1. DATA CONTROLLER

The controller of your personal data provided in the scope of the Portal is:

GrowNow Sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw, entered into the Register of
Entrepreneurs kept by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court
Register under the KRS number: 0000897332, Tax Identification Number (NIP): 7010707288, with the share capital of
PLN 100,000, represented by Kamil Wiszowaty – President of the Management Board, (hereinafter referred to as:
Grow”).

Personal data may also be processed by other members of the group of companies: Group One
A list of the entities and their locations can be found below.

The Group One corporate group comprises the following companies:

  1. Group One S.A. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  2. Mediaplus Medianest sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  3. Salestube sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  4. Value Media sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  5. RL Media sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  6. RL Media sp. z o.o. k. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  7. Mediaplus Warsaw sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  8. Labcon sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  9. Change Serviceplan sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  10. Media Republic sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  11. Gong Sp. z o.o. with its registered office at ul. Długosza 2, 44-100 Gliwice;
  12. Media Ready sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  13. 2LM Sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  14. Get Louder sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw;
  15. GrowNow Sp. z o.o.. with its registered office at Al. Jerozolimskie 224, 02-495 Warsaw;
  16. Group One Mediaplus Prague s.r.o. with its registered office at ul. Klimentská 1746/52, 110 00 Praga 1;
  17. Plan.Net Technest Sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw
  18. GameChanger Sp. z o.o. with its registered office at Al. Jerozolimskie 134, 02-305 Warsaw
  19. HMMH Poland Sp. z o.o. with its registered office at ul. Michalczyka 5, 53-633 Wrocław

Addresses and details of the individual companies can be found here.
Each company is a separate controller with respect to the data it processes.
This privacy policy applies to each controller

2. GENERAL PROVISIONS

We pay particular attention to respecting the privacy of users visiting the Internet Service (hereinafter: the „Service”),
and for this reason we take the utmost care to ensure that the Data Controller ensures the security of the personal
data provided and its processing in accordance with the provisions of applicable law, and in particular with the
Personal Data Protection Act of 10 May 2018 Journal of Laws 2018 item 1000, and Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter:
„GDPR”), and the Personal Data Protection Act of 10 May 2018 (item 1000), as well as the regulations implementing it,
i.e., inter alia the Act of 21 February 2019 on amending certain acts in connection with ensuring the application of
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data and repealing Directive
95/46/EC and the Act of 6 July 1982 on legal advisers (i.e. Journal of Laws 1982 no. 19 item 145 as amended), as well
as the Act of 18 July 2002 on providing services by electronic means (Journal of Laws 2002 no. 144 item 1204).


This privacy policy may only apply to this website and shall not apply to other websites to which we merely refer by
means of a hyperlink. We shall not be responsible for the confidential processing of your personal data on these third
party websites, as we have no influence on whether these companies comply with data protection regulations. Please
refer directly to these websites for information on how these companies process your personal data.

3. CATEGORIES OF PERSONAL DATA PROCESSED

We may collect the following categories of personal data:

  1. Information collected when a user visits the website – when visiting our website,
  2. Technical information (when you access this website and our technology services) and online data – when you
    visit our website,
  3. data provided via a contact form when you send a message through some of our websites (i.e. Media Plus,
    Value Media, Salestube, RL Media, Change Serviceplan, Media Ready, HMMH, 2LM, GrowNow),
  4. business information,
  5. data necessary for the conclusion and performance of the agreement and appendices (mainly address data),
  6. data necessary for billing purposes,
  7. contact details,
  8. information from public sources,
  9. information related to investigations or proceedings and the credibility and criminal record of a given entity
    (which is related to the topics of compliance and anti-money laundering,
  10. attendance documents (in case of visits to our office),
  11. subscriptions, if any,
  12. if you have given your consent to something, any information relating to the giving or withdrawal of consent,
  13. data relating to events (e.g. attendance),
  14. data relating to visits to our social media profiles,
  15. identification data (if you access one of our tools),
  16. data of potential job applicants (left via a form on the website or otherwise submitted).

We do not collect personal information about your online activities on third party websites or online services.

4. PURPOSES AND LEGAL BASIS OF PROCESSING

The data is processed for the following purposes:

  1. the conclusion and performance of the agreement for the provision of services with the user (Article 6(1)(b) of the GDPR),
  2. issuing and storing invoices and accounting documents (Article 6(1)(c) of the GDPR),
  3. archiving data (Article 6(1)(c) of the GDPR),
  4. maintaining and establishing communication with the user: sending e-mails, other messages to inform about legal amendments, the market situation and our services, as well as establishing and maintaining business relations (Article 6(1)(b) of the GDPR),
  5. carrying out marketing and advertising campaigns commissioned by the customer (Article 6(1)(b) of the GDPR or Article 6(1)(a) of the GDPR, as the case may be),
  6. Fulfilling the Controller’s legitimate interest, i.e:
    1. analysing and profiling data for marketing purposes concerning products and services (Article 6(1)(f) of the GDPR),
    2. analysing and profiling data for marketing purposes regarding third parties’ products and services (Article 6(1)(a) of the GDPR in conjunction with Article 6(1)(f) of the GDPR),
    3. managing the relationship with the customer or his/her company/organisation, including establishing and maintaining contact with the customer/user (Article 6(1)(f) of the GDPR),
    4. website monitoring: to check that the website and our other technological services are being used appropriately and to optimise their functionality (Article 6(1)(f)),
    5. maintaining online security: to protect our information resources and technology platforms from unauthorised access or use and to monitor for malware and other security risks (Article 6(1)(f),
    6. maintaining business relationships: to manage and administer our relationship with you, your business or organisation, including keeping records of business contacts, services and payments in order to tailor offers and develop the business relationship and to target marketing and promotional campaigns (Article 6(1)(a) of the GDPR in conjunction with Article 6(1)(f) of the GDPR),
    7. recruiting new employees (Article 6(1)(a) of the GDPR in conjunction with Article 6(1)(f) of the GDPR),
    8. organising and delivering events (Article 6(1)(a) of the GDPR in conjunction with Article 6(1)(f) of the GDPR), possibly Article 6(1)(b) of the GDPR depending on the event and its purpose and source),
    9. ensuring conformity with compliance regulations, in particular for the purposes of anti-money laundering, control, sanctions and other regulations relating to the prevention and detection of crime, and regulatory requirements and the prevention of fraud and crime (Article 6(1)(f) of the GDPR).

5. INFORMATION ON DATA RECIPIENTS

The recipients of the data are only authorised persons processing the data upon the Controller’s order. The data may
be disclosed to external entities providing and supporting the Controller’s ICT systems, or to other entities providing
services related to the current activity of the Controller, pursuant to relevant agreements on the entrustment of
personal data processing and with the assurance of adequate technical and organisational measures ensuring data
protection by the above mentioned entities. Your data may also be disclosed to entities entitled to obtain such data on
the basis of applicable law, e.g. to law enforcement agencies in the event of a request made by such an authority on
the appropriate legal basis (e.g. for the purposes of ongoing criminal proceedings).
Data may also be shared with other members of the Group One group of companies to the extent necessary for the
performance of the agreement or the legitimate interest of the group of companies (in particular for administrative
purposes) i.e:

  1. an IT company,
  2. an advertising agency,
  3. a creative agency,
  4. a marketing agency,
  5. an ecommerce agency
  6. an event agency,
  7. a digital agency,
  8. an interactive agency,
  9. entities providing mass mailing services,
  10. a hosting company,
  11. web developers,
  12. IT specialists,
  13. accountants,
  14. the management, lawyers, employees and authorised counterparties of members of the Group One group of companies, in particular if employee or customer data is involved.

6. PROFILING AND AUTOMATED DECISION-MAKING

We inform you that your data may be subject to profiling, but not to automated decision-making.

Possible profiling is done for marketing purposes and to establish a business relationship.

7. DATA SUBJECTS’ RIGHTS

Each person subject to data processing has the following rights:

  1. to withdraw consent at any time – without affecting the lawfulness of the processing carried out on the basis of consent,
  2. not to be subject to a decision based solely on automated processing (including profiling),
  3. to object to data processing, which is the data subject’s right to object to further processing on grounds relating to his/her particular situation (concerns only Article 6(1)(e) and (f) of the GDPR),
  4. to ractify the data, giving the possibility to demand its immediate rectification and to complete incomplete data by submitting an additional declaration,
  5. the right of access which is given to the data subject to request from the controller appropriate information on the data being processed, and to obtain confirmation as to whether or not personal data relevant to the data subject are being processed,
  6. to lodge a complaint to the supervisory authority – each data subject shall be entitled to lodge a complaint to the Office for Personal Data Protection, if he/she considers the processing of personal data concerning him/her to be in breach with the GDPR or the Act on the Protection of Personal Data,
  7. to erase or restrict processing of data, constituting the right to request the restriction of processing in the cases referred to in Article 18 of the GDPR and the right to request the controller to immediately erase the data of the data subject pursuant to Article 17 of the GDPR,
  8. to transfer the data – the possibility to receive personal data concerning the data subject in a structured, commonly used and machine-readable format and to transmit such data to another controller,
  9. right to receive appropriate information provided upon request – i.e. the right to receive information as to whether or not data are actually being processed and to receive a copy of the data, as well as to receive information on other matters laid down in Article 15 of the GDPR,
  10. so called right to be forgotten – the right stipulating that at the request of data subjects, their data shall be immediately deleted from the controller’s systems,
  11. right to be informed of any incident constituting a personal data breach.

8. DEADLINE FOR FULFILLING THE REQUEST

Necessary information is provided without undue delay (especially in case of violations of the personal data protection regulations), but the applicable regulations impose a deadline of one month for us to provide information.

9. PROCESSING ENTITIES

If appropriate in your case, under the relevant agreement, your data may be entrusted for processing to:

  1. Group One companies, for the purposes of fulfilling the agreement with the customer,
  2. advertising networks and providers of analytics services: to support and display advertising on our website, apps and other social media tools, including the entities such as Google or Facebook, depending on where the data comes from and what the processing concerns,
  3. suppliers: who support our business, including IT and communications suppliers, web developers, marketing, advertising, creative, digital, events, accountancy or other agencies who work with Group One,
  4. recruitment agencies, where we recruit new employees through third parties.

10. DATA RETENTION

We store personal data in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data is collected and further processed, i.e. for the duration of the agreement between the Controller and the user, for example. The duration of personal data stored is therefore limited to the strict minimum.

Furthermore, as soon as the data is no longer required, e.g. for the display of the website, it will be deleted. The collection of data for the purpose of providing the website and the storage of data in files is absolutely necessary for the operation of the website. Therefore, the user cannot object to this. Further storage may take place in individual cases if required by law.

We determine the period of data processing in the first instance on the basis of the law as well as the legitimate interest of the controller and this may vary depending on the category of data.

As a general rule, therefore, this will be the period appropriate to the period of limitation for claims arising from the type of case entrusted (i.e. 6 years in consumer cases, and 3 years for periodic and economic benefits).

The data retention periods appropriate to each category are set out in the data retention policy. For more detailed information please contact the Data Protection Inspector: iod@groupone.com.pl.

11. DIRECT MARKETING

We may also use the information you provide through the website or otherwise for direct marketing purposes, i.e. to enable the delivery of newsletters, emails and other communications and to inform you about possible legal changes, market developments and our services, including events which we think may be of interest to you.

However, you can opt out of receiving direct marketing from us at any time by changing your marketing preferences on the online account settings website: groupone.co.uk or by contacting the Data Protection Inspector.

12. DATA TRANSFER

Please be informed that the data shall not be transferred to third countries, i.e. countries outside the European Economic Area, or to any other European country.

As a rule, data processing shall take place only on the territory of Poland.

An exception to this rule may be the case when the server of a given website or the source of a service provided by us is located in another country (e.g. in case of the entities such as Google or Facebook).

13. DATA PROTECTION INSPECTOR

  1. Salestube: iod@salestube.pl
  2. Labcon: iod@labcon.pl
  3. RL Media: iod@rlmedia.pl
  4. Value Media: iod@valuemedia.pl
  5. Mediaplus Warsaw: iod@mediaplus.pl
  6. Change Serviceplan: iod@changeserviceplan.pl
  7. Media Republic: iod@mediarepublic.pl
  8. Gong: iod@gong.pl
  9. Group One: iod@groupone.com.pl
  10. Mediaplus Medianest: iod@grouponemedia.pl
  11. GrowNow: iod@grow.pl
  12. Plan.Net Technest: iod@technest.pl
  13. Media Ready: iod@mediaready.pl
  14. Get Louder: iod@getlouder.pl
  15. 2LM: iod@2lm.pl
  16. Game Changer: iod@game-changer.pl
  17. HMMH: iod@hmmh.pl

14. CONTACT

If you wish to be contacted regarding the exercise of a particular right, or for any other matter relating to the processing of your personal data that is taking place, please contact us by telephone or send a message to the following address:

iod@grow.pl
contact phone: +48 22 203 60 00

15. COOKIES

Cookies are small files consisting of letters and numbers that are downloaded to your device when you use a website.

We use cookies in the scope of our websites so as to make their use functional and user-friendly. We also use cookies to create statistics and to verify the use of these websites.

Due to the lifespan of cookies and other similar technologies, we use two main types of these files:

a) session files – temporary files stored in the user’s end device until logging out, leaving the Internet Portal or switching off the software (web browser);

b) permanent files – stored in the end user’s device for the time specified in the parameters of cookies files or until they are deleted by the User.

By contrast, based on the purpose of cookies and other similar technologies, we use the following types of cookies:

a) cookies necessary for the operation of the service – enabling the use of our services, e.g. authentication cookies used for services that require authentication; cookies used to ensure security, e.g. used to detect abuse of authentication;

b) performance cookies, which enable the collection of information on how websites and applications are used;

c) functional cookies – making it possible to „remember” the user’s selected settings and to personalize the user’s interface, e.g. with regard to the chosen language or region from which the user comes from, font size, appearance of the website and applications, etc.

d) advertising cookies – making it possible to provide users with advertising content more suited to their interests,

e) statistical cookies – used for counting web portal statistics

The settings in web browsers are usually programmed to accept cookies by default, but you can easily adjust them by their changing. If you choose to disable cookies in your browser, you may not be able to use all the functionalities offered by the Website. More information about the cookie settings in individual browsers can be found on the sites of the browsers themselves, including but not limited to:

a) Internet Explorer

b) Mozilla Firefox

c) Chrome

d) Opera.

You can find information on cookies e.g. at wszystkoociasteczkach.co.uk, or in the Help section in the menu of an Internet browser, as well as in our cookies policy depending on which of our websites you use:

  1. Salestube: https://www.salestube.pl
  2. Labcon: https://www.labcon.pl
  3. RL Media: https://rlmedia.pl
  4. Value Media: https://valuemedia.pl
  5. Mediaplus Warsaw: https://www.mediaplus.pl
  6. Change Serviceplan: https://www.changeserviceplan.pl
  7. Media Republic: https://mediarepublic.pl
  8. Gong: https://www.gong.pl
  9. Group One S.A.: https://groupone.pl
  10. Mediaplus Medianest: https://groupone.pl
  11. Media Ready: https://www.mediaready.pl
  12. Get Louder: https://www.getlouder.pl
  13. TechNest: https://www.technest.global
  14. GrowNow: https://www.grownow.pl