Privacy Policy

General provisions

This Privacy Policy describes, among others, the methods of obtaining, purposes and legal grounds for processing, rules of storage and sharing, and methods of protection of personal data collected through the Qodeca.com website (further: the ”Qodeca.com Website” or the “Website”). Personal data of the Users of the Qodeca.com Website are processed in accordance with the provisions of generally applicable law, in particular with the provisions of:
  1. the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the European Union 2016.119.1) (further: the “GDPR”);
  2. the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000 as amended);
  3. the Act of 18 July 2002 on Rendering Services by Electronic Means (Journal of Laws No. 144, item 1204 as amended);
  4. the Act of 16 July 2004 Telecommunications Law (Journal of Laws No. 171, item 1800 as amended).

Definitions

Whenever this document refers to
  1. Personal data - this means any information relating to a natural person who is identified or identifiable, directly or indirectly, by reference to an identifier such as the first name and surname, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. Processing of personal data - this means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  3. Controller - this means an entity which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  4. User/You - this means any natural person visiting the Qodeca.com Website and/or using one or more services or functionalities made available on the Website.

Controller

The controller of personal data of the Users of the Qodeca.com Website is Qodeca Spółka z ograniczoną odpowiedzialnością (Limited Liability Company) having its registered office in Warsaw, Company address: ul. Grzybowska 87; 00-844 Warszawa, entered by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register to the register of businesses of the National Court Register under number 0000719807, with share capital in the amount of PLN 5,000.00, NIP (Tax Identification Number): 5272839363, REGON (Business Registry Number): 369528643 (further: the “Company” or “We”).

Contact with the Controller

In matters related to the protection of personal data, you may contact us via e-mail at: gdpr@qodeca.com or via postal mail by writing to the following address: Qodeca Sp. z o.o.; ul. Grzybowska 87; 00-844 Warszawa.

Methods of data collection and scope of data collected

We obtain personal data primarily directly from the Users of the Qodeca.com Website. Users provide or leave their personal data at various stages of using the Website. The data are collected:
  1. when sending us a message via the contact form - we then receive the first name; surname; e-mail address and possibly other personal data contained in the message.
  2. when applying for vacancies or internships via the application form - we then receive the first name; surname; e-mail address; telephone number and possibly the place of residence; home country; the amount of the expected salary and other personal data contained in the documents attached to the application.
  3. automatically when visiting the Qodeca.com Website - we then receive information collected by cookies that characterise the way you use our Website, e.g. the date, time of the start and end of your visit to the Website and the scope of the visit; information about the operating system and the web browser used by you; information about the type of device used and the IP address (internet protocol) and the Uniform Resource Locator (URL).
We do not collect sensitive personal data, i.e. health data, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and genetic data. We comply with the principle of collecting and processing only such personal data that are necessary to achieve the purposes for which they will be processed.

Purposes and legal grounds for the processing of personal data

We process the personal data of the Users of the Qodeca.com Website only to the extent necessary to achieve the purposes for which they were collected. We present below the goals pursued and the relevant legal grounds for the processing of personal data.
  1. Response to messages, inquiries or notifications sent to us via the contact form Processing is necessary for the performance of a contract (i.e. a contract for the provision of services by electronic means) to which the data subject is party, which finds its legal basis in Article 6(1)(b) of the GDPR
  2. Implementation of the recruitment process, in particular the assessment of the qualifications, abilities and skills of the applicant in terms of the requirements for the job for which the application is submitted
    – in respect of the data enumerated in Article 22 1 § 1 of the Labour Code - processing is necessary to fulfill our legal obligations specified in the provisions of the Labour Code and secondary legislation issued on their basis, which finds its legal basis in Article 6(1)(c) of the GDPR;
    – in respect of additional data, i.e. data other than those enumerated in Article 22 1 § 1 of the Labour Code (e.g. image, home address, interests), if such data are provided to us - the processing will be carried out on the basis of consent to the processing of personal data, which finds its legal basis in Article 6(1) of the GDPR);
    – processing is necessary for us to take action at the request of the data subject before entering into an employment contract, which finds its legal basis in Article 6(1)(b) of the GDPR;
  3. Archiving of data and documents containing personal data for evidence purposes Processing is necessary for the purposes of the legitimate interests pursued by the Controller, i.e. to secure information, e.g. in the event of a legal need to prove facts,which finds its legal basis in Article 6(1)(f) of the GDPR;
  4. Conducting analyses and statistics on the way Users use the Website, based on data collected using cookies
    Processing is necessary for the purposes of the legitimate interests pursued by the Controller, i.e. for:
    - improving the operation of the Website and the functionality of the services provided;
    - enhancing the security of the Website operation;
    - optimising the user support process, which finds its legal basis in Article 6(1)(f) of the GDPR.

Recipients

Access to personal data collected through the Qodeca.com Website is primarily granted to our authorised employees. In justified cases, we transfer or may transfer certain personal data to the following recipients:
  1. entities authorised to obtain personal data on the basis of legal provisions, for the purposes of the proceedings conducted by them, e.g. public authorities and entities performing public tasks or acting atthe request of public authorities;
  2. the bank keeping the bank account of the Company;
  3. entities whose services we use by requesting them to perform tasks involving the processing of personaldata on behalf of and for the benefit of the Company - these will include entities that perform services at our request, necessary for the proper operation of the Qodeca.com Website and the fulfilment of ourlegal obligations or in pursuance of our legitimate interests, e.g. a) the owner of the recruitment system used by us to recruit employees – ENNOVA Sp. j. We first sign personal data processing agreements with all the entities to whom we transfer personaldata for them to perform the services requested by us. In these agreements, we strictly define, i.a., permitted nature, purpose and scope of the processing of personal data collected via the Website. We also make every effort to ensure that these entities guarantee the adoption of appropriate security measures and proper protection of personal data.
We do not sell or exchange personal data obtained through the Website with other entities for marketing purposes.

Information about the intention to transfer personal data to a third country or an internationalorganisation

Personal data will not be transferred to any country outside the European Economic Area (including European Union countries, Norway, Liechtenstein and Iceland) or to any international organisation.

Data retention period

Personal data collected via the Website will be processed only for the periods necessary to achieve the purposes for which they were collected.
  1. Response to messages, inquiries or notifications sent to us via the contact form for the time when there will be a need for mutual contact in the matter related to the correspondence
  2. Implementation of the recruitment process, in particular the assessment of the qualifications, abilities and skills of the applicant in terms of the requirements for the job for which the application is submitted
    - until the end of a given recruitment procedure, andin the case of additional personal data, also until the consent to the processing of these personal data is withdrawn;
    - in the case of additional consent to the processing of personal data for the purposes of future recruitment - for a period of 12 months or until theconsent to data processing is withdrawn
  3. Archiving of data and documents containing personal data for evidence purposes for periods required by applicable law and/or for periods of limitation of potential claims, specified in legal provisions
  4. Conducting analyses and statistics on the way Users use the Website, based on data collected using cookies until a valid, substantiated objection is lodged
At the end of the retention period, personal data will be deleted or made anonymous.

Rights of data subjects

We respect all rights of data subjects arising out of the provisions of the GDPR. Each data subject has the right to:
  1. request access to his or her personal data - i.e. the right to check which personal data are processed by us and obtain information, i.a., for what purpose and on what legal grounds the data are processed, to whom they are made available and when they will be deleted;
  2. request rectification of personal data when the data are incorrect, as well as requests supplementation of the data when the data are incomplete;
  3. request erasure of personal data, if there is a circumstance justifying the request provided for by law (i.e.in Article 17 of the GDPR);
  4. requests restriction of the processing of personal data, in cases provided for by law (i.e. Article 18 of theGDPR);
  5. data portability - i.e. the right to receive from us the personal data which were provided by the User in astructured, commonly used and machine-readable format (e.g. txt., doc., rtf., xls., odt., pdf., jpeg., xml. formats) and the right to transmit those data to another controller or request that we transmit the personal data directly to another controller, where technically feasible;
  6. object at any time to the processing of personal data, on grounds relating to his or her particular situation - when data processing is based on our legitimate interest or for statistical purposes, and theobjection is justified by a particular situation that makes further data processing by us infringe on theprivacy of that person.
If the processing of personal data is based on consent, the Users of the Qodeca.com Website have the right to withdraw this consent at any time. However, this will not affect the lawfulness of the processing based on consent before its withdrawal. You may withdraw consent for the purposes of the recruitment process by sending us an appropriate messageto the following address gdpr@qodeca.com You can exercise the rights referred to above by sending an appropriate request to us to the following e-mailaddress: gdpr@qodeca.com or by postal mail to the following address: Qodeca Sp. z o.o.; ul. Grzybowska 87; 00-844 Warszawa. Such a request should contain data that will enable us to uniquely identify theapplicant and fulfill the request in accordance with the application. Any data subject who considers that the processing of personal data by us violates his or her rights also hasthe right to lodge a complaint with a supervisory authority - the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa).

Voluntary data provision, consent to processing

Providing personal data is not mandatory, but it is necessary to use some of the functionalities of the Qodeca.com Website. Without providing personal data, you will not be able to send us a message via the contact form, or submit an application for vacancies or an internship application.

Automatic data processing, including profiling

Personal data obtained through the Qodeca.com Website are not processed in a way that would result inautomated decision making, including profiling. This means that we do not use IT systems that would collectinformation about natural persons and then independently, automatically, make decisions that could havelegal effects on these persons or similarly significant effects on their situation.

Data security

We secure personal data collected through our Website in accordance with the guidelines arising out of the provisions of the GDPR. We implement appropriate technical and organisational measures to ensure the appropriate level of security of personal data and to protect them against accidental or intentional destructionor damage, accidental loss, modification, disclosure to unauthorised persons or removal by an unauthorisedperson. For instance:
  1. on the pages of the Qodeca.com Website, we use secure internet connections, encrypted using an SSLcertificate, which is to ensure the confidentiality of data transmission over the Internet;
  2. we store personal data on secure servers;
  3. personal data may only be processed by our specially authorised employees and only to the extent that isnecessary to perform the tasks assigned to them;
  4. we have developed and implemented an appropriate personal data security policy which specifies appropriate data processing procedures;
  5. we sign personal data processing agreements with entities whose services we use to process personaldata, in which we precisely define the permitted purpose, scope and method of processing;
  6. we make every effort to ensure that the entities entrusted with the processing of personal data guaranteethe adoption of appropriate security measures and proper protection of personal data.

Cookies

Like many other websites we also use cookies on the Qodeca.com Website to collect and processanonymous data about Users. Cookies are small text files sent by visited websites and stored on the User’scomputer. The information contained in these files can be read only by the website which had created them. The data collected using cookies does not allow for the unique identification of that person. We use cookies to analyse how Users use the Website, in order to improve the operation of the Website andthe functionality of the services we provide and adapt them to the individual needs of Users, as well as forstatistical purposes. Most web browsers accept cookies by default. The User may change these settings at any time in his or herbrowser. However, disabling cookies may affect the correct operation of some of the Website’s functions. We also collect information on how the Website is used on the basis of access logs based on the IP addressesof the Website Users. The data collected in this way does not allow for the identification of Users, however, on their basis, we can analyse the efficiency of the Website, its security, diagnose potential problems regarding personal data breach and find solutions. Such data are also statistical data for us regarding visitorsto our Website (e.g. information about the region), which allow us to tailor our offer.

Final provisions

We reserve the right to make changes to this Privacy Policy. Such changes may be necessary or needed forexample, in the event of changes in the law, new guidelines of supervisory authorities, changes in technologyusing which we process personal data, as well as changes in the methods, purposes or grounds for theprocessing of personal data by us. We will each time inform the Website Users about any changes made.