Personal Data Processing and Privacy Policy

AssecoBS has obtained your personal data:

• directly from you when entering into and performing under agreements, e.g. the Website agreement;
• from your employer, for example, in connection with your access to our websites, services, or software;
• directly from you while you are accessing the Website or interacting with the Company’s social media accounts;
• from an entity empowered to act on your behalf.

AssecoBS may process the following personal data: contact details (e.g. e-mail address), identification data (name, surname, business name), data necessary for accounting purposes and related documentation (tax ID, person’s or corporate address, payer details, transactions, payment methods), information regarding user accounts in social media platforms (to the extent necessary to log in to the Website), cookie content, information regarding access to the Website (e.g. IP addresses, web browser settings), unstructured information (with potential or probable personal data content, e.g. information about interacting with the Website, comment entries, information provided in e-mail exchange with the Company).

Thanks to cookies, the Website utilises operational and analytical tools as well as mechanisms that support marketing communication that have been provided by our partners or social networking services.

For more, to go Cookies Policy.

The purpose and legal basis of processing

1. To establish communication and maintain relationships with a potential user via the Website or social media services; the processing is necessary on grounds of the legitimate interest pursued by the Controller, i.e. maintaining communication with potential clients (Article 6(1)(f) GDPR).


2. To satisfy contractual provisions; the processing is necessary to meet pre-contractual and contractual obligations, including the provision of any Website-related services, and to communicate and maintain relationships with the Website users, in accordance with the agreement or regulations accepted by them (Article 6(1)(b) GDPR).


3. To establish communication and maintain business relationships; the processing is necessary on grounds of the legitimate interest pursued by the Controller, i.e. the purchase of goods and services necessary for doing business (Article 6(1)(f) GDPR).


4. To keep accounting and tax documentation; the processing is necessary to fulfil the legal obligation under Article 74 of the Accounting Act and other obligations concerning taxpayers (Article 6(1)(c) GDPR).


5. To pursue claims and defend against claims; the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR).


6. To engage in the marketing of own services if the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR); and in the case of marketing via a designated communication channel (phone, e-mail), pursuant to the relevant consent (Article 6(1)(a) GDPR in conjunction with Article 398 of the Electronic Communications Act).


7. To engage in the marketing of own services that may be preceded by profiling, i.e. the automated matching of content with clients’ interests or needs; the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR); and in the case of profiling that significantly affects your decisions, only if such consent has been given (Article 6(1)(a) GDPR).

Duration of processing

1. Your personal data will be processed throughout the period of your active use of the Website. Thereafter, it will continue to be processed for a period mandated by the law and to pursue or defend against any claims, however no longer than for six years.
   
   Your personal data will be processed:
   
   1. until your effective objection to processing/request to delete the data; applies to Items 1, 3, 6 and 7 above, excluding e-mail exchange;
   
   
   2. until the relevant agreement is terminated or expires; applies to Item 2 above;
   
   
   3. for five years starting from the end of the calendar year in which the relevant agreement was terminated or expired; applies to Item 4 above;
   
   
   4. for the period of limitation of claims; applies to Item 5 above;
   
   
   5. until you withdraw your consent; applies to Items 6 and 7 above.

2. Your personal data processed in social networking services:
   
   
   
   1. data collected in private messages – this data will be stored for a period necessary to answer your queries or until the end of cooperation;
   
   
   2. data contained in comments under selected publications – this data will be available until removed by the author of the relevant publication or entry;
   
   
   3. personal data collected by social network platforms, i.e. entry history, activity history – this data will be retained as provided in the terms and conditions of use of these platforms;
   
   
   4. analytics data regarding persons visiting the Company’s product pages or fan page – this data will be processed for the duration of its availability in information services or social networking services.


3. The Controller does not archive your personal data or your activity in social networking services.


4. Data processed for the purpose of distribution of marketing content will be processed until the user’s consent is withdrawn, provided that the withdrawal of this consent does not affect the lawfulness of data processing done beforehand.

Joint control

As the founder of the social network profiles and made available by the entities listed below, AssecoBS is the joint controller of personal data published on these profiles alongside:

1. Facebook, Instagram, WhatsApp, Messenger – Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland; for more information on privacy, see: https://www.facebook.com/privacy/center/


2. X (formerly Twitter) – X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA; for more information on privacy, see: https://x.com/pl/privacy


3. 3. LinkedIn – LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA; represented in Europe by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, for more information on privacy, see: https://pl.linkedin.com/legal/privacy/eu and https://pl.linkedin.com/legal/privacy-policy


4. YouTube – Google LLC, 901 Cherry Ave, San Bruno, CA 94066, USA; for more information on privacy, see: https://policies.google.com/?hl=pl


5. 5. Tik Tok – TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irlandia; for more information on privacy, see: https://www.tiktok.com/legal/page/eea/privacy-policy/pl

Each of the controllers listed above independently determines the purposes and means of data processing, however, to a varying extent. AssecoBS is responsible only for the share of personal data that it processes.

When you access social media services independently and separately from AssecoBS, as the owner of a social media business account, such services also assume responsibility for the processing of your personal data when you communicate with AssecoBS via these media. If you create an account in social media services, the companies that manage such services also engage in the processing of your personal data for their own purposes set out in detail in their relevant privacy policies. If you have any questions or requests to social media platform owners, please contact them.

Additional information

Providing personal data is voluntary, yet necessary to conclude and perform under the agreement and enjoy the full functionality of the Website and profiles on social network portals.
The processing of personal data in the marketing of own services may be preceded by profiling, i.e. the automated matching of content with clients’ interests or needs. If profiling significantly influences your decisions, the mechanism becomes active only upon your consent.

Since the Website, under the relevant agreement, provides services and features that involve the sharing of selected information, it must utilise standard user profiling mechanisms to tailor content and communication to each user.

Personal data may be transferred to entities outside the EEA based on standard contractual clauses adopted by the European Commission in accordance with the examination procedure.

AssecoBS has obtained your personal data: directly from you, while negotiating, concluding and performing under agreements; from an entity empower to act on your behalf; from public sources.

AssecoBS processes the following personal data: contact details (e.g. telephone number, e-mail address), employment details (position, place of work), identification data (name, surname), data necessary for accounting purposes, e.g. tax ID, business address, identification data of entity authorised to perform financial settlements).

The purpose and legal basis of processing

1. To establish communication and maintain business relationships; the processing is necessary on grounds of the legitimate interest pursued by the Controller, i.e. the purchase of goods and services necessary for doing business (Article 6(1)(f) GDPR).


2. To satisfy contractual provisions; the processing is necessary to meet pre-contractual and contractual obligations (Article 6(1)(b) GDPR).


3. To keep accounting and tax documentation; the processing is necessary to fulfil the legal obligation under Article 74 of the Accounting Act and other obligations concerning taxpayers (Article 6(1)(c) GDPR).


4. To pursue claims and defend against claims; the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR).


5. To engage in the marketing of own services if the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR); and in the case of marketing via a designated communication channel (phone, e-mail), pursuant to the relevant consent (Article 6(1)(a) GDPR in conjunction with Article 398 of the Electronic Communications Act).


6. To engage in the marketing of own services that may be preceded by profiling, i.e. the automated matching of content with clients’ interests or needs; the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR); and in the case of profiling that significantly affects your decisions, only if such consent has been given (Article 6(1)(a) GDPR).

Duration of processing

Your personal data will be processed:

1. until your effective objection to processing/request to delete the data; applies to Items 1, 5 and 6 above, excluding e-mail and telephone exchange;


2. until the relevant agreement is terminated or expires; applies to Item 2 above;


3. for five years starting from the end of the calendar year in which the relevant agreement was terminated or expired; applies to Item 3 above;


4. for the period of limitation of claims; applies to Item 4 above;


5. until you withdraw your consent; applies to Items 5 and 6 above.

Other information

Providing personal data is voluntary, yet necessary to conclude and perform under the agreement. The processing of personal data in the marketing of own services may be preceded by profiling, i.e. the automated matching of content with clients’ interests or needs. If profiling significantly influences your decisions, the mechanism becomes active only upon your consent.

Your personal data will not be transferred to third countries or international organisations.

AssecoBS has obtained your personal data directly from you, in connection with negotiating and performing under an agreement, or from public sources.

AssecoBS processes the following personal data: contact details (e.g. telephone number, e-mail address), employment details (position, place of work), identification data (name, surname), data necessary for accounting purposes, e.g. tax ID, business address, identification data of entity authorised to perform financial settlements).

The purpose and legal basis of processing

1. To establish communication and maintain business relationships; the processing is necessary on grounds of the legitimate interest pursued by the Controller, i.e. the purchase of goods and services necessary for doing business (Article 6(1)(f) GDPR).


2. To perform assessment and classification of the providers of goods and services and of the quality of their work; the legal basis for processing is the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR),


3. To satisfy contractual provisions; the processing is necessary to meet pre-contractual and contractual obligations (Article 6(1)(b) GDPR).


4. To keep accounting and tax documentation; the processing is necessary to fulfil the legal obligation under Article 74 of the Accounting Act and other obligations concerning taxpayers (Article 6(1)(c) GDPR).


5. To pursue claims and defend against claims; the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR).

Duration of processing

Your personal data will be processed:

1. until your effective objection to processing/request to delete the data; applies to Items 1 and 2 above;


2. until the relevant agreement is terminated or expires; applies to Item 3 above;


3. for five years starting from the end of the calendar year in which the relevant agreement was terminated or expired; applies to Item 4 above;


4. for the period of limitation of claims; applies to Item 5 above.

Other information

Providing personal data is voluntary, yet necessary to conclude and perform under the agreement.

There is no automated decision-making taking place, including profiling, in the process of processing your personal data.

Your personal data will not be transferred to third countries or international organisations.

AssecoBS has obtained your personal data directly from you, in connection with negotiating and performing under an agreement with the Contractor whom you represent, or from public sources.

AssecoBS processes the following personal data: contact details (e.g. telephone number, e-mail address), employment details (position, place of work), and identification data (name, surname).

The purpose and legal basis of processing

1. To maintain regular communication for the purposes of business relations with Contractors; the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR).


2. To pursue claims and defend against claims; the processing is necessary on grounds of the legitimate interest pursued by the Controller – protection of entrepreneur’s interest (Article 6(1)(f) GDPR).


3. To engage in the marketing of own services if the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR); and in the case of marketing via a designated communication channel (phone, e-mail), pursuant to the relevant consent (Article 6(1)(a) GDPR in conjunction with Article 398 of the Electronic Communications Act).


4. To engage in the marketing of own services that may be preceded by profiling, i.e. the automated matching of content with clients’ interests or needs; the processing is necessary on grounds of the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR); and in the case of profiling that significantly affects your decisions, only if such consent has been given (Article 6(1)(a) GDPR).

Duration of processing

Your personal data will be processed:

1. until you reasonably object to processing/request to delete the data or until the purpose of processing is no longer valid; applies to Items 1, 3 or 4 above;


2. for the period of limitation of claims; applies to Item 2 above;


3. until you withdraw your consent; applies to Items 3 and 4 above.

Other information

Providing personal data is voluntary, yet necessary to conclude and perform under an agreement with a business client or Contractor. The processing of personal data in the marketing of own services may be preceded by profiling, i.e. the automated matching of content with clients’ interests or needs. If profiling significantly influences your decisions, the mechanism becomes active only upon your consent.

Your personal data will not be transferred to third countries or international organisations.

AssecoBS has obtained your personal data directly from your submitted contact form or from an email or telephone message.

AssecoBS processes the following personal data: contact details (e.g. telephone number, e-mail address), employment details (position, place of work), identification data (name, surname), and other data that you have shared in your communication.

The purpose and legal basis of processing

1. To keep a record of exchanged correspondence and to answer questions; the processing is necessary on grounds of the legitimate interest pursued by the Controller, i.e. to respond to questions in a timely manner, to keep payment deadlines, to take care of quality cooperation with Contractors and other stakeholders (Article 6(1)(f) GDPR).


2. To pursue claims and defend against claims; the processing is necessary on grounds of the legitimate interest pursued by the Controller – protection of entrepreneur’s interest (Article 6(1)(f) GDPR).

Duration of processing

Your personal data will be processed:

1. until you reasonably object to processing/request to delete the data or until the purpose of processing is no longer valid; applies to Item 1 above;


2. for the period of limitation of claims; applies to Item 2 above.

Other information

The provision of personal data is voluntary, yet necessary to have your questions answered. There is no automated decision-making taking place, including profiling, in the process of processing your personal data.

Your personal data will not be transferred to third countries or international organisations.

AssecoBS has obtained your personal data from your submitted job application, during direct communication, e.g. a recruitment interview, and also from other sources of information agreed with you beforehand. During the recruitment process, AssecoBS may generate additional information about you, e.g. opinions, competency assessment.

For the sake of the recruitment processes, AssecoBS may collect the following categories of your personal data in order to create your recruitment profile:

1. contact details: name and surname, address, e-mail address, telephone number;


2. information provided in your job application: your professional background and employment history, date of birth, image, education, skills, foreign languages, interests and any other information that will be contained in your application;


3. other data: any information that you choose to share with AssecoBS during the recruitment processes and that the Company will generate in connection with your application.

AssecoBS does not rule out that special category data (within the meaning of Article 9 GDPR) may also surface in the recruitment process, e.g. data concerning health, but the Company will only process it if you share such data yourself in the job application.

Additional information that can be obtained during the recruitment process:

1. competency assessment: based on your job application and insights during the recruitment process, AssecoBS may generate evaluations and opinions about you as a candidate; AssecoBS may also ask you to undergo an assessment of competency, skills, personality traits or cognitive abilities;


2. references and credentials: AssecoBS may elect to obtain extra information concerning your professional track record from individuals/institutions. AssecoBS will only contact those individuals/institutions whose contact details you have shared and only after your prior consent.

The purpose and legal basis of processing

1. To carry out and close the recruitment process for a position within AssecoBS:
   
   
   
   1. under Article 6(1)(b) GDPR, i.e. to take any necessary steps at the request of the data subject prior to entering into an agreement; this falls within the scope of data made available in the recruitment process, as provided in Article 2211 of the Act of 26 June 1975 – Labour Code, and on the basis of your consent, i.e. Article 6(1)(a) GDPR for data going beyond the list indicated in Article 221§1 of the Act of 26 June 1974 – Labour Code,
   
   
   2. under Article 6(1)(f) GDPR, i.e. on grounds of the legitimate interest pursued by the Controller – to the extent covering the data generated in the recruitment process;


2. To use your recruitment profile, i.e. your job application and other information generated in connection therewith, in future recruitment processes within the next 12 months as from the date of your consent;


3. To establish, pursue or defend against claims, under on Article 6(1)(f) GDPR, i.e. in order for the Controller to pursue its legitimate interest – to be able to assess the risk of claims filed against AssecoBS and defend against them.

Duration of processing

AssecoBS will process your personal data throughout the recruitment process. After this period, the data will be stored over a period in which either party is entitled to make any claims, i.e. for six months from the date of submission of the job application. Similarly, if you decide to no longer participate in the recruitment process, your personal data will be stored over a period in which either party is entitle to make any claims, i.e. for six months from the date of submission of the job application.

If you consent to the processing of your personal data for the purpose of prospective recruitment purposes, your data will be processed until you withdraw your consent, but no longer than for 12 months from the date of submitting the job application and giving the consent.

Joint control – jobboard portals

AssecoBS and recruitment platforms such as eRecruiter.pl or Pracuj.pl act as controllers of your personal data when you apply for a job at AssecoBS through these platforms.

Each of the controllers listed above independently determines the purposes and means of data processing, however, to a varying extent. AssecoBS is responsible only for the share of personal data that it processes.

When you access jobboard services independently and separately from AssecoBS, as the owner of a recruitment account, such platforms also assume responsibility for the processing of your personal data when you communicate with AssecoBS via their services. If you create an account in jobboard services, e.g. eRecruiter.pl or Pracuj.pl, their managing entities, eRecruitment Solutions sp. z o.o. (eRecruiter) and Grupa Pracuj S.A. (Pracuj.pl), also engage in the processing of your personal data for their own purposes set out in detail in their relevant privacy policies. The privacy policies of respective recruitment platforms are available on their relevant websites.

Additional information

Providing your personal data is voluntary, although, to the extent specified in Article 22¹§1 of the Labour Code, it is necessary to be admitted to the recruitment process. There is no automated decision-making taking place, including profiling, in the process of processing your personal data. Your personal data will not be transferred to third countries or international organisations.