INFORMATION RELATING TO THE PROCESSING OF PERSONAL DATA

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), we provide You with the following information related to the processing of Your personal data in connection with Your application in the internal* recruitment process conducted by SHIMI SP. Z O.O.

* The Controller, as an Employment Agency, conducts both ‘external’ recruitment – relating to the provision of services to end recipients other than the Controller or conducted on behalf of other entities and ‘internal’ recruitment – for positions within the Controller’s internal organisational structure. This information clause relates to “internal” recruitment and includes information on the processing of personal data only for the purposes of “internal” recruitment.

1. Data of the personal data Controller

The controller of Your personal data provided in Your CV and in the recruitment form as well as additional data provided during the recruitment process is: SHIMI SP. Z O.O. based in Warsaw (ul. Nowogrodzka 50/54 lok. 515, 00-695 Warszawa) (hereinafter referred to as the “Controller“). You can contact the Controller in the following way:

• by e-mail: recruitment@shimi.pl;
• • by phone: +48 518 491 962
• By mail to the address: ul.
  Nowogrodzka 50/54 loc. 515, 00-695 Warsaw.

The Controller will decide on the purposes and methods of processing Your personal data and on the methods of securing them.

2. Data Protection Officer

In all matters relating to the processing of Your personal data, You can contact the Data Protection Officer appointed by us, as follows:

• • by e-mail: Daria.Lytvyn@shimi.pl;
• • by post to the following address: SHIMI SP. Z O.O. / Data Protection Officer, ul. Nowogrodzka 50/54 lok. 515, 00-695 Warsaw.

3. Legal basis and purposes of processing

Your personal data, contained in Your CV and recruitment form, as well as additional data provided during the recruitment process, may be processed for the following purposes and on the following grounds:

• 1) PURPOSE 1 | In order for the Controller to conduct recruitment for the position for which You are applying whereby, in the course of the recruitment process, the following activities concerning Your personal data will be undertaken in particular:
• assessing Your qualifications to work in the position covered by the recruitment and conduct a job interview,
• preparation of formal and legal documents related to participation in the recruitment process.

BASIS:

In the case described in this point 1), the Controller processes the personal data of candidates on one of the following bases, depending on the expected form of employment or cooperation chosen by You (i.e. on the basis of an employment contract or on the basis of a civil law contract, in particular a b2b cooperation contract, a mandate contract or a contract for specific work).

• • IN THE CASE OF EMPLOYMENT CONTRACT: The Controller only requires the provision of personal data as specified in Article 22¹ § 1 of the Labour Code [1] in order to participate in the recruitment. Personal data are processed by the Controller on the basis of:
  • o personal data to the extent indicated in 22¹ § 1 points 1)-3) of the Labour Code (1. first name(s) and surname; 2. date of birth; 3. contact data indicated by the candidate) – based on art. 6 paragraph. 1(c) RODO, i.e.
    processing is necessary for the fulfillment of the Administrator’s legal obligation under labor law ;
  • o personal data to the extent indicated in 22¹ § 1 (4)-6) of the Labour Code (4. education; 5. professional qualifications; 6. course of previous employment) – on the basis of Article 6(1)(f) of the GDPR, i.e. the processing is necessary for the purposes resulting from the legitimate interests pursued by the Controller (enabling the Controller to select the right and best candidate from the point of view of his/her experience in a specific position, possession of relevant education and professional qualifications);
  • Provision of other data to the extent not specified in the provisions of Article 22¹ § 1 of the Labour Code will be treated by the Controller as consent to the processing of such personal data – in such a situation, the basis for processing is Article 6(1)(a) of the GDPR (i.e. Your consent to the processing of personal data); Giving consent in this case is voluntary, and consent so given can be revoked at any time.
• IN THE CASE OF A CIVIL LAW CONTRACT (A B2B COOPERATION AGREEMENT / A MANDATE CONTRACT OR A CONTRACT FOR SPECIFIC WORK): Personal data is processed by the Controller on the basis of:
  • Your consent (Art. 6(1)(a) of the GDPR) expressed by the explicit action of submitting the recruitment form together with Your CV to the Controller; Consent in this case is voluntary and consent so given can be revoked at any time.
• 2) PURPOSE 2 | In order to add to the candidate database and to conduct, within the next 3 years, future internal recruitment processes by the Controller (for positions within the controller’s internal organisational structure) if You express Your consent as part of the recruitment form.

BASIS – in such a situation, Your personal data will be processed on the basis of Your voluntary consent (Article 6(1)(a) of the GDPR), whereby in each such recruitment process the recruitment activities indicated above (as for the recruitment for the position You are applying for) will be undertaken concerning Your personal data.

If You provide the data referred to in Article 9(1) of the GDPR, Your explicit consent to their processing will be required (Article 9(2)(a) of the GDPR), which can be revoked at any time.

Your personal data shall not be subject to automated decision-making, including profiling linked to automated decision-making, i.e. profiling that would take place without human intervention and produce legal effects or similarly affect You.

4. Period of retention of personal data

Your personal data will be processed until the end of the recruitment process in which you are participating. If you consent to the processing of your data for the purposes of future recruitment, your personal data will be processed for the duration of further recruitment conducted by the Administrator over the next 3 years.
In addition, if you withdraw your consent to data processing, the processing period will be shortened and will last until you withdraw your consent to further processing – which applies to both described cases of personal data processing.

5. The recipients of the personal data

Your personal data may be shared with:

• service providers supplying the Controller with technical and IT solutions enabling business activity, including the provider of the “Recrutity.pl” recruitment system, as well as other entities supporting the Controller’s activities to whom the Controller entrusts the processing of personal data on a contractual basis (i.e. in accordance with Article 28 of the GDPR);
• entities/persons authorised for this under the law.

6. Transfers of personal data to third countries or international organisations

The Controller has no intention to transfer Your personal data to a third country (i.e. a country outside the European Economic Area) or an international organisation.

7. Rights related to the processing of personal data

You have the right to request from the Controller access to Your personal data and to receive a copy of Your personal data, rectification (amendment), erasure or restriction of processing, the right to data portability and the right to object to processing and the right to lodge a complaint to the President of the Office for Personal Data Protection (to the address of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw).

To the extent that Your data is processed on the basis of a separate consent, You have the right to withdraw Your consent at any time. However, this will not affect the lawfulness of the data processing based on consent before its withdrawal.

8. Obligation/voluntariness to provide data

The provision of personal data is voluntary, but failure to do so will result in Your inability to participate in the conducted recruitment, as well as the inability to add Your data to the candidate database and participate in future recruitment processes conducted by the Controller.

[1] Article 22¹ § 1 of the Labour Code: “§ 1. The employer shall require the person applying for employment to provide personal data including: 1) first name(s) and surname; 2) date of birth; 3) contact details indicated by such person; 4) education; 5) professional qualifications; 6) course of previous employment “.