§.1 General provisions – protection of privacy
- Contract Administration Sp z o.o. with its registered office in Warsaw at the following address: ul. Hrubieszowska 2, entered into the Register of Entrepreneurs under KRS number 0000167447, taxpayer identification number NIP: 5252271480, Polish business registry number REGON: 015518202, is the personal data controller. Data protection is provided pursuant to the universally binding provisions of the law, and the data is stored on protected servers.
- As a personal data controller (hereinafter “Controller”) Contract Administration Sp z o.o. is committed to the protection of privacy and ensuring confidentiality of the personal data entered by the internet users in the electronic forms on the website located at the following URL: https://www.ca-staff.eu/ (hereinafter “ca-staff.eu”).
- The Controller can be contacted by e-mail at: email@example.com or at the following street address: Contract Administration Sp z o.o., ul. Hrubieszowska 2, 01-209 Warszawa.
- The Controller exercises due diligence in selecting and applying the appropriate technical and organisational measures ensuring the protection of the personal data processed. Only persons duly authorised by the Controller have full access to databases.
- The Controller protects the personal data against disclosure to unauthorised persons, as well as against their processing in a manner that is contrary to the law in force.
- Visitors to the ca-staff.eu website may browse the ca-staff.eu web pages without providing any personal data.
§.2 Grounds for processing personal data
- Personal data are processed by the Controller in compliance with the law, and in particular with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”) for the purposes of:
- providing the newsletter service that includes mailing of commercial information pursuant to a consent obtained (article 5 item 1 letter a of GDPR);
- responding to the questions sent by the users to the contact addresses displayed on the website (pursuant to article 6 item 1 letter b of GDPR);
- holding and resolving recruitment, if a user entered into the recruitment procedure, pursuant to the Controller’s legal duty and the consent obtained (article 6 item 1 letters a and c of GDPR);
- performing an agreement related to a user’s signing up for a training course or conference and his or her participation therein pursuant to article 6 item 1 letter b of GDPR;
- fulfilling a data controller’s legal duties pursuant to article 6 item 1 letter c of GDPR (e.g. accounting and tax obligations).
- Provision of personal data is voluntary, but failure to provide the data, depending on the case, may result in not receiving a response to one’s query, not receiving the newsletter, being unable to take part in the recruitment procedure, or being unable to attend a training or a conference.
- Users should not provide the personal data Controller with data of third parties. However, if such data are provided every time, then the user represents that he or she has the relevant consent of such third party to provide their data to the Controller.
§.3. Scope of personal data processing
- The Controller processes the following types of data provided by the user in the contents of the query addressed to the Controller.
- The data provided by the users are used for: responding to the queries submitted, mailing the newsletter, including commercial information about the Controller and its products, the recruitment procedure, holding trainings and conferences, as well as for statistical purposes.
- The Controller uses the IP addresses collected during establishing internet connections for technical purposes related to server administration. Furthermore, the IP addresses are used for collecting general, statistical demographical information (e.g. about the region from which the connection is established).
3.a Server logs: the website server records the user’s IP address in the standard server log. The Controller uses the server logs for diagnosing server issues, studying the way the ca-staff.eu website is used, gathering website traffic data, and to improve the website’s operation. IP logs do not contain any personal data of the users.
3.b Cookies: the ca-staff.eu website may use “cookies” for controlling how the website’s contents are supplied and for monitoring the website’s activity. Cookies are small text files sent by the www server and stored by the computer’s internet browser. When the browser establishes connection to the website once more, the website recognises the type of device used to connect to the website. Parameters enable reading the information contained in them only to server that created them. Therefore, cookies streamline the use of previously-visited websites.
- The information collected includes the IP address, the internet browser used, language, operating system, ISP, time and date, location, as well as information sent to the website via the contact form. The data collected is used for monitoring and checking how the user is using the website in order to improve its operation by providing a more effective and streamlined navigation. The Controller monitors the information about the user by utilising the Google Analytics tool that records the user’s behaviour on the website.
§.4 Control of personal data processing
- Users are obliged to provide full, current, and true data.
- Each user whose personal data are processed by the Controller has the right to access his or her data and to correct them, delete them, limit the scope of their processing, transfer them, object to the processing of the data on the grounds of the Controller’s justified interest, withdraw the consent for data processing at any time without affecting the legality of the processing (if processing takes place on the basis of a consent) that took place on the grounds of the consent prior to its withdrawal.
- The rights set forth in the preceding item may be exercised by sending the appropriate request to firstname.lastname@example.org, including the user’s first and last name as well as e-mail address, or by sending a written request by mail to the following address: Contract Administration Sp z o.o., ul. Hrubieszowska 2,01-209 Warszawa.
- The user has the right to submit complaints to the supervising authority (GIODO - Inspector General for the Protection of Personal Data with its office at 2 Stawki str. in Warsaw) if he or she decides that the processing of his or her personal data violates the provisions of GDPR.
§.5. Sharing of personal data
- User data may be shared with entities authorised to receive them by virtue of the law in force, including competent judicial bodies. Personal data may be shared with entities that process data upon request, i.e. to marketing agencies, companies that organise trainings and conferences, partners that provide technical services (development and maintenance of IT systems and websites).
§.6. Storage period and other details of data processing
- Personal data will be stored only for the period required to complete the specific goal for which they were sent, and after it elapses, for the period required to secure or make claims or discharge the Controller’s legal duty (e.g. arising from tax or accounting regulations).
- If the user agreed to have his or her personal data used for the purposes of providing the newsletter service, the personal data will be processed until the consent is withdrawn.