Back

Privacy policy

Logo

Cookie Policy

These rules define the storage of and access to information on the User’s devices using cookies when accessing the www.loyaltyroots.com. Cookies are used to provide electronic services and to improve their quality. We do not use cookies to identify Users. This Cookie Policy also explains the rules for processing data collected through the use of cookies.

Definitions

Data Controller / Loyalty Roots – Refers to Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW, NIP: 6793332213, who, as the owner of the website, provides services electronically and stores or accesses information on the User’s devices.

Cookies – Refers to IT data, in particular small text files, stored and saved on the devices through which the User accesses the Service's websites.

Administrator Cookies / First-party Cookies – Refers to cookies placed and stored by the Administrator in connection with providing electronic services via the Service.

Third-party Cookies – Refers to cookies placed by the Administrator’s partners via the Service’s website.

Personal Data – Refers to information about an identified or identifiable natural person, which can be identified directly or indirectly, in particular by reference to an identifier such as name, online identifier, location data, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

Platform – Refers to the website or application under which the Administrator operates.

Device – Refers to an electronic device through which the User accesses the Service.

User – Refers to the entity on whose behalf, in accordance with the applicable regulations and laws, electronic services may be provided or with whom a contract for the provision of such services may be concluded.

Types of Cookies Used

The cookies used by the Administrator are safe for the User’s Device. In particular, they do not allow viruses or other unwanted or malicious software to enter Users' Devices. These files make it possible to identify the software used by the User and adapt the Service individually to each User. Cookies usually contain the domain name they come from, their storage duration, and an assigned value.

The Administrator uses two types of cookies:

Session cookies: Stored on the User’s Device and remain there until the browser session ends. The saved information is then permanently deleted from the Device’s memory. Session cookies do not collect any personal data or confidential information from the User’s Device.

Persistent cookies: Stored on the User’s Device and remain there until deleted. Ending the browser session or turning off the Device does not remove them. Persistent cookies do not collect any personal data or confidential information from the User’s Device.

The User may restrict or completely disable cookie access to their Device. However, doing so may affect some functionalities of the Service that rely on cookies.

Purposes of Cookie Usage

The Administrator uses cookies for the following purposes:

Strictly necessary cookies:

These are essential for the proper functioning of the website. They are used in particular to remember login sessions, complete forms, and set privacy options.

Analytical cookies:

These cookies allow us to analyze visits and traffic sources on our website. They help determine which pages are more or less popular and how users navigate the site. They support performance improvements through statistics and reports related to the website’s operation. Information collected is aggregated and not used to identify individuals. Without these cookies, we won't know when you visited the site or be able to improve its performance.

Functional cookies:

These cookies remember your preferences, such as language selection, and adjust the website accordingly. You can configure your browser to block or warn about these cookies, but some parts of the website may not work properly as a result.

Advertising cookies:

These cookies help tailor advertising content to your interests both on and off our website. They may be placed by advertising partners through our site. Based on this data and your activity on other sites, your interest profile is built. These cookies do not store personal data directly, but they can identify your browser and device. If you do not consent, ads may be less relevant to your interests.

Legal Basis for Cookie-Related Data Processing

The legal basis for processing personal data obtained via strictly necessary cookies is Art. 6(1)(b) of the GDPR, i.e. data processing necessary for the performance of a contract or to take steps prior to entering into a contract, in particular to provide services and functionalities of the Service used by the User.

For functional, analytical, and marketing cookies, the legal basis is Art. 6(1)(a) of the GDPR, i.e. the User’s consent, granted via the cookie consent management platform, given separately for each category.

Data Retention Period

The data retention period depends on the type and purpose of the electronic service, as outlined in the applicable regulations and legal provisions.

If the User consents to functional cookies, the data will be processed until the consent is withdrawn.

If a claim arises, the retention period may be extended for the time necessary to establish or defend against such claims, but not beyond the limitation period.

User Rights and Cookie Settings

The User has the right to access, rectify, delete, restrict processing, transfer data, and object to the processing of personal data, as defined under GDPR. The User also has the right to lodge a complaint with a supervisory authority if data is processed unlawfully.

If the data is processed based on separate consent, the User may withdraw consent at any time through the cookie management platform or by contacting the Administrator:

By post: Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW

By email: contact@loyaltyroots.com

The User can also change cookie settings at any time via their browser settings or relevant service configuration. For example, they may block cookies or receive notifications when a cookie is being placed. More information is available in the browser settings.

Users can delete cookies at any time using their browser’s available options.

Restricting cookies may affect the functionality of some services on the website.

How to Disable Cookies in Your Browser

Instructions for disabling cookies in popular browsers:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Google Chrome: https://support.google.com/chrome/answer/95647

Internet Explorer 7 and above: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Safari: https://support.apple.com/en-us/HT201265

Data Recipients

In connection with providing electronic services, including the use of cookie consent management tools, personal data may be shared with service providers working on behalf of Loyalty Roots Sp. z o.o., specifically:

IT solution providers

Marketing solution providers

Service, technology, or software providers

Advisory and auditing service providers

Additionally, since Loyalty Roots Sp. z o.o. uses analytics tools to study user behavior within the service, third parties—including providers such as Facebook, Google, and Bubble—may use cookies and similar technologies to collect or receive data from our websites and use it for measurement and targeted advertising.

Contact

Data Controller: Loyalty Roots Sp. z o.o.

For any additional questions about privacy protection, please contact Loyalty Roots at: contact@loyaltyroots.com


Privacy Policy for Job Candidates

This Privacy Policy applies to the processing of Personal Data of Candidates as part of the recruitment process conducted by Loyalty Roots Sp. z o.o. The Data Controller processes Candidates’ Personal Data in accordance with the General Data Protection Regulation (GDPR) and applicable national laws.

Definitions

Data Controller / Loyalty Roots – Refers to Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW, NIP: 6793332213, who conducts the recruitments process,

Candidate – Refers to an individual who submits an application for employment to Loyalty Roots Sp. z o.o. through any recruitment channel, including LinkedIn.

Personal Data – Refers to information about an identified or identifiable natural person, which can be identified directly or indirectly, in particular by reference to an identifier such as name, contact details, career history, and any information provided in application documents.

Processing – Refers to any operation performed on Personal Data, such as collection, storage, use, or deletion, whether by automated or non-automated means.

Client – Refers to companies or organizations that engage Loyalty Roots' services and for whose projects certain recruited candidates may be assigned to work.

Scope of Data Processing

The Data Controller processes the following categories of Personal Data provided by the Candidate:

Name and surname

Email address

Phone number

LinkedIn profile

Channel through which the Candidate found the recruitment offer

Documents submitted by the Candidate (e.g., CV, cover letter, reference letters), which may include additional Personal Data such as date of birth, address, education, and employment history

Purpose and Legal Basis for Processing

Personal Data of the Candidate is processed for the following purposes:

Conducting the recruitment process and evaluating the Candidate’s application.

Contacting the Candidate regarding the recruitment process.

Preparing and concluding an employment contract, if applicable.

Considering the Candidate for future recruitment processes for up to 24 months.

Sharing candidate information with clients when recruiting for client-specific project roles, to enable client evaluation and approval of candidates who will work on their projects.

The legal basis for processing is:

Article 6(1)(b) GDPR — processing necessary for the performance of a contract or to take steps at the request of the Candidate prior to entering into a contract.

Article 6(1)(c) GDPR — compliance with legal obligations.

Article 6(1)(a) GDPR — the Candidate’s consent to retain Personal Data for future recruitment processes.

The Candidate is informed and provides consent for their data to be stored and considered for future job opportunities for a period of up to 24 months

Data Retention

Personal Data of the Candidate will be stored:

For up to 24 months after the conclusion of the recruitment process, in order to consider the Candidate for future job opportunities, unless a longer retention period is required by law or for the defense of legal claims.

After this period, the data will be deleted or anonymized, unless the Candidate requests earlier deletion in accordance with their rights under GDPR.

Data Recipients

Personal Data of the Candidate may be shared with:

Authorized Loyalty Roots personnel involved in the recruitment process

Current or potential Loyalty Roots' clients when the candidate is being considered for a role that involves working directly on that client's projects, to enable client evaluation and approval

External service providers (such as HR management platforms or cloud services) who process data on behalf of the Data Controller under appropriate data processing agreements, in accordance with Article 28 GDPR

Data Sharing with Clients

Loyalty Roots may need to share candidate information with the relevant client to:

Enable client evaluation of candidates who will work on their projects

Obtain client approval for candidates assigned to their projects

Ensure proper project team composition

This sharing is based on Loyalty Roots' legitimate interest in delivering quality services to clients. Candidates will be informed when their data may be shared with clients for such positions.

Data Security

The Data Controller applies appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction.

Rights of the Candidate

The Candidate has the following rights under GDPR:

Right of access to Personal Data (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (‘right to be forgotten’, Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object to processing (Art. 21 GDPR)

To exercise these rights, the Candidate may contact the Data Controller at contact@loyaltyroots.com.

Final Provisions

The Data Controller reserves the right to update this Privacy Policy to reflect changes in law or recruitment practices. The current version will always be available on the website www.loyaltyroots.com.

Contact

Data Controller: Loyalty Roots Sp. z o.o.

For any additional questions about privacy protection, please contact Loyalty Roots at: contact@loyaltyroots.com

BACK TO HOME

Back

Privacy policy

Logo

Cookie Policy

These rules define the storage of and access to information on the User’s devices using cookies when accessing the www.loyaltyroots.com. Cookies are used to provide electronic services and to improve their quality. We do not use cookies to identify Users. This Cookie Policy also explains the rules for processing data collected through the use of cookies.

Definitions

Data Controller / Loyalty Roots – Refers to Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW, NIP: 6793332213, who, as the owner of the website, provides services electronically and stores or accesses information on the User’s devices.

Cookies – Refers to IT data, in particular small text files, stored and saved on the devices through which the User accesses the Service's websites.

Administrator Cookies / First-party Cookies – Refers to cookies placed and stored by the Administrator in connection with providing electronic services via the Service.

Third-party Cookies – Refers to cookies placed by the Administrator’s partners via the Service’s website.

Personal Data – Refers to information about an identified or identifiable natural person, which can be identified directly or indirectly, in particular by reference to an identifier such as name, online identifier, location data, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

Platform – Refers to the website or application under which the Administrator operates.

Device – Refers to an electronic device through which the User accesses the Service.

User – Refers to the entity on whose behalf, in accordance with the applicable regulations and laws, electronic services may be provided or with whom a contract for the provision of such services may be concluded.

Types of Cookies Used

The cookies used by the Administrator are safe for the User’s Device. In particular, they do not allow viruses or other unwanted or malicious software to enter Users' Devices. These files make it possible to identify the software used by the User and adapt the Service individually to each User. Cookies usually contain the domain name they come from, their storage duration, and an assigned value.

The Administrator uses two types of cookies:

Session cookies: Stored on the User’s Device and remain there until the browser session ends. The saved information is then permanently deleted from the Device’s memory. Session cookies do not collect any personal data or confidential information from the User’s Device.

Persistent cookies: Stored on the User’s Device and remain there until deleted. Ending the browser session or turning off the Device does not remove them. Persistent cookies do not collect any personal data or confidential information from the User’s Device.

The User may restrict or completely disable cookie access to their Device. However, doing so may affect some functionalities of the Service that rely on cookies.

Purposes of Cookie Usage

The Administrator uses cookies for the following purposes:

Strictly necessary cookies:

These are essential for the proper functioning of the website. They are used in particular to remember login sessions, complete forms, and set privacy options.

Analytical cookies:

These cookies allow us to analyze visits and traffic sources on our website. They help determine which pages are more or less popular and how users navigate the site. They support performance improvements through statistics and reports related to the website’s operation. Information collected is aggregated and not used to identify individuals. Without these cookies, we won't know when you visited the site or be able to improve its performance.

Functional cookies:

These cookies remember your preferences, such as language selection, and adjust the website accordingly. You can configure your browser to block or warn about these cookies, but some parts of the website may not work properly as a result.

Advertising cookies:

These cookies help tailor advertising content to your interests both on and off our website. They may be placed by advertising partners through our site. Based on this data and your activity on other sites, your interest profile is built. These cookies do not store personal data directly, but they can identify your browser and device. If you do not consent, ads may be less relevant to your interests.

Legal Basis for Cookie-Related Data Processing

The legal basis for processing personal data obtained via strictly necessary cookies is Art. 6(1)(b) of the GDPR, i.e. data processing necessary for the performance of a contract or to take steps prior to entering into a contract, in particular to provide services and functionalities of the Service used by the User.

For functional, analytical, and marketing cookies, the legal basis is Art. 6(1)(a) of the GDPR, i.e. the User’s consent, granted via the cookie consent management platform, given separately for each category.

Data Retention Period

The data retention period depends on the type and purpose of the electronic service, as outlined in the applicable regulations and legal provisions.

If the User consents to functional cookies, the data will be processed until the consent is withdrawn.

If a claim arises, the retention period may be extended for the time necessary to establish or defend against such claims, but not beyond the limitation period.

User Rights and Cookie Settings

The User has the right to access, rectify, delete, restrict processing, transfer data, and object to the processing of personal data, as defined under GDPR. The User also has the right to lodge a complaint with a supervisory authority if data is processed unlawfully.

If the data is processed based on separate consent, the User may withdraw consent at any time through the cookie management platform or by contacting the Administrator:

By post: Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW

By email: contact@loyaltyroots.com

The User can also change cookie settings at any time via their browser settings or relevant service configuration. For example, they may block cookies or receive notifications when a cookie is being placed. More information is available in the browser settings.

Users can delete cookies at any time using their browser’s available options.

Restricting cookies may affect the functionality of some services on the website.

How to Disable Cookies in Your Browser

Instructions for disabling cookies in popular browsers:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Google Chrome: https://support.google.com/chrome/answer/95647

Internet Explorer 7 and above: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Safari: https://support.apple.com/en-us/HT201265

Data Recipients

In connection with providing electronic services, including the use of cookie consent management tools, personal data may be shared with service providers working on behalf of Loyalty Roots Sp. z o.o., specifically:

IT solution providers

Marketing solution providers

Service, technology, or software providers

Advisory and auditing service providers

Additionally, since Loyalty Roots Sp. z o.o. uses analytics tools to study user behavior within the service, third parties—including providers such as Facebook, Google, and Bubble—may use cookies and similar technologies to collect or receive data from our websites and use it for measurement and targeted advertising.

Contact

Data Controller: Loyalty Roots Sp. z o.o.

For any additional questions about privacy protection, please contact Loyalty Roots at: contact@loyaltyroots.com


Privacy Policy for Job Candidates

This Privacy Policy applies to the processing of Personal Data of Candidates as part of the recruitment process conducted by Loyalty Roots Sp. z o.o. The Data Controller processes Candidates’ Personal Data in accordance with the General Data Protection Regulation (GDPR) and applicable national laws.

Definitions

Data Controller / Loyalty Roots – Refers to Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW, NIP: 6793332213, who conducts the recruitments process,

Candidate – Refers to an individual who submits an application for employment to Loyalty Roots Sp. z o.o. through any recruitment channel, including LinkedIn.

Personal Data – Refers to information about an identified or identifiable natural person, which can be identified directly or indirectly, in particular by reference to an identifier such as name, contact details, career history, and any information provided in application documents.

Processing – Refers to any operation performed on Personal Data, such as collection, storage, use, or deletion, whether by automated or non-automated means.

Client – Refers to companies or organizations that engage Loyalty Roots' services and for whose projects certain recruited candidates may be assigned to work.

Scope of Data Processing

The Data Controller processes the following categories of Personal Data provided by the Candidate:

Name and surname

Email address

Phone number

LinkedIn profile

Channel through which the Candidate found the recruitment offer

Documents submitted by the Candidate (e.g., CV, cover letter, reference letters), which may include additional Personal Data such as date of birth, address, education, and employment history

Purpose and Legal Basis for Processing

Personal Data of the Candidate is processed for the following purposes:

Conducting the recruitment process and evaluating the Candidate’s application.

Contacting the Candidate regarding the recruitment process.

Preparing and concluding an employment contract, if applicable.

Considering the Candidate for future recruitment processes for up to 24 months.

Sharing candidate information with clients when recruiting for client-specific project roles, to enable client evaluation and approval of candidates who will work on their projects.

The legal basis for processing is:

Article 6(1)(b) GDPR — processing necessary for the performance of a contract or to take steps at the request of the Candidate prior to entering into a contract.

Article 6(1)(c) GDPR — compliance with legal obligations.

Article 6(1)(a) GDPR — the Candidate’s consent to retain Personal Data for future recruitment processes.

The Candidate is informed and provides consent for their data to be stored and considered for future job opportunities for a period of up to 24 months

Data Retention

Personal Data of the Candidate will be stored:

For up to 24 months after the conclusion of the recruitment process, in order to consider the Candidate for future job opportunities, unless a longer retention period is required by law or for the defense of legal claims.

After this period, the data will be deleted or anonymized, unless the Candidate requests earlier deletion in accordance with their rights under GDPR.

Data Recipients

Personal Data of the Candidate may be shared with:

Authorized Loyalty Roots personnel involved in the recruitment process

Current or potential Loyalty Roots' clients when the candidate is being considered for a role that involves working directly on that client's projects, to enable client evaluation and approval

External service providers (such as HR management platforms or cloud services) who process data on behalf of the Data Controller under appropriate data processing agreements, in accordance with Article 28 GDPR

Data Sharing with Clients

Loyalty Roots may need to share candidate information with the relevant client to:

Enable client evaluation of candidates who will work on their projects

Obtain client approval for candidates assigned to their projects

Ensure proper project team composition

This sharing is based on Loyalty Roots' legitimate interest in delivering quality services to clients. Candidates will be informed when their data may be shared with clients for such positions.

Data Security

The Data Controller applies appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction.

Rights of the Candidate

The Candidate has the following rights under GDPR:

Right of access to Personal Data (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (‘right to be forgotten’, Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object to processing (Art. 21 GDPR)

To exercise these rights, the Candidate may contact the Data Controller at contact@loyaltyroots.com.

Final Provisions

The Data Controller reserves the right to update this Privacy Policy to reflect changes in law or recruitment practices. The current version will always be available on the website www.loyaltyroots.com.

Contact

Data Controller: Loyalty Roots Sp. z o.o.

For any additional questions about privacy protection, please contact Loyalty Roots at: contact@loyaltyroots.com

BACK TO HOME

Looking to build or scale loyalty?

© 2025 Loyalty Roots. All Rights Reserved.

Looking to build or scale loyalty?

© 2025 Loyalty Roots. All Rights Reserved.

Looking to build or scale loyalty?

© 2025 Loyalty Roots. All Rights Reserved.