Privacy Policy

dyvenia team
June 4, 2023

1. WHO WE ARE AND HOW TO FIND US

The controller of your personal data is DYVENIA spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków (address: ul. Józefa Sarego 26/14, 31-047 Kraków, Poland), entered into the registry of entrepreneurs of the National Court Register under the number: 0000914084, having Tax Identification Number: 6762600902 and Statistical Number: 389555481 (hereinafter referred to as: „DYVENIA” or “We” or “Controller”).

In all matters regarding the protection of personal data, you can contact the Controller by e-mail: [email protected]

This privacy policy applies to the processing of your personal data by us in relation to:

  1. your visit to our website available at the address: www.dyvenia.com (hereinafter referred to as the “Service”),
  2. our cooperation with you as our client,
  3. our cooperation with you as an employee of our client,
  4. conducted recruitment processes,
  5. your contact with us in any way,
  6. your visits to our social media profiles,
  7. our use of cookies.

2. HOW AND WHY WE PROCESS YOUR DATA

VISITORS OF OUR SERVICE

We can process data of each user characterizes how the user uses our Service (these are so-called operating data). 

This processing includes an automatic reading of a unique identifier that identifies the end of the telecommunications network or IT system you use (i.e. your IP address), the date and time of the server, information about the technical parameters of the software and the device you use (e.g. whether you use your laptop or phone for browsing our site and the place from which you connect to our server. We may use this information for market research purposes and to improve the performance of the Service. The data stored in the server logs is not associated with specific people using the website. The server logs are the only auxiliary material used to administer the Service.

This data is processed on the basis of Article 6 section 1 letter f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, (hereinafter referred to as: the “GDPR”), (i.e., “processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party”). This legitimate interest is to enable the diagnosis of errors in the Service and the improvement of its quality.

OUR CLIENTS

If you are our client, we process your personal data to fulfil the contract with you and to fulfil our legal obligations as well tax obligations.

The legal basis for the processing of your data is Article 6 section 1 letter b) of the GDPR (i.e., “processing is necessary for the performance of the contract with the party to which are related the data, or to take action at the request of that party before concluding the agreement”) and Article 6 section 1 letter c) of the GDPR (i.e., “processing is necessary to fulfil the legal obligation of the controller”).

EMPLOYEES OF OUR CLIENTS

We process your data to fulfil the contract with our client. The legal basis for these activities is Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for purposes arising from legitimate interests pursued by the controller or by a third party”).

We assume in good faith that our client has informed you about the disclosure of your data to us and the purpose of their processing. We believe that by processing your data in the manner described here, we do not do it for other purposes than those in which our client has obtained it from you. 

CANDIDATES (PARTICIPATING IN RECRUITMENT PROCESS)

We process your personal data in order to ensure your participation in the recruitment process.

We may process your data in order to:

  1. contact you and conduct the recruitment process,
  2. evaluate your qualifications for work at the position you are applying for,
  3. evaluate your abilities and skills necessary to work at the position you are applying for,
  4. ensure your participation in future recruitment processes.

We may process the following data of job applicants:

  1. name and last name, date of birth, contact details indicated by the candidate,
  2. education, professional qualifications, employment history,
  3. other personal data contained in your application documents such as CV, motivation letter, letter of reference or others,
  4. personal data made publicly available on business or professional social media,
  5. other personal data acquired during an interview to the extent permitted by law.

Personal data of job applicants indicated in point 2 above may be asked for only when required to perform work of a specific type or in a specific position. At DYVENIA, we need to analyze your education, professional qualifications and employment history to understand if you will be able to perform your future responsibilities successfully. 

We may ask for other data than those mentioned in points 1 – 2 above only if it is necessary to exercise rights or to fulfil an obligation arising from the law provision. However, they still can be processed under your consent. 

The legal basis for the processing of your personal data is:

  1. in relation to personal data mentioned under points 1 -2 above – a provision of law and the necessity of processing to take steps at your request prior to entering into a contract (Article 6 section 1 point b) the GDPR),
  2. in relation to personal data mentioned under point 3 above (not applicable to personal data relating to criminal convictions and offences should you include them in your application documents) – your consent (Article 6 section 1 point a) of the GDPR). You can withdraw your consent at any time by contacting us. Note that such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal,
  3. in relation to personal data mentioned under point 4 above – the necessity of processing for the purposes of pursuing our legitimate interests (Article 6 section 1 point f) of the GDPR). We have a legitimate interest in actively searching for potential job candidates by looking through their publicly available profiles on business or professional social media, otherwise we would not be able to judge whether you might be interested in a given position,
  4. in relation to personal data mentioned under point 5 above – the necessity of processing for the purposes of pursuing our legitimate interests (Article 6 section 1 point f) of the GDPR). We have a legitimate interest in verifying your skills and abilities – it is necessary to assess whether you are the right person for the position we are recruiting for.

If the data you provide to us includes sensitive data, we will process it only on the basis of your express and separate consent. The consent may be withdraw at any time by contacting us. Note that such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In the absence of the consent data will be deleted immediately.

If you give your consent to this, DYVENIA will also store and process your personal data for the purposes of future recruitment processes. You can withdraw your consent at any time by contacting us. 

CONTACT WITH THE CONTROLLER

By contacting us, you provide us with your personal data, including information contained in the content of correspondence. Providing this data is voluntary, but necessary to contact us.

The legal basis for the processing of your personal data that you provide by contacting us is Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party”). The “legitimate interest for the processing of your personal data” in this case is the possibility of answering the questions asked, including those regarding the Controller’s activity and offer as well as the possibility of cooperation. 

NEWSLETTER

If you are a subscriber to our newsletter, we process your personal data in order to send it to you, with your consent. The newsletter may contain paid promotion, commercial offers, industry information and advertising.

The legal basis for processing your personal data is Article 6 section1 letter a) of the GDPR (i.e., “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”).

You can withdraw your consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal).

PURSUING OF CLAIMS

The content of correspondence with you may be archived. You have the right to request a history of correspondence that you have conducted with us (if it has been archived), as well as request its removal, unless its archiving is justified due to our overriding interests.

The legal basis for processing your personal data after your contact ends or the contract is terminated is our legitimate interest in archiving correspondence for the purposes of ensuring that you can prove certain facts in the future. So we can process your personal data for the purpose of pursuing and defending against claims pursuant to Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party”).

COOKIES

Like almost all websites and applications, we use cookies. Cookies are small text information stored on your end device (e.g., computer, tablet, smartphone), which can be read by our ICT system.

Cookies allow us to:

  1. ensure the proper functioning of the Service,
  2. improve the speed and security of using the Service,
  3. use analytical tools,
  4. use marketing tools.

We use cookies on the basis of your consent, except when cookies are necessary for the proper provision of electronic services to you.

In the situation specified in point 1, 2 and 3, we process the information contained in cookies on the basis of Article 6 section 1 letter f) of the GDPR (i.e., "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party"). This legitimate interest is to ensure the proper functioning of the Service, as well as to monitor and analyse traffic and keep statistics of visits to the Service.

In the situation specified in point 4 (in the case of processing your personal data for marketing purposes, i.e. for the purposes of advertising, market research and your behaviour and preferences with the purpose of the results of these studies for the purpose of improving the quality of our services), we process the information contained in cookies on the basis of Article 6 section 1 letter a) of the GDPR (i.e. "the data subject has given consent to the processing of his or her personal data for one or more specific purposes").

During your first visit to the Service, you are shown information on the use of cookies. Accepting this information means that you consent to the use of cookies in accordance with the provisions of this privacy policy for all purposes described above. You can always withdraw your consent (without affecting the legality of processing before withdrawing consent) by deleting cookies and changing cookie settings in your browser.

You do not have to provide us with information contained in cookies. This can be prevented by deleting cookies and changing cookie settings in your web browser. Opting out of cookies usually applies only to a specific browser - this means that the same actions will have to be taken for any other browser you use on the same or other devices.

You can also use tools that allow you to collectively manage cookie settings and browser plug-ins that allow you to control cookie files. Internet browsers also offer the possibility of using the so-called cookies. "Incognito mode", which allows you to visit websites without saving information about visited websites and downloaded files in the browser history. Cookies created in incognito mode are generally deleted when all windows of this mode are closed.

However, disabling cookies may cause difficulties in using the service and many other websites that use cookies.

CONTROLLER’S SOCIAL MEDIA PROFILES

We run profiles on the following social media: 

  1. LinkedIn: https://www.linkedin.com/company/dyvenia/
  2. YouTube: https://www.youtube.com/channel/UCE9Co7lHG1Oxyv1SnZTxGZw 

In connection with running our profiles in social media, we process the personal data of people who visit them. Our social media profiles are used to present information on DYVENIA’s activities. They enable you to follow and interact with DYVENIA and contact us.

As a social media profiles co-administrator, DYVENIA can see statistical information about visits to its profile, e.g., the age of visitors, their reactions, activity and comments. This functionality helps us to select appropriate content for the preferences of users of our social media profiles.

These personal data are processed primarily for the purpose of implementing social media functions, such as liking, following, commenting, etc. Then the legal basis for the processing of this data is the consent of the user of a specific social media app (Article 6 section 1 letter a of the GDPR), expressed implicitly by liking or following our profile, liking or sharing posts, leaving a comment, recommendation, review, etc. You can revoke this consent at any time by deleting your comments, recommendations, reviews, etc., or by unliking, unfollowing etc.

Personal data of people visiting our social media profiles are also processed by us for statistical and analytical purposes. In this regard, the data is processed on the basis of Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for the purposes of the legitimate interests pursued by the administrator”). This legitimate interest is traffic monitoring and analysis as well as keeping statistics of visits to our social media profiles.

In the remaining scope, personal data of people visiting our social media profiles are processed on the basis of Article 6 section 1 letter f) of the GDPR (i.e., “processing is necessary for the purposes of the legitimate interests pursued by the administrator”). This legitimate interest is also market research, informing social media users about our activities, the willingness to contact people interested in our services, as well as investigating and defending against claims.

For information on the purposes and scope of personal data collection, further processing and use of them by LinkedIn and YouTube, as well as information on your rights and the possibility of changing settings for privacy protection, please refer to the relevant privacy policy of the following services: 

  1. LinkedIn: https://www.linkedin.com/legal/privacy-policy 
  2. YouTube: https://policies.google.com/privacy?hl=pl-PL 

and https://support.google.com/youtube/answer/10364219?hl=en

LINKS TO CONTROLLER’S PROFILES IN SOCIAL MEDIA

The Service contains links to Controller’s social media profiles, thanks to which you can quickly find our pages on these portals. These are the so-called social plug-ins that are activated only after you click them, when your browser connects to a given portal. Then, information is also transferred to this portal, including your personal data. If you are logged in to a given portal by clicking the plug-in, information about visiting our Service may be sent via your account on this portal and this fact may be saved on your account on a given social networking site.

By displaying a page containing such a plug-in, your browser will establish a direct connection with the servers of social network administrators. The content of the plugin is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile with a given service provider or are not currently logged in to it. Such information (often together with your IP address) can be sent by your browser directly to the server of a given service provider and stored there. If you have logged in to one of the social networking sites, this service provider will be able to directly assign a visit to our Website to your profile on a given social networking site.

If you do not want social media to collect data about you through our Service, you should log out of them before visiting our Service. You can also prevent plug-ins from being loaded on the Service completely by using the appropriate extensions for your browser.

3. WHAT PERSONAL DATA WE PROCESS

We may process the following data:

VISITORS OF OUR SERVICE

  1. device IP address,
  2. device screen resolution,
  3. device type (unique device identifiers), operating system and browser type,
  4. geographic location (country only),
  5. preferred language (device interface language),
  6. mouse events (movements, location and clicks),
  7. keystrokes,
  8. referring URL and domain,
  9. pages visited,
  10. server date and time,
  11. location of the terminal device from which the user connects to the service,
  12. UTM tags, determining from which network location the user arrived,
  13. online identifiers, including cookie IDs, web protocol addresses, and device identifiers.

OUR CLIENTS

  1. company name,
  2. e-mail address,
  3. phone number,
  4. address of business activity,
  5. identification data of the entrepreneur,
  6. Tax Identification Number,
  7. Statistical Number,
  8. billing information and payment details,
  9. history of transactions,
  10. history of correspondence (including by e-mail),
  11. data included in concluded contracts.

EMPLOYEES OF OUR CLIENTS

  1. name and last name,
  2. position in the company,
  3. phone number,
  4. e-mail address.

CANDIDATES

  1. name and last name,
  2. date of birth,
  3. contact details (e.g., correspondence address, e-mail address, phone number),
  4. education,
  5. professional qualifications,
  6. employment history,
  7. other personal data contained in your application documents such as CV (e.g., your image), motivation letter, letter of reference or others,
  8. qualification test results,
  9. personal data made publicly available on business or professional social media (LinkedIn, candidate’s organisation’s website),
  10. other personal data acquired during an interview to the extent permitted by law,
  11. other data that may be included by the sender in the content of the message and in the documents attached to it or provided during a phone conversation.

OUR SOCIAL MEDIA USERS

  1. name and last name (or username),
  2. publicly available data contained in the individual user profile,
  3. contact details contained in the user’s profile on a specific social media (e.g., e-mail address, phone number, website addresses or addresses of personal profiles in other social media),
  4. data that may be included in a private message, reviews, ratings, recommendations, comments, and other user reactions available on a specific social media app,
  5. personal data of users participating in competitions and marketing, promotional, information or networking campaigns organized by us via social media.

NEWSLETTER SUBSCRIBERS

  1. e-mail address,
  2. information about how the subscriber responded to the newsletter sent (including whether and when the newsletter e-mail was read).

PEOPLE WHO CONTACT US

  1. name and last name,
  2. e-mail address,
  3. other data that may be included by the sender in the content of the message and in the documents attached to it.

TO WHOM WE DISCLOSE YOUR PERSONAL DATA

In our business activities, we use the support of specialized external entities that may or must have access to some of your data – these are, among others, entities providing services in the field of IT, accounting, legal, hosting, mailing system providers, analytical and marketing tools providers, social plug-in providers, as well as our trusted partners and associates.

With your consent, we may share your data with entities related to us. In this case, we will inform you in advance which of our partners would like to contact you and for what purpose.

The data of all users of the Service and persons contacting us are processed in the IT system, partly in the so-called public cloud computing provided by third parties.

Information related to your use of the Service may also be accessed by recipients authorized by law to receive it (e.g., state administration authorities in the event of such a request).

Some of the operations described above involve the transfer of your personal data to the so-called third countries (outside the European Economic Area), where the GDPR does not apply. However, this is always based on the legal instruments provided for in the GDPR, guaranteeing adequate protection of your rights and freedoms.

In the case of the transfer of personal data to a third country within the meaning of the GDPR, when the European Commission has not issued a decision on the adequate protection of personal data for those countries (in accordance with Article 45 of the GDPR), we take appropriate measures to ensure an adequate level of data protection in the event of transfer. These include the European Union’s standard contractual clauses or binding internal data protection regulations. In cases where this is not possible, we base the transfer of data on the exceptions described in Article 49 of the GDPR, in particular express consent or the necessity of the data transfer to fulfil the terms of the contract or to perform pre-contractual activities. The legal basis for data transfers to third countries is therefore, unless otherwise stated, the consent referred to in Article 6 section 1 letter a) of the GDPR in conjunction with Article 49 section 1 letter a) of the GDPR. At the same time, we would like to inform you that in the case of sending data to a third country for which there is no decision on adequate protection of personal data or adequate guarantees, there is a possibility and risk that authorities in the third country in question (for example, intelligence services) will gain access to the transferred data for the purpose of collection and analysis, and that the possibility of enforcing the rights of data subjects cannot be guaranteed.

5. HOW LONG WE PROCESS YOUR PERSONAL DATA

OUR CLIENTS

We will process your personal data for as long as it is necessary for our cooperation. If the limitations period for claims related to our cooperation is longer than the duration of our cooperation, then this longer period shall apply. 

EMPLOYEES OF OUR CLIENTS

We will process your personal data as long as it is necessary for our cooperation with our client. If the limitation period for claims related to our cooperation with our client is longer than the duration of our cooperation with our client, then this longer period shall apply.

CANDIDATES

Your personal data is processed until the end of the recruitment process related to the position for which you are applying. After this time they are delated, unless you expressed your consent for processing your personal data for the purposes of future recruitment processes. In such case you data will be stored for up to 12 (twelve) months. 

Sensitive data that we have received from you without an explicit and separate consent for its processing will be deleted immediately.

In the event when we obtain your personal data from publicly available sources (social media of a business or professional nature, like LinkedIn), we contact you no later than 30 (thirty) days from obtaining the data (in accordance with Article 14 section 3 of the GDPR).

OUR SOCIAL MEDIA USERS

We process personal data collected through our social media profiles based on consent no longer than until it is withdrawn.

If we process your personal data on the basis of the legitimate interest of the administrator, we process them for the time needed to resolve the matter presented by you. Depending on its type, also for the time needed to prove that we have properly conducted it, i.e. for the period of limitation of claims.

Remember that the owners of social media websites (on which we have our profiles as the DYVENIA) may process data for a different period of time indicated in their regulations and privacy policies.

CONTACT

Personal data provided via the means of communication selected by you will be stored no longer than it is necessary to provide a response, and after that time they may be stored only in justified cases for the period necessary to expire claims specified in the relevant regulations.

NEWSLETTER

Processing of personal data of newsletter subscribers lasts until the recipient withdraws consent to subscribe by unsubscribing. 

VISITORS OF OUR SERVICE

Your personal data related to your visit to our Service will be processed for the duration of your use of the Service, and in justified cases also later for the period necessary for the limitation of claims specified in the relevant regulations.

COOKIES

The processing of your personal data contained in cookies lasts until you disable their use. You can do this by deleting cookies and changing cookie settings in your browser.

OTHERS

Processing of your other personal data based on consent continues until you withdraw your consent.

6. HOW DO WE ENABLE YOU TO REALIZE YOUR RIGHTS

We make every effort to ensure that you are satisfied with working with us. Please bear in mind, however, that you are entitled to a number of privileges which will allow you to have influence on the manner in which we process your personal data, and in some cases, you may stop such processing. 

Please note that in the processing of personal data of users of our social media profiles, we may be joint controllers of your personal data together with the owners of specific social media applications (such as LinkedIn, YouTube and others). 

If you are a person to whom the GDPR applies, these rights include:

– the right of access by the data subject (regulated in Article 15 of the GDPR)

ARTICLE 15

Right of access by the data subject

1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • a) the purposes of the processing;
  • b) the categories of personal data concerned;
  • c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • f) the right to lodge a complaint with a supervisory authority;
  • g) where the personal data are not collected from the data subject, any available information as to their source;
  • h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

– right to rectification of your data (regulated in Article 16 of the GDPR)

ARTICLE 16

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

– right to erase your data (regulated in Article 17 of the GDPR)

ARTICLE 17

Right to erasure (‘right to be forgotten’)

1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  • c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  • d) the personal data have been unlawfully processed;
  • e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

  • a) for exercising the right of freedom of expression and information;
  • b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
  • d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • e) for the establishment, exercise or defence of legal claims.

– right to restrict of processing of your data (regulated in Article 18 of the GDPR)

ARTICLE 18

Right to restriction of processing

1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

– right to data portability of your data (regulated in Article 20 of the GDPR)

ARTICLE 20

Right to data portability

1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  • b) the processing is carried out by automated means.

2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

– right to object to the processing of your data (regulated in Article 21 of the GDPR)

ARTICLE 21

Right to object

1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.  

2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.

5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

If you are not a person to whom the GDPR applies, these rights include all the rights granted to you under the applicable data protection law in your country.

In order to exercise any of the rights above described, please contact us by sending an e-mail to the address we have first contacted you from, or the address: [email protected]

7. COMPLAINT TO THE SUPERVISORY AUTHORITY

If you are the person to whom the GDPR applies pursuant to Article 77 of the GDPR you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place where the alleged violation has been committed, if you believe that processing of your personal data violates the provisions of the GDPR. 

In Poland (where our company is located), the supervisory body is the President of the Office for Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) – you can make a complaint, among others by traditional mail (address: ul. Stawki 2, 00-913 Warsaw, Poland) or by e-mail ( address: [email protected]), you can also get more detailed information on the website: https://uodo.gov.pl/en

To contact another supervisory authority responsible for the protection of personal data, please visit the website of the European Data Protection Board available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

8. IS SUBMITTING PERSONAL DATA NECESSARY FOR CONCLUDING AN AGREEMENT WITH US

OUR CLIENTS

We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. Some data is also necessary for us to fulfil the obligations arising from the law (tax regulations, accounting regulations). Failure to provide your data will, unfortunately, prevent the conclusion and implementation of the agreement.

EMPLOYEES OF OUR CLIENTS

We do not conclude any agreement with you, but you must provide us with your personal data necessary to cooperate with our client (probably your employer).

CANDIDATES

At the time of the recruitment process, we do not conclude any agreement with you. However, in order to participate in the recruitment process you need to provide your personal data at least within the scope resulting from labour law. Provision of other data is voluntary.

VISITORS OF OUR SERVICE / CONTACT

We do not conclude any agreement with you at this stage. Some of your details (e.g., your e-mail address) may be necessary for us to operate the Service properly or to answer your questions.

NEWSLETTER

Your provision of personal data to subscribe to our newsletter is completely voluntary, but necessary if you wish to receive regular information about our activities in electronic form.

OUR SOCIAL MEDIA USERS

Visiting our profiles on social media is voluntary, as is leaving comments, likes, opinions and other reactions. However, if you decide to visit our social media profiles, the data for the purposes of statistics may be partially collected automatically.

COOKIES

You do not have to provide us with information contained in cookies. You can prevent this by deleting cookies and changing cookie settings in your web browser. Detailed information on the possibilities and ways of handling cookies are available in the browser settings. However, that changing the cookie settings in such a way that the possibility of using the information contained in them will be blocked may cause difficulties in using the Service and other websites.

9. HOW DO WE OBTAIN YOUR PERSONAL DATA

OUR CLIENTS / VISITORS OF OUR SERVICE / PEOPLE WHO CONTACT US

We obtain your personal data directly from you. 

EMPLOYEES OF OUR CLIENTS

We obtain your data from our clients or directly from you.

CANDIDATES

The recruitment process may be initiated in several different ways. 

One possibility is that you have contacted us on your own via Service, e-mail, social media or in a different way. You could also send your application in response to one of our job advertisements. In such case we may still examine your profile on social media of business or professional nature or your organisation’s website in order to verify your experience, specialization and usefulness for a specific job position. 

Another way is that we found you on our own and get in touch directly. This may happen if we for example browse on our own through public profiles on social media of business or professional nature or in case where somebody directly recommended you. At this point you do not know yet that we are processing your data, but we have to do this, otherwise we would not be able to judge whether you might be interested in a given position and we would not be able to contact you.

Sometimes we may use the services of entities that, as part of their activities, professionally conduct recruitment processes and search for talents on the labour market. In this case, a recruitment company will first contact you on our behalf, and your candidacy will be presented to us at a later stage.

OUR SOCIAL MEDIA USERS

Personal data of people visiting our profiles in social media, including collective statistics based on the data of these people, are obtained from the owner of a specific social media application. We obtain personal data contained in private messages, reviews, recommendations, comments, etc. directly from people who interact with us through our social media profiles.

10. AUTOMATED DECISION-MAKING, PROFILING

We do not make decisions solely based on automated processing of your personal data, including profiling, within the meaning of the GDPR.

Let’s Talk Solutions
Scaling with data intelligence
We care about the protection of your data. Read our Privacy Policy.
crossmenu