Privacy Policy
The Privacy Policy informs how we process personal data of users of our services (websites, applications), and above all:
- who is the administrator of your personal data,
- what data we process,
- for what purpose and on what basis do we process data,
- how long we process data,
- what rights our users have as personal data subjects,
- who we share data with.
Administrator – HUMAN IT GROUP spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Wrocław, KRS: 0000767522 and HUMAN IT GROUP spółka z ograniczoną odpowiedzialnością with its registered office in Wrocław, KRS: 0000764980
Contact with the Administrator is possible via e-mail: hello@humanit.group or in writing to the address of the Administrator's registered office.
Personal data – any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, the economic, cultural or social identity of the individual;
Processing – operations or a set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, structuring, storing, adapting or modifying, downloading, viewing, using, disclosing by sending, disseminating or otherwise making available , aligning or combining, restricting, deleting or destroying;
User – any natural person visiting the Website or using the services or functionalities described in this Privacy Policy;
Purposes, legal bases and periods of processing your personal data by the Administrator vary depending on the process in which this processing occurs.
1. Use of the website
When using the Website, your personal data is processed for the purposes of providing electronic services in the scope of making available to Users the content collected on the Website and for analytical and statistical purposes. The data is processed pursuant to Art. 6 section 1 letter b GDPR - necessity of processing for the conclusion and performance of the contract and Art. 6 section 1 letter f GDPR - implementation of the Administrator's legitimate interest, consisting in conducting analyzes of Users' activity, as well as their preferences in order to improve the functionalities used and the services provided. The administrator processes data for the period necessary to provide the service, and then for the period related to the pursuit or defense of claims.
2. Offering
The purpose of processing personal data is to send commercial offers to conclude a contract. The data is processed pursuant to Art. 6 section 1 letter b GDPR – processing is necessary to conclude and perform the contract; at the request of the data subject - taking action before concluding the contract. If a contract is concluded, personal data is processed for the duration of the contract and then for the period of limitation of claims arising from the contract. If no contract is concluded, we process data for up to 1 month after the end of the offer period. If the offer validity period is not specified - for a period of 3 months from the last contact.
3. Conclusion and implementation of the contract for the provision of services
The purpose of personal data processing is to conclude contracts and provide or use services based on them. The data is processed pursuant to Art. 6 section 1 letter b GDPR – processing is necessary to conclude and perform the contract; at the request of the data subject - taking action before concluding the contract. Personal data is processed for the duration of the contract and then for the period of limitation of claims arising from the contract.
4. Conducting recruitment
The administrator processes data of job candidates in the recruitment process in order to employ employees. Data processing is based on Art. 6 section 1 letter b GDPR – processing is necessary to conclude and perform the contract; at the request of the data subject - taking action before concluding the contract. The data is processed for the duration of the recruitment process. If you express additional consent to the processing of data for future recruitment purposes, we will process your data for a maximum period of 2 years from the date of their entry into the Administrator's database or from the date of last contact with you, depending on which date is later.
5. Contact form
The administrator processes the data provided in the contact form in order to recruit a candidate or to answer other questions provided in the form. Data processing is based on Art. 6 section 1 letter a GDPR or Art. 6 section 1 letter f GDPR - based on the consent / at the request of the candidate and to implement the legitimate interest of the Administrator, which is the need to provide proper service to people visiting the Website.
6. Newsletter
The Administrator processes data when sending the newsletter (in the form of electronic messages that may contain commercial information) for advertising, promotional and marketing purposes related to the Administrator's business activities. Data processing is based on the consent of the data subject - Art. 6 section 1 letter a GDPR. The data is processed for a maximum period of 2 years from the date of entering your data into the Administrator's database or from the date of the last contact with you, depending on which of these dates is later.
7. Direct marketing of the administrator's own products and services using electronic means of communication (e-mail, telephone, SMS)
The Administrator sends electronic messages containing marketing information for advertising, promotional and marketing purposes related to the Administrator's business activities. Data processing is based on consent – Art. 6 section 1 letter a GDPR. The data is processed for a maximum period of 2 years from the date of entering your data into the Administrator's database or from the date of the last contact with you, depending on which date is later.
8. Determining, investigating and defending against claims
The administrator processes your data for the purpose of debt collection, conducting court proceedings and defending against claims. Processing is based on Art. 6 section 1 letter f GDPR - the legitimate interest of the Administrator is the need to pursue or defend against claims. The data is processed during the limitation period for claims, in accordance with the provisions of generally applicable law.
USE OF COOKIES AND SIMILAR TECHNOLOGIES - you may object to the storage of information about you using the tools described below as part of the cookie settings on the Website and decide which tools the Administrator will be able to use during your visit to the Website.
1. Cookies
The administrator uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to him use cookies to store information or gain access to information already stored in the User's telecommunications end device (computer, telephone, tablet, etc.). Cookies used for this purpose include: cookies with data entered by the User (session identifier) for the duration of the session (user input cookies); authentication cookies used for services requiring authentication for the duration of the session (authentication cookies); cookies used to ensure security, e.g. used to detect authentication abuses (user centric security cookies); multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies); persistent cookies used to personalize the User's interface for the duration of the session or slightly longer (user interface customization cookies);
2. Google Analytics
The administrator uses Google Analytics analytical tools, which collect information about visits to the website, such as the subpages you have viewed, the time you spent on the website or the transition time between individual subpages. For this purpose, Google LLC cookies are used for the Google Analytics service. Google Analytics collects demographic and interest data. Neither the Administrator nor Google uses the collected data to identify the User or combines this information to enable your identification. Detailed information about the scope and principles of data collection in connection with this service can be found at the link:https://www.google.com/intl/pl/policies/privacy/partners.
3. Google tag manager
The Administrator uses the Google Tag Manager marketing tool to control marketing campaigns and how you use the Website. For this purpose, Google LLC cookies related to the Google Tag Manager service are used. Neither the Administrator nor Google uses the collected data to identify the User or combines this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found at the link:https://www.google.com/intl/pl/policies/privacy/partners.
4. Linkedin insight tag
The controller uses the LinkedIn Conversion Tracking retargeting tool from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"). For this purpose, the LinkedIn Insight Tag code is installed on the Website, which enables LinkedIn to collect statistical, pseudonymous data about your visits and use of our website and to provide the Administrator with aggregated statistical summaries on this basis. This information also allows you to display personalized offers and recommendations. Neither the Administrator nor the tool uses the collected data to identify the User or combines this information to enable your identification. Detailed information about the scope and principles of data collection in connection with this tool can be found at the link:https://www.linkedin.com/help/linkedin/answer/90274/manage-your-linkedin-ads-settings?lang=en
5. Facebook pixel
The administrator uses the Facebook Pixel marketing tool to target you with personalized ads on Facebook. This involves the use of Facebook cookies. The information collected as part of Facebook Pixel is anonymous, i.e. it does not allow me to identify you. Facebook is certified under the Privacy Shield Agreement and therefore guarantees compliance with European data protection regulations https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. Detailed information about the scope and principles of data collection by Facebook can be found at:https://www.facebook.com/about/privacy/update.Specific information and details about Facebook Pixel and how it works are available in the Facebook Help section athttps://www.facebook.com/business/help/651294705016616.This function can be disabled as shown at https://de-de.facebook.com/business/help/1415256572060999?helpref=uf_permalink or at https://www.facebook.com/settings?tab=ads. To do this, log in to Facebook.
6. Bitrix24
The Administrator uses the Bitrix24 marketing tool provided by Bitrix, Inc. (headquarters address: 901 N. Pitt St, Suite 325 Alexandria VA 22314 USA), collecting data enabling the identification of a specific person in accordance with voluntarily provided categories. Data is stored within the European Union (Frankfurt, Germany) on fully GDPR-compliant Amazon Web Services data centres. More information about the scope and principles of data collection in connection with this tool can be obtained from the link below:https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/. At the same time, information regarding GDPR compliance and the Privacy Policy document are available at the linkhttps://www.bitrix24.com/gdpr/ .
7. Bazo.io
The Administrator uses the BAZO.IO tool provided by Bazo sp. z o. o. based in Lublin in connection with the use of the BAZO.IO product - to collect the following information about your visits to the Website: date and frequency of your visits to the Website, IP address Your devices, tabs visited while visiting the Website, contact details. BAZO meets the requirements of the GDPR as an administrator and processor of personal data. More information about the processing of your data by Bazo sp. z o.o. you will find on the website:https://bazo.io/).
8. Hotjar
The Administrator uses the Hotjar tool, provided by Hotjar Limited, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta - in order to analyze your behavior on the Website, information such as: date and frequency of your visits are stored on the Website, the IP address of your device, bookmarks visited during visits to the Website, contact details. Hotjar does not use this information to identify you. More information about the processing of your data by Hotjar can be found at: https://www.hotjar.com/legal/policies/privacy.
SOCIAL MEDIA. The Administrator processes personal data of Users visiting the Administrator's profiles on social media (Linkedin, Facebook, Instagram). This data is processed solely in connection with maintaining the profile, including to inform Users about the Administrator's activity and to promote various types of events, services and products. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR) consisting in promoting its own brand.
CATEGORIES OF PERSONAL DATA PROCESSED
The Administrator processes the following categories of Personal Data belonging to job candidates, (future/potential) business partners of the Administrator, employees or associates of (future/potential) business partners of the Administrator and other persons contacting the Administrator or persons contacted by the Administrator:
-
identification data (in particular: name and surname, date of birth, identity document series and number, company name, NIP, REGON number) and address data (registered office address, correspondence address, addresses of commercial outlets),
-
contact details (e-mail, telephone number),
-
data about the job position held, professional experience, and qualifications,
-
financial data, including bank account number, bank/financial institution details, VAT invoice data,
-
information obtained when using our website, in particular IP addresses, text files,
-
other data provided by you in any form - necessary for the purpose for which they were made available;
SOURCES OF OBTAINING DATA. All data is obtained by the Administrator in the following way:
-
information provided voluntarily and directly by you (e.g. in the contact form, in the order form, by exchanging business cards, during a telephone conversation, when concluding and implementing a contract, providing services);
-
information obtained when using our website, in particular: IP address, text files;
-
data of employees or associates of the Administrator's business partners (contractors, subcontractors) - come directly from them or from their employer/entity they represent;
-
data of candidates working for the Administrator - come directly from them or from external recruitment agencies or were provided by employees and associates of the Administrator as part of promotional programs and campaigns, such as the referral program,
-
from publicly available sources, in particular databases and registers: Central Registration and Information on Economic Activity (CEIDG), National Court Register (KRS), REGON database;
-
from databases.
DATA RECIPIENTS :
-
other entities from the Group,
-
entities providing services to the Administrator, including: accounting, HR, recruitment, legal, debt collection, IT, infrastructure, and such entities process data as subcontractors, based on an agreement with the Administrator and only in accordance with his instructions,
-
entities conducting postal or courier activities,
-
by bank.
The Administrator reserves the right to disclose selected information about you to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
RIGHTS OF PERSONS TO WHOM THE DATA CONCERN :
-
access to your data, request its rectification, deletion or limitation of its processing;
-
withdrawal of consent to the processing of personal data to the extent that your personal data is processed on the basis of consent; Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal;
-
object to the processing of personal data to the extent that the basis for the processing of personal data is the legitimate interest of the Administrator;
-
transfer of personal data, i.e. to receive information from the Administrator about the personal data being processed, in a structured, commonly used, machine-readable format, to the extent that your data is processed for the purpose of concluding and performing a contract or on the basis of consent;
-
submit a complaint to the President of the Office for Personal Data Protection at the following address: ul. Stawki 2, 00-193 Warszawa, if you consider that the processing of your personal data violates the provisions of the GDPR.
In order to exercise the above rights, please contact the Data Administrator or the personal data protection coordinator at the following e-mail address: hello@humanit.group
DATA PROCESSING OUTSIDE THE EU. Your personal data may be transferred outside the European Economic Area (including the European Union, Norway, Liechtenstein and Iceland) (hereinafter: EEA) in connection with the cooperation of the Administrator with business partners based outside the EEA (Ukraine) and the provision of IT services to the Administrator and infrastructure. In order to ensure an adequate level of protection in the event of transfer of your data outside the EEA, the Company uses standard contractual clauses issued by the European Commission in accordance with Art. 46 section 2 letter c GDPR.
SECURITY OF PERSONAL DATA. The administrator conducts risk analysis on an ongoing basis to ensure that personal data is processed in a safe manner - ensuring, above all, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. . The administrator ensures that all operations on personal data are recorded and performed only by authorized employees and collaborators. The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities guarantee the use of appropriate security measures whenever they process personal data on behalf of the Administrator.