The controller of your personal data is DYVENIA spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków (address: ul. Józefa Sarego 26/14, 31-047 Kraków, Poland), entered into the registry of entrepreneurs of the National Court Register under the number: 0000914084, having Tax Identification Number: 6762600902 and Statistical Number: 389555481 (hereinafter referred to as: „DYVENIA” or “We” or “Controller”).
In all matters regarding the protection of personal data, you can contact the Controller by e-mail: [email protected]
We can process data of each user characterizes how the user uses our Service (these are so-called operating data).
This processing includes an automatic reading of a unique identifier that identifies the end of the telecommunications network or IT system you use (i.e. your IP address), the date and time of the server, information about the technical parameters of the software and the device you use (e.g. whether you use your laptop or phone for browsing our site and the place from which you connect to our server. We may use this information for market research purposes and to improve the performance of the Service. The data stored in the server logs is not associated with specific people using the website. The server logs are the only auxiliary material used to administer the Service.
This data is processed on the basis of Article 6 section 1 letter f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, (hereinafter referred to as: the “GDPR”), (i.e., “processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party”). This legitimate interest is to enable the diagnosis of errors in the Service and the improvement of its quality.
If you are our client, we process your personal data to fulfil the contract with you and to fulfil our legal obligations as well tax obligations.
The legal basis for the processing of your data is Article 6 section 1 letter b) of the GDPR (i.e., “processing is necessary for the performance of the contract with the party to which are related the data, or to take action at the request of that party before concluding the agreement”) and Article 6 section 1 letter c) of the GDPR (i.e., “processing is necessary to fulfil the legal obligation of the controller”).
We process your data to fulfil the contract with our client. The legal basis for these activities is Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for purposes arising from legitimate interests pursued by the controller or by a third party”).
We assume in good faith that our client has informed you about the disclosure of your data to us and the purpose of their processing. We believe that by processing your data in the manner described here, we do not do it for other purposes than those in which our client has obtained it from you.
We process your personal data in order to ensure your participation in the recruitment process.
We may process your data in order to:
We may process the following data of job applicants:
Personal data of job applicants indicated in point 2 above may be asked for only when required to perform work of a specific type or in a specific position. At DYVENIA, we need to analyze your education, professional qualifications and employment history to understand if you will be able to perform your future responsibilities successfully.
We may ask for other data than those mentioned in points 1 – 2 above only if it is necessary to exercise rights or to fulfil an obligation arising from the law provision. However, they still can be processed under your consent.
The legal basis for the processing of your personal data is:
If the data you provide to us includes sensitive data, we will process it only on the basis of your express and separate consent. The consent may be withdraw at any time by contacting us. Note that such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In the absence of the consent data will be deleted immediately.
If you give your consent to this, DYVENIA will also store and process your personal data for the purposes of future recruitment processes. You can withdraw your consent at any time by contacting us.
By contacting us, you provide us with your personal data, including information contained in the content of correspondence. Providing this data is voluntary, but necessary to contact us.
The legal basis for the processing of your personal data that you provide by contacting us is Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party”). The “legitimate interest for the processing of your personal data” in this case is the possibility of answering the questions asked, including those regarding the Controller’s activity and offer as well as the possibility of cooperation.
If you are a subscriber to our newsletter, we process your personal data in order to send it to you, with your consent. The newsletter may contain paid promotion, commercial offers, industry information and advertising.
The legal basis for processing your personal data is Article 6 section1 letter a) of the GDPR (i.e., “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”).
You can withdraw your consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal).
The content of correspondence with you may be archived. You have the right to request a history of correspondence that you have conducted with us (if it has been archived), as well as request its removal, unless its archiving is justified due to our overriding interests.
The legal basis for processing your personal data after your contact ends or the contract is terminated is our legitimate interest in archiving correspondence for the purposes of ensuring that you can prove certain facts in the future. So we can process your personal data for the purpose of pursuing and defending against claims pursuant to Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party”).
Cookies allow us to:
In the situation specified in point 1, 2 and 3, we process the information contained in cookies on the basis of Article 6 section 1 letter f) of the GDPR (i.e., "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party"). This legitimate interest is to ensure the proper functioning of the Service, as well as to monitor and analyse traffic and keep statistics of visits to the Service.
In the situation specified in point 4 (in the case of processing your personal data for marketing purposes, i.e. for the purposes of advertising, market research and your behaviour and preferences with the purpose of the results of these studies for the purpose of improving the quality of our services), we process the information contained in cookies on the basis of Article 6 section 1 letter a) of the GDPR (i.e. "the data subject has given consent to the processing of his or her personal data for one or more specific purposes").
You do not have to provide us with information contained in cookies. This can be prevented by deleting cookies and changing cookie settings in your web browser. Opting out of cookies usually applies only to a specific browser - this means that the same actions will have to be taken for any other browser you use on the same or other devices.
You can also use tools that allow you to collectively manage cookie settings and browser plug-ins that allow you to control cookie files. Internet browsers also offer the possibility of using the so-called cookies. "Incognito mode", which allows you to visit websites without saving information about visited websites and downloaded files in the browser history. Cookies created in incognito mode are generally deleted when all windows of this mode are closed.
We run profiles on the following social media:
In connection with running our profiles in social media, we process the personal data of people who visit them. Our social media profiles are used to present information on DYVENIA’s activities. They enable you to follow and interact with DYVENIA and contact us.
As a social media profiles co-administrator, DYVENIA can see statistical information about visits to its profile, e.g., the age of visitors, their reactions, activity and comments. This functionality helps us to select appropriate content for the preferences of users of our social media profiles.
These personal data are processed primarily for the purpose of implementing social media functions, such as liking, following, commenting, etc. Then the legal basis for the processing of this data is the consent of the user of a specific social media app (Article 6 section 1 letter a of the GDPR), expressed implicitly by liking or following our profile, liking or sharing posts, leaving a comment, recommendation, review, etc. You can revoke this consent at any time by deleting your comments, recommendations, reviews, etc., or by unliking, unfollowing etc.
Personal data of people visiting our social media profiles are also processed by us for statistical and analytical purposes. In this regard, the data is processed on the basis of Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for the purposes of the legitimate interests pursued by the administrator”). This legitimate interest is traffic monitoring and analysis as well as keeping statistics of visits to our social media profiles.
In the remaining scope, personal data of people visiting our social media profiles are processed on the basis of Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for the purposes of the legitimate interests pursued by the administrator”). This legitimate interest is also market research, informing social media users about our activities, the willingness to contact people interested in our services, as well as investigating and defending against claims.
The Service contains links to Controller’s social media profiles, thanks to which you can quickly find our pages on these portals. These are the so-called social plug-ins that are activated only after you click them, when your browser connects to a given portal. Then, information is also transferred to this portal, including your personal data. If you are logged in to a given portal by clicking the plug-in, information about visiting our Service may be sent via your account on this portal and this fact may be saved on your account on a given social networking site.
By displaying a page containing such a plug-in, your browser will establish a direct connection with the servers of social network administrators. The content of the plugin is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile with a given service provider or are not currently logged in to it. Such information (often together with your IP address) can be sent by your browser directly to the server of a given service provider and stored there. If you have logged in to one of the social networking sites, this service provider will be able to directly assign a visit to our Website to your profile on a given social networking site.
If you do not want social media to collect data about you through our Service, you should log out of them before visiting our Service. You can also prevent plug-ins from being loaded on the Service completely by using the appropriate extensions for your browser.
We may process the following data:
In our business activities, we use the support of specialized external entities that may or must have access to some of your data – these are, among others, entities providing services in the field of IT, accounting, legal, hosting, mailing system providers, analytical and marketing tools providers, social plug-in providers, as well as our trusted partners and associates.
With your consent, we may share your data with entities related to us. In this case, we will inform you in advance which of our partners would like to contact you and for what purpose.
The data of all users of the Service and persons contacting us are processed in the IT system, partly in the so-called public cloud computing provided by third parties.
Information related to your use of the Service may also be accessed by recipients authorized by law to receive it (e.g., state administration authorities in the event of such a request).
Some of the operations described above involve the transfer of your personal data to the so-called third countries (outside the European Economic Area), where the GDPR does not apply. However, this is always based on the legal instruments provided for in the GDPR, guaranteeing adequate protection of your rights and freedoms.
In the case of the transfer of personal data to a third country within the meaning of the GDPR, when the European Commission has not issued a decision on the adequate protection of personal data for those countries (in accordance with Article 45 of the GDPR), we take appropriate measures to ensure an adequate level of data protection in the event of transfer. These include the European Union’s standard contractual clauses or binding internal data protection regulations. In cases where this is not possible, we base the transfer of data on the exceptions described in Article 49 of the GDPR, in particular express consent or the necessity of the data transfer to fulfil the terms of the contract or to perform pre-contractual activities. The legal basis for data transfers to third countries is therefore, unless otherwise stated, the consent referred to in Article 6 section 1 letter a) of the GDPR in conjunction with Article 49 section 1 letter a) of the GDPR. At the same time, we would like to inform you that in the case of sending data to a third country for which there is no decision on adequate protection of personal data or adequate guarantees, there is a possibility and risk that authorities in the third country in question (for example, intelligence services) will gain access to the transferred data for the purpose of collection and analysis, and that the possibility of enforcing the rights of data subjects cannot be guaranteed.
We will process your personal data for as long as it is necessary for our cooperation. If the limitations period for claims related to our cooperation is longer than the duration of our cooperation, then this longer period shall apply.
We will process your personal data as long as it is necessary for our cooperation with our client. If the limitation period for claims related to our cooperation with our client is longer than the duration of our cooperation with our client, then this longer period shall apply.
Your personal data is processed until the end of the recruitment process related to the position for which you are applying. After this time they are delated, unless you expressed your consent for processing your personal data for the purposes of future recruitment processes. In such case you data will be stored for up to 12 (twelve) months.
Sensitive data that we have received from you without an explicit and separate consent for its processing will be deleted immediately.
In the event when we obtain your personal data from publicly available sources (social media of a business or professional nature, like LinkedIn), we contact you no later than 30 (thirty) days from obtaining the data (in accordance with Article 14 section 3 of the GDPR).
We process personal data collected through our social media profiles based on consent no longer than until it is withdrawn.
If we process your personal data on the basis of the legitimate interest of the administrator, we process them for the time needed to resolve the matter presented by you. Depending on its type, also for the time needed to prove that we have properly conducted it, i.e. for the period of limitation of claims.
Remember that the owners of social media websites (on which we have our profiles as the DYVENIA) may process data for a different period of time indicated in their regulations and privacy policies.
Personal data provided via the means of communication selected by you will be stored no longer than it is necessary to provide a response, and after that time they may be stored only in justified cases for the period necessary to expire claims specified in the relevant regulations.
Processing of personal data of newsletter subscribers lasts until the recipient withdraws consent to subscribe by unsubscribing.
Your personal data related to your visit to our Service will be processed for the duration of your use of the Service, and in justified cases also later for the period necessary for the limitation of claims specified in the relevant regulations.
The processing of your personal data contained in cookies lasts until you disable their use. You can do this by deleting cookies and changing cookie settings in your browser.
Processing of your other personal data based on consent continues until you withdraw your consent.
We make every effort to ensure that you are satisfied with working with us. Please bear in mind, however, that you are entitled to a number of privileges which will allow you to have influence on the manner in which we process your personal data, and in some cases, you may stop such processing.
Please note that in the processing of personal data of users of our social media profiles, we may be joint controllers of your personal data together with the owners of specific social media applications (such as LinkedIn, YouTube and others).
If you are a person to whom the GDPR applies, these rights include:
– the right of access by the data subject (regulated in Article 15 of the GDPR)
Right of access by the data subject
1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
– right to rectification of your data (regulated in Article 16 of the GDPR)
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
– right to erase your data (regulated in Article 17 of the GDPR)
Right to erasure (‘right to be forgotten’)
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
– right to restrict of processing of your data (regulated in Article 18 of the GDPR)
Right to restriction of processing
1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
– right to data portability of your data (regulated in Article 20 of the GDPR)
Right to data portability
1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
– right to object to the processing of your data (regulated in Article 21 of the GDPR)
Right to object
1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
If you are not a person to whom the GDPR applies, these rights include all the rights granted to you under the applicable data protection law in your country.
In order to exercise any of the rights above described, please contact us by sending an e-mail to the address we have first contacted you from, or the address: [email protected]
If you are the person to whom the GDPR applies pursuant to Article 77 of the GDPR you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place where the alleged violation has been committed, if you believe that processing of your personal data violates the provisions of the GDPR.
In Poland (where our company is located), the supervisory body is the President of the Office for Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) – you can make a complaint, among others by traditional mail (address: ul. Stawki 2, 00-913 Warsaw, Poland) or by e-mail ( address: [email protected]), you can also get more detailed information on the website: https://uodo.gov.pl/en
To contact another supervisory authority responsible for the protection of personal data, please visit the website of the European Data Protection Board available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. Some data is also necessary for us to fulfil the obligations arising from the law (tax regulations, accounting regulations). Failure to provide your data will, unfortunately, prevent the conclusion and implementation of the agreement.
We do not conclude any agreement with you, but you must provide us with your personal data necessary to cooperate with our client (probably your employer).
At the time of the recruitment process, we do not conclude any agreement with you. However, in order to participate in the recruitment process you need to provide your personal data at least within the scope resulting from labour law. Provision of other data is voluntary.
We do not conclude any agreement with you at this stage. Some of your details (e.g., your e-mail address) may be necessary for us to operate the Service properly or to answer your questions.
Your provision of personal data to subscribe to our newsletter is completely voluntary, but necessary if you wish to receive regular information about our activities in electronic form.
Visiting our profiles on social media is voluntary, as is leaving comments, likes, opinions and other reactions. However, if you decide to visit our social media profiles, the data for the purposes of statistics may be partially collected automatically.
You do not have to provide us with information contained in cookies. You can prevent this by deleting cookies and changing cookie settings in your web browser. Detailed information on the possibilities and ways of handling cookies are available in the browser settings. However, that changing the cookie settings in such a way that the possibility of using the information contained in them will be blocked may cause difficulties in using the Service and other websites.
We obtain your personal data directly from you.
We obtain your data from our clients or directly from you.
The recruitment process may be initiated in several different ways.
One possibility is that you have contacted us on your own via Service, e-mail, social media or in a different way. You could also send your application in response to one of our job advertisements. In such case we may still examine your profile on social media of business or professional nature or your organisation’s website in order to verify your experience, specialization and usefulness for a specific job position.
Another way is that we found you on our own and get in touch directly. This may happen if we for example browse on our own through public profiles on social media of business or professional nature or in case where somebody directly recommended you. At this point you do not know yet that we are processing your data, but we have to do this, otherwise we would not be able to judge whether you might be interested in a given position and we would not be able to contact you.
Sometimes we may use the services of entities that, as part of their activities, professionally conduct recruitment processes and search for talents on the labour market. In this case, a recruitment company will first contact you on our behalf, and your candidacy will be presented to us at a later stage.
Personal data of people visiting our profiles in social media, including collective statistics based on the data of these people, are obtained from the owner of a specific social media application. We obtain personal data contained in private messages, reviews, recommendations, comments, etc. directly from people who interact with us through our social media profiles.
We do not make decisions solely based on automated processing of your personal data, including profiling, within the meaning of the GDPR.