Table of Contents | ||
---|---|---|
|
I. INTRODUCTION
The following document describes Sii's privacy policy. Sii's privacy policy, hereinafter: the policy defines the rules, methods of processing and use of data as well as information from candidates, customers and users of all websites belonging to Sii, including:
Please read the Policy carefully. By entering or using a website belonging to Sii and sending us any Personal Data in connection with job applications, recommending a friend to work, sending a request for an offer / cooperation, etc. The user accepts the terms of this Policy and confirms that he/she has read its content.
Terms used in the Privacy Policy
Personal data - defined as Personal data within the meaning of the GDPR, i.e. all information relating to an identified or identifiable natural person. These data identify directly or indirectly a natural person with regards to the name, e-mail address or telephone number of the natural person and other data that, in connection with the above-mentioned, may identify the User.
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general Data Protection Regulation), pursuant to which Sii and its Subsidiaries process Users' Personal Data.
Sii - Sii Ltd. with its seat in Warsaw at Niepodległości Av. 69, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw, XIII Commercial Division of the National Court Register, under KRS number 0000249203, with share capital of PLN 400,000, NIP number: 5252352907.
Specialist - a job candidate offered by Sii to its customers.
Subsidiaries - a company or entity that is directly or indirectly controlled by Sii, where "control" means: (a) in the case of corporate entities, direct or indirect ownership of more than fifty percent (50%) of stocks or shares entitled to vote, or (b) in the case of non-corporate entities, holding directly or indirectly more than fifty percent (50%) of the equity with the power to direct such non-corporate entities. The subsidiary company is, in particular, Sii Sweden.
User - job candidate, newsletter subscriber, competition participant, person asking a question, training participant, person recommending a friend to work and visiting websites belonging to Sii, as well as a person using the candidate's portal.
Services - services provided by Sii electronically, via the website, i.e. .: subscribing to the newsletter, sending inquiries via the contact form, sending documents necessary in the recruitment process, application for participation in competitions, application for participation in training, creation of an account on the candidate portal.
Providing Personal Data
By providing personal data on www.sii.pl and any other website that belongs to Sii, the User confirms that he/she has all necessary permissions to disclose personal data that will be later used by Sii in a manner described in this Policy.
Personal Data Controller
Sp. z o. o., al. Niepodległości 69, 02-626 Warsaw, tel. (22) 486 37 37 is the Controller of User’s personal data provided while using any Sii’s website; in particular, while partaking in the recruitment process, conducting training, sending marketing information (e.g. newsletters), accepting participation in conferences or events or using other services available on the website.
Data Protection Officer
Any questions regarding regulations concerning personal data processing described in this Policy should be sent to the Data Protection Officer appointed by Sii at personaldata@sii.pl.
II. PROCESSING OF PERSONAL DATA - PURPOSES, LEGAL BASIS, SCOPE
Sii processes Personal Data for various purposes for which it needs a specific scope of Personal Data from the User, and each purpose of processing has its legal basis resulting from the provisions of the GDPR and sectoral regulations that contain regulations regarding the protection of Personal Data:
Purpose of processing personal data | Legal basis for processing personal data | Scope of processed personal data |
Conducting recruitment for the needs of Sii | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data Article 221 § 1 of the Labor Code | Full name |
Conducting recruitment for projects carried out for Sii customers | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data | Full name |
Sending answers to Users, to the e-mail addresses or telephone numbers provided by them, to previous inquiries sent via the contact form, as well as to contact the Users and answer their previously sent messages and inquiries. | Article 6 (1) (a) f GDPR - legitimate interest of Sii as the Administrator of personal data | Full name |
Sending marketing and promotional information about products and services, events and news, including subscription to the newsletter. | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data Art. 10 sec. 2 of the Act on the provision of services via electronic means | Name and surname (if the e-mail address consists of first name and surname) |
Providing the User with marketing information by phone or SMS | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data Art. 172 sec. 1 of the Telecommunications Law | Full name |
Pursuing and defending rights in the event of mutual claims. | Article 6 (1) (a) f GDPR - legitimate interest of Sii as the Administrator of personal data | Full name |
Organizing and conducting trainings for Users and employees of Sii customers. | Art. 6 sec. 1 point b GDPR - conclusion and performance of the contract between the User and Sii | Full name |
Organization and conducting of competitions | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data | Full name |
Organization of conferences, seminars, events, webinars | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data | Full name |
Profiling the data held in order to better match marketing information and job offers to the User's preferences | Article 6 (1) (a) f GDPR - legitimate interest of Sii as the Administrator of personal data | Full name |
Contacting customers' and suppliers' representatives to coordinate activities under the contracts. | Article 6 (1) f GDPR - legitimate interest of Sii as the Administrator of personal data | Full name |
The following chapters provide more detailed information on the Personal Data processed:
As for the processing of Personal Data for the purposes of recruitment - Chapter VI of this Policy.
As for the processing of Personal Data in connection with marketing activities - Chapter VII of this Policy.
As for the processing of Personal Data in connection with organizing and conducting training - Chapter VIII of this Policy.
As for the processing of Personal Data in connection with the organization of events, conferences, seminars, webinars - Chapter IX of this Policy.
As for the processing of Personal Data in connection with organizing and conducting competitions - Chapter X of this Policy.
As for the processing of Personal Data in connection with the performance of contracts (suppliers, customers) - Chapter XI of this Policy.
Legitimate interest of Sii as the Administrator of personal data
Legitimate interest is one of the legal grounds provided for in Art. 6 sec. 1 GDPR, which assumes that there are situations in which the Personal Data Administrator may perform specific processing of Personal Data. Such legitimate interests that we use at Sii include:
Possibility of pursuing claims or defending against them. Promoting Sii, sending marketing information.
Implementation of cooperation agreements with customers and suppliers.
Conducting negotiations, discussions with potential customers
Conducting recruitment for projects carried out for Sii's customers
Handling inquiries sent to Sii - providing answers to Users.
In the event of contact with the User in order to provide an answer, the legal basis for the processing of Personal Data is the legitimate interest of Sii as the administrator of Personal Data provided on the contact form (Article 6 (1) (f) of the GDPR). The legitimate interest is manifested in the possibility of responding to the inquiry sent, providing the User with a comprehensive answer. Without the processing of Personal Data, in particular contact data, we will not be able to provide an answer, and thus, help in resolving an issue indicated in the inquiry.
III. STORING OF PERSONAL DATA
The processing of personal data generally continues until the purpose for which the Personal Data was obtained and processed and stored, for the purpose of achieving it, ceases to exist. After achieving the goal or its termination, Sii removes all personal data obtained from the User. However, there are situations in which Sii stores Personal Data even if the purpose of processing has been achieved or will no longer be achieved. This is due to legal requirements or business needs.
Importantly, the provisions of the GDPR make it possible to show the exact duration of the storage of Personal Data (days / weeks / months / years) and to indicate the criteria for data storage for a given period of time, e.g. "for the period of limitation of the User's potential claims against Sii", "until withdrawal consent to the processing of Personal Data ".
Below, information on the storage periods of Personal Data.
Purpose of processing personal data | Personal data storage period | The basis for the storage of personal data | What does the retention period result from? |
Conducting recruitment for the needs of Sii | Until the consent to the processing of Personal Data is withdrawn | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - candidate. |
Conducting recruitment for projects carried out for Sii customers | Until the consent to the processing of Personal Data is withdrawn | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - candidate. |
Sending answers to Users, to the e-mail addresses or telephone numbers provided by them, to previous inquiries sent via the contact form, as well as to contact the Users and answer their previously sent messages and inquiries. | 2 months | Article 6 (1) f GDPR - legitimate interest of Sii as the Administrator of personal data | Mechanisms set up in the IT system to remove messages-inquiries after they are handled by a dedicated employee |
Sending marketing and promotional information about products and services, events and news, including subscription to the newsletter. | Until the consent to the processing of Personal Data is withdrawn | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - recipient of marketing materials. |
Providing the User with marketing information by phone or SMS | Until the consent to the processing of Personal Data is withdrawn | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - recipient of marketing materials. |
Pursuing and defending rights in the event of mutual claims. | Limitation period for potential claims | Article 6 (1) f GDPR - legitimate interest of Sii as the Administrator of personal data | A right resulting from legal provisions (especially the Civil Code) |
Organizing and conducting trainings for Users and employees of Sii customers. | Time to organize and conduct the training. | Art. 6 sec. 1 point b GDPR - conclusion and performance of the contract between the User and Sii | Implementation of the training contract between the User and Sii, the contract concluded by subscribing to the training. |
Organization and conducting of competitions | Time to organize and conduct the competition | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - competition's participant |
Organization of conferences, seminars, events, webinars | Time of organization and implementation of the event / seminar / conference / webinar | Art. 6 sec. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - participant of the event / seminar / conference / webinar. |
Profiling the data held in order to better match marketing information and job offers to the User's preferences | Until the User objects to further profiling | Article 6 (1) f GDPR - legitimate interest of Sii as the Administrator of personal data | Business need to match marketing information / job offers to have information provided by or obtained from the User or available on professional social networks such as LinkedIn / Goldenline. |
Contacting customers' and suppliers' representatives to coordinate activities under the contracts. | The time of Sii's cooperation with a customer / supplier or the period of negotiations with a potential supplier / customer. | Article 6 (1) f GDPR - legitimate interest of Sii as the Administrator of personal data | Agreements concluded with suppliers and customers. |
The abovementioned list of store periods for Personal Data is general and does not contain details that are relevant in each case. The mentioned details were recorded:
In connection with recruitment for Sii customers - chapter VI of this Policy.
In connection with cooperation with suppliers, customers - chapter XI of this Policy.
IV. TRANSFER OF PERSONAL DATA
There are situations in which Sii transfers the User's Personal Data to other external entities - companies, entrepreneurs or public institutions. The transfer of Personal Data results from:
Provisions of law requiring the transfer of data to a specific public institution (police, court, prosecutor's office, etc.);
Sii's internal needs regarding obtaining a specific service to support the achievement of business goals (entities providing legal advisory services, legalization of foreigners' stay, booking accommodation in hotels, sending mass-mailings, etc.).
The transfer of Personal Data takes place in the form of sharing or entrusting them. Below is an explanation of the differences between the indicated forms.
Sharing Personal Data | Entrusting Personal Data |
Entrusting Personal Data consists of transferring data to another entity based on one of the legal grounds specified in the provisions of the GDPR - specifically: Art. 6 Sec. 1. i.e. | Entrustment is the transfer of Personal Data based on Art. 28 GDPR - Sii, as the Administrator of Personal Data, transfers them to another entity by concluding a special so-called contracts for entrusting the processing of personal data. |
Sii provides or entrusts Personal Data to the following entities:
Sharing Personal Data | Entrusting Personal Data |
Sii customers (in the scope of contact details of representatives) | Entities providing mass marketing e-mail / SMS mailing services |
Sii's potential customers (in the scope of contact details of representatives) | Entities providing services that conduct certification exams at the end of courses and training |
Suppliers (in the scope of contact details of representatives) | Training providers |
Public administration bodies authorized under the provisions of law | Entities intermediating in the organization of events (owners of portals for registering for events) |
Sii provides Users' Personal Data to its customers in connection with their recruitment for the purpose of employment, then delegation to provide services under the outsourcing of specialists or entire teams. Sii has concluded appropriate agreements and contracts specifying the rules for disclosing Personal Data. Each User has the right to access information to which customer Personal data has been made available on the terms set out in Chapter V of this Policy.
Transfer of personal data between Sii companies
Sii is a company that has Subsidiaries, in particular Sii Sweden. Due to the fact that the Subsidiaries use IT systems belonging to Sii for organizational facilitation in the implementation of recruitment and marketing purposes, managing relations with customers, suppliers, etc., Sii transfers Users' Personal Data to its Subsidiaries. The transfer of Personal Data to subsidiaries is carried out pursuant to art. 6 sec. 1 point f GDPR, i.e. the legitimate interest of Sii as the Personal Data Administrator. The legitimate interest manifests itself in the following matters:
Search for User-Candidates by Sii and its Subsidiary for a joint project for a customer.
Joint negotiations with a potential customer in order to conclude a cooperation agreement.
Joint search for a subcontractor to assist in the implementation of the project for the customer, which is run by the employees of Sii and its subsidiaries.
The transfer of Personal Data to the Subsidiaries takes place by enabling the employees of these companies to access the CRM system belonging to Sii. And the use of one, common CRM system for the abovementioned purposes is the so-called co-administration of Personal data, i.e. Sii and its Subsidiaries jointly decide on the purposes (for what?) and methods (how?) of processing Users' Personal Data. In order to protect Personal Data, Sii has concluded special agreements with its subsidiaries - agreements for the co-administration of Personal Data. In the context of Subsidiaries based in a country not belonging to the European Union or the European Economic Area, Sii concluded additional contractual clauses with such subsidiaries securing the processed data and meeting the requirements of Art. 44-49 GDPR. These clauses are concluded due to the fact that in the case of subsidiaries based in a country outside the European Union or the European Economic Area, the rules set out in the GDPR do not apply to Personal Data processed by such entities.
V. USER RIGHTS
Each User has the rights related to the processing of his Personal Data by Sii, in accordance with Chapter III: Art. 15-22 GDPR:
What law? | What is it? | Situations excluding the implementation of the law |
The right to access one's Personal Data (Article 15 of the GDPR) | The User receives a list of Personal Data obtained from him by Sii and processed in documents and IT systems. | None |
The right to rectify the processed data (Article 16 of the GDPR) | The User may report the need to update, supplement the Personal Data provided to Sii or request correction if Sii uses incorrect data. | None |
The right to delete data ("the right to be forgotten") (Article 17 of the GDPR) | Sii deletes all Personal Data obtained from the User. This right is exercised without undue delay in one of the following circumstances:
| Legal provisions that require further processing - the storage of Personal Data despite the lack of purpose for their processing. |
Right to restriction of processing (art 18) | The User may request the restriction of the processing of his Personal Data, i.e. he may oblige Sii, for example, not to disclose them to another entity to be used for the implementation of marketing mailing, to withhold access to them by Sii employees. The User may exercise this right in the following situations:
| None |
Right to transfer of Personal Data (art. 20 GDPR) | The User may submit a request for Sii to prepare a report / statement with his Personal Data, and then for Sii to provide the report / statement to another entity - the Personal Data Administrator. This right is exercised if:
| None |
Right to object to further data processing (Art.21 GDPR) | The User may object to Sii against further processing of their Personal Data, regardless of the reason. From the moment the objection is raised, Sii cannot continue processing Personal Data. | Sii will prove to the User that its own legitimate interests for data processing override the User's rights. |
The right not to be subject to decisions based solely on automated processing, including profiling (Article 22 of the GDPR) | The User has the right to be assessed on the basis of comprehensive actions based on the Personal Data obtained from the User, not only by special algorithms that bring the data together, but also by actions taken by employees. | Making decisions is necessary for the performance of the contract between Sii and the User. |
The right to withdraw consent to the processing of Personal Data (Article 7 (3) of the GDPR) | The User may revoke the previously expressed voluntarily consent to the processing of his Personal Data. Wherever consent is the only legal basis for Sii to process Personal Data, this right is strictly enforced. That is, inter alia:
| None |
The right to file a complaint against the processing of Personal Data (Article 13 (2) (d) of the GDPR; Article 14 (2) (e) of the GDPR) | The user may notify the GDPR control authority - in Poland it is: The President of the Office for Personal Data Protection, that Sii violates the provisions of the GDPR, that, for example, it fails to secure data, has obtained more data than is actually necessary for a specific purpose. Contact details: | None |
The implementation of each of the above rights takes place at the User's request sent to personaldata@sii.pl. Sii examines the submitted application and sends a reply within 1 month from the date of receipt of the application together with an indication of the result of the examination - what specific actions have been taken with the estimated time for the processing of the entire application, if specific activities require a longer processing time.
Sii reserves the right to respond to a request for the exercise of any right later than the abovementioned date: up to two months (resulting from Article 12 (3) of the GDPR), due to the number of inquiries or the complex nature of the inquiry sent. By complexity, we understand the need to compile data from many IT systems or the need to consult more than one person from a department or departments in order to obtain information that is the subject of the application. In each case, Sii undertakes to inform the User about this fact, providing justification.
Sii also reserves that it may refuse to exercise any of the rights specified in Art. 15 - 22 of the GDPR in a situation where the User submits applications in a continuous, excessive manner, without any justification. Each time Sii will justify the refusal to exercise the right indicated in the application. By persistent and excessive nature, we mean sending subsequent requests with a similar request to the original one, despite the examination and notification of its processing, e.g. The User sends the request for access to information, Sii executes it - it sends a summary of the information it has, and the User sends the second and the same request again, without explaining the reason for the repeated request for information.
Under the right to withdraw consent, the User may at any time withdraw consent to further processing of Personal Data for purposes that require consent, provided that the withdrawal of consent does not affect the lawful use of Personal Data in activities based on consent before its withdrawal. The following chapters provide details on how to withdraw consent for a specific purpose (recruitment, marketing, competitions, etc.)
Under the right to access information, the User is entitled to obtain the following information in the form of a report or statement:
Purpose of processing Personal Data
Categories of Personal Data - what data we process, e.g. name, surname, telephone number;
Legal bases for data processing
Information on recipients or categories of recipients of data - to whom (a person, company, institution) this data may be transferred;
Information on the right to request from Sii the rectification of data, their deletion or limitation of their processing and to object to specific data processing;
Information on the possibility of lodging a complaint to the President of the Personal Data Protection Office;
Information about the data source, if the data has not been obtained directly from the User - indication of the person or company or institution that provided the Personal Data;
On the use of profiling: on what terms it is undertaken, what may be the consequences of profiling for the User
Sii also informs that each subsequent copy of Personal Data is associated with a fee resulting from the costs incurred in connection with the creation of another copy of Personal Data. Sii notifies the User about the costs after assessing the scope of the information indicated in the application.
With regards to the right to delete Personal Data, Sii deletes not only data obtained from the User himself, but also information obtained as a result of the analyzes, e.g. information about the User's interests in specific categories of information, products, services based on the User's-consumer activities; information about the professional experience of the User-candidate obtained as a result of the interview, the candidate's own assessment based on the course of the interview.
Exceptions to the implementation of the law, shown in the table, result from applicable law. Sii analyzes each case of an exception individually for each case - the relationship between Sii and the User.
What is crucial, this right shall always be executed. Legal or internal - business requirements are only factors that extend the full implementation of the request for the removal of Personal Data.
The right to object to the further processing of Personal Data is that the User indicates that he does not want his Personal Data to be used for purposes that are pursued as legitimate interests within the meaning of Art. 6 sec. 1 point f GDPR. After receiving the objection, Sii analyzes whether the objection may be taken into account or whether there are grounds to reject it, as it is not an absolute right. There may be situations in which the User's right to object to further data processing will make it impossible for Sii to achieve the goal. Examples of the purposes of processing Personal Data in a legitimate interest, where the objection may be disregarded:
Intention to pursue claims against the User or defense against potential claims on the part of the User.
The User is a candidate recruited by a Sii customer, recruitment interviews are ongoing, and the User does not want his Personal Data to be still processed.
Each case is analyzed individually. The result of the analysis, together with the decision and justification for not considering the objection, is sent to the User by Sii as part of the examination of the submitted application.
If the analysis shows that Sii has no prerequisites for further processing of Personal Data, the objection is accepted and Sii deletes the Personal Data.
With regards to the right not to be subject to decisions based solely on automated processing, including profiling - it is important that no automated activities are performed at Sii. Employees compile Personal Data, as discussed in more detail in Chapter XII of this Policy. Typical automated processing activities are e.g. carrying out a creditworthiness assessment.
VI. PROCESSING OF PERSONAL DATA IN RECRUITMENT PROCESSES
As Sii, we recruit for our own needs and for customers, to whom we provide specialist delivery services or specialist teams, so-called body leasing. Therefore, we would like to inform you that the data of the User - candidate (hereinfrom in this chapter: candidate) may also be processed by Sii customers, as mentioned in the content of the job advertisement, indicating that we are recruiting for the customer.
The legal basis for the acquisition and processing of Personal Data for recruitment by Sii is the candidate's consent (Article 6 (1) (a) of the GDPR). At the same time, we would like to inform you that by agreeing to the recruitment processes, this consent will apply to both recruitment for a specific position included in the job advertisement, and for future recruitment for similar positions tailored to the profile and professional experience. As a candidate, you can withdraw your consent to further processing at any time, in accordance with Chapter VIII of this Policy, which, however, does not affect the lawful use of Personal Data in activities carried out on the basis of consent before its withdrawal.
However, it is important to emphasize that there is a specific scope of Personal Data obtained from the candidate, which results directly from the law - art. 221 § 1 of the Labor Code, which fills in art. 6 sec. 1 point c GDPR - a legal provision authorizing or obliging to obtain and process Personal Data. These are the following data:
First name(-es) and surname;
Date of birth;
Contact details provided by the User in the CV / cover letter;
Education;
Vocational qualifications;
The history of previous employment.
Other data, incl. regarding the assessment of the candidate's competences from previous employers, public image, Sii acquires on the basis of the candidate's voluntary consent.
As far as the sources of obtaining Personal Data for the purpose of recruitment processes are concerned, these are the following:
Candidate applications submitted in response to job advertisements posted on portals such as pracuj.pl and on our website sii.pl, career tab.
Candidate's referral system.
In this situation, the recommending person enters his data and the data of the recommended person and places a CV under the form with the User's data. Sii verifies the CV of the recommended person, received from the recommending person, in terms of the consent of the recommended person to the processing of Personal Data that meets the requirements of the GDPR. If the consent has been concluded, Sii has the right to use this data for recruitment processes.Direct contact with the candidate via social networking sites LinkedIn, Goldenline (so-called headhunting).
The Sii recruiting employee contacts the candidate directly from LinkedIn / Goldenline level, sends a request for the candidate's interest in the presented job offer and further contact. After receiving information about the interest in the offer, the employee registers the candidate in the CRM system by entering only the first and last name and contact details available on the candidate's profile on LinkedIn / Goldenline, generates a special form to obtain consent for recruitment processes, while the recruitment is continued. Once the candidate accepts this special form, Sii is entitled to carry out future recruitments - sending the candidate new job offers.CV sent by the candidate on his / her own initiative via the form on sii.pl, tab career.
Recruitment for the needs of customers
As mentioned at the beginning of the chapter, Sii recruits for its own needs and for its customers. Recruitment for customers is carried out:
By posting a job advertisement with information about recruitment for the customer.
Contact with the candidate already registered in our CRM database, in connection with participation in the previous recruitment, with the consent given to Sii for the processing of Personal Data for the purpose of carrying out future recruitment processes.
Direct contact with the potential candidate via social networking sites LinkedIn, Goldenline (so-called headhunting).
Generally, Sii first recruits, conducts interviews and technical tests (verification of practical skills). The result of the interview is a decision whether the candidate will be offered to the customer or not. If so - the recruiting employee prepares a CV in a special format, consisting of the candidate's data such as: name, date of birth, description of education, work experience, completed courses and training.
The CV prepared in this way is forwarded to the customer by an employee representing Sii in contacts with the customer. The customer verifies the candidate presented and decides whether they wish to conduct an interview. If so - the customer arranges an interview with the candidate through the Sii employee responsible for contact with the customer. After the interview, the customer decides whether or not to hire a candidate.
In the context of Personal Data provided to the customer and processed by him, the following issues are relevant:
Sii is the Administrator of personal data - it acquires data and processes it for the purpose of the recruitment process for work for the customer. The processing of Personal Data is based on the candidate's consent to recruit (Article 6 (1) (a) of the GDPR).
Transfer of Personal Data to the customer based on the legitimate interest of Sii as the Personal Data Administrator (Article 6 (1) (f) of the GDPR) in the form of their disclosure. The legitimate interest is manifested in ensuring the implementation of the cooperation agreement concluded with the customer for the preparation and delegation of a candidate-specialist or a team of candidates-specialists to perform the work specified in the cooperation agreement. Importantly, at the very beginning of the recruitment process, the candidate receives information that the recruitment is carried out for the customer's needs, to perform work for them. The aforementioned consent applies to situations when Sii verifies the submitted application.
The customer becomes a separate administrator of personal data, independently provides the appropriate legal basis for the processing of the received personal data of the candidate. It obtains consent (or provides another legal basis from the GDPR) and sends an information clause to meet the GDPR requirement of art. 13-14.
The personal data of the candidate recruited to the customer is stored by Sii for a period of 2 years counted from the end of the recruitment. Importantly, this only applies to candidates rejected by the customer - who have not been hired.
It results from the provisions in the contracts with each customer: a clause concerning the prohibition of re-offering the candidate and his professional profile for 2 years, in a situation where the candidate has already participated in the recruitment completed with a negative result.
The candidate always has the right to withdraw consent to the processing of Personal Data, without affecting the actions taken before its withdrawal. As for the withdrawal of consent for Sii (i.e. recruitment for Sii's internal needs), the procedure is described in Chapter VIII of this Policy. However, when it comes to the customer, the candidate contacts the customer using contact details provided in the information clause.
The candidate may object to the transfer of Personal Data by Sii to the customer, the processing of his data by the customer. The objection will be considered by Sii, the data will be deleted, however this is equal to the candidate's resignation from participation in the recruitment process. this means the candidate's resignation from participation in the recruitment process.
An important issue in recruiting for customers are additional requirements on the part of some customers to carry out the so-called background check. This process consists of verifying the information provided by the candidate in the CV: information about education, work experience, completed courses, training, language skills (level of proficiency in foreign languages). Verifications are carried out by Sii in accordance with the requirements specified in the cooperation agreements. They are followed by, among others:
Certificates and diplomas,
References from previous employers
In addition to the above, the customer may require a background check extended to include information on criminal record, credit history, and financial matters (debt). In Poland, there is a general prohibition of verification of the abovementioned information, except for the exceptions specified directly in Polish law (banking law, provisions on the rules for obtaining information on a clean criminal record, etc.). Therefore, in contracts with customers, Sii agrees that the background check of the information contained in the CV is carried out by Sii, and in the field of no criminal record, credit history, and financial matters, the customer conducts the background check on the candidates.
Transfer of personal data between Sii companies with regards to recruitment purposes
Recruitment processes are conducted by Sii independently, however, there are situations where Sii seeks and recruits a candidate together with its subsidiaries. Such situations are related to recruitment for customers, especially those with extensive structures - with branches in many countries, which means that work for customers is carried out jointly, the supply of specialists or teams of specialists is carried out jointly. Joint recruitment allows the Subsidiaries to have access to the Personal Data of candidates in the CRM system belonging to Sii.
In the context of the GDPR, the candidate's Personal Data is shared with the customer. The legal basis for disclosure is a legitimate interest (Article 6 (1) (f) of the GDPR) resulting from the concluded body leasing contract with the customer, in which the customer requires the transfer of Personal Data in order to verify the candidates presented and their professional competences, whether they are adequate for the service that the Specialists would perform.
VII. PROCESSING OF PERSONAL DATA FOR MARKETING PURPOSES
By submitting an inquiry or signing up for a training, conferences or other event organized by Sii, the User may consent to processing of personal data in order to receive marketing information on products and services offered by Sii, including newsletters. The rules for obtaining such consent have been described in the chapter VI points 1-2 of this Policy. The consent may be withdrawn anytime taking into consideration rules defined in the chapter VIII of this Policy.
User’s consent for processing personal data (Art 6 (1) (a) of GDPR) is the legal basis for sending newsletters. It can be granted while providing one’s e-mail address in the newsletter subscription form or gated content as well as by checking a box while completing a contact or recruitment form. Providing the e-mail address in the newsletter subscription form is a clear affirmative action of consenting to processing personal data as defined in the Art 4 (11) of GDPR regarding the definition of consent as well as connected 32nd motif of GDPR explaining the clear affirmative action.
According to the abovementioned motif, a clear affirmative action includes informing Sii that User’s e-mail address provided in the form may be used for sending newsletter that includes Sii’s promotional information. It is one of acceptable forms of consenting to using provided e-mail address for the defined purpose (such forms also include checking a box located near the content of the consent).
Consent to sending unsolicited marketing information, according to Art. 10 of rules for electronically supplied services and Art. 172 (1) of Telecommunication Act, is provided by the user independently and separately by checking a dedicated box located near the content of the consent.
In order to obtain some materials uploaded to Sii’s website, it may be necessary to complete a form that requires providing personal data. Such data will be processed according to the consent (Art 6 (1) (a) of GDRP) expressed by a clear affirmative action. If the User wishes to receive other marketing information, he/she may state so by checking a relevant box. If the User will not state so, it means that he/she is not interested in receiving other information thus Sii will not send it.
VIII. PROCESSING OF PERSONAL DATA WHEN ORGANIZING AND CONDUCTING TRAININGS
One of the areas of Sii's activity are open and dedicated training for Sii's customers and any other interested person. Therefore, Sii will process the Personal Data of Users declaring participation in training, to the extent necessary to carry out matters related to the training. Details on the purposes for which the Users' Personal Data - training participants are processed and other information are specified in the dedicated chapter on the protection of Personal Data in the Training Regulations available at the time of enrollment for the training.
IX. PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE ORGANIZATION OF EVENTS
Sii processes Users' personal data in connection with organizing and conducting events. By signing up for the event - using a special form or by sending an application to a dedicated e-mail address - the User gives consent to the processing of his Personal Data for the implementation of all activities related to the organized event. Consent stands for the legal basis for data processing (Article 6 (1) (a) of the GDPR) expressed in the form of an explicit affirmative action. The User may at any time withdraw consent under the rights in accordance with Chapter V, but this means that he / she will not be able to continue participating in the event. Details on the purposes for which the Users' Personal Data - event participants are processed and other information are specified in the dedicated chapter on the protection of Personal Data in the Training Regulations available at the time of enrollment for the event.
X. PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE ORGANIZATION AND CONDUCTING OF COMPETITIONS
Sii processes Users' personal data in connection with organizing and conducting events. By signing up for the competition - using a special form or by sending an application to a dedicated e-mail address - the User gives consent to the processing of his Personal Data for the implementation of all activities related to the organized competition. Consent stands for the legal basis for data processing (Article 6 (1) (a) of the GDPR) expressed in the form of an explicit affirmative action. The User may at any time withdraw consent under the rights in accordance with Chapter V, but this means that he / she will not be able to continue participating in the competition. Details on the purposes for which the Users' Personal Data - competition participants are processed and other information are specified in the dedicated chapter on the protection of Personal Data in the Training Regulations available at the time of enrollment for the competition.
XI. PROCESSING OF PERSONAL DATA OF CUSTOMERS, POTENTIAL CUSTOMERS, SUPPLIERS
Sii processes Personal Data of:
Customers and suppliers - representatives of persons entered in the National Court Register, proxies as well as contact persons and delegated employees for the coordination of cooperation;
Potential customers and suppliers - representatives entered in the National Court Register, proxies and contact persons in connection with the ongoing talks on potential cooperation.
Detailed information is presented below:
Personal Data Controller: | Sii |
Source of obtaining Personal Data: | Public registers of business entities (applies to persons representing a business entity) |
Purpose of processing Personal Data | Coordination of cooperation. |
Legal basis: | Article 6 (1), point f GDPR - legitimate interest of Sii as the administrator of personal data |
Scope of processed personal data | Full name |
Personal data storage period | The time of Sii's cooperation with a customer / supplier or the period of negotiations with a potential supplier / customer. |
Recipients of Personal Data | Public administration bodies authorized under the provisions of law |
Personal Data protection rights | Details are presented in Chapter V of this Policy |
XII. PROCESSING OF PERSONAL DATA AND PROFILING
In Sii, profiling is understood as a form of automated processing of personal data that includes using some of User’s personal data. Obtained data may include information from social media profiles, location or data provided by Users via Sii’s website. It allows Sii to:
ensure a more conscious and better suited selection of job offers that will match User’s skills and experience (in case of job candidates),
tailor marketing and advertising materials to User’s interests and needs.
One of the tools used for profiling is Social Discovery which is a part of Click Dimensions application. It binds data provided to Sii by the User during recruitment process or subscribing to a newsletter with data available on social media (e.g. LinkedIn, Goldenline) also provided by that User. Data binding allows Sii to create User’s profile which can be used in:
providing information on job offers that take into account that person’s competences and professional experience,
sending marketing materials that cover that person’s preferences and interests,
sending information on planned trainings and events organized by Sii that cover competences or interests of that person.
Owing to that, we do not send irrelevant and unwanted information as well as reduce the risk of creating spam.
An example of such activities may be binding data provided during recruitment process (e.g. CV, covering letter) and contact data (e.g. e-mail, phone number) with information provided on websites such as LinkedIn or Goldenline (e.g. identification and contact data, professional experience description, education, skills or interests). In this case, binding data means connecting information from own IT systems (such as job candidate data kept in CRM) with information provided online.
Using this tool influences the scope of information sent to the User e.g. content of newsletter that may include information on trainings, events, current promotions or discounts. In case of recruitment, the obtained data allows making a decision whether the User should be still processes as a job candidate, have technical tests or be presented to a customer.
All of the abovementioned aspects of using the tool and its effects are the justified interest of Sii as a Data Controller (Art 6 (1) (f) of GDPR). The reason being that personal data obtained by the tool allows Sii to make decisions that enable decreasing the operational cost of recruitment processes, marketing activities that aim at building Sii’s reputation as a reliable company which focuses on the quality of provided services and worker satisfaction as well as respecting User’s needs and requirements in terms of sent information.
Sii ensures that information or data gained by the tool are used only for purpose described above and are not shared with other parties that specialize in creating such profiles. The User may object to profiling at any given moment according to chapter VIII, points 6-7 of this Policy. As a result, the User will not receive any marketing or sales information as well as updates with job offers tailored to his/her profile or competences. In addition, it also means that Sii will stop using the tool to profile this User’s personal data but is still able to process it in case of having a different legal basis e.g. consent.
XIII. SECURITY
Sii has implemented appropriate (organizational and technical) security measures to protect personal data from loss, misuse, unauthorized processing or modification. Sii is obliged to protect any information disclosed by Users in accordance to security and confidentiality standards.
Sii has implemented the Information Security Management System that is certified as compliant with international ISO 27001 security norms which ensure that Sii operates according to GDPR regulations in terms of implemented security measures for processing personal data (Art 32 of GDPR). Sii has proper procedures for managing accesses to IT systems that disable unauthorized workers from processing data. Sii’s workers are subjected to regular trainings regarding secure processing of personal data and current threats. In order to guarantee the security of personal data provided by the users, Sii uses dedicated SSL certificates that use data encryption keys based on most reliable encryption algorithms such as RSA or SHA (min. 1024 bites) to transfer data provided on Sii’s websites to IT systems.
XIV. COOKIES
Sii declares that www.sii.pl and other websites that belong to Sii use cookies. By using this website, the User agrees to the storage of cookies on his/her device as explained below.
Settings regarding cookies used on the www.sii.pl and other websites may be modified via our website or via a third-party website. Cookies are used to:
Customize content of webpages to User’s preferences, and to optimize their use (in particular, these files allow identification of User’s device and proper display of the webpage tailored to their individual needs),
Create statistics that help to understand how Users use the websites which leads to improving its structure and content,
Deliver m content tailored to Users’ interests.
Types of cookies used by Sii:
“Essential” cookies that enable the use of services available through the site e.g. allowing the use of sessions;
“Functional” cookies that allow the website to “remember” settings chosen by the User and personalize the interface e.g. in terms of selected mobile/desktop version, the last phrases typed by the User, website’s appearance etc.;
“Analytical” cookies that allow us to monitor the activity of Users on the website.
The User may block saving cookies by changing his/her browser settings. Disabling cookies may affect the functioning of the website. No change in User’s browser settings means accepting the use of cookies.
XV. MODIFICATIONS TO THE POLICY
In relation to the development and progress of technology and changing regulations, the principles set out in this Privacy Policy may change. Any changes to these rules will be communicated to Users by publishing the new contents of this document on the www.sii.pl/en/privacy-policy/ website.