I. INTRODUCTION

This document describes a privacy policy of Sii Sp. z o.o. registered at al. Niepodległości 69, 02-626 Warsaw, later referred to as Sii. The Privacy Policy of Sii, later referred to as the Policy, defines principles and methods of processing and using data or information obtained from clients, candidates and users of all websites that belong to Sii including:

Please, read this policy carefully. By accessing or using any website that belongs to Sii, sending us any personal data in order to answer job offers, recommend a candidate, ask for an offer etc. or reading this policy, the User accepts its terms and confirms that he/she is familiar with its content.

II. TERMS USED IN THE POLICY

Personal data − as defined by GDPR, any information relating to an identified or identifiable natural person. Identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an email address or a telephone number of the person and other data which, when combined with the above, may identify the User.

GDPR − General Data Protection Regulation 2016/679 of 27 April 2016 is a regulation in EU law that aims at protecting individuals with regards to processing personal data, free flow of such data and the repeal of Directive 95/46/EC (general data protection regulation). Sii processes Users’ personal data according to this regulation.

Specialist− a candidate offered by Sii to its clients.

User – a job candidate, newsletter subscriber, participant of a competition or training, person making an inquiry, recommending someone for a job or visiting any website that belongs to Sii including candidate portal.

Services − understood as services performed by Sii electronically by the website e.g. subscribing to a newsletter, sending inquiries via a contact form, sending documents necessary in the recruitment process, entering a competition, signing up for training, setting up an account on candidate portal.

III. PROVIDING PERSONAL DATA

By providing personal data on www.sii.pl and any other website that belongs to Sii, the User confirms that he/she has all necessary permissions to disclose personal data that will be later used by Sii in a manner described in this Policy.

IV. PERSONAL DATA CONTROLLER

Sp. z o. o., al. Niepodległości 69, 02-626 Warsaw, tel. (22) 486 37 37 is the Controller of User’s personal data provided while using any Sii’s website; in particular, while partaking in the recruitment process, conducting training, sending marketing information (e.g. newsletters), accepting participation in conferences or events or using other services available on the website.

V. DATA PROTECTION OFFICER

Any questions regarding regulations concerning personal data processing described in this Policy should be sent to the Data Protection Officer appointed by Sii at personaldata@sii.pl.

 VI. PURPOSE AND LEGAL BASIS FOR PERSONAL DATA PROCESSING

Sii processes personal data in order to:

  1. Send sales and marketing information (including a newsletter) to Users at the e-mail address they have provided if they consented to it. More detailed information regarding processing personal data in terms of marketing activities is provided in the chapter X of this Policy.
  2. Respond to Users’ inquiries sent by a contact form on an e-mail address or phone number they have provided.

In case of contacting Users in order to respond to an inquiry, the legal basis for processing personal data is Sii’s interest as a Controller of personal data provided on the contact form (Art. 6(1)(a) of the GDPR). It is justified by the need to provide a complex answer to the inquiring party. Without processing personal data (contact data in particular), Sii would not be able to do it and, as a result, help in addressing the issue defined in the inquiry.

What’s important in terms of consent for sending marketing information, if Users inquire about a particular offer (e.g. implementing CRM) by sending a contact form, they consent to receiving this offer by clear affirmative action. Thus, point 1 regarding unwanted marketing information is invalid.

  1. Handle a job application submitted by the User and conduct the recruitment process after the User sends a consent to process personal data provided in a CV or a respective form.

In case handling a job application, the legal basis for processing personal data is User’s consent to process personal data (Art. 6(1)(a) of the GDPR). More detailed information regarding processing personal data in terms of recruitment activities is provided in the chapter IX of this Policy.

  1. Organize and conduct competitions.

In case of partaking in competition, the legal basis for processing personal data is User’s consent to process personal data (Art. 6(1)(a) of the GDPR). Regulations regarding providing consent are as described in point 1, paragraph 1-2 of this chapter. More detailed information regarding competitions is provided in the chapter XIII of this Policy.

  1. Organize and conduct open and dedicated training.

In case of trainings, the legal basis for processing personal data is the agreement for the provision of training services concluded with Sii by sending an order form (Art. 6(1)(b) of the GDPR).

VII. DISCLOSING PERSONAL DATA

Sii is entitled to disclose personal data to parties authorized by law.

Sii can disclose Users’ personal data to parties supporting Sii in fulfiling particular orders in cooperation. Such parties may include:

  • Companies providing marketing services (advertisement agencies, mass-mailing companies),
  • Companies providing services in terms of organizing and conducting trainings or exams.

Disclosing personal data occurs by entrusting personal data processing. In order to do so, Sii concludes entrusting personal data processing agreements with the abovementioned parties that meet requirements of Art. 28 (3) of GDPR.

Sii may also disclose Users’ personal data to its clients during recruitment conducted for them in order to process employment and delegate Workers to provide services within outsourcing of Specialist and whole teams. Sii have concluded relevant agreements or contracts that define rules for entrusting personal data.

Each User, according to rules defined in the chapter VII of this policy, is entitled to receive information regarding a client that received their personal data.

Taking into account that Sii cooperates with subsidiary Sii Sweden AB (registered in Stockholm, BOX 47089, 100-74 Stockholm, register number: 559188 – 7954; later referred to as Sii Sweden) that uses solutions and resources (business processes, IT systems) that belong to Sii, Sii Sweden has access to Users’ personal data. Such data may be processed:

  • By both companies during recruitment processes conducted for clients;
  • By Sii Sweden during recruitment processes conducted for internal needs or in case of cooperation with a party providing ordered services described in the 2nd paragraph of this chapter.

Asserting rights by the User is possible according to regulations of processing personal data by Sii defined in the chapter VIII of this Policy.

 VIII. USER’s RIGHTS

In accordance to Chapter III, Art. 15-21 of the GDPR, the User has following rights in connection to processing his/her personal data by Sii:

  1. The right to access his/her personal data;
  2. The right to rectify processed data;
  3. The right to erase such data (“the right to be forgotten”);
  4. The right to restrict processing of such data;
  5. The right to data portability;
  6. The right to object to further processing of such data;
  7. The right not to be subjected to decisions which are based solely on automated processing, including profiling;
  8. The right to withdraw consent to process personal data.

All of these rights are executed at the request sent by the User at personaldata@sii.pl. Sii verifies each request and provides a response within 1 month of sending. Such response includes information on activities that have been undertaken as well as the estimated time for handling the request itself if it requires further action.

Taking into account point 8, the User may at any given moment withdraw the consent to process personal data for purposes that require his/her consent. It may be done if the withdrawal does not affect the legal use of personal data in activities conducted on the basis of the consent granted before the withdrawal.

As a part of the right to access personal data, the User is entitled to obtain copies of information on:

  1. Purposes of processing of personal data,
  2. Categories of personal data − what type of data is being processed e.g. name, telephone number,
  3. Recipients or their categories − to whom (a person, company, or institution) data can be provided,
  4. Right to request that Sii rectifies or removes such data or limits its processing as well as the right to object to some data processing activities,
  5. The ability to file a complaint to the Office of Personal Data Protection,
  6. The source of data if it was not obtained directly from the User − an indication of a person, company or institution that provided it,
  7. The use of profiling and the rules of such activities as well as consequences of profiling for the User.

Sii informs that every following copy of personal data is connected with a fee resulting from costs incurred while creating another copy. The cost is provided to the User after estimating the scope of information defined in the request.

Sii reserves the right to respond later than indicated above (up to two months) in case of a large number of requests or complex nature of the inquiry. Complex nature is understood as a need to prepare a summary of personal data from multiple systems, a need to consult with more than one person from one or more departments in order to obtain requested information. Sii is obliged to inform the User about such situation and provide a relevant explanation.

Sii is entitled to refuse recognition any of the rights defined in Art. 15 – 22 of GDPR if the User makes request repeatedly, excessively and without proper justification. Each time Sii will justify the refusal to recognize any right mentioned in the request. Repeated and excessive manner includes sending several request of similar nature to the first one even if the issue was handled the first time and all necessary information was provided e.g. the User sends a request to access information, Sii provides it but the request is repeated without proper justification.

IX. PROCESSING OF PERSONAL DATA FOR RECRUITMENT PURPOSES AND WITHIN THE CANDIDATE RECOMMENDATION SYSTEM

Sii recruits for its own needs as well as for its clients due to e.g. services connected with providing Specialists. Therefore, be mindful that your personal data may also be processed by Sii’s clients. Such information is provided in job advertisements which specify that the recruitment process is conducted on the behalf of the client. In addition, note that the consent provided to partake in a given recruitment process on a chosen job position also covers partaking in recruitment processes in the future. This means that personal data will be stored in Sii’s database in order to send information on positions tailored to a profile and professional experience of the User.
According to the chapter VIII of this Policy, the User may withdraw consent to further processing of personal data. It may be done if the withdrawal does not affect the legal use of personal data in activities conducted on the basis of the consent granted before the withdrawal.

Personal data may be also processed if the User has been recommended by another person. In such case, the recommending person enters own personal data, data of the recommended person with his/her CV. Sii verifies the received CV taking into consideration the consent, that meets the requirements of the GDPR, of the recommended person to process his/her personal data. If such consent has been granted, Sii has permission to use the data for recruitment process’ purposes.

 X. PROCESSING OF PERSONAL DATA FOR MARKETING PURPOSES

By submitting an inquiry or signing up for a training, conferences or other event organized by Sii, the User may consent to processing of personal data in order to receive marketing information on products and services offered by Sii, including newsletters. The rules for obtaining such consent have been described in the chapter VI points 1-2 of this Policy. The consent may be withdrawn anytime taking into consideration rules defined in the chapter VIII of this Policy.

User’s consent for processing personal data (Art 6 (1) (a) of GDPR) is the legal basis for sending newsletters. It can be granted while providing one’s e-mail address in the newsletter subscription form or gated content as well as by checking a box while completing a contact or recruitment form. Providing the e-mail address in the newsletter subscription form is a clear affirmative action of consenting to processing personal data as defined in the Art 4 (11) of GDPR regarding the definition of consent as well as connected 32nd motif of GDPR explaining the clear affirmative action.

According to the abovementioned motif, a clear affirmative action includes informing Sii that User’s e-mail address provided in the form may be used for sending newsletter that includes Sii’s promotional information. It is one of acceptable forms of consenting to using provided e-mail address for the defined purpose (such forms also include checking a box located near the content of the consent).

Consent to sending unsolicited marketing information, according to Art. 10 of rules for electronically supplied services and Art. 172 (1) of Telecommunication Act, is provided by the user independently and separately by checking a dedicated box located near the content of the consent.

In order to obtain some materials uploaded to Sii’s website, it may be necessary to complete a form that requires providing personal data. Such data will be processed according to the consent (Art 6 (1) (a) of GDRP) expressed by a clear affirmative action. If the User wishes to receive other marketing information, he/she may state so by checking a relevant box. If the User will not state so, it means that he/she is not interested in receiving other information thus Sii will not send it.

XI. PROCESSING PERSONAL DATA WHILE ORGANIZING AND CONDUCTING TRAINING

Sii provides open and dedicated training organized for clients and other interested parties. Therefore, Sii processes personal data of Users partaking in trainings for the purposes of organizing and handling any issues surrounding the training.

XII. PROCESSING PERSONAL DATA AND PROFILING

In Sii, profiling is understood as a form of automated processing of personal data that includes using some of User’s personal data. Obtained data may include information from social media profiles, location or data provided by Users via Sii’s website. It allows Sii to:

  • ensure a more conscious and better suited selection of job offers that will match User’s skills and experience (in case of job candidates),
  • tailor marketing and advertising materials to User’s interests and needs.

One of the tools used for profiling is Social Discovery which is a part of Click Dimensions application. It binds data provided to Sii by the User during recruitment process or subscribing to a newsletter with data available on social media (e.g. LinkedIN, Goldenline) also provided by that User. Data binding allows Sii to create User’s profile which can be used in:

  • providing information on job offers that take into account that person’s competences and professional experience,
  • sending marketing materials that cover that person’s preferences and interests,
  • sending information on planned trainings and events organized by Sii that cover competences or interests of that person.

Owing to that, we do not sent irrelevant and unwanted information as well as reduce the risk of creating spam.

An example of such activities may be binding data provided during recruitment process (e.g. CV, covering letter) and contact data (e.g. e-mail, phone number) with information provided on websites such as LinkedIn or Goldenline (e.g. identification and contact data, professional experience description, education, skills or interests). In this case, binding data means connecting information from own IT systems (such as job candidate data kept in CRM) with information provided online.

Using this tool influences the scope of information sent to the User e.g. content of newsletter that may include information on trainings, events, current promotions or discounts. In case of recruitment, the obtained data allows making a decision whether the User should be still processes as a job candidate, have technical tests or be presented to a client.

All of the abovementioned aspects of using the tool and its effects are the justified interest of Sii as a Data Controller (Art 6 (1) (f) of GDPR). The reason being that personal data obtained by the tool allows Sii to make decisions that enable decreasing the operational cost of recruitment processes, marketing activities that aim at building Sii’s reputation as a reliable company which focuses on the quality of provided services and worker satisfaction as well as respecting User’s needs and requirements in terms of sent information.

Sii ensures that information or data gained by the tool are used only for purpose described above and are not shared with other parties that specialize in creating such profiles. The User may object to profiling at any given moment according to chapter VIII, points 6-7 of this Policy. As a result, the User will not receive any marketing or sales information as well as updates with job offers tailored to his/her profile or competences. In addition, it also means that Sii will stop using the tool to profile this User’s personal data but is still able to process it in case of having a different legal basis e.g. consent.  

XIII. ORGANIZING AND HOLDING COMPETITIONS

Sii processes Users’ personal data in relation to organizing and holding competitions. By signing up for an event using a special form or contact by e-mail, the User allows processing his/her data in order to carry out all activities connected with a given competition. The legal basis for processing such data is a consent (Art 6 (1) (a) of GDPR) provided by a clear affirmative action. The User may withdraw the consent according to chapter VIII, point 8 of this policy but as a result he/she will not be able to partake in the competition.

XIV. SECURITY

Sii has implemented appropriate (organizational and technical) security measures to protect personal data from loss, misuse, unauthorized processing or modification. Sii is obliged to protect any information disclosed by Users in accordance to security and confidentiality standards.

Sii has implemented the Information Security Management System that is certified as compliant with international ISO 27001 security norms which ensure that Sii operates according to GDPR regulations in terms of implemented security measures for processing personal data (Art 32 of GDPR). Sii has proper procedures for managing accesses to IT systems that disable unauthorized workers from processing data. Sii’s workers are subjected to regular trainings regarding secure processing of personal data and current threats. In order to guarantee the security of personal data provided by the users, Sii uses dedicated SSL certificates that use data encryption keys based on most reliable encryption algorithms such as RSA or SHA (min. 1024 bites) to transfer data provided on Sii’s websites to IT systems.

X. COOKIES

Sii declares that www.sii.pl and other websites that belong to Sii use cookies. By using this website, the User agrees to the storage of cookies on his/her device as explained below.
Settings regarding cookies used on the www.sii.pl and other websites may be modified via our website or via a third-party website. Cookies are used to:

  1. Customize content of webpages to User’s preferences, and to optimize their use (in particular, these files allow identification of User’s device and proper display of the webpage tailored to their individual needs),
  2. Create statistics that help to understand how Users use the websites which leads to improving its structure and content,
  3. Deliver m content tailored to Users’ interests.

Types of cookies used by Sii:

  1. “Essential” cookies that enable the use of services available through the site e.g. allowing the use of sessions;
  2. “Functional” cookies that allow the website to “remember” settings chosen by the User and personalize the interface e.g. in terms of selected mobile/desktop version, the last phrases typed by the User, website’s appearance etc.;
  3. “Analytical” cookies that allow us to monitor the activity of Users on the website.

The User may block saving cookies by changing his/her browser settings. Disabling cookies may affect the functioning of the website. No change in User’s browser settings means accepting the use of cookies.

 XVI. MODIFICATIONS TO THE POLICY

In relation to the development and progress of technology and changing regulations, the principles set out in this Privacy Policy may change. Any changes to these rules will be communicated to Users by publishing the new contents of this document on the www.sii.pl/en/privacy-policy/ website.

SUBMIT

Einige Inhalte sind nicht in deutscher Sprache verfügbar.
Sie werden auf die englische Sprachversion der Website weitergeleitet.

Möchten Sie fortsetzen?