Privacy policy

At ICAS Poland, we pay much attention to protecting the privacy and confidentiality of personal data. We process personal data with due diligence and using safeguards adequate to the threats and categories of data subject to protection, in accordance with (EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter "GDPR").


In this Privacy Policy we explain, among others: what data we process, how we obtain it, for what purposes and on what basis we process data, as well as how we protect it and what are the rights of persons whose data is processed. Please read the content of the Policy to the extent necessary because while interacting with us, you accept its terms.

CONTOLLER OF (PERSONAL) DATA (“Controller” or “us”)

The Controller of data processed under this Policy is ICAS Poland Sp. z o. o. with its registered office at ul. Wały Piastowskie 1/1508, 80-855 Gdańsk, Poland, Tax ID (NIP) 5833161853, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court Gdańsk – Północ in Gdańsk, 7th Commercial Division of the National Court Register (KRS) under number 471295.
You can contact the data Controller by sending a letter to the above correspondence address or via the e-mail address:


We may collect and process such personal data as: name, surname, nickname, online identifiers, e-mail addresses, telephone/fax numbers, correspondence addresses, name of the company or unit and other data provided to us voluntarily by the person to whom they apply. Also, we may collect and process network traffic data such as: user's IP address, domain name, browser type, operating system type, URLs visited before/after visiting our websites and other pages visited. Statistics on the number of visits to our websites and page views may also be collected but we are unable to directly determine the user's identity based on traffic data and website usage statistics.


We can collect data both on the Internet (online) and offline, via websites, Client Zone, forms, applications, blog, social media, events that we organise or participate in, as well as a result of direct contacts and other business contacts.


The data is obtained and processed by us in order to popularise, offer and implement our services in the field of Employee Assistance Programs (EAP), including, among others, psychological, managerial, legal and financial counselling, as well as training and health and well-being promotional activities.

Personal data is collected and processed by us each time within the limits permitted by the provisions of the GDPR in order to:


a) provide services in the field of Employee Assistance Programs or services delivered electronically via an application or website, consisting in enabling the registration of an account in the Client Zone and the use of its functionalities - the processing of personal data is necessary for the performance of a contract to which the data subject is a party, or for taking action at the request of the data subject before concluding the contract, pursuant to Art. 6(1)(b) GDPR;

b) send marketing content, including: via newsletter to the indicated e-mail address for the purpose of presenting offers and commercial conditions - processing pursuant to Art. 6(1)(a) GDPR, i.e. based on the voluntary consent of the data subject;

c) respond to inquiries directed to us by phone and sent via the contact form available on the website or via e-mail, direct marketing of our services, or to pursue and defend any claims - personal data processing based on our legitimate interest in building and developing relationships with our clients and striving to sell services, pursuant to Art. 6(1)(f) GDPR;

d) meet legal obligations imposed on the Controller, including: in the field of finance and accounting - processing pursuant to Art. 6(1)(c) GDPR;

e) implement the so-called red flag procedure, i.e. when processing is necessary to protect the vital interests of the data subject or another natural person - pursuant to Art. 6(1)(d) GDPR.


We process and store data only for the period necessary to achieve the purposes for which they were obtained, and for a longer period if we are obliged to do so under generally applicable provisions of law or for the period of existence of our legitimate interest.

In the case of maintaining an account in the Client Zone, we store personal data for the period necessary to provide services electronically (maintaining a User Account), and after that time for the limitation period for claims, i.e. up to 6 years from the date of deleting the account or making the settlement.

In the case of personal data collected in the contact form for the period necessary to respond to an inquiry received by phone or sent via the contact form but no longer than 6 months from the last contact.

In the case of data processing based on consent, the data will be processed for the period necessary to achieve the purpose for which they were collected, no longer than until the consent is withdrawn.


The processed personal data are not made available to third parties without the consent of the persons concerned, unless the disclosure of such data is necessary or required for the implementation of the contract between the parties or for the protection of the legitimate interests of the Controller, whereas any disclosure of data to third parties takes place on the basis of authorisation for processing personal data or personal data processing agreement, DPA. In particular, the Controller reserves the right to entrust the obtained personal data to entities such as: state administration and judicial authorities, entities providing HR and accounting services, entities providing IT and network services, law and audit firms and other entities authorised under applicable legal provisions.

The processed personal data will not be transferred to countries outside the European Union or the European Economic Area, unless the Controller informs in advance the natural person whose data is to be transferred.


We fully respect the rights of every person whose data we process under the provisions of the GDPR, including in particular the right of a natural person to:

a) obtain information about the processing of and access to their personal data;

b) request correcting, completing or changing of personal data;

c) delete personal data ("the right to be forgotten");

d) restrict the processing of personal data;

e) transfer personal data;

f) withdraw the consent to the processing of personal data;

g) object to the processing of personal data for the Controller's legitimate purposes, including direct marketing of its services.

If the processing is based on the consent of the data subject, the data subject has the right to withdraw such consent at any time, provided that this will not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal, and the Controller shall cease the processing of personal data in the event of withdrawal of the consent only if processing is not possible on another legally permissible basis. The person whose data is processed by the Controller may exercise their rights referred to above by sending an e-mail to the Controller at

Each person whose personal data we process also has the right to lodge a complaint with the supervisory authority - the President of the Office for Personal Data Protection - if they consider that their rights regarding the protection of personal data have been violated.


The website uses information saved using "cookies", i.e. IT data stored on users' end devices intended for using websites. These cookie files allow you to recognise the user's device and properly display a website tailored to individual preferences. They usually contain the name of the website they come from, their storage time on the end device and a unique number.


The website uses the following cookies:

1) necessary (functional) cookies: required for the proper functioning of the website and proper servicing our users. They do not enable identification of a specific user. Necessary cookies also enable us to achieve core business purposes, including: ensuring correct and uninterrupted communication, guaranteeing the highest level of service and protecting users against fraud. These files allow our users to use selected services. Because these are necessary files, they cannot be disabled - files processed based on the controller's legitimate interest (Article 6(1)(f) GDPR);

2) performance and analytics cookies: they are used to improve the performance of our website and are used solely for our internal purposes. This is anonymous data that does not allow identification of a specific user. Thanks to these cookies, we can improve our offer and services, and adapt the results to the user's needs. These anonymous statistics may be made available for the purposes of external communication - files processed based on the user's voluntary consent (Article 6(1)(a) GDPR);

3) targeting and advertising cookies: they allow us to adapt the displayed ads and content to the preferences of our users. Targeting cookies show us how users use our websites so we can tailor advertising and therefore the service to meet user's expectations. These cookies are not a direct carrier of personal data but identify only the device's browser - files processed based on the user's voluntary consent (Article 6(1)(a) GDPR);

4) social media - cookies belonging to social media enable sharing the content of our website on social media, such as Facebook or Instagram. These are files connecting our website with popular services. They are controlled by the platforms mentioned above. Thanks to these cookies we are able to link user accounts with the content on our website, i.e. perform user authentication. These files provide the ability to add comments or enable the delivery of advertising on social media - files processed based on the user's voluntary consent (Article 6(1)(a) GDPR).


The above cookies can be additionally distinguished due to:
1) their storage time:
· session cookies are stored on the user's device until the browser is closed;
· persistent cookies are stored for a longer period of time depending on the type of cookie.

2) their source:
· first-party cookies come from our website. Therefore, only and entities providing direct support to our company have access to information obtained using first-party cookies;
· third-party cookies are installed on the user's device by our partners. You will find relevant information about their use of cookies on their websites.

The user can define or change the terms of use of cookies by: 
· using the cookie management panel available on the banner displayed when loading the website;
· using the button in the lower left corner of the website - at any time;
· using the settings of your own web browser - this means that you can, for example, partially (e.g. temporarily) limit or completely disable the ability to save cookies on your device - in the latter case, however, it may affect some functionalities of the website.

Detailed information on changing cookie settings and self-removing them in the most popular web browsers is available in the help section of a given web browser.


We reserve the right to review this Privacy Policy from time to time. This may happen in particular in the event of a change in the way we process personal data or in connection with changes in the law. Any changes to the Privacy Policy will be published on our website. We encourage you to monitor updates to our Privacy Policy.