PERSONAL DATA PRIVACY POLICY

Applicable from: 1 June 2021

PIKRALIDA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

§1

Identity of the Data Controller

  1. Personal Data Controller is PIKRALIDA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ based in Poznań, at ul. Uniwersytetu Poznańskiego 10, 61-614 Poznań, NIP: 7792503386, REGON: 382576965, registered under KRS 0000773180 by the District Court for Poznań Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register.
  2. The data shall be processed in accordance with currently applicable legal provisions, namely Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR), the Data Protection Act of 10 May 2018, as well as the Act on the provision of electronic services of 18 July 2002.

§2

Definitions

This privacy policy shall use the following definitions:

  1. Site – the website available at www.pikralida.eu, through which the User may browse the content of the Site and subpages thereof.
  2. Personal Data Controller – the entity in control of the purpose and means of data processing, herein denoting PIKRALIDA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ based in Poznań at ul. Uniwersytetu Poznańskiego 10, 61-614 Poznań, which maintains the Site.
  3. User – a natural person being the data subject who browses content available on the Site.
  4. Applicant – a User, a natural person applying for recruitment advertisements (job offers at https://pikralida.eu/kariera/), published by the Data Controller on the subpages of the Site or through external services where the Data Controller may publish job offers.
  5. Personal data – any information that, without undue time or cost, may result in the identification of an individual, including their identification, address and contact details.
  6. Cookies – small files that are downloaded and stored on the computer or another device of the User, related to the information on the use of the website.

§3

Modes of data acquisition

  1. The User’s personal data shall be collected directly from the data subjects, i.e. using the following means:
    1. by contacting the Data Controller using the contact details available on the Site, including by phone, e-mail, by postal services to the address of the Data Controller’s registered office,
    2. by providing data necessary for the preparation and conclusion of an agreement, including the conclusion of a cooperation agreement with clients and contractors of the Data Controller,
    3. by sending the Applicant’s application documents to the e-mail address indicated on the Site,
    4. by filling in a form with personal data and attaching application documents through external services where the Data Controller publishes job advertisements, where applicable,
    5. by providing personal data during the recruitment interview.
  2. Personal data may also be collected indirectly from persons, companies and institutions with whom the Data Controller cooperates, in particular as regards data of persons representing clients and contractors, as well as employees and collaborators thereof, whose personal data will be necessary to conclude and perform the concluded cooperation agreements.

§4

Purposes of Personal Data Processing

  1. The Data Controller shall process personal data for the following purposes:
    1. to prepare and perform an agreement to which the person is a party, which processing shall be performed under Article 6(1)(b) of the GDPR,
    2. to take action at the request of the data subject, including to answer questions asked via electronic means of communication or for the purpose of handling conventional correspondence, wherein such processing is done under Article 6(1)(b) of the GDPR, and under Article 6(1)(a) of the GDPR, i.e. the data subject’s consent to the processing of their data also after providing answers for marketing and commercial purposes via electronic means,
    3. to conduct recruitment on the basis of the Applicant’s voluntary consent (Article 6(1)(a) of the GDPR), and under Article 6(1)(c) of the GDPR, i.e. in order to fulfil the legal obligations incumbent on the Data Controller under the Labour Code Act of 26 June 1974,
    4. to hire employees, wherein such processing is done under Article 6(1)(c) of the GDPR, i.e. for the purpose of fulfilling legal obligations incumbent on the Data Controller, in particular under the Labour Code Act of 26 June 1974,
    5. to issue a bill or invoice to an individual who is a contractor or client of the Data Controller, wherein such processing is done under Article 6(1)(c) of the GDPR in order to fulfil legal obligations incumbent on the Data Controller, in particular those ensuing from the provisions of the Tax Ordinance Act of 29 August 1997,
    6. to market the Data Controller’s own products and services by conventional means, i.e. under Article 6(1)(f) of the GDPR, wherein such processing is done to fulfil a legitimate purpose of the Data Controller,
    7. to send the Data Controller’s commercial and marketing information to an e-mail address, with the consent of the data subject under Article 6(1)(a) of the GDPR,
    8. to pursue rights and claims by the Data Controller or the data subject under Article 6(1)(f) of the GDPR, wherein such processing is done to fulfil a legitimate purpose of the Data Controller.
  2. The provision of personal data is necessary for the conclusion and performance of the agreement, for conducting recruitment procedures, for billing or invoicing, for pursuing claims and answering questions.
  3. Provision of the data required is a prerequisite for certain steps, such as participation in recruitment, conclusion of an agreement and making contact by the Data Controller.

§5

Personal Data processed

The extent of personal data processed has been limited to the minimum necessary for the purpose for which they are collected, namely:

  • to make an enquiry using the contact details available on the site, including the company name, name and surname, e-mail address, telephone number, and any other data voluntarily provided by the data subject, if applicable, or information contained in electronic files which the sender chooses to attach to the message sent,
    • to send application documents via e-mail: name and surname, contact data provided by the data subject, education and work experience related to the job position for which the person applies, as well as other personal data voluntarily included in the application documents sent (CV, cover letter) under the Labour Code Act of 26 June 1974, other data voluntarily provided by the Applicant,
    • to conclude an employment agreement/civil law agreement, in particular: name and surname, address, PESEL (personal identification) number or other identification data if the person has not been assigned a PESEL number, number and series of an identity document, data concerning education and professional experience,
    • to conclude a cooperation agreement, contact data, in particular: name and surname of a natural person or natural persons representing a legal person, name and address of a natural person or legal person, NIP (Tax Identification Number), other identification data necessary to conclude a cooperation agreement,
    • in order to issue a bill or an invoice for the Data Controller’s contractors and clients: company name, name and surname of a natural person conducting business activity, address of the registered office, NIP, other billing data as required.

§6

Period of data processing

Personal data shall be processed for the period necessary to fulfil the purpose for which they were collected, namely:

  1. for the period necessary to answer the question asked by phone/e-mail, but for a period not exceeding 6 months, unless the person decides to enter into an agreement with the Data Controller or gives consent for marketing and commercial purposes by e-mail in the future,
    1. until revocation of consent, if the processing is based on the data subject’s consent,
    2. for the period necessary for the recruitment process, i.e. for a period not exceeding 6 months from the date of the potential Applicant sending their application for the purposes of current recruitment, and 12 months for the purposes of future recruitment, if the Applicant voluntarily consents to the processing of data for the purposes of future recruitment,
    3. for the duration of employment under an employment agreement or commission contract and for a period of 10 years from the end of the calendar year in which the employment relationship terminates or expires,
    4. for the duration of the concluded agreement for provision of services or cooperation, and then for the period necessary to document the agreement or service performed, including to issue of a bill or invoice, i.e. 5 years, counting from the end of the calendar year in which the date due for tax payment expired, pursuant to Article 112 of the Act on tax on goods and services of 11 March 2004, in connection with Article 70 of the Tax Ordinance Act of 29 August 1997.

§7

Recipients of the data

  1. The User’s personal data may be entrusted to other entities in order to perform services commissioned by the Data Controller, in particular to entities involved in the following scope:
    1. service and maintenance of the website,
    2. maintenance and support of e-mail,
    3. service and maintenance of the IT systems in which the data are processed, including for the purposes of issuing bills or invoices, collecting and storing application-related documents, cooperation agreements, etc,
    4. provision of accounting and personnel services to the Company.
  2. Personal data may be shared with entities duly authorised in compliance with the law, in particular the Social Security Office, the Tax Office, court, police, prosecution, etc.
  3. Personal data may also be shared, where necessary, with entities that assist the Data Controller in pursuing claims, such as law firms and debt collection agencies.
  4. Personal data may be transferred to third countries, in particular in connection with the use of the IT systems through which they are processed. The servers on which personal data is stored are located outside the European Economic Area, in particular in the United States of America, Japan, and India. The list of sub-processors is available at: https://workspace.google.com/intl/en/terms/subprocessors.html
  5. The processing of data outside the European Economic Area is based on standard contractual clauses concluded between the Personal Data Controller and the service provider. The data processing does not violate the privacy of any individuals. The Service Provider provides the highest data protection guarantees.

§8

Rights of data subjects

  1. Data subjects shall have the following rights:
    1. to access and rectify the data,
    2. to have the data erased, unless other legal provisions oblige the Data Controller to archive data for a specific period,
    3. to have the data transferred, if the processing is based on a agreement or consent of the data subject, and the processing is done automatically,
    4. to object to the processing of data for direct marketing purposes carried out by the Data Controller for the purpose of fulfilling a legitimate legal interest,
    5. not to be subject to automated profiling, should the Data Controller take decisions based solely on automated profiling that would produce legal effects for the data subject or affect them in a similar manner,
    6. to monitor the processing of data and to be informed as to who the Data Controller is and to receive information regarding the purpose, scope and means of the data processing, the content of such data, the source of the data and the means of access, including on the recipients or categories of recipients of the data, including the right to obtain a copy of the data,
    7. the right to restrict processing in cases provided for in Article 18 of the GDPR, in particular where the data subject contests the accuracy of the personal data, for a period enabling the Data Controller to verify the accuracy of such data, where the Data Controller no longer requires the personal data for processing purposes, while they are necessary for the data subject to establish, pursue or defend their claims,
    8. to withdraw consent at any time where the processing was based on the data subject’s consent. Revocation of consent shall not affect the lawfulness of processing carried out on the basis thereof before such revocation,
  2. In order to exercise your right to data control, access to data content, data rectification, as well as other rights, please contact the Data Controller using the contact details available on the Site.
  3. The data subject has the right to file a complaint with the President of the Office for Personal Data Protection (PUODO), if the data subject finds that the processing of their data is not performed in compliance with current applicable legislation.

§9

Cookie policy

  1. The Site uses cookies to provide services and functionalities matching the preferences and needs of Users, in particular cookies allow for the User’s device to be recognised and for the Site to be properly displayed, as required for each individual user.
  2. Cookies may be non-persistent, i.e. they are deleted when the browser is closed, or may be persistent.
  3. Persistent cookies are also stored after the user has finished using the Site subpages, which makes it quicker and easier to use the subpages, and allows for the user’s settings to be saved.
  4. The Site uses cookies for the following purposes:
    1. to adjust the content of the Site subpages to individual user preferences and to optimise the use of the websites (personalised display),
    2. to produce analyses and statistics to provide information on the manner of use of the Site’s User of the subpages, so as to successfully improve the structure and content thereof.
  5. Data contained in cookies shall be archived and used for the purposes of statistical analysas and evaluation of global traffic of the Site users.
  6. In order to analyse traffic on the Site, traffic sources, and to optimise marketing measures, analytical tools have been installed on the website, which allow for analysing User traffic on the Site and its subpages, such as Google Analytics from Google LLC. The data collected include country/city, number of views, pages viewed, duration of viewing.
  7. By clicking “I agree/ I accept/I understand” in the box displaying the information on cookies, the User agrees for the cookies to be used for the purposes as above. The User may, at any time, delete and/or disable cookies in the web browser they use to browse the subpages of the Site.
  8. The User may, at any time, change the settings concerning cookies in the settings of the web browser (“help” tab) used to browse the subpages of the Site.
  9. The settings concerning cookies may be changed so as to block the automatic support of cookies in the settings of the web browser or to display a notification each time they are placed in the User’s device.
  10. Deleting or disabling cookies may cause difficulties or limited functionality in some parts of the website, since some cookies, so-called functional cookies, may be necessary for proper operation and display of the subpages of the Site.

§10

Technical requirements

  1. The use of the Site is voluntary and free of charge for the User.
  2. In order to use the Site, the User is required to have the following:
    1. a device with access to the Internet (computer, tablet, phone),
    2. a properly configured web browser supporting cookies, such as Internet Explorer, Opera, Mozilla Firefox, Safari, Google Chrome (preferably, for Mozilla Firefox, version at least 24.0, for Opera, at least version 10, for Google Chrome, at least version 28.0, and for MS Internet Explorer, at least version 8.0), which provides support for cookies and JavaScript. Other versions of web browsers may be used provided that they ensure full compatibility with the versions listed above.
    3. an active and properly configured e-mail account, enabling the User to receive e-mails.
  3. For safe use of the Site, it is recommended that the device used by the User has the following in particular: an up-to-date anti-virus system, a reliable firewall, available updates of the operating system and of the Internet browser relating to safety installed, activated enabled cookies and JavaScript in the web browser.
  4. The User is obliged to use the Site in compliance with the regulations in force in the territory of the Republic of Poland.
  5. Files sent by the User via forms available on the subpages of the Site should be saved in formats considered to be commonly used that allow them to be read by the Data Controller, in particular in .PDF or .DOC file format or equivalent.

§11

Final provisions

  1. The Data Controller reserves the right to amend this privacy policy, in particular where required by the technical solutions used, changes in the law on data subjects’ privacy, or other significant changes impacting the content of the information provided to Users in connection with the processing of their data.
  2. In the event of a change to the applicable privacy policy, modifications shall be made to the version as above to become applicable 14 days from publication thereof on the Site.