This Privacy Policy is an integral part of the Terms of Use located at the LINK. Definitions of terms used in this Privacy Policy are set forth in the Terms of Use. The provisions of the Terms of Use shall apply accordingly.

1. CONTROLLER AND DATA PROCESSED WITHIN THE SITE

1.1. Devire sp. z o.o. based in Warsaw, at Aleje Jerozolimskie 94, listed in the register of entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS No. 0000256332, NIP (tax identification number): 5252360806, REGON (business entity statistical number): 14041789800000, as well as Devire GmbH, Devire s.r.o., Neumann Executive Sp. z o.o. and Flaire Sp. z o.o. is the controller of personal data of the Users (hereinafter referred to as „Controller”).

1.2. The Controller can be contacted via:

1. a) Devire sp. z o.o. based in Warsaw. You can contact us in any of the following ways:

• by post to the following address: Aleje Jerozolimskie 94, 00-807 Warszawa
• by phone: (+48) 22 312 4098

1. b) Devire GmbH based in Frankfurt am Main. You can contact us in any of the following ways:

• by post to the following address: Taunusanlage 1, 60329 Frankfurt am Main
• by phone: +49 89 206 021 650

1. c) Devire s.r.o. based in Prague. You can contact us in any of the following ways:

• by post to the following address: Pod vilami 747/10, Nusle, 140 00 Praha 4
• by phone: +420 777 850 015

1. d) Neumann Executive Sp. z o.o. based in Warsaw. You can contact us in any of the following ways:

• by post to the following address: Aleje Jerozolimskie 94, 00-807 Warszawa
• by phone: (+48) 22 312 4098

1. e) Flaire Sp. z o.o. based in Warsaw. You can contact us in any of the following ways:

• by post to the following address: Aleje Jerozolimskie 94, 00-807 Warszawa
• by phone: (+48) 22 312 4098

1. f) Devire LDA, número de pessoa coletiva 517336340 e o numero de identificação na segurança social 25173363407 com a sede em Rua Castilho, Numero 75, 6 Dto, Lisboa, na freguesia de Santo António, concelho de Lisboa.

1.3 Data Protection Officer is Beata Pucyk. Contact with Beata Pucyk can be made by e-mail at: gdpr@devire.pl or by post at the address of Devire sp. z o.o. based in Warsaw.

1.4. The scope of personal data processed is defined by the scope of data completed by Users and then sent to the Controller by means of an appropriate form and in a CV file. Processing of Users’ personal data may concern in particular e-mail address, name and surname, date of birth, address of residence, PESEL number and telephone number.

1.5. The Site may store http requests, and therefore in the server log files some information may be stored, including the IP address from which the request was received, the name of the User’s station

– identification carried out by the http protocol, if possible, date and system time of registration and arrival of the request, information about errors that occurred during execution of the http transaction. Logs may be collected as material for the proper administration of the Application. Only persons authorized to administer the information system have access to the data. Log files may be analyzed in order to compile statistics on Site traffic and errors that occur. The summary of such information does not identify the User.

1.6. The Controller does not transfer personal data to countries outside the European Union

1. PURPOSE AND LEGAL BASIS OF DATA PROCESSING AND THE PERIOD OF PROCESSING

2.1. Users’ personal data will be processed by the Controller for the following purposes: (a) performance of obligations under the law, (b) performance of Agreements, provision of electronic services, (c) recruitment activities, including: assessment of a candidate’s qualifications for a specific position, assessment of a candidate’s abilities and skills needed to work in a specific position, selection of a suitable person or persons for employment, and (d) for email marketing purposes.

2.2. The legal basis for the processing of personal data in the case referred to in Section 2.1(a) is the statutory authorization to process data necessary for the performance of duties in accordance with the law, while in the case referred to in Section 2.1(b) it is the statutory authorization for processing necessary for the performance of a contract where the data subject is a party thereto, in the case referred to in Section 2.1(c) and (d) it is your consent, including the processing of data provided in the form, CV and cover letter.

2.3. The provision of personal data is voluntary.

2.4. Your personal data will be processed for the following period: data whose basis of processing is a legal regulation – until the fulfillment of an obligation described in relevant regulations; data whose basis of processing is the performance of a contract – until its execution, termination or expiration; data whose basis of processing is consent – until the withdrawal of consent, no longer than 9 years from the date of granting consent.

2.5. Consent for the processing of personal data can be withdrawn at any time, which does not affect the legality of the processing performed before the withdrawal of consent.

1. RECIPIENTS OF PERSONAL DATA

3.1. Users’ personal data may be entrusted to entities for which Devire sp. z o.o., Devire s.r.o. or Devire GmbH, Neumann Executive Sp. z o.o. and Flaire Sp. z o.o. provides recruitment, outsourcing, or temporary employment services.

3.2. Users’ personal data may be entrusted for processing to entities that enable the provision of Services and the performance of Agreements. Such recipients of personal data include: the company providing hosting services, the company providing maintenance and development services for the Site, the company providing digital marketing services.

3.3. Personal data may also be made available: to the relevant state authorities upon their request under the relevant provisions of the law or to other persons, based on the Users’ prior consents.

3.4. Each entity to which the Controller entrusts Users’ personal data for processing on the basis of a personal data processing agreement (hereinafter: “Data Processing Agreement”) ensures an adequate level of protection and confidentiality of personal data processing. Processors only act in accordance with our instructions.

3.5. Disclosure of personal data to entities unauthorized under this Privacy Policy may only take place with the prior consent of the User to whom the data relates.

1. RIGHTS OF THE DATA SUBJECT

4.1. The User has the right to control the processing of the data that concerns them, especially the right to: access their personal data, complete and rectify their data by submitting a request to the Controller, request temporary or permanent suspension of data processing or its erasure if it is incomplete, outdated, untrue or has been collected in violation of the law or is no longer necessary for the purpose for which it was collected, object to the processing of their personal data – in cases provided for by law – and request its erasure when it becomes unnecessary for the purpose for which it was collected.

4.2. As of the effective date of GDPR, i.e. as of May 25, 2018, Users gain the right to: erase the collected personal data about them both from the system owned by the Controller and from the databases of entities with which the Controller cooperates or has cooperated; restrict data processing; transfer personal data about the User collected by the Controller, including to receive it in a structured form; lodge a complaint with a supervisory authority in a situation in which the User considers that their data is processed unlawfully; and the right to an effective judicial remedy against the supervisory authority and against the violating entity.

4.3. In the event that the Controller becomes aware of the fact that the User uses the service provided electronically contrary to the Terms of Use or to the applicable regulations (unauthorised use), the Controller may process the User’s personal data to the extent necessary to establish the User’s liability.

1. INFORMATION SECURITY

5.1. As part of the Site, the Controller uses technical and organizational measures to ensure the protection of the processed personal data, which are adequate to the risks and categories of protected data, and in particular to technically and organizationally protect the data from disclosure to unauthorized persons, from being taken by an unauthorized person, from being processed in violation of the Act, and from alteration, loss, damage or destruction, among others SSL (Secure Socket Layer) certificates are used. The collected Users’ personal data is stored on a secure server and the data is also protected by the Controller’s internal procedures on personal data processing and information security policy. As of May 25, 2018, the Controller will additionally apply all necessary technical measures set out in Articles 25, 30, 32-34, 35-39 of the GDPR to ensure increased protection and security of the processing of Users’ personal data.

5.2. Communication between the User’s device and the Site is encrypted using SSL protocol.

5.3. At the same time, the Controller indicates that the use of the Internet and electronic services, especially the use of publicly accessible Wi-Fi networks, may involve specific ICT risks, such as: the presence and operation of Internet worms, spyware or malware, including computer viruses, as well as the possibility of being exposed to cracing or phishing, and others. In order to obtain detailed and professional information on maintaining security on the Internet, the Controller recommends consulting entities specialized in this type of IT services.

1. COOKIES

6.1. In order for the Site to operate properly, the Controller uses cookie technology. Cookies are data packets stored on the User’s device, through the Site, usually containing information consistent with the purpose of a given file, by means of which the User uses the Site – these usually include: service address, date of placing, expiration date, unique number and additional information consistent with the purpose of a given file.

6.2. The Site uses two types of cookies: (a) session cookies, which are deleted permanently when the User’s browser session ends; (b) persistent cookies, which remain on the User’s device after the browser session ends until they are deleted.

6.3. Based on cookies, both session and persistent, it is not possible to determine the User’s identity. The cookies mechanism does not allow any personal data to be collected.

6.4. Cookies of the Site are safe for the User’s device, in particular they do not allow viruses or other software to enter the device.

6.5. Files generated directly by the Service cannot be read by other services. External cookies (i.e. cookies placed by entities collaborating with the Controller) can be read by an external server.

6.6. The User can change their cookie settings at any time, specifying the conditions for storing cookies, through their web browser settings or by configuring the service. Users can also delete the cookies stored on their device at any time, according to the instructions of the browser manufacturer.

6.7. You may disable the storage of cookies on your device in accordance with your browser manufacturer’s instructions, but doing so may render some or all of the Site’s features unavailable.

6.8. The Controller uses its own cookies for the following purposes: to authenticate the User on the Site and maintain the User’s session; to configure the Site and adjust the content of the pages to the User’s preferences or behavior; to analyze and study the audience, the number of clicks and paths through the page to improve the appearance and organization of content on the page, time spent on the page, the number visitors and frequency of visits to the Site.

6.9. The Controller uses external cookies for the following purposes:

6.10. Detailed information about the use of cookies is available in the settings of the web browser used by the User.

1. CHANGES TO THE PRIVACY POLICY

7.1. The amendment of this Privacy Policy shall be in accordance with the amendment of the Terms of Use, provided that the User accepts the new provisions of the Privacy Policy, or refuses to accept them and thus terminates the Agreement with immediate effect. If the User does not accept the new provisions of the Privacy Policy within the specified time, the Agreement will terminate with immediate effect and the User’s resume will be removed from the recruitment process.