§.1 General provisions – protection of privacy
- Contract Administration Sp z o.o. with its registered office in Warsaw at the following address: ul. Hrubieszowska 2, entered into the Register of Entrepreneurs under KRS number 0000167447, taxpayer identification number NIP: 5252271480, Polish business registry number REGON: 015518202, is the personal data controller. Data protection is provided pursuant to the universally binding provisions of the law, and the data is stored on protected servers.
- As a personal data controller (hereinafter “Controller”) Contract Administration Sp z o.o. is committed to the protection of privacy and ensuring confidentiality of the personal data entered by the internet users in the electronic forms on the website located at the following URL: https://www.ca-staff.eu/ (hereinafter “ca-staff.eu”).
- In matters concerning the processing of personal data, the user can contact the Data Protection Officer (DPO) appointed by the Administrator:
Iwona Rzońca, firstname.lastname@example.org, Contract Administration Sp z o.o., ul. Hrubieszowska 2, 01-209 Warszawa.
- The Controller exercises due diligence in selecting and applying the appropriate technical and organisational measures ensuring the protection of the personal data processed. Only persons duly authorised by the Controller have full access to databases.
- The Controller protects the personal data against disclosure to unauthorised persons, as well as against their processing in a manner that is contrary to the law in force.
- Visitors to the ca-staff.eu website may browse the ca-staff.eu web pages without providing any personal data.
§.2 Grounds for processing personal data
- Personal data are processed by the Controller in compliance with the law, and in particular with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”) for the purposes of:
- providing the newsletter service that includes mailing of commercial information pursuant to a consent obtained (article 5 item 1 letter a of GDPR);
- responding to the questions sent by the users to the contact addresses displayed on the website (pursuant to article 6 item 1 letter b of GDPR);
- holding and resolving recruitment, if a user entered into the recruitment procedure, pursuant to the Controller’s legal duty and the consent obtained (article 6 item 1 letters a and c of GDPR);
- performing an agreement related to a user’s signing up for a training course, webinar or conference and his or her participation therein pursuant to article 6 item 1 letter b of GDPR;
- fulfilling a data controller’s legal duties pursuant to article 6 item 1 letter c of GDPR (e.g. accounting and tax obligations).
- Provision of personal data is voluntary, but failure to provide the data, depending on the case, may result in not receiving a response to one’s query, not receiving the newsletter, being unable to take part in the recruitment procedure, or being unable to attend a training, webinar or a conference.
- Users should not provide the personal data Controller with data of third parties. However, if such data are provided every time, then the user represents that he or she has the relevant consent of such third party to provide their data to the Controller.
§.3. Scope of personal data processing
- The Controller processes the following types of data provided by the user in the contents of the query addressed to the Controller.
- The data provided by the users are used for: responding to the queries submitted, mailing the newsletter, including commercial information about the Controller and its products, the recruitment procedure, holding trainings and conferences, as well as for statistical purposes.
- The Controller uses the IP addresses collected during establishing internet connections for technical purposes related to server administration. Furthermore, the IP addresses are used for collecting general, statistical demographical information (e.g. about the region from which the connection is established).
3.a Server logs: the website server records the user’s IP address in the standard server log. The Controller uses the server logs for diagnosing server issues, studying the way the ca-staff.eu website is used, gathering website traffic data, and to improve the website’s operation. IP logs do not contain any personal data of the users.
3.b Cookies: the ca-staff.eu website may use “cookies” for controlling how the website’s contents are supplied and for monitoring the website’s activity. Cookies are small text files sent by the www server and stored by the computer’s internet browser. When the browser establishes connection to the website once more, the website recognises the type of device used to connect to the website. Parameters enable reading the information contained in them only to server that created them. Therefore, cookies streamline the use of previously-visited websites.
- The information collected includes the IP address, the internet browser used, language, operating system, ISP, time and date, location, as well as information sent to the website via the contact form. The data collected is used for monitoring and checking how the user is using the website in order to improve its operation by providing a more effective and streamlined navigation. The Controller monitors the information about the user by utilising the Google Analytics tool that records the user’s behaviour on the website.
§.4. Social media
1. We have profiles on the following social networking sites:
2. We process personal data of users visiting our social media profiles who did at least one of the following:
- Clicked on the “Like” or the “Follow” button
- Commented on a post published by the Controller
- Published a Controller’s review on a given site
- Sent a message via the social media platform
- The data is stored only for the purpose of communicating with the users of the profile on a given social networking site: responding to an inquiry or a comment and is not transferred outside of that site.
3. The scope of data subject to processing as part of the social media profiles of the Controller includes:
- User ID, e.g. name
- User account identification data
- Profile pictures
- Photos published by a given user on the Controller’s profile (e.g. in the comment)
- Content of the comments
- Content of the messages sent via a given social networking site
§.5. Control of personal data processing
- Users are obliged to provide full, current, and true data.
- Each user whose personal data are processed by the Controller has the right to access his or her data and to correct them, delete them, limit the scope of their processing, transfer them, object to the processing of the data on the grounds of the Controller’s justified interest, withdraw the consent for data processing at any time without affecting the legality of the processing (if processing takes place on the basis of a consent) that took place on the grounds of the consent prior to its withdrawal.
- The rights set forth in the preceding item may be exercised by sending the appropriate request to email@example.com, including the user’s first and last name as well as e-mail address, or by sending a written request by mail to the following address: Contract Administration Sp z o.o., ul. Hrubieszowska 2,01-209 Warszawa.
- The user has the right to submit complaints to the supervising authority (President of the Data Protection Office
with its office at 2 Stawki str. in Warsaw) if he or she decides that the processing of his or her personal data violates the provisions of GDPR.
§.6. Sharing of personal data
- The data of the users may be made available to entities authorised to receive such data under applicable legal regulations, including competent judicial authorities.
- Personal data may be provided to external entities providing services to the Controller, e.g. marketing agencies, entities providing services related to organising trainings, conferences, partners providing IT services (IT system and website development and maintenance), supplying data storage, data management and quality review solutions. The scope of personal data provided to a third party includes data required for performance of a given service only. Data may be provided to the third party only on the basis of a data processing agreement, subject to the service provider observing strict standards of data security.
- Personal data is made available to the owner of Facebook on Facebook’s terms relating to data which are not subject to change, available at https://www.facebook.com/about/privacy.
- At the same time, please be informed that we do not transfer your data outside of the European Economic Area, subject to the supranational nature of the movement of data as part of Facebook. Facebook may transfer your data outside of the European Economic Area.
- Simultaneously, we would like to indicate that Facebook declares that they use typical contractual clauses approved by the European Commission and base their actions on the decisions of the European Commission confirming an adequate level of data protection with respect to particular countries – more: https://www.facebook.com/privacy/explanation.
§.7. Storage period and other details of data processing
- Personal data will be stored only for the period required to complete the specific goal for which they were sent, and after it elapses, for the period required to secure or make claims or discharge the Controller’s legal duty (e.g. arising from tax or accounting regulations).
- If the user agreed to have his or her personal data used for the purposes of providing the newsletter service, the personal data will be processed until the consent is withdrawn.