Back
Privacy policy
Cookie Policy
These rules define the storage of and access to information on the User’s devices using cookies when accessing the www.loyaltyroots.com. Cookies are used to provide electronic services and to improve their quality. We do not use cookies to identify Users. This Cookie Policy also explains the rules for processing data collected through the use of cookies.
Definitions
Data Controller / Loyalty Roots – Refers to Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW, NIP: 6793332213, who, as the owner of the website, provides services electronically and stores or accesses information on the User’s devices.
Cookies – Refers to IT data, in particular small text files, stored and saved on the devices through which the User accesses the Service's websites.
Administrator Cookies / First-party Cookies – Refers to cookies placed and stored by the Administrator in connection with providing electronic services via the Service.
Third-party Cookies – Refers to cookies placed by the Administrator’s partners via the Service’s website.
Personal Data – Refers to information about an identified or identifiable natural person, which can be identified directly or indirectly, in particular by reference to an identifier such as name, online identifier, location data, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
Platform – Refers to the website or application under which the Administrator operates.
Device – Refers to an electronic device through which the User accesses the Service.
User – Refers to the entity on whose behalf, in accordance with the applicable regulations and laws, electronic services may be provided or with whom a contract for the provision of such services may be concluded.
Types of Cookies Used
The cookies used by the Administrator are safe for the User’s Device. In particular, they do not allow viruses or other unwanted or malicious software to enter Users' Devices. These files make it possible to identify the software used by the User and adapt the Service individually to each User. Cookies usually contain the domain name they come from, their storage duration, and an assigned value.
The Administrator uses two types of cookies:
Session cookies: Stored on the User’s Device and remain there until the browser session ends. The saved information is then permanently deleted from the Device’s memory. Session cookies do not collect any personal data or confidential information from the User’s Device.
Persistent cookies: Stored on the User’s Device and remain there until deleted. Ending the browser session or turning off the Device does not remove them. Persistent cookies do not collect any personal data or confidential information from the User’s Device.
The User may restrict or completely disable cookie access to their Device. However, doing so may affect some functionalities of the Service that rely on cookies.
Purposes of Cookie Usage
The Administrator uses cookies for the following purposes:
Strictly necessary cookies:
These are essential for the proper functioning of the website. They are used in particular to remember login sessions, complete forms, and set privacy options.
Analytical cookies:
These cookies allow us to analyze visits and traffic sources on our website. They help determine which pages are more or less popular and how users navigate the site. They support performance improvements through statistics and reports related to the website’s operation. Information collected is aggregated and not used to identify individuals. Without these cookies, we won't know when you visited the site or be able to improve its performance.
Functional cookies:
These cookies remember your preferences, such as language selection, and adjust the website accordingly. You can configure your browser to block or warn about these cookies, but some parts of the website may not work properly as a result.
Advertising cookies:
These cookies help tailor advertising content to your interests both on and off our website. They may be placed by advertising partners through our site. Based on this data and your activity on other sites, your interest profile is built. These cookies do not store personal data directly, but they can identify your browser and device. If you do not consent, ads may be less relevant to your interests.
Legal Basis for Cookie-Related Data Processing
The legal basis for processing personal data obtained via strictly necessary cookies is Art. 6(1)(b) of the GDPR, i.e. data processing necessary for the performance of a contract or to take steps prior to entering into a contract, in particular to provide services and functionalities of the Service used by the User.
For functional, analytical, and marketing cookies, the legal basis is Art. 6(1)(a) of the GDPR, i.e. the User’s consent, granted via the cookie consent management platform, given separately for each category.
Data Retention Period
The data retention period depends on the type and purpose of the electronic service, as outlined in the applicable regulations and legal provisions.
If the User consents to functional cookies, the data will be processed until the consent is withdrawn.
If a claim arises, the retention period may be extended for the time necessary to establish or defend against such claims, but not beyond the limitation period.
User Rights and Cookie Settings
The User has the right to access, rectify, delete, restrict processing, transfer data, and object to the processing of personal data, as defined under GDPR. The User also has the right to lodge a complaint with a supervisory authority if data is processed unlawfully.
If the data is processed based on separate consent, the User may withdraw consent at any time through the cookie management platform or by contacting the Administrator:
By post: Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW
By email: contact@loyaltyroots.com
The User can also change cookie settings at any time via their browser settings or relevant service configuration. For example, they may block cookies or receive notifications when a cookie is being placed. More information is available in the browser settings.
Users can delete cookies at any time using their browser’s available options.
Restricting cookies may affect the functionality of some services on the website.
How to Disable Cookies in Your Browser
Instructions for disabling cookies in popular browsers:
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Google Chrome: https://support.google.com/chrome/answer/95647
Internet Explorer 7 and above: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Safari: https://support.apple.com/en-us/HT201265
Data Recipients
In connection with providing electronic services, including the use of cookie consent management tools, personal data may be shared with service providers working on behalf of Loyalty Roots Sp. z o.o., specifically:
IT solution providers
Marketing solution providers
Service, technology, or software providers
Advisory and auditing service providers
Additionally, since Loyalty Roots Sp. z o.o. uses analytics tools to study user behavior within the service, third parties—including providers such as Facebook, Google, and Bubble—may use cookies and similar technologies to collect or receive data from our websites and use it for measurement and targeted advertising.
Contact
Data Controller: Loyalty Roots Sp. z o.o.
For any additional questions about privacy protection, please contact Loyalty Roots at: contact@loyaltyroots.com
Privacy Policy for Job Candidates
This Privacy Policy applies to the processing of Personal Data of Candidates as part of the recruitment process conducted by Loyalty Roots Sp. z o.o. The Data Controller processes Candidates’ Personal Data in accordance with the General Data Protection Regulation (GDPR) and applicable national laws.
Definitions
Data Controller / Loyalty Roots – Refers to Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW, NIP: 6793332213, who conducts the recruitments process,
Candidate – Refers to an individual who submits an application for employment to Loyalty Roots Sp. z o.o. through any recruitment channel, including LinkedIn.
Personal Data – Refers to information about an identified or identifiable natural person, which can be identified directly or indirectly, in particular by reference to an identifier such as name, contact details, career history, and any information provided in application documents.
Processing – Refers to any operation performed on Personal Data, such as collection, storage, use, or deletion, whether by automated or non-automated means.
Client – Refers to companies or organizations that engage Loyalty Roots' services and for whose projects certain recruited candidates may be assigned to work.
Scope of Data Processing
The Data Controller processes the following categories of Personal Data provided by the Candidate:
Name and surname
Email address
Phone number
LinkedIn profile
Channel through which the Candidate found the recruitment offer
Documents submitted by the Candidate (e.g., CV, cover letter, reference letters), which may include additional Personal Data such as date of birth, address, education, and employment history
Purpose and Legal Basis for Processing
Personal Data of the Candidate is processed for the following purposes:
Conducting the recruitment process and evaluating the Candidate’s application.
Contacting the Candidate regarding the recruitment process.
Preparing and concluding an employment contract, if applicable.
Considering the Candidate for future recruitment processes for up to 24 months.
Sharing candidate information with clients when recruiting for client-specific project roles, to enable client evaluation and approval of candidates who will work on their projects.
The legal basis for processing is:
Article 6(1)(b) GDPR — processing necessary for the performance of a contract or to take steps at the request of the Candidate prior to entering into a contract.
Article 6(1)(c) GDPR — compliance with legal obligations.
Article 6(1)(a) GDPR — the Candidate’s consent to retain Personal Data for future recruitment processes.
The Candidate is informed and provides consent for their data to be stored and considered for future job opportunities for a period of up to 24 months
Data Retention
Personal Data of the Candidate will be stored:
For up to 24 months after the conclusion of the recruitment process, in order to consider the Candidate for future job opportunities, unless a longer retention period is required by law or for the defense of legal claims.
After this period, the data will be deleted or anonymized, unless the Candidate requests earlier deletion in accordance with their rights under GDPR.
Data Recipients
Personal Data of the Candidate may be shared with:
Authorized Loyalty Roots personnel involved in the recruitment process
Current or potential Loyalty Roots' clients when the candidate is being considered for a role that involves working directly on that client's projects, to enable client evaluation and approval
External service providers (such as HR management platforms or cloud services) who process data on behalf of the Data Controller under appropriate data processing agreements, in accordance with Article 28 GDPR
Data Sharing with Clients
Loyalty Roots may need to share candidate information with the relevant client to:
Enable client evaluation of candidates who will work on their projects
Obtain client approval for candidates assigned to their projects
Ensure proper project team composition
This sharing is based on Loyalty Roots' legitimate interest in delivering quality services to clients. Candidates will be informed when their data may be shared with clients for such positions.
Data Security
The Data Controller applies appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction.
Rights of the Candidate
The Candidate has the following rights under GDPR:
Right of access to Personal Data (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (‘right to be forgotten’, Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
To exercise these rights, the Candidate may contact the Data Controller at contact@loyaltyroots.com.
Final Provisions
The Data Controller reserves the right to update this Privacy Policy to reflect changes in law or recruitment practices. The current version will always be available on the website www.loyaltyroots.com.
Contact
Data Controller: Loyalty Roots Sp. z o.o.
For any additional questions about privacy protection, please contact Loyalty Roots at: contact@loyaltyroots.com
BACK TO HOME
Back
Privacy policy
Cookie Policy
These rules define the storage of and access to information on the User’s devices using cookies when accessing the www.loyaltyroots.com. Cookies are used to provide electronic services and to improve their quality. We do not use cookies to identify Users. This Cookie Policy also explains the rules for processing data collected through the use of cookies.
Definitions
Data Controller / Loyalty Roots – Refers to Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW, NIP: 6793332213, who, as the owner of the website, provides services electronically and stores or accesses information on the User’s devices.
Cookies – Refers to IT data, in particular small text files, stored and saved on the devices through which the User accesses the Service's websites.
Administrator Cookies / First-party Cookies – Refers to cookies placed and stored by the Administrator in connection with providing electronic services via the Service.
Third-party Cookies – Refers to cookies placed by the Administrator’s partners via the Service’s website.
Personal Data – Refers to information about an identified or identifiable natural person, which can be identified directly or indirectly, in particular by reference to an identifier such as name, online identifier, location data, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
Platform – Refers to the website or application under which the Administrator operates.
Device – Refers to an electronic device through which the User accesses the Service.
User – Refers to the entity on whose behalf, in accordance with the applicable regulations and laws, electronic services may be provided or with whom a contract for the provision of such services may be concluded.
Types of Cookies Used
The cookies used by the Administrator are safe for the User’s Device. In particular, they do not allow viruses or other unwanted or malicious software to enter Users' Devices. These files make it possible to identify the software used by the User and adapt the Service individually to each User. Cookies usually contain the domain name they come from, their storage duration, and an assigned value.
The Administrator uses two types of cookies:
Session cookies: Stored on the User’s Device and remain there until the browser session ends. The saved information is then permanently deleted from the Device’s memory. Session cookies do not collect any personal data or confidential information from the User’s Device.
Persistent cookies: Stored on the User’s Device and remain there until deleted. Ending the browser session or turning off the Device does not remove them. Persistent cookies do not collect any personal data or confidential information from the User’s Device.
The User may restrict or completely disable cookie access to their Device. However, doing so may affect some functionalities of the Service that rely on cookies.
Purposes of Cookie Usage
The Administrator uses cookies for the following purposes:
Strictly necessary cookies:
These are essential for the proper functioning of the website. They are used in particular to remember login sessions, complete forms, and set privacy options.
Analytical cookies:
These cookies allow us to analyze visits and traffic sources on our website. They help determine which pages are more or less popular and how users navigate the site. They support performance improvements through statistics and reports related to the website’s operation. Information collected is aggregated and not used to identify individuals. Without these cookies, we won't know when you visited the site or be able to improve its performance.
Functional cookies:
These cookies remember your preferences, such as language selection, and adjust the website accordingly. You can configure your browser to block or warn about these cookies, but some parts of the website may not work properly as a result.
Advertising cookies:
These cookies help tailor advertising content to your interests both on and off our website. They may be placed by advertising partners through our site. Based on this data and your activity on other sites, your interest profile is built. These cookies do not store personal data directly, but they can identify your browser and device. If you do not consent, ads may be less relevant to your interests.
Legal Basis for Cookie-Related Data Processing
The legal basis for processing personal data obtained via strictly necessary cookies is Art. 6(1)(b) of the GDPR, i.e. data processing necessary for the performance of a contract or to take steps prior to entering into a contract, in particular to provide services and functionalities of the Service used by the User.
For functional, analytical, and marketing cookies, the legal basis is Art. 6(1)(a) of the GDPR, i.e. the User’s consent, granted via the cookie consent management platform, given separately for each category.
Data Retention Period
The data retention period depends on the type and purpose of the electronic service, as outlined in the applicable regulations and legal provisions.
If the User consents to functional cookies, the data will be processed until the consent is withdrawn.
If a claim arises, the retention period may be extended for the time necessary to establish or defend against such claims, but not beyond the limitation period.
User Rights and Cookie Settings
The User has the right to access, rectify, delete, restrict processing, transfer data, and object to the processing of personal data, as defined under GDPR. The User also has the right to lodge a complaint with a supervisory authority if data is processed unlawfully.
If the data is processed based on separate consent, the User may withdraw consent at any time through the cookie management platform or by contacting the Administrator:
By post: Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW
By email: contact@loyaltyroots.com
The User can also change cookie settings at any time via their browser settings or relevant service configuration. For example, they may block cookies or receive notifications when a cookie is being placed. More information is available in the browser settings.
Users can delete cookies at any time using their browser’s available options.
Restricting cookies may affect the functionality of some services on the website.
How to Disable Cookies in Your Browser
Instructions for disabling cookies in popular browsers:
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Google Chrome: https://support.google.com/chrome/answer/95647
Internet Explorer 7 and above: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Safari: https://support.apple.com/en-us/HT201265
Data Recipients
In connection with providing electronic services, including the use of cookie consent management tools, personal data may be shared with service providers working on behalf of Loyalty Roots Sp. z o.o., specifically:
IT solution providers
Marketing solution providers
Service, technology, or software providers
Advisory and auditing service providers
Additionally, since Loyalty Roots Sp. z o.o. uses analytics tools to study user behavior within the service, third parties—including providers such as Facebook, Google, and Bubble—may use cookies and similar technologies to collect or receive data from our websites and use it for measurement and targeted advertising.
Contact
Data Controller: Loyalty Roots Sp. z o.o.
For any additional questions about privacy protection, please contact Loyalty Roots at: contact@loyaltyroots.com
Privacy Policy for Job Candidates
This Privacy Policy applies to the processing of Personal Data of Candidates as part of the recruitment process conducted by Loyalty Roots Sp. z o.o. The Data Controller processes Candidates’ Personal Data in accordance with the General Data Protection Regulation (GDPR) and applicable national laws.
Definitions
Data Controller / Loyalty Roots – Refers to Loyalty Roots Sp. z o.o., UL. CZYŻÓWKA 14 / 2.11, 30-526 KRAKÓW, NIP: 6793332213, who conducts the recruitments process,
Candidate – Refers to an individual who submits an application for employment to Loyalty Roots Sp. z o.o. through any recruitment channel, including LinkedIn.
Personal Data – Refers to information about an identified or identifiable natural person, which can be identified directly or indirectly, in particular by reference to an identifier such as name, contact details, career history, and any information provided in application documents.
Processing – Refers to any operation performed on Personal Data, such as collection, storage, use, or deletion, whether by automated or non-automated means.
Client – Refers to companies or organizations that engage Loyalty Roots' services and for whose projects certain recruited candidates may be assigned to work.
Scope of Data Processing
The Data Controller processes the following categories of Personal Data provided by the Candidate:
Name and surname
Email address
Phone number
LinkedIn profile
Channel through which the Candidate found the recruitment offer
Documents submitted by the Candidate (e.g., CV, cover letter, reference letters), which may include additional Personal Data such as date of birth, address, education, and employment history
Purpose and Legal Basis for Processing
Personal Data of the Candidate is processed for the following purposes:
Conducting the recruitment process and evaluating the Candidate’s application.
Contacting the Candidate regarding the recruitment process.
Preparing and concluding an employment contract, if applicable.
Considering the Candidate for future recruitment processes for up to 24 months.
Sharing candidate information with clients when recruiting for client-specific project roles, to enable client evaluation and approval of candidates who will work on their projects.
The legal basis for processing is:
Article 6(1)(b) GDPR — processing necessary for the performance of a contract or to take steps at the request of the Candidate prior to entering into a contract.
Article 6(1)(c) GDPR — compliance with legal obligations.
Article 6(1)(a) GDPR — the Candidate’s consent to retain Personal Data for future recruitment processes.
The Candidate is informed and provides consent for their data to be stored and considered for future job opportunities for a period of up to 24 months
Data Retention
Personal Data of the Candidate will be stored:
For up to 24 months after the conclusion of the recruitment process, in order to consider the Candidate for future job opportunities, unless a longer retention period is required by law or for the defense of legal claims.
After this period, the data will be deleted or anonymized, unless the Candidate requests earlier deletion in accordance with their rights under GDPR.
Data Recipients
Personal Data of the Candidate may be shared with:
Authorized Loyalty Roots personnel involved in the recruitment process
Current or potential Loyalty Roots' clients when the candidate is being considered for a role that involves working directly on that client's projects, to enable client evaluation and approval
External service providers (such as HR management platforms or cloud services) who process data on behalf of the Data Controller under appropriate data processing agreements, in accordance with Article 28 GDPR
Data Sharing with Clients
Loyalty Roots may need to share candidate information with the relevant client to:
Enable client evaluation of candidates who will work on their projects
Obtain client approval for candidates assigned to their projects
Ensure proper project team composition
This sharing is based on Loyalty Roots' legitimate interest in delivering quality services to clients. Candidates will be informed when their data may be shared with clients for such positions.
Data Security
The Data Controller applies appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction.
Rights of the Candidate
The Candidate has the following rights under GDPR:
Right of access to Personal Data (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (‘right to be forgotten’, Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
To exercise these rights, the Candidate may contact the Data Controller at contact@loyaltyroots.com.
Final Provisions
The Data Controller reserves the right to update this Privacy Policy to reflect changes in law or recruitment practices. The current version will always be available on the website www.loyaltyroots.com.
Contact
Data Controller: Loyalty Roots Sp. z o.o.
For any additional questions about privacy protection, please contact Loyalty Roots at: contact@loyaltyroots.com
BACK TO HOME
Looking to build or scale loyalty?
© 2025 Loyalty Roots. All Rights Reserved.
Looking to build or scale loyalty?
© 2025 Loyalty Roots. All Rights Reserved.
Looking to build or scale loyalty?
© 2025 Loyalty Roots. All Rights Reserved.