EMPLO Sp. z o.o. Privacy Policy

1. INTRODUCTION

This Privacy Policy sets out the rules for collecting and processing the personal data of current and prospective clients of EMPLO Sp. z o.o., including individuals visiting the websites of EMPLO Sp. z o.o. (https://emplo.com/), hereinafter collectively referred to as the “Users”). EMPLO Sp. z o.o. respects your privacy. Whether you interact with EMPLO Sp. z o.o. as a client, consumer, or a person interested in our services and products, etc., you have the right to the protection of your Personal Data. Such data may include your name and surname, telephone number, email address, as well as other data, geolocation data, etc.

In this General Privacy and Personal Data Protection Policy (hereinafter the “Policy”) we describe how we collect your Personal Data and why we collect it, what we do with your Personal Data, to whom we disclose it, how we protect it, and what choices you can make regarding your Personal Data.

This Policy applies to the processing of Personal Data within various services, tools, applications, websites, portals, (online) sales promotions, marketing activities, sponsored social media platforms, etc., which are provided or operated by us or on our behalf. This Policy contains general principles and explanations. It is complemented by separate information clauses concerning the aforementioned specific services, tools, applications, websites, portals, (online) sales promotions, marketing activities, sponsored social media platforms, etc. These information clauses will be provided to you when your Personal Data is processed within the above activities (for example via websites, portals, individual communication services, newsletters, reminders, surveys, offers, events, etc.).

This Policy applies to all Personal Data collected and used by (or on behalf of) EMPLO Sp. z o.o., referred to in this Policy as “EMPLO Sp. z o.o.”, “we”, “us” and “our”.

If you accept the provisions of this Policy, you thereby consent to the processing of your Personal Data in the manner set out in this Policy.

At the end of this Policy, you will find definitions of the key terms used herein and capitalized (e.g., Personal Data, Processing, Data Controller).

2. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

The entity responsible for Processing your Personal Data (the Data Controller) is:

EMPLO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw 00-867, at ALEJA JANA PAWŁA II 27

3. WHO CAN YOU CONTACT WITH QUESTIONS OR REQUESTS? DATA PROTECTION CONTACT POINT

We have established a Data Protection Contact Point responsible for answering your questions and requests related to this Policy, the information clauses, your Personal Data (and its Processing).

If you have any questions or complaints regarding the application of this Policy and the Processing of Personal Data, or requests related to your rights, you can contact us via the Data Protection Contact Point:

• iod@emplo.com

and

EMPLO Sp. z o.o. ALEJA JANA PAWŁA II 27, 00-867 Warsaw with the note “IODO”

4. KEY PRINCIPLES

We care about the Personal Data entrusted to us and are committed to processing it in a fair, transparent and secure manner. To this end, EMPLO Sp. z o.o. applies the following principles:

• Lawfulness: we will collect and process your Personal Data only in a lawful, fair, and transparent manner.
• Data minimization: we will limit the collection of your Personal Data to what is adequate and necessary to achieve the purposes for which it was collected.
• Purpose limitation: we collect your Personal Data solely for specific, explicit, and legitimate purposes and will not process your Personal Data in a manner incompatible with those purposes.
• Accuracy: we ensure that stored Personal Data is accurate and up to date.
• Security and data protection: to provide an appropriate level of security and data protection, we implement technical and organizational measures, taking into account, among other things, the nature of the Personal Data being protected. Such measures are designed to prevent unauthorized disclosure or access, unlawful destruction or accidental loss of data, alteration, or any other unlawful form of Processing.
• Access and rectification: we will process your Personal Data in a way that ensures the ability to confirm whether your Personal Data is being processed, and to access that Data and obtain the requested information, along with the right to request rectification of your Personal Data in accordance with your rights.
• Rights of the data subject: you have the right at any time to withdraw your consent to the processing of personal data and to lodge a complaint with the President of the Personal Data Protection Office.
• Limited storage period: we will store your Personal Data in accordance with applicable data protection laws and regulations and no longer than necessary to achieve the purposes for which it was collected or when required by law.
• Protection in the case of international transfer: we will ensure appropriate protection of your Personal Data when it is transferred, in particular to countries outside the EEA.
• Third-party safeguards: we will ensure that access to Personal Data by third parties (and the transfer of Personal Data to them) takes place in accordance with applicable law and with appropriate contractual safeguards.
• Compliance with direct marketing laws and the use of cookies: we ensure that the sending of promotional materials and the placement of cookies on your computer complies with applicable law.

5. PROCESSING YOUR PERSONAL DATA: WHAT PERSONAL DATA WE COLLECT AND ON WHAT LEGAL BASIS

Each time you are asked to provide your Personal Data, you will be clearly informed which of your Personal Data is being collected. This information will be provided to you in the form of an appropriate information clause included with specific services (including communication services), websites, the electronic newsletter, reminders, surveys, offers, event invitations, etc.

Please note that, in accordance with data protection regulations, your Personal Data may be processed if:

• you have given consent to the Processing (in the manner described in the information clause applicable to that specific Processing). In case of doubt, you always have the right to withdraw your consent at any time; or
• it is necessary for the performance of a contract to which you are a party;
• for specific Processing, we act on the basis of our legitimate interest, provided that your interests or fundamental rights and freedoms do not override that interest. The existence of such a legitimate interest will be duly presented to you in the information clause applicable to that specific Processing;
• it is required by law.

6. FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA

We will process your Personal Data only for specific, unambiguous, and lawful purposes and will not further process your Personal Data in a manner incompatible with those purposes.

Such a purpose may be the fulfillment of an order placed by you, the performance of a contract, the improvement of our services based on your feedback about a visit to one of our websites or portals, the general improvement of the quality of our products or services, the provision of services or applications, etc. The purpose of each Processing of your Personal Data is specified in a specific information clause applicable to that particular Processing. Information about specific information clauses is provided, for example, through websites or portals, in applications, the electronic newsletter, etc.

7. PROCESSING PERSONAL DATA IN A MANNER ENSURING ACCURACY AND UP-TO-DATENESS

Storing data in a way that ensures its accuracy and up-to-dateness is very important to us. Please inform us of any changes or errors in your Personal Data as soon as possible by contacting us through the Data Protection Contact Point (details in section 3 “Who can you contact with questions or requests?”). We will take appropriate steps to ensure that any incorrect or outdated Personal Data is removed or properly adjusted.

8. ACCESS TO YOUR PERSONAL DATA

You have the right to access your Personal Data that we process and, if your Personal Data is inaccurate or incomplete, to request the correction or deletion of your Personal Data. If you need additional information regarding your privacy rights or would like to exercise those rights, please contact us through the Data Protection Contact Point (details in section 3 “Who can you contact with questions or requests?”).

9. HOW LONG WE STORE YOUR PERSONAL DATA

We will store your Personal Data in accordance with data protection regulations. We will store your Personal Data only for as long as necessary for the purposes for which we process your Personal Data or to comply with the law, or where the law requires that your data be retained for a certain period. For information on how long specific Personal Data will be stored before being deleted from our systems and databases, please contact us through the Data Protection Contact Point (details in section 3 “Who can you contact with questions or requests?”). Relevant information will also be provided in specific information clauses that will be given to you when your Personal Data is processed.

10. PROTECTION OF YOUR PERSONAL DATA

To ensure the protection of your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to Personal Data, we have implemented an appropriate set of technical and organizational measures. These have been specifically designed with our IT infrastructure in mind, the potential impact on your privacy and related costs, and in accordance with current industry standards and practice.

Your Personal Data may be processed by a third-party Data Processor only if that Data Processor undertakes to apply these technical and organizational data security measures.

Maintaining data security means protecting the confidentiality, integrity, and availability of personal data:

1. Confidentiality: we will protect your Personal Data from unwanted disclosure to third parties.
2. Integrity: we will protect your Personal Data from modification by unauthorized third parties.
3. Availability: we will ensure that authorized parties are able to access Personal Data when needed.

Our data security procedures include: access security, backup systems, monitoring, review and maintenance of systems, security incident management, and business continuity, etc.

11. USE OF COOKIES OR SIMILAR TOOLS

We use cookies on our websites. This allows us to provide you with greater comfort while browsing the website and enables us to make improvements to our site.

12. DISCLOSURE OF PERSONAL DATA

Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients who will then process your Personal Data only within the indicated purposes:

1. Within our company
   • Our authorized employees;
2. External business partners:
   • Trading partners: for example, trusted companies that may use your Personal Data to provide the services and/or products you have requested. We ask such companies to always comply with applicable regulations and this Policy and to pay special attention to the confidentiality of personal information;
   • Service providers to EMPLO Sp. z o.o.: companies that provide services to or on behalf of EMPLO Sp. z o.o. in order to deliver such services (for example, EMPLO Sp. z o.o. may disclose your Personal Data to external IT service providers);
3. Other third parties:
   • when required by law or as lawfully necessary to protect EMPLO Sp. z o.o.:
     • to comply with the law, requests from public authorities, court orders, legal procedures, reporting and information obligations to authorities, etc.;
     • to verify or enforce compliance with EMPLO Sp. z o.o. policies and agreements; and
     • to protect the rights, property, or safety of EMPLO Sp. z o.o. and/or our customers;
   • in connection with corporate transactions: in the context of a transfer or disposal of all or part of its enterprise, or otherwise in connection with a merger, consolidation, change of control, reorganization, or liquidation of all or part of the activities of EMPLO Sp. z o.o.

Please note that the external recipients listed in points b) and c) above—particularly service providers who may offer products and services via EMPLO Sp. z o.o. services or applications or through their own channels—may collect your Personal Data from you separately. In such a case, these entities bear sole responsibility for the processing and control of such Personal Data, and your interactions with them will be subject to their terms and conditions.

13. USE OF SOCIAL MEDIA

If, when using an EMPLO Sp. z o.o. tool (contact form), you use a specific social media login (for example, a Facebook account), EMPLO Sp. z o.o. will register your Personal Data available in that social media, and the use of such social media means that you have expressly authorized the transfer of Personal Data registered by EMPLO Sp. z o.o. via the tools of that social medium.

EMPLO Sp. z o.o. sometimes facilitates the publication of Personal Data via social media such as Facebook. Social media have their own privacy policies, which you should take into account when using such media. Please remember that publishing content on social media may have certain consequences, including for your privacy or the privacy of persons whose Personal Data you share—for example, the inability to withdraw published content quickly. You are fully responsible for what you publish. EMPLO Sp. z o.o. assumes no responsibility in this regard.

14. TRANSFER TO COUNTRIES OUTSIDE THE EEA

Your Personal Data may be transferred to recipients located outside the EEA and may be Processed by us and recipients outside the EEA. In connection with any transfer of your Personal Data to countries outside the EEA, EMPLO Sp. z o.o. will implement appropriate measures to ensure an adequate level of protection for your Personal Data. Such measures may, for example, consist of agreeing binding contractual clauses with recipients that guarantee an adequate level of protection.

We will always clearly inform you when your Personal Data will be transferred outside the EEA. This information will be provided to you via a separate information clause which, for example, will be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, event invitations, etc.

15. YOUR CHOICES AND YOUR RIGHTS

We want our actions to be as transparent to you as possible so that you can make informed choices about how we use your Personal Data.

• Your Personal Data

You can always contact us through the Data Protection Contact Point (details in section 3 “Who can you contact with questions or requests?”) to find out what Personal Data of yours we hold and the source of such data. In certain circumstances, you have the right to receive a copy of the Personal Data you have provided to us in a commonly used, structured, machine-readable format, or to request the transfer of your Personal Data to any third party of your choice.

• Your corrections

If you find an error in your Personal Data, or if you believe it is incomplete, outdated, or inaccurate, you may request that we correct or supplement it.

• Your request for restriction

You have the right to request the restriction of Processing of your Personal Data (e.g., if you contest the accuracy of your Personal Data, when your Personal Data is not needed for the purposes of processing).

• Your objections

You may object to the use of your Personal Data on the basis of the Controller’s legitimate interest (we will cease processing for that purpose unless there are legally justified grounds for processing as set out in the regulations, or where processing is necessary for the establishment, exercise, or defense of claims).

You may also object to the use of your Personal Data for direct marketing purposes or to the sharing of your Personal Data with third parties for the same purpose.

• Your right to withdraw consent

You may withdraw your consent to the further Processing of Personal Data that you have given us at any time. Consent may be withdrawn by contacting the Data Protection Contact Point (details in section 3 “Who can you contact with questions or requests?”).

• Your right to be forgotten

In addition, you may request that we delete your Personal Data (except in certain cases, for example to evidence a transaction, to establish, exercise or defend claims, or where required by law).

• Your right to lodge a complaint

Please also note that you have the right to lodge a complaint against EMPLO Sp. z o.o. as the Data Controller with the relevant data protection authority (the “President of the Personal Data Protection Office”).

16. LEGAL INFORMATION

The requirements of this Policy are supplementary to and do not replace any other requirements under data protection law. In the event of any conflict between the content of this Policy and the requirements of data protection law, data protection law shall prevail.

EMPLO Sp. z o.o. may amend this Policy at any time, e.g., to align with current data protection regulations, due to decisions or other acts of public authorities, or in connection with the need to improve the provision of our services. We will inform you of any changes on an ongoing basis by publishing the current version of this Policy on our websites: https://emplo.com/

DEFINITIONS

In this Policy, the following terms have the meanings set out below:

1. Data Controller means the organization that determines the purposes of processing and the means by which your Personal Data is processed. Unless we inform you otherwise, the Data Controller is EMPLO Sp. z o.o.
2. Further information may be provided to you via a separate information clause which, for example, will be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, event invitations, etc.
3. Data Processor means a person or organization processing your Personal Data on behalf of the Data Controller.
4. Data Protection Contact Point means the person designated by
5. EMPLO Sp. z o.o. as the Data Controller, to whom you can address your questions or requests regarding this Policy and/or the Processing of your Personal Data and who will handle such questions and requests. Unless you are informed otherwise, you can contact the Data Protection Contact Point at iod@emplo.com.
6. EEA means the European Economic Area (= the Member States of the European Union + Iceland, Norway, and Liechtenstein).
7. Personal Data means any information relating to an identified or identifiable natural person, e.g., you, or information that indirectly enables your identification, such as your name and surname, telephone number, email address, geolocation, etc.
8. Processing means any operation or set of operations performed on your Personal Data or sets of such Data, whether by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, access, and any forms of use of Personal Data.