Arcon’s superior goal is to ensure the confidentiality of the data of our customers, employees, and job applicants as well as transparency in their processing.
The Privacy Policy describes the method of protection and processing of personal data in accordance with the standards specified in the following applicable legal provisions:
- Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – OJ EU L 119 of 4.5.2016; hereinafter referred to as GDPR;
- Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, of the Article 29 Working Party of 4 April 2017; WP 248/17;
- Guidelines on Data Protection Officers (DPO) of the 29 Article Working Party of 13 April 2016, WP 243/16, revised on 5 April 2017;
- Personal Data Protection Act of 10 May 2018;
- Act of 26 June 1974 – Labour Code, consolidated text: Journal of Laws of 2018, item 108, as amended); hereinafter referred to as Labour Code.
DATA CONTROLLER – CO-CONTROLLING DECLARATION
Pursuant to Art. 13 (1) and (2) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, OJ EU L 119 of 4.5.2016 (hereinafter referred to as GDPR), we inform you that the following members of the Arcon Sp. z o.o. (hereinafter referred to as Arcon) will be data co-controllers:
- Arcon Sp. zo. o. – KRS 0000817508, registered office: Aleja Najświętszej Maryi Panny 21a/21, 42-200 Częstochow
DATA COLLECTION METHOD
- Directly from data subjects at the time of conducting recruitment processes, most often at the first contact, both electronically (recruitment forms, candidate accounts, surveys at job fairs) and by phone (invitation to the recruitment process, telephone interview, submission of an offer)
- Directly from data subjects during the implementation of Employee Referral Programs
- Directly from data subjects at the moment of employment (employment forms, employment contracts, civil law contracts, B2B contracts, referrals for medical examinations)
- Directly from Data Subjects at the moment of joining Benefit Programmes and internal trainings
- Indirectly, in the form of sharing data by other data controllers under the provisions of law, or as a processor in the form of subcontracting for the purposes indicated by another controller
- Indirectly, within the framework of mutual data sharing between business partners, customers, and service providers, including the contact details of the contracting party representatives
PERSONAL DATA STORAGE LOCATION
We store collected personal data in the European Economic Area (“EEA”) on highly secured servers. Each operation of transferring and processing personal data is performed in accordance with applicable law.
CO-CONTROLLING AREAS
As a part of the operations of Arcon, there are the following co-controlling areas:
- RECRUITMENT – internal and external recruitment conducted jointly on behalf of all companies using a common database of job applicants
- HR AND PAYROLL SERVICES – provided for internal, external, and temporary employees by HR and Payroll Department common for all companies
- PAYROLL – payroll services are provided for external and temporary employees by the Payroll Department, which is common for all companies
- ACCOUNTING – provided for all companies by a common Accounting Department
- MARKETING AND PUBLIC RELATIONS – provided by persons employed in WADO jointly for all companies
- – SERVICE AND LEGAL CONSULTANCY – the area of cooperation with customers, keeping a register of commercial contracts by one legal department and contracts with clients
ESSENTIAL CATEGORIES OF DATA SUBJECTS PROCESSED
- Job applicants
- Temporary workers are employed on the basis of the provisions of the Act on the Employment of Temporary Workers
- External employees who work or perform services at the customer’s site
- Arcon’s internal employees
LEGAL BASIS FOR PERSONAL DATA PROCESSING BY US
- Consents of job applicants and employees to the processing of personal data – 6 p. 1a GDPR
- Execution and implementation of contracts with customers – 6 p. 1b GDPR
Implementation of contracts and obligations of a temporary work agency resulting from the provisions of the Act on the Employment of Temporary Workers, including Implementation of contracts and obligations of an employing entity under the provisions of law – art. 6 p. 1c GDPR
- WADO’s legitimate interest – 6 p. 1f GDPR
DATA SUBJECTS’ RIGHTS
All data subjects are entitled to:
- Withdraw consent to personal data processing at any time. They can withdraw their consent by email:shibinlino@gmail.com, telephone: +48 500 027 336, or post: Aleja Najświętszej Maryi Panny 21a/21, 42-200 Częstochowa, or personally at the registered office or any branch of Arcon.
- Request access to their data from WADO, rectify, erase, or restrict processing, as well as object to data processing and request their data portability and in the case of data subjects whose data have been obtained directly from data subjects, also the right to data portability
Withdrawing consent and sending requests mentioned above can be delivered via arconoverseas@gmail.com, dedicated to all data subjects registered in our databases.
In addition, we inform you that:
- Data Subjects will not be subject to any automated decisions (decisions without significant human involvement), including Data Subject’s personal information will not be subject to profiling.
- Where the processing of personal data violates applicable legal regulations, all data subjects will have the RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY, i.e. the President of the Personal Data Protection Office.
DATA RECIPIENTS
- Depending on the purpose and legal basis, we may transfer personal data in whole or in part to third parties. Most often, recipients of personal data are:
- Arcon’s clients, including first of all entities looking for new employees
- Service providers—entities processing data on our behalf and in accordance with our instructions and for a specific purpose specified by us
- Providers of infrastructure, technical, and maintenance services
- Benefit service providers
- Public institutions – to whom data is transferred on the basis of legal provisions
- Audit firms, tax advisors, law firms, and others.
Personal Data Retention Period
For recruitment, the personal data retention period has been determined based on the recruitment project duration criterion, which means that personal data of data subjects will be processed throughout the recruitment, and after its completion, the data will be retained for the period necessary to establish, investigate, or defend claims, which is a Arcon’s legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
The policy for validating consents determines the internal retention period to be three years, and after this period, Arcon will send a request to data subjects to renew their consents.
In the case of areas related to employment, Arcon applies a retention period in accordance with applicable law.
In the case of areas related to employment, Arcon applies a retention period in accordance with applicable law.
In the case of data processed for the legitimate interest of Arcon, outside the contractual relationship, we process the data as long as we have a legitimate interest.
DATA PROTECTION OFFICER
We take personal data protection very seriously. Therefore, as part of our activities as Arcon (by a relevant resolution by each of the companies), we have appointed one common Data Protection Officer. You can contact DPO by email: arconoverseas@gmail.com, telephone: +48 500027336, or post: Aleja Najświętszej Maryi Panny 21a/21, 42-200 Częstochowa.