Controller’s information clause
Pursuant to article 13 and article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR"), we would like to inform you that:
The Controller of your personal data is iTechArt Group sp. z o.o. with headquarters in Łódź, postal code 90-147 at Aleksandra Zelwerowicza 41 /2 street, entered into the Register of Entrepreneurs of the National Court Register kept in the District Court for the capital city of Łódź-Śródmieście in Łódź, XX Commercial Division of the National Court Register, under KRS number 0000865089, REGON 387339804 and NIP 7252303560 ("Controller").
The Controller processes personal data of:
- Persons who have included their personal data in the recruitment form ("Form"), and sent it to the Controller. The personal data processed by the Controller include: name, surname, mailing address, e-mail address, telephone number, image, education, work experience and any other data which the Candidate includes in the Form.
- Persons with whom the Controller has contacted through portals on the Internet in order to invite them to participate in the recruitment process. Personal data processed by the Controller in such case include: link to the profile on the portal on the Internet, name and surname, contact details (e.g. email address, phone number) and other data included in the profile relevant for the recruitment process.
The persons to whom the aforementioned personal data relate are hereinafter referred to as "Candidates".
Purposes and legal grounds for processing
Your personal data will be processed for the purposes of:
- conducting the recruitment process, including contact between the Controller and the Candidate - i.e. on the basis of the consent referred to in Article 6(1)(a) of the GDPR;
- inviting Candidate to the recruitment process and present him a Controller’s profile as a potential employer through portals on the Internet – i.e. on the basis of the legitimate interest referred to in Article 6 (1) (f) of the GDPR;
- in the case of Candidates who get to the last stage of the recruitment process, in order to finalize the process i.e. to conclude a contract - on the basis referred to in Article 6(1)(b) of the GDPR;
- conducting future recruitments - i.e. on the basis of a separate consent expressed by the Candidate, i.e. on the basis referred to in Article 6(1)(a) of the GDPR;
- defending against and pursuing claims - i.e. on the basis referred to in Article 6(1)(f) of the GDPR;
- fulfilment the Controller's legal obligations concerning the storage of documentation related to the recruitment process, i.e. on the basis referred to in Article 6(1)(c) of the GDPR.
Information about the data source
Candidates contact information is obtained by the Controller directly from the Candidate or from publicly available websites.
Personal data not obtained directly from the Candidate used for the recruitment process are obtained through online platforms (e.g. LinkedIn) where the Candidate has provided his/her data, such as, profile link on the portal on the Internet, first and last name, contact details (email address or phone number), location and other data relevant to the profile.
Providing personal data by the Candidate in the recruitment process is voluntary, but necessary to take part in the recruitment. The consequence of failing to provide personal data shall be the Candidate's non-inclusion in the recruitment process.
The Controller may share personal data with the following recipients or categories of recipients:
- service providers who provide services on behalf of or for the Controller. In contracts concluded with such service providers, the Controller requires compliance with applicable data protection regulations;
- to other entities within the group of the Controller;
- if such an obligation results from a legal obligation, to the extent necessary also to other third parties, in particular state authorities.
Access to personal data is provided only to those persons in the case of whom such access is justified due to the tasks performed and services rendered. All persons authorized to process personal data are obliged to keep the data confidential and protect them against unauthorized disclosure.
Candidates' personal data processed:
- in order to conduct recruitment, including contacting the Candidate and performing the necessary activities related to recruitment – will be stored for a period of 6 months from the acquisition of personal data by the Controller in a direct or indirect manner;
- in order to conduct future recruitments – on the basis of a separate consent given by the Candidate - will be stored for a period of 12 months from the date of consent;
- in justified cases, e.g. in order to defend against claims and pursue claims – at the latest until the expiry of the period of the statute of limitations for the claims;
- in order to comply with legal obligations incumbent on the Controller – for a period no longer than necessary for the aforementioned purpose.
In the case of a claim filed by a Candidate, the period for storing and processing his/her personal data may be extended if it is necessary for handling the claim and possible defense against such claim.
In connection with the processing of personal data, the Candidate has the following rights: access to data, rectification of data, deletion of data, restriction of data processing, data portability and the right to object to data processing. You are entitled to these rights in the cases and to the extent provided for by applicable law. In connection with data processing, you also have the right to file a complaint with the supervisory authority.
Data transfer to third countries outside the EEA
The Controller stores Candidates' data in IT infrastructure provided by external entities, including email boxes whose servers may be located outside the European Economic Area, and thus transfers personal data to recipients located outside the European Economic Area. The Controller transfers Candidates' personal data using mechanisms that comply with applicable law. For more information on the existing safeguards implemented by the Controller to ensure the processing of personal data in accordance with applicable law and on how to obtain a copy of the data or on where and how to access the data, please contact the Controller as indicated in this clause.
The Controller transfers personal data in accordance with the requirements of the GDPR, contained, inter alia, in Article 46 of the GDPR, in particular on the basis of standard contractual clauses.
Information about the lack of automated decision-making
The Controller will not process your personal data for the purpose of automated decision making, including profiling.
In matters concerning the processing of personal data, the Candidate may contact the Controller:
- by sending traditional correspondence to the Controller's registered address or
- through a dedicated e-mail address: firstname.lastname@example.org.
In exercising his or her rights, a Candidate who has made a request or demand for the processing of his or her personal data may be asked to respond to questions that will allow the Candidate to verify his or her identity.
In addition, a Candidate has the right to file a complaint against the processing of his/her personal data to the President of the Office for Personal Data Protection (address: 2 Stawki Street, 00-193 Warsaw).