Privacy Policy

Introduction

This privacy policy sets out the rules of personal data collection and processing and describes the rights of data subjects.

Abbreviations “Tar Heel“, “Controller“, “we” and its derivatives herein refer to Tar Heel Capital Sp. z o. o. with its registered office in Warsaw. Tar Heel processes personal data for various purposes. We directly collect personal data from our customers and contractors, from visitors to the tarheelcap.com website, visitors to our social media profiles and from job applicants who submit their application to us. We also obtain personal data from publicly available sources, such as LinkedIn or public records. In addition, we process personal data in the course of providing professional services to entities we support, which entrust us with personal data for processing. This privacy policy is intended to cover all of the scenarios listed above.

Tar Heel Capital Sp. z o. o. reserves the right to make changes to this Privacy Policy at any time. The reasons for the changes may be the development of Internet technology, regulatory changes or use of new tools by us. At the bottom of the page, you can find the date of publication of the current version of the document.

General information

  1. Data Controller of your personal data is Tar Heel Capital Sp. z o. o. with its registered office in Warsaw, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS number 0000816525 (“Administrator”).
  2. The joint controllers of your personal data in relations to the social media profiles are Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
  3. If you have any doubts or questions regarding the provisions of this Privacy Policy, please contact us via the e-mail address rodo@tarheelcap.com.

 

LEGAL BASES FOR PROCESSING

We take steps to ensure that we have a lawful basis to process your personal data. The legal bases provided for in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) on which we may rely on, depending on the purpose and manner in which we process your personal data can be:

  1. Your consent pursuant to Article 6(1)(a) of the GDPR;
  2. necessity of processing for the performance of a contract or to take steps at the request of a person prior to entering into a contract pursuant to Article 6(1)(b) of the GDPR;
  3. necessity of processing for compliance with legal obligations pursuant to Article 6(1)(c) of the GDPR;
  4. necessity of processing for the purposes of legitimate interests pursued by us pursuant to Article 6(1)(f) of the GDPR.

FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

Your personal data may be processed by Tar Heel in particular for the following purposes:

  1. performance of a service or performance of a concluded contract, taking steps such as sending an offer at the request of the interested person – pursuant to Article 6(1)(b) of the GDPR (necessity for the conclusion and/or performance of a contract);
  2. establishment, pursuit or defense against claims – pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the controller);
  3. contact in matters related to the provision of the service – pursuant to Article 6(1)(b) of the GDPR (necessity to conclude and/or perform a contract);
  4. phone contact for the purpose of presenting an offer, direct marketing – pursuant to Article 6(1)(a) of the GDPR (consent) and pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the controller);
  5. keeping of records, documentation and registers required by law or ones necessary for accountability purposes, related to the GDPR or other regulations – pursuant to Article 6(1)(c) of the GDPR (legal obligation) and Article 6(1)(f) of the GDPR (legitimate interest of the controller) when applicable;
  6. archiving, evidence gathering, for the purpose of securing information that may be used to prove facts — pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the controller);
  7. analytical, consisting of, among other things, the analysis of data collected automatically when using the website, including cookies, e.g. Google Analytics cookie – pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the controller);
  8. the use of marketing and statistical cookies on the website and its subpages – Article 6(1)(a) of the GDPR (consent);
  9. manage the Controller’s website and pages and profiles on other platforms – pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the Controller);
  10. satisfaction surveys with the services offered – pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the controller);
  11. administrative purposes related to the management of contact with the Customer, Contractor, User – pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the controller),
  12. implementation of mailing – on the basis of Article 6(1)(f) of the GDPR (legitimate interest of the controller consisting in the processing of data for direct marketing purposes) and on the basis of the Act on the provision of electronic services (consent),
  13. adjusting the content displayed on the Controller’s websites to individual needs and continuous improvement of the quality of the services offered – pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the Controller),
  14. direct marketing of own products or services or recommended products or services of third parties – pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the controller),
  15. creating own databases – pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the controller),
  16. to operate Facebook Meta and LinkedIn pages and interact with users – pursuant to Article 6(1)(f) of the GDPR (legitimate interest),
  17. targeted advertising in social media and on websites, such as Facebook Leads Ads, remarketing – pursuant to Article 6(1)(a) of the GDPR (consent) and pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the Controller) – promotion and advertising of the Controller’s services.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

The period of processing of your personal data depends on the purpose for which it was collected and is processed. Retention period for which your data will be processed is calculated based on the following criteria:

  1. for the period of service and cooperation, as well as for limitation period of claims in accordance with the provisions of law – in relation to data provided by contractors and customers or users in connection with the concluded contract or the service provided,
  2. for the period of talks and negotiations preceding the conclusion of the contract or the performance of the service – in relation to the data provided in the request for proposal,
  3. for the period required by law, including tax law — in relation to personal data related to the fulfilment of obligations arising from the applicable regulations,
  4. until an objection is effectively lodged pursuant to Article 21 of the GDPR – in relation to personal data processed on the basis of the legitimate interest of the controller, including for direct marketing purposes,
  5. until the consent is withdrawn or the business purpose of the processing is fulfilled – in relation to personal data processed on the basis of consent. After the withdrawal of consent, the data may be processed to a limited extent for evidentiary purposes and to defend against possible claims in accordance with the limitation periods,
  6. until they become obsolete or obsolete, in relation to personal data processed mainly for internal analytical or statistical purposes,
  7. for a period of up to 5 years in the case of persons who have unsubscribed from the mailing group in order to defend against possible claims (e.g. only information about the date of subscription and the date of unsubscribing, about the actions taken and activity related to the messages received, about the consents granted and withdrawn), or after a certain period of inactivity by a given subscriber.

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Your personal data may be made available to entities cooperating with Tar Heel, in particular those supplying us with technical, IT and organizational solutions that enable us to conduct our business activities, entities providing services and tools in the field of customer service, technical support, as well as financial institutions for the purpose of processing direct debit and payment processor, providers of opinion survey systems, providers of systems recruitment providers, providers of accounting, legal or consulting services, providers of social plug-ins, scripts and tools enabling the integration of the website and the services provided through it with the electronic services of external social networking sites, as well as providers of automation systems – on the basis of commissioned services, and such entities process personal data in accordance with the concluded agreements for entrusting the processing of personal data and only as instructed by us. All entities entrusted by Tar Heel with the processing of personal data guarantee the application of appropriate data protection and security measures required by law, in particular by the GDPR.

The Administrator informs that it entrusts the processing of personal data, m.in, to the following entities:

  1. Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Dublin 18, D18 P521, Irlandia https://privacy.microsoft.com/pl-pl/privacystatement;
  2. Pipedrive OÜ Mustamäe tee 3a, 10615 Tallinn, Estonia – CRM system provider Pipedrive https://www.pipedrive.com/en/privacy;
  3. Monday.com Ltd 52 Menachem Begin Road Tel Awiw Izarel –Management Platform Provider https://monday.com/trustcenter;
  4. Woodpecker.co S.A. – za pomocą której systemu realizowany jest proces wysyłki kampanii mailingowych https://woodpecker.co/privacy-policy;
  5. MailerLite Limited, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Irlandia– mailing system provider https://www.mailerlite.com/legal/privacy-policy;
  6. Other contractors or subcontractors engaged in technical, administrative, IT services of Tar Heel and its Clients.

HOW DO WE COLLECT PERSONAL DATA?

We process data obtained directly from you if you are interested in working with us as our customer, supplier or business partner (m.in. in electronic form), as well as data obtained from public sources. We may also obtain information, including personal data, from third parties, such as our partners, advisors, business information providers. We may also combine or associate information using tools such as hunter.io or similar database search services. In addition, we use the services and information of Dun & Bradstreet Poland sp. z o.o. with its registered office in Warsaw (hereinafter Dun & Bradstreet Poland). Where your personal data has been provided to us by Dun & Bradstreet Poland you can obtain further information about Dun & Bradstreet Poland processing your personal data at https://www.dnb.com/pl-pl/twoje-dane-biznesowe/.

WHAT ARE YOUR RIGHTS?

As Data Subject you have rights when it comes to how we handle your Personal Data. These include:

  1. Right to access your personal data held by Tar Heel,
  2. Right to have your data corrected if it is incomplete or incorrect,
  3. Right to opt-out of receiving marketing communications at any time,
  4. Right to restrict the processing or object to the processing of your personal data or to request the deletion of your personal data (in certain situations and in accordance with applicable law),
  5. Right to receive a copy of the personal data you have provided to Tar Heel in a structured, commonly used and machine-readable format (also referred to as the right to data portability, in certain situations and in accordance with applicable law),
  6. Right to withdraw your consent at any time (if legal basis for processing of your personal data is consent).

We would like to stress that these rights are not absolute, i.e. they may not apply to all personal data processing activities. In order to learn more about the scope and limitations of individual rights, please refer to Articles 15-22 of the GDPR. If you opt out of receiving communications from us for marketing purposes, please note that we may still contact you for administrative purposes, such as assisting you or providing information you request or helping to clarify a matter.

If you have any questions or would like to exercise any of your rights, please contact the Tar Heel employee you normally work with.

To exercise your rights, you may also contact us via the e-mail address: rodo@tarheelcap.com or by post to our address of the place of business, indicating the scope of your request. You will receive a response no later than 30 days from the date of receipt of the request, unless it is justified to extend this period in accordance with the GDPR, of which you will be informed.

Additionally, you have the right to lodge a complaint with the supervisory authority i.e. the President of the Personal Data Protection Office, whenever you believe that the processing violates the applicable law. For more information, please visit: https://uodo.gov.pl/en.

If you have any questions or objections to the way we process your data, please contact us first via the above-mentioned e-mail address rodo@tarheelcap.com.

 

ADDITIONAL INFORMATION FOR SPECIFIC CATEGORIES OF PERSONS

RECRUITMENT – CANDIDATES PRIVACY NOTICE

As part of our recruitment processes, we use your personal data related to the recruitment process to:

– to assess your suitability for the position;

– contact you in relation to your request;

– manage the recruitment process;

– to contact you in relation to other vacancies that we consider suitable for you if you have agreed for us to do so;

– keep records of previous Tar Heel recruitment processes in which you have participated including reasons why you have not been presented with an offer or it has been rejected by you;.

Legal basis for internal records keeping is Article 6(1)(f) of the GDPR and it will be carried out until the personal data ceases to be useful or an effective objection is filed.

PRIVACY NOTICE FOR RECEIPIENTS OF OUR E-MAIL MESSAGES

Tar Heel pursues its legitimate interests within the meaning of the GDPR e.g. in the form of mailing campaigns. To build a database of potential customers, we use data obtained from Dun & Bradstreet Poland, made available by companies to the public, publicly shared by employees of these companies on business social networks (e.g. LinkedIn, Goldenline) and obtained using address search services such as hunter.io by Hunter Web Services, Inc. The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the lawful implementation of email marketing activities.

If we have asked for your consent and you have given it, we will process your email address for the purpose of email marketing and, if necessary, other personal data in order to address you personally. The legal basis for data processing is Article 6(1)(a) GDPR.

We record the time you gave your consent and the time you confirmed it, as well as your IP address and the content of your consent declaration, in order to be able to prove that your consent was obtained in accordance with the law. The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the lawful implementation of email marketing.

You can revoke your consent at any time. The revocation of consent does not affect the lawfulness of processing based on consent up to the time of its revocation. To withdraw your consent, you can use the link provided for this purpose in the emails or contact us at the contact details provided above.

If you have withdrawn your consent or objected, we reserve the right to process your personal data on a so-called blacklist/block in order to ensure that no further e-mail marketing takes place in connection with this personal data in the future. The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest is to prevent unsolicited email marketing.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

As a rule, Data Controller does not provide for the transfer of personal data to third countries or international organizations within the meaning of the GDPR, as we cooperates mainly with entities that have their registered offices and/or data centres in the European Economic Area (EEA). However, due to the international nature of our business and due to the use of international entities such as Meta Ltd, LinkedIn Corporation, or Google, in specific cases your personal data may be transferred to and stored outside the EEA. In these situations, the transfer always takes place in line with the principles expressed in Chapter V of the GDPR, i.e. only to those countries outside the EEA that the European Commission has recognized by way of a decision as providing an adequate level of protection of personal data, in accordance with Article 45 of the GDPR (e.g. to Israel by virtue of the decision of the European Commission of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council,  on the adequacy of personal data protection in the State of Israel with regard to automated processing of personal data (2011/61/EU) or to other countries (in particular the United States) based on appropriate legal safeguards, which are in particular standard contractual clauses. You can always request further information via our above-mentioned e-mail address.

Requirement to provide personal data

Providing personal data is voluntary. However, failure to provide certain personal data may result in the inability to use a given functionality of the website or our inability to provide a given service.

Automated decision-making, including profiling

We may analyse the data of persons filling forms, browsing sites or received content via email, their history of activity, their profiles and social media groups on Facebook and LinkedIn platforms. This analysis is undertaken in an automated manner on the terms offered by the provider of the respective services. Purpose of data processing in an automated manner is for the Data Controller to learn about the preferences of recipients in order to adapt the content, offers or messages created by the Data Controller to these preferences. Controller may send you dedicated and personalized offers via individualized e-mail or other means of Internet correspondence or through external communication channels. However, the analysis of the data will not result in any legal consequences for you or similarly significantly affect your situation, including your rights or freedoms. Nevertheless, we inform you that you have the right to object to profiling.

Privacy Policy published: 10.01.2024
Last updated: 10.01.2024

COOKIES POLICY

Like most websites tarheelcap.com website uses so-called tracking technologies, i.e. cookies, which allow us to improve the website to meet the needs of our visitors. Cookies also make it possible to create statistics that show us how users use the website and how they navigate through it.

Cookies are  small text files that are stored on your end device, e.g. computer, tablet, smartphone, when you use the website. These may be first-party cookies (coming directly from the website) and third-party cookies (coming from sources other than our website).

More information about cookies is available at https://allaboutcookies.org or in the “Help” section of your web browser’s menu.

COOKIES CONSENT

When you first visit our website, you must agree to cookies or take restrictive action described in the displayed message in order to be able to continue using the content of our website. Data Controller informs that restrictions on the use of cookies (disabling them, restricting them) may affect some of the functionalities available on the website and hinder its functioning.

GOOGLE ANALYTICS

We use Google Analytics provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We carry out activities in this area on the basis of our legitimate interest, which consists in the creation of statistics and their analysis in order to optimize our websites.

Google Analytics automatically collects information about your use of our website. The information collected in this way is usually transmitted to a Google server in the United States and stored there. Due to the IP anonymization your IP address will be shortened before being forwarded. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA. As a rule, the anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

As part of Google Analytics, we also collect demographic and interest data. As part of the cookie settings, you can decide directly from our website whether you agree to the collection of such data about you or not.

You can also prevent the collection of the data as well as the processing of this data by installing the browser plug-in at the following link: https://tools.google.com/dlpage/gaoptout.

If you are interested in the details related to the processing of data with Google Analytics, we encourage you to read the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.

GOOGLE TAG MANAGER

We use Google Tag Manager by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. With the help of Google Tag Manager we control our advertising campaigns and analyse the way you use our websites. We conduct activities in this area based on our legitimate interest in the marketing of our own services and the optimisation of our websites.

When you visit our website, a Google cookie is automatically placed on your device, which, with the help of a pseudonymous identifier (ID), enables the display of interest-based advertising, monitoring of effectiveness of these ads and other measures related to the control of your behaviour on the website.

Further data processing only takes place if you have consented to Google linking your browsing and app usage history to your account and using the information from your Google account to personalize the ads that are displayed on websites. If you are logged in to Google during your visit to our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily combines your personal data with Google Analytics data to create target groups.

You can deactivate cookies used for remarketing in settings of your Google account: https://adssettings.google.com. Additionally you can disable the use of cookies for remarketing purposes. If you are interested in the details of data processing within Google Tag Manager, we encourage you to read Google’s privacy policy: https://policies.google.com/privacy.