privacy policy & gdpr

Personal data administrator

The administrator of personal data within the meaning of art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) is Magdalena Gocał – Talents Finders.

1. Data controller’s e-mail address: info@talentsfinders.com.

2. The administrator pursuant to art. 32 sec. 1 GDPR observes the principles of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data processed in connection with the conducted activity.

3. Providing personal data is voluntary, but necessary in order to conclude a contract with the data administrator or to participate in the recruitment process conducted by the data administrator at the request of third parties (employers).

4. The data controller processes personal data to the extent necessary to perform the contract or provide services to the data subject.

 

Purpose and basis for processing personal data

The administrator processes personal data for the following purposes:

a) carrying out the recruitment process, including on behalf of third parties (employers), on on the basis of previously granted consent (Article 6(1)(a) of the GDPR);

b) preparation of a commercial offer in response to the customer’s interest, which is legal the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);

c) concluding and implementing contracts with clients, based on the concluded contract (Article 6(1)(b) of the GDPR);

d) the provision of electronic services via websites, on the basis of the concluded contract (Article 6(1)(b) of the GDPR);

e) handling the complaint process, based on the obligation of the data controller in connection with applicable law (Article 6(1)(c) of the GDPR);

f) accounting related to issuing and accepting settlement documents, na on the basis of tax law (Article 6(1)(c) of the GDPR);

g) archiving data for possible determination, investigation or defense against claims or the need to prove facts, which is the legitimate interest of the data controller (Article 6 para.1 letter f GDPR);

h) contact by phone or via e-mail, in particular in response to inquiries addressed to the data controller, which is a legitimate interest data administrator (Article 6(1)(f) of the GDPR);

i) sending technical information regarding the functioning of the administrator’s websites data and services used by the client, which is the legitimate interest of the administrator data (Article 6(1)(f) of the GDPR);

j) marketing, which is its legitimate interest (Article 6(1)(f) of the GDPR) or takes place onon the basis of previously granted consent (Article 6(1)(a) of the GDPR).

 

Data recipients. Data transfer to third countries

1.The recipients of personal data processed by the data administrator may be entities cooperating with the data administrator, when it is necessary to perform the contract concluded with the data subject.

2.In the case of the recruitment process, the recipients of personal data will be third parties (employers) for whom the recruitment process is carried out by the data administrator.

3.The recipients of personal data processed by the data controller may also be subcontractors – entities whose services are used by the data controller for data processing, e.g. accounting offices, law firms, entities providing IT services (including hosting services).

4.The data administrator may be required to provide personal data on the basis of applicable law, in particular to provide personal data to authorized authorities or state institutions.

5.Personal data in connection with the use by the administrator of tools for analyzing and tracking traffic on websites may be transferred to an entity based outside the European Economic Area, e.g. to Google LLC or to Meta Platforms Inc. As an appropriate data protection measure, the data controller has agreed to standard contractual clauses pursuant to Art. 46 GDPR with the providers of these services. More information on this is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

 

Personal data retention period

1.The data administrator stores personal data for the duration of the contract concluded with the data subject and after its termination for the purposes of pursuing claims related to the contract, performance of obligations under applicable law, but for no longer than the limitation period in accordance with with the provisions of the Civil Code.

2.The data controller stores personal data collected during the recruitment process until the end of recruitment or for a period not longer than 5 years if the data subject consents to the processing of data for the purposes of future recruitment.

3.The data administrator stores personal data contained in billing documents for the period specified in the provisions of the Act on tax on goods and services and the Accounting Act.

4.The data administrator stores personal data processed for marketing purposes for a period of 10 years, but not longer than until the consent to data processing is withdrawn or an objection to data processing is raised.

5.The data controller stores personal data for purposes other than those indicated earlier for a period of one year, unless consent to data processing has been withdrawn earlier, and data processing cannot be continued on a basis other than the consent of the data subject.

 

Rights of the data subject

1. Each data subject has the right to:

a) access – obtaining confirmation from the administrator whether her personal data is being processed. If the data about the person are processed, he is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or about the criteria
determining them, about the right to demand rectification, deletion or limitation of the processing of personal data of the data subject, and to object to such processing (Article 15 of the GDPR);

b) to receive a copy of the data – to obtain a copy of the data subject to processing, the first copy being free of charge, and the administrator may charge a reasonable fee for subsequent copies resulting from administrative costs (Article 15(3) of the GDPR);

c) to rectify – request rectification of incorrect personal data concerning her or supplementing incomplete data (Article 16 of the GDPR);

d) to delete data – request to delete her personal data if the administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);

e) to limit processing – request to limit the processing of personal data (Article 18 of the GDPR), when:
– the data subject questions the correctness of the personal data – for a period enabling the administrator to check the correctness of the data,
– the processing is unlawful and the data subject opposes their removal, requesting the restriction of their use,
– the administrator no longer needs these data, but they are needed by the data subject to establish, pursue or defend claims,
– the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds for the data subject’s objection;

f) to transfer data – receiving in a structured, commonly used machine-readable format personal data concerning him, which he provided to the administrator, and requesting the sending of this data to another administrator, if the data is processed on the basis of the consent of the data subject or a contract with contained therein and if the data is processed in an automated manner (Article 20 of the GDPR);

g) to object – to object to the processing of her personal data for the legitimate purposes of the administrator, for reasons related to her particular situation, including profiling. Then the administrator assesses the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject are more important than the interests of the administrator, the administrator will be obliged to stop processing data for these purposes (Article 21 of the GDPR).

2. In order to exercise the above-mentioned rights, the data subject should contact the administrator using the contact details provided and inform him which right and to what extent he wants to exercise.

3. The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office in Warsaw.

 

Profiling

Personal data of persons interested in the recruitment process (candidates) obtained by the data controller may be subject to profiling using algorithms that determine the competencies and experience of candidates. Profiling is used to select candidates for a specific job. The initial profiling stage may be automated.

 

Google Analytics

1. The administrator uses Google Analytics, a web analytics service provided by Google Inc. based in the USA.

2. Google Analytics uses cookies that enable an analysis of the use of the website by the user. The information generated by the cookie about the use of the website is transmitted to and stored on a Google server. At the request of the Administrator, Google will use this information to analyze the use of the website by users in order to prepare reports on website activity and provide other services related to the use of the website and the Internet to the commissioning entity.

3. The data will not be used to identify any natural person.

4. The user can prevent the saving of cookies through the appropriate browser settings; however, in this case, you will not be able to use the full functionality of the website. In addition, users can prevent the collection by Google of the data generated by the cookies and relating to their use of the website (including the IP address) as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=pl.

5. At any time, the user may object to the collection and processing of data
related to the use of the Google website by downloading and installing the plug-in in the browser, which is available at the following address: https://tools.google.com/dlpage/gaoptout?hl=en.

 

Facebook pixel

1. The administrator uses Pixel Facebook, an analytical tool that helps measure the effectiveness of advertisements based on the analysis of actions taken by users on the website.

2. The Administrator uses the Facebook Pixel tool to direct personalized Facebook ads to the Customer. This involves the use of Facebook cookies. The legal basis for using the Facebook Pixel tool by the Administrator is art. 6 sec. 1 lit. f GDPR1.