Privacy Policy
1. Definition of Terms
Administrator – WORQON with its registered office in Łódź, entered into the Register of Entrepreneurs of the National Court Register under number: KRS 0001167003, NIP 7252354451, REGON 541426740, at: Prezydenta Gabriela Narutowicza 40 / 1, 90-135 Łódź, Polska.
Personal Data — any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing – any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation);
Website – the Administrator's website;
User – any natural person visiting the Website or using the services or features described in this Privacy Policy;
1.1. Purposes, Legal Bases, and Retention Periods for Personal Data Processing
The purposes, legal bases, and retention periods for processing your personal data by the administrator vary depending on the specific processing activity.
1.2. Website Use
When using the website, your personal data is processed for the purpose of providing you with electronic services for delivering website content to users, as well as for analytical and statistical purposes. Data is processed based on Art. 6(1)(b) GDPR — the necessity of processing for the conclusion and performance of a contract, and Art. 6(1)(f) GDPR — the realization of the Administrator's legitimate interests, which consist of analyzing User activity and their preferences to improve functionality and provided services. The Administrator processes data for the period necessary to provide the service — for the duration of website use. Cookie retention periods are specified in the Privacy Policy section.
1.3. Offers
The purpose of processing personal data is to send commercial offers for the conclusion of a contract. Data is processed based on Art. 6(1)(b) GDPR — the necessity of processing for the conclusion and performance of a contract; at the request of the data subject — taking steps prior to entering into a contract. If a contract is concluded, personal data is processed for the duration of the contract, and then for the period of the statute of limitations for claims under the contract. If no contract is concluded, we process data for 1 month after the offer expires. If the offer's validity period is not specified, then for 3 months from the last contact.
1.4. Conclusion and Performance of Service Agreements
The purpose of processing personal data is to conclude contracts and provide or use services based on them. Data is processed based on Art. 6(1)(b) GDPR — the necessity of processing for the conclusion and performance of a contract; at the request of the data subject — taking steps prior to entering into a contract. Personal data is processed for the duration of the contract, and then for the period of the statute of limitations for claims under the contract.
1.5. Conducting the Recruitment Process
The Administrator processes job applicants' data during the recruitment process to hire employees. Data processing is based on Art. 6(1)(b) GDPR — the necessity of processing for the conclusion and performance of a contract; at the request of the data subject — taking steps prior to entering into a contract. Data is processed throughout the entire recruitment process. If you give additional consent to process data for future recruitment purposes, we will process your data for a maximum period of 2 years from the date of its entry into the Administrator's database or from the date of the last contact with you, whichever is later.
1.6. Contact Form
The Administrator processes the data provided in the contact form to recruit a candidate or to answer other questions specified in the form. Data processing is based on Art. 6(1)(a) GDPR or Art. 6(1)(f) GDPR — based on the candidate's consent / request and for the realization of the Administrator's legitimate interests, which is the need to ensure proper service for individuals visiting the Website.
1.7. DIRECT MARKETING OF THE ADMINISTRATOR'S OWN PRODUCTS AND SERVICES USING ELECTRONIC COMMUNICATION (EMAIL, PHONE, SMS)
The Administrator sends electronic messages containing marketing information for advertising and marketing purposes related to the Administrator's activities. Data processing is based on consent — Art. 6(1)(a) GDPR. Data is processed for a maximum period of 2 years from the date of its entry into the Administrator's database or from the date of the last contact with you, whichever is later.
1.8. ASSESSMENT, ASSERTION, AND DEFENSE OF CLAIMS
The Administrator processes your data for the purpose of debt collection and litigation, as well as for defense against claims. Processing is carried out based on Art. 6(1)(f) GDPR — the legitimate interest of the Administrator is the need to assess, assert, or defend against claims. Data is processed for the duration of the statute of limitations in accordance with the provisions of generally applicable law.
2. USE OF COOKIES AND SIMILAR TECHNOLOGIES
2.1. COOKIES
The Administrator primarily uses so-called service cookies to provide the User with electronically supplied services and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services use cookies, storing information or accessing information already stored on the user's telecommunications device (computer, phone, tablet, etc.). Cookies used for this purpose include: 1.1.1. cookies with data entered by the user (session ID) for the duration of the session (user input cookies); 1.1.2. authentication cookies used for services that require authentication confirmation for the duration of the session (authentication cookies); 1.1.3. security cookies, for example, those used to detect authentication fraud (user centric security cookies); 1.1.4. multimedia player session cookies (e.g., Flash player cookies) for the duration of the session (multimedia player session cookies); 1.1.5. persistent cookies used to personalize the User interface for the duration of the session or slightly longer (user interface customization cookies);
2.2 GOOGLE ANALYTICS
The Administrator uses Google Analytics analytical tools, which collect information about website visits, such as the sites you viewed, time spent on the site, or time spent navigating between sites. For this purpose, cookies from Google LLC related to the Google Analytics service are used. Within Google Analytics, demographic data and interest data are collected. Within the cookie settings, you can decide whether or not you consent to the collection of your data. Google does not use the collected data to identify the User and does not combine this information for identification purposes. Detailed information about the scope and rules of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.
2.3. GOOGLE TAG MANAGER
The Controller uses the Google Tag Manager marketing tool to manage marketing campaigns and how you use our websites. For this purpose, cookies from Google LLC related to the Google Tag Manager service are used. Within your cookie settings, you can decide whether you consent to the use of such files. Google does not use the collected data to identify the User and does not combine this information for identification purposes. Detailed information on the scope and rules of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.
2.4. FACEBOOK PIXEL
The Controller uses Google Analytics analytical tools, which collect information about website visits, such as pages you viewed, time spent on the site, or time spent navigating between sites. For this purpose, cookies from Google LLC related to the Google Analytics service are used. Within Google Analytics, demographic data and interest data are collected. Within your cookie settings, you can decide whether or not you consent to the collection of your data. Google does not use the collected data to identify the User and does not combine this information for identification purposes. Detailed information on the scope and rules of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.
2.5. BITRIX24
The Controller uses the Bitrix24 marketing tool, provided by Bitrix, Inc. (head office address: 901 N. Pitt St, Suite 325 Alexandria VA 22314 USA), which collects information allowing for personal identification according to voluntarily provided categories. Data is stored in the European Union (Frankfurt, Germany) in Amazon Web Services data centers, fully compliant with GDPR. Additional information on the scope and rules of data collection in connection with this tool can be found at the following link: https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/. Information on GDPR compliance and the privacy policy is also available at https://www.bitrix24.com/gdpr/.
3. OTHER SOCIAL NETWORKS
The Controller processes the personal data of Users visiting the Controller's social media profiles (LinkedIn, Facebook, TikTok, Instagram). This data is processed solely in connection with profile management, including for informing users about the Controller's activities and promoting various types of events, services, and products. The legal basis for the Controller's processing of personal data for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), which consists of promoting its own brand.
4. CATEGORIES OF PERSONAL DATA PROCESSED
The Controller processes the following categories of Personal Data belonging to job candidates, (future/potential) business partners of the Controller, employees or collaborators of (future/potential) business partners of the Controller, and other individuals contacting the Controller or contacted by the Controller:
1. identification data (in particular: first and last name, date of birth, ID document series and number, company name, tax identification number (NIP), National Economy Entities Register number (REGON)) and address data (registered office, correspondence address, points of sale addresses),
2. contact data (email address, phone number),
3. data on positions, professional experience, qualifications,4. financial data, including bank account number, bank/financial institution data, invoice data5. information obtained when using our website, in particular IP addresses, text files (cookies),6. other data provided by you in any form — necessary for the purpose for which they were provided;
5. SOURCES OF DATA ACQUISITION
The Controller obtains all data in the following ways:1. information provided by you voluntarily and directly (e.g., in a contact form, order form, by exchanging business cards, during a phone conversation, when concluding and performing a contract, and when providing services);
2. information obtained when using our website, in particular: IP address, text files (cookies);
3. data of employees or collaborators of the Controller's business partners (contractors, suppliers) — received directly from them or from their employer / the organization they represent;4. data of job candidates for the Controller — received directly from them or from external recruitment agencies or provided by the Controller's employees or collaborators as part of promotions or advertising programs and campaigns, such as a referral program,5. from publicly available sources, in particular from the following databases and registers: Central Register and Information on Economic Activity (CEIDG), National Court Register (KRS), Register of National Economy Entities (REGON);
6. DATA RECIPIENTS
1. other WORQON entities,
2. persons providing services to the Controller, including in areas such as accounting, human resources, recruitment, legal matters, debt collection, information technology, infrastructure, whereby these entities process data as subcontractors based on an agreement with the Controller and only in accordance with its instructions,
3. persons performing courier and postal services,4. banks.
The Controller reserves the right to disclose selected information about you to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with applicable law.
7. RIGHTS OF DATA SUBJECTS
You have the right to:1. access your data, request its rectification, erasure, or restriction of processing;
2. withdraw consent to the processing of personal data to the extent that the data is processed based on consent; the withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal;
4. data portability, i.e., to receive information from the Controller about the processed personal data in a structured, commonly used, machine-readable format, to the extent that your data is processed for the purpose of concluding and performing a contract or based on consent;5. lodge a complaint with the President of the Personal Data Protection Office at: ul. Stawki 2, 00-193 Warsaw, if you believe that the processing of your data violates the provisions of the GDPR.
8. DATA PROCESSING OUTSIDE THE EU
Your data may be transferred outside the European Economic Area (comprising the European Union, Norway, Liechtenstein, and Iceland) (hereinafter: EEA) in connection with the Controller's cooperation with business partners based outside the EEA (Ukraine) and the provision of IT services and infrastructure to the Controller. To ensure an adequate level of protection in case of transfer outside the EEA, the Company uses Standard Contractual Clauses issued by the European Commission in its agreements with data recipients, in accordance with Article 46(2)(c) of the GDPR.
9. SECURITY OF PERSONAL DATA
The Controller constantly analyzes risks to ensure that personal data is processed securely — primarily so that only authorized persons have access to the data and only to the extent necessary in connection with their tasks. The Controller ensures that all operations involving personal data are recorded and performed only by authorized employees and collaborators. The Controller takes all necessary steps to ensure that its subcontractors and other collaborating organizations guarantee the use of appropriate security measures whenever they process personal data at the Controller's request.
