LLI PRIVACY POLICY

Effective date: January 11, 2022 

Current version: October 15, 2025

PURPOSE OF THIS PRIVACY POLICY

This Privacy Policy sets out the rules for the collection, use and other forms of processing of Personal Data by Łukasz Łażewski Informatics SKA, with registered seat in Warsaw, address: ul. Goleszowska, 3 / C101, 01-249 Warsaw; NIP: 5272985142, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS number: 0000944155, e-mail: contact@llinformatics.com (“LLI”), acting as the Data Controller; as well as the rights of natural persons whose data are processed.

LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA

The processing of Personal Data by LLI is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

WHAT CONSTITUTES PERSONAL DATA

In this Privacy Policy, “Personal Data” means any information relating to identified or identifiable natural person (“Data Subject”) who can be identified directly or indirectly, in particular by reference to an identifier such as a name and surname, identification number, location data or an online identifier. Personal Data also includes information relating to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. 

This Privacy Policy provides information on how we may process special categories of Personal Data, in accordance with Article 9 of the General Data Protection Regulation (“GDPR”). These Personal Data are subject to stricter protection and are generally prohibited from being processed unless specific legal grounds apply. Special categories of Personal Data include information revealing: Racial or ethnic origin, Political opinions, Religious or philosophical beliefs, Trade union membership, Genetic data, Biometric data (used for uniquely identifying a natural person), Data concerning health (physical or mental), Data concerning a person’s sex life or sexual orientation. This Privacy Policy also informs about the conditions under which we may process Personal Data relating to criminal convictions and offences, in accordance with Article 10 GDPR.

HOW WE COLLECT PERSONAL DATA

We collect Personal Data directly, including from Clients who commission us to provide services, visitors to the https://www.llinformatics.com, including all associated subdomains (“Website”), our subcontractors and service providers, individuals applying for a job at LLI, and those who contact us via e-mail or the “Contact” tab on the LLI website. We also collect and process Personal Data in connection with participation in Events such as webinars, conferences, training sessions, and other professional gatherings organized or co-organized by LLI or its Clients, including for the purposes of registration, communication, and follow-up.

We may also collect Personal Data indirectly. This includes situations where we process data in the course of providing professional services to our Clients, such as the employer or the recipient of services of the Data Subject. In some cases, we also obtain Personal Data from publicly available sources, in accordance with applicable data protection laws and based on a valid legal basis. 

WHY WE PROCESS PERSONAL DATA

LLI processes Personal Data for the various purposes described in this Privacy Policy. All processing activities are carried out in accordance with applicable data protection laws, including the GDPR, and are based on a valid legal basis.

LLI may, among others, process Personal Data for the following purposes:

  • conclusion, performance and continuation of contracts e.g. for the provision of services offered by LLI (Art. 6(1)(b) GDPR);
  • compliance with legal obligations incumbent on LLI (in particular: obligations related to employment, accounting, tax archiving, and complaint handling) (Art. 6(1)(c) GDPR);
  • establishment, exercise, or defense of legal claims (Art. 6(1)(f) GDPR);
  • direct marketing, including sending newsletters and information about services or Events, based on consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR);
  • recruitment processes, including the assessment of qualifications and suitability of candidates – based on the necessity to take steps prior to entering into an employment contract (Art. 6(1)(c) GDPR or Art. 6(1)(b) GDPR) and, where applicable, based on the candidate’s consent for processing optional or sensitive data (Art. 6(1)(a) and Art. 9(2)(a) GDPR);
  • participation in Events such as webinars, conferences, training sessions, and other professional gatherings organized or co-organized by LLI — including for registration, communication, follow-up, and feedback collection – based on the performance of a contract or LLI’s legitimate interest (Art. 6(1)(b) or Art. 6(1)(f) GDPR);
  • creation and publication of content, including audio and/or video materials (e.g. podcasts), based on original scripts and published on platforms such as Slack, Instagram, LinkedIn, Facebook, or X (formerly Twitter), provided that appropriate consent has been obtained where required – based on consent where required (Art. 6(1)(a) GDPR);
  • compilation of internal analyses and statistics, including for service improvement and business development – based on LLI’s legitimate interest (Art. 6(1)(f) GDPR);
  • verification of payment credibility and fraud prevention – based on LLI’s legitimate interest in ensuring secure transactions (Art. 6(1)(f) GDPR);
  • provision of technical and customer support – based on the performance of a contract or LLI’s legitimate interest in ensuring service quality (Art. 6(1)(b) or Art. 6(1)(f) GDPR);
  • general business cooperation and communication with clients, partners, and suppliers – based on LLI’s legitimate interest in maintaining professional relationships (Art. 6(1)(f) GDPR);
  • initial contact and communication – based on LLI’s legitimate interest in responding to inquiries and initiating business relationships (Art. 6(1)(f) GDPR). At the initial stage, LLI may process selected contact details, resulting, for example, from the data provided in the completed contact form, in particular: name, surname, e-mail address, telephone number, job title, and company name;
  • processing of Personal Data obtained from publicly available sources, such as public registers, professional websites, or social media – based on LLI’s legitimate interest in verifying business partners, identifying potential clients, or conducting business development activities, in accordance with applicable data protection laws (Art. 6(1)(f) GDPR or Art. 6(1)(a) or Art. 6(1)(b)).

Where applicable, LLI may also process special categories of Personal Data (as defined in Article 9 GDPR), but only if one of the exceptions provided by law applies — for example, when the Data Subject has given explicit consent, or when processing is necessary for the establishment of legal claims, or for compliance with employment or social protection law. Such processing is always subject to appropriate safeguards.

Following the potential commencement of cooperation with LLI, we may also process additional Personal Data voluntarily provided by you.

DATA RETENTION PERIODS

LLI retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. The retention periods vary depending on the category of Personal Data and the purpose of processing. Where specific retention periods cannot be determined, LLI applies criteria based on legal, contractual, and operational requirements.

Retention periods include:

  • Event participation data (e.g. webinars, conferences): up to 12 months after the Event, unless longer retention is required for follow-up or legal purposes;
  • newsletter and marketing communication data: until the Data Subject withdraws consent or remains inactive for 24 months;
  • recruitment data: up to 6 months after the recruitment process ends, unless the candidate consents to longer retention;
  • Client and service-related data: retained for the duration of the contract and for up to 5 years thereafter, in accordance with accounting and tax regulations;
  • Supplier data: retained for the duration of the business relationship and for up to 5 years after its termination, unless longer retention is required by law;
  • CRM contact data: removed after 36 months of inactivity, unless retention is justified by ongoing business interest or consent.

Data Subjects may request the erasure of their Personal Data at any time, subject to applicable legal exceptions.

RIGHTS REGARDING PERSONAL DATA

In accordance with GDPR, Data Subjects have the following rights: 

  • the right to access your Personal Data processed by LLI;
  • the right to rectification of your Personal Data, for example if it is incomplete or inaccurate;
  • the right to object to the processing of your Personal Data or to request restriction of processing, under certain conditions;
  • the right to erasure of your Personal Data (“right to be forgotten”), where applicable;
  • the right to data portability, i.e. to receive a copy of Personal Data You provided to LLI in a structured, commonly used and machine-readable format, and to transmit it to another controller, where technically feasible;
  • the right to confirmation of processing and access to information required under the GDPR.
  • the right to withdraw consent at any time, where the processing is based on your consent (e.g. for optional recruitment data);
  • the right to opt out of receiving marketing communications at any time;
  • the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (UODO), ul. Moniuszki 1A, 00-014 Warsaw, Poland.

TRANSFER OF PERSONAL DATA

We transfer or disclose the Personal Data we collect to third-party support providers (and their subsidiaries and affiliates) who are involved in internal support processes. For example, we engage support providers to provide: 

  • general office support, including printing, document creation and management, archiving, and translation services;
  • support in the field of accounting, finance and billing;
  • IT functions, including system management and security, data storage, business applications, voicemail and system replication for business continuity / disaster recovery;
  • conflict checking, risk management and quality reviews.

According to our policy, we use only support providers who are required to maintain an adequate level of data protection, security and confidentiality, and who comply with all applicable legal requirements regarding the transfer of Personal Data outside the jurisdiction in which it was originally collected. 

Where Personal Data is transferred to countries outside the European Economic Area (EEA), LLI ensures that such transfers comply with Chapter V of the GDPR. This includes:

  • transfers to countries for which the European Commission has issued an adequacy decision (Article 45 GDPR);
  • transfers subject to appropriate safeguards, such as Standard Contractual Clauses, Binding Corporate Rules, or other mechanisms approved under Article 46 GDPR;
  • in specific cases, transfers based on derogations under Article 49 GDPR, such as the explicit consent of the Data Subject or where the transfer is necessary for the performance of a contract or the establishment, exercise or defence of legal claims.

For data collected within the EEA or about Data Subjects within the EEA, the LLI requires an appropriate data transfer mechanism if this is necessary to comply with applicable law. LLI assesses the risks associated with international transfers and ensures that enforceable rights and effective legal remedies are available to Data Subjects.

LLI discloses Personal Data:

  • if it is appropriate in the context of achieving the purposes described for the processing of Personal Data, including within the LLI organization;
  • if required by applicable law;
  • in connection with the reorganization or merger of our organization with another enterprise;
  • if we believe such disclosure is justified in order to enforce or apply terms of cooperation or other agreements, or to protect and defend the rights, property or safety of LLI;
  • to comply with a court proceeding, court order, or other legal obligation, or inquiries made by a regulatory or government authority, or
  • with the consent of the Data Subject.

We would like to highlight the fact that in certain jurisdictions, the LLI has a legal obligation to report suspicious transactions and other activities to the relevant regulatory authority under anti-money laundering, terrorist financing, insider dealing or related laws. In addition, the LLI reports suspected criminal activity to the police and other law enforcement agencies. The law does not always allow the Data Subjects to be informed about this prior to disclosure or at all.

The external recipients of Personal Data include:

  • professional advisers (law firms, tax advisers and statutory auditors);
  • insurers;
  • bodies supervising the activity of statutory auditors;
  • tax and customs authorities and authorities collecting excise duty;
  • regulatory and other professional bodies;
  • stock exchange and listing authorities;
  • public records of company directors and shares;
  • identity verification service providers;
  • credit reference agencies;
  • courts, police and law enforcement.
  • government departments and agencies.
  • service providers.
  • support service providers.

DATA PROCESSING CONCERNING MINORS

Our Website is not intended for use by minors under the age of sixteen (16). In accordance with Article 8 of the GDPR, LLI does not knowingly collect, disclose or sell Personal Data of individuals under the age of 16 without the verifiable consent of a parent or legal guardian. 

If you are under the age of 16, please do not provide any personal information, even if prompted. If you believe that you have provided your Personal Data inadvertently, please ask your parents or legal guardians to notify us and we will delete your Personal Data.

LLI takes reasonable steps to verify that any consent provided in relation to the processing of Personal Data of minors under 16 has been given or authorised by the holder of parental responsibility.

BEHAVIOURAL TARGETING AND COOKIES POLICY

We may work with third parties to display advertisements for LLI products on our Websites and to manage our advertisements on other websites that are not owned by LLI. 

We and our third party partners may use technologies, such as cookies, racking pixels, and beacons, to collect information about your activities on the Website and other websites in order to provide you with advertising based on your browsing activities and interests. 

In accordance with the GDPR and the ePrivacy Directive, we only activate non-essential cookies (including marketing and analytics cookies) after obtaining your explicit, informed consent. You can manage your cookie preferences at any time via our cookie settings panel.

Some of the cookies we use come from third parties such as Adobe Analytics, Google Analytics, Hubspot, Marketo Munchkin Tracking, AS Remarketing, Xing, Linkedin Analytics and Yoptima. These companies use programming code to collect information about your interaction with our sites, such as the pages you visit, the links you click, and the time you spend on our sites. This code is only active when you use LLI pages and only after you have given consent. 

More information on how these companies collect and use information on our behalf can be found in their privacy policies: Adobe (Adobe Privacy Center), Google (Google Privacy & Terms), Hubspot (Hubspot Privacy Policy), Marketo (Marketo Privacy Policy), AS Remarketing (Advanced Remarketing Services), Linkedin (Linkedin Privacy Policy), Xing (Xing Privacy Policy), Yoptima (Yoptima Privacy Policy).

You can also refer to the technical information of your browser or mobile device for instructions on how to delete and disable cookies and other tracking tools. Please note that if you access websites on your mobile device, you may not be able to control all tracking technologies through your settings.

The only way to completely “opt-out” of any information being collected by cookies or other tracking technology is to actively manage the settings on your browser or mobile device. However, withdrawing consent may affect the functionality of the Website.

AUTOMATED DECISION-MAKING AND PROFILING

Personal Data may be processed in an automated manner, including profiling. Profiling refers to any form of automated processing of Personal Data that involves the use of such data to evaluate certain personal aspects of an individual, such as preferences or interests, for example in relation to job offers.

The consequence of such processing may be a significant impact on the user, particularly in the context of marketing activities. For example, profiling may result in users being informed about products, services or promotions offered by LLI or its partners.

In accordance with Article 22 of the GDPR, users have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them, unless:

  • the decision is necessary for entering into or performing a contract;
  • the decision is authorised by Union or Member State law;
  • the user has given explicit consent.

In such cases, LLI ensures that appropriate safeguards are in place, including the right to:

  • obtain human intervention;
  • express their point of view;
  • contest the decision.

Users may object at any time to the processing of their Personal Data for direct marketing purposes, including profiling to the extent that it is related to such marketing. Where required, LLI conducts a Data Protection Impact Assessment to evaluate the risks associated with automated decision-making and profiling.

DATA SECURITY AND PROTECTION MEASURES

LLI protects the Personal Data against unauthorized access, disclosure, alteration, and destruction. In particular, LLI implements appropriate technical and organizational measures in accordance with Article 32 of the GDPR, including:

  • data encryption;
  • physical security measures;
  • access control and authentication mechanisms in IT systems;
  • antivirus software and firewalls.

Access to Personal Data is granted only to authorized individuals who are bound by confidentiality obligations, as well as subcontractors who have entered into data processing agreements with LLI in accordance with Article 28 of the GDPR. Forms completed during registration or when ordering services, as well as the login process, are secured using the SSL protocol. All Personal Data is stored and processed using appropriate safeguards that meet the requirements EU law. LLI regularly reviews and updates its security measures to ensure the highest level of data protection. In accordance with Articles 33 and 34 of the GDPR, LLI is obliged to notify the relevant supervisory authority and, where applicable, the Data Subjects in the event of a Personal Data breach. LLI applies the principles of privacy by design and by default.

CYBERSECURITY AND REGULATORY COMPLIANCE

In accordance with the Digital Operational Resilience Act (DORA), the NIS 2 Directive, LLI implements appropriate technical and organisational measures to ensure the security and resilience of its information systems and the protection of Personal Data. These measures include continuous risk assessment, vulnerability management, incident detection and response procedures, and business continuity planning. LLI also monitors and evaluates third-party ICT service providers to ensure compliance with contractual and regulatory requirements. In the event of a cybersecurity incident or Personal Data breach, LLI will notify the competent supervisory authority and affected Data Subjects, where required by law. 

DISPLAYING CUSTOMER FEEDBACK

In addition to other recommendations, we may display personal reference of satisfied customers on our Website. With your consent, we can publish your reference along with your name. If you want to update or delete your reference, feel free to contact us at: contact@llinformatics.com.

CHANGES TO THIS PRIVACY POLICY

If we make changes to the content of this Privacy Policy, we will revise the date of the last update at the top of this document. In the event of significant changes to the way we collect, use or share Personal Data, we will notify you by posting a notice on our Website, and where appropriate, via direct communication (e.g. email), in accordance with Articles 13 and 14 of the GDPR. 

We recommend that you check the content of this Privacy Policy at regular intervals to stay informed about any updates to this Privacy Policy.

If you have any questions regarding the processing of your Personal Data, please contact LLI’s Data Protection Team. Your inquiry will be forwarded to the appropriate person or department within our organization. 

If you believe that this Privacy Policy does not address an issue important to you, feel free to contact us at: contact@llinformatics.com.

DETAILED PRIVACY PROVISIONS

WEBSITE USE

Information Provided Voluntarily

We collect Personal Data that is voluntarily provided via our Website. This  includes situations where a visitor fills in the online contact form, subscribes to our newsletter, participates in surveys or registers for Events organized by us, such as webinars, training sessions, or conferences. The information collected may include:

  • name, surname, job title, position;
  • name of the company or organization;
  • company-related information;
  • contact details, including email address and phone numbers;
  • demographic information such as postal code, preferences and interests;
  • information provided in the context of customer or market research surveys;
  • information submitted via Event registration forms;
  • information necessary for the provision of our services;
  • any other Personal Data that you voluntarily choose to provide.

We do not intentionally collect Personal Data belonging to special categories (as defined in Article 9 of the GDPR), unless you provide us with such Personal Data. Although the Website may contain free text fields where you can enter any information, we do not intend to process any sensitive information. The user is not obliged to provide and should not disclose Personal Data belonging to special categories in free text fields. If you choose to provide any Personal Data belonging to special categories, such as information concerning your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, or data concerning your sex life or sexual orientation, please note that we will only process such Personal Data based on your explicit consent and solely for the purposes for which it was provided. If you do not provide such consent, or if the data is not required for the intended purpose or applicable law, the information will be promptly and securely deleted.

If you register on our Website, your Personal Data will be stored in our CRM system in accordance with applicable data protection laws. Personal Data of individuals who have not actively interacted with LLI in the past 36 months will be removed from our CRM systems, in accordance with our data retention policy. If you unsubscribe from receiving LLI publications, we will retain your basic contact details on our suppression list solely to ensure that you are not contacted again, in line with our legal obligation to respect your preferences.

Information Collected Automatically

When you visit our Website, we automatically collect certain Personal Data from your device. This data may include your IP address, device type, unique device identification, browser type, general geographic location (e.g. country or city) and other technical information. We may also collect information about your interactions with our Website, such as pages visited and links clicked. This data is collected through cookies and similar tracking technologies, as described in our Cookie Policy.

In accordance with the GDPR, we process this data under the following legal bases:

  • without your consent, where the use of cookies and similar technologies is strictly necessary for the operation of the Website (e.g., session cookies that enable core functionality and security).
  • with your explicit consent, for all other purposes, including analytics, personalization, and marketing. You will be asked to provide this consent when you first visit our Website, and you may withdraw it at any time.

The information collected helps us understand our visitors better, including their geographic origin and the content that interests them. We use this data to improve the performance, relevance, and quality of our Website.

Our Website uses Google Analytics (“Google”) to generate reports, visualizations and traffic analysis. Google may process certain technical data, such as  your IP address and device identifiers, to help us understand how users interact with our Website. We do not intentionally transmit personally identifiable information such as names, email addresses, or passwords to Google Analytics. Google processes Personal Data for the following purposes:

  • to measure website traffic (e.g. pages viewed, links clicked);
  • to analyze user behavior and improve website performance;
  • to help us understand user engagement.

All data processing is carried out in accordance with the GDPR. Where required, we obtain your explicit consent before using cookies or similar technologies for analytics purposes. You can withdraw your consent at any time.

Purposes of Processing Personal Data of Website Visitors:
  • administering and managing the Website, including authenticating registered users and preventing of unauthorized access to restricted areas;
  • personalizing and enhancing the browsing experience by displaying content that may be relevant or of interest to visitors, based on their preferences and behavior — subject to prior consent;
  • analyzing visitor data to understand usage patterns and improve Website performance;
  • monitoring user navigation and interactions across the Website for statistical and operational purposes;
  • identifying the organization or affiliation of a visitor only when such information is voluntarily provided by the visitor (e.g., via registration forms);
  • developing and improving our services and business operations;
  • providing marketing communications to users who have given explicit consent;
  • conducting benchmarking and demographic analysis using aggregated and anonymized data;
  • gathering insights on how visitors use Website features and functionalities; 
  • monitoring compliance with the Website’s terms and conditions;
  • conducting quality assurance and risk management reviews;
  • supporting the coordination and management of Events organized by LLI;
  • enabling Event and communications teams to manage email campaigns including newsletters and webinar related notifications — based on user consent or on any other lawful basis permitted under applicable data protection laws;
  • allowing visitors to register for Events and a webinars.
  • enabling content downloads made available on the Website;
  • processing Personal Data for any other specific purposes for which visitors have voluntarily provided information and given consent. 
Legal Basis for Processing Website Data:
  • your explicit consent, where required (e.g., for analytics, marketing, and personalization via cookies and tracking technologies) (Art. 6(1)(a) GDPR). You may withdraw your consent at any time via our cookie settings; 
  • our legitimate interests, including: ensuring the security and technical functionality of the Website; improving the performance, usability, and relevance of Website content; understanding visitor behavior to optimize user experience; Promoting our services and brand; providing access to online resources, such as downloadable content or Event registration; monitoring compliance with Website terms and conditions; managing communications related to Website features, including newsletters and webinar notifications (Art. 6(1)(f) GDPR). 

SOCIAL MEDIA PLUGINS

Our Website uses social media plugins provided by platforms such as X (formerly Twitter), Instagram, and LinkedIn. These plugins allow users to interact with content and share it via their social media accounts. 

To comply with the GDPR and the privacy policies of the respective providers, these plugins are deactivated by default. They will only be activated if the user explicitly consents to their use via our cookie banner or settings.

Once activated, the plugin may establish a direct connection between the user's browser and the server of the social media provider. This may result in the transmission of Personal Data (such as IP address, browser details, and interaction data) to the provider. We do not control the scope of data collected or how it is processed by the provider.

If you are logged into your social media account, the provider may associate your visit to our Website with your user profile. To prevent this, we recommend logging out of your social media accounts before visiting our Website.

X (formerly Twitter) Plugin

Our Website includes functions provided by X. If you use the repost feature while logged into your X account, the pages you visit may be linked to your profile and visible to other users. X may collect data such as your IP address and browser information. If you are not logged in, clicking the X button will redirect you to the login page. We do not receive or process login credentials, and we do not have access to the data transmitted to X.

For more information, please refer to https://x.com/en/privacy.

Instagram Plugin

Our Website includes functions provided by Instagram. If you are logged into your Instagram account and click the Instagram button, the content on our Website may be linked to your Instagram profile. Instagram may associate your visit to our Website with your user account. We do not receive information about the content of the transmitted data or its use by Instagram.

For more information, please refer to https://privacycenter.instagram.com.

LinkedIn Lead Gen Forms 

We use LinkedIn Lead Gen Forms to promote sponsored content and recruitment campaigns. When users click on our LinkedIn ads, they may be shown a pre-filled form containing profile data (e.g., name, email, company, job title). Submission of this form constitutes consent to share this data with us.

For more information, please refer to: https://www.linkedin.com/legal/privacy-policy.

Legal Basis for Processing Social Media Plugins Data:

  • your explicit consent, where required (Art. 6(1)(a) GDPR). You may withdraw your consent at any time via our cookie settings;
  • our legitimate interests, including:  promoting our services and brand; recruiting qualified candidates; improving user experience and Website functionality; providing information and services effectively; managing Events and communications; developing and optimizing our Website and services (Art. 6(1)(f) GDPR). 

SERVICES PROVIDED 

When you engage with our professional services, we may collect and use Personal Data when we have lawful basis to do so, including our legitimate business interests or the performance of a contract. In providing services to our clients, LLI may also process Personal Data of individuals who are not clients (e.g. employees, clients or suppliers of our clients). This processing is carried out only to the extent necessary to deliver our services effectively. Most of the Personal Data we process is provided voluntarily by our clients or obtained from external sources at their request. Where required, we ensure that affected individuals are informed in accordance with applicable data protection laws. 

For this reason, if you are a customer of LLI, it will generally be clear to you what kind of Personal Data we process. This may include:

  • basic identification details such as name and surname, company name, job title or position and relationship to you;
  • contact details such as postal address, e-mail address, and telephone number;
  • financial information necessary for processing payments and managing billing;
  • any other Personal Data relating to you or third parties that you provide to us in order to receive our services, provided that you are authorized to share such data and we comply with applicable information obligations under data protection laws.

We process this Personal Data for the following purposes:

  • delivering and managing professional services;
  • maintaining client relationships and fulfilling contractual obligations;
  • complying with legal and regulatory requirements;
  • conducting marketing and business development activities, subject to appropriate legal basis;
  • performing documentation, statistical and analytical tasks;
  • managing invitations, newsletters, and Event communications via CRM systems.

We process Personal Data of individuals listed in our contact database, which includes former, current, and potential clients; individuals employed by or cooperating with such clients; and other professional contacts such as alumni, consultants, regulatory authorities, and journalists. This data is stored and managed in our CRM systems, which support LLI’s marketing, communication, and Event-related operations.

We may use this data to send:

  • opinion-based materials and newsletters;
  • marketing communications;
  • information about training courses and webinars,
  • surveys and invitations to participate in Events.

In connection with these activities, we process the following categories of Personal Data:

  • name and surname, job title, address, email address, telephone and fax numbers;
  • name of the employer or affiliated organization;
  • marketing and communication preferences;
  • responses to invitations and confirmations of participation in Events, including webinars.

We may process special category Personal Data in connection with certain services, but only where permitted under applicable data protection laws. For example, in some jurisdictions, providing professional services may involve processing information related to payments made by our clients, their spouses or dependents in connection with trade union membership, political affiliation, medical treatment or charitable contributions. Such Personal Data will only be processed: 

  • where the individual has given explicit consent for one or more specific purposes;
  • where the processing is necessary for the establishment, exercise or defense of legal claims;
  • or where another legal basis under Article 9 of the GDPR applies.

We ensure that all special category data is handled with appropriate safeguards, including strict access controls, data minimization, and encryption where applicable. Where data relates to third parties, we rely on our clients to ensure that such individuals are informed and, where required, have provided valid consent.

Personal Data of individuals who have not actively interacted with LLI in the past 36 months will be removed from our CRM systems, in accordance with our data retention policy. If you unsubscribe from receiving LLI publications, we will retain your basic contact details on our suppression list solely to ensure that you are not contacted again, in line with our legal obligation to respect your preferences.

Legal Basis for Processing Service Data:

  • the explicit consent of the person listed in the business contacts database (Art. 6(1)(a) GDPR). When individuals have given their explicit, informed, and freely given consent to be included in our business contact database and to receive communications about our services, Events, or updates;
  • performance of a Contract or Pre-contractual Measures (Art. 6(1)(b) GDPR). When processing is necessary to fulfill a contract with the Data Subject or to take steps at their request prior to entering into a contract (e.g., responding to service inquiries or preparing offers);
  • compliance with Legal Obligations (Art. 6(1)(c) GDPR). When processing is required to comply with legal or regulatory obligations, such as tax, accounting, or reporting duties under EU or national law;
  • legitimate Interests (Art. 6(1)(f) GDPR). When processing is necessary for the purposes of our legitimate interests, provided these are not overridden by the interests or fundamental rights of the Data Subject. This includes: Managing relationships with business contacts and clients; Providing relevant information about our services and Events; Developing and improving our Website, services, and user experience.

EVENTS PARTICIPATION 

We process Personal Data of individuals participating in meetings, conferences, webinars, other Events and educational sessions organized by LLI (“Events”). We use third-party applications to manage Event registration and communication. These applications have their own privacy policies, which we encourage participants to review before submitting their data. As part of our Event management and communication processes, we may process the following categories of Personal Data, but only to the extent necessary for organizing and delivering the Event:

  • identification data: name, surname, date of birth, sex;
  • contact details: email address, telephone number, home and business address;
  • professional data: employer name, job title, company details, website URL;
  • travel and logistics data: arrival/departure times, flight details, hotel check-in/check-out;
  • Event-specific data: registration status, participant type, dietary or accessibility requirements, previous Event attendance, media presence;
  • financial data: credit or debit card number (if applicable);
  • communication preferences: consent to receive newsletters or follow-up information related to the Event.

We do not intentionally collect sensitive Personal Data (e.g. health, religious beliefs), unless the Data Subject voluntarily provides such information, for example: dietary requirements that may indicate religious affiliation or allergies, accessibility needs (e.g. wheelchair access). Such data is processed only with explicit consent and solely to the extent necessary to ensure appropriate support during the Event.

For security reasons, participants attending LLI Events held at external venues may be asked to present a photo ID to verify their identity. This measure is based on our legitimate interest in protecting our employees, property, and confidential information, and in preventing unauthorized access. No copies of ID documents are retained unless legally required.

LLI may take photographs and make audio or video recordings during Events and webinars. These materials may include participants’ image, voice, name or other identifiers, especially if they actively engage (e.g. speak, appear on camera). Such recordings may be used for documentation, educational or promotional purposes, based on explicit consent or legitimate interest, depending on the context. Participants are informed in advance and may opt out by disabling their camera/microphone or choosing anonymous display settings, where technically feasible.

With the participant’s explicit consent, we may send newsletters or follow-up communications related to the Event, including: presentation materials, recordings, invitations to future Events. Consent may be withdrawn at any time.

Legal Basis for Processing Event Data:

  • explicit consent of the participant (Art. 6(1)(a) and, where applicable, Art. 9(2)(a) GDPR). For example, when processing sensitive data (e.g. dietary or health-related information), sending newsletters, or using image and voice recordings for promotional purposes;
  • performance of a contract (Art. 6(1)(b) GDPR). For example, to register participants, provide access to the Event, and deliver related services;
  • compliance with legal obligations (Art. 6(1)(c) GDPR). Where applicable, e.g. for accounting, tax, or reporting purposes.
  • legitimate interest (Art. 6(1)(f) GDPR). Organizing and managing Events and participant registration. Ensuring the safety of employees, property, and information, including identity verification at external venues. Promoting LLI’s services and Events through marketing communications and materials, including sending newsletters, where applicable;

SOCIAL MEDIA

LLI uses various social media platforms for recruitment, marketing and communication purposes. These platforms allow us to share information about job opportunities, upcoming Events, and our services, as well as to promote the LLI brand. 

LLI is responsible for the content it publishes via social media, but does not control the operation of these platforms, including the placement of cookies or the generation of user statistics. When using social media, users are subject to the terms of service and privacy policies of the respective platform providers. Social Media Providers may collect Personal Data of users, including analytical and behavioral data such as viewed content, likes, interactions and published posts. If user wish to access such data or to exercise their rights (e.g. the right to object or request erasure), they should contact the relevant platform directly. Some providers may share aggregated statistics with LLI such as the number of likes, shares, comments, page visits, or interactions with our content. These data are anonymized and do not allow identification of individual users.

Legal Basis for Social Media Processing: 

  • explicit consent. Where users actively engage with our content, subscribe to newsletters via social media forms, or participate in campaigns requiring Personal Data submission (Art. 6(1)(a) GDPR);
  • performance of a contract. Where social media is used to facilitate recruitment or Event registration (Art. 6(1)(b) GDPR).;
  • legitimate interest. To promote our services, communicate with users, and manage our online presence (Art. 6(1)(f) GDPR);

Please note that social media platforms act as independent Personal Data controllers. For details on how they process Personal Data, please refer to their respective privacy policies.

SECURITY MEASURES

To ensure the security and integrity of its IT systems, including email infrastructure, LLI makes use of various technical and organizational safeguards. These may include:

  • systems that automatically scan incoming electronic messages for potentially harmful attachments and URLs to prevent malware and phishing attacks;
  • endpoint threat detection mechanisms designed to identify and mitigate malicious activity;
  • content filtering solutions that restrict access to certain websites or types of content.

Electronic communication with LLI may be subject to automated scanning and analysis through these tools. In limited circumstances, this may result in the content of a message being accessed by authorized personnel within LLI who are not the intended recipients, solely for the purpose of maintaining IT security and compliance.

Legal Basis for Security Processing:

  • the legitimate interests pursued by LLI, specifically the interest in protecting its IT infrastructure from unauthorized access, data breaches, and other security threats; The legitimate interest in monitoring and analyzing email traffic to detect and respond to potential risks (Article 6(1)(f) GDPR).

RECRUITMENT PROCESS 

LLI collects and processes Personal Data of candidates in connection with recruitment activities. The scope of data collected, the purposes of processing, and the timing of collection may vary depending on the country in which the candidate applies. Generally, the Personal Data collected includes: curriculum vitae (CV), identification documents, proof of education, career and employment history, and references.

Candidate data is processed to assess qualifications, experience, and education in relation to specific job or position openings at LLI. This information is shared with relevant hiring managers and other individuals involved in the recruitment process, who may decide to invite the candidate for an interview. If the candidate progresses to further stages of the recruitment process, LLI may collect additional data, such as interview notes, evaluation results, feedback, and offer details. 

In accordance with applicable labour laws, LLI may also process special categories of Personal Data where required by law (e.g. for the purpose of ensuring workplace safety or fulfilling legal obligations related to employment). Where such processing is not based on a legal obligation, it will only be carried out with the candidate’s explicit and voluntary consent, and only if the candidate has taken the initiative to provide such data.

In certain roles, particularly those involving access to sensitive information or requiring a high level of trust, candidates may be subject to criminal background checks. Such checks are permitted only in specific sectors (e.g. finance, security) and must be based on a clear legal basis other than consent. LLI will ensure that any such checks are conducted in accordance with applicable laws and only where strictly necessary.

LLI may obtain Personal Data from the following sources:

  • directly from the candidate, including data submitted via the LLI career Website;
  • recruitment agencies, where the agency presents the candidate for a specific role;
  • publicly available online sources, such as professional profiles on LinkedIn or employer websites;
  • references, provided by former employers or individuals designated by the candidate;
  • background verification results, where legally permitted and relevant to the position.

Legal Basis for Recruitment Processing:

  • the Processing based on candidate consent. LLI may process Personal Data provided voluntarily by the candidate, including special categories of data (e.g. health-related information), only where the candidate has given explicit and informed consent (Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR);
  • processing necessary for recruitment steps prior to entering into a contract. Personal Data is processed to assess the candidate’s qualifications, conduct interviews, and take steps necessary before concluding an employment contract (Article 6(1)(b) GDPR);
  • processing of special categories of Personal Data for employment purposes. Where permitted by law, LLI may process special categories of Personal Data (e.g. health or criminal record information) when necessary for the purposes of carrying out obligations and exercising specific rights in the field of employment (Article 9(2)(b) GDPR);
  • processing for compliance with legal obligations. Certain data may be processed to fulfill obligations under labour law or other applicable regulations, such as verifying the candidate’s legal eligibility to work (Article 6(1)(c) GDPR).

SUPPLIERS RELATIONS

We process the Personal Data of our Suppliers (including subcontractors and individuals acting on their behalf) for the purpose of managing business relationships, executing contracts, and receiving services. The scope of Personal Data is generally limited to identification and contact details (such as name, surname, company name, telephone number, email address) and financial information necessary for payment processing.

LLI also processes Personal Data to comply with legal obligations, including those arising from accounting, tax, anti-money laundering, and anti-corruption regulations. This may include verifying the Supplier’s legal status, financial integrity, and compliance with applicable laws. In addition, LLI may process Supplier data to manage payments, fees, and to pursue or defend claims, including debt recovery. This processing is necessary to ensure the proper functioning of financial and operational processes. Before entering into cooperation with a new Supplier, LLI may conduct due diligence to assess potential conflicts of interest, independence in audit-related matters, and reputational risks. This may include reviewing publicly available information, media reports, and records of involvement in financial crimes or unethical practices.

LLI may also process Personal Data to protect itself against involvement in activities related to criminal financing, corruption, or other unlawful conduct. This includes screening Suppliers against sanctions lists and conducting risk assessments, to the extent permitted by law.

Legal Basis for Processing Supplier Data:

  • the Processing based on Suppliers consent. LLI may process Personal Data provided voluntarily by the Supplier, including special categories of data, only where the Supplier has given explicit and informed consent (Article 6(1)(a) GDPR and, where applicable, Article 9(2)(a) GDPR).
  • processing necessary for the performance of a contract (Article 6(1)(b) GDPR);
  • compliance with a legal obligation (Article 6(1)(c) GDPR);
  • legitimate interest in managing payments and recovering receivables; legitimate interest in ensuring ethical and compliant supplier relationships; legitimate interest in protecting the company against unlawful or unethical activity, to the extent permitted by law (Article 6(1)(f) GDPR).

I Need Technology Risk DiagnosisI Need Feasibility & Value ValidationI Need Full Development
Contact us atcontact@llinformatics.com
Our StoryCareersContact
Lukasz Lazewski Informatics S.K.A.
50.000 PLN kapitalu zakladowego

NIP: 5272985142 KRS: 0000944155
Warsaw, Poland | New York, USA
© 2026 LLInformatics | All Rights Reserved.
Imprint
Privacy policy