GENERAL INFORMATION

The Controller of your personal data is intent sp. z o.o. with its registered office in Warsaw
(00-679), ul. Wilcza 46, entered into the register of entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under KRS number 0000358012, NIP [tax identification number]: 5252483348, (hereinafter referred to as: the “Controller”)

Personal data are processed under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) dated 27 April 2016 (Official Journal of the European Union L No. 119, p. 1) (hereinafter referred to as: “GDPR”).

The Controller shall act with due diligence when selecting and applying appropriate technical and organizational measures to protect personal data being processed.

The Controller shall protect personal data against unauthorized access and processing in violation of applicable regulations. Personal data collected by the Controller shall be:

• processed in a lawful manner,

• collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes,

• adequate and limited to what is necessary for the purposes for which they are processed, corrected and, if necessary, updated,

• kept for no longer than necessary to achieve the purpose of processing,

• processed in a manner that ensures appropriate security.
  

PURPOSE AND LEGAL BASIS OF DATA COLLECTION

Each time the purpose, scope and recipients of personal data processed by the Controller depend on whether you are a website user or a potential or current customer, candidate or partner of the Controller. Please note that you can browse through subpages of the website without providing personal data.

Personal data are processed in order to:

• answer all your questions and requests sent through the electronic forms and using
  contact addresses published on the website, including interactive windows (Article 6
  point 1 f) GDPR),

• establish cooperation with the Controller, verify data and prepare an offer at your specific request to conclude a potential agreement (Article 6 point 1 b) GDPR),

• contact you and carry out the recruitment process in connection with your submission of application documents i.a. on the Controller recruitment subpage https://
  intent.recruitee.com/ - in this situation data processing is necessary to take action at your request before entering into a contract (Article 6 point 1 b) GDPR),

• record a job interview for the current recruitment process to increase security and
  improve recruitment efficiency - on the basis of your voluntary consent (Article 6 point 1
  a) GDPR),

• take application documents into account in future recruitment processes - on the basis of your voluntary consent (Article 6 point 1 a) GDPR),

• adapt and develop the website's functionalities, including its structure and content to the needs of its users, create aggregated statistics, and preserve the security and quality of services provided by the Controller (Article 6 point 1 f) GDPR),

• investigate or safeguard against possible claims (Article 6 point 1 f) GDPR),

• fulfill legal obligations by the Controller such as accounting and taxes, and for archival
  purposes (Article 6 point 1 c) GDPR),

• communicate and provide commercial or marketing information, as well as job alert
  information on the basis of your voluntary consent (Article 6 point 1 a) GDPR).

• register into events and meetings organized by the Controller and to contact with
  participants of the events as part of organisational activities prior to the event and the
  handover of selected materials after the events - on the basis of your voluntary consent
  (Article 6 point 1 a) GDPR).

Providing the personal data is voluntary, however, failure to do so may prevent you, depending on the specific case, the conclusion of a contract, participation in the event, recruitment process, use of selected services within the service and its functionality on the website. However, consent to process image and audio during recruitment interviews is voluntary and failure to give a consent for recording has no effect on the recruitment process.

If personal data are not collected from the data subject, they were obtained e.g. within a candidate referral program from the program participants, Controller’s clients, contractors or employees, as well as from publicly accessible registers and Internet platforms.

THE SCOPE OF PROCESSED PERSONAL DATA

The Controller may process various personal data depending on the purpose and legal basis of the processing. Controller may process, in particular, the following categories of personal data: name and surname, e-mail address, address, company details, contact number, details of contact persons from company, image, voice, IP address, other data provided by the user in the contact forms, during recruitment process and other data necessary to achieve the purposes referred to in above.

THE PERIOD OF PERSONAL DATA STORAGE

The period of personal data processing depends on the purpose and legal basis of the
processing.

Personal data obtained through the contact forms or addresses indicated for communication will be processed for the duration of the communication or until an objection to the processing is raised, but not longer than 24 months from the date of the last contact, unless another legal basis for the processing of personal data applies.

The personal data of contractors or clients will be processed for the duration of the agreement, and after this period for the time necessary to comply with the law and to establish, investigate or defend against any claims.

Personal data collected for the purposes of recruitment will be processed for the whole duration of the recruitment process, and in the event that a given candidate agrees on the processing of data for the purposes of future recruitment, they will be stored until such consent is withdrawn, but no longer than for 24 months. However, job interview recordings will be processed only for the duration of the recruitment process during which the interview was recorded. Where the recordings constitute evidence in a proceeding conducted pursuant to the law or the Controller becomes aware that the recordings may constitute evidence in such proceeding, the period shall be extended until the proceeding is validly terminated.

Personal data processed in order to fulfill the legal obligations of the Controller will be processed for the period resulting from the relevant legal provisions.

Personal data processed for the purposes of newsletters (marketing, commercial, job alerts) will be processed until consent is withdrawn.

Personal data processed for registration and taking part in the events or meetings organized by the Controller will be processed until consent is withdrawn, although no longer than 14 days after the event.

RECIPIENTS OF DATA

The recipients of personal data will be other entities providing appropriate services related to the maintenance of the website, hosting, administration and management of the service, entities cooperating in the provision of services with the Controller, consulting, accounting, finance, recruitment and legal companies, as well as courier and postal companies, clients, contractors, co-workers of the Controller, archiving entities and state authorities

Personal data may be transferred outside the European Economic Area (EEA) to a third party country, i.e. the USA, to entities fulfilling a required protection level based on the European Commission requirements.

In an event of sending data from EEA to other countries, e.g. the United States, data processors shall comply with the law regulations that ensure an adequate level of security to that of the EU regulations. Up-to-date decisions of the European Commission regarding the adequate level of data protection may be found here.

If personal data are transferred to the third country that does not comply with EC requirements, any processing will be based on up-to-date standard contractual clauses approved by the European Commission. Information and copy of safeguards including such standard contractual clauses may be provided at the Controller’s registered office. The Controller will take the utmost care to ensure that in the event of data being transferred to third parties, your data will be processed in accordance with the GDPR and this Privacy Policy.

SECURITY OF DATA

In order to ensure the integrity and confidentiality of data, the Controller has implemented procedures enabling access to personal data only by authorized persons and only to the extent that it is necessary for the tasks they perform.

The Controller uses organizational and technical solutions to ensure that all operations on personal data are recorded and performed only by persons authorized.

The Controller takes all necessary actions in order to ensure that its subcontractors and others cooperating entities guarantee the application of appropriate measures of security in each case when they process personal data on request of the Controller.

The Controller conducts an ongoing risk analysis and monitors the adequacy of the applied data security for identified threats. If necessary, the Controller implements additional measures to increase data security.

USER RIGHTS

You have the right to:

• access the data,

• rectify the data,

• restrict the processing of the data,

• erase the data,

• transfer the data,

• object to the processing of data which takes place on the basis of the Controller’s
  legitimate interest,

• withdraw your consent (where processing is based on consent) at any time without
  affecting the lawfulness of processing carried out on the basis of consent before its
  withdrawal.
  

The users whose data are processed have the right to lodge a complaint with the President of the Office for Personal Data Protection (postal address: ul. Stawki 2, 00-193 Warsaw, Poland).

COOKIES

To find out more about cookies and how we use them, please see our Cookies Policy document.

FINAL PROVISIONS.

Our website may also contain third parties content and links to other websites. We recommend you reading the privacy policy & cookies policy set out therein while visiting such sites. Please note that this Privacy Policy applies only to our website itself.

In case of any questions, inquiries or feedback regarding personal data protection or functioning of the website, please contact the Controller via following email info@withintent.com or by post at Warsaw (00-679), ul. Wilcza 46.

This Privacy Policy is verified on an ongoing basis and updated if necessary.

The current version of this Privacy Policy is valid from 01.12.2021.