PRIVACY AND COOKIE POLICY OF RITS PROFESSIONAL SERVICES SP. Z O.O.

This Privacy Policy will help you make informed and thoughtful decisions regarding the processing of your personal data in the course of the business conducted by Rits Professional Services sp. z o.o., headquartered at 51/53 Żelazna Street, 00-841 Warsaw please read it carefully.

Introduction

This document contains Our Privacy Policy, i.e. the principles we follow in the processing of personal data. This document also contains the content of the information obligations that must be presented to data subjects, i.e. you, according to the law. Before going into the details, we would like to highlight some of the key principles of personal data protection. They are important to Rits Professional Services Ltd. and we believe they are important to you as well.

The Privacy Policy pursues four key objectives viz:

1. An explanation of how the organization processes the information you provide to it in order to further tailor its products and services to meet your expectations;
2. Ensuring that all information about the processing of your data, has been presented in a clear and transparent manner;
3. To assure you that the personal data processed by the organization is safe in relation to the risks that arise in its processing processes,
4. Ensure transparency in dealing with representatives of the organization, so that the realization of your right to privacy is always guaranteed.

All information that is collected from you is related directly or indirectly to the organization’s activities, i.e. recruitment and 'leasing’ of specialized personnel is the controller of your personal data, which means that I decide on the purposes and means of its processing. In practice, it is important to remember that as a data controller, the organization is the entity responsible for your personal data. Regarding the implementation of any questions or concerns related to your personal data, please contact the Data Protection Officer at:

rodo@rits.center

In general, all personal data in an organization is divided into processes in which it is processed based on the main purpose behind the processing and the category of data subjects. These will be, in turn:

1. Recruitment

Personal data of job applicants are processed for the purpose of selecting the most suitable candidates for specific positions, for current as well as future recruitments. Your personal data in this process is processed on the basis of your consent (to the extent of sensitive data that may be included in your application documents) or for the purpose of concluding a contract of employment or other civil law agreement, as well as on the basis of labor laws. In addition, the legal basis for processing personal data in this process is also the legitimate purpose of the processing, i.e. statistical, reporting and quality control activities. Providing personal data in this process on the basis of your consent is voluntary, however, failure to do so will hinder our ability to conduct the recruitment process efficiently. To the extent required by labor laws regarding recruitment, providing personal data is mandatory. In the recruitment process, if you are not selected and you consent to the processing of your personal data for future recruitment processes, your personal data will be stored for 2 years from your last response to the proposal of the next recruitment. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the recruitment process (e.g. portals and job search agents), however we point out that these entities remain under the constant supervision of the company and ensure at least the same level of security of personal data.

2. Employment

Personal data of employees and co-workers is processed for the purpose of handling the personnel employment process and providing support for the implementation of civil law contracts handled in other personal data processing, as well as the security of persons and property. Your personal data in this process is processed on the basis of a provision of the law in the field of sensitive data, when the processing is necessary for the purposes of preventive health or occupational medicine, to assess the employee’s fitness for work, to provide health care or social security, when the processing is necessary for the fulfillment of obligations and the exercise of specific rights by the company or you, in the field of labor law, social security and social protection, and when the processing is necessary to establish, assert or defend claims. In addition, your personal data may also be processed for the performance of an employment contract or other civil law contract. Finally, your personal data is processed on the basis of the company’s so-called legitimate purpose of statistics, reporting and quality control. Provision of personal data in this process is mandatory, and the consequence of failure to provide data may be the inability to establish cooperation. In the process of employment under an employment contract, your personal data will be retained for 10 years from the last activity on the personal data in connection with the employment (except for those employed before January 1, 2019 – then the period is 50 years). In the process of employment under civil law contracts, your personal data will be processed for 6 years from the last activity on the data. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the employment process, but we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data. In addition, your data may be shared with data recipients (e.g. cell phone operators), of which you will be informed by them.

3. Marketing

Personal data of potential clients (e.g., owners of sole proprietorships, partners of partnerships and representatives of institutional clients) are processed for the purpose of responding to inquiries and for active marketing through selected communication channels. Your personal data in this process are processed on the basis of your consent (marketing through selected communication channels) or for the purpose of concluding a contract in the case of inquiries addressed to the company, as well as for the purpose of its implementation in the framework of subscribing to the Newsletter. In addition, your data is processed on the basis of the so-called legitimate purpose of the personal data controller when we recommend the company’s services in personal contacts or create marketing statistics and reports. Providing your personal data in this process is voluntary, but failure to do so will prevent us from responding to your inquiry or presenting our offer in a manner tailored to your individual needs. In the process, your personal data is kept for 3 years after you revoke your consent, if you have given it. Otherwise, also 3 years from the end of the newsletter service, i.e. from the last active action on your personal data or submission of your inquiry After this period of time, your data (if we do not establish cooperation) will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the marketing process (e.g. mailing service providers), but we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

4. Sales

The personal data of customers and customer representatives (in the case of contacts with institutional customers) are processed for the purpose of selling the services offered by the company in accordance with the scope of the offer and creating personalized offers. Your personal data in this process is processed in order to conclude a contract or create a personalized offer as well as on the basis of a legal provision, among others, in accordance with the Law of September 15, 2000. Commercial Companies Code. Finally, your personal data may be processed for the so-called legitimate purpose, i.e. to offer other products and services of the company in direct contact as well as for statistical, reporting and quality control activities. Providing personal data in this process is voluntary, however, the consequence of failing to provide data may be the inability to establish cooperation. In the sales process, your personal data will be stored for 6 years from the last activity on personal data in connection with the execution of the contract. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the sales process (e.g. organizers of events or conferences), however we point out that these entities remain under constant supervision of the company and provide at least the same level of security of personal data.

5. Customer service

Personal data of customers and customer representatives (in the case of servicing institutional customers) are processed in order to provide efficient customer service in accordance with the best standards of the company. Your personal data in this process is processed for the purpose of executing the concluded contract, fulfilling the provisions of the law as well as for the so-called legitimate purpose, i.e. statistical activities regarding the quality of customer service. Provision of personal data in this process is voluntary (except when required by law), but the consequence of failure to provide data may be a reduction in the quality of cooperation or, in extreme cases, the inability to perform the contract. In the process of customer service, your personal data will be stored for 6 years from the last activity on personal data in connection with the execution of the contract. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the customer service process (e.g. customer service software providers), however we point out that these entities remain under the constant supervision of the company and provide at least the same level of security of personal data.

6. Complaints

The personal data of persons filing complaints are processed for the purpose of processing them and ensuring the high quality of services provided by the company. Your personal data are processed in order to fulfill the contract and on the basis of the legal provision on warranty for defects, as well as on the basis of the so-called legally justified purpose of the data controller, i.e. successive improvement of the quality of services provided. Provision of personal data in this process is voluntary, however, the consequence of failure to provide data may be the inability to identify the services under which the complaint is made. In the process of complaints, your personal data will be stored for 6 years from the last activity on personal data in connection with the processing of complaints. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the complaint process (e.g. industry technical experts), however, we point out that these entities remain under the constant supervision of the company and provide at least the same level of personal data security.

7. Accounting

Personal data of customers and customer representatives (in the case of servicing institutional customers) are processed for the purpose of carrying out all settlements with customers, suppliers, as well as ensuring compliance of the company’s activities with the provisions of tax law. Your personal data in this process is processed on the basis of the provision of law in the scope of regulations arising from, among others, the Accounting Act of September 29, 1994 and the Value Added Tax Act of March 11, 2004. In addition, the legal basis for the processing of your personal data is the execution of the contract, which was concluded as well as the so-called legally justified purpose of the data controller, i.e. the analysis of statistical data and the preparation of accounting balances. Provision of personal data in this process is mandatory, and the consequence of failure to provide data may be the inability to properly account for services. In the accounting process, your data will be processed for a period of 6 years from the last activity with the data in connection with the settlement of accounting documents. After this period of time, your data will be completely deleted from the company’s resources. Your personal data in this process may be entrusted to external entities involved in the accounting process, but we point out that these entities remain under the constant supervision of the company and ensure at least the same level of security of personal data. In addition, your data may be made available to data recipients (e.g. tax authorities or auditors), of which you will be informed by them when contacted.

8. Access control

Personal data is also processed to ensure the security of persons and property residing at our location. Your personal data in this process is processed on the basis of the so-called legitimate purpose, which is the aforementioned protection. In the process, we keep your personal data for a period of 3 months to 2 years after archiving it, depending on the access control point, i.e., for example, capturing your image on video surveillance or in the computer system. Providing personal data in this process is also voluntary, but failure to do so will prevent you from entering the protected area or gaining access to the system. Your personal data in this process may be entrusted to external entities involved in the access control process, however, we point out that these entities remain under our constant supervision and provide at least the same level of personal data security as we do.

9. Shopping

Personal data of representatives of our contractors, i.e. both sole proprietors, partnerships and representatives of legal entities, are processed for the purpose of fulfilling contractual obligations. Your personal data in the process is processed on the basis of the contract (even if it has not been recorded in writing), in order to fulfill our obligations under the law (mainly tax law) and for the so-called legally justified purpose, which is the execution of the contract with the contractor (usually your employer). In the process, we keep your personal data for a period of 6 years after they are archived, i.e. after the last activity in connection with the execution of the contract with the contractor. Provision of personal data is voluntary, but failure to do so will prevent us from executing the contract with the contractor. Your data may have been provided by a contractor (e.g. your employer). Your personal data in this process may be entrusted to external entities involved in the process, however, we point out that these entities remain under our constant supervision and provide at least the same level of personal data security as we do.

Your entitlements

We would like to emphasize that we guarantee each person whose data we process the possibility of exercising the following rights:

• The right of access to the content of the data – you can ask for a description of the processing of your personal data specifically, and for access to any personal data collected about you. We note, however, that excessive use of this right will hinder the work of the organization, so please be prudent in exercising this right,
• The right to rectification of data – we make every effort to always process the most up-to-date data on you, however, if you find that the data we process has become inaccurate you can always request rectification,
• The right to erasure – if you find that you no longer want the organization to continue to process your personal data you can always request that it be deleted. However, we point out that this right will not be able to be exercised in every case, as some of the data must be retained by the organization due to binding legal regulations,
• The right to limit processing – if you find that the data that is processed by the organization for some reason should not be deleted after the aforementioned time periods (data retention), you can request that the data continue to be stored,
• The right to data portability – if it turns out that your personal data will be processed in computer systems then you can request their transfer to another service provider or directly to you. I would like to point out, however, that this entitlement applies only to the data that you have provided yourself,
• The right to object – you can always object to the processing of specific personal data for a specific purpose. In any such case, the objection will be considered and your comments taken into account in the processing of your data for the future,
• The right to revoke consent – you may revoke your consent to the processing of personal data at any time, but any actions that were performed on your data prior to revocation will remain valid,
• The right to lodge a complaint – if you feel that the organization is violating your right to privacy you can always turn to the President of the Office of Personal Data Protection with a complaint, but we encourage you to resolve your concerns together before making such a decision.

Summary

In summary, the organization and all of its personnel take great care to ensure that the processing of your personal data encroaches on your privacy as little as possible, however, if at any stage of the processing of your personal data there is any doubt as to the compliance of these activities with the law, please contact: rodo@rits.center