1. The Personal Data Controller for the website www.talentflow.pl hereinafter referred to as the Websiteis Talent Flow sp. z o.o.; Pl. Konesera 12, Building M, 03-736 Warsaw (REGON: 389754016, NIP: 1133039177, KRS: 0000917408).
2. Respecting your rights as data subjects and respecting the applicable laws, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPRthe Act of 10 May 2018. on the protection of personal data (Journal of Laws 2018, item 1000, hereinafter referred to as the Act),and other relevant data protection legislation, we are committed to maintaining security and confidentiality of the personal data obtained from you. All employees have been adequately trained in the processing of personal data and, as a Personal Data Controller, we have implemented appropriate safeguards and technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and policies for the protection of personal data in accordance with the GDPR, through which we ensure the lawfulness and reliability of data processing, as well as the enforceability of any rights you have as a data subject. Additionally, if necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as the PUODO).
3. We collect the following personal information on our Website:
a) first and last name - may be processed when, as users of our Website
you provide them to us via e-mail, contact form available in our Website, postal mail or telephone contact,
in order to make use of our offer;
b) telephone number may be processed in the event of telephone contact on your part,
as well as when you provide it to us via e-mail, the contact form available on our Website or by post, in order to enable us to contact you in the event of such need arising in connection with the provision of services to you, as well as in order to answer questions concerning our offer;
c) e-mail address may be processed when, as users of our Website, you provide it to us in the event of contact via e-mail, the contact form available on our Website, as well as via post or telephone contact; via e-mail we send you training materials, we contact you in case of such a need connected with the provision of a service, as well as we answer questions connected with our offer; if you have agreed to the transfer of marketing content and you have become a subscriber to our newsletter, we will also send you commercial information several times a month;
d) device IP address or browser identifier - information resulting from the general rules of Internet connections, such as IP address (and other information contained in system logs), is used for technical and statistical purposes;
e) possibly other data may be collected as part of the conduct of specific cases or may be provided by you as a user of our Website via email, contact form available on the Website, postal mail or telephone contact.
4. Provision of data indicated in the preceding paragraph is necessary in the cases specified therein,
a) to perform the agreement concluded with the Controller and to use the services offered in our Website;
b) to answer your questions and to enable you to contact us via e-mail, the contact form available on the Website, postal mail or telephone contact;
c) to market products or services provided by the Controller and/or the Controller’s business partners.
d) to carry out the newsletter service (subscription) - if you want to be informed about interesting events and commercial offers; subscription is voluntary and you can unsubscribe from it at any time.
7. In accordance with the principle of minimization, we process only those categories of personal data which are necessary for the purposes referred to in points 3 and 4 above.
8. We process personal data for the period necessary to achieve the purposes set out in points 3 and 4 above. Personal data may be processed for a longer period where such a right or obligation imposed on us as the Controller results from specific legal provisions, from the Controller’s legitimate interest referred to in point 10(c) below (i.e. for the period of the statute of limitations for claims or the completion of relevant proceedings, if any, initiated during the period of limitations) or if the service we provide is of a continuous nature (e.g. newsletter subscription).
9. The source of the Personal Data processed by the Controller are the data subjects.
10. The legal basis for processing your personal data is:
a) Article 6(1)(b) of the GDPR, i.e. the necessity to perform a contract to which you are a party or to take steps at your request prior to entering into a contract, or
b) Article 6(1)(c) of the GDPR, i.e. the necessity to fulfil legal obligations incumbent on the Controller, or
c) Article 6(1)(f) of the GDPR, i.e. the Controller’s legitimate interest in the establishment, assertion or defense of claims, until they are time-barred or until the conclusion of the relevant proceedings, if any, commenced during that period, or
d) Article 6(1)(a) of the GDPR, i.e. your consent to the processing of personal data for specific purposes where other legal grounds for the processing of personal data are not applicable - e.g. in the case of the provision of a newsletter service. In this case, personal data will be processed until the end of the Controller’s marketing activities, but no longer than for a period of 5 years from the last contact with the Customer or until earlier withdrawal of consent.
11. Personal data are not transferred by us to a third country or international organization
within the meaning of the GDPR. Should personal data be transferred to a third country or international organization, you will be informed in advance and the Controller will apply the safeguards referred to in Chapter V of the GDPR.
12. We do not share any personal data with third parties without the express consent of the data subject. With your express consent, we may share your personal data with our business partners for the purpose of marketing their products and services. For marketing purposes, we use data obtained directly from the User, e.g.: data provided in the contact form, as well as data obtained automatically during the User’s visit to the website, e.g.: information about the User’s terminal equipment, connection to the Internet, operating system and platform, date and time of the visit to the website or visited pages, as well as User’s IP address or location. Without the consent of the data subject, personal data may be disclosed only to entities under public law, i.e. authorities and administration (e.g. tax authorities, law enforcement agencies and other entities empowered by generally applicable laws).
13. In the event that there are links within the Notification to the Controller’s social media accounts, with regard to data relating in particular to the IP or browser ID, if the Controller uses the products:
a) Facebook (e.g. Facebook, Messenger, Instagram) - the above data is processed under joint management with Facebook Ireland Ltd: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
b) Google (e.g. YouTube, Maps) - the above data is processed under joint management with Google Ireland Ltd: 4 Barrow St, D04 E5W5, Dublin, Ireland (Google Building Gordon House);
c) LinkedIn - the above data are processed in co-administration with LinkedIn Ireland Unlimited Company with its registered office at: Gardner House, 2 Wilton Place, Dublin 2 Ireland.
If, in the cases referred to in this point, there would be a transfer of personal data to third countries, this shall take place in accordance with the principles set out in point 11.
14. Personal data may be outsourced for processing to entities processing such data on our behalf as the Personal Data Controller. In such a situation, as the Personal Data Controller, we enter into a personal data processing entrustment agreement with the processor. The processing entity shall process the outsourced personal data only for the purposes, to the extent and for the purposes indicated in the outsourcing agreement referred to in the preceding sentence. Without outsourcing your personal data for processing, we would not be able to perform our activities within the Website. As a Personal Data Controller, we outsource personal data for processing to the following entities:
a) providing hosting services to the website on which our Website operates,
b) providing us with other services which are necessary for the day-to-day operation of the Website.
15. Personal data are not subject to profiling by us as an Controller within the meaning of the provisions of the GDPR.
16. Under the provisions of the GDPR, any person whose personal data we process as a Data Controller has the right to:
a) to be informed of the processing of personal data as referred to in Article 12 of the GDPR;
b) access to their personal data as referred to in Article 15 of the GDPR;
c) to rectify, complete, update, rectify personal data as referred to in Article 16 of the GDPR;
d) to have their data erased (right to be forgotten) as referred to in Article 17 of the GDPR;
e) to restrict processing referred to in Article 18 of the GDPR;
f) to data portability as referred to in Article 20 of the GDPR;
g) to object to the processing of personal data, as referred to in Article 21 of the GDPR;
h) in the case of the legal basis referred to in point 10(d) above - the right to withdraw consent at any time without affecting the legality of the processing performed on the basis of consent before its withdrawal;
i) not to be subject to the proﬁling referred to in Article 22 in conjunction with Article 4(4) of the GDPR;
j) to make a complaint to the supervisory authority (i.e. the President of the Office for Personal Data Protection) referred to in Article 77 of the GDPR;
taking into account the rules of use and exercise of these rights under the provisions of the GDPR.
17. If you wish to exercise your rights referred to in the preceding paragraph proszę przesłać wiadomość drogą poczty elektronicznej na adres e-mail please send a message by e-mail to the e-mail address or in writing to the postal address referred to in point 18 below..
18. The Controller appointed a Data Protection Inspector, who is Konrad Cioszek. Any inquiries, requests and complaints
regarding the processing of personal data by the Controller, hereinafter referred to as Notifications, should be sent to the following e-mail address of the Data Protection Inspector: firstname.lastname@example.org or in writing to the following address of the Controller: Pl. Konesera 12, Building M, 03-736 Warsaw.
19. The content of a Notification should clearly indicate:
a) the identity of the person or persons to whom the Notification relates;
b) the event giving rise to the Notification;
c) set out its demands and the legal basis for those demands;
d) indicate how the case is expected to be handled.
20. Each identified security breach shall be documented and, if one of the situations specified in the provisions of the GDPR or the Act occurs, the data subjects and, if applicable, the PUODO shall be informed of such breach.