    HSID .google.com The HSID cookie contains encrypted Google user identification data used to protect against unauthorized access and to secure your login session. Necessary 1 year, 21 days
    HSID .google.pl This cookie protects your account from unauthorised access attempts, keeping you safe while using Google services. Necessary 8 months, 6 days
    NID .google.com The NID cookie contains a unique user identifier that is used to store user preferences and personalize content and ads on Google Search. Additionally, the cookie collects site usage statistics, tracks conversion rates, and saves user preferences such as language preferences and customized search results. Advertising 6 months
    SAPISID .google.com The SAPISID cookie enables Google to collect user information for security and content personalization purposes. Ensures consistent experiences across Google services. Advertising 1 year, 21 days
    SAPISID .google.pl Used to secure your session and to personalize the content and ads you see based on your activities across Google services. Advertising 8 months, 6 days
    SID .google.com The SID cookie enables user authentication and protection against CSRF attacks. It contains data necessary to maintain a secure login session. This allows Google to protect the account against various types of attacks, including attempts to intercept form data entered into Google services. Necessary 1 year, 21 days
    SID .google.pl Used to store user session and authentication data. Helps secure your account on Google services. Necessary 8 months, 6 days
    SIDCC .google.com Additional cookie related to SID; used to secure sessions, prevent fraud and unauthorized access to accounts. Necessary 1 year
    SSID .google.com It enables personalization of Google content based on encrypted user data, saving user preferences (including language and interface layout). At the same time, it supports session security by preventing unauthorized access. Functional 1 year, 21 days
    SSID .google.pl Allows personalization of Google content based on encrypted user data. Supports session security. Functional 8 months, 6 days
    __Secure-1PAPISID .google.pl Used by Google to profile user interests and to display personalized ads on Google services. Protects user data. Advertising 8 months, 6 days
    __Secure-1PAPISID .google.com It allows you to create tailored ads based on user activity in the Google ecosystem. It supports session security. Advertising 1 year, 21 days
    __Secure-1PSID .google.com Provides strong user authentication across Google services and protects against session hijacking attempts. Necessary 1 year, 21 days
    __Secure-1PSID .google.pl Protects user login sessions and supports secure access to Google services. Necessary 8 months, 6 days
    __Secure-1PSIDCC .google.com It is used to provide additional security for the user account, especially in the context of Google advertising services. It supports security and session integrity (extended version of the SIDCC cookie); it maintains encrypted login information and protects against man-in-the-middle attacks or session hijacking. Necessary 1 year
    __Secure-3PAPISID .google.com Used for targeting purposes to create a profile of your interests and show you personalized Google ads. Creates a profile of your interests that allows you to show you tailored ads outside of Google. Advertising 1 year, 21 days
    __Secure-3PAPISID .google.pl It enables personalization of advertisements on websites using Google services, based on user interests. Advertising 8 months, 6 days
    __Secure-3PSID .google.com Secures login information and enables the presentation of personalized ads to Google users. Advertising 1 year, 21 days
    __Secure-3PSID .google.pl It is used to secure the user’s account and to tailor advertising content to their preferences. Advertising 8 months, 6 days
    __Secure-3PSIDCC .google.com Associated with __Secure-3PSID; used to strengthen security and at the same time to personalize ads. It allows, among other things, to prevent unauthorized use of data when displaying personalized content. An additional security mechanism used when displaying ads on Google services. Advertising 1 year
    __Secure-ENID .google.com This cookie is set by Google and is used to store user preferences and information such as language preferences and personalised search results. Used to protect the user against spam and abuse and to provide more relevant search results and advertising. Necessary / Functional 8 months, 2 days
    __Secure-ENID .google.com The ENID cookie helps keep user data safe and allows Google to present personalized results and advertising. Necessary / Functional 1 year, 1 month, 0 days
    Type of cookies Domain Description Type Duration
    _D_* .datariselab.de Google Analytics sets this cookie to store and count page views. Analytical 1 year, 1 month, 4 days
    _ga .datariselab.de The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and tracks site usage for the site analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. Analytical 1 year, 1 month, 4 days
    APISID .google.com Used by Google to store user preferences and information about user interactions with Google services. Helps personalize content and ads, and ensures data protection. Advertising 1 year, 21 days
    HSID .google.com Contains encrypted Google user identification data, used to prevent unauthorized use of login information and protect your account. Necessary 1 year, 21 days
    NID .google.com This cookie contains a unique user ID that Google uses to remember preferences and other information, such as preferred language or the number of search results per page. Advertising 6 months
    SAPISID .google.com Used to protect user data and personalize ads. Collects information about how the user uses Google services. Advertising 1 year, 21 days
    SID .google.com Contains encrypted credentials and protects against CSRF attacks. It is used to ensure the security of user sessions. Necessary 1 year, 21 days
    SIDCC .google.com Provides additional security for user data by serving as protection against attacks on session data. Necessary 1 year
    SSID .google.com Contains data identifying the Google user in an encrypted manner, supports content personalization in Google services. Functional 1 year, 21 days
    __Secure-1PAPISID .google.com Used for advertising purposes across Google services, helping to create personalized ads based on user interactions. Advertising 1 year, 21 days
    __Secure-1PSID .google.com Protects session data and supports user authentication in a secured manner. Necessary 1 year, 21 days
    __Secure-1PSIDCC .google.com Provides additional security for user sessions on Google services. Necessary 1 year
    __Secure-3PAPISID .google.com Helps create a profile of your interests in order to display more relevant ads on Google sites. Advertising 1 year, 21 days
    __Secure-3PSID .google.com Used to secure your account and personalize advertising based on user data. Advertising 1 year, 21 days
    __Secure-3PSIDCC .google.com Strengthens user session protection when using Google ads. Advertising 1 year
    __Secure-ENID .google.com Used to protect against abuse and spam and to support ad and content personalization features in Google Search. Functional 8 months, 2 days
    __Secure-ENID .google.com Used to protect against abuse and spam and to support ad and content personalization features in Google Search. Functional 1 year, 1 month
    Type of cookies Domain Description Type Duration
    _D_* .datariselab.se Google Analytics sets this cookie to store and count page views. Analytical 1 year, 1 month, 4 days
    _ga .datariselab.se The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and tracks site usage for the site analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. Analytical 1 year, 1 month, 4 days

    Status as of: 21.03.2025 r.

    III. FINAL INFORMATION

    The www.Datariselab.de Service may contain links to other websites. Such websites operate independently of the Service and are not supervised in any way by the www.Datariselab.de Service. These websites may have their own privacy policies and regulations, which we recommend that you familiarize yourself with.

    DataRiseLab Sp. z o.o. reserves the right to make changes to the Privacy Policy of the service, which may be affected by the development of Internet technology, possible changes in the law on personal data protection and the development of our website. We will inform you about any changes in a visible and understandable way.