Email us

info@ntiative.com

High Performing IT Recruitment

IT Salary in Poland

Check the Live Updates

M
Ntiative High Performing IT Recruitment
GENERAL PRIVACY POLICY
Job Applicants Policy

GENERAL PRIVACY POLICY

  1. Who are we and how to find us

The controller of your personal data is NTIATIVE spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków (address: ul. Józefa Sarego 26/17, 31-047 Kraków), entered into the registry of entrepreneurs of the National Court Register under the number: 0000741505, having Tax Identification Number (NIP): 6762552563 and Statistical Number (REGON): 380825401 (hereinafter referred to as: „NTIATIVE” or “We”). You can contact us by phone: +48 694 082 851, and also via e-mail to the address: info@ntiative.com

This privacy policy applies to the processing of your personal data by us in relation to:

  1. our cooperation with you as our Client or Supplier,
  2. our cooperation with you as an employee of our Client or Supplier,
  3. your visit to our website is available at the address: www.ntiative.com (hereinafter referred to as the “Service”),
  4. your contact with us in any way,
  5. our directing of advertising messages to you as our potential Client,
  6. your visits to our social media profiles and your actions taken there,
  7. our use of cookies.

 

  1. How and why we process your personal data

NTIATIVE provides permanent, temporary and interim recruitment services to clients seeking to recruit professional staff across a range of specialist areas.

VISITORS OF OUR SERVICE

We process data of each user characterizes how the user uses our Service (these are so-called operating data).

This processing includes an automatic reading of a unique identifier that identifies the end of the telecommunications network or IT system you use (i.e. your IP address), the date and time of the server, information about the technical parameters of the software and the device you use (e.g. whether you use your laptop or phone for browsing our site and the place from which you connect to our server. We may use this information for market research purposes and to improve the performance of the Service. The data stored in the server logs is not associated with specific people using the website. The server logs are the only auxiliary material used to administer the Service.

This data is processed on the basis of Article 6 section 1 letter f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as: the “GDPR”), (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). This legitimate interest is to enable the diagnosis of errors in the Service and the improvement of its quality.

OUR CLIENTS & SUPPLIERS

If you are our Client or Suppliers, we process your personal data to fulfil the contract with you and to fulfil our legal obligations as well tax obligations.

The legal basis for the processing of your data is Article 6 section 1 letter b) of the GDPR (processing is necessary for the performance of the contract with the party to which are related the data, or to take action at the request of that party before concluding the agreement) and Article 6 section 1 letter c) of the GDPR (processing is necessary to fulfil the legal obligation of the controller).

EMPLOYESS OF OUR CLIENTS & SUPPLIERS

We process your data to fulfil the contract with our Client or Suppliers. The legal basis for these activities is Article 6 section 1 letter f) of the GDPR (processing is necessary for purposes arising from legitimate interests pursued by the controller or by a third party).

We assume in good faith that our Client or Suppliers has informed you about the disclosure of your data to us and the purpose of their processing. We believe that by processing your data in the manner described here, we do not do it for other purposes than those in which our Client or Suppliers has obtained it from you.

OUR SOCIAL MEDIA USERS 

In connection with running our profiles in social media, we process the personal data of people who visit them.

Our social media profiles are used to present information on NTIATIVE’s activities. They enable you to follow and interact with NTIATIVE and contact us.

As a social media profiles co-administrator, NTIATIVE can see statistical information about visits to its profile, e.g. the age of visitors, their reactions, activity and comments. This functionality helps us to select appropriate content for the preferences of users of our social media profiles.

These personal data are processed primarily for the purpose of implementing social media functions, such as liking, following, commenting, etc. Then the legal basis for the processing of this data is the consent of the user of a specific social media app (Article 6 (1) (a) of the GDPR), expressed implicitly by liking or following our profile, liking or sharing posts, leaving a comment, recommendation, review, etc. You can revoke this consent at any time by deleting your comments, recommendations, reviews, etc., or by unliking, unfollowing etc.

Personal data of people visiting our social media profiles are also processed by us for statistical and analytical purposes. In this regard, the data is processed on the basis of art. 6 sec. 1 letter f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the administrator). This legitimate interest is traffic monitoring and analysis as well as keeping statistics of visits to our social media profiles.

In the remaining scope, personal data of people visiting our social media profiles are processed on the basis of art. 6 sec. 1 letter f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the administrator). This legitimate interest is also market research, informing social media users about our activities, the willingness to contact people interested in our services, as well as investigating and defending against potential claims.

CONTACT 

By contacting us, you provide us with your personal data, including those contained in the content of the correspondence, in particular the e-mail address, name and surname. Providing this data is voluntary, but necessary to contact us.

The legal basis for the processing of your personal data that you provide by contacting us is Article 6 section 1 letter f) of the GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). The “legitimate interest for the processing of your personal data” in this case is possibility for us to contact with Service users and answer questions asked by persons interested in the operation of the Service.

POTENTIAL CLIENTS & DIRECT MARKETING

If we think we can help you with our services, we process your personal data for marketing purposes.

Therefore, processing is necessary for the purposes of legitimate interests pursued by the controller of personal data, that is us (Article 6 section 1 letter f) of the GDPR). In case that we purchased your personal data from a database provider, we make sure that it has been collected by such provider for direct marketing purposes and with your consent. This being so, we are not obliged to ascertain whether processing for another purpose is compatible with the purpose for which the personal data have initially been collected, under Article 6 section 4 of the GDPR.

After obtaining a separate consent we may process your personal data also for marketing purposes, i.e. to present you commercial, advertising, promotional and marketing information regarding NTIATIVE or NTIATIVE’s offer by e-mail or phone (pursuant to article 172 section 1 of the Telecommunications Act of July 16, 2004 and article 10 section 2 of the Act of July 18, 2002 on the providing services by electronic means).

However, the legal basis for processing your personal data for direct marketing purposes is Article 6 sec. 1 letter f) of the GDPR (i.e. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party).

According to Recital 47 of the GDPR ” The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” Such a legitimate interest may exist in cases where there is a substantial and appropriate relationship between the data subject and the controller. Consent to the sending of commercial communications under the Act on the providing services by electronic means is precisely the link between the person giving consent and the controller referred to in Recital 47 of the GDPR. The fact that you have given your consent for the above mentioned marketing purposes means that you have reasonable grounds to expect that your personal data may be processed for such purposes.

You have the right to object at any time and free of charge to this processing, whether primary or further – including profiling, insofar as it is related to direct marketing. Once you have objected to the processing of your personal data for direct marketing purposes – NTIATIVE may no longer process your data for such purposes.

You also have the right to withdraw your consent to receive commercial communications and marketing contacts at any time and free of charge. Withdrawal of consent does not affect the legality of actions taken on the basis of consent before its withdrawal.

PURSUING OF CLAIMS

The legal basis for processing your personal data after your contact ends or the contract is terminated is our legitimate interest in archiving correspondence for the purposes of ensuring that you can prove certain facts in the future. So we can process your personal data for the purpose of pursuing and defending against claims pursuant to Article 6 section 1 letter f) of the GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party).

COOKIES 

We process completely anonymous data of each user of the Service, which characterizes the way they use our Service (these are the so-called exploitation data). This processing includes automatic reading of a unique identifier identifying the termination of the telecommunications network or ICT system you are using (i.e. your IP address), as well as the date and time of the server, information about technical parameters of the software and device you use (e.g. whether you are using a laptop or a telephone while browsing our Service) and the place from which you are connecting to our server. Data stored in server logs are not associated with specific people using the service. Server logs are only an auxiliary material used to administer the Service.

Like almost all websites and applications, we use cookies. Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our ICT system.

Cookies allow us to:

  1. ensure the proper functioning of the Service;
  2. improve the speed and security of using the Service;
  3. use analytical tools;
  4. use marketing tools, including tools that perform profiling in the understanding of the GDPR.

The legal basis for point 1 and 2 above is our legitimate interest as data controller (Article 6 section 1 letter f) of the GDPR).

The legal basis for point 3 and 4 above is your consent (Article 6 section 1 letter a) of the GDPR).

The cookies we use do not collect any personal data from you. Anonymous data is completely sufficient for the purposes mentioned above. If we process your personal data for other reasons (e.g. you have an account on our Service and there you provided us with your data), we do not combine them in any way with anonymous data obtained by means of cookies.

Consent to cookies.

During your first visit to our Service, you will be informed about the use of cookies. Accepting and closing this information means that you agree to the use of cookies by the provisions of this privacy policy for all purposes listed above. You can always withdraw your consent regarding points 3 and 4 above (without affecting the lawfulness of processing based on consent before its withdrawal).

You can always withdraw your consent by deleting cookies and changing the settings of cookies in your browser. Remember, however, that disabling cookies may cause difficulties in using the Service, as well as many other websites that use cookies. Consent to use cookies may be necessary for the proper use of your account on the site (cookies allow the software of our site to ‘see’ that you are logged in and maintain the continuity of your session when you jump between subpages).

Custom Cookies.

Cookies can be divided into own and coming from third parties. As far as our own cookies are concerned, we use them in order to improve the functioning of the Service and to enable proper use of accounts (session maintenance).

Third party cookies. 

The NTIATIVE, like most of today’s web services, uses functions provided by third parties, which involves the use of cookies from third parties. The use of these types of cookies is as follows:

Analysis and statistics. 

On the basis of a legitimate interest, we use cookies to track website statistics, such as the number of visitors, the type of operating system and web browser used to browse the site, time spent on the website, visited subpages, etc.

We use Google Analytics in this area.

The information collected by this tool is completely anonymous and does not allow your identification, but under GDPR it may still be treated as personal data. For this purpose, Google LLC cookies are used for the Google Analytics service. The use of Google Analytics services involves the implementation of the tracking code in the code of our website (the so-called tracking code). This code is based on cookies, but may also use other tracking technologies. Detailed information about Google Analytics can be found at: https://www.google.com/intl/en_us/analytics/

You can prevent the processing of personal data in this way (block Google Analytics) by making the appropriate choices on the site available here: https://tools.google.com/dlpage/gaoptout

Marketing. 

We use the following marketing tools – we implemented the Meta Pixel (Facebook’s Pixel) in our Service’s code, which remembers your visit. For this purpose, Facebook cookies are used. This results in showing you our ads on Facebook. For information on the purpose and scope of data collection, further processing and use of data by Facebook, as well as your relevant rights and setting options to protect your privacy, please refer to Facebook’s privacy policy: https://www.facebook.com/privacy/explanation .

If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our Service.

The Service also contains links to external social media sites so that you can quickly find our pages on these sites. These are so-called social plugins that are only activated when you click on them when your browser connects to the respective portal. Information, including your personal data, is then transmitted to these websites. If you click on the plug-in and are logged in at the same time, we may pass on information about your visit to our Service through your account at the relevant social network and store this information in your account at the relevant social network. If you do not want the social network to collect information about you through our Service, you should log out of the social network before visiting our Service.

Importantly, you do not have to share the information contained in cookies with us. You can prevent this by deleting cookies and changing the cookie settings on your web browser. Opting out of cookies usually only applies to a specific browser – this means that the same action will have to be taken for any other browser you use on the same or a different device.

You can also use tools that allow you to collectively manage your cookie settings and browser plug-ins that allow you to control your cookies. Web browsers also offer the option of using the so-called “incognito mode”, which allows you to visit websites without saving information about the sites you have visited and the files you have downloaded in your browser history. As a rule, cookies created in incognito mode are deleted when you close all incognito mode windows.

Please note, however, that disabling cookies may cause difficulties in using the Website, as well as many other websites that use cookies.

  1. What personal data we process

We may process the following personal data:

VISITORS OF OUR SERVICE

  1. device IP address,
  2. device screen resolution,
  3. device type (unique device identifiers), operating system and browser type,
  4. geographic location (country only),
  5. preferred language (device interface language),
  6. mouse events (movements, location and clicks),
  7. keystrokes,
  8. referring URL and domain,
  9. pages visited,
  10. server date and time,
  11. location of the terminal device from which the user connects to the service,
  12. UTM tags, determining from which network location the user arrived
  13. online identifiers, including cookie IDs, web protocol addresses and device identifiers.

OUR CLIENTS & SUPPLIERS

  1. name and surname,
  2. e-mail address,
  3. phone number,
  4. address of business activity,
  5. company name,
  6. description of organization,
  7. Tax Identification Number (NIP),
  8. Business Registry Number (REGON),
  9. organization website address,
  10. organization social media profilses,
  11. point of contact name, e-mail and phone number ,
  12. billing information and payment details,
  13. history of transactions,
  14. history of correspondence (including by e-mail).

EMPLOYEES OF OUR CLIENTS & SUPPLIERS 

  1. name and surname,
  2. phone number,
  3. e-mail address.

OUR SOCIAL MEDIA USERS

  1. name and surname (or username),
  2. publicly available data contained in the individual user profile (including the image of the user),
  3. contact details contained in the user’s profile on a specific social media (e.g. e-mail address, telephone number, website addresses or addresses of personal profiles in other social media),
  4. data that may be included in a private message, reviews, ratings, recommendations, comments, and other user reactions available on a specific social media app,
  5. personal data of users participating in competitions and marketing, promotional, information or networking campaigns organized by us via social media (including the image of the participant).

PEOPLE WHO CONTACT US

  1. name and surname,
  2. phone number,
  3. e-mail address,
  4. other personal data that could potentially be included in the message by the sender.

 

  1. To whom we disclose your personal data

External services supporting our business

Please bear in mind that in running our business we use the support of specialized external entities which may or must have access to some of your data.

We may disclose your personal data with external provider of: (i) hosting services and mailing systems, (ii) IT services, (iii) accounting, legal, advisory and consulting services.

Some of the operations described above involve sending your personal data to so-called third countries (outside the European Economic Area) where GDPR does not apply. However, this always happens based on the legal instruments provided for in the GDPR, guaranteeing adequate protection of your rights and freedoms.

It may also happen that we have to disclose your personal data state administration bodies authorised to do so by law (e.g. tax authorities, self-government bodies of legal advisers, offices, courts).

In addition, personal data of Service users contained in cookies may also be disclosed to entities with which the administrator has undertaken affiliate cooperation.

Google Analytics (Google LLC, Google Ireland Limited)

The information collected by this tool is completely anonymous and does not allow your identification, but under GDPR it may still be treated as personal data. For this purpose, Google LLC cookies are used for the Google Analytics service. The use of Google Analytics services involves the implementation of the tracking code in the code of our website (the so-called tracking code). This code is based on cookies, but may also use other tracking technologies.

The anonymous data of all Service users (in relation to Google Analytics services) contained in cookies are disclosed to Google LLC and Google Ireland Limited providing us the Google Analytics service on the terms set out here: https://privacy.google.com/businesses/processorterms/ and here: https://privacy.google.com/businesses/controllerterms/

The servers of these companies are located in different parts of the world, which means that these data can be transferred outside the European Economic Area. However, Google LLC guarantees an adequate level of data protection.

You can check the location of Google LLC servers here:
https://www.google.com/about/datacenters/inside/locations/?hl=pl

You can prevent the processing of personal data in this way (block Google Analytics) by making the appropriate choices on the site available here: https://tools.google.com/dlpage/gaoptout

Facebook (Meta Platforms, Inc., Facebook Ireland Ltd.)

We run a profile on Facebook available at: https://www.facebook.com/Ntiative/

The rules for the use of your personal data on Facebook and other products and features offered by Meta Platforms, Inc. (formerly Facebook, Inc.) can be found in the privacy policy available at: https://www.facebook.com/privacy/explanation

The administrator of your data on Facebook app is Facebook Ireland Ltd. which you can contact via the internet form (e.g. here: https://www.facebook.com/help/contact/2061665240770586) or by contacting the data protection officer of Facebook Ireland Ltd. (e.g. here: https://www.facebook.com/help/contact/540977946302970).

LinkedIn (LinkedIn Ireland Unlimited Company, LinkedIn Corporation)

We run a profile on LinkedIn available at: https://www.linkedin.com/company/ntiative-it-recruitment/

If you live in the European Union (EU), European Economic Area (EEA) or Switzerland – LinkedIn Ireland Unlimited Company will be the controller of your personal data provided to, or collected by or for, or processed in connection with this company services.

If you live outside the European Union (EU), European Economic Area (EEA) or Switzerland – LinkedIn Corporation will be the controller of your personal data provided to, or collected by or for, or processed in connection with, this company services.

The rules for the use of your personal data by the LinkedIn provider can be found at: https://www.linkedin.com/legal/privacy-policy

YouTube (Google Ireland Limited, Google LLC)

We run account on YouTube at: https://www.youtube.com/channel/UCKeGNx4YkhSB63IrK7ZHoMg

Unless otherwise stated in a service-specific privacy notice, the data controller responsible for processing your information depends on where you are based:

  • Google Ireland Limited for users of Google services based in the European Economic Area or Switzerland,
  • Google LLC for users of Google services based in the United Kingdom.

Rules for the use of your data by the service provider, can be found at: https://policies.google.com/privacy

We also use marketing tools such as HubSpot. HubSpot is a service provided by HubSpot, Inc. that we use for e-mail marketing, marketing automation, page personalization and CRM data integration (analytics, conversion tracking). HubSpot may collect our site browsing history and user data captured through forms. Your use of HubSpot’s services may involve the transfer of information outside the European Economic Area, including to U.S. data centers. Hubspot’s privacy policy is available at: https://legal.hubspot.com/privacy-policy?_ga=2.243585356.835151329.1652859333-836849374.1652859333

In the case of transfer of personal data to a third country within the meaning of the GDPR, when the European Commission has not issued a decision on the adequate protection of personal data for these countries (Article 45 of the GDPR), the personal data controller takes appropriate remedial measures to ensure an appropriate level of data protection. They include, among others European Union Standard Contractual Clauses or Binding Internal Data Protection Laws. In cases where this is not possible, we base the transfer of data on the exceptions set out in Article 49 of the GDPR, in particular based on the express consent or the necessity to transfer data in order to fulfill the terms of the contract or perform pre-contractual measures. The legal basis for the transfer of data to the U.S. is – unless otherwise stated – the consent referred to in Article 6 sec. 1 letter a) of the GDPR in connection with Article 49 sec. 1 letter a) of the GDPR. At the same time, we would like to inform you that in the case of sending data to a third country for which no decision on adequate protection of personal data or appropriate guarantees has been issued, there is a possibility and risk that the authorities in a given third country will gain access to the data sent for the purpose of collecting and analyzing them and that it will not be possible to guarantee the exercise of the rights of the data subjects.

  1. How long we process your personal data

OUR CLIENTS & SUPPLIERS

We will process your personal data for as long as it is necessary for our cooperation. If the limitations period for claims related to our cooperation is longer than the duration of our cooperation, then this longer period shall apply.

EMPLOYESS OF OUR CLIENTS & SUPPLIERS 

We will process your personal data as long as it is necessary for our cooperation with our Client or Suppliers. If the limitation period for claims related to our cooperation with our Client or Suppliers is longer than the duration of our cooperation with our Client or Suppliers, then this longer period shall apply.

OUR SOCIAL MEDIA USERS 

We process personal data collected through our social media profiles based on consent no longer than until it is withdrawn.

If we process your personal data on the basis of the legitimate interest of the administrator, we process them for the time needed to resolve the matter presented by you. Depending on its type, also for the time needed to prove that we have properly conducted it, i.e. for the period of limitation of claims.

Remember that the owners of social media websites (on which we have our profiles as a NTIATIVE) may process data for a different period of time indicated in their regulations and privacy policies.

CONTACT

Personal data provided in order to contact us will be stored for no longer than is necessary to answer you, and after that time may be stored in the event of potential claims for the limitation period specified by law.

POTENTIAL CLIENTS

We contact you within 30 days after collecting your personal data. If we fail to do so – your personal data will be erased immediately. If, however, it is you who willingly left your data to us using our website, then this 30 days deadline does not apply. Anyway, we try to contact you as soon as possible.

You have the right to object at any time, on the reasons relating to your particular situation, to the processing of personal data relating to you based on Article 6 section 1 letter e) or f) of the GDPR, including profiling on the basis of these provisions. In such a case, we may no longer process such personal data unless we demonstrate the existence of valid legal bases for processing, overriding your interests, rights and freedoms, or bases for establishing, asserting or defending your claims.

As your personal data are processed for the purposes of direct marketing, you have the right at any time to object to the processing of personal data relating to you for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.

COOKIES

The processing of your personal data contained in cookies lasts until you disable their use. You can do this by deleting cookies and changing cookie settings in your browser.

 

  1. How do we enable you to realize your rights

We make our best efforts to ensure that you are satisfied with working with us. Please bear in mind, however, that you are entitled to a number of privileges which will allow you to have influence on the manner in which we process your personal data, and in some cases you may stop such processing.

Please note that in the processing of personal data of users of our social media profiles, we may be joint controllers of your personal data together with the owners of specific social media applications (such as Facebook, LinkedIn, YouTube and others).

If you are a person to whom the GDPR applies, these rights include:

 

 

  • the right of access by the data subject (regulated in Article 15 of the GDPR)

 

Article 15

Right of access by the data subject

  • The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
  • The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  • The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.


  • right to rectification of your data (regulated in Article 16 of the GDPR)

 

Article 16

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

  • right to erase your data (regulated in Article 17 of the GDPR)

 

Article 17

Right to erasure (‘right to be forgotten’)

  • The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  • the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
  • Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  • Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.


  • right to restrict of processing of your data (regulated in Article 18 of the GDPR)

 

Article 18

Right to restriction of processing

  • The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  • A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.


  • right to data portability of your data (regulated in Article 20 of the GDPR)

 

Article 20

Right to data portability

  • The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
  • the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  • the processing is carried out by automated means.
  • In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  • The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.


  • right to object to the processing of your data (regulated in Article 21 of the GDPR)

 

Article 21

Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

If you are not a person to whom the GDPR applies, these rights include all the rights granted to you under the applicable data protection law in your country.

In order to exercise any of the rights above described, please contact us by sending an e-mail to the address we have first contacted you from, or the address: info@ntiative.com

 

  1. Complaint to the supervisory authority

If you are the person to whom the GDPR applies pursuant to Article 77 of the GDPR you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place where the alleged violation has been committed, if you believe that processing of your personal data violates the provisions of the GDPR.

In Poland, the supervisory body is the President of the Office for Personal Data Protection – you can make a complaint, among others by traditional mail to the address of ul. Stawki 2, 00-913 Warsaw or by e-mail to the address: kancelaria@uodo.gov.pl, you can also get more detailed information (including current phone numbers) on the website: https://uodo.gov.pl/

To contact another supervisory authority responsible for the protection of personal data, please visit the website of the European Data Protection Board available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

 

  1. Is submitting personal data necessary for concluding an agreement with us

OUR CLIENTS & SUPPLIERS

We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. Some data is also necessary for us to fulfil the obligations arising from the law (tax regulations, accounting regulations, obligations arising from professional regulations). Failure to provide your data will, unfortunately, prevent the conclusion and implementation of the agreement.

EMPLOYEES OF OUR CLIENTS & SUPPLIERS

We do not conclude any agreement with you but you must provide us with your personal data necessary to cooperate with our Client or Suppliers (probably your employer).

VISITORS OF OUR SERVICE / CONTACT 

We do not conclude any agreement with you at this stage. Some of your details (e.g. processing of functional cookie or your e-mail address) may be necessary for us to operate the Service properly.

OUR SOCIAL MEDIA USERS 

Visiting our profiles on social media is voluntary, as is leaving comments, likes, opinions and other reactions. However, if you decide to visit our social media profiles, the data for the purposes of statistics may be partially collected automatically.

COOKIES

Consent to use cookies may be necessary for the proper use of your account on the site (cookies allow the software of our site to ‘see’ that you are logged in and allow you to access the account content).

 

  1. How do we obtain your personal data

OUR CLIENTS & SUPPLIERS / VISITORS OF OUR SERVICE / PEOPLE WHO CONTACT US 

We obtain your personal data directly from you (including automated methods).

EMPLOYEES OF OUR CLIENTS & SUPPLIERS

We obtain your data from our Clients and Suppliers or directly from you.

OUR SOCIAL MEDIA USERS 

Personal data of people visiting our profiles in social media, including collective statistics based on the data of these people, are obtained from the owner of a specific social media application. We obtain personal data contained in private messages, reviews, recommendations, comments, etc. directly from people who interact with us through our social media profiles.

POTENTIAL CLIENTS

We obtain your personal data from publicly available sources (e.g. your organisation’s website) or purchase them form reliable database providers, after ensuring that they have been collected, stored and disclosed to us in a legal manner.

 

  1. Automated processing and profiling

Exploitation data and data related to using cookies are processed in automated way (however, they are not subject to profiling, as understood based on GDPR).

Data processed for advertising and marketing purposes, through dedicated tools and sites, may be subject to profiling as defined by the GDPR. In this case, profiling may be aimed at matching our offers, products and services with your preferences.

Other data is not subject to automated processing or profiling.

 

PRIVACY POLICY

– for personal data of job applicants –

 

  • Who we are and how you can find us

NTIATIVE spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków (address: ul. Józefa Sarego 26/17, 31-047 Kraków), entered into the registry of entrepreneurs of the National Court Register under the number: 0000741505, having Tax Identification Number (NIP): 6762552563 and Statistical Number (REGON): 380825401 (hereinafter referred to as: „NTIATIVE” or “We”) is a controller of job aplicants’ personal data obtained within recruitment process. You can contact us by phone: +48 694 082 851, and also via e-mail to the address: info@ntiative.com

 

  • Why do we process your personal data

If we consider you a suitable candidate, we process your personal data in order to ensure your participation in the recruitment process.

We will process your data in order to:

  1. contact you and conduct the recruitment process,
  2. evaluate your qualifications for work at the position you are applying for,
  3. evaluate your abilities and skills necessary to work at the position you are applying for,
  4. match characteristics of a specific person with a potential employer and choose the right person to work at a given position,
  5. ensure your participation in future recruitment processes.
  6. providing you with marketing content.

 

  • What personal data do we process and under what legal basis

We may process the following data of job applicants:

  1. name(s) and surname;
  2. date of birth;
  3. contact details indicated by such a person (e.g. correspondence address, e-mail address, telephone number);
  4. education;
  5. professional qualifications;
  6. employment history;
  7. other personal data contained in your application documents (e.g. your image) such as CV, motivation letter, letter of reference or others;
  8. personal data made publicly available on business or professional social media (LinkedIn, candidate’s organisation’s website);
  9. other personal data acquired during an interview, tests performed, or other activities undertaken as part of the recruitment process to the extent permitted by law (including information provided through questionnaires, surveys or other forms completed by the candidate).

 

Personal data of job applicants indicated in points d) – f) above may be asked for only when required to perform work of a specific type or in a specific position. At NTIATIVE, we need to analyze your education, professional qualifications and employment history to understand if you will be able to perform your future responsibilities successfully.

We may ask for other data than those mentioned in points a) – f) above only if it is necessary to exercise rights or to fulfil an obligation arising from the law provision. However, they still can be processed under your consent.

The legal basis for the processing of your personal data is:

  1. in relation to personal data mentioned under points a) – f) above – a provision of law and the necessity of processing to take steps at your request prior to entering into a contract [Article 6 par. 1 point b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as: the “GDPR”];
  2. in relation to personal data mentioned under point g) above (not applicable to personal data relating to criminal convictions and offences should you include them in your application documents) – your consent [Article 6 par. 1 point a) of the GDPR]. You can withdraw your consent at any time by contacting us. Note that such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal;
  3. in relation to personal data mentioned under point h) above – the necessity of processing for the purposes of pursuing our legitimate interests [Article 6 par. 1 point f) of the GDPR]. We have a legitimate interest in actively searching for potential job candidates by looking through their publicly available profiles on business or professional social media (eg. LinkedIn, your organization’s website), otherwise we would not be able to judge whether you might be interested in a given position.
  4. in relation to personal data mentioned under point i) above – the necessity of processing for the purposes of pursuing our legitimate interests [Article 6 par. 1 point f) of the GDPR]. We have a legitimate interest in verifying your skills and abilities – it is necessary to assess whether you are the right person for the position we are recruiting for. We also have a legitimate interest in completing your information in order to find the best job offers for you.

If the data you provide to us includes sensitive data, we will process it only on the basis of your express and separate consent. The consent may be withdraw at any time by contacting us at: info@ntiative.com. Note that such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In the absence of the consent data will be deleted immediately.

NTIATIVE will store and process your personal data for the purposes of future recruitment processes. You can withdraw your consent at any time by contacting us. Note that such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

After obtaining separate consent, we may also process your personal data for marketing purposes, including sending you commercial, advertising and marketing information (including sending you our newsletter, job offers, information on ongoing recruitments, updates about new episodes of our podcast and other similar content). The legal basis for processing your personal data for these purposes is Article 6(1)(a) of the GDPR. (i.e. “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”). You can withdraw your consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal) by selecting the appropriate checkbox. In some cases, the legal basis for the processing of your personal data for direct marketing purposes may be the legitimate interest of the Controller (Article 6(1)(f) of the GDPR – i.e. “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party” and Recital 47 of the GDPR – “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”). Pursuant to Recital 47 of the GDPR, such a legitimate interest may exist in cases where there is a significant and appropriate type of relationship between the data subject and the data controller. Remember that you always have the right to object at any time and free of charge to this processing, primary or further – including profiling, as long as it is related to direct marketing. Once you object to the processing of your personal data for direct marketing purposes – the data controller may no longer process your data for such purposes. You also have the right to withdraw your consent to receive commercial information at any time and free of charge. Withdrawal of consent does not affect the lawfulness of actions that were carried out on the basis of consent before its withdrawal.

 

  • To whom we disclose your personal data

The recipients of your personal data may be our Clients to whom we provide recruitment services. Since it is our Clients who make the final decisions whether to present you a job or not, we may provide them with information such as your application documents or your contact details in order to e.g. verify your candidature or conduct a telephone interview. These entities act as independent data controllers and the transfer of data is based on your consent. You can withdraw your consent at any time by contacting us at info@ntiative.com (without affecting the lawfulness of processing based on consent before its withdrawal).

We may entrust some of your personal data to our suppliers of services or different tools that are very useful and make our everyday work far easier. Therefore in this case the transfer of data is based on the legitimate interest that we have in optimizing our internal processes in order to provide our services more efficiently. These entities act either as controllers who manage your data independently or as processors who process your data on behalf of and for the purposes set by us on the basis of relevant entrustment agreement of personal data processing.

  1. Bullhorn – We use Bullhorn, an application provided by Bullhorn, Inc. to support our recruitment process. Bullhorn provides us with the ability to combine the data you provide to us with other publicly available information about you that you have published online. Bullhorn allows us to search various databases, some publicly available and some not, which may contain your personal data, in order to find potential candidates to fill our job openings. The data that we collect from you and process using Bullhorn’s services may be transferred to and stored in a locations outside the European Economic Area. Bullhorn’s privacy policy is available at: https://www.bullhorn.com/privacy/
  2. Herefish – Herefish is a platform provided by Herefish, Inc. for automating communications and other processes in recruitment. Herefish allows you to track a candidate’s page views, page interactions and page content loading (e.g. surveys). Herefish allows you to track a candidate’s page views, page interactions, and page content loading (such as surveys). This information can then be used in the system to allow you to track a candidate’s or sales contact’s activity on your website and effectively communicate with them based on that activity. The data we collect from you and process using Herefish, may be transferred to and stored in locations outside the European Economic Area. Herefish’s privacy policy is available at the following link: https://herefish.com/privacy/
  3. HubSpot – We use marketing tools such as HubSpot. HubSpot is a service that we use for email marketing and marketing automation. Using the HubSpot services may involve the transmission of information outside the European Economic Area, including to US data centers. Hubspot’s privacy policy is available at:     https://legal.hubspot.com/privacy-policy?_ga=2.243585356.835151329.1652859333-836849374.1652859333
  4. external provider of: (i) IT services, (ii) accounting, legal, advisory and consulting services, (iii) hosting services and mailing systems – when providing services to us, it may have access to your personal data;
  5. state administration bodies authorised to do so by law (e.g. tax authorities, self-government bodies of legal advisers, offices, courts).

 

The operations described above may involve (due to the location of some entities’ headquarters or servers) the transmission of your data to the so-called third countries (outside the European Economic Area), where the GDPR is not applicable. However, this always happens on the basis of legal instruments provided for in the GDPR, guaranteeing adequate protection of your rights and freedoms. In case of data transfer to our clients based in the U.S. we rely on other available legal instruments, e.g. the so-called standard contractual clauses implemented into binding agreements.

 

  • How long do we process your personal data

Your personal data is processed for the duration of the recruitment process related to the position for which you are applying, and then for a period of 12 months for the purposes of future recruitment processes in which you may be interested.

Sensitive data that we have received from you without an explicit and separate consent for its processing will be deleted immediately.

In the event when we obtain your personal data from publicly available sources (social media of a business or professional nature, like LinkedIn), we contact you no later than 30 days from obtaining the data (in accordance with Article 14 par. 3 of the GDPR).

Remember that you can withdraw your consent at any time (note that such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal).

In terms of marketing activities if we are acting on the basis of your consent – we will process your personal data until you withdraw your consent, while if we are acting on the basis of the legitimate interest of the data controller then we will process your personal data until you raise an objection.

The processing of your other data based on consent, as a legal premise, continues until you withdraw your consent.

 

 

  • How we enable you to exercise your rights

We strive to make you happy with working with us. Remember, however, that you have many privileges that will allow you to influence the way we process your personal information, and in some cases cause you to stop such processing. These rights are:

 

  • the right of access by the data subject (regulated in Article 15 of the GDPR)

 

Article 15

Right of access by the data subject

  • The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
  • The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  • The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.


  • right to rectification of your data (regulated in Article 16 of the GDPR)

 

Article 16

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

  • right to erase your data (regulated in Article 17 of the GDPR)

 

Article 17

Right to erasure (‘right to be forgotten’)

  • The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  • the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
  • Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  • Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.


  • right to restrict of processing of your data (regulated in Article 18 of the GDPR)

 

Article 18

Right to restriction of processing

  • The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  • A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.


  • right to data portability of your data (regulated in Article 20 of the GDPR)

 

Article 20

Right to data portability

  • The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
  • the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  • the processing is carried out by automated means.
  • In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  • The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.


  • right to object to the processing of your data (regulated in Article 21 of the GDPR)

 

Article 21

Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To use any of the rights described above, please contact us by e-mail at the address we contacted you or at the address: info@ntiative.com. You can also contact us by phone at the number: +48 694 082 851.

 

  • Complaint to the supervisory authority

According to Article 77 of the GDPR you are entitled to submit a complaint to the supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged violation is committed, if you believe that the processing of personal data regarding you violates the provisions of the GDPR.

In Poland, the supervisory body is the President of the Office for Personal Data Protection. You can make a complaint, among others by traditional mail to the following address: ul. Stawki 2, 00-913 Warsaw or electronically through portal ePUAP2. You can also get more detailed information on the website: https://uodo.gov.pl/

To contact another supervisory authority responsible for the protection of personal data, please visit the website of the European Data Protection Board available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

 

  • Is the provision of data necessary to conclude an agreement with us

At this point we do not conclude any agreement with you. However, in order to participate in the recruitment process you need to provide your personal data at least within the scope resulting from labour law. Provision of other data is voluntary.

 

  • Where did we obtain your data

The recruitment process may be initiated in two different ways.

As in most cases, we have found you on our own and get in touch directly. This may happen if we for example browse on our own through public profiles on social media of business or professional nature or in case where somebody (e.g. our employee, etc.) directly recommended you for a position in our firm. At this point you do not know yet that we are processing your data, but we have to do this, otherwise we would not be able to judge whether you might be interested in a given position and we would not be able to contact you. Our job basically involves making connections between applicants and employers.

Another possibility is that you contacted us on your own via e-mail, social media or in a different way. In such case we may still examine your profile on social media of business or professional nature or your organisation’s website in order to verify your experience, specialization and usefulness for a specific task.

Data processed for marketing purposes we usually obtain directly from you.

 

  •  Automated decision-making and profiling

We do not make decisions in an automated manner or subject any personal data to profiling as understood by the GDPR.