PRIVACY POLICY and PERSONAL DATA PROCESSING

 

Welcome to the esotiq.com online store (hereinafter: "Website") owned by ESOTIQ & HENDERSON S.A. with its registered office in Gdańsk, address: ul. Budowlanych 31C, 80-298 Gdańsk, hereinafter referred to as "Esotiq" or "Company".

 

Esotiq attaches great importance to ensuring the protection of the privacy of individuals and personal data processed in connection with our business activities.

 

As a conscious and responsible organisation, we ensure that we provide adequate information on matters related to the processing of personal data, in accordance with the provisions on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). In this privacy policy (hereinafter: "Policy"), we present the most important information related to the processing of personal data in our business.

 

This Policy contains information on how we collect, use and protect the personal data provided to us, the purposes and legal grounds for processing, and the rights of data subjects in relation to the processing of their personal data.

 

PERSONAL DATA CONTROLLER

The controller of your personal data is ESOTIQ & HENDERSON S.A. with its registered office in Gdańsk, address: ul. Budowlanych 31C, 80-298 Gdańsk, a company entered in the Register of Entrepreneurs of the National Court Register by the District Court Gdańsk-Północ in Gdańsk, 7th Commercial Division of the National Court Register, under KRS number 0000370553, NIP: 583-311-72-20, REGON: 221133543 (hereinafter: "Administrator")

 

CONTACT FOR PERSONAL DATA MATTERS

If you have any doubts or would like to ask us a question about the processing of your personal data by Esotiq, would like to send us a request regarding your rights under the provisions on personal data protection, or would like to notify us of a breach of your personal data protection, please contact our Data Protection Officer.

 

The contact details of the Data Protection Officer at Esotiq are as follows:

• e-mail: IOD@esotiq.com
• postal address: Data Protection Officer, ESOTIQ & HENDERSON S.A., ul. Budowlanych 31C, 80-298 Gdańsk.

 

JOINT CONTROL RELATIONSHIPS

In connection with the operation of the Website and as the owner of Esotiq profiles on websites and social media, in order to achieve its business objectives and ensure the highest standards of service, Esotiq processes your personal data within the framework of joint administration with other entities.

Co-controllers decide independently on the purposes and means of data processing, but to varying degrees, within the set of information usually collected in an application, website or system. Esotiq is only responsible for the personal data it processes within the framework of its cooperation with the above-mentioned entities.

Information on the joint administration relationship can be found in the section "Detailed information on data processing".

 

TRANSFER OF PERSONAL DATA

Personal data will be transferred by the Controller only to trusted entities with which the controller has concluded appropriate cooperation agreements, such as: entities providing and operating IT systems or solutions used on the Website or in the Company, entities supporting the functioning and operation of the Website, providers of accounting, legal, marketing, event, postal and courier services, and online payment operators.

As a rule, personal data will not be transferred outside the European Economic Area (EEA) or made available to international organisations. However, if, as the Controller, we use service providers from outside the EEA, we take due care to ensure that the processing complies with applicable regulations and is carried out in accordance with the principles approved by the European Commission, in particular with regard to ensuring an adequate level of personal data protection.

 

HOW TO EXERCISE YOUR RIGHTS

In connection with our processing of your personal data, you have the right to:

• withdraw your consent to processing (if we act on the basis of your consent),
• request access to your personal data,
• request the rectification of your personal data,
• request the erasure or restriction of the processing of your personal data,
• object to the processing of data on the basis of legitimate interests (unless there is an overriding legal basis) or for direct marketing purposes;
• not to be subject to automated decision-making that has a significant impact on you;
• to receive your data in a machine-readable format, for your own use or for another personal data controller;
• to lodge a complaint with a supervisory authority, which in Poland is the President of the Office for Personal Data Protection.

 

To exercise your rights or if you have any questions about this policy, our processing of personal data or your right to protect that data, please contact our Data Protection Officer at IOD@esotiq.com.

 

 

DETAILED INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA

 

We may process your personal data in various ways and in various situations, depending on whether you are a Partner, Customer, Supplier or User of our Website, whether you use our fan pages or our social media accounts, or whether you are interested in working with or for Esotiq.

We take special care to protect the interests of data subjects, and in particular we ensure that the data we collect is:

1. processed in accordance with the law;
2. collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes;
3. factually correct and adequate in relation to the purposes for which it is processed and stored in a form that allows the identification of data subjects for no longer than is necessary to achieve the purpose of processing.

 

Below, we present information on the processing of personal data, organised into sets dedicated to categories of persons and their relationship with Esotiq, so that you can quickly find the information that applies to you.

Users (current and potential) of the website at esotiq.com, including those with a Customer Account and our accounts on social media (fan page)

We have obtained your personal data:

• directly from you, during the process of concluding and performing contracts, e.g. Online Store Customer Account agreements;
• directly from you, when you use the Service or interact with our social media accounts
• from an entity authorised to act on your behalf.

We may process personal data in the following scope: contact details (e.g. e-mail address, telephone number),  identification data (first name, surname or name), data necessary for financial settlements and their documentation (tax identification number, address of the person or business, payer details, transactions, payment method), information about Users' accounts on external websites (to the extent necessary to log in to the Website), cookie content, information regarding access to the Website (e.g. IP addresses, web browser parameters),      unstructured information (content with potential or probable personal data content, e.g. information about activity on the website, information provided in correspondence addressed to us, information about activity on social media).

On the Website, we use cookies to operate, analyse and support marketing communication tools provided by our partners or social media services.

You can read more about this in our Cookie Policy.

Purposes of data processing and legal basis

1. Establishing communication and maintaining relations with a potential Website User or through social media services – processing is necessary for the legitimate interests of the Controller consisting in maintaining communication with potential customers and supporters of the brand (Article 6(1)(f) of the GDPR).
2. Performance of the contract – processing is necessary for the performance of pre-contractual measures and for the performance of the contract, including the provision of Website services and communication and maintaining relations with the Website User, in accordance with the Terms and Conditions of the Online Store  accepted by the User (Article 6(1)(b) of the GDPR).
3. Establishing communication and maintaining business relations – processing is necessary for the legitimate interests of the controller consisting in the purchase of goods and services necessary for the conduct of business (Article 6(1)(f) of the GDPR).
4. Keeping accounting and tax records – processing is necessary for compliance with a legal obligation under Article 74 of the Accounting Act and other acts concerning taxpayers (Article 6(1)(c) of the GDPR).
5. Pursuing claims and protection against claims – processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR).
6. Marketing of own services, where processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR), and in the case of implementation through the indicated communication channel [e-mail, telephone, WhatsApp], on the basis of consent given in this regard (Article 6(1)(a) of the GDPR in conjunction with Article 398(1) of the Electronic Communications Law).
7. The marketing of own services may be preceded by profiling, understood as the automated matching of shared content to the interests or needs of the customer, when processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR), and in the case of profiling that significantly affects your decisions, only if such consent has been given (Article 6(1)(a) of the GDPR). 
8. Marketing by entities cooperating with the Controller – through the indicated communication channel [e-mail, telephone, WhatsApp], on the basis of consent given in this regard (Article 6(1)(a) of the GDPR in conjunction with Article 398(1) of the Electronic Communications Law).

 

Processing period

1. Your personal data will be processed for the period during which you remain an active User of the Website, and after that time for the period necessary to comply with the law, pursue or defend against possible claims, but no longer than 6 years.

The data is processed for the following periods, respectively:

1. 1. until an effective objection/request for data deletion is submitted – applies to points 1, 3, 6 and 7 above, excluding e-mail communication;
   2. until the termination or expiry of the contract – applies to point 2 above;
   3. 5 years from the end of the calendar year in which the contract was terminated or expired – applies to point 4 above;
   4. the expiry of the limitation period for claims – applies to point 5 above;
   5. until consent is withdrawn – applies to points 6, 7 and 8 above.
2. Your personal data processed in social media services:
   1. data collected in private messages – for the time necessary to respond to your questions or until the end of cooperation;
   2. data contained in comments under a selected publication – will be available until they are deleted by the author of the publication or entry;
   3. personal data collected by social media platforms, i.e. post history, activity history – subject to retention in accordance with the terms and conditions of these platforms;
   4. statistical data on visitors to the Company's product pages or fan pages will be processed for as long as this data is available on news sites or social media services.
3. The controller does not archive personal data or your activity on social media services.
4. Data processed for the purpose of sending marketing information will be processed until the consent is withdrawn, with the proviso that the withdrawal of this consent does not affect the lawfulness of the data processing that took place before the withdrawal.

Joint administration

Esotiq, as the founder of profiles on the social media services listed below, provided by the entities indicated, is the joint controller of personal data published on these profiles [WD1]  together with:

1. Facebook, Instagram, WhatsApp, Messenger - Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland; more about privacy: https://www.facebook.com/privacy/center/
2. X (formerly Twitter) - X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA; more about privacy https://x.com/pl/privacy
3. LinkedIn – LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA; represented in Europe by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, more about privacy: https://pl.linkedin.com/legal/privacy/eu and https://pl.linkedin.com/legal/privacy-policy
4. YouTube – Google LLC, 901 Cherry Ave, San Bruno, CA 94066, USA; more about privacy: https://policies.google.com/?hl=pl
5. TikTok – TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; more about privacy: https://www.tiktok.com/legal/page/eea/privacy-policy/pl

Each of the above-mentioned Joint Controllers independently decides on the purposes and means of data processing, but to varying degrees. Esotiq is only responsible for the personal data it processes.

When you use social media services independently and separately from Esotiq as the owner of a business account on these media, when you communicate with us through these media, they are also responsible for processing your data. If you create an account on social media services, the companies managing them undertake further processing of data also for their own purposes, as described in detail in their Privacy Policies. If you have any questions or requests for social media platform owners, please contact them.

 

Additional information

Providing data is voluntary, but necessary for the conclusion and performance of the contract and the use of the Website's functionality and profiles on social media platforms.
Data processing in the process of marketing our own services may be preceded by profiling, understood as the automated matching of shared content to the customer's interests or needs. If profiling significantly influences your decisions, the mechanism is activated after you give your consent.

 

Online Store Customers

We have obtained your personal data: directly from you, during the process of concluding and performing contracts, e.g. the Online Store Customer Account Agreement, the Sales Agreement.

We may process personal data in the following scope: contact details (e.g. e-mail address, telephone number),  identification data (first name, surname or name), data necessary for financial settlements and their documentation (tax identification number, address of the person or business, payer details, transactions, payment method), information about Online Store Customer accounts on external websites (to the extent necessary to log in to the Store).

Purposes of data processing and legal basis

1. Performance of the contract – processing is necessary for the performance of activities prior to the conclusion of the contract and for the performance of its provisions, including the performance of the Sales Contract and communication and maintenance of relations with the Online Store customer, in accordance with the Terms and Conditions of the Online Store accepted by the User (Article 6(1)(b) of the GDPR).
2. Establishing communication and maintaining business relations – processing is necessary for the legitimate interests of the controller consisting in the purchase of goods and services necessary for the conduct of business (Article 6(1)(f) of the GDPR).
3. Keeping accounting and tax records – processing is necessary for compliance with a legal obligation under Article 74 of the Accounting Act and other acts concerning taxpayers (Article 6(1)(c) of the GDPR).
4. Pursuing claims and protection against claims – processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR).
5. Marketing of own services, where processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR), and in the case of implementation through the indicated communication channel [e-mail, telephone, WhatsApp], on the basis of consent given in this regard (Article 6(1)(a) of the GDPR in conjunction with Article 398(1) of the Electronic Communications Law).
6. Marketing of entities cooperating with the Administrator – through the indicated communication channel [e-mail, telephone, WhatsApp], on the basis of consent granted in this regard (Article 6(1)(a) of the GDPR in conjunction with Article 398(1) of the Electronic Communications Law).

Processing period

1. Your personal data will be processed for the period during which you remain a customer of the Online Store, and after that time for the period necessary to comply with the law, pursue or defend against possible claims, but no longer than 6 years.

The data is processed for the following periods:

1. 1. until an effective objection/request for data deletion is submitted – applies to points 2 and 5 above;
   2. until the termination or expiry of the agreement – applies to point 1 above;
   3. 5 years from the end of the calendar year in which the contract was terminated or expired – applies to point 3 above;
   4. statute of limitations for claims – applies to point 4 above;
   5. until consent is withdrawn – applies to points 5 and 6 above.
2. Data processed for the purpose of sending marketing information will be processed until consent is withdrawn, with the proviso that withdrawal of consent does not affect the lawfulness of data processing carried out prior to such withdrawal.

Additional information

The processing of personal data does not involve automated decision-making, including profiling.

Personal data will not be transferred to a third country/international organisation. However, if required by the service provided, personal data may be transferred on the basis of standard contractual clauses adopted by the European Commission, in accordance with the verification procedure or in another legally permitted manner, in accordance with the GDPR.

Newsletter subscribers

We have obtained your personal data: directly from you during the process of consenting to receive the Esotiq Newsletter.

 

We process personal data in the scope of contact details (e-mail address) and identification data (name - optional).

Purposes of data processing and legal basis

1. 1. Sending Esotiq Newsletter subscribers commercial information from the Administrator via the indicated communication channel [e-mail], on the basis of consent granted in this regard (Article 6(1)(a) of the GDPR in conjunction with Article 398(1) of the Electronic Communications Law).
   2. Pursuing claims and protection against claims – processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR).
   3. Marketing of own products or services – processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR).
   4. Marketing of entities cooperating with the Controller – through the indicated communication channel [e-mail, telephone, WhatsApp], on the basis of consent given in this regard (Article 6(1)(a) of the GDPR in conjunction with Article 398(1) of the Electronic Communications Law).

Processing period

The data is processed for the following periods:

1. 1. until an effective objection/request for data deletion is submitted – applies to point 3 above;
   2. until the claims become time-barred – applies to point 2 above;
   3. until consent is withdrawn – applies to points 1 and 4 above.

Other information

The processing of personal data does not involve automated decision-making, including profiling.

Personal data will not be transferred to a third country/international organisation. However, if required by the service provided, personal data may be transferred on the basis of standard contractual clauses adopted by the European Commission, in accordance with the verification procedure or in another legally permitted manner, in accordance with the GDPR.

Members of the Esotiq Loyalty Club

We have obtained your personal data: directly from you, during the process of joining the Esotiq Loyalty Club.

 

We process personal data in the scope of contact details (e.g. telephone number, e-mail address) and identification data (first name, surname, loyalty card number).

Purposes of data processing and legal basis

1. 1. Performance of the contract – processing is necessary for the performance of pre-contractual measures and for the performance of the contract (Article 6(1)(b) of the GDPR).
   2. Pursuing claims and protection against claims – processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR).
   3. Marketing of own services, where processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR), and in the case of implementation through the indicated communication channel [telephone, e-mail], on the basis of consent given in this regard (Article 6(1)(a) of the GDPR in conjunction with Article 398(1) of the Electronic Communications Law).
   4. Marketing of entities cooperating with the Controller – through the indicated communication channel [e-mail, telephone, WhatsApp], on the basis of consent granted in this regard (Article 6(1)(a) of the GDPR in conjunction with Article 398(1) of the Electronic Communications Law).

Processing period

The data is processed for the following periods:

1. 1. until an effective objection/request for data deletion is submitted – applies to point 3 above;
   2. until the termination or expiry of the contract – applies to point 1 above;
   3. until the claims become time-barred – refers to point 2 above;
   4. until consent is withdrawn – refers to points 3 and 4 above.

Other information

Providing data is voluntary, but necessary for the conclusion and performance of the contract.

The processing of personal data does not involve automated decision-making, including profiling.

Personal data will not be transferred to a third country/international organisation. However, if required by the service provided, personal data may be transferred on the basis of standard contractual clauses adopted by the European Commission, in accordance with the verification procedure or in another legally permitted manner, in accordance with the GDPR.

Persons completing the survey as part of the Esotiq Team

We have obtained your personal data: directly from you, during the survey completion process.

 

We process personal data in the scope of contact details (e-mail address) and unstructured data (information contained in the survey).

Purposes of data processing and legal basis

1. 1. Customer satisfaction surveys, in particular through the use of various types of questionnaires, improvement of the functioning of the Esotiq application, the Esotiq Online Store, Esotiq brick-and-mortar stores, and the quality of goods and services offered by the Controller on the basis of consent granted in this regard (Article 6(1)(a) of the GDPR)
   2. Pursuing claims and protection against claims – processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR).

The data is processed for the following periods, respectively:

1. 1. the limitation period for claims – applies to point 2 above;
   2. until consent is withdrawn – refers to point 1 above.

Other information

The processing of personal data does not involve automated decision-making, including profiling.

Personal data will not be transferred to a third country/international organisation. However, if required by the service provided, personal data may be transferred on the basis of standard contractual clauses adopted by the European Commission, in accordance with the verification procedure or in another legally permitted manner, in accordance with the GDPR.

Current and potential suppliers of services, equipment or software

We have obtained personal data from you directly in connection with the negotiation and performance of a contract or from publicly available sources.

We process personal data in the scope of contact details (e.g. telephone number, e-mail address), employment data (position, place of employment) and identification data (first name, surname), data necessary for financial settlements, e.g. tax identification number, business address, identification data of the entity authorised to make settlements).

Purposes of data processing and legal basis

1. 1. Establishing communication and maintaining business relations – processing is necessary for the legitimate interests of the controller consisting in the purchase of goods and services necessary for the conduct of business (Article 6(1)(f) of the GDPR).
   2. Conducting assessments and classifications of suppliers of services and goods and the quality of their work – the legal basis for processing is the necessity of processing for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR).
   3. Implementation of the provisions of the contract – processing is necessary for the performance of activities prior to the conclusion of the contract and for the implementation of its provisions (Article 6(1)(b) of the GDPR).
   4. Keeping accounting and tax records – processing is necessary for compliance with a legal obligation under Article 74 of the Accounting Act and other acts concerning taxpayers (Article 6(1)(c) of the GDPR).
   5. Pursuing claims and protection against claims – processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR).

Processing period

The data is processed for the following periods:

1. 1. until an effective objection/request for data deletion is submitted – applies to points 1-2 above.
   2. until the termination or expiry of the contract – applies to point 3 above.
   3. 5 years from the end of the calendar year in which the contract was terminated or expired – applies to point 4 above.
   4. the limitation period for claims – applies to point 5 above.

Other information

Providing data is voluntary, but necessary for the conclusion and performance of the contract.

The processing of personal data does not involve automated decision-making, including profiling.

Personal data will not be transferred to a third country/international organisation. However, if required by the service provided, personal data may be transferred on the basis of standard contractual clauses adopted by the European Commission, in accordance with the verification procedure or in another legally permitted manner, in accordance with the GDPR.

Representatives/employees of our business customers or suppliers of services, equipment or software, collectively referred to as Contractors

We have obtained personal data directly from you in connection with the negotiation and performance of a contract from the Contractor you represent or from publicly available sources.

We process personal data in the scope of contact details (e.g. telephone number, e-mail address), employment data (position, place of employment) and identification data (first name, surname).

Purposes of data processing and legal basis

1. 1. Maintaining ongoing communication related to commercial and economic relations with the contractor – processing is necessary for the legitimate purposes of the controller (Article 6(1)(f) of the GDPR).
   2. Pursuing claims and protection against claims – processing is necessary for the legitimate interests pursued by the controller consisting in the protection of the interests of the entrepreneur (Article 6(1)(f) of the GDPR).
   3. Marketing of own services, where processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR), and in the case of implementation through the indicated communication channel [telephone, e-mail], on the basis of consent granted in this regard (Article 6(1)(a) of the GDPR in conjunction with Article 398(1) of the Electronic Communications Law).

Processing period

The data is processed for the following periods:

1. 1. until a justified objection/request for data deletion is made or until the purpose of processing ceases to exist – applies to points 1 and 3 above;
   2. the expiry of the limitation period for claims – applies to point 2 above;
   3. until consent is withdrawn – applies to point 3 above.

Other information

Providing data is voluntary, but necessary for the conclusion and performance of a contract with a business customer or contractor.

Personal data will not be transferred to a third country/international organisation. However, if required by the service provided, personal data may be transferred on the basis of standard contractual clauses adopted by the European Commission, in accordance with the verification procedure or in another legally permitted manner, in accordance with the GDPR.

Persons communicating with us

We have obtained your personal data directly from you via the contact form, email or telephone.

We process personal data in the scope of contact details (e.g. telephone number, e-mail address), employment data (position, place of employment) and identification data (first name, surname), as well as other data that you provide to us in your communications.

Purposes of data processing and legal basis

1. 1. Registration of correspondence and responding to enquiries – processing is necessary for the legitimate purposes of the controller, which consist in responding to letters in a timely manner, making timely payments to suppliers, and ensuring the quality of cooperation with contractors and other interested parties (Article 6(1)(f) of the GDPR).
   2. Pursuing claims and protection against claims – processing is necessary for the legitimate interests pursued by the controller in protecting the interests of the business (Article 6(1)(f) of the GDPR).

Processing period

The data is processed for the following periods:

1. 1. until a justified objection/request for data deletion is made or until the purpose of processing ceases to exist – this applies to point 1 above.
   2. the expiry of the limitation period for claims – refers to point 2 above.

Other information

Providing data is voluntary, but necessary to obtain a response to your enquiry. The processing of personal data does not involve automated decision-making, including profiling.

 Personal data will not be transferred to a third country/international organisation. However, if required by the service provided, personal data may be transferred on the basis of standard contractual clauses adopted by the European Commission, in accordance with the verification procedure or in another legally permitted manner, in accordance with the GDPR.

Persons interested in cooperation or employment at Esotiq

We have obtained your personal data directly from you in the content of your application, in direct communication, e.g. during a recruitment interview, and, if you agree, also from other sources of information agreed with you. During the recruitment process, we may generate further information about you, e.g. opinions, competence assessments.

During the recruitment process, in order to create your recruitment profile, we may collect the following categories of your personal data:

1. 1. contact details: name and surname, address, e-mail address, telephone number;
   2. information provided in the application: your professional and employment history, date of birth, image, education, skills, knowledge of foreign languages, interests and any other information included in your application;
   3. other data: any information you choose to share with us during the recruitment process and any information we generate in connection with your application.

It cannot be ruled out that special categories of data (within the meaning of Article 9 of the GDPR), e.g. information about your health, may appear in the process, but we will only process such data if you provide it yourself with your application.

In addition, we may obtain the following information during the recruitment process:

1. 1. competence assessment: based on your application and our observations during the recruitment process, we may generate assessment information and opinions about your candidacy, and we may also ask you to undergo an assessment of your competences, skills, character traits or cognitive abilities;
   2. references: we may decide to obtain references from individuals/institutions related to your professional career. We will only contact those individuals whose contact details you have provided to us and only after obtaining your consent.

Purpose and legal basis for data processing

1. Conducting and deciding on the recruitment process for the position you are applying for:
   1. based on Article 6(1)(b) of the GDPR, i.e. in order to take the necessary steps at the request of the data subject prior to entering into a contract – with regard to the data provided in the recruitment process, as specified in Article 22¹ of the Act of 26 June 1975 Labour Code and on the basis of your consent, i.e. Article 6(1)(a) of the GDPR, with regard to data beyond the scope specified in Article 22¹  §1 of the Act of 26 June 1974 Labour Code,
   2. based on Article 6(1)(f) of the GDPR, i.e. for the purpose of pursuing the legitimate interests of the controller – in the scope of data generated in the recruitment process;
2. Taking into account your recruitment profile, i.e. your application and other information generated in connection with your application, in future recruitment processes, based on your consent, i.e. Article 6(1)(a) of the GDPR, for a period of 12 months from the date of consent;
3. Establishing, pursuing or defending against claims, based on Article 6(1)(f) of the GDPR, i.e. for the purpose of pursuing the legitimate interests of the controller consisting in assessing the risk of claims being brought against us and defending against them.

Data processing period

We process your personal data for the duration of the recruitment process, and after that date we store it for the period during which it is possible to file any claims by either party, i.e. 6 months from the date of submission of the application. Also, if you withdraw from the recruitment process during its course, your personal data will be stored for the period during which any claims may be made by either party, i.e. 6 months from the date of submitting your application.

If you consent to the processing of your personal data for future recruitment purposes, we will process your data for this purpose until you withdraw your consent, but no longer than 12 months from the date of submitting your application and giving your consent.

Joint administration – job board portals

Esotiq and recruitment websites, e.g. Pracuj.pl, are joint controllers of your personal data when you respond to our job offer through such websites.

 

Each of the above-mentioned joint controllers decides independently on the purposes and means of data processing, but to varying degrees. Esotiq is only responsible for the personal data it processes.

 

When using job board services independently and separately from Esotiq as the owner of the recruitment account, when you communicate with us through these portals, they are also responsible for processing your data. If you create an account on job board portals, e.g. Pracuj.pl, the companies managing them will also process your data for their own purposes, as described in detail in their privacy policies. The privacy policy of Grupa Pracuj SA (pracuj.pl) is available on the e-Recruiter website.

Additional information

Providing personal data is voluntary, although within the scope specified in Article 22¹  §1 of the Labour Code, it is necessary to participate in the recruitment process. The processing of personal data does not involve automated decision-making, including profiling. Personal data will not be transferred to a third country/international organisation.

 

COOKIES AND OTHER TRACKING TECHNOLOGIES ON WEBSITES

As part of the Website and on separate web pages created by us (landing pages), we use information stored in cookies, i.e. IT data stored on end users' devices intended for use with websites (e.g. computers, tablets, phones). They usually contain the name of the website they come from, the time they are stored on the end device and a unique number when you visit our website, but you can read more about this in Cookie Policy.

 

LIST OF ENTITIES COOPERATING WITH ESOTIQ