Privacy Policy

When you as an individual contact us or use our services, whether you are acting on your own behalf or on behalf of another entity (e.g. our client, supplier, etc.), or when we have received your personal data from other sources (e.g. from publicly available industry websites or when your data has been disclosed to us as contact details for the purpose of performing contracts), we process your personal data.

We approach all information about you responsibly and in accordance with the law – in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”).

The following information is intended to explain who we are, how we obtain personal data and what obligations we have regarding your personal data, what is their scope, purpose and period of their processing. If anything was incomprehensible to you or raised your doubts, please contact us:

Glossary – Basic Terms

Controller – VR-Learning sp. z o.o. with its registered office in Warsaw, at the address: ul. Ksawerów 3, 02-656 Warszawa, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XIIIth Commercial Division of the National Court Register, under KRS number 0000780005, NIP: 5213862225, REGON: 38299904500000, with capital in the amount of PLN 5,000.00, email:

Personal data – all information that we process about you. These are, for example, name, surname, e-mail address, telephone number, etc.

Processing – all activities we perform on your personal data. These are e.g. collecting, storing, updating, sending you messages or deleting data.

What personal data do we process?

The scope of personal data that we process depends on what information is necessary in connection with our relationship – they may include primarily your identification data (including name and surname), contact details (including correspondence address, telephone number, e-mail address or other contact details) and concerning the place of work / details of the entity you represent and the functions you perform in it. In addition, it may be data regarding the date of contact and its duration as well as the content of our communication. Sometimes it may also be other information that we have obtained from publicly available sources, related to our business relationship (e.g. industry portals).

Processing your data (where we get it from)

Your personal data may be processed in many situations: (i) if you have provided them to us personally via various communication channels (e.g. by e-mail or via our contact form); (ii) when we obtained them from other people, e.g. from your employers / principals (as part of our cooperation, when signing or performing a contract); (iii) or from other sources (e.g. from a company you cooperate with, which is our contractor / client, or from publicly available sources). We may have received some of your data from you during our training, conference or industry event in which our representatives participated, or from the organizer of such an event.

What is the purpose and legal basis for the processing of personal data?

We process the above information in order to establish a business relationship and conclude a contract or to fulfill the already established cooperation (with you or the entity you represent), including possibly answering questions, conducting further correspondence / contact in this regard, improving communication.

The legal basis for these activities from the perspective of personal data protection is our legitimate interest (Article 6(1)(f) of the GDPR). In the case of further communication aimed at concluding a contract (if you are its direct party), or remaining in connection with an already concluded contract, the legal basis may be “to take steps at the request of the data subject prior to entering into a contract” (Article 6(1)(b) of the GDPR).

If you give your consent or send us an appropriate inquiry, we may also send you commercial information or offers. The basis for such actions will be our legitimate interest (Article 6(1)(f) of the GDPR).

In completely exceptional cases, the processing of your personal data may be aimed at defending against potential claims or possibly making claims – also in this case, the basis for processing personal data will be our legitimate interest (Article 6(1)(f) of the GDPR).

Sometimes the processing of your Data may take place in order to comply with legal obligations (e.g. tax, accounting), which will also be the basis for such activities (Article 6(1)(c) of the GDPR).

Providing your personal data is voluntary, however, sometimes it may be necessary for purposes related to our cooperation, e.g. necessary to conclude or perform a contract or to answer an inquiry or to conduct correspondence.

If your data is processed on the basis of the legitimate interest of the controller, you have the
right to object to such processing.

For how long do we process your data?

Personal data collected for the purpose of concluding and performing the contract or maintaining our relationship (marketing) will be processed for the duration of the contract or until you object to the processing based on a legitimate interest. Personal data used only as part of contacting us will be processed until the end of communication with you.

These periods may be appropriately and necessary extended, in the case of any claims and court proceedings – by the duration of these proceedings and their settlement – and also if the law in certain cases obliges us to process them longer (usually for a period of up to 7 years after the end of duration of our contract, which results from tax regulations).

Who may have access to your personal data?

Access to your personal data is granted only to entities that support us in the provision of services, on the basis of appropriate agreements for entrusting personal data for processing, such as providers of communication tools (e.g. by e-mail), entities providing IT services, providers of legal and advisory services, our contractors, e.g. organizing trainings. All these entities have access only to the information necessary for their activities.

Some of our solution providers may be based outside the European Economic Area (EEA). In each case of data transfer outside the EEA, we apply the required security measures, including, for example, standard data protection clauses adopted pursuant to a decision of the European Commission, taking into account appropriate safeguards. You can obtain a copy of our safeguards regarding the transfer of personal data to a country outside the EEA by contacting us (

What rights do you have in connection with processing of your data?

At any time, you have the right to:

  1. Access to personal data (including e.g. receiving information which personal data is being processed or a copy thereof);
  2. Requests to rectify (update) data – if information about you is/becomes incorrect or incomplete;
  3. Withdraw any consent given to the Controller at any time – however the withdrawal of consent does not affect the processing carried out by the Controller in accordance with the law before its withdrawal;
  4. Requests to delete data – in certain situations, the GDPR grants you the so-called the right to be forgotten. You can use it if we continue to process your data, in particular in the following cases:
    • you withdraw your consent to the processing of personal data, when at the same time there is no other legal basis for their further processing;
    • you object to the processing of personal data when there are no overriding legitimate grounds for processing;
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
    • your objection to the processing of personal data for marketing purposes;
    • unlawful processing of your data;
    • the law requires the deletion of data;
  5. Requests to limit processing – you can request that we limit our activities, as a rule, only to storing information about you when:
    • you question the accuracy of the personal data we process – for a period that allows you to check the correctness of this data;
    • the processing of your personal data is unlawful, but you prefer to limit processing instead of deleting it;
    • VR-Learning no longer needs your personal data for processing purposes, but you need them to establish, pursue or defend claims;
    • you have objected to the processing of your personal data – only until it is determined whether your interests outweigh our legitimate interests;
  6. Data portability – you have the right to receive your data in a commonly used, machine-readable format, as well as to send it to another controller, if:
    • the processing is based on your consent or contract; and
    • the processing is carried out by automated means
  7. Object to the processing of your personal data carried out in order to implement the legitimate interests of the controller or a third party (if there are no other valid legitimate grounds for processing overriding your interests, rights and freedoms, or grounds for establishing, investigating or defending claims – in such a case case, we will continue to process your data covered by the objection to the necessary extent).
  8. Submit a complaint to the supervisory authority, which in Poland is the President of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych – PUODO). A detailed description of the procedure for submitting a complaint to PUODO is available on the website maintained by PUODO at: If you have any comments about how we operate, we encourage you to contact us in the first instance (email:

For the efficient exercise of your rights, please send each request to the e-mail address: with the title “Request RODO”, and in the content specifying which right you want to exercise (this will speed up the implementation of your right, but you can also submit inquiries in any other form, including in writing).

Information about cookies

Cookies are small text information sent by the server and saved on the side of your device (usually on your computer’s hard drive). They store information that we may need to adapt to how you use our website and to collect statistical data.

During your visit to our website, we may collect data regarding your internet service provider’s domain name, browser type, operating system type, IP address, websites you visit, items you have downloaded, and operational data or location information device you are using.

We assure you that all information received in this way is used by us only for the purposes indicated in this policy and in no case is harmful to you or to the device you use, because it does not introduce any configuration changes

Of course, you can change the way cookies are used, including completely blocking or removing them using a web browser or service configuration. However, you must remember that such operations may prevent or significantly hinder the proper operation of our website, for example by significantly slowing down its functioning.

Cookies used on our website:

  • Google Analytics cookies (first-party cookies)

Last update of this policy: 28.12.2022