ERWIN HYMER GROUP NOWA SÓL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ – PRIVACY POLICYE

1.1. The Administrator of the Personal Data is Erwin Hymer Group Nowa Sól limited liability company with its registered office in Nowa Sól, 4 Przemysłowa Street, 67-100 Nowa Sól, registered in the Register of Entrepreneurs kept by the District Court in Zielona Góra, VIII Economic Department of the National Court Register under number: 0000906168, having tax identification number (NIP): 7011039877 and REGON: 389229729 (hereinafter: “Erwin Hymer Group” or “Administrator”).
1.2. The Administrator shall process personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “RODO“).
1.3. Contact with the Administrator is possible through the following contact details:
A. Mailing address: 4 Przemysłowa Street, 67-100 Nowa Sol
E-mail contact: ehg-nowasol-administrator@ehg-nowasol.pl

     A. in the case referred to in paragraph 2.1.(A) is the legal interest of the controller in accordance with the provision of Article 6(1)(f) of the RODO, which indicates that the processing of personal data is permitted when it is necessary for the realization of the legitimate interests of the controller;
     B. in the case referred to in paragraph 2.1(B and C) is the User’s consent, including the processing of data provided in the recruitment form, resume and cover letter – in accordance with the provision of Article 6.1(a) RODO,
2.3 The provision of personal data is voluntary, to the extent of the consent given.
2.4 Personal data will be processed for the following period of time:
     A. in the case referred to in paragraph 2.1.(A) – until the fulfillment of the obligation described in the relevant legislation;
     B. in the case referred to in paragraph 2.1. (B and C) – until the consent is withdrawn, but for no longer than 3 years from the date of granting the consent.
2.5 Consent to the processing of personal data may be withdrawn at any time, which shall not affect the legality of the processing carried out before the withdrawal of consent.
2.6 The Administrator shall not transfer personal data to countries outside the European Union.

3.1 In connection with the User’s use of the Administrator’s website, the Administrator processes the following types of personal data:
     A. Technical information such as IP address, browser type and version (e.g. Internet Explorer, Mozilla Firefox, Safari), time zone settings, browser plug-in, operating system used (e.g. Windows 10, Vista, Windows XP, macOS), device type, hardware model, MAC address, unique identifiers and mobile network information;
     B. Online access data such as: information about the website visited, including the URL, website visit path (including date and time), information about the User’s network, such as device data, nodes, configurations, connection speed, and network application performance; pages visited or searched, response times, download errors, length of visits, and interaction information (such as scrolling, clicks, mouseovers), and information about whether links were opened by the User.
3.2 A candidate is any User who submits recruitment documents via the recruitment form.
3.3 In connection with the submission of recruitment documents through the recruitment form, the Administrator shall process the following personal data:
A. data indicated in the recruitment documents submitted through the recruitment form, in particular those indicated in the wording of the Labor Code, i.e.: first name(s) and surname; date of birth; contact information; education; professional qualifications; history of previous employment and data on financial expectations, availability, level of language skills. 
3.4 In order to monitor the website, the Administrator may use analytics software belonging to third parties, such as Google Analytics. Deactivation of Google Analytics service is possible by using a browser extension, which can be downloaded from: https://tools.google.com/dlpage/gaoptout.
3.5 In order to make it easier for the User to obtain additional information, the Administrator’s website may contain links to websites administered by entities independent of the Administrator. Separate clauses and Privacy Policy may apply therein.
3.6 With respect to any websites linked to the Administrator’s website that are not owned or controlled by the Administrator, the Administrator is not responsible for their content, the Users’ use of such websites, or the privacy policies applicable to them.
3.7 Data may be transferred to IT service providers, entities operating the website and advertisers on the basis of an agreement concluded with the Administrator respecting the provisions of the Personal Data Processing Policy and Rules.

4.1 Users’ personal data may be entrusted for processing to entities that provide recruitment services for the Administrator.
4.2 Each entity to which the Administrator entrusts the Users’ personal data for processing based on a personal data processing entrustment agreement shall guarantee an appropriate level of security and confidentiality of personal data processing. The processing entities shall act only in accordance with the instructions of the Administrator.
4.3 The sharing of personal data with entities not authorized according to this Privacy Policy, may only take place with the prior consent of the User to whom the data relate.
4.4 Personal data may be shared with:
     A. to the relevant state authorities upon their request based on the relevant provisions of law, or
     B. to other persons, based on Users’ prior consents.
4.5. Sharing of personal data with unauthorized entities according to this Privacy Policy, may only take place with the prior consent of the User to whom the data pertains.

5.1 In connection with the processing of personal data by the Administrator, the User shall have the following rights:
     A. the right to access personal data provided to the Administrator and to obtain a copy thereof,
     B. the right to request rectification of personal data when it is outdated, incomplete or incorrect,
     C. the right to request the deletion of personal data from the Administrator’s data files (the so-called right to be forgotten),
     D. the right to demand restriction of processing of personal data, the right to lodge a complaint with the President of the Office for Personal Data Protection, in case the processing of personal data is deemed to violate generally applicable laws,
     E. the right to request the transfer of personal data.           
5.2 Under the circumstances provided by law, the User also has the right to object to the processing of data concerning him.

6.1 The Administrator shall apply technical and organizational measures to ensure the protection of the processed personal data appropriate to the risks and categories of data protected, and in particular shall technically and organizationally secure the data against their access to unauthorized persons, taking by an unauthorized person, processing in violation of the Act, and alteration, loss, damage or destruction.
6.2 The controller shall keep a register of personal data processing activities.
6.3 In the event of a violation of personal data protection, the Administrator shall, without undue delay – if possible, no later than 72 hours after discovery of the violation – report it to the supervisory authority having jurisdiction, unless the violation is unlikely to result in a risk of violation of the rights or freedoms of individuals.
6.4 If a personal data breach is likely to result in a high risk of infringement of the rights or freedoms of individuals, the Administrator shall notify the data subject of such breach without undue delay, unless such notification is not required by law.
6.5 The collection of collected personal data of Users is stored on a secured server and the data is also protected by ADO’s internal procedures on personal data processing and information security policy.

7.1 A cookie is a small file consisting of a sequence of letters and numbers, which is placed in the web browser, on the hard disk of the User’s computer or mobile device, when visiting the Administrator’s website.
7.2 Cookies perform a number of different functions (including, but not limited to, remembering the User’s preferences, helping websites and applications operate faster and more easily, helping tailor content and advertising to your expectations and interests, and collecting anonymous, aggregated statistics that help improve the functionality and content of websites and applications) and are an important element that significantly improves the user experience on the Administrator’s website. Cookies are generally not used to store personal data, but may be used to store User preferences and other information.
7.3 In many cases, web browsing software (web browser) allows cookies to be stored on the User’s terminal device by default. The browser can be set to refuse cookies or to notify you when cookies are sent. To prevent and delete cookies, follow the instructions shown in the browser’s help function. Detailed information about the possibility and methods of handling cookies is available in the settings of your software (web browser).
7.4 Acceptance of the sending of cookies is not a prerequisite for the use of the Administrator’s website, however, some functions or services of the website may not work properly without cookies, so we recommend their acceptance so that you can fully use the Administrator’s website and have a correct view of all its functionalities.
7.5 Cookies may also be used by entities cooperating with the Administrator, engaged in optimizing the website and customizing its content.
7.6 Personal data possibly collected through cookies are processed on the basis of your consent expressed directly or through your browser settings, that is, on the basis of Article 6(1)(a) of the RODO, in conjunction with Article 173(2) of the Telecommunications Law.

8.1 This Policy is effective as of 09.11.2023.
8.2 The Administrator reserves the right to amend this Privacy Policy at any time. Any changes will be immediately published on the Administrator’s website.