Privacy policy

The owner of the website www.all-for-one.pl – hereinafter: the Website is All for One Poland sp. z o.o with its registered office in Złotniki (62-002) ul. Krzemowa 1, KRS 0000040760, e-mail: office.pl@all-for-one.com, phone no.: +48 61 827 70 00 – hereinafter: the Website Owner.

The Website Owner values the privacy of the website’s users and makes every effort to protect and process personal data in accordance with applicable laws and the principles set forth, in particular, in the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter: GDPR.

Pursuant to Articles 13 and 14 of the GDPR, this Privacy Policy explains the principles and methods of processing personal data of the Website users and serves as a source of information regarding the processing of personal data by the Company in the situations outlined below.

General Information

1. The personal data controller is the Website Owner.
2. The controller has appointed a Data Protection Officer, who is Natalia Benderska. The Data Protection Officer can be contacted via email at: iod@all-for-one.com.
3. In connection with the processing of personal data by the Controller, the data subjects have the following rights:
   1. the right of access to personal data – in accordance with the provisions of Article 15 of the GDPR;
   2. the right to request rectification of personal data – in accordance with the provisions of Article 16 of the GDPR;
   3. the right to request erasure of data – in accordance with the provisions of Article 17 of the GDPR;
   4. the right to request restriction of data processing – in accordance with the provisions of Article 18 of the GDPR;
   5. the right of data portability – in accordance with the provisions of Article 20 of the GDPR.
4. In the case where the Controller processes personal data based on their legitimate interest (Article 6(1)(f) of the GDPR), the data subject has the right to object to the further processing of their personal data by the Controller – in accordance with the provisions of Article 21 of the GDPR.
5. In any case of personal data processing based on consent (Article 6(1)(a) of the GDPR), such consent is given voluntarily and may be withdrawn at any time without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal.
6. Requests to exercise rights should be submitted by contacting the Data Protection Officer.
7. If you have any doubts regarding the processing of personal data by the Data Controller, please feel free to contact the Data Protection Officer. Nevertheless, we would like to point out that every data subject has the right to lodge a complaint regarding the processing of their personal data with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
8. Personal data may be transferred outside the European Economic Area (EEA) – this transfer most commonly occurs as part of the cooperation between companies of the All for One Group. In every such case, the Controller takes special care to ensure that the data is transferred securely and in accordance with the regulations governing personal data transfers (in particular, the European Commission’s adequacy decision on the level of protection, standard contractual clauses).
9. Recipients of the data may include entities providing services such as: subcontracting, IT support, marketing, training, mail and parcel delivery, legal services, and auditing entities – for the purpose of conducting an audit. Personal data is provided to data recipients only on the basis of a contract or legal provisions.
10. Personal data is not subject to automated decision-making, including profiling, unless explicitly stated in the description of the specific purposes of processing.

Information regarding specific purposes of personal data processing

I. Use of the website

1. The Website uses cookies and tracking mechanisms, which may involve user profiling – more information on this can be found in the Cookie Policy. The Cookie Policy also includes information about the functions of individual cookies and the period for which these cookies are installed on the user’s device.
2. Log files – each time a user accesses the Website, the administrator collects information about the device: IP address, browser request, and time of the request. Additionally, during this request, the state and amount of data transmitted, information about the version of the browser used, and the operating system of the device are recorded. The controller also collects information about the address of the website that redirected the user to the Website. This data is used for the operation of the Website, particularly for detecting and eliminating errors on the website, determining traffic intensity, and implementing changes and improvements.
3. Embedded content from third parties (Google Maps, YouTube, etc.) – If content from third parties such as Google Maps, YouTube, etc. is displayed on the Website, the prerequisite for providing and displaying this content in the browser is the transfer of log file information by the user to the external provider. We have no control over the data processing by the external provider. If the user is logged into the external provider’s website using the user account, the external provider may associate the user’s behavior with that account. If necessary, the external provider stores data in user profiles and uses it for advertising, market research, and/or designing their website according to the requirements. Any rights to object to the creation of these user profiles should be directed to the external provider. More information about the purpose and scope of data collection and processing by the external provider can be found in the privacy policy of that provider. It also contains more details about the rights and options of privacy protection settings:
   • Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA;  https://www.google.com/policies/privacy/partners/?hl=de.
   • YouTube, LL.C., 901 Cherry Avenue, Second Floor, San Bruno, CA 94066, USA;  https://www.google.com/policies/privacy/partners/?hl=de.
4. Google Analytics – This Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies” to help the website analyze how users use it. The information generated by the cookie about the user’s use of the Website is generally transmitted to a Google server located in the USA and stored there. This website uses Google Analytics with the “_anonymizeIp()” extension. As a result, IP addresses are further processed in a shortened form to exclude the possibility of direct personal identification. The controller uses Google Analytics to analyze and regularly optimize the performance and user experience of the Website. More information about data processing by Google can be found in Google’s Privacy Policy: https://policies.google.com/privacy?hl=pl.
5. Google AdWords conversion tracking: This website uses Google AdWords to generate interest in its offers through advertising materials (Google AdWords) displayed on external websites. Based on data from advertising campaigns, the website owner can assess the effectiveness of individual advertising activities. The purpose of the activity is to display ads that are relevant to users’ interests, making the Website more attractive to them and enabling accurate calculation of advertising costs. Advertising materials are delivered by Google via so-called “ad servers.” For this purpose, ad server cookies are used. They allow for measuring certain success metrics, such as ad insertion or user clicks. If a user visits the Website via a Google ad, Google AdWords stores a cookie on the user’s device. These cookies typically expire after 30 days and are not intended to personally identify the user. For this cookie, its unique identifier, the number of ad impressions per placement (frequency), the last view (relevant for post-view conversions), and opt-out information (indicating that the user no longer wishes to receive ads) are usually stored for analytical purposes.
   These cookies allow Google to recognize the user’s web browser. If the user visits specific pages of an AdWords client’s website and the cookie stored on their device has not yet expired, Google and the client can recognize that the user clicked on the advertisement and was redirected to the Website. Each AdWords client is assigned a different cookie. Cookies therefore cannot be tracked across the websites of AdWords clients. The Website Owner does not collect or process any personal data as part of the above-mentioned advertising activities – the Website Owner receives only statistical analyses from Google. These analyses help determine which advertising measures are particularly effective. The Website Owner does not receive any further data regarding the use of advertising materials – in particular, the Website Owner cannot identify users based on this information.

6. As a result of using the marketing tools, the user’s browser automatically establishes a direct connection to Google’s server. The Website Owner has no influence on the scope or further use of the data collected by Google through this tool. However, according to the current state of knowledge of the Website Owner, the integration of AdWords conversion tracking allows Google to receive information that the user has accessed the relevant part of our website or clicked on an advertisement about us. If the user is registered with a Google service, Google may associate the visit to the Website with the user’s Google account (even if the user is not registered or not logged into a Google service, the provider may obtain and store the user’s IP address).The tracking process can be blocked in various ways:

• • by setting the browser accordingly, in particular by disabling third-party cookies – in this case, the user will not receive any ads from external providers;
  • by disabling conversion tracking cookies by setting the browser so that cookies from the domain “www.googleadservices.com”, https://safety.google/privacy/ads-and-data/?hl=pl are blocked – this setting will be removed when cookies are deleted;
  • by deactivating interest-based advertising from providers as part of the self-regulatory “About Ads” campaign via the link http://www.aboutads.info/choices – this setting will be removed when cookies are deleted;
  • by permanently deactivating the Firefox, Internet Explorer, or Google Chrome browsers in your browsers via the link http://www.google.com/settings/ads/pluginIt should be noted that full use of certain functions of the Website may then become impossible.

7. Not all cookies and other technologies used by the Website involve the processing of personal data; however, in cases where these tools do involve the processing of personal data, the Controller informs that:
   • In the case of strictly necessary cookies, the legal basis for processing is Article 6(1)(f) of the GDPR – the legitimate interest of the Controller, which is to ensure the proper functioning of the website and to enable the display of its content. Providing the data is voluntary but necessary to use the Website.
   • For all other cookies and information generated by technologies used on the Website, the legal basis for processing is Article 6(1)(a) of the GDPR, i.e. the user’s consent. Providing this data is voluntary, and refusal to give consent does not affect the ability to use the Website; however, refusal to give consent may negatively affect the perception and presentation of the Website’s content – particularly multimedia content. Lack of consent will also prevent the Website Owner from performing the analytical and advertising activities described above.

II. Contacy form, telephone contact, email contact

1. We process the data in order to enable contact with the Controller – to submit an inquiry, provide a response, and conduct further correspondence.
2. The legal basis for the processing of personal data is Article 6(1)(f) of the GDPR, that is, the Controller’s legitimate interest considered by the Controller to be the fulfillment of the above-mentioned purpose of processing, as well as the ability to contact the data subject in order to present a service offer, provide information about webinars, training courses, and other information that the Controller considers interesting and useful for the data subject.
3. The data will be stored until the purpose of processing has been exhausted or any potential claims have expired, or until the data subject submits an effective objection to such processing by the Controller.
4. Providing personal data is voluntary but necessary in order to contact or conduct correspondence with the Controller.

III. Registration for webinars, training courses, and other events

1. We process the data in order to enable registration for and participation in a given webinar/training or other event organized by the Controller, as well as to allow for contact with the data subject in order to present a service offer, provide information about webinars, training courses, and other information that the Controller considers interesting and useful for the data subject.
2. The legal basis for data processing is as follows:
   • Article 6(1)(b) of the GDPR – with regard to registration for a webinar/event, enabling participation in a webinar/training/event, and the performance of a contract concluded for this purpose.
   • Article 6(1)(f) of the GDPR – the legitimate interest of the Controller, which is the provision of information about the Controller’s products, services, and activities that may be of potential interest to the data subject.
3. The data will be stored for the duration of the performance of the contract related to the organization of the training/event, and thereafter for the limitation period for potential claims, or until the data subject submits an effective objection to such processing by the Controller.
4. Providing the data is voluntary but necessary in order to participate in the webinar, training course, or other event.

IV. Marketing information

In connection with training activities conducted by the Controller, the participation in and organization of events and conferences by the Controller’s employees, as part of cooperation, networking, and the exchange of experiences, the Controller obtains personal data, which is subsequently processed for marketing purposes – namely, for sending information about events, offers, and services that may be of interest to the data subject.

2. As a rule, the source of the data is the data subject or a contract concluded between the Controller and a counterparty (data of individuals designated in the contract for its performance, and data of the counterparty or the counterparty’s employees contacted by the Controller during the performance of the contract). However, it may happen that the Controller obtains personal data from another source – such as colleagues, corporate promotional materials, the website, social media, or in the course of contract negotiations. For contact purposes, the Controller always uses business contact details.
3. The legal basis for the processing is Article 6(1)(f) of the GDPR – the legitimate interest, which is the fulfillment of the purpose of processing.
4. The data will be stored until the purpose of the processing has been exhausted or until the data subject submits an effective objection to such processing by the Controller.

V. Counterparties and their employees

1. We process personal data for the purpose of entering into and performing a contract with a counterparty:
   • a natural person, a sole proprietor, or a civil law partnership – based on Article 6(1)(b) of the GDPR. Providing personal data is voluntary but necessary for the conclusion and performance of the contract.
   • the legal basis for the processing of personal data of the counterparty’s employees is Article 6(1)(f) of the GDPR, that is, the Controller’s legitimate interest considered by the Controller to be the ability to enter into and perform a contract with the counterparty, carry out necessary settlements, and protect potential claims. The Controller has obtained the personal data of a member of the counterparty’s personnel in connection with the intention to conclude a contract between the Controller and the counterparty, or the performance thereof. The personal data has been obtained either directly from the data subject or provided by the counterparty (in the body of the contract, during negotiations, or by other means). The scope of the collected data includes business contact details and data contained in the power of attorney.
2. The Controller will also process personal data for marketing purposes, in accordance with the purposes and principles set out in Section IV – Marketing Information.
3. Personal data will be stored for the duration of the performance of the contract, and thereafter until the claims are barred by limitation under applicable law, or until the data subject submits an effective objection to such processing by the Controller.

VI. Video surveillance

1. For the purpose of ensuring the safety of individuals, protecting property, and safeguarding the confidentiality of information, video surveillance operates on the premises of the Controller’s headquarters.
2. Personal data is processed on the basis of Article 6(1)(f) of the GDPR – the Controller’s legitimate interest considered by the Controller to be the achievement of the processing purpose.
3. Personal data will be stored for a period of 3 months, unless its processing (further storage) is necessary for the purpose of pursuing claims by the Controller or a third party in proceedings before state authorities – until the conclusion of such proceedings with a final judgment or until the data subject submits an effective objection to such processing by the Controller.
4. Providing personal data is voluntary but refusal to provide it will result in the inability to enter the Controller’s premises.

VII. Social media

1. The Controller uses the following social media platforms: Facebook, LinkedIn, YouTube. The Website contains links to the Controller’s profiles on the aforementioned platforms. By using these links, the user leaves the Website.
2. The owners of the social media platforms are separate data controllers. More information about the processing of personal data by the owners of these platforms can be found here:
   • Facebook: https://www.facebook.com/about/privacy
   • LinkedIn: linkedin.com/legal/privacy-policy
   • YouTube: https://www.youtube.com/intl/ALL_pl/howyoutubeworks/our-commitments/protecting-user-data/
3. The Controller may obtain personal data through social media platforms only to a limited extent, essentially restricted to what the data subject themselves posts on these platforms, e.g. by providing their profile details, contacting via private message, leaving a comment/reaction under content presented by the Controller, subscribing to a YouTube channel, or in the case of LinkedIn, by visiting the Controller’s profile as a logged-in user of the platform. In such cases, personal data will be processed for the following purposes:
   • improving an offer – by interacting with users on social media platforms, e.g., when a user leaves a comment/reaction under the presented content;
   • if the website user contacts the Controller through a private message or by leaving a comment – the Controller will process personal data in order to respond to the inquiry and continue correspondence via the selected communication channel;
   • conducting marketing activities in accordance with the purposes and principles set out in Section IV – Marketing Information;
   • in particular, on the LinkedIn platform, the Controller may actively browse profiles of individuals (portal users) – with the purpose of finding potential candidates for job vacancies. In this case, the Controller’s employees will process the personal data of potential candidates in order to establish contact and continue correspondence via the selected communication channel. If there is an expression of interest in the proposed recruitment, information regarding the processing of personal data in the recruitment process will be provided under the specific job offer, with the link to that offer being shared by the recruitment officer.
4. The legal basis for the personal data processing is Article 6(1)(f) of the GDPR – the Controller’s legitimate interest, which is the fulfillment of the purpose of processing.
5. The data will be stored until the purpose of processing has been exhausted or any potential claims have expired, or until the data subject submits an effective objection to such processing by the Controller.
6. Providing personal data is voluntary; however, in certain cases, it may be necessary, e.g., to contact the Controller through the portal.

The Privacy Policy is effective as of the date of its publication, i.e.14.04.2025.  Any amendments to this document will be made at the following address: https://www.all-for-one.pl/en/privacy-policy/ and will be effective from the date of their publication.

The Website may contain links to third-party websites. The company does not have control over these websites and, therefore, is not responsible for the practices of third parties regarding the confidentiality and security of personal data processed through these websites.