Privacy Policy

This Privacy Policy (“Policy”) sets out the principles and rules of personal data protection by OpenMind Spółka z ograniczoną odpowiedzialnością, registered office in Poznań (Bydgoska 2/8, 61-127 Poznań, Poland), entered in the commercial register under number (KRS): 0000904779, kept by the District Court Poznań – Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register, tax number (NIP): 7822898605, statistical number (REGON): 389116600 (“OpenMind”).

The principles and rules apply to personal data processed by OpenMind in connection with services which it provides, including through, personal data processed in connection with the online contact form, as well as personal data of persons interested in the OpenMind newsletter.

This Policy complies with the personal data protection policy defined in GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, p. 1), hereinafter “GDPR”, which OpenMind has adopted.

We encourage you to read the Policy and, should you have any questions or concerns, please contact us directly.


The personal data controller is: OpenMind (“Controller”), e-mail: [email protected].


  • Legitimacy – OpenMind is committed to protecting your privacy and processes data in a legitimate manner.
  • Security – OpenMind ensures an appropriate level of data security by taking continuous efforts to this end.
  • Data subject rights – OpenMind enables the data subject to exercise his/her rights and implements them.


Personal data means any and all information about an identified or identifiable individual. Personal data is not information on the basis of which a specific individual cannot be identified.

The data that can be processed by OpenMind (“Data”):

  • Identifying information – first name and surname;
  • Contact details – telephone number, shop address, e-mail address;
  • Usage data – describes the use of electronic services, such as ID of the telecommunication network endpoint or user’s IT system, or information about the start and end or the scope of each use of OpenMind services;
  • Marketing data – related to the user’s consent to receive OpenMind’s marketing materials and commercial offers (newsletter).


The Data is provided to OpenMind directly by the data subject when establishing a business contact or other cooperation. The Data is provided on voluntary basis, however without it a contract, contact or cooperation cannot be performed and OpenMind’s marketing services provided.

Purpose of processing

Legal basis

Data retention

Conclusion and performance of a contract, including contacts in performance of the contract

GDPR Article 6(1)(b) (necessary to conclude and perform a contract)


Until the end of the services

Complaint processing, including technical issues

GDPR Article 6(1)(f) (legitimate interest of VIDVI)


Until the end of the complaint processing or solution of the technical issue

Exercise and defence of claims under a contract or connected with the provided services

GDPR Article 6(1)(f) (legitimate interest of VIDVI)


Until the end of the statutory time bar

Compliance with statutory obligations under tax and accounting regulations

GDPR Article 6(1)(c) (necessary for regulatory compliance)


Until the end of the statutory time bar or the statutory archiving period in accounting

Customer contact, including VIDVI service marketing

GDPR Article 6(1)(f) (legitimate interest of VIDVI)

Until cancellation of the user’s consent to receive communication or information (based on the Electronic Supply of Services Act or the Telecommunications Law) or effective objection to the personal data processing

Newsletter distribution

GDPR Article 6(1)(a) (consent)

Until cancellation of the user’s consent or effective objection to the personal data processing

Customer contact for the purpose of VIDVI service marketing

GDPR Article 6(1)(a) (consent)


Until cancellation of the user’s consent or effective objection to the personal data processing

Display of profiled marketing content based on cookies

GDPR Article 6(1)(a) (consent)


Until cancellation of the user’s consent or effective objection to the personal data processing



OpenMind may disclose the Data to its contractors and entities entrusted by it with technical processes, such as:

  1. a) authorised staff and collaborators;
  2. b) external providers of accounting, HR and archiving services;
  3. c) external vendors of office software;
  4. d) external providers of other services, including marketing, IT, programming, website maintenance, as well as website services, tools and scripts used on the website;
  5. e) external providers of IT infrastructure, hosting services, mailing tools;
  6. f) The Trusted Partners (Annex 1) to the extent of marketing support tools and statistical services used by us.



The data subject has the right to:

  • request access to the Data, to edit and delete it, to restrict its processing, and to move the data;
  • object against the processing of the Data;
  • lodge a complaint with the President of the Polish Personal Data Protection Office (UODO) whenever the processing of the Data appears to violate the applicable regulations;
  • to cancel the consent to the data processing for marketing purposes, however such cancellation will not affect the legitimacy of any data processing already performed prior to such cancellation.

The scope of the above rights is defined by GDPR.


OpenMind may send marketing information about OpenMind via email, with the data subject’s express consent. The data subject may opt out of such marketing communication at any time by clicking a link available in the marketing communication, or by contacting OpenMind directly at: [email protected]


OpenMind uses “cookies” to operate the website available at These cookies policy is available at


OpenMind does not process personal data by automated means, including profiling.


The user’s personal data may be transmitted to a third country, such as USA, in particular in connection with the Controller’s cooperation with the Trusted Partners (Appendix 1).

The personal data will be transmitted based on standard data protection clauses adopted by the European Commission and, therefore, is covered by adequate safeguards to protect the privacy, rights and freedoms of the data subject. A copy of the standard contract clauses can be obtained from the Controller.


The Data is stored in a secure and encrypted form for a period necessary to achieve the purposes for which the Data is processed. In particular, the Data obtained in connection with marketing activities will be processed until the data subject cancels his/her consent.