I. Personal Data Administrator

‍

The administrator of personal data processed on this website is Connectis Sp. z o.o., with its registered office in Warsaw, at Chmielna 71, registered by the District Court for the Capital City of Warsaw, XII Commercial Department of National Court Register under the KRS number: 0000158609, NIP 521-10-19-683, Regon 010966858, share capital in the amount of PLN 100 000.

‍

‍

II. Data Protection Officer

‍

To ensure the security of users' data and the processing of personal data in accordance with current regulations, we have appointed a Data Protection Officer. You can contact the officer at: iod@connectis.pl

‍

‍

III. Principles for Processing Personal Data

‍

We take all reasonable steps to ensure the security of your personal data. Our services use encrypted data transmission (SSL) during registration and login to protect users' identification data and significantly block unauthorized access to accounts by unauthorized systems or individuals.

‍

‍

IV. Purposes, Legal Basis, and Duration of Personal Data Processing

‍

1. Data Collected for Recruitment Purposes

‍

We collect data for recruitment purposes through our website when you submit your application or CV. The legal basis for processing this data is:

• For employment contracts: Article 22(1) § 1 of the Labor Code in conjunction with Article 6(1)(c) of GDPR, and your consent (Article 6(1)(a) of GDPR). Providing data beyond name, date of birth, contact details, education, professional qualifications, and employment history is considered consent for processing for recruitment purposes.
• For civil contracts (B2B contracts): the basis is to take steps towards concluding a contract (Article 6(1)(b) of GDPR) and our legitimate interest in organizing recruitment and establishing cooperation (Article 6(1)(f) of GDPR).

Further information on recruitment data processing can be found in the recruitment form and the information clause contained within. We retain such data until the recruitment process is completed, but no later than the end of the calendar year in which the process was finalized. If you have consented to future recruitment, we retain your data until you withdraw your consent, but no longer than three years.

‍

2. Data Collected for Marketing Purposes

‍

If you have given consent for processing data to receive commercial offers electronically, we process your personal data based on your consent (Article 6(1)(a) of GDPR) and on our legitimate interest in carrying out marketing activities (Article 6(1)(f) of GDPR). You are always informed of data collection for such purposes where we request your consent. We retain this data until you withdraw your consent.  

‍

3. Data Collected for Contact and Business Relations

‍

You can contact us via our website to:

• submit inquiries via email or phone (including GDPR-related rights requests),
• contact us through the contact form,
• schedule meetings via a scheduling widget.

We process personal data provided for contact purposes based on our legitimate interest in responding to inquiries and organizing meetings (Article 6(1)(f) of GDPR). We retain personal data for the period necessary to respond to inquiries or schedule meetings, and for three years from the last contact.

‍

4. Data Collected through hub.connectis.pl service

‍

On the hub.connectis.pl platform, the user has the option to use the account management service, which includes information provided by the user regarding their work experience and expectations for a new job (based on Article 6(1)(b) of the GDPR, meaning actions related to the conclusion and performance of the contract). Through this feature, as part of the processes of matching potential employers with users, we can contact the user, offer them tailored job opportunities, and share their profile with potential employers/clients to arrange a meeting (based on the user's consent, i.e., Article 6(1)(a) of the GDPR).

‍

After the termination of the service, regardless of the reason for the expiration of the contract, we will continue to process data for the purpose of safeguarding and defending against potential claims, which constitutes the legitimate interest of the data controller (Article 6(1)(f) of the GDPR). More information about data processing on the hub.connectis.pl platform can be found in the Privacy Policy of this service.

‍

5. Data Collected via Social Media

‍

We manage profile pages on social media platforms such as Facebook, LinkedIn, Instagram, and YouTube to share content we have prepared and to interact with the users of these platforms. As part of this, we process your personal data when you are a user and visit the specified profiles or interact with them (likes, comments, sent messages). We also collect data about your activity on these profiles. This data is processed based on our legitimate interest in enabling us to communicate with other users of these platforms and undertake other activities in accordance with the platforms' regulations (Article 6(1)(f) GDPR).

‍

Social media platforms have their own regulations and terms of operation, which are independent of us. As users of these platforms, both you and we are also bound by the privacy policies and terms accepted on such social media platforms. Remember that as a social media user, you can also manage your account and the content you post according to the rules of such a platform.

‍

Information on Joint Data Controllership with Meta Platforms Ireland Limited

‍

a. The Administrator and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of Users' data in accordance with Article 26 of the GDPR concerning the processing of data for statistical and advertising purposes.

‍

b. The joint administration includes the aggregate analysis of data for displaying user activity statistics on the Administrator's Fanpage on Facebook and Instagram.

‍

c. The scope of responsibility of Meta Platforms Ireland for processing Users' data for the specified purposes includes:  

• having a legal basis for processing data for page statistics;
• ensuring the exercise of rights of data subjects;
• reporting breaches to the supervisory authority and notifying affected data subjects of the incident;
• providing appropriate technical and organizational measures to ensure the security of Users' data.

d. The scope of the Administrator's responsibility for processing Users' data includes:  

• having a legal basis for processing data for statistical purposes;
• fulfilling informational obligations regarding the Administrator's processing purposes.

e. Meta Platforms Ireland will provide the essential content of the Page Insights supplement to the data subjects (Article 26(2) GDPR) via the information contained in the Page Insights feature, accessible from all pages.

‍

f. The primary supervisory authority for joint data processing is the Irish Data Protection Commission (irrespective of Article 55(2) GDPR, where applicable).

‍

g. Detailed information on the mutual arrangements between the controllers is available at: https://www.facebook.com/legal/terms/page_controller_addendum. The data processing principles for Users by Meta Platforms Ireland can be found at: https://www.facebook.com/privacy/explanation.

‍

6. Participation in the Ambassador Program

‍

The user has the opportunity to participate in the ambassador program under the terms described in the program's regulations. The basis for processing data within the referral program is the execution of the provisions of the regulations, i.e., providing the conditions described therein (under Article 6(1)(b) of GDPR), and for a participant who earns a commission or bonus, also based on the legal obligations incumbent upon the administrator (Article 6(1)(c) of GDPR), arising from Article 74 of the Accounting Act and other regulations related to taxpayers. Upon making a decision regarding the referral of a potential client, we also process the data for the purpose of defending against potential claims, which constitutes the legitimate interest of the data controller (Article 6(1)(f) of GDPR) for the duration of the statute of limitations on claims.

‍

Data processed as part of fulfilling the legal obligations of the administrator will be stored throughout the user's participation in the program and for 5 years from the end of the calendar year in which the commission or bonus was paid to the user. In the case of data processed to secure potential claims of users who were not selected to participate in the program, the retention period is 12 months from the day the user was informed of the decision not to qualify for the program.

‍

‍

V. Recipients of Personal Data

‍

When processing personal data, we use the assistance of other entities, which process personal data on our behalf and under our instructions based on a data processing agreement. This agreement is made for the provision of services specified in the contract, such as IT services, including hosting, the delivery or maintenance of IT systems, website design and maintenance, email handling, as well as legal, advisory, marketing, postal, and courier services.

‍

In cases prescribed by law, we also share personal data with entities authorized under legal provisions. Additionally, we may share your personal data with other recipients, such as providers of technology used by the website.

‍

‍

VI. Data Transfers Outside the European Economic Area (EEA)

‍

Some of the tools or solutions we use require the transfer of personal data outside the European Economic Area (EEA) to third countries (e.g., certain cloud services or marketing tools). When such data transfers are necessary, we make every effort to ensure the highest standards of data security and privacy protection, and we select only those service providers that guarantee such protection.

‍

In cases where data must be transferred outside the EEA, we implement the following safeguards:  

1. Standard Contractual Clauses (SCCs) approved by the European Commission: We enter into agreements with data recipients outside the EEA using the latest versions of SCCs, which provide appropriate data protection guarantees.
2. European Commission Adequacy Decisions: For countries where the European Commission has issued an adequacy decision, confirming an adequate level of protection, data transfers are based on that decision. The current list of countries with adequacy decisions is available on the European Commission's website.

For transfers to the United States, we only work with entities certified under the EU-U.S. Data Privacy Framework, whenever possible.

‍

‍

VII. Data Subject Rights

‍

If you have any concerns regarding the processing of your personal data by us, remember that you always have the right to information. If you contact us with questions, we will provide you with answers. Furthermore, in accordance with GDPR, you are entitled to the following rights:

• right to access your personal data (Article 15 GDPR), including obtaining a copy of the data (Article 15(3) GDPR),
• right to rectification (correction) or completion of incomplete personal data (Article 16 GDPR),
• right to request the deletion of your personal data in cases provided by law (Article 17 GDPR),
• right to request the restriction of the processing of your personal data (Article 18 GDPR),
• right to receive your data in a structured, commonly used format and to transfer it, where processing is based on your consent or a contract, and where processing is automated (Article 20 GDPR),
• right to object to the processing of your personal data if processed for the legitimate interest of the Administrator, for reasons related to your particular situation, including profiling (Article 21 GDPR),
• right to withdraw consent, in cases where data processing is based on consent, at any time, without affecting the lawfulness of processing carried out prior to withdrawal. You can withdraw consent by sending a message to iod@connectis.pl stating the address that was used to give consent.

You can exercise all the rights mentioned above, as well as any other rights provided under GDPR, by contacting the Data Protection Officer via email: iod@connectis.pl. You can also send any questions regarding the processing of personal data by Connectis Sp. z o.o. to this email address.

‍

‍

VIII. Complaint to the Supervisory Authority

‍

You also have the right to file a complaint with the supervisory authority responsible for personal data protection, which is the President of the Personal Data Protection Office, located at Stawki 2, 00-193 Warsaw, Poland.

‍

‍

IX. Cookies

‍

Our websites use cookies. Cookies are small pieces of information sent by the website you visit and stored on the end device (computer, laptop, smartphone) that you use while browsing the web. Cookies collect various information necessary for the proper functioning of the website. They, therefore, impact the correct operation of web pages. Cookies also allow for the remembering of your preferences (e.g., language choice) and facilitate easier navigation of the sites. Information collected through cookies may also be used for statistical purposes or analyzed to help website owners better align their sites with user preferences.

‍

Through cookies, we collect information such as the computer and browser data used to browse the web, location data, and IP numbers.

‍

We use two types of cookies:

• Session cookies: These are stored on the user's device and remain there until the browser session ends. The recorded information is then permanently deleted from the device's memory. The session cookie mechanism does not allow for the retrieval of any personal data or confidential information from the user's device.
• Persistent cookies: These cookies are stored on the user's device and remain there until they are deleted. Ending the web browser session or turning off the device does not remove them from the user's device. The persistent cookie mechanism does not allow for the retrieval of any personal data or confidential information from the user's device.

‍

The cookies used by our websites can be divided into two types:

• Administrator's Cookies: These are cookies placed by us through our websites.
• Third-Party Cookies: These are cookies placed by our business partners through our websites.

These cookies are used, in particular, for data analysis and studying user behavior on the site, enhancing the effectiveness of marketing efforts, especially in better tailoring the content presented to users.

‍

The cookies used by our websites can also be divided into:

• essential cookies: these cookies contribute to the usability of the website by enabling basic functions such as navigation and access to secure areas of the website. The website cannot function properly without these cookies,
• functional cookies: these cookies allow the website to remember information that changes the appearance or functionality of the site, such as the user’s preferred language or the region in which they are located,
• analytical cookies: these cookies help understand how different users behave on the site by collecting and processing anonymous information,
• marketing cookies: the purpose of these cookies is to enable the display of ads that are relevant and interesting to individual users.

‍

Managing Cookies

You have the ability to manage cookies yourself by giving consent according to your preferences. Only essential cookies, which are necessary for our website to function, are stored without your consent.

At any time, you can withdraw your consent by changing the settings from the cookie banner.