1. Who is your personal data controller?

 

The controller of personal data (hereinafter referred to as “Data”) processed by us in connection with pursuing business activity is the company ONDE S.A. with its registered office in Toruń,  Trasa Prezydenta Władysława Raczkiewicza 1 (87-100), hereinafter referred to as the Data Controller or ONDE S.A. You may contact the Data Controller via the following e-mail: iod@onde.pl

 

ONDE S.A. is the member of the Capital Group ERBUD.

 

Data are processed in conformity with the laws currently in force, including the General Data Processing Regulation (GDPR).

 

The Data are understood as any and all information on an identified natural person, or a natural person possible to identify. A natural person possible to identify is a person that may be identified directly or indirectly, in particular, basing on the ID such as the first name and the last name, identification number, data on location, Internet ID, or one or more special factors defining physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.

 

2. How do we process Data?

 

ONDE S.A. exercises due diligence in order to protect the interest of persons whom the Data concern, and in particular, ensures that the collected Data are:

• processed in a legal, reliable way, clear and transparent for the person whom they concern;
• collected for specific, clear and legally justified purposes and not processed further in a way contrary to these purposes;
• adequate, appropriate and limited to what is necessary for the purposes for which they are processed;
• correct and updated, whenever needed;
• stored in a form allowing for identification of a person whom the data concern for the period of time not longer than necessary for the purposes for which the data are processed;
• processed in a way ensuring adequate safety of Data, including protection against prohibited or illegal processing, as well as accidental loss, destruction or damage, by means of adequate technical or organisational conditions.

 

3. When do we process Data?

 

Data are processed in numerous situations. These may be the situations when you made your Data available to us personally by means of various communication channels (e.g. submitting an application, addressing us with a query / offer by e-mail or on the phone) or in the scope of our cooperation when signing or executing a contract, and also when we obtained your Data from other sources (e.g. from a company with that you cooperate and that is our contracting party / client).

 

4. Data processing in connection with use of the Website.

As the Data Controller we process the Data necessary for rendering and developing of offered services, available with the mediation of the Website and its respective functionalities. Data will be processed for the following purposes:

1. in order to render electronic services by means of ensuring access for the Users to the contents of the Website (Article 6 subparagraph 1 letter b of the GDPR);
2. for analytical and statistical purposes on the basis of the legally justified interest of the Data Controller consisting in verification of activity of the Users and their preferences for optimisation of services and products, as well as the applied functionalities of the Website (Article 6 subparagraph 1 letter f of GDPR);
3. possible determination, pursuing claims or defence against claims on the basis of the legally justified interest of the Data Controller, consisting in protection of one’s rights (Article 6 subparagraph 1 letter f of GDPR).

Data will be stored for the period for that a person is an active Website User, and after this period they may be stored for the period necessary to ensure conformity with the law, pursuing claims or defending against possible claims.

Providing the Data is voluntary, however, it may prove  necessary for use of the Website.

Data processed by us in connection with use of the Website may be handed over to other companies from ERBUD Group, to our contracting parties who support us in organisation of work, IT services and marketing.

 

5. Data processing in connection with business relations and contact.

 

1. What Data are processed in connection with business relations and contact?

 

As the Data Controller we process Data of our business partners (investors, subcontractors, contracting parties), their employees /co-workers. Data of other persons handed over to us in the scope of execution of contracts, and also other persons who contact with us with the mediation of the telephone, electronic mail or contact forms available on the web page.

 

In connection with business relations and contact, we can process the following Data: Identification Data, telephone and address Data, Data concerning job position and professional license, as well as other Data handed over to us in connection with cooperation or contact.

 

The above Data are obtained directly from persons, whom these Data concern, and also from other persons, e.g. their employers / principals.

 

1. What are the purposes and grounds for processing Data in connection with business relations and contact?

 

In connection with business relations and contact, we can process the Data for the following purposes:

• initiation of cooperation;
• conclusion and execution of a contract;
• settlement of contracts;
• accounting or execution of fiscal obligations;
• giving response to all queries or applications sent, as well as for further correspondence / contact in this scope;
• marketing and contact concerning other information and services of ONDE S.A.;
• defence against potential claims, and also for the purpose of possible submission of claims.

 

The basis for processing Data by ONDE S.A. is:

• the necessity to execute a contract or to undertake actions before its conclusion, following the demand of the person, whom the Data concern;
• execution of legal obligations imposed on the Data Controller;
• legally justified interest of the Data Controller in the form of marketing of products and services of the Data Controller or a third party, contact, including correspondence or defence against potential claims.

Providing the Data is voluntary, however, it may prove necessary for conclusion or execution of a contract or in order to provide a response to a query or for the purposes of correspondence.

 

1. How long are the Data connected with business relations and contact stored?

 

Data collected for the purpose of conclusion and execution of a contract will be stored for the term of validity of the contract, and subsequently, until the moment when possible claims are barred by statute of limitations, and in the case of initiation of proceedings – until their final and valid ending. In the case of processing Data for the purpose of execution of legal obligations – for the period indicated in adequate legal provisions (e.g. tax laws).

For persons who contacted with ONDE S.A. they will be processed for the period necessary to give a response and possible correspondence, and subsequently until the moment when possible claims are barred by statute of limitations (or in the case of initiation of proceedings – until their final and valid ending).

 

1. Who is the recipient of Data in connection with business relations and contact?

 

Data processed by us in connection with business relations and contact can be transferred to other companies from ERBUD Group, our business partners (e.g. investors and subcontractors in the scope of cooperation on a given project / investment) and our other contractors who support us in organisation of works, IT services and marketing).

 

6. Data processing in connection with recruitment?

 

1. What Data are processed by us in connection with recruitment?

 

As the Data Controller we process Data of persons who apply for employment, transferred by means of any and all available recruitment channels, and in particular, we process all Data handed over to us in the scope of application and collected during recruitment process.

 

In connection with recruitment we can process the following Data (processing of certain Data may depend on consent expressed by you): Identification Data, telephone and address Data, Data on education, Data on skills and so-far employment, Data concerning licenses and other Data transferred to us in the course of recruitment process.

 

1. b) What are the purposes and grounds for processing Data in connection with recruitment?

 

In connection with recruitment, we process the Data for the following purposes:

 

– considering of a candidate’s applition and execution of a recruitment process, and in case of expressing consent, also for the needs of future recruitment or recruitment in the scope of ERBUD Group;

 

– defence against potential claims, and also for the purpose of possible submission of claims.

 

In case of planned employment on the basis of a contract of employment, the basis for processing Data by the Data Controller are the regulations of the laws in force, and in particular, the Labour Code and executive acts, and in the scope broader than specified by these legal provisions – your consent. In case of planned employment on the basis of other kind of contract – the basis for processing Data is the necessity to undertake actions following the demand of the person whom they concern, before conclusion of the contract. The basis of processing in the scope of future recruitment is your consent.

The basis of processing the Data is also exercising of justified interest of the Data Controller, such as: allowing for identification of a candidate in the recruitment system, as well as defence against potential claims, or possibly submission of claims.

Provision of the Data is voluntary, however, it is necessary for the purpose of conducting the recruitment process and starting of possible further cooperation – giving of the Data indicated in Article  22¹ of the Labour Code is the statutory requirement, giving of an e-mail address is necessary for the purpose of identification in the system, whereas provision of additional data such as image or interests in a CV is voluntary.

 

1. How long are the Data connected with recruitment stored?

 

The Data are stored for the purposes defined above for the duration of the recruitment process or future recruitment, and subsequently, until the moment when possible claims are barred by statute of limitations (or  until final and valid ending of the dispute/proceedings).

 

1. Who is the recipient of Data in connection with recruitment?

 

Data processed by us in connection with recruitment may be handed over to other companies from ERBUD Group and to entities who support us in the recruitment process and who render IT services for us.

 

7. Processing of Data in connection with running profiles in social media.
8. What Data are processed by us in connection with running profiles?

The Data Controller in the scope of informational actions concerning conducted activity created profiles in social media for its organisation, in which Data can be processed in connection with interactions by a person who visits a given profile – e.g. in the situation when a given profile receives likes, comments or reactions to a post. These data include, in particular, the name of the social network user, his/her picture/avatar.

1. What are the purposes and grounds for processing Data in connection with running profiles?

Data are processed for the purpose of undertaking actions in order to promote the activity pursued by the Data Controller and for the purpose of informational actions, and the basis for processing of these Data is execution of legally justified interest of the Data Controller.

1. How long are the Data connected with running profiles stored?

Data processed for this purpose will be processed for the time of running of a given profile, unless the portal user removes his/her profile or reaction earlier on his/her own (e.g. deletes a reaction, a comment made to a post).

1. Who is the recipient of the Data in connection with processing data in the scope of running profiles?

The recipient of Data can be anybody who visits a given profile and familiarises himself/herself with a given reaction of a portal user (e.g. reads a comment he/she posts). The recipients of Data are also the suppliers of the given social networks as the separate Data Controllers in reference to data of users who use these websites or co-controllers of these Data – detailed rules of processing personal data by the suppliers of social networks can be found in privacy policy of the respective networks.

 

8. Are your Data transferred outside of the European Economic Area (EEA)?

 

Your Data are not transferred outside of the European Economic Area, and if such a transfer was supposed to take place in the future – to a location out of the EEA, ONDE S.A. will undertake adequate steps in order to ensure protection of Data, in particular, through:

• application of the specific contractual clauses called the “standard contractual clauses”, accepted by the European Commission; or
• transfer to the countries for which the European Commission issued a decision confirming the adequate level of protection.

In such a case, you are entitled to obtain a copy of adequate means of protection.

 

9. What are your rights?

 

Following the rules of the legal provisions you are entitled to:

• gain access to the Data, including the right to obtain their copy;
• demand their rectification, removal or restriction of processing;
• file an objection to processing;
• transfer them to another data controller (in the scope in which the grounds for processing is the necessity to execute a contract or your consent).

 

If Data are processed basing on a given consent, you are entitled to withdraw your consent at any time, without impact on conformity of processing with legal provisions, carried out before such consent was withdrawn.

 

You are also always entitled to file a complaint to the President of Personal Data Protection Office.

 

10. Do we profile Data?

Data are not subjected to automated decision-making processes, including profiling (referred to in Article 22 of GDPR).

11. Contact for data processing:

ONDE S.A. nominates the Data Protection Inspector – Olga Skotnicka. The Data Protection Inspector can be contacted in electronic way to a dedicated e-mail address: iod@onde.pl

 

12. Final Provisions

 

The Data Controller reserves the right to introduce changes to this Privacy Policy and at the same time ensures that the rights of Users resulting from this document shall not be limited in any way. The User will be informed of any and all changes in the Privacy Policy with a message available on the Website.

 

 

POLICY CONCERNING COOKIES

 

1. Cookies are the text files that are the fragments of text used for saving information in the Internet browsers, that are stored on the terminal device of the Website User and that are aimed for use of the web pages of the Website. Usually, cookies include a name of the web page from that they originate, duration of their storage on a terminal device and their unique number.

 

2. The Website Operator informs that this Website uses cookies installed on the User’s terminal device.

 

3. The entity that places cookies on the terminal device of the Website User and obtains access to them is the operator – ONDE S.A. with its registered office in Toruń (87-100), No. 40, Wapienna Street.

 

4. Cookies are used for the following purposes:
5. a) adjusting the contents of web pages of the Website to the User’s preferences, as well as optimization of use of web pages; in particular, these files allow for recognition of the device of the Service User and adequately display the web page, adjusted to his individual needs;
6. b) creating statistics, that allow to understand how the Website Users use the Internet pages, which allows to improve their structure and content;
7. c) maintaining the session of the Website User, thanks to which the User may view every sub-page of the Website without necessity to login again.

 

5. Two basic kinds of cookies are used in the scope of the Website:
6. a) “session” cookies are temporary files, stored on the User’s terminal device until logging out, leaving the website or the Internet browser inactivation.
7. b) “persistent” cookies are stored on the User’s terminal device for the time until they are deleted by the User or for a specific time resulting from their settings.

 

Additionally, the following kinds of cookies are used in the scope of the Website:

1. a) “necessary” cookies, allowing for use of services available in the scope of the Website, e.g. authenticating cookies used for services that require authentication in the scope of the Website;
2. b) cookies used for ensuring safety, e.g. used to detect compromising authentication within the Website;
3. c) “performance” cookies, allowing for collection of information on the method of use of web pages of the Website;
4. d) “functional” cookies, allowing for “memorisation” of settings chosen by the User, e.g. in the scope of the selected language or region, from that this User originates, font size, appearance of the web page, etc.

 

6. Website Users can change the settings concerning cookies at any time. In particular, these settings can be changed in such a way, so as to block automatic service of cookies in the Internet browser settings or to inform about their placing on the Website User’s device every time.

 

7. Detailed information about possibilities and methods of modification of preferences of the User concerning cookies are available in the Internet browser settings. In numerous cases the settings of Internet browsers, by default, allow to store cookies on the User’s terminal device.

 

8. The Website Operator kindly informs that the limitations in use of cookies by Users may exert impact on certain functionalities available on the web pages of the Website.

 

9. Cookies placed on the end device of the Website User can be also used by partners in cooperation with the operator.