Privacy & Cookie policy of SoftSystem Sp. z o.o.

10/13/2020 v. 2.0

Privacy policy of SoftSystem Sp. z o.o.

Introduction

The privacy policy was prepared in accordance with the obligation arising from the entry into force of the European provisions on the protection of personal data according to (EU) 2016/679 Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on free flow of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (EU Official Journal 119, 4.05.2016, p. 1). This document is a description of the privacy policy of SoftSystem Sp. z o.o. with headquarters at ul. Leszka Czarnego 6a, 35 615 Rzeszów. Privacy policy of SoftSystem Sp. z o.o. (hereinafter: the Policy) defines the rules, method of processing and using data and information from candidates and users of the website belonging to SoftSystem Sp. z o.o., i.e. www.softsystem.pl.
Please read the Policy carefully. By accessing the website belonging to SoftSystem Sp. z o.o. or by using it and sending us any personal data regarding applications, e.g. to participate in recruitment process and by reading the content of this Policy, the User accepts its terms and confirms that he/she has read its content.

1. Terms used in the policy

Personal data - information about a natural person whose identity can be determined directly on the basis of the content of information about him, or indirectly by combining this information with other additional information that allows to determine his identity. Consent to the processing of personal data - the consent of the data subject means voluntary, specific, conscious and unambiguous action confirming the consent to the processing of personal data concerning him.
GDPR – stands for Regulation of the European Parliament and of the Council 2016/679 (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and free movement of such data, and repealing Directive 95/46 / EC (General Regulation on data protection), according to which SoftSystem Sp. z o.o. processes Users' personal data.
User - a job candidate or a person visiting the website belonging to SoftSystem Sp. z o.o.
Services - services provided by SoftSystem Sp. z o.o. electronically via the website, i.e. sending documents necessary in the recruitment process.
Cookies - text files that are saved on the user's end device disk, used by the server to recognize the user's device when reconnecting. Cookies are downloaded each time you enter and exit the website. They are not used to determine the identity of users, but only their devices.

2. The purpose of policy

The purpose of this policy is to protect users' personal data and ensure the safe use of our company's websites. Please be advised that the principles contained in this Policy apply whenever you use the SoftSystem Sp. z o.o. website, as well as in any other case when you contact our company.
SoftSystem Sp. z o.o. declares that both websites and other tools used by the Company in its day-to-day operations meet the requirement of compliance with applicable law, in particular those that protect the privacy of natural persons, including Website Users, in particular:

  • (EU) 2016/679 Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 /WE. EU Official Journal. L. 2016 Nr 119/1 (GDPR)
  • Act of 18 July 2002 on the provision of electronic services, i.e. Journal of Laws from 2013 item 1422, as amended
  • Articles 173, 174 and 209 of the amended Telecommunications Law (Journal of Laws of 21.12.2012, item 1445), which adapted Polish provisions to EU Directives 2009/136 / EC and 2009/140 / EC. The Act entered into force on January 21, 2013, and since March 22, 2013 a new cookie policy has been in force.

3. Data Administrator

The data administrator is SoftSystem Sp. z o.o. with headquarters at ul. Leszka Czarnego 6a, 35-615 Rzeszów, represented by the Director. Contact regarding the processing of personal data is possible via the e-mail address: iodo@softsystem.pl or in writing at the Data Administrator's address given above.

People visiting SoftSystem Sp. z o. o. website should be aware that the information from the HTTP request directed to our company's server is identified by URL addresses, reveals the cookie ID and the public IP address from which the request came.
Providing personal data by the User is mandatory when the premise for the processing of personal data is a law or an agreement concluded between the parties, whereas not providing personal data may result in the inability to achieve the purposes for which personal data are collected or the inability to conclude such an agreement. In case entering personal data is necessary to complete the process or service, the User shall be informed about it.
In connection with data processing, there will be no automated decision making or profiling. There may be cases when the Administrator transfers User’s personal data to a third country or international organizations. The subject to whom personal data pertains shall be informed about each such case.
In order to ensure the protection of the rights and freedoms of natural persons in connection with the processing of personal data and to ensure compliance with the requirements of the GDPR, SoftSystem Sp. z o.o. has implemented appropriate organizational and technical measures. This is demonstrated by internal policies, procedures and regulations that have been followed.

4. Purposes and legal grounds for data processing

Data is processed, in particular, to:

  1. perform the contract to which the data subject is a party or take action at the request of the data subject before concluding the contract - based on the consent given to the processing of data to the extent and for the purposes set out in the content of the consent - pursuant to art. 6 clause 1 lit. a) GDPR.
  2. implement tasks arising from the fulfillment of legal obligations incumbent on the Administrator - art. 6 clause 1 lit. c) GDPR and / or
  3. implement contracts concluded with contractors - art. 6 clause 1 lit. b) GDPR
  4. conduct recruitment process
  5. run a fanpage of our company under the name „softsystemrzeszow” (art.6 par.1lit.f GDPR)

5. Personal Data recipients

The recipients of personal data may be partner companies / companies cooperating with SoftSystem Sp. z o.o. and their employees authorized to obtain personal data on the basis of legal provisions or an appropriate agreement with the administrator, and are obliged to maintain confidentiality and due protection of such information, subcontractors and entities providing services to SoftSystem Sp. z o.o., who must have access to data to perform their duties.

6. Data retention period

Personal data provided to SoftSystem Sp. z o.o. will be processed for the period necessary to achieve the purpose(s) for which they were collected, and after that for the period and to the extent required by the provisions of generally applicable law. Personal data is processed according to its useful life and then destroyed.

7. Safety

SoftSystem Sp. z o.o. provides a level of security corresponding to the risk of violation of the rights and freedoms of natural persons as a result of the processing of personal data. SoftSystem Sp. z o.o. applies and implements appropriate personal data security measures. For this purpose it:

For this purpose it:

  1. ensures an appropriate state of knowledge about information security, cybersecurity and business continuity - internally or with the support of specialized entities
  2. categorizes the data and processing activities in terms of the risks they present
  3. conducts risk analyses of violation of the rights or freedoms of natural persons for data processing activities or categories thereof
  4. sets out organizational and technical security measures that can be used, such as pseudonymization, personal data encryption and other cyber security measures, which constitute the ability to continually ensure the confidentiality, integrity, availability and resilience of systems and processing services

8. User’s Rights

In accordance with chapter III, art. 15-21 GDPR, the User has the following rights in connection with the processing of his personal data by SoftSystem Sp. z o.o.:

  1. The right to access your personal data,
  2. The right to correct processed data,
  3. The right to delete data ("the right to be forgotten"),
  4. The right to limit data processing,
  5. The right to transfer data,
  6. The right to object to further data processing,
  7. The right not to be subject to decisions based solely on automated processing, including profiling.

The implementation of each of the aforementioned rights is at the User’s request. SoftSystem Sp. z o.o. examines the submitted application and sends a response within 1 month of the date of receipt of the application (if it does not meet this request, it will provide the reasons). The administrator provides the opportunity to submit these requests electronically at iodo@softsystem.pl.

As part of the rights, the User may at any time withdraw consent to further processing of personal data for purposes that require consent, provided that the withdrawal of consent does not affect the legal use of personal data in activities carried out on the basis of consent before its withdrawal.
Under the right of access, the User is entitled to obtain the following information in the form of a copy:

  1. The purposes of processing personal data;
  2. Categories of personal data - what data we process, e.g. name, surname, telephone number;
  3. Information about recipients or categories of data recipients - to whom (person, company, institution) data may be transferred;
  4. Information on the right to request from SoftSystem Sp. z o.o. to correct data, delete it or limit its processing and to object to specific data processing;
  5. Information on the possibility to submit a complaint to the Office for Personal Data Protection;
  6. Information about the data source, if the data was not obtained directly from the User - an indication of the person or company or institution that provided personal data;
  7. On the use of profiling: on what principles it is taken, what can be the consequences of profiling for the User.
SoftSystem Sp. z o.o. stipulates that it has the option of not answering the request or answering later than up to two months due to the number of inquiries or the complex nature of the inquiry. By complicated nature we understand the need to collate data from many IT systems or the need to consult more than one person from a department or departments in order to obtain the information that is the subject of the application.
In both of the aforementioned situations, SoftSystem Sp.z o.o. undertakes to inform the User of this fact, providing justification each time.

9. Breach reporting

The Data Administrator is obliged to report the breach of personal data protection to UODO and the data subject, for which this situation may pose a threat to their rights and freedoms. The Personal Data Administrator is obliged to document personal data breaches.
Possible notification will be made "without undue delay" and, if feasible, no later than 72 hours after the violation has been established. If the violation is unlikely to result in a threat to the rights and freedoms of natural persons, possible notification will take place after the time specified in the GDPR and will contain reasoned explanations.
The notification will contain: description of the breach, category of data, approximate number of data subjects, number of entries affected by the breach, description of the consequences of the breach and description of the measures that have been applied or which the Administrator proposes in order to correct the situation or minimize the negative consequences of the breach.

10. Sharing websites of other entities

On SoftSystem Sp. z o.o. website there are links to websites of other entities, i.e. SCC Soft Computer and ISD Information Systems. Our company has no influence on the privacy policy of their websites and bears no responsibility for it.

11. Recruitment

SoftSystem Sp. z o.o. recruits for new positions through its website www.softsystem.pl/career/recruitment, social networking sites as well as direct contact.

The data is collected only for the needs of the recruitment process (as well as future recruitment processes). The personal data provided will be processed only subject to consent to processing, which means that without consent to the processing of personal data in the recruitment process it will not be possible to accept and consider the application. This consent applies to all documents submitted as part of recruitment processes. Consent to the processing of data for the purposes of future recruitments is not mandatory.

The following may be the recipients of your personal data in the recruitment process:

  • state authorities or other entities authorized pursuant to legal provisions,
  • persons authorized by the administrator,
  • entities supporting recruitment processes,
  • entities processing personal data at the request of the administrator to perform the obligations incumbent on the administrator, including subcontractors, suppliers of external systems supporting the administrator's activities.

Sharing data may only take place for the benefit of authorized entities resulting from legal provisions.

INFORMATION CLAUSE FOR PERSONS PARTICIPATING IN RECRUITMENT PROCESSES.

Data Administrator

Please be advised that the administrator of your personal data is SoftSystem Sp. z o.o. with headquarters in Rzeszów at ul. Leszka Czarnego 6A, 35-615 Rzeszów, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Rzeszów, XII Commercial Department of the National Court Register, under KRS number 0000065507, REGON number 001417972, NIP 521-00-91-158, the share capital is 640,794.00 PLN, hereinafter referred to as "Administrator"

Data Protection Officer (IODO)

We have appointed a Personal Data Protection Inspector who can be contacted at: iodo@softsystem.pl

Purpose and legal basis for data processing

Your personal data, to the extent indicated in the provisions of labor law1, will be processed in order to carry out the current recruitment procedure2, while other data, including contact details, will be processed based on consent3, which may be withdrawn at any time.
Your personal data will be processed by SoftSystem Sp. z o.o. also in future recruitment processes, provided you grant your consent4, which may be withdrawn at any time.

If the documents contain the data referred to in art. 9 item 1 GDPR, your consent for this data processing5 will be necessary, but can be withdrawn at any time.
1 1Article 22 of the Act of 26 June 1974 of Labor Code (Journal of Laws of 2018, item 917, as amended) and §1 of the Regulation of the Minister of Labor and Social Policy of May 28, 1996 on the scope of keeping records by employers in matters related to the employment and the manner of keeping employee personal files (Journal of Laws of 2017, item 894, as amended);
2 2Article 6 para. 1, (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation ) (Official Journal of the EU L 119 of 04/05/2016, p. 1, as amended) (hereinafter: GDPR);
3 Article 6 para. 1 point a GDPR;
4 Article 6 para. 1 point a GDPR;
5 Article 9 para. 2 point a GDPR.

Recipients of personal data

Your data may be transferred to:

  • state authorities or other entities authorized pursuant to legal provisions,
  • persons authorized by the administrator,
  • entities supporting recruitment processes,
  • entities processing personal data at the request of the administrator to perform the obligations incumbent on the administrator, including subcontractors, suppliers of external systems supporting the administrator's activities.

Transferring data outside the EEA

Your data may be transferred to a partner in the USA and/or Europe in connection with the implementation of business processes.

Data storage period

Your data collected in the current recruitment process will be stored until the recruitment process is completed.
Regarding your consent for the use of personal data for future recruitment purposes, your data will be used for the next 12 months starting from the end of the recruitment process.

Rights of data subjects

You have the right to:

  1. the right to access your data and receive a copy of it;
  2. the right to correct your personal data;
  3. the right to limit the processing of personal data;
  4. the right to delete personal data;
  5. the right to lodge a complaint with the President of the UODO (to the address of the Office for Personal Data Protection, ul. Stawki 2, 00 - 193 Warsaw)

Information on the requirement to provide data:

Providing your personal data in the scope resulting from art. 221 of the Labor Code is necessary to participate in the recruitment procedure. Providing other data is voluntary.

Profiling:

Please be advised that we do not make decisions in an automated manner and your data is not profiled.

12. Portals/Social media

SoftSystem Sp. z o.o. Social media are run for image and recruitment purposes. They are used to promote the company, including its experts, products, events and business successes. They constitute one of the external communication channels of SoftSystem Sp. z o.o.
SoftSystem uses such portals as:

  • LinkedIn
  • Facebook
  • Instagram
  • YouTube

Information clause for visitors to our channels on social media in the field of processing personal data in connection with the fanpage run by SoftSystem Sp. z o.o. with headquarters in Rzeszów at ul. Leszka Czarnego 6A, 35-615 Rzeszów, on social networking sites Facebook / Instagram / LinkedIn / YouTube on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), the so-called RODO.

1. Data Administrator

Please be advised that the administrator of your personal data is SoftSystem Sp. z o.o. with headquarters in Rzeszów at ul. Leszka Czarnego 6A, 35-615 Rzeszów, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Rzeszów, XII Commercial Department of the National Court Register, under KRS number 0000065507, REGON number 001417972, NIP 521-00-91-158, the share capital is 640,794.00 PLN, hereinafter referred to as "Administrator". The Administrator can be contacted by e-mail: iodo@softsystem.pl or by post at the address specified above.

2. Categories of persons whose data are processed and scope of processed data

  1. The administrator processes the data of persons who:
    • subscribed to Facebook / Instagram / LinkedIn / YouTube fanpage of SoftSystem Sp.z o.o. by clicking the "Like"; "Follow"; "Subscribe" icon.
    • posted their comment, shared it or clicked the "Like", "Recommend", "I like it" icon under any of the posts posted on Facebook / Instagram / LinkedIn / YouTube fan page of SoftSystem Sp. z o.o.;
    • shared any of the materials posted on Facebook / Instagram / LinkedIn / YouTube fanpage of SoftSystem Sp. z o.o. on their profile
    • sent a private message to SoftSystem Sp. z o.o. via the "Send message" function available on Facebook / Instagram / LinkedIn / YouTube fanpage of SoftSystem Sp. z o.o.
  2. The administrator processes the following types of personal data:
    • Facebook / Instagram / LinkedIn / YouTube nametag (usually containing name and surname or nickname);
    • profile picture if present;
    • information that you provide to the Administrator (e.g. by sending a private message, reaction to posts, the content of comments added or photos published on Facebook / Instagram / LinkedIn / YouTube of SoftSystem Sp.z o.o. fanpage).

3. Purposes and basis for data processing

The administrator processes your personal data:

  1. on the basis of a legitimate interest (art.6 par.1 lit.f GDPR) consisting of:
    • running a SoftSystem Sp.z o.o. fanpage under the name „softsystemrzeszow” on social networking site Facebook,
      fanpage under the name „softsystemrzeszow” on Instagram portal,
      LinkedIn under the name„SoftSystem Sp. z o.o” ,
      YouTube „SoftSystem Rzeszów” on the terms and conditions set out by Facebook / Instagram / LinkedIn / YouTube and informing via it about the Administrator's activity, promoting events and brands, products and services, building and maintaining a community with the Administrator and in order to communicate via the available functionalities of Facebook / Instagram / LinkedIn / YouTube (comments, messages );
    • possible determination, investigation or defense against claims.
      • on the basis of separately granted consent to the extent and purpose specified in the content of the consent and for the time to withdraw the consent (the basis of Article 6 paragraph 1 point a. or Article 9 paragraph 2 point a of the GDPR);
      • on the basis of statutory requirements in order for the Administrator to fulfill legal obligations arising from legal provisions (basis from Article 6 paragraph 1 letter c of the GDPR).

4. Data recipients

Your data will be accessible to:

  1. persons authorized by the administrator, subcontractors and entities processing personal data at the request of the administrator (including IT services, technical support) who have to access the data in order to fulfil their duties;
  2. other Facebook / Instagram / LinkedIn / YouTube Users (due to the fact that information about people following the fanpage and profiles, information about likes, as well as the content of comments and posts and other information provided by Users are public);
  3. public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes that result from the provisions of generally applicable law;
  4. owner of social networking site Facebook / Instagram / LinkedIn / YouTube on the principles set out in their Regulations.

5. Transfer of data to third countries or international organizations

SoftSystem Sp. z o.o. transfers data to third countries (i.e. outside the EU, Norway, Liechtenstein, Iceland) or to international organizations and ensures the lawful conditions of such transfer, if it occurs. At the beginning of each new project, SoftSystem Sp. z o.o. (in order to comply with the Privacy by design principle) assesses the compliance of this project with the provisions on the protection of personal data.

6. Data retention period

Data processing period is related to the purposes and grounds for their processing, therefore:

  1. data processed on the basis of consent will be processed until the consent is withdrawn;
  2. data processed on the basis of statutory requirements will be processed for the time during which the law requires the storage of data;
  3. data processed on the basis of the Administrator's legitimate interest will be processed until such objection is effectively lodged or that interest ceases, e.g. data processed for the purpose of pursuing or defending against claims will be processed for a time equal to the period of limitation of these claims.

7. Rights

You have the right to:

  1. request access to your personal data, correct, delete or limit processing, as well as the right to transfer data,
  2. withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal;
  3. object to the processing of your data for the purposes of direct marketing at any time;
  4. object to the processing of data due to your particular situation;
  5. lodge a complaint to the President of the Office for Personal Data Protection, ul. Stawki 2; 00-193 Warsaw.

8. Information on the data source

The Administrator receives your personal data directly from you through the Facebook / Instagram / LinkedIn / YouTube fanpage entries, from the Facebook / Instagram / LinkedIn / YouTube portal and your public profile.

9. Other information

  1. Personal data will not be processed in an automated manner. It may happen that in the case of data processing based on "cookies", your data may be processed in an automated manner, but only for the purpose of marketing services.
  2. Providing your data is voluntary.
In addition, SoftSystem Sp. z o.o. indicates that together with Facebook Ireland Limited / LinkedIn Corporation / Google LLC, D / B / A YouTube act as co-administrators in the field of data processing for the purposes of statistics.

13. Cookies Policy of SoftSystem Sp. z o.o.

The cookie policy was prepared in accordance with the obligation arising from the amendment to the Telecommunications Law, which has been in force since March 22, 2013.
SoftSystem uses cookies to maintain user preferences related to browsing the company's website and cookies to indicate that the cookie privacy policy has been accepted.

Each user may not consent to the placement of cookies on his end device. In order to do this, use the option to disable the download and storage of cookies in your web browser. Deleting cookies leads to the loss of the possibility of using some of the website's functionalities. If you do not change these settings, you accept the cookies used.
The website uses two basic types of cookies - session and permanent. Session files are temporary, they are stored until you leave the website (by accessing another page or turning off the browser). Permanent files are stored in the user's end device until they are deleted by the user or for the time resulting from their settings.
Cookies used by the website (placed on the user's end device) can be made available to its partners.
All consents issued by the user are stored as consent documentation, which provides evidence in the event of an inspection.
The website uses so-called "Prior consent", which means that the execution of all scripts, except those necessary for the operation of the site, is stopped until consent is given.
All consents are collected automatically using a secure connection and stored as encrypted data.

Legal basis:
Articles 173, 174 and 209 of the amended Telecommunications Law (Journal of Laws of 21.12.2012, item 1445), which adapted Polish provisions to EU Directives 2009/136 / EC and 2009/140 / EC. The Act entered into force on January 21, 2013, and since March 22, 2013. a new cookie policy has been in force.

14. Change of Policy

Due to the development and progress of technology and changing legal provisions, the principles set out in this Privacy Policy may change. The User will be informed about the change of these rules by posting new content of this document on the website: Privacy & Cookie policy of SoftSystem Sp. z o.o.