In compliance with Art. 13 Clauses 1, 2 of the European Parliament and of the Council Regulation (EU) 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of their personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) (EU Journal of Laws L 119, s. 1) – hereinafter GDPR – we would like to inform you that:
1. PERSONAL DATA CONTROLLER
The Personal Data Controller is: Coditive Sp. z o. o. (Formerly Indeon Sp. z o. o. Sp. k.) based in Knurów (44-196), 26 Stycznia 2A/12, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Gliwice, 10th Economic Department of the National Court Register, under the number KRS 0000907960, with the share capital of PLN 10,000 paid in full, NIP (Tax ID No.): 9691643891, REGON (Statistical No.): 387408110 (Hereinafter Controller).
The Joint Controller of Personnal Data is Indesion Sp. z o. o., based in Knurów (44-196), 26 Stycznia 2A/12, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Gliwice, 10th Econimic Department of the National Court Register, under the number KRS 0000511779, with the share capital of PLN 10,000 paid in full, NIP (Tax ID No.): 9691612614, REGON (Statistical No.): 361151937.
2. PERSONAL DATA PROTECTION OFFICER
Data Controller has appointed Personal Data Protection Officer, whom you may contact in all matters related to the protection of personal data, simply write to:
a. e-mail address: [email protected]
b. regular mail address: ul. 26 Stycznia 2A/12, 44-196 Knurów
3. TYPES OF THE PROCESSED PERSONAL DATA
We will process the following personal information provided by you:
a. First name(s) and last name, date of birth, contact details specified by you, education, professional qualifications, previous employment history,
b. Data found in your curriculum vitae (CV) and cover letter, and made available during the interview or in connection with the qualification or verification tests.
4. OBJECTIVE OF THE PERSONAL DATA PROCESSING
Your personal data will be processed:
1) if the preferred form of employment is an employment agreement – in order to perform obligations arising from legal provisions related to the employment process, including in particular the Labour Code – the legal basis for processing is the legal obligation incumbent on the Data Controller (Art. 6 Clause 1 letter c of the GDPR in connection with the provisions of the Labour Code, including Art. 22 (1) of the Labour Code);
2) if the preferred form of employment is a civil law agreement – in order to conduct the recruitment process – the legal basis for processing the data contained in the application documents is undertaking the activities before the agreement is concluded at the request of the person whose data are being processed (Art. 6 Clause 1 letter (b) of the GDPR);
3) for the purpose of conducting the recruitment process within the scope of data not required by law or by the Controller, and for future recruitment processes for the positions in the INDEON Group, until a withdrawal of consent, for no longer than two years from the date of consent. For this purpose, we will process your personal data as Joint Controllers with the other companies belonging to the INDEON Group – the legal basis for processing is the consent of the person whose data are being processed (Art. 6 Clause 1 letter a of the GDPR);
(4) in order to verify the qualifications and skills of a candidate and to establish the conditions of cooperation – the legal basis for the processing of the data is the legitimate interest of the Controller (Art. 6 Clause 1 letter
f of the GDPR). The legitimate interest of the Controller is to verify candidates for employment and to determine the conditions for potential cooperation;
(5) in order for the Controller to determine or pursue any claims or to defend against claims made against the Controller – the legal basis for the processing of the data is the legitimate interest of the Controller (Art. 6 Clause 1 letter f of the GDPR).
Providing data within the scope specified in art. 22 (1) of the Labour Code and the Regulation of the Minister of Labour and Social Policy of 28 May 1996, on the extent of keeping documentation by employers in matters related to the employment relations and the manner of keeping personal files of an employee, is required – if the candidate prefers employment on the basis of an employment agreement – by law, including in particular the Labour Code, and in the case where the candidate prefers employment on the basis of a civil law agreement – by the Controller. Failure to provide this data results in the inability to consider an application in the recruitment process. Providing data to the extent in which the consent of the person providing data is required is voluntary, but refusal to provide the data prevents you from automatically participating in future recruitment procedures and will require a new application.
If the submitted applications contain additional data, beyond the scope indicated by the labour law, their processing will be based on the candidate’s consent (Art. 6 Clause 1 letter a of the GDPR), expressed by a clear acknowledgement of the applicant’s submission of the application documents. If the submitted applications contain information that is not relevant to the purpose of recruitment, the information will not be used or taken under consideration in the recruitment process.
5. PERIODS OF PERSONAL DATA PROCESSING
The period of processing data by the Controller depends on the legal basis and the purpose of the processing. The processing period may also result from legal provisions if they constitute basis for the processing. Where data are processed on the basis of a legitimate interest of the Controller, they are processed for a period of time which would make it possible to implement the interest or to notificate an effective objection to the processing of the data has been raised.
In so far as the personal data are processed on the basis of a given consent, the consent may be withdrawn at any time, without affecting the lawfulness of the processing carried out prior to the withdrawal. Where the processing is necessary for the conclusion and implementation of an agreement, the data are being processed until termination of the agreement.
If a consent is given for future recruitment processes, personal data are deleted no later than after two years – unless the consent has been withdrawn sooner.
The data processing period may be extended in the case, when the processing is necessary to determine or to recover claims, or defend against claims, and after this period – only if required by law and to the extent it is required.
After the processing period, the data are permanently deleted or anonymised.
6. PERSONAL DATA RECIPIENTS
Your personal data may be transferred to the bodies authorized by legal regulations and to processors which provide services to the Controller and to which the data are entrusted. The intended recipients of your personal data are:
(a) entities cooperate with us in the areas of accounting, taxes, legal and advisory services, consultancy, audits, billings, training, documents archiving, correspondence handling, organization and recruitment,
(b) entities which operate information and communication systems and which provide IT services in so far as it is necessary for the purposes, for which your personal data are being processed
7. RIGHTS ARISING FROM THE PROCESSING OF PERSONAL DATA Due to the fact that we will process your personal data, you have the following rights:
a. right to object,
b. right to access the personal data,
c. right of rectify data,
d. right to delete data (Also referred to as “the right to be forgotten”),
e right to restrict data processing
f. right to transfer data,
g. right to withdraw your consent for data processing at any time, without affecting the lawfulness of the processing carried out prior to the withdrawal,
h. right access the essential arrangements between the Joint Controllers,
8. CONTACT POINT, THROUGH WHICH YOU CAN EXERCISE YOUR RIGHTS
Should you want to exercise your rights, please contact us in one of the following ways:
a. send a written request to the address: Indeon Sp. z o. o., ul. 26 Stycznia 2A/12, 44-196 Knurów,
b. by email to: [email protected]
If you choose to exercise your rights, we will respond to your request not later than one month from the date when we received your request.
A declaration of withdrawal of the consent for processing of personal data must be submitted in writing to the mailing address or electronically to the e-mail address:[email protected]
9. THE RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
In the event of a breach of your personal data protection, you have the right to lodge a complaint with the supervisory authority – the President of the Data Protection Office.
Your data is not subject to automated decision making, including profiling.
11. DATA PROCESSING OUTSIDE THE EEA
Your personal data may be transferred outside the European Economic Area (“EEA”). This may be the case when the Controller contracts certain services to entities based outside the EEA or which process data outside the EEA. Your personal data may be transferred only to the third countries (Countries outside the EEA) or the entities in third countries (On the basis of the Privacy Shield Program), for which an adequate level of data protection has been established by the decision of the European Commission, or in contracts with these entities there have been included standard data protection clauses. Should your data be transferred outside the EEA, you may request the Controller to provide further information about the safeguards applied in this regard, obtain a copy of these safeguards and information about the place where the data are made available, by contacting the Controller in the manner indicated in this information.