Privacy Notice
In accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 (GDPR), we hereby wish to inform you about the following principles of personal data processing:
Data Controller (DC)
PSI Polska Sp. z. o.o. ., ul. Towarowa 37, 61-896 Poznań
Data Protection Officer (DPO)
Radosław Rząsa, PSI Polska sp. z o.o., ul. Towarowa 37, 61-896 Poznań, e-mail
The Data Controller (DC) processes your data for the following purpose:
Legal basis: Article 6(1)(b) of the General Data Protection Regulation (GDPR), Article 22(1) of the Labor Code, and Article 9(2)(b) of the GDPR (sensitive data). Providing this data is a statutory requirement and necessary for the purpose of recruitment. You are obliged to provide this data, and the consequence of not providing it will be the inability to participate in the recruitment process. Other personal data not required by law (e.g., interests) are processed based on Article 6(1)(a) of the GDPR, which means based on your voluntary consent, and providing such data does not affect the possibility of participating in the recruitment process.
Retention period of personal data: we process your personal data until the completion of the recruitment process, and if you have given consent to participate in future recruitments, no longer than 6 months from the date of submitting your application documents.
Legal basis: Article 6(1)(b) of the General Data Protection Regulation (GDPR), Article 22(1) of the Labor Code, and Article 9(2)(b) of the GDPR (sensitive data) - processing is necessary for the performance of a contract, Article 6(1)(c) of the GDPR - processing is necessary to fulfill a legal obligation, Article 6(1)(f) of the GDPR - the processing is based on the legitimate interests of the Data Controller, and Article 6(1)(a) of the GDPR - in the case of personal data not required by law, the processing is based on your consent.
Retention period of personal data: depending on the purpose for which personal data is processed, the retention period is as follows: 50 years or 10 years for contracts concluded after January 1, 2019 (depending on the date of employment) from the end of the year in which the employment relationship ceased. For contracts concluded after December 31, 1998, and before January 1, 2019, the employer may submit a special information report to the Social Insurance Institution (ZUS) as referred to in Article 4(6a) of the Act of October 13, 1998, on the social security system. In this case, the retention period may be shortened to 10 years, counting from the end of the calendar year in which the information report was submitted.
Legal basis of processing: Article 6(1)(b) of the General Data Protection Regulation (GDPR) - processing is necessary for the performance of a contract or for taking pre-contractual steps, providing data is necessary for cooperation purposes.
Retention period of personal data: for the duration necessary to fulfill the concluded agreements and the rules defined therein. A minimum of 5 years from the end of the year in which the last invoice/accounting document was issued.
Legal basis of processing: Article 6(1)(f) of the General Data Protection Regulation (GDPR), for the purpose of contacting regarding matters related to the execution of the Main Agreement, for administrative purposes, including those related to organizing cooperation and supervising the provision of services or fulfilling other obligations or rights based on the Main Agreement, for evidentiary purposes related to the execution of the Main Agreement, for the purpose of pursuing claims related to the execution of the Main Agreement.
Retention period of personal data: your personal data will be stored by the Data Controller for at least the duration of the agreements concluded between the companies, and if necessary for evidentiary purposes, personal data may also be stored until the expiration of claims arising from business activities or the completion of any court proceedings related to the aforementioned agreements.
Legal basis of processing: Article 6(1)(b) of the General Data Protection Regulation (GDPR) - processing is necessary for the performance of the agreement between you and the Office, Article 6(1)(c) of the GDPR - for the purpose of maintaining accounting and tax documentation, and Article 6(1)(f) of the GDPR - for the purpose of pursuing or defending against potential claims.
Retention period of personal data: your data will be stored for the duration of the agreement. The maximum retention period is 6 years from the end of the fiscal year in which the last invoice was issued.
Legal basis of processing: Article 6(1)(f) of the General Data Protection Regulation (GDPR).
Retention period of personal data: your personal data will be stored for the duration of the limitation period for claims under the relevant type of agreement: work contract, mandate contract - 2 years, cooperation agreement - 3 years.
Legal basis of processing: Article 6(1)(a) of the General Data Protection Regulation (GDPR) and Article 6(1)(f) of the GDPR. Providing data is voluntary.
Retention period of personal data: until consent is withdrawn or an objection is raised by the data subject.
Legal basis of processing: Article 6(1)(f) of the General Data Protection Regulation (GDPR) - legitimate interest of the Data Controller. Providing data is voluntary.
Retention period of personal data: until a response is provided to the submitted inquiry, up to a maximum of 12 months.
Source of data: data obtained from monitoring.
Legal basis of processing: Article 6(1)(f) of the General Data Protection Regulation (GDPR).
Retention period of personal data: from the moment of recording, for a maximum period of 3 months.
In case of any other purpose not mentioned above, the information obligation will be provided to you directly in the form or during the first interaction with you.
Rights related to the processing of personal data:
Right to withdraw consent:
If the processing is based on your consent (Article 6(1)(a) of the GDPR), we will process the data until you withdraw your consent. You can withdraw your consent at any time by sending an email to the address provided above or by visiting the Data Controller's premises. Withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.
After the consent is withdrawn, the data will be processed for the purpose of protecting against claims (Article 6(1)(f) of the GDPR) for a period in accordance with applicable laws, up to a maximum of 3 years.
Right to lodge a complaint with the supervisory authority:
If you believe that there have been breaches by the Data Controller regarding the security of processing your data, you have the right to lodge a complaint with the supervisory authority responsible for data protection, namely the President of the Personal Data Protection Office. The current address of the supervisory authority is: President of the Personal Data Protection Office, Stawki 2, 00-193 Warsaw.
Data Security:
Your personal data will be processed in accordance with the provisions of the GDPR, in writing or electronically, for the purposes stated above and using appropriate methods to ensure the security and confidentiality of personal data in accordance with Article 32 of the GDPR. The cooperation between our company and business entities is governed by relevant legal regulations.
Data recipients:
In relation to the processing of data, your personal data may be disclosed to other recipients or categories of recipients, such as: