This Privacy Policy explains how Andea a limited liability company and/or Manufacturo Inc. and the group of companies belonging to Andea sp. z o.o. (referred to as ‘we’, ‘us’, or ‘ our’) collect, use and share your personal data. An up-to-date list of companies belonging to Andea Group can be found here: https://www.andea.com/company-entities/.

1. Contact details

In all matters regarding your personal data you can contact us:

If you are a California resident in all matters regarding Manufacturo and your personal data, you can contact Us:

if you are a California resident in all matters regarding your personal data, you can contact Us:

2. What personal data we process, why, the legal basis we rely on to process your personal data

Presented below are details about processing of your personal data by us in situations where you are:

Visitor to our websites and other digital channels

1. The Controller of your data is Andea Solutions sp. z o.o. and Andea sp. z o.o.

2. We process your personal data in situations where:

3. The categories of personal data:

  • When you use the Website, we save data such as your IP address, type and version of your device and web browser, your decisions with respect to cookies, and the way in which you use the Website. In most cases, we will not be able to identify you as a user and this data will be anonymous to us. However, if we are able to associate this data with you, which may occur when we are in possession of additional data from another source (e.g. if we save such data when you contact us via the contact form available on the Website), this data may become your personal data for us.
  • If you decide to contact us via the contact form available on the Website, the e-mail addresses or telephone numbers provided, traditionally, by regular mail, or personally, as well as in the cases where we have the right to contact you, we will process the personal data you provide us with, the personal data that is necessary to reply to your message (including identification and contact data, as well as the IP address if you use the contact form available on the Website), and the personal data we have received in connection with the relationship between us or collected from generally available sources.

4. We will process your personal data that we obtain in situations for the following purposes:

  • to respond to inquiries sent to us via contact forms, or to messages sent to our contact details – based on our legitimate interest as a personal data controller;
  • to analyze the use of the Website, as well as to improve its functioning and security, adjusting the way, the Website is displayed and personalizing it, saving data from forms to preserve the session and facilitate the use of the Website– based on our legitimate interest as a personal data controller;
  • for direct marketing of products or services – based on our legitimate interest or on your consent;
  • to pursue and defend against claims, before courts and administrative authorities and outside them – based on our legitimate interest as a personal data controller,
  • for archiving and backup purposes – based on our legitimate interest which is to fulfill the obligations to keep personal data safe by maintaining appropriate safeguards.

Job applicant

1. The controller of your data is the appropriate company from the Andea Group to which recruitment is conducted (advertiser) and Andea sp. z o.o.

2. We will process your personal data for recruitment processes - we process only personal data that will be provided to Us by you or will be made available to Us or collected by Us in order to conduct the recruitment process and:

  • are necessary to fulfill our legal obligation arising from the applicable employment law, i.e., data regarding: name, surname, e-mail address, date of birth, education, professional qualifications, and previous employment or
  • for which you have given Us your consent (through your statement or explicit confirmation action, such as providing us with your CV or cover letter containing such data), i.e., data contained in the recruitment documents and references received from you, messages, conversations with you (other than those indicated in the applicable employment law) or
  • are necessary for the conclusion and subsequent performance of the contract with you, i.e., in particular the data to be entered in the contract concluded in case of successful recruitment process or
  • are necessary for the purposes of legitimate interests pursued by Us, such as:
  1. choosing the right candidate who guarantees proper performance of the duties entrusted, i.e., data collected by us in the course of recruitment activities, e.g. in notes made during conversations with you,
  2. bringing and defending against claims, before courts and administrative authorities and other entities (in respect of all collected data),
  3. archiving and backing up your data, in connection with the obligation imposed on Us as a data controller to properly secure data (in respect of all collected data).

Supplier/customer or member of staff of our supplier/customer

  1. The controller of your data is the appropriate company from the Andea Group which have any relationship with your company or the company which is your employee/principal.
  2. The categories of personal data: Basic information, such as your name, the company you work for, your position, contact details.
  3. We will process your personal data that we obtain for the following purposes:
  • for the performance and settlement of the contract concluded with you/your employer/principal - in order to perform a contract to which you/your employer/principal is a party;
  • for archiving to the extent necessary to comply with legal obligations, in particular tax regulations, accounting regulations - based on our legitimate interest as a data controller;
  • for possible establishment and investigation of claims or defense against claims - based on our legitimate interest as a data controller;
  • for maintaining good business relations with you/your employer/contractor - based on our legitimate interest as a data controller;
  • for direct marketing of products or services – based on our legitimate interest as a data controller.

 

Participant of our webinars, trainings and other events

  1. The controller of your data is Andea Solutions sp. z o.o. or other the appropriate company from the Andea Group which organizes webinar, training or other event.
  2. The categories of personal data: We will process personal data that you provide to Us in order to ensure you participation in the aforementioned events, such as name, surname and e-mail address. If you provide to us more information, such as telephone number, name of company, position, source of information about events organized by us, information on the production planning tools used, we will process them on the basis of your consent for marketing purposes, only if you give Us your consent.
  3. We will process your personal data that we obtain for the following purpose:
  • for organisation of webinars, trainings and other events – based on a necessity of the data processing for the conclusion and performance of the contract for the provision of the webinar or training service.
  • for archiving to the extent necessary to comply with legal obligations, in particular tax regulations, accounting regulations - based on our legitimate interest as a personal data controller;
  • for direct marketing of products or services – based on our legitimate interest if we have an existing business relationship with you or on your consent.

 

User of our platform Manufacturo

1. The controller of your data:

If you are a user of the  Manufacturo SaaS platform our role may be different depending on the purpose of processing of your data:

  • We may be processing your personal data on behalf of the company that is using the Manufacturo SaaS platform for its own purposes (the “Company”). Such Company will be granting you access to the Platform and will be primarily responsible for processing your personal data kept in the Platform. In this case (when our goal is to perform Our duties vis a vis that Company) we are acting as a data processor and our main responsibility is to keep your data secure and process it in accordance with the agreement entered into with the Companyr. This means e.g. that if you wish to execute your rights, you have to contact that company and if we receive your inquiries We will forward them to that company.
  • We may also act as a sole data controller in some cases, e.g. where your data is necessary to pursue our legitimate interests. In such cases We, as the data controller, are primarily responsible for fulfilling the obligations resulting from the provisions of data protection laws.

2.We will process your personal data that we obtain for the following purposes:

  • to provide and maintain the Manufacturo SaaS platform,
  • to notify you about changes to our Manufacturo SaaS platform.

3. How long we will process your personal data

We will process your personal data:

  1. to contact you – from the day they were collected and as long as we are holding the conversation in the matter in which you made contact;
  2. for the purpose of improving the functioning and security of the Website – for the time for which these data are necessary to achieve this purpose, but no longer than until you express an effective objection to their processing;
  3. for the purposes of pursuing and defending against claims – for a period not exceeding the limitation period for claims;
  4. for archiving and backup purposes – for the period determined in accordance with the backup and archiving policy at Andea;
  5. for purposes related to your use of the Platform (when We act as a data controller) – for the duration of our legitimate interest;
  6. for the purposes of recruitment for a specific advertisement - until the verification of your application is completed and you are informed of the results of the recruitment process, but no longer than until the end of the next calendar quarter counted from the date you are informed of the results of the recruitment - in case you do not give your consent for the Controller to further process your data for future recruitment or for a period of 12 months from the end of the calendar year in which you gave your consent or until you withdraw your consent to their processing - if you give your consent to further data processing by the Controller for the purposes of future recruitment processes;
  7. for marketing purposes – (i) in case of marketing based on our legitimate interest – for the duration of our legitimate interest, i.e., the duration of the relationship that connects us or until you object, (ii) in cases that marketing is based on your consent – until consent is withdrawn;
  8. for the performance and settlement of the contract concluded with you/your employer/principal - for the period of performance of the contract, including the implementation of projects for you/your employer/principal, and the legal basis is the realization of the legitimate interest of the Data Controller in the form of ensuring the proper performance of contractual obligations;
  9. for maintaining good business relations with you/your employer/principal - for the duration of our business relationship.

 

4. Data recipients

Your personal data may only be disclosed:

  1. to third parties providing services to Us that are needed to achieve the purposes in relation to which we process your data (e.g., IT services, recruitment, electronic communication, hosting, marketing);
  2. to entities from the Andea Group, in particular when they provide each other with services, or as part of the internal administrative purposes of the Andea Group (e.g., when this results from the organization of tasks within the Group);
  3. to recipients to whom the disclosure is required by applicable law or order of a court or other authority;
  4. to other recipients, if you give us your consent to disclose data to them or if the transfer of data to them is necessary to protect your vital interests or vital interests of other individuals or for the common good.

 

5. Transfer of data to third countries

Your personal data may be transferred to entities outside the European Economic Area (EEA), including the USA, with whom we cooperate, such as the providers of services listed below. Whenever your personal data is transferred outside the European Economic Area (EEA) or to countries that do not provide the same or an adequate level of protection for personal data, we will ensure that this is done on the basis of a valid legal basis and using the safeguards required by law.

6. When you are a California resident

While you are using our website we may collect and further process information that may be treated as personal information under the provisions of the California Consumer Privacy Act of 2018 (hereinafter: CCPA) as amended by the California Privacy Rights Act of 2020 (hereinafter: CPRA). This part relates to you, if you are a California resident.

Categories of data collected and disclosed, purpose of collecting data, categories and sources of data, recipients of data – these are described in other parts of this Privacy Policy. Below you can find information about sales of personal data.

As Sensitive Personal Information has been classified "geolocation," in order to comply with the CPRA, we encourage you to read the Cookies Policy to learn how to disable so-called tracking cookies.

We shared device identifiers and internet and electronic network activity to facilitate online advertising. This means that a unique, resettable number that identifies your device was linked to online activity and shared with others who use that data for advertising and analytics purposes (like advertising networks, data analytics providers, and social media platforms). Details of this issue are described in Cookies Policy.

We remind you that you can use the right to opt-out and the right to limit use of sensitive personal information (“Do Not Sell Or Share My Personal Information” and “Limit The Use Of My Sensitive Personal Information”). To exercise Your rights, please contact Us.

California supervisory authority is California Privacy Protection Agency (CPPA). The California Privacy Protection Agency (CPPA) has full enforcement authority over the CCPA/CPRA regime, as well as authority to investigate potential breaches and violations, and to draft enforcement regulations. The description of your rights you can find in the next section.

 

7. Data subject rights

You have the following rights:

  • The right to obtain information, access to data and to receive a copy of the data. You have the right at any time to request information about your personal data that we store or to which we have access.
  • The right to withdraw consent. Each time your data is processed based on your consent given, you have the right to withdraw this consent at any time, whereas withdrawal of consent will not affect the lawfulness of data processing that happened before you withdraw your consent.
  • The right to rectify personal data. We take reasonable steps to ensure that your personal data is correct, complete and up to date. If it is necessary to change these data, please let us know.
  • The right to data portability. You have the right to request the transfer of your personal data in a structured, commonly used machine-readable format, as well as to request the transfer of data to another data controller, when your consent is the legal basis for the processing of your personal data.
  • The right to delete data and to limit processing. In the cases indicated in the provisions of law on the protection of personal data, you have the right to request the deletion of your personal data. However, this right is not absolute – there may be occasions when we are still entitled to process your personal data. You can also request a restriction on the further processing of your data. When you are a California resident: California residents can request deletion of personal data and we have to notify third parties to delete this as well.
  • The right to object to processing. In the cases indicated in the provisions of law, you have the right to object to the further processing of your data when the legal basis for the processing of personal data is our legitimate interest.
  • The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with the supervisory body dealing with the protection of personal data.

When you are a California resident also:

  • The right to opt-out of automated decision making. California residents can say no to their personal data being used to make automated inferences, e.g., in profiling for targeted, behavioral advertisement online.
  • The right to know about automated decision making. California residents can request access to and knowledge about how automated decision technologies work and what their probable outcomes are.
  • The right to opt-out of the “sale” or “sharing” of your personal information to or with third parties. California residents can opt out of businesses sharing and selling their personal data specifically for behavioral advertisement, and not only of the sale of personal data.
  • The rights of minors. For California residents the opt-in requirement for businesses when dealing with minors is extended to include the sharing of personal data for behavioral advertising.
  • The right to limit use of sensitive personal information. California residents can make businesses restrict their use of this separate category of personal information, particularly around third-party sharing.

For each of the rights mentioned above, you can contact Us in particular using the contact details.

 

8. Support providers

Andea will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

In particular, we are using services of the following third parties:

1. Google

We use Google Analytics – a web analytics service offered by Google (Google Ireland Limited, Google Building Gordon House, Barrow St., Dublin 4, Ireland, in case of users in EEA and Switzerland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, US, in case of users outside EEA and Switzerland), that tracks and reports information about Website traffic. This information is then shared with Google, who can then use it to contextualize and personalize ads. You can opt out of having made the information about your activity on our Website available to Google by installing the Google Analytics opt-out browser add-on (to be downloaded from this site: https://support.google.com/analytics/answer/181881?hl=en). This add-on prevents Google Analytics JavaScript from sharing information with Google Analytics about your activity. You can also switch off personalization of adds here: https://adssettings.google.com/. The data gathered using Google Analytics may then be shared and used by other tools from Google suite that we use (Google Ads, Google Tag Manager and Google Search Console).

We also use reCAPTCHA, which is a service from Google that helps protect Websites from spam and abuse. A “CAPTCHA” is a Turing test to tell human and bots apart. By adding reCAPTCHA to our Website, we can block automated software. In order for reCAPTCHA API to work, it collects hardware and software information (which in some cases may be personal data), such as device and app data, and sends it to Google for analysis.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy and https://policies.google.com/terms.

2. Microsoft

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

3. Umbraco

The website is hosted (technically maintained) on the Umbraco Cloud server (https://umbraco.com/media/vigli2xz/cloud-infrastructure-security-overview.pdf). Company details: Umbraco HQ, Buchwaldsgade 35, 2nd floor, 5000 Odense C, Denmark, Company Registration Number/cvr: 35866582 The company's security policy is available at: Privacy and Umbraco.

4. Meta (formerly Facebook)

We use Facebook pixel provided by social media network Facebook operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, by Meta Platforms Ireland Limited Meta, with its registered office at Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter “Facebook”). Facebook Pixel is a mechanism (a snippet of JavaScript code) to track your activity on our Website in order to determine you as a target group for presentation of our advertisements on Facebook. Facebook Pixel also help US track the effectiveness of our ads for statistical and market research purposes by seeing whether users have visited our Website after seeing our ad on Facebook (conversion tracking). Facebook pixel stores a cookie on your device – if you log in to Facebook or visit Facebook your visit to Our Website will be noted on your Facebook profile. Due to the use of Facebook pixel, we get access to analytics data (which may very seldom be enough for Us to identify you and become then your personal data). Facebook gathers and further processes your data which is linked to your Facebook profile (or sometimes to your other data if you do not have a Facebook profile). Thus, We and Facebook are considered as joint controllers with regard to the abovementioned processing. Joint controllership agreement entered between Us and Facebook is available here: https://www.facebook.com/legal/controller_addendum.

More information about Facebook pixel can be found here: https://www.facebook.com/business/help/742478679120153?id=1205376682832142. Information about how Facebook processes your personal data can be found here: https://www.facebook.com/privacy/explanation.

5. Elevato

We use Elevato for recruitment purposes – a recruitment system, supporting the work of HR departments and recruitment agencies offered by Elevato S.A. (Elevato S.A., ul. Batorego 3/6, 43-300 Bielsko-Biała, KRS Number 0000883924). For more information on the privacy practices of Elevato, please visit the Elevato web page: https://www.elevatosoftware.com/pl/polityka-prywatnosci/ and https://www.elevatosoftware.com/pl/bezpieczenstwo-i-rodo/.

6. Microsoft 

"We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement."

7. Visitor Queue

We utilize a lead generation and website personalization solution Visitor Queue, with the office in Canada at 316 Rectory Street, London, ON, N5W 3V9, to gather non-personally identifiable information about visitors to our website. Visitor Queue helps us track user interactions and analyze website traffic patterns to keep improving the overall user experience. The tool collects standard internet log information and visitor behavior information in an anonymous form and does not identify individual users or associate any personal information with website visits. The data collected through Visitor Queue may include but is not limited to IP addresses, browser types, internet service providers, referring/exit pages, and timestamps. We use this information solely for statistical analysis purposes and to enhance the functionality and content of our website. 

Third-party websites

The Website also includes links to third-party websites. When you visit these pages, different rules apply than those described here in the field of personal data processing, as well as someone else is the data controller of data processed there. We recommend that you read the rules applicable to the processing of personal data published by the administrators of these websites.

Social Media

We use social media plugins. In case there is a link to Our social media on Our website, please note that the providers of the respective social media sites have their own data protection procedures, for which We are not responsible. In this case, it is recommended that you read the privacy policies and other documents regarding the processing of personal data posted on the pages of the relevant social media sites. Here you can read our information clause relating to using of social media by Us: Social Media Clause