On 25 May 2018, the new data protection regulations (RODO) came into force. So we want to explain what this means for you in practice.
The security of your data is a priority for us, which is why we make every effort to process it in a secure yet transparent way for you. We have introduced a separate data protection policy for this purpose.
The idea of this policy is to present you with full rights you have in connection with new personal data protection regulations and duties we have to fulfill towards you on the grounds of i.a. article 13 of RODO (so called Information Obligation).
at the beginning we would like to explain to you what RODO really is:
RODO, is nothing but an abbreviation for the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. So whenever we use this acronym, we will be referring to this particular piece of legislation.
2. Personal data controller
The Administrator of the data, i.e. the entity that decides on the purpose and the way your data will be processed, is Mrs. Kaja Stefaniak conducting business activity under the name Let’s hire Kaja Stefaniak, with the registered seat in Kraków, 32G/18 Przewóz Street, 30-716 Kraków, registered in the Central Register of Business Activity and Information under the following TIN: 6793208051, REGON: 387481293.
3. We process your data for the following purposes:
a) for the purpose of recruiting and finding candidates who meet the requirements set by Let’s hire’s client, who is the future employer – on the basis of Article 6(1)(f) of the RODO; (includes data collected not directly from the candidate but through publicly available information)
b) for the purpose of recruitment, including future recruitment, where the data was provided directly by the candidate through voluntary submission of his/her data – on the basis of Article 6(1)(a) of the RODO;
c) in order to share the data of selected candidates meeting the requirements of a given recruitment with Let’s hire’s client, being the future employer in the scope of the conducted recruitment – on the basis of Article 6(1)(a) of the RODO;
d) for the purpose of undertaking discussions on entering into cooperation with the Administrator and presenting its offer, for marketing purposes – on the basis of Article 6(1)(a) of the RODO;
e) in order to comply with the Administrator’s obligations arising from the law, e.g. tax obligations – on the basis of Article 6(1)(c) of the RODO;
f) for contact purposes in order to reply to a message sent to us directly by e-mail or via a form on the basis of the Administrator’s legitimate interest in responding – Article 6(1)(f) of the RODO;
g) for the purpose of entering into a contract and its performance with customers and cooperating entities (basis of Article 6(1)(b) of the RODO);
h) for the purpose of sending commercial information or marketing by e-mail on the basis of your consent – if given (basis of Article 6(1)(a) of the RODO);
i) for archival (evidential) purposes to secure information in the event of a legal need to prove the facts, which is our legitimate interest (basis of Article 6.1.f RODO in conjunction with Article 7.paragraphs 1 and 3 RODO);
j) w celu ewentualnego ustalenia, dochodzenia lub obrony przed roszczeniami, co jest naszym prawnie uzasadnionym interesem (podstawa z art. 6 ust. 1 lit. f RODO);
k) in order for us to offer you services directly (direct marketing, which is our legitimate interest (basis of Article 6(1)(f) of the RODO);
l) to fulfil a legal obligation of the Administrator (Article 6(1)(c) of the RODO), e.g. for accounting and tax reasons.
4. Legal basis for processing personal data
The Administrator processes your personal data on the basis of the following provisions: Article 6(1)(a) RODO, Article 6(1)(b) RODO, Article 6(1)(c) RODO, Article 6(1)(f) RODO.
5. Information about recipients of personal data:
We care about the confidentiality of your data. We will also be able to share your data with entities with whom we have entered into an entrustment agreement on the basis of Article 28 RODO.
In particular, we may entrust data to technology providers (ICT service providers). If you would like more detailed information on the scope of services provided by data processors, you can always contact the Data Protection Officer or another employee of the Controller for this purpose.
We will also be able to make your personal data available to entities who are customers of the Administrator, who will be potential employers for a selected pool of candidates at further stages of the recruitment process. Your data will be shared with other entities cooperating with us in order to ensure continuity of our operations, but also with insurance companies, banks or electronic payment services. Your data may also be disclosed to companies operating in the field of legal and debt collection services, i.e. law offices, debt collection agencies, etc., when we need to pursue our claims.
6. Your personal data will not be transferred to a third country.
7. Retention period or how long will we process your personal data?
We will process your data for no longer than necessary.
- For accounting and tax purposes, we will process your personal data for as long as we are legally obliged to do so. Based on current regulations this is a period of 5 years calculated from the end of the calendar year in which the tax obligation arose;
- If we process personal data for the purpose of pursuing claims (including in court proceedings) we will be able to process it for this purpose for the period of the statute of limitations under the Civil Code;
- If you have given us your consent to process your personal data, whether for marketing purposes, image dissemination and in many other cases when we ask for your consent, then we will process it until you revoke your consent;
- Once the original purpose for which your data was collected has been fulfilled (e.g. performance of a contract, processing is necessary for the performance of a contract), your data will̨ be processed for archival purposes for a period in accordance with our applicable archival regulations and for the period necessary to defend against claims made against us under generally applicable laws, taking into account the periods of limitation for claimś set forth in generally applicable laws.
8. We inform you that you have:
- The right to access the content of your personal data and to receive a copy of it;
- The right to rectify (amend) your data;
- The right to erasure – if you believe that there is no basis for us to process the data, you may request that we erase it;
- The right to restrict processing – you may request that we restrict the processing of your personal data only to storing it or carrying out activities agreed upon with you, if in your opinion we have incorrect data about you or are processing it unfoundedly; or you do not want us to delete it because it is needed to establish, assert or defend a claim; or for the duration of an objection raised against the processing;
- The right to object to the processing of data – “marketing” objection. You have the right to object to the processing of your data for direct marketing purposes. If you exercise this right – we will stop processing your data for this purpose.
- The right to object on the basis of a particular situation. You also have the right to object to the processing of your data on the basis of legitimate interests for purposes other than direct marketing. You should then point out to us the specific situation which you believe justifies us ceasing the processing covered by the objection. We will cease processing your data for these purposes unless you demonstrate that the grounds for our processing override your rights, or that your data are necessary for us to establish, assert or defend our claims;
- Right to data portability – you have the right to receive from us in a structured, commonly used, machine-readable format the personal data concerning you that we hold under contract or your consent. You may also instruct us to send this data directly to another entity;
- The right to make a complaint to the supervisory authority – if you believe that we are processing your data unlawfully, you may lodge a complaint with the President of the Office for Personal Data Protection or other competent supervisory authority;
- Right to withdraw consent to the processing of personal data – at any time you may withdraw your consent to the processing of those personal data which we process on the basis of your consent. Withdrawal of consent will not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.
To exercise your rights, please direct your request via:
- email at: firstname.lastname@example.org ;
- phone: 48 533-356-215;
- by mail at the address: Przewóz 32G/18 Street, 30-716 Kraków.
Please note that before we can exercise your rights, we will need to ensure that you are you, which means we will need to identify you appropriately.
9. Furthermore, we inform you that in relation to personal data processed on the basis of your consent – you have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent does not affect the legality of processing, which was performed on the basis of consent before its withdrawal. The withdrawal of consent may be made in the same form in which the consent was given.
10. The provision of data is voluntary, but often necessary to enter into a contract with us, to use our services or simply to contact us. However, if we want to provide you with additional services, e.g. marketing of services by e-mail or telephone, we will always ask for your consent. If you do not give your consent to marketing, it does not affect the conclusion of the contract for the provision of services. We treat your consent as a free, informed, unequivocal statement of intent which can be withdrawn at any time.
11. Your personal data will be processed by automated means. This is because we process them both on paper and many times in IT systems. However, this does not involve automated decision-making including profiling.