Enigma Pattern

Privacy Policy

Updated on July 12th 2019

Who we are

Enigma Pattern Sp. z o.o. as the controller of personal data (hereinafter referred to as the "Controller") operates site (hereinafter referred to as ""). Controller is registered in Poland under company numbers: REGON: 368041005, KRS: 0000691017, NIP: 9471991928. Registered office is in Łódź (postal code: 91-341), on Brukowa 12 street, in Poland.

Data Privacy Notice 

The Controller takes special care about protecting the privacy and confidentiality of personal data entered by users in electronic forms available on . The principles of this protection and confidentiality are defined in this Privacy Policy.

Contacting the Data Protection Office is possible via email address: .

The Controller selects and uses appropriate technical and organizational measures to protect the personal data processed. Full access to the databases is only granted to persons duly authorized by the Controller.

How we collect your private data and what is the legal basis for that

Personal data is processed by the Controller in accordance with the law, in particular in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (hereinafter referred to as "GDPR") in order to:

  • answer questions asked via contact form available at (pursuant to Article 6 Paragraph 1(b) GDPR);
  • use the newsletter service (Article 6 Paragraph 1(a) GDPR);
  • conduct a recruitment process (Article 6 Paragraph 1(a) and 1(c) GDPR);
  • analyse traffic on website;

The Controller collects your data directly from you, also automatically by HTTP server and via “cookies”. Providing personal information is voluntary.

The user should not provide the Controller with personal data of third parties. If the user provides such data, it means that the user declares that there is a consent of the third party to transfer that data to the Controller.

What data do we process

General information, IP addresses and cookies

In order to evaluate the use of the website, the Controller registers general information when you access This information includes, e.g. the type of web browser, the used operating system, the domain names of your Internet service providers, etc. None of this information can be used to gather personal data. It is the same information that is generated when you access any other web page. This kind of information is anonymous and is evaluated statistically.

The Controller also collects visitors IP addresses and cookies. For technical purposes related to server administration and for statistical purposes described more in the next paragraph. uses Google Analytics, an  analytics service provided by Google Inc. (following: Google). Google Analytics uses "cookies", ie text files that are stored in your Web browser that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In most cases your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to prepare reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.

Personal data

The data provided by users, in online forms:

  • Candidates: first name, last name, e-mail address, resume (and all data provided in resume) - it will be saved in our applicant management system.

  • People asking for contact: name, e-mail address.

  • People subscribing for the newsletter: e-mail address.

Please remember that data that you provide to us via our website is not the only source of information about you. We may obtain your personal data from third parties, such as LinkedIn and other job sites, Facebook, YouTube or Twitter. Especially if you decide to like or follow us. On those platforms, the terms and conditions and the privacy policies of those parties apply.  

To whom we disclose your data?

The Controller does not share your data unless otherwise stated. 

Users' data can be made available to entities authorized to receive the data under applicable law, including the relevant judicial authorities. By entering your personal details into online forms, you may be asked to agree to transfer your personal data to third party service providers with whom the Controller has concluded appropriate agreements to process it. Those are mainly partners providing technical services (development and maintenance of IT systems and websites). Your personal data may be transferred to a third party country/international organization.

Your data may be processed on servers located outside of the country of your residence.

Your personal data may be transferred outside the European Economic Area to a third party country, i.e. the USA, to subjects fulfilling a required protection level based on the European Commission’s decision from 12 July 2016, the so-called Privacy Shield.

This means that your data shall be transferred only to subjects that comply with the rules determined by the United States Department of Commerce within the EU-US Privacy Shield Framework programs regulating collecting, using and storing personal data from the Member States of the European Union.

In an event of sending data from the EU area to other countries, e.g. the United States, data processors comply with the law regulations that ensure an analogical level of security to that of the European Union’s regulations.

The period during which the personal data is stored

Personal data is stored only for the period necessary to achieve a particular purpose for which it was sent, unless the law provides otherwise.

In the case of a newsletter - personal data is processed until the user’s consent (to the use of personal data in order to receive the newsletter) is withdrawn.

In the case of a recruitment process - personal data is processed in the period of ten years after the completion of the recruitment process.

Your rights

According to art. 15- 22 of GDPR, each user whose personal data is processed by the Controller, has the rights specified below:

  1. Right of Access - Upon request, Controller will inform the user whether and which personal data is saved about the user and how it is processed, according to the applicable laws. Controller can ask the user to verify user’s identity or provide additional information about the application. Controller can refuse the application only if the law allows it, justifying this decision.

  2. Right to rectification - If Controller has incorrect information, Controller will correct it, after discovering mistakes, without undue delay.

  3. Right to restriction of processing or erasure (‘right to be forgotten’) - In some cases (for example in the event of unlawful processing of the personal data) user has the right to request the restrict processing or erasure of user’s personal data.

  4. Right of data portability - User can get a copy of the personal data being processed. User also has the right to transfer user’s data from Controller to another data controller. Always in a commonly used machine-readable format.

  5. Right to object to processing

  6. Right to withdraw consent  - at any time without affecting the lawfulness of the processing, which was made on the basis of consent before its withdrawal.

The rights specified above paragraph may be exercised by sending a relevant request stating the user's name and e-mail address to .

The Controller will respond to all requests related to personal data processing within 30 days (although in some cases Controller may have the right to extend this period). Only if certain limited conditions apply, Controller will not agree with you.

The user has the right to appeal to a supervisory authority where he considers that the processing of personal data violates the GDPR provisions:
The Bureau of the Inspector General for the Protection of Personal Data - GIODO
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 53 10 440
Fax +48 22 53 10 441
e-mail: ;

Data Protection Officer

Enigma Pattern Sp. z o.o.
Brukowa 12
91-341 Łódź