- The purposes and methods of processing data collected on the website are determined jointly by two joint controllers – in accordance with art. 26 GDPR.
- The co-administrators of personal data collected via the website are:
a. INLEGIS sp.z o.o. with headquarters in Wrocław, at ul. Podwale 83/7 (postal code: 50-414), entered into the Register of Entrepreneurs of the National Court Register under the KRS number 913859, NIP number 8992903501.
b. INLEGIS FOUNDATION with headquarters in Wrocław, at ul. Podwale 83/7 (postal code: 50-414), entered in the Register of associations, other social and professional organizations, foundations, and independent public health care institutions under the number KRS 0000730037, REGON 380077809, NIP 8992844454;
(Hereinafter referred to as: Co-administrators), e-mail: email@example.com.
- Personal data collected by the Co-administrators are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95 / 46 / EC (hereinafter: GDPR), the Act of May 10, 2018 on the Protection of Personal Data and the Act of July 18, 2002 on the Provision of Electronic Services.
- The co-administrators only process the personal data that the user has provided in connection with the use of the website. Data processing takes place in the following areas:
o conclusion and performance of the contract, including the issue of an invoice or bill and the performance of the service (data scope: name, surname, address, delivery address, e-mail address) – art. 6 sec. 1 lit. b GDPR,
o establishing cooperation (scope of data: name, surname, address, e-mail address, telephone number, other data provided by the candidate in the application form) – art. 6 sec. 1 letter a GDPR,
o recovery of receivables (data scope: name, surname, address, delivery address, e-mail, other data necessary to prove the existence of a claim or defend rights) – art. 6 sec. 1 lit. f GDPR,
o fulfillment of legal obligations incumbent on the Co-administrators in connection with running a business (scope of data: any data obtained from the user) – art. 6 sec. 1 lit. c GDPR,
o conducting own marketing and promotional activities (scope of data: name, surname, address, e-mail, telephone number), art. 6 sec. 1 lit. f GDPR,
o conducting marketing and promotional activities based on a separate consent – art. 6 sec. 1 lit. a GDPR,
o sending commercial information by electronic means in accordance with art. 10 sec. 2 of the Act of 18 July 2002 on the provision of electronic services, including sending a newsletter (data scope: name, surname, address, e-mail address) – art. 6 sec. 1 lit. a GDPR.
The scope of collected data
- The co-administrators collect or may collect the following personal data via the contact form available on the website or direct contact from the user (e-mail, telephone):
- identification data (e.g., name, surname),
- contact details (telephone number, address, e-mail address),
- employment data,
- other data provided by the user during contact with the Co-administrators.
- Browsing the content of the website does not require providing personal data other than automatically obtained information about connection parameters.
- The co-administrators do not profile users’ personal data.
Provision of data
- In order to perform the contract, the Co-administrators may share the collected data with entities including employees, associates, courier companies, online payment system operators, entities providing IT services to the Co-administrators.
- In such cases, the amount of data transferred is limited to the required minimum. Personal data may be made available to competent public authorities if required by applicable law.
- Recipients not indicated above; the processed personal data are not made available to the outside in a form that would allow any identification of users.
- Personal data is not transferred to countries outside the European Economic Area (hereinafter referred to as: EEA). The joint controllers use servers to store data located in EEA countries.
The period of personal data processing
- Personal data will be processed for the period of:
- necessary for the implementation of contracts concluded via the website, including after their performance due to the possibility of the parties to exercise their rights under the contract, as well as due to possible recovery of receivables.
- until the purpose of data processing ceases to exist, i.e., the end of a given recruitment process, if the consent to data processing concerned only a given recruitment process, until the consent is withdrawn or objection to data processing is submitted – in cases of processing the user’s personal data based on a separate consent.
- until the end of the calendar year following the year in which the application was submitted, if the consent related to the processing of personal data for the benefit of a larger number of recruitment processes organized by the Co-administrators, including those that were launched after the submission of the application documents during the period indicated in this point of time.
- The joint controllers store the personal data of users also when it is necessary to fulfill their legal obligations, resolve disputes, enforce the user’s obligations, maintain security, and prevent fraud and abuse. The period of data processing in the above cases is determined individually, however, it may not exceed 10 years from the moment of achieving the above goals.
- The co-administrators make every effort to secure personal data and protect them against the actions of third parties and supervise the security of data throughout their processing in a manner that protects against unauthorized access by third parties, damage, distortion, destruction or loss.
Users’ rights and obligations
- The co-administrators provide users with the implementation of rights, i.e., the right to:
- access to data content,
- rectification of data,
- deletion of data,
- data processing restrictions,
- data portability,
- object to data processing,
- withdraw consent at any time, but the withdrawal of consent does not affect the lawfulness of the processing which was carried out based on consent before its withdrawal,
- lodging a complaint to the supervisory authority, i.e. the President of the Personal Data Protection Office.
- To exercise the rights, an appropriate request should be sent by e-mail to the following address: firstname.lastname@example.org or by traditional mail to the following address: INLEGIS Kancelarie Prawne spółka z ograniczoną odpowiedzialnością sp.k., ul. Podwale 83/7, 50-414 Wrocław or the INLEGIS FOUNDATION, ul. Podwale 83/7, 50-414 Wrocław.
- The joint administrators consider the reported requests immediately, but not later than within one month from their receipt. However, if – due to the complexity of the request or the number of requests – the Co-administrators will not be able to consider the user’s request within the indicated period, they will inform the user about the intended extension of the deadline and indicate the deadline for considering the request, but not longer than two months.
- The joint controllers inform about the rectification or deletion of personal data or the limitation of the processing that they have performed in accordance with the user’s request to each recipient to whom the personal data has been disclosed unless it proves impossible or will require a disproportionate effort.
- Cookies used by the Co-administrators are safe for the user’s device. It is not possible for viruses or other unwanted software or malware to enter users’ devices this way. These files allow to identify the software used by the user and adjust the website individually for each user. Cookies usually contain the name of the domain they come from, their storage time on the device and the assigned value.
- Types of cookies:
a. session (temporary): they are stored on the user’s device and remain there until the end of the browser session. The saved information is then permanently deleted from the device memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the user’s device.
b. permanent: they are stored on the user’s device and remain there until they are deleted. Ending a browser session or turning off the device does not delete them from the user’s device. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the user’s device.
- The user has the option to limit or disable the access of cookies to his device. If you use this option, the use of the website will be possible, except for functions which, by their nature, require cookies. It is recommended to use software with cookies enabled.
- website configuration.
- recognizing the website user’s device and its location and properly displaying the website, tailored to his individual needs.
- remembering the history of visited pages on the website in order to recommend content.
- user authentication on the website and ensuring the maintenance of the user’s session on the website.
- correct configuration of selected website functions, allowing verification of the authenticity of the browser session – ensuring security and reliability.
- optimizing and increasing the efficiency of the services provided.
- audience analysis and research.
Changing the privacy and cookies policy
- This document does not limit any rights that the user is entitled to in accordance with generally applicable laws.