Privacy policy

Privacy Policy


Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information. The following outlines our privacy policy.

  1. Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
  2. We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
  3. We will only retain personal information as long as necessary for the fulfillment of those purposes.
  4. We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
  5. Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
  6. We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
  7. We will make readily available to customers information about our policies and practices relating to the management of personal information.

We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.


Article 1. Privacy Principle

  1. The personal data controller is Scanway Spółka z ograniczoną odpowiedzialnością (Limited Liability Company) with its registered office inWrocław (address: 54-427 Wrocław, ul. Duńska 9, Wrocławski Park Technologiczny) entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for Wrocław-Fabryczna, 9 th Commercial Division under KRS No.: 0000597109, Tax Identification Number (NIP): 8842761100
  2. Scanway spółka akcyjna (joint-stock company) as the controller of personal data (hereinafter referred to as the “Controller”) attaches great importance to the privacy protection and confidentiality of personal data entered by Internet users in electronic forms made available on the scanway.plm website (hereinafter referred to as “”), the principles of which are defined in the terms and conditions of use (hereinafter referred to as the “Terms and Conditions”).
  3. Contacting the Data Protection Office is possible via email address:
  4. The Controller, with due diligence, selects and uses appropriate technical and organizational measures to protect the personal data processed. Full access to the databases is only granted to persons duly authorized by the Controller.
  5. The Controller protects personal data against unauthorized access, as well as against its processing in violation of the applicable laws.
  6. Visitors to can browse the websites without providing personal data.


Article 2. Basis for Personal Data Processing

  1. Personal data is processed by the Controller in accordance with the law, in particular in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (hereinafter referred to as “GDPR”) in order to:
  1. answer questions asked in connection with the use of contact forms available at by the user, including pop-ups (pursuant to Article 6 Paragraph 1(b) GDPR);
  2. use the newsletter service, including the provision of business information and information about the events and workshops, on the basis of the granted consent (Article 6 Paragraph 1(a) GDPR);
  3. conduct and settle the outcome of a recruitment process if the user has applied to take part in the recruitment process, on the basis of a legal obligation of the Controller and consent granted (Article 6 Paragraph 1(a) and 1(c) GDPR);
  4. pursue or secure claims (pursuant to Article 6 Paragraph 1(f) GDPR).
  1. Providing personal information is voluntary.
  2. The user should not provide the Controller with personal data of third parties. However, when the user provides such data, the user each time declares that he has the consent of the third parties to transfer the data to the Controller.


Article 3. Personal Data Processing Scope

  1. The Controller processes the scope of data provided by the user in the content of the issue addressed to the Controller.
  2. The data provided by users is used only to: provide answers to the questions asked, send the newsletter including business information concerning the Controller and the Controller’s products, services, workshops and events, carry out the recruitment process, as well as for statistical purposes and event organization.
  3. The Controller uses IP addresses collected during Internet connections for technical purposes related to server administration. In addition, IP addresses are used to collect general, statistical demographic information (e.g. about the region from which the connection is made).


Article 4. Personal Data Processing Control

  1. The user is required to provide complete, up-to-date and real data.
  2. Each user whose personal data is processed by the Controller has the right to access the data and the right to rectify, erase, limit the processing, transfer the data, object to the processing of the data based on the legitimate interest of the Controller, withdraw consent at any time without affecting the lawfulness of the processing (where the processing takes place on the basis of a consent) carried out based on the consent before its withdrawal.
  3. The rights specified in the above paragraph may be exercised by sending a relevant request stating the user’s name and e-mail address to
  4. The user has the right to appeal to a supervisory authority where he considers that the processing of personal data violates the GDPR provisions.


Article 5. Sharing of Personal Data

Users’ data can be made available to entities authorized to receive the data under applicable law, including the relevant judicial authorities. Personal data may be transferred to entities commissioned to process it, i.e. marketing agencies, partners providing technical services (development and maintenance of IT systems and websites). Your personal data may be transferred to a third party country/international organization

  1. Your data may be processed on servers located outside of the country of your residence.
  2. Your personal data may be transferred outside the European Economic Area to a third party country, i.e. the USA, to subjects fulfilling a required protection level based on the European Commission’s decision from 12 July 2016, the so-called Privacy Shield.
  3. This means that your data shall be transferred only to subjects that comply with the rules determined by the United States Department of Commerce within the EU-US Privacy Shield Framework programs regulating collecting, using and storing personal data from the Member States of the European Union.
  4. In an event of sending data from the EU area to other countries, e.g. the United States, data processors comply with the law regulations that ensure an analogical level of security to that of the European Union’s regulations. Here, you can find up-to-date decisions from the European Commision regarding the adequate level of data protection (


Article 6. Data Retention Period and Other Information Concerning Data Processing

  1. Personal data shall be stored only for the period necessary to achieve a particular purpose for which it was sent, or in order to comply with the law.
  2. In the case of a recruitment process, personal data shall be processed in the period of twenty-four  months after the completion of the recruitment process.
  3. If the user has consented to the use of personal data in connection with the use of the newsletter, personal data shall be processed until the consent is withdrawn.
  4. Personal data shall not be processed in an automated way by the Controller.