Privacy policy




  1. The administrator of personal data provided by you is SoftwareHut Limited Liability Company with its registered office in Białystok, at ul. Sienkiewicza 110, 15 – 005 Białystok, KRS 0000565360, Tax Identification Number 9662098244, REGON (National Statistical Number): 326190499, e-mail:, hereinafter referred to as the “Administrator”.
  2. The Administrator can be contacted in writing via traditional post at: ul. Sienkiewicza 110, 15-005 Białystok or by e-mail:
  3. The basis for the processing of your personal data is:
    1. consent to the processing of personal data and receipt of marketing communication, in particular expressed through the form provided on the websites used by the Administrator to conduct business,
    2. indispensability resulting from legitimate interests pursued by the Administrator, such as providing information about the business activity conducted by the Administrator and the products and services offered, reliable performance of obligations undertaken by the Administrator, in particular the execution of contracts, offering products / services of the highest standard, and also providing information about the Administrator. The processing of personal data in the aforementioned scope falls within the business activity conducted by the Administrator and is necessary to provide customers with information, products and services.
  4. The data included on the website are collected for statistical and analytical purposes, the result of which is not personal data and does not serve as a basis for decisions relating to a specific individual – the legal basis for the processing of personal data in this respect is the legitimate interest of TenderHut, Article 6 ust. 1 lit. f GDPR.


  1. Your personal data will be processed in order to:
    1. submit an offer regarding services or products offered by the Administrator, as well as information on new solutions introduced,
    2. provide information and marketing messages,
    3. provide information about meetings, promotional campaigns and other activities related to the activity carried out by the Administrator,
    4. reliable performance of a contract concluded with the Administrator (including tax and social security settlements, complaint processing or warranty procedures) in the case of concluding a contract on provision of services.
  2. Your personal data may be made available to recipients who directly perform activities as part of the services provided (including subcontractors, cooperating entities and companies affiliated with the Administrator) or to recipients through which the Administrator carries out marketing or information activities.
  3. Your personal data may also be provided to the entity providing IT, accounting and legal services to the Administrator.
  4. Your personal data will in principle not be transferred to recipients based in a third country, i.e. outside the European Economic Area, unless it is necessary to perform specific


  1. You have the right to:
    1. access your data,
    2. correct your data,
    3. delete your data, so-called the “Right to be forgotten”
    4. restrict or limit your data processing,
    5. transfer your data,
    6. express objection as to certain actions on your data.
  2. The collected personal data is subject to profiling consisting in the use of personal data to assess certain personal factors, in particular to collect information about websites visited and to display advertisements on their basis in relation to their subject.
  3. Your personal data will be processed through the following terms:
    1. on the basis of granted consent – until the withdrawal or termination of the purpose for which the data were collected. The consent granted may be withdrawn at any time without affecting the lawfulness of the processing which was carried out on the basis of consent prior to its withdrawal,
    2. in connection with the implementation of the contract concluded with the Administrator – until the deadline in which the Administrator or a public authority may assert claims related to the concluded contract, or until the expiry of the period during which proceedings may be legally initiated by public authorities in connection with the performance of the contract,
    3. in connection with conducting marketing and information activities – until the completion of the Administrator’s activities consisting in offering products and services and conducting marketing campaigns.


  1. The website you use, available at: (hereinafter referred to as the “Service”), does not automatically collect any information, except for information contained in cookie files.
  2. Cookie files (so-called “cookies”) are IT data, in particular text files, which are stored in the terminal (device used by you) to use the Services and allowing you to use it. Cookies usually contain the name of the website from which they originate, their storage time on the end device and a unique number or signature.
  3. The entity placing cookies on your end device and accessing them is Administrator.
  4. Cookies are used to:
    1. adapt the content of the Service to your preferences and optimize the use of Service; in particular, these files allow to recognize the user’s device and properly display the Service, tailored to your individual technical needs;
    2. creating statistics (including using the Google Analitics tool) that help to understand how Services users use websites, which allows improving their structure and content,
    3. checking the effectiveness of advertising and promotional campaigns carried out.
  5. The following types of cookies are used as part of the Service:
    1. “necessary” cookies, enabling the use of services available on the Service, e.g. authentication cookies used for services that require authentication on the Service;
    2. cookies used to ensure security, e.g. used to detect fraud in the field of authentication on the Service;
    3. “performance” cookies, enabling the collection of information on the use of Website pages;
    4. “functional” cookies, allowing the storage of settings selected by user and personalizing the user interface, e.g. in terms of the language or region of the user’s origin, size of the font, appearance of the website, etc.
    5. “advertising” cookies, enabling users to provide advertising content more tailored to their interests.
  6. In many cases, the software used to access Service (i.e. web browser) by default allows the storage of cookies on user’s end device. In such case you can change your cookie settings at any time. These settings can be changed in particular to block the automatic handling of cookies in the settings of the web browser or inform about their every entry in your device. Detailed information about the possibilities and ways of handling cookies are available in web browser settings.
  7. The Administrator hereby informs that restrictions on the use of cookies may affect some of the functionalities available on the Service.
  8. Cookies placed on user’s end device may also be used by advertisers and partners cooperating with the Service operator.


  1. As the Administrator we have formulated individual goals in the field of personal data security and undertook actions necessary for their occurrence in our business:
    1. ensuring the processing of personal data in accordance with the law, in a reliable and transparent manner for the data subject (“legality, integrity and transparency”);
    2. ensuring the collection of personal data for specific, explicit and legitimate purposes and not further processing in a manner inconsistent with these purposes (“goal limitation”);
    3. ensuring the collection of personal data adequate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimization”);
    4. The Administrator ensures that the personal data are correct and, where necessary, kept up to date, as well as performs all reasonable actions ensuring that personal data which are incorrect in view of the purposes of their processing are immediately removed or corrected (“correctness”);
    5. the Administrator shall take steps to store personal data in a form that permits the identification of the data subject, for no longer than is necessary for the purposes for which the data are processed (“storage restriction”);
    6. the Administrator shall take steps to ensure that personal data is processed in a manner that ensures their appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures (“integrity and confidentiality”).
  2. The objectives indicated in section 1 above are implemented by taking appropriate actions and applying effective safeguards, which include in particular:
    1. adequate security of IT systems in which personal data is processed,
    2. constant raising awareness and knowledge of employees / co-workers in the field of personal data security,
    3. communicating to employees / co-workers the consequences, including disciplinary ones, in case of personal data security breach,
    4. assigning access to documents, materials or systems containing personal data only to authorized persons,
    5. securing documents, materials or systems against the loss or destruction of personal data contained therein,
    6. implementation of detailed rules defining the manner of managing user rights and authentication rules, in all systems operated by the Administrator,
    7. conducting thorough tests in the process of preparing new software,
    8. reporting incidents related to information security,
    9. regular risk analysis in the area of ​​information security and designing activities to minimize potential risks,
    10. entrusting personal data only to third parties that provide sufficient guarantees to implement appropriate technical and organizational measures to ensure that the processing meets the requirements of generally applicable law, this document and protects the rights of data subjects.
  3. Taking into account the state of technical knowledge, the cost of implementation and the nature, scope, context and purposes of processing and the risk of violation of the rights or freedoms of individuals with different probability of occurrence and the severity of the threat resulting from processing, the Administrator has implemented – both in determining the processing methods, and at the same time processing – appropriate technical and organizational measures designed to effectively implement data protection principles to meet the requirements of generally applicable laws and protect the rights of data subjects.