I. Objectives of this Privacy Policy

This privacy policy (this “Privacy Policy”) sets out the rules for the processing and protection of personal data provided by Candidates in connection with the services rendered by 1dea Kośnik Spółka komandytowa with its registered office in Warsaw (“1dea”).

II. Definitions

1. Controller – the personal data controller, i.e. 1dea Kośnik spółka komandytowa with its registered office in Warsaw, postal address ul. Flory 9/11, Warsaw, entered in the Register of Business Entities of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, under KRS No. 0001015079, with NIP 521-370-36-10 and REGON 362-259-855.


2. Site – the website of 1dea.


3. Candidate – an individual who:
   a) uses or intends to use the recruitment services offered by the Controller;
   b) is potentially interested in benefitting from the recruitment services offered by the Controller; and
   c) accesses the Site.

III. General Provisions

1. The personal data provided by the Candidates on the Site is processed in compliance with the mandatory rules of the applicable laws, specifically in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) (OJ EU L 119, p. 1).


2. By using the services provided by 1dea the Candidate agrees to be bound by this Privacy Policy and the specific provisions included herein.


3. All of the personal information provided by the Candidate must be true and accurate. The Controller will not be liable towards the Candidate should any such information prove to be untrue or inaccurate.

IV. Types of data processed

1. While providing its services, including specifically when collecting data from the Candidate, the Controller may process following types of personal information:
   
   
   
   
   1. full name, date of birth, mobile telephone number, email address, contract address, Skype username, personal statistical number (PESEL), tax identification number (NIP), IP addresses and cookies;
   
   
   2. information on the Candidate’s education and professional experience, in particular dates and places of education, training received, previous and present appointment held (with dates), professional qualifications, certificates held and interests;
   
   
   3. business name and details with regard to self-employed activity, if any;
   
   
   4. other information required by 1dea to perform its recruitment services, specifically in the case where such information is necessary to prove the Candidate meets criteria specified by potential employers, and provided that the Candidate gives his/her consent to the processing of the such information, either by a statement or by a clear affirmative action (such as by including such information in his/her CV or in other application document).
   
   
   
   

V. Data recipients

1. 1. The personal data of the Candidate may be processed and transferred by the Controller only to:
   
   
   
   
   1. businesses offering vacancies;
   
   
   2. businesses potentially interested in offering an employment opportunity which matches the education, professional experience and expectations of the Candidate;
   
   
   3. businesses co-operating with 1dea in searching for employment opportunities which match the education, professional experience and expectations of the Candidate.
   
   
   
   


2. The Candidate’s data will be transferred and disclosed in full respect of the Candidate’s rights and in accordance with the respective data processing outsourcing agreements executed with the businesses mentioned in section 1 above, and the suppliers of hosting, IT, marketing, advertising, advisory, HR, legal, mail and courier services to the Controller.


3. The Candidate’s data may also be transferred or made available to third parties based on the rules resulting from generally applicable laws.

VI. Purposes of the processing

1. The Candidate’s data will be processed or the purpose of the provision by 1dea of recruitment services, including specifically to:
   
   
   
   
   1. provide the Candidate’s profile to interested businesses or businesses which may demonstrate an interest in hiring the Candidate;
   
   
   2. present to the Candidate offers provided by businesses interested in recruiting employees matching the Candidate’s education, professional experience and expectations; and
   
   
   3. collecting information on the job seekers or individuals who may be potentially interested in searching for a new job opportunity.
   
   
   
   


2. Additionally, the Candidate’s data may be processed for marketing purposes, if the Candidate expressly consents to such processing or such consent results from choosing technical settings for online services or another statement or action which clearly indicates in that context the data subject’s acceptance of the proposed processing of his/her data. Marketing purposes include:
   
   
   
   
   1. sending updates on the latest trends and legal developments on the employment market; and
   
   
   2. preparing and sending commercial information about the services offered by the Controller.
   
   
   
   

VII. Bases for data processing

1. The Candidate provides his/her personal data on a voluntary basis.


2. Personal data is processed by the Controller based on the applicable laws, including specifically pursuant to Art. 22¹ § 1 of the Labour Code or other specific provisions in conjunction with Art. 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) (OJ EU L 119, p. 1) (the “GDPR”) in compliance with a legal obligation to which the Controller is subject. The receipt of personal data and the consent to the processing of such data for the purposes of recruitment services (in particular by disclosing the personal data to the businesses mentioned in section V(1)) is necessary for 1dea to perform its recruitment services. Any other personal data beyond the scope specified in Art. 22¹ § 1 of the Labour Code or other specific provisions (such as an image in the CV or the Candidate’s hobbies) is processed by 1dea based on freely given consent, expressed by the Candidate by sending a job application. The provision of such additional information from the Candidate is not required to participate in the recruitment process (legal basis: Art. 221 § 1 of the Labour Code in conjunction with Art. 6(1)(a) of the GDPR).


3. Each Candidate may withdraw his/her consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before such withdrawal and on any other basis.


4. The Candidate’s data included in a job application may also be processed by 1dea to establish, exercise or defend its legal claims, if such claims concern the recruitment process conducted by 1dea. For this purpose the Controller may process the personal data if such processing is necessary for the purposes of the legitimate interests pursued by the Controller consisting of the establishing, exercising or defending of legal claims in proceedings before courts or state authorities (legal basis: Art. 6(1)(f) of the GDPR).


5. Marketing of the Controller’s services, such as sending commercial information about the services offered by 1dea and updates regarding the latest trends and legal developments on the employment market, is based on separate consent given by the Candidate (legal basis: Art. 6(1)(a) or (f) of the GDPR, Art. 10 of the Electronic Services Act dated 18 July 2002 (the consolidated text in the Journal of Laws of 2013, item 1422) and Art. 172 of the Telecommunications Law dated 16 July 2004 (the consolidated text in the Journal of Laws of 2014, item 243)).

VIII. Data retention period

1. The Candidate’s data is retained by the Controller until the Candidate requests its erasure and until the expiry of the limitation period of any possible claims resulting from the provisions governing discrimination with regard to employment.

IX. Data protection measures

1. The Controller shall protect the Candidate’s data from unauthorised access and introduce organisational and legal measures in accordance with applicable law to ensure the confidentiality of the Candidate’s data and its use in a manner preventing unauthorised access.


2. The Controller has introduced and utilises adequate technical measures to protect the Candidate’s data. Specifically, the Controller applies technical, IT and physical security measures.

X. The Candidate’s rights with respect to data

1. Each individual whose personal data is processed in connection with the business activity conducted by the Controller may make a complaint about the processing of his/her data.


2. Each data subject has the right to:
   
   
   
   1. Obtain from the Controller confirmation as to whether or not personal data concerning him/her is being processed, and, where that is the case, access to the personal data and the following information:
      
      
      
      
      • the purposes of the processing;
      
      
      • the categories of personal data concerned;
      
      
      • the recipients or categories of recipient to whom the personal data have been or will be disclosed, including recipients in third countries or international organisations;
      
      
      • where possible, the envisaged period for which the personal data will be retained, or, if not possible, the criteria used to determine that period;
      
      
      • the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
      
      
      • the right to lodge a complaint with a supervisory authority;
      
      
      • where the personal data is not collected from the data subject, any available information as to the source thereof;
      
      
      • the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
      
      
      
      
   
   
   2. Obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him/her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
   
   
   3. Object, on grounds relating to his/her particular situation, at any time, to the processing of personal data concerning him/her in the cases described in applicable law.
   
   
   4. Obtain from the Controller the erasure of personal data concerning him/her without undue delay. The Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
      
      
      
      
      • personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
      
      
      • the data subject withdraws consent on which the processing is based and where there are no other legal grounds for the processing;
      
      
      • the data subject objects to the processing and the Controller is required to cease the processing activity by law;
      
      
      • personal data has been unlawfully processed;
      
      
      • personal data has to be erased for compliance with a legal obligation set forth in Union or Member State law to which the Controller is subject.
      
      
      
      
   
   
   5. Obtain from the Controller restriction of processing where one of the following applies:
      
      
      
      
      • the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
      
      
      • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
      
      
      • the Controller no longer needs the personal data for the purposes of processing but it is required by the data subject for the establishing, exercising or defending of legal claims;
      
      
      • • the data subject has objected to processing in accordance with applicable law, pending the verification of whether the legitimate grounds of the Controller override those of the data subject.
      
      
      
      
   
   
   
   


3. All the aforementioned requests may be addressed to the Controller at rodo@1dea.pl

XI. Cookie policy

1. The Controller uses cookies, i.e. computer data, in particular text files that are stored by the servers on the device of the user of the Site and can be read by the servers whenever the user connects from that device.


2. The software intended for browsing websites (web browsers) generally permits by default the storing of cookie files on the user’s device. Site users can change the cookie settings at any time. Specifically, a web browser allows the user to change the settings in order to block the automatic use of cookies or to alert the user every time the cookies are sent to his/her devices. Disabling the use of cookies may make it difficult to use certain services available on the Site.


3. More information on the possibilities and methods of managing cookie files is available in a web browser’s settings.


4. Most cookies (session cookies) are automatically removed from the hard drive once the session is closed, i.e. as soon as the user logs out or the session expires. Some cookies allow the server to recognise the user when he/she visits the Site again, since they are not removed automatically.


5. The Controller uses cookies for information purposes, only to improve and facilitate the use of the Site and in order to better adjust the layout of the Site. The Controller also uses cookies to compile anonymous, aggregated statistics, which provide a better understanding of how the Site is being used, to help the Controller to improve the functionality and the content of the Site.

XII. Privacy Policy amendments

1. This privacy policy is in effect as from 16 February 2023.


2. The Controller may amend this Privacy Policy from time to time for any reason, in particular in the case where:
   
   
   
   
   1. the Privacy Policy needs to be adapted to legislation or to decisions or judgements of courts or public authorities;
   
   
   2. the Site’s functionalities change;
   
   
   3. any details, including names, addresses, identification numbers, included in the Privacy Policy change;
   
   
   4. the Controller wishes to improve the service provided to the Candidates.
   
   
   
   


3. The Candidate will be informed of any amendment of the Privacy Policy by receiving a notice of amendment of the Privacy Policy to the email address indicated by the Candidate (along with the amended Privacy Policy attached thereto in .pdf format).


4. The amended Privacy Policy is binding on each Candidate who does not cease his/her use of the services provided by 1dea prior to the entry into force of the amended Privacy Policy.


5. Amendments to the Privacy Policy do not affect the processing of the personal data effected prior to such amendment.

XIII. Miscellaneous

1. Any questions or issues relating to the processing or protection of personal data must be directed to the Controller in writing, by post or by email, to the following addresses:
   
   1dea Kośnik Spółka Komandytowa
   Flory 9 lok. 11
   00-586 Warsaw
   E-mail: rodo@1dea.pl 

2. The Controller may post links to the Site redirecting the Candidates to other websites. This privacy policy does not apply to any third party’s websites beyond the Controller’s control, and the Controller shall not be responsible for the processing of personal data by such third parties.