PRINCIPLES re PERSONAL DATA PROCESSING FOR RECRUITMENT PURPOSES

1. Personal data protection

Personal data is processed in accordance with the legislative Act of 10 May 2018 regarding personal data protection (Journal of Laws 2018.1000) and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), and also in accordance with such further legislative instruments as may, from time to time, supplement or replace the above.

2. The personal data controller

The personal data controller is Gessel, Koziorowski Kancelaria Radców Prawnych i Adwokatów sp.p. with its registered seat in Warsaw at ul. Sienna 39, 00-121 Warszawa, entered in the business enterprises register of the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, Department XII – Commercial of the National Court Register under no. KRS 892064, NIP tax identification no. 5252070586 (“the Data Controller”).

3. Contacting the Data Controller 

You are welcome to contact the Data Controller with queries and issues concerning the recruitment process by e-mail at: mail@gessel.pl.

4. Objectives and basis for data processing

a. Candidates seeking employment pursuant to an employment contract

The personal data referred to in art. 22¹ § 1 of the Polish Labour Code (i.e. given names and surname, date of birth, contact details, and information about education, professional qualifications, and employment record to date) is processed on the basis of Article 6.1.c GDPR read in conjunction with art. 22¹ § 1 of the Polish Labour Code for purposes of conducting the recruitment process – in particular to assess a candidate’s overall competence and professional experience, and also to contact her/him, and any referees, in connection with the recruitment process.

b. Candidates interested in cooperation on a B2B basis / pursuant to a general civil law contract

The personal data necessary for possible selection of your candidature for a given position (i.e. given names and surname, date of birth, contact details, and information about education, professional qualifications, and employment record to date) is processed on the basis of Article 6.1.b GDPR for purposes of conducting the recruitment process – in particular to assess a candidate’s overall competence and professional experience, and also to contact her/him, and any referees, in connection with the recruitment process.

c. Data provided by the candidate beyond the scope covered by items 1 and 2 (e.g. photograph, hobbies, additional information about the candidate)

We process such data on the basis of Article 6.1.a GDPR (consent) in order to duly peruse the information volunteered by you.

d. Participation in future recruitment

If you consent to processing of your data in future recruitment processes, such processing shall proceed on the basis of Article 6.1.a GDPR (consent).

e. Data gathered in the course of job interviews and recruitment tests

We process such data on the basis of Article 6.1.f GDPR, i.e. legitimate legal interest of the Data Controller associated with assessment of your suitability for a given position.

f. Safeguarding against claims relating to the recruitment process

We process such data on the basis of Article 6.1.f GDPR, i.e. legitimate legal interest of the Data Controller associated with mounting a legal defence against potential claims associated with the recruitment process.

5. Duration of personal data processing

Your personal data shall be processed:

• for purposes of pending recruitment processes – until the given recruitment round is completed;
• for purposes of recruitment in future, if you consent to such processing – for a period of two years from the date of your consent, unless you revoke your consent at an earlier time;
• within the scope necessary for establishing, pursuing and/or defending against potential claims associated with the recruitment process – until elapse of the statute of limitations on such claims.

6. Means of data processing

The Data Controller processes personal data in accordance with applicable laws, in particular with GDPR. The Data Controller applies technical and organisational measures which ensure due security, in particular as regards securing data against unauthorised access, disclosure, loss, destruction and/or modification. Only authorised persons bound by an obligation of confidentiality shall have access to the data.

7. Data recipients

The personal data may be made available to entities providing auxiliary services to the Data Controller, in particular in the area of information and communications technology. These entities shall process the personal data pursuant to an appropriate contract with the Data Controller, and in accordance with the Data Controller’s instructions. Moreover, personal data may be made available to entities empowered to access the personal data on authority of applicable laws.

8. Your rights associated with personal data processing

At any moment of her/his choosing, the person whom the personal data concerns may:

• request access to her/his personal data,
• request that her/his personal data be corrected,
• request deletion of her/his personal data or curtailment of its processing,
• request transfer of her/his personal data (in those instances where data is processed by automated means, on the basis of consent and/or of a contract – Article 6.1.a or b GDPR),
• object to processing of her/his personal data (in those instances where data is processed on the basis of legitimate legal interest of the Data Controller – Article 6.1.f GDPR),
• file a complaint with the supervisory body – the Polish Personal Data Protection Office.

In order to make your request, revoke your consent, or to lodge your objection, please contact the Data Administrator using the contact details set out under item 3 above.