Privacy Policy

Privacy policy of PrismaWorx Sp. z o.o.

1.      General information

This document defines the principles of processing and protection of personal data provided by Users in connection with the use of the www.prismaworx.pl website and applies to all cases in which PrismaWorx Sp. z o.o. is the Personal Data Controller. The Privacy Policy was created in order to ensure full and transparent implementation of the information obligation resulting from Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR). The document contains the rules of collecting and using the data on Users applicable on the Website. applicable on the Website.
In order to ensure data integrity and confidentiality, the Controllers have implemented procedures allowing access to personal data only to authorised persons. The Controllers take all necessary steps to ensure that their subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process Personal Data on the Controller’s order.

2.      Personal Data Controller

The Controller of Personal Data of Users of the www.prismaworx.pl website is PrismaWorx Sp. z o.o. with its registered office at ul. Tadeusza 17/2, 45-062 in Opole. Tadeusza 17/2, 45-062 in Opole.
Contact details of the Personal Data Controller and details of the Personal Data Supervisor are available at www.prismaworx.pl in the Contact tab.

3.      Scope of processed data

Personal data are any information which identify or allow the data subject to be identified. Processing of personal data is in principle any activity on personal data, whether or not carried out by automated means, e.g.: collection, storage, recording, organisation, modification, consultation, use, disclosure, restriction, deletion or destruction. Personal data are processed only in cases where the data subject has given his or her consent, or where the Website has another legal basis for processing personal data.            

The purposes of the processing of personal data collected in connection with the functioning of the Website, together with the legal basis, are specified below:

Purposes of processing personal data collected by PrismaWorx Sp. z o.o.

Purpose

Legal basis

Scope of processed data

Duration of data storage

Implementation of the recruitment process

Article 6(1)(a) of the GDPR – consent of the data subject

First name, last name, address, date of birth, telephone number, e-mail address, information about driving licence, foreign language skills, educational background, additional skills and certificates, picture, other data contained in the CV of job applicants

 

The data will be stored for the duration of the recruitment process and deleted in case of non-employment. In case of voluntary consent to participate in future recruitments, the data will be stored until its withdrawal.

 

Correspondence

Article 6(1)(f) of the GDPR – legitimate interest pursued by the controller. Our legitimate interest is to answer your enquiries and to send you the necessary information by e-mail

Personal data of the parties to the correspondence: first name, last name, e-mail address, telephone number

The data will be kept for a period of 6 years until the end of the conducted cases, until the cessation of claims or the cessation of our obligations to the law.

Contact via Facebook

Article 6(1)(f) of the GDPR – legitimate interest pursued by the controller. Our legitimate interest is to make contact with you

Personal data in the scope specified in your profile on the social networking site

The data will be processed for the duration of running the Fanpage or until you stop observing it. Your data, in particular the content of correspondence, may be processed for a period of 6 years from the end of the conducted cases or until the cessation of claims.

 

Establishing a telephone contact by means of a function on the website

Article 6(1)(f) of the GDPR – legitimate interest pursued by the controller. Our legitimate interest is to make contact in order to answer your questions

Telephone number

Data will be processed for the period necessary to make contact

 

The period of storage of personal data depends on the purpose of processing for which the data was collected. The criteria used to determine the appropriate storage period take into account:

·        the need to achieve a given purpose;

·        the period necessary to provide our services;

·        the period for which consent is given;

·        legal provisions.

 

4.      Storage of personal data

Personal data are stored for the time necessary to achieve the purpose of the processing. Personal data are stored:

·        if you agree to participate in future recruitments and submit job offers, until your consent is withdrawn;

·        when applying for a specific job, without agreeing to participate in future recruitment, for the duration of the recruitment process and deleted in case of non-employment;

·        in the case of correspondence, the data will be kept for a period of 6 years until the end of the conducted cases, until the cessation of claims or the cessation of our obligations to the law;

·        if you use our Facebook Fanpage, your data will be stored for the duration of running the Fanpage or until you stop observing it. The data contained in the correspondence may be processed for a period of 6 years from the end of the conducted cases or until the cessation of claims.

·        if you use the function on the website to make a telephone contact, the data will be stored until the contact is made;

PrismaWorx Sp. z o.o. applies the principle of limiting the storage of personal data, which protects the data from being processed for longer than is necessary for the purposes for which the data are processed. When PrismaWorx Sp. z o.o. achieves the purpose of processing, it deletes or anonymises the data, which occurs in particular when:

·        the data subject withdraws his/her consent to the processing of personal data (if the consent was the basis for the processing);

·        the data subject effectively opposes further processing (if the basis for processing was the Company’s legitimate interest);

·        there is a statute of limitations on possible claims (if the Company has processed the data in order to perform the contract);

·        the time limits resulting from other regulations have expired.

 

5.      Recipients of personal data

In connection with the conduct of activities that require the processing of personal data, it may be disclosed to our subcontractors who help us to perform specific tasks and provide selected services. Personal data may be made available to employers for the purpose of employment or further stages of recruitment. The data may be disclosed only within the scope of services provided to us, in particular to entities providing maintenance, consulting, legal and accounting services, IT service and hosting providers.

6.      Rights of data subjects

Each User of the Website has the possibility to choose to what extent they want to use our services and what information they want to share about themselves. We would also like to inform that at any time the User has the right to demand the Controller to exercise his or her rights in accordance with the applicable provisions of the Regulation on the Protection of Personal Data. Data subjects have the following rights:

a)      The right to obtain access to the personal data concerning the Useron this basis the Controller shall provide the natural person submitting the request with information about the processing of the data, including, first of all, the purposes and legal basis of the processing, the scope of the stored data, the entities to which it is disclosed and the planned date of data deletion;

b)     The right to data rectification – the Controller shall be obliged to remove possible inconsistencies or errors of the processed Personal Data and supplement them if they are incomplete;

c)      The right to data deletion – on this basis it is possible to demand the deletion of data, the processing of which is no longer necessary for the performance of any of the purposes for which they were collected;

d)     The right to restrict the processing – in case of such a request, the Controller shall cease to perform any operations on the Personal Data – with the exception of the operations to which the Data Subject has given his or her consent – and to store them, in accordance with the accepted retention rules;

e)     The right to data transfer – the data subject has the right to receive the personal data concerning him/her which he/she has provided to the Controller in a structured, commonly used machine-readable format, and has the right to send this data to another Controller;

f)       The right to object to the processing of data – a data subject may at any time object to the processing of personal data which is carried out on the basis of a legitimate interest of the Controller on the grounds of his or her particular situation, an objection in this respect shall include a justification;

g)      The right to withdraw consent – if the data are processed on the basis of a consent, the data subject has the right to withdraw it at any time, but this does not affect the lawfulness of the processing carried out before its withdrawal;

h)     The right to lodge a complaint – if the processing of Personal Data is considered to be in breach of the provisions of the GDPR or other regulations concerning the protection of Personal Data, the Data Subject may lodge a complaint with the authority supervising the processing of Personal Data, competent for the data subject’s habitual residence, place of work or place of the alleged breach.

If we use the services of contractors, your Personal Data remains under our control and we have procedures in place to ensure that your Personal Data are properly protected.

We make efforts to ensure that your personal data are processed securely and in accordance with this Policy.

7.      Information about cookies

Cookie files (so-called ‘cookies’) are IT data, in particular text files, which are stored in the final device of the Website User and are designed to use the Websites. Cookies usually contain the name of the website from which they come from, the time of their storage on the terminal device and a unique number.

The Website uses two basic types of cookies: ‘session’ cookies and ‘persistent’ cookies. ‘Session’ cookies are temporary files, which are stored in the User’s terminal device until logging out, leaving the website or turning off the software (web browser). ‘Permanent’ cookie files are stored in the User’s final device for the time specified in the parameters of cookie files or until their removal by the User.

The User may independently and at any time change the settings concerning cookies, specifying the conditions of their storage and access by cookies to the User’s device. Changes in the settings referred to in the previous sentence may be made by the User by means of the settings of his or her web browser or by means of service configuration. These settings may be changed in such a way as to block the automatic handling of cookies in the settings of your web browser or inform about their placement on your device each time you place Cookies. Detailed information about the possibilities and ways of handling cookies are available in the software (web browser) settings.

 

The User may at any time remove cookies by using the available functions in the web browser which he or she uses. Limiting the use of cookies may affect some of the functions available on the Website.