Privacy Policy

I. Introduction

This Privacy Policy is applied by PRODUCT BREW Sp. z o. o., with its registered office in Wrocław, ul. Hubska 52/14, 50-502 Wrocław, KRS: 0000782984, NIP: 899-286-13-98 (hereinafter: Controller, Product Brew, Company, us).

The Privacy Policy describes how we collect, process and use data (including personal data) that is provided to us through the Website, other communication channels, in the course of collaboration and in the performance of our services.

By using or accessing our website, using our services, interacting or contacting us (including via social media) you accept the practices described in this Privacy Policy and agree that we will process, collect, use and share your information (including personal information) in the manner described here.

Product Brew does not sell your personal data or make it available to other, unauthorised parties without a legal basis.

II. Definitions

All capitalised terms shall have the meaning given to them below.

Controller/Product Brew - PRODUCT BREW Sp. z o. o., z siedzibą we Wrocławiu, ul. Hubska 52/14, 50-502 Wrocław, KRS: 0000782984, NIP: 899-286-13-98

User - user of the website,

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC,

Website - website

All definitions, such as "personal data", "processing", "controller", "processor", used in this Privacy Policy have the meaning set out by the GDPR.

III. Scope of data processing

A. Personal data

In connection with the Company's operations, we may collect personal information in a variety of ways. Among others, by cooperating with other entities, by allowing you to contact us through the "Let's talk" section on our Website, and in connection with other activities, services, features or resources that we provide as a Company. When entering into a relationship with us you may be asked to provide, for example, your name, email address, mailing address. We will only collect and process personal data if it is lawfully provided to us.

B. Other data

We may collect other data (non-personal data) about Users each time they interact with our Website. This may include browser name, computer type and technical information about how Users connect to our Website, e.g. operating system used and internet service providers and other similar information.

IV. What personal data do we process and why?

Product Brew processes various categories of personal data. Each data is duly protected by us and processed only for the purpose for which it was obtained.

1. Clients data

In the course of its business, Product Brew undertakes business with clients. In the course of fulfilling a contract with a client, personal data may be provided to us that is necessary for the conclusion and fulfilment of the contract. The data collected during the cooperation with the client is processed for the purpose of fulfilling the contract.

The contract between parties is the legal basis for processing such personal data. In particular, Product Brew processes such personal data as name, last name, contact data (email, phone number), data available in public registers (e.g. KRS, CEiDG and their foreign equivalents), data from the client, as well as other data if necessary to conclude and perform the contract. Data may also be processed if necessary for compliance with a legal obligation the Produc Brew is subject to or if processing is necessary for the purposes of the legitimate interests pursued by the Controller (e.g. for the purpose of investigating and defending against claims).

2. Cooworkers and business affiliates data

We use external entities to ensure the proper functioning of Product Brew (these include entities providing IT services, accounting services, legal services). Accordingly, Product Brew may process personal data of such entities. Processing of such data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Processing may be also necessary for compliance with a legal obligation to which the Controller is subject (e.g. for the investigation and defence of claims).

In particular, we process such data as name, last name, contact details (email, phone number), ID number, PESEL number, data available in public registers (e.g. KRS, CEIDG and their foreign equivalents), information on business and professional activities, including place of work, position, qualifications, as well as other data provided by a coworker or affiliate, necessary to conclude and perform the contract.

Product Brew may process the image of contractors in order to promote its business, in particular for the purposes of maintaining the Website and social media accounts. In that case, consent is the basis for data processing.

3. Data of hackathons', workshops' and other events' participants

As part of our business, we organise webinars, hackathons, workshops, training courses and other similar events where personal data of participants may be processed. Such data is processed in order to enable the participant to take part in the event and on the basis of the participant's consent or contract with the participant. The processed data include, in particular, name, last name, email, phone number and other contact details.

4. Candidates for cooperation data

Product Brew processes the personal data of candidates for cooperation. In this regard, the following data in particular are processed: name, last name, contact data, data on education and work experience, other provided by the candidate, as well as other data necessary for the conclusion and performance of the contract. Processing candidates data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Processing is for the purpose of verification prior to the establishment of cooperation, as well as on the basis of consent in the event that more data is provided than is required for the verification process and in the course of cooperation. Consent is also the basis for processing when the candidate expresses a wish to participate in future recruitments.

5. Contact with Product Brew

Product Brew processes the data of persons who contact the Company, e.g. by email, via the Website, or other communication channels. We process in particular: name, email, phone number, address, IP address, and other data provided in the message. The data are processed on the basis of the Controller's legitimate interest in handling correspondence and enquiries. We process the data for the duration of the interest, or until the data subject expresses an effective objection.

6. Contact via social networks

When using Product Brew's social media profiles (e.g. Facebook, Instagram, LinkedIn, etc.) the user should consult the privacy policies of these providers on his or her own to obtain up-to-date information on data protection.

Facebook, Instagram, LinkedIn, etc. are the controllers of the personal data of users using the aforementioned platforms. In the event of a user's interaction on social media (e.g. comment, share, private message, etc.), Product Brew also becomes the controller of the users' personal data. In the aforementioned scope, Product Brew processes in particular the name/nickname, image and also other data provided by the user in comments or private messages.

The data is processed to operate the profile, respond to queries, promote services, products and also with relation to organisation of webinars, hackathons, competitions and other events organised by Product Brew. The legal basis for the processing of personal data for this purpose is the legitimate interest of maintaining the profile, responding to contact from the user, and promoting the Company's activities. The data are processed for the duration of the interest, or until the data subject expresses an effective objection.

7. Processing to promote our services

Notwithstanding the above your personal data, in particular your name and address and/or e-mail address, may be used by us for the purpose of occasional contact (e.g. to send you greetings or Christmas gifts) or to contact you regarding the promotion of our services. The legal basis for processing your personal data for this purpose will be our legitimate interest in maintaining relationships and building a positive image of our Company and marketing our services. Please note we send commercial information to email addresses with prior consent.

In all cases described in point III, personal data may also be processed for the purpose of legitimate interests pursued by Product Brew, which are the investigation and defence of possible claims. Personal data may also be processed for the purpose of complying with Product Brew's legal obligations.

V. How long do we process personal data?

We process personal data for as long as necessary to achieve the purposes of the processing. Thus, if we process on the basis of:


contract, the data are processed for the duration of the contract,


consent, the data are processed until the consent is withdrawn,


provision of the law, the data shall be processed for the period indicated in the provision,


legitimate interest of the Controller, the data shall be processed for the duration of that interest or until the data subject expresses an effective objection.

VI. Who can have access to personal data and why?

To the extent necessary for the conduct of our business, we use external entities (e.g. software services, project management services, legal and accounting services). This may involve sharing processed personal data with these entities.

Access to your personal data will only be granted to duly authorised Product Brew’s associates and partners who are obliged to keep the data confidential and not to use it for purposes other than those for which Product Brew obtained the data, and to entities that support us in providing services such as: email providers, marketing platforms, IT service providers, management and communication tools, legal service providers, consultants, insurers. All these individuals and entities will only have access to the part of your personal data that is necessary for them to perform their specific activities.

When transferring personal data Product Brew applies appropriate measures and safeguards to prevent unauthorised persons from gaining access to the data (including encrypted connections). Product Brew enters into data entrustment agreements and applies other adequate safeguards when transferring data (including outside the EEA). Additionally Product Brew may be obliged to transfer personal data to, for example, law enforcement or judicial authorities.

VII. Do we transfer personal data outside the EEA?

Product Brew may transfer personal data outside the EEA. The transfer may take place when it is necessary for the proper functioning and fulfilment of the Controller's obligations. In the event of such a transfer of personal data, Product Brew shall ensure an adequate level of protection primarily by:

  • a transfer of personal data to countries for which the European Commission decision recognising the country as ensuring an adequate level of security and protection of personal data has been issued,

  • a use of Standard Contractual Clauses issued by the European Commission,

  • an application of other adequate safeguards provided for by the GDPR.

VIII. Can I change, update my personal data? Can I request deletion of my data?

If the processed data concerns you, you have the right to obtain access to your personal data, as well as to request the rectification, restriction or erasure of your personal data, as well as the portability of your personal data and, where the processing is based on consent, to withdraw it at any time. You then also have the right to lodge a complaint with a supervisory authority if the processing violates the provisions of the GDPR.

Once the identity of the person has been confirmed, Product Brew shall exercise the rights indicated, based on an analysis of the legitimacy of the request and the applicable law. Product Brew will make efforts to comply with requests, but there may be some cases where data must be retained due to applicable law, or other legitimate legal interests of Product Brew.

IX. Do we process children's data, and sensitive personal data?

We operate in line with the GDPR and do not knowingly process (and you agree not to provide to us) any personal data of anyone under the age of 16. Our Website and services are intended for users who are 16 years of age or older. Product Brew also does not knowingly collect any special categories of Personal Data (including, but not limited to, data relating to racial or ethnic origin, data revealing political opinions, biometric data, genetic data, health data) and you agree not to send such data to the Company.

X. Cookies and similar technologies

We use so-called "cookies" to customise the content displayed on the Website, to survey Users' visits to the Website and to record their preferences. Cookies allow us to process, among other things, your IP address, device identifier and device type, domain, browser type and language, operating system and system settings, country and time zone, previously visited websites, information about your interaction with our Website. Cookies are also used to compile general statistics about Users' use of the Website.

Types of cookies:

  • Necessary cookies,

  • Performance cookies,

  • Targeting cookies,

  • Functional cookies.

It is possible to disable or delete cookies in your web browser, but this may hinder your ability to use all the features of the Website. The information on cookies also applies to other similar technologies used on the Website.

Third parties may also collect information through our Website by means of their cookies, plug-ins and widgets. Such entities collect data directly from the User's browser and the processing of such data is subject to their own privacy policies. Detailed information on personal data protection is available from each such entity.

XI. Data in Google Analytics

Traffic on the Website is monitored by the analytics system Google Analytics, the purpose of which is to collect data about how the Website is used.

XII. Changes to our Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our internal practices. If we decide to make such a change, we will post it on our Website. We reserve the right to make changes without prior notice to data subjects, including, but not limited to, clients, associates, Users of the Website.

XIII. Do you have any questions? Contact us

If you have any questions or comments regarding the processing of your personal data or the Privacy Policy, please contact us via: