General information
This privacy policy (hereinafter referred to as the „Policy„) of the website http://www.new.scmpoland.ncse.pl/ (hereinafter referred to as the „Website„) is intended for users of the Website who are natural persons (hereinafter referred to as „Users„) and contains information on the processing of users’ personal data in connection with the use of the Website to the extent required by Art. 13 of Regulation 2016/679 of the European Parliament and of the Council of the European Union of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (hereinafter referred to as „GDPR„), as well as on cookies used by the website controller to the extent required by Article 173 of the Act of 16 July 2004. – Telecommunications Law.
The controller of the personal data of the users of the http://www.new.scmpoland.ncse.pl/ website (hereinafter referred to as the „Controller„) within the meaning of Article 4(7) of the GDPR, i.e. the entity which decides on the purposes and methods of the processing of Users’ personal data, is SCM Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, al. Jana Pawła II 11, 00 – 828 Warsaw, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw XII Economic Division of the National Court Register under KRS number: 0000218960, NIP: 5361772695, REGON: 015807691.
The Controller has implemented internal procedures in accordance with the requirements of the GDPR, which ensure effective protection of Users’ personal data.
The Controller processes Users’ personal data for the following purposes:
In order to process the recruitment applications of Users sent to the e-mail address rekrutacja@scmpoland.pl made available on the Site in the „Career” tab, and then to conduct the recruitment process with selected candidates. The legal basis for the processing of User data for this purpose is Article 6(1)(a) GDPR, i.e. the User’s consent to the processing of his/her personal data for the purposes of the recruitment process conducted by the Controller.
In order to reply to the User’s message addressed to the Controller via e-mail, the Controller may process the User’s personal data contained in the e-mail message. The legal basis for the processing of the User’s data for this purpose is Article 6(1)(a) GDPR, i.e. the User’s consent to the processing of his/her data in order to reply to the User’s message.
The Controller may process the User’s personal data in order to keep statistics on the use of the various functionalities of the Website, to facilitate the use of the Website and to ensure the IT security of the Website. Personal data concerning the User’s activity on the Website and the amount of time spent on each of the subpages on the Website, the User’s search history, location, IP address, device ID, browser data and the User’s operating system are then processed. The basis for the processing of User data in such a case is Article 6(1)(f) GDPR, i.e. the Controller’s legitimate legal interest in processing the User’s personal data.
A: (server)
The IT system used by the website automatically collects data related to the device used by the User in logs. This data is only collected for statistical purposes and relates to: the User’s IP number, the address of the website files downloaded or the output address and is only used for diagnostic purposes.
This data is never combined with the data referred to in Section II and is only used for statistical analysis and system error correction mechanisms.
B: (cookies)
The website uses „cookie” technology, i.e. text files placed on the User’s device, for technical session handling purposes.
If the User does not agree to the placement of cookies on his/her device, he/she can block their placement by configuring his/her web browser accordingly. Information on how to do this can be found in the help files of the web browser used by the User. However, if cookies from the Website are blocked, the Controller cannot guarantee its correct functioning.
If the User agrees to the placement of cookies on his/her device, but would like to delete them after visiting the website, information in this regard can be found in the help files of the Internet browser used by the User.
C: Google Analytics (cookies)
Google Analytics uses the technology of „cookies”, which are text files placed on your device, in order to enable the Controller to analyse the sources of traffic and the way in which visitors use it.
Google collects the data obtained from the placement of cookies on your device on its servers and uses this information to create reports and provide other services related to the traffic and use of the Internet.
Google may also transfer this information to third parties if it is obliged to do so by law or if these parties process such information on behalf of Google.
This data is never merged with the data provided referred to in Section II of the Policy and only constitutes material for statistical analysis and system error correction mechanisms.
If the User does not agree to the placement of cookies on his/her device, he/she can block their placement by configuring his/her web browser accordingly. Information on how to do this can be found in the help files of the web browser used by the User. However, if cookies from the Website are blocked, the Controller cannot guarantee its correct operation.
If the User agrees to the placement of cookies on his/her device, but would like to delete them after visiting the website, information in this regard can be found in the help files of the Internet browser used by the User.
D: Google AdWords (cookies)
Google AdWords uses „cookies”, which are text files placed on your device, to enable the website to evaluate the correctness and effectiveness of its advertising activities using the AdWords network.
Google collects the data obtained from the placement of cookies on your device on its servers and uses this information to create reports and provide other services related to the traffic and use of the Internet.
Google may also transfer this information to third parties if it is obliged to do so by law or if these parties process such information on behalf of Google.
This data is never combined with the data provided in Section II of the Policy and is only used for statistical analysis and system error correction mechanisms.
If the User does not agree to the placement of cookies on his/her device, he/she can block their placement by configuring his/her web browser accordingly. Information on how to do this can be found in the help files of the web browser used by the User. However, if cookies from the Website are blocked, the Controller cannot guarantee its correct operation.
If the User agrees to the placement of cookies on his/her device, but would like to delete them after visiting the site, information in this regard is contained in the help files of the Internet browser used by the User.
The Users’ personal data may be transferred to the providers of services used by the Controller in the conduct of its business. These service providers process the personal data entrusted to them by the Controller only to the extent and for the purpose strictly indicated by the Controller. These include, for example, suppliers providing IT services to the Controller. The Controller may also, in justified cases, transfer personal data to entities with personal or capital relations with the Controller, if this proves necessary for the Controller to be able to perform the service requested by the User.
The Controller ensures that with all the above-mentioned entities appropriate agreements for the entrustment of the processing of the Users’ personal data have been or will be concluded, specifying the obligations of the service providers when processing the Users’ personal data.
In specific situations in which the applicable law requires the Controller to make the collected User data available to authorized public authorities, the Controller shall provide such data to the extent necessary and justified by the request of the authority.
At the same time, the Controller guarantees that the Users’ personal data will not be transferred to countries outside the European Economic Area or to international organisations.
The User’s personal data processed for the purpose of receiving recruitment applications and conducting recruitment, will be processed no longer than until the end of the recruitment process conducted with the participation of the User, unless the User voluntarily agrees to the processing of his/her personal data also for the purpose of future recruitment.
The User’s personal data processed for the purpose of replying to the User’s message sent via the contact form or e-mail does not have a specific period of retention by the Controller, but will not be processed for longer than is necessary for the purposes for which it was collected.
Personal data derived from cookies stored on the User’s terminal device will be stored for a period corresponding to the life cycle of the cookies stored on the User’s terminal device or until they are deleted from the device by the User.
The User has the right to withdraw the consent given for the processing of his/her personal data at any time, if that consent constitutes the legal basis for the processing of his/her personal data (Article 6(1)(a) of GDPR). The withdrawal of the consent to data processing can be done by sending the Controller a declaration indicating such a wish, e.g. in the form of an e-mail message. The withdrawal of the consent has effect from the moment of receipt of the above declaration of withdrawal of consent by the Controller and does not affect the legality of the processing of the User’s personal data performed by the Controller before its withdrawal.
Legal basis: Article 7(3) of GDPR
The User has the right to obtain confirmation from the Controller as to whether his/her personal data is being processed and, if so, the right to:
Legal basis: Article 15 of GDPR
The User has the right to rectify and complete the personal data he/she has provided. The User may do so by submitting a request to rectify such data (if incorrect) or to complete it (if incomplete).
Legal basis: Article 16 of GDPR
You have the right to request the erasure of all or some of the data concerning you.
The User may request the erasure of his/her personal data if:
Despite the request for erasure of personal data in connection with the lodging of an objection (point c) above), the Controller may continue to process your personal data to the extent necessary for the purposes of establishing, asserting or defending claims, and to the extent necessary to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Controller is subject.
Legal basis: Article 17 of GDPR
You have the right to request the Controller to restrict the processing of your personal data, i.e. not to undertake any processing of your personal data beyond the mere storage thereof, in the following cases:
(a) where he or she disputes the correctness of his or her personal data – for a period of time allowing him or her to verify the correctness of the data;
Legal basis: Article 18 of GDPR
Where the User’s personal data are processed by the Controller on the basis of the consent given by the User or for the purpose of entering into a contract with the User (Article 6(1)(a) and (b) of GDPR), the User has the right to receive in a structured, commonly used readable format the personal data he or she has provided to the Controller, and has the right to send this personal data to another controller without hindrance from the Controller, provided that this is technically possible.
Legal basis: Article 20 of GDPR
The User has the right to object at any time to the processing of his/her personal data where the processing is based on the legitimate legal interest of the Controller (Article 6(1)(f) of GDPR). If the User’s objection proves to be well-founded and the Controller has no other legitimate legal basis for processing the User’s personal data, as well as a basis for establishing, asserting or defending his/her claims, the Controller will delete the User’s personal data against the use of which the User has raised an objection.
Legal basis: Article 21 of GDPR
If, in the exercise of the aforementioned rights described in items A-G), the User makes a request to the Controller, the fulfilment or refusal of the request will take place without delay, but no later than one month after receipt of the request. However, if, due to the complexity of the request or the number of requests, the User is unable to comply with the User’s request within one month, it will be complied with within a maximum of a further two months after informing the User of the need to extend this period.
If the User considers that the right to personal data protection or other rights granted to the User under the GDPR have been violated, the User has the right to lodge a complaint to the supervisory authority, which in Poland is the President of the Office for Personal Data Protection.
Legal basis: Article 77 of GDPR
VII. Voluntary provision of personal data
The provision of personal data by the User is voluntary at all times, although necessary for:
– the Controller’s ability to recruit;
– contact with the Controller by e-mail.
The consequence of the User’s failure to provide the data required for the aforementioned purposes will be the Controller’s inability to perform the aforementioned activities.
As a rule, the Users’ personal data shall not be subject to profiling or the basis for automated decision-making in any other manner.
If there is a need to update the information contained in this Privacy Policy or if it is necessary to ensure its compliance with the applicable laws or technological conditions of operation of the Website, this Privacy Policy may be amended. Users will be informed of all changes to the Privacy Policy through a notice displayed on the Website.
If Users have any questions or concerns about the privacy policy and security of their personal data, wish to update or delete their personal data, or exercise any other rights set forth in Section VI of the Policy, they may contact the Controller by e-mail at: ochrona.danych@scmpoland.pl or in writing at: al. Jana Pawła II 11, 00 – 828 Warsaw.