I. GENERAL PROVISIONS
- The controller of the personal data collected through the website www.topdrivers.eu is Rafal Ordak managing business operations under the firm RGT Group Rafal Ordak, entered in the Central Business Operations Register of the Republic of Poland kept by the Minister competed for economy, with the place of carrying out operations and mailing address: ul. Daszynskiego 9 / 6a, 05-800 Pruszkow, NIP 5342327043, REGON 380739558, email address email@example.com.
- called hereafter the “Controller”, at the same time being the “Service Principal”.
- The personal data collected by the Controller through the website are processed pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), called hereafter the GDPR.
II. TYPES OF PROCESSED PERSONAL DATA, DATA COLLECTION PURPOSE AND SCOPE
- PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data of the Service Recipients of the Website www.topdrivers.eu in case of:
- The registration of the Account in the Website, for the purpose of creation of an individual account and management of this Account, on the basis of Article 6.1b GDPR (carrying out a contract for provision of services by electronic means according to the Website Rules),
- subscribing to the Newsletter for the purpose of sending commercial information by electronic means. Personal data are processed after expressing a separate consent, on the basis of Article 6.1a GDPR.
- TYPES OF PROCESSED PERSONAL DATA In case of:
- The Employer Account, the Service Recipient provides:
- Name and name and surname of a contact person
- Email address.
- The Newsletter, The Service Recipient provides:
- Email address
- PERSONAL DATA ARCHIVING PERIOD The personal data of the Service Recipients are stored by the Controller:
- If carrying out the contract is the basis of processing, as long as it is necessary to carry out the contract, and after this time for the period corresponding with the limitation period for the claims. Unless special provisions state otherwise, the limitation time is six years, and three years for claims concerning periodical services and claims related to conducting business operations. The personal data of the Candidates will be deleted from the Website system within 60 days of the end of the announcement.
- If consent is the basis of data processing, as long as consent is not revoked, and after revoking of consent for the period of time corresponding with limitation periods for claims that may be raised by the Controller and that may be raised against him. Unless special provisions state otherwise, the limitation time is six years, and three years for claims concerning periodical services and claims related to conducting business operations.
- During the use of the Website, additional information may be collected, in particular: the IP address assigned to the computer of the Service Recipient or the external IP address of the Internet supplier, the domain name, the browser type, the time of access, the operating system type.
- Navigation data may be also collected from the Service Recipients, including data on links and references they decide to click, or other actions, initiated in the Website. The legal basis of this type of actions is the legitimate interest of the Controller (Article 6.1f GDPR), which consists in facilitating the use of services provided by electronic means and in improving functionalities of these services.
- Providing personal data by the Service Recipient is voluntary.
- Personal data will be processed also by automated means in the form of profiling, if the Service Recipient gives consent to it on the basis of Article 6.1a GDPR. The consequence of profiling will be assigning a profile to the given person for the purpose of making decisions concerning him/her or carrying out analyses or predicting his/her preferences, behaviour and attitudes.
- The Controller applies special diligence to protect the interests of the data subjects, in particular makes sure that the data collected by him are:
- processed lawfully,
- collected for the specified, lawful purposes and are not subject to further processing contrary to these purposes,
- substantively correct and appropriate in view of the purposes of their processing, and are stored in the form that allows identification of the relevant persons, not longer than it is necessary to achieve the purpose of the processing.
III. PROVIDING PERSONAL DATA
- The personal data of the Service Recipients are provided for the services providers used by the Controller in Website management. The service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, either are subject to instructions of the Controller as regards the purposes and methods of processing of these data (the processors) or autonomously define the purposes and methods of their processing (the controllers).
- The personal data of the Service Recipients who are Candidates are transferred to the Employers registered in the Website. The Employers autonomously define the purposes and methods of their processing (the controllers).
- To take part in the Recruitment Process, Candidates should give consent for processing of the data necessary for the specific recruitment. Providing personal data by the Candidate is voluntary, but lack of consent will cause exclusion from the Recruitment Process.
- The personal data of the Service Recipients are stored solely in the territory of the European Economic Area (EAA).
IV. RIGHT TO INSPECT, ACCESS TO THE CONTENT OF OWN DATA AND THEIR CORRECTION
- The data subject has the right of access to the content of his/her personal data and the right to rectify them, erase, restrict processing, the right to transfer the data, the right to object, the right to withdraw consent at any time without effect on the compliance with the law of the processing that was done on the basis of the consent before its withdrawal.
- The legal bases of the request of the Service Recipient:
- Access to the data: Article 15 GDPR
- Rectification of the data: Article 16 GDPR.
- Erasure of the data (the so-called right to be forgotten): Article 17 GDPR.
- Restriction of processing: Article 18 GDPR.
- Transferring the data: Article 20 GDPR.
- Objection: Article 21 GDPR
- Revocation of consent: Article 7.3 GDPR.
- To exercise the rights referred to in Clause 2, the relevant message may be sent to the address: firstname.lastname@example.org.
- If the Service Recipient is referring to the powers resulting from the above rights, the Controller shall fulfil the request or refuse its fulfilment immediately, but no later than within one month after its reception. However, if – due to the complex nature of the request of the number of requests – the Controller cannot fulfil the request within one month, he shall fulfil it within two consecutive months first informing the Service Recipient within one month from the reception of the request – about the intended extension of the time and its causes.
- In case of finding out that processing of personal data violates the GDPR provisions, the data subject has the right to lodge a complaint with the President of the Office for Personal Data Protection.
V. COOKIE FILES
- The Website of the Controller uses cookie files.
- Installation of cookies is necessary to ensure the proper provision of services in the Website. Cookie files store information necessary for the proper functioning of the website and also allow drawing up the general statistics of website visits.
- Two types of cookies are used within the website: “session” and “permanent” files.
- “Session” cookies are temporary files that are stored in the terminal device of the Service Recipient until logging out (leaving the website).
- “Permanent” cookies are stored in the terminal device of the Service Recipient over the time specified in the parameters of the cookie files or until they are deleted by the Service Recipient.
- The Controller uses own cookie files for the purpose of better learning of the method of interaction of Service Recipients as regards the contents of the website. The files store information about the method of use of the website by the Service Recipient, the type of the page from which the Service Recipient was redirected, and the number of visits and the duration of the visit of the Service Recipient in the website. This information does not record specific personal data of the Service Recipient, but are used to draw up the statistics of website usage.
- The Controller uses external cookie files to collect general and anonymous static data with the Google Analytics analytical tools (the controller of the external cookie: Google Inc. established in the USA).
- The Service Recipient has the right to decide in the scope of access of the cookie files to his/her computer by their prior selection in the window of his/her browser. The detailed information about the possibilities and methods of use of the cookie files are provided in the settings of the software (the web browser).
VI. FINAL PROVISIONS
- The Controller applies technical and organisational measures ensuring the protection of the processed personal data corresponding with threats and the categories of the data under the protection, in particular protects data against providing them to unauthorised persons, taking away by an unauthorised person, processing with violation of the effective regulations, and modification, loss, damage, or destruction.
- The Controller provides the appropriate technical measures preventing acquisition and modification by unauthorised persons of the personal data sent by electronic means.