PRIVACY POLICY SCOPE: SALES AND MARKETING

1. SCOPE OF THE PRIVACY POLICY

This privacy policy (hereinafter referred to as the “Privacy Policy”) sets forth the terms, grounds and
purposes of processing by the Controller Personal Data:

1.1. collected by the Controller from Data Subjects –directly, for the purposes not related to recruitment, via the contact form available at: http://atendesoftware.pl/contact or via emails sent by Data Subjects, for the purposes not related to recruitment, to email addresses in the domain atendesoftware.pl or atendesoftware.com;

1.2. acquired by the Controller from publicly accessible sources, i.e. social networking sites or other websites.

2. DEFINITIONS

2.1.Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

2.2. Personal Data – information on a given Data Subject collected by the Controller from that Data Subject or acquired by the Controller from publicly accessible sources, in accordance with section 1 hereto.

2.3. Data Subject – identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the psychical, physiological, genetic, mental, economic, cultural or society identity of that natural person.

2.4. Supervisory Authority – independent public authority which is established by a Member State in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the Union.

2.5. GDPR – regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

3. COMMON INFORMATION

3.1.The Controller is Atende Software sp. z o.o. with its registered office in Warsaw, Ostrobramska 86, 04-163 Warsaw, Poland; email address: info@atendesoftware.pl.

3.2. You can contact the data protection officer appointed by the Controller by sending an email to: iodo@atendesoftware.pl.

3.3. Due to the fact that the Controller uses the G Suite cloud services provided by Google LLC with its registered office in Mountain View, California, USA (hereinafter referred to as “Google”), the Controller engages Google – in the scope necessary for provision by Google to the Controller of the G Suite cloud services – in the processing of Personal Data, also in third countries. Such an Atende Software sp. z o.o. Ostrobramska 86, 04-163 Warsaw phone: +48 22 255 11 00, fax: +48 22 255 15 50 VAT id: 113-268-73-65, REGON no.: 141103558 KRS no.: 0000287417 District Court for the capital city of Warsaw, 13th Commercial Division; share capital of PLN 500 000 engagement is made in accordance with the GDPR, with the provision of appropriate safeguards. Data Subject may obtain a copy of the Personal Data as well as a copy of legal instruments which are the basis of the said engagement in the processing of Personal Data.

3.4. Data Subject has the right to request from the Controller access to and rectification or erasure of the Personal Data or restriction of processing concerning the Data Subject or to object to processing as well as the right to the Personal Data portability.

3.5. In case of Personal Data processed by the Controller in accordance with point (a) of Article 6(1) or point (a) of Article 9(1) of the GDPR (Data Subject has given consent to the processing of the Personal Data for one or more specific purposes), Data Subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

3.6. In case of Personal Data processed in accordance with point (f) of Article 6(1) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of the Personal Data, in particular where the Data Subject is a child) – for direct marketing of own products or services purposes, Data Subject has the right to object at any time to processing of Personal Data concerning him or her for such marketing.

3.7. Irrespective of whether the Data Subject withdraws consent to the processing of the Personal Data referred to in point (a) of Article 6(1) or point (a) of Article 9(1) of the GDPR or objects to processing of Personal Data concerning him or her, the Controller may process the Personal Data to the extent that processing is necessary:

3.7.1 for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject;

3.7.2 for the establishment, exercise or defense of legal claims.

3.8. Data Subject has the right to lodge a complaint with a Supervisory Authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the Data Subject considers that the processing of Personal Data relating to him or her infringers the GDPR.

3.9. The Controller does not make any decisions based solely on automated processing of the Personal Data, including profiling, which produce legal effects concerning the Data Subject or similarly significantly affect him or her.

4. SPECIFIC INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA COLLECTED BY THE
CONTROLLER FROM DATA SUBJECTS

With regard to Personal Data referred to in sec. 1.1 hereto, the Controller processes the Personal Data:

4.1.1 under point (a) of Article 6(1) or point (a) of Article 9(1) of the GDPR (Data Subject has given consent to the processing of the Personal Data for one or more specific purposes) – for the purpose of processing an inquiry received from a Data Subject;

4.1.2 under point (f) of Article 6(1) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data
Atende Software sp. z o.o. Ostrobramska 86, 04-163 Warsaw phone: +48 22 255 11 00, fax: +48 22 255 15 50 VAT id: 113-268-73-65, REGON no.: 141103558 KRS no.: 0000287417 District Court for the capital city of Warsaw, 13th Commercial Division; share capital of PLN 500 000 Subject which require protection of the Personal Data, in particular where the Data Subject is a child) – for direct marketing of own products or services purposes.

4.2. The Controller processes the Personal Data on the basis and for the purpose referred to in:.2.1 sec.
4.1.1 hereto – for the period necessary to process the inquiry received from the Data Subject or until the moment of effective withdrawal of consent by the Data Subject or effective objection of the Data Subject to the processing of the Personal Data – depending on what occurs first;

4.2.2 sec. 4.1.2 hereto – until the moment of effective objection of the Data Subject to the processing of the Personal Data.

4.3. Subject to the following sentence, provision of Personal Data is neither a statutory or contractual requirement, nor a requirement necessary to enter into a contract; Data Subject is not obliged to provide any Personal Data. However, the Controller informs that in case of non-provision of the minimum scope of the Personal Data allowing for processing of the inquiry received from the Data Subject (email address or phone number), the said inquiry will not be processed by the Controller.

5. SPECIFIC INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA ACQUIRED BY THE
CONTROLLER FROM PUBLICLY ACCESSIBLE SOURCES

5.1. With regard to Personal Data referred to in sec. 1.2 hereto, the Controller processes the Personal Data:

5.1.1 under point (f) of Article 6(1) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of the Personal Data, in particular where the Data Subject is a child) – for direct marketing of own products or services purposes;

5.1.2 only in the scope of common categories of Personal Data. The Controller does not process the Personal Data in the scope of special categories of Personal Data;

5.1.3 until the moment of effective objection of the Data Subject to the processing of the Personal Data.

6. CHANGES TO THE PRIVACY POLICY

6.1. The Privacy Policy is subject to ongoing verification and – if necessary – updating.

6.2. The current wording of the Privacy Policy has been adopted and has been effective since 05/25/2018.

PRIVACY POLICY SCOPE: RECRUITMENT AND ESTABLISHMENT OF EMPLOYMENT OR COOPERATION RELATIONSHIP

1. SCOPE OF PRIVACY POLICY

1. This privacy policy (hereinafter referred to as the “Privacy Policy”) sets forth the terms, grounds and purposes of processing by the Controller Personal Data:

1.1. collected by the Controller from Data Subjects – directly, for the purposes related to recruitment, via recruitment websites, via recruitment agencies or via emails sent by Data Subjects, for the purposes related to recruitment, to email addresses in the domain atendesoftware.pl or atendesoftware.com;

1.2. acquired by the Controller from publicly accessible sources, i.e. social networking or recruitment websites, for the purposes related to recruitment.

2. DEFINITIONS

2.1.Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

2.2. Personal Data – information on a given Data Subject collected by the Controller from that Data Subject or acquired by the Controller from publicly accessible sources, in accordance with section 1 hereto.

2.3. Data Subject – identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the psychical, physiological, genetic, mental, economic, cultural or society identity of that natural person.

2.4. Supervisory Authority – independent public authority which is established by a Member State in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the Union.

2.5. GDPR – regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection

3. INFORMATION REGARDING PROCESSING OF PERSONAL DATA BY THE CONTROLLER

3.1. The Controller is Atende Software sp. z o.o. with its registered office in Warsaw, Ostrobramska 86, 04-163 Warsaw, Poland; email address: info@atendesoftware.pl.

3.2. You can contact the data protection officer appointed by the Controller by sending an email to: iodo@atendesoftware.pl.

3.3. With regard to Personal Data referred to in sec. 1.1 hereto, the Controller processes the Personal Data: Atende Software sp. z o.o. ul. Ostrobramska 86, 04-163 Warszawa tel. +48 22 255 11 00, fax: +48 22 255 15 50 NIP: 113-268-73-65, REGON: 141103558 KRS: 0000287417 Sąd Rejonowy dla m. St. Warszawy, XIII Wydział KRS kapitał zakładowy: 500 000 PLN

3.3.1 in the scope of: name (names) and surname, parents’ names, date of birth, place of residence (correspondence address), education and course of previous employment of Data Subject applying for employment by the Controller – under art. 221 § 1 of the act of 06/26/1974 the Labor Code;

3.3.2 in the scope of: other Personal Data, including PESEL number, of Data Subject being employed by the Controller, as well as names, surnames and dates of birth of children of Data Subject being employed by the Controller if provision of such data is necessary due to the fact that Data Subject has special rights provided for in the labor law – under art. 221 § 2 of the act of 06/26/1974 the Labor Code;

3.3.3 in the scope other than referred to in sec. 3.3.1 – 3.3.2 hereto – under point (a) of Article 6(1) or point (a) of Article 9(1) of the GDPR (Data Subject has given consent to the processing of the Personal Data for one or more specific purposes) – for recruitment or establishment of employment or cooperation relationship purposes.

3.4. With regard to Personal Data referred to in sec. 1.2 hereto, the Controller processes the Personal Data under point (f) of Article 6(1) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of the Personal Data, in particular where the Data Subject is a child) for the purposes of searching for potential employees or coworkers, recruiting them, establishing employment or cooperation relationship with them.

3.5. With regard to Personal Data referred to in sec. 1.2 hereto, the Controller processes the Personal Data only in the scope of common categories of Personal Data. The Controller does not process the Personal Data in the scope of special categories of Personal Data.

3.6. The Controller may provide Personal Data to the suppliers of recruitment portals, portals supporting recruitment processes, recruitment agencies and IT service providers. Due to the fact that the Controller uses the G Suite cloud services provided by Google LLC with its registered office in Mountain View, California, USA (hereinafter referred to as “Google”), the Controller engages Google – in the scope necessary for provision by Google to the Controller of the G Suite cloud services – in the processing of Personal Data, also in third countries. Such an engagement is made in accordance with the GDPR, with the provision of appropriate safeguards. Data Subject may obtain a copy of the Personal Data as well as a copy of legal instruments which are the basis of the said engagement in the processing of Personal Data.

3.7. With regard to Personal Data referred to in sec. 1.1 hereto, the Controller processes the Personal Data for the period:

3.7.1 of recruitment process in relation to which the Controller has collected the Personal Data;

3.7.2 necessary to establish employment or cooperation relationship in case both the Controller and the Data Subject are willing to establish employment or cooperation relationship;

3.7.3 of carrying out the forthcoming recruitment processes in case the Data Subject agreed on processing the Personal Data also within the forthcoming recruitment processes carried out by the Controller,or until the moment of effective withdrawal of consent by the Data Subject or effective objection of the Data Subject to the processing of the Personal Data – depending on what occurs first.

3.8. With regard to Personal Data referred to in sec. 1.2 hereto, the Controller processes the Personal Data until the moment of effective objection of the Data Subject to the processing of the Personal Data.

3.9. Data Subject has the right to request from the Controller access to and rectification or erasure of the Personal Data or restriction of processing concerning the Data Subject or to object to processing as well as the right to the Personal Data portability.

3.10. In case of Personal Data processed by the Controller in accordance with point (a) of Article 6(1) or point (a) of Article 9(1) of the GDPR (Data Subject has given consent to the processing of the Personal Data for one or more specific purposes), Data Subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

3.11. Irrespective of whether the Data Subject withdraws consent to the processing of the Personal Data referred to in point (a) of Article 6(1) or point (a) of Article 9(1) of the GDPR or objects to processing of Personal Data concerning him or her, the Controller may process the Personal Data to the extent that processing is necessary:

3.11.1 for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject;

3.11.2 for the establishment, exercise or defense of legal claims.

3.12. Data Subject has the right to lodge a complaint with a Supervisory Authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the Data Subject considers that the processing of Personal Data relating to him or her infringers the GDPR.

3.13. With regard to Personal Data referred to in sec. 1.1 hereto, the Controller informs that: 3.13.1 with regard to Data Subjects applying for employment by the Controller – provision of Personal Data referred to in sec. 3.3.1 hereto is necessary to take part in the recruitment process while provision of Personal Data referred to in sec. 3.3.2 hereto is necessary to establish employment relationship with the Controller;

3.13.2 with regard to Data Subjects applying for cooperation with the Controller – provision of Personal Data in the scope of: name and surname, contact details, education and course of previous employment or cooperation is necessary to take part in the recruitment process while provision of Personal Data in the scope of: place of residence, PESEL number and – in case of Data Subjects who run a business activity – name of the entrepreneur, place of business and tax identification number is necessary to establish cooperation relationship with the Controller;

3.13.3 in the scope other than referred to in sec. 3.13.1 – 3.13.2 hereto – provision of Personal Data is voluntary and optional and does not affect the possibility of taking part in the recruitment process or establishing employment or cooperation relationship with the Controller

3.14. The Controller does not make any decisions based solely on automated processing of the Personal Data, including profiling, which produce legal effects concerning the Data Subject or similarly significantly affect him or her.

 

4. CHANGES TO THE PRIVACY POLICY

4.1. The Privacy Policy is subject to ongoing verification and – if necessary – updating.

4.2. The current wording of the Privacy Policy has been adopted and has been effective since 05/25/2018.