The following document describes Sii's privacy policy. Sii's privacy policy, hereinafter: the policy defines the rules, methods of processing and use of data as well as information from candidates, customers and users of all websites belonging to Sii, including:
Please read the Policy carefully. By entering or using a website belonging to Sii and sending us any Personal Data in connection with job applications, recommending a friend to work, sending a request for an offer / cooperation, etc. The user accepts the terms of this Policy and confirms that he/she has read its content.
Personal data - defined as Personal data within the meaning of the GDPR, i.e. all information relating to an identified or identifiable natural person. These data identify directly or indirectly a natural person with regards to the name, e-mail address or telephone number of the natural person and other data that, in connection with the above-mentioned, may identify the User.
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general Data Protection Regulation), pursuant to which Sii and its Subsidiaries process Users' Personal Data.
Sii - Sii Ltd. with its seat in Warsaw at Niepodległości Av. 69, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw, XIII Commercial Division of the National Court Register, under KRS number 0000249203, with share capital of PLN 400,000, NIP number: 5252352907.
Specialist - a job candidate offered by Sii to its customers.
Subsidiaries - a company or entity that is directly or indirectly controlled by Sii, where "control" means: (a) in the case of corporate entities, direct or indirect ownership of more than fifty percent (50%) of stocks or shares entitled to vote, or (b) in the case of non-corporate entities, holding directly or indirectly more than fifty percent (50%) of the equity with the power to direct such non-corporate entities. The subsidiary company is, in particular, Sii Sweden.
User - job candidate, newsletter subscriber, competition participant, person asking a question, training participant, person recommending a friend to work and visiting websites belonging to Sii, as well as a person using the candidate's portal.
Services - services provided by Sii electronically, via the website, i.e .: subscribing to the newsletter, sending inquiries via the contact form, sending documents necessary in the recruitment process, application for participation in competitions, application for participation in training, creation of an account on the candidate portal.
By providing personal data on www.sii.pl and any other website that belongs to Sii, the User confirms that he/she has all necessary permissions to disclose personal data that will be later used by Sii in a manner described in this Policy.
Sp. z o. o., al. Niepodległości 69, 02-626 Warsaw, tel. (22) 486 37 37 is the Controller of User’s personal data provided while using any Sii’s website; in particular, while partaking in the recruitment process, conducting training, sending marketing information (e.g. newsletters), accepting participation in conferences or events or using other services available on the website.
A Data Protection Officer has been appointed at Sii: Sebastian Pyzik. A Deputy Data Inspector has also been appointed: Mateusz Goździkowski. In case of any questions regarding regulations concerning personal data processing described in this Policy, contact the Data Protection Officer by sending an e-mail to [email protected].
Sii is a company that has Subsidiaries. All rules on personal data processing by Subsidiaries (including goals, scope, time, conditions of data sharing, exercising user rights) are the same as those described in following chapters of Privacy Policy.
Any definitions set out in Chapter I of this Policy in case of Subsidiaries apply to Users whose Personal Data those Subsidiaries process independently or jointly with Sii and other subsidiaries.
Subsidiaries obtains Users' Personal Data independently via the forms available on their websites or in the event of direct contact between the User and an employee of a subsidiary.
In each Subsidiary, there are internal procedures for the implementation of rights, identical to those applied by Sii. Each User whose Personal Data Subsidiaries process, may submit a request concerning exercising their rights to the e-mail address indicated in the table below. All details regarding the rights are described in Chapter VI of this Policy.
Key information concerning Sii’s Subsidiaries which process personal data in compliance with this Policy is presented below:
Subsidiary | Personal Data Administrator | Internet website | Contact to Personal Data Administrator | Adress for submitting requests |
Sii Sweden | Sii Sweden - Sii Sweden AB with registered office in Livdjursgatan 4,121 62 Johanneshov, registered in the Swedish Business Register (Bolagsverket) under the number 559188 - 7954. | siisweden.se | [email protected] | [email protected] |
Sii Ukraine | Sii Ukraine with its seat in Velyka at Arnauts'ka Street 72, Odesa, Odesa Oblast, Ukraine, 65045, registered in Ukrainian Business Register under the number EDRPOU Code 34599738 | sii.ua | No Personal Data Administrator | [email protected] |
Sii processes Personal Data for various purposes for which it needs a specific scope of Personal Data from the User, and each purpose of processing has its legal basis resulting from the provisions of the GDPR and sectoral regulations that contain regulations regarding the protection of Personal Data:
Purpose of processing personal data | Legal basis for processing personal data | Scope of processed personal data |
Conducting recruitment for the needs of Sii | • Art. 6 para. 1 point a GDPR - consent to the processing of personal data • Art. 221 § 1 of the Labor Code | Full name E-mail addres Phone number Date of birth Information about education Information about work experience, employment history Information about completed courses, trainings Other information contained in the application documents (CV, cover letter) References from previous employers |
Conducting recruitment for projects carried out for Sii customers | • Art. 6 para. 1 point a GDPR - consent to the processing of personal data • Art. 221 § 1 of the Labor Code • Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the administrator of personal data | Full nam E-mail address Phone number Date of birth information about education Information about work experience, employment history Information about completed courses, trainings Other information contained in the application documents (CV, cover letter) References from previous employers |
Sending anwers to Users, to the e-mail addresses or telephone numbers provided by them, to previous inquiries sent via the contact form, as well as to contact the Users and answer their previously sent messages and inquiries. | Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | Full name E-mail address Phone number Company name Data contained in the content of the inquiry |
Sending marketing and promotional information about products and services, events and news, including subscription to the newsletter. | • Art. 6 para. 1 point a GDPR - consent to the processing of personal data • Art. 10 para. 2 of the Act on the provision of services via electronic means | Name and surname (if the e-mail address consists of first name and surname) E-mail address |
Providing the User with marketing information by phone or SMS | • Art. 6 para. 1 point a GDPR - consent to the processing of personal data • Art. 172 para. 1 of the Telecommunications Law | Full name Phone number |
Pursuing and defending rights in the event of mutual claims. | Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | Full name E-mail address Phone number Other data necessary in the process of asserting rights |
Organizing and conducting trainings for Users and employees of Sii customers. | Art. 6 para. 1 point b GDPR - conclusion and performance of the contract between the User and Sii | Full name Email address Phone number (address of residence /registered office) Post code City |
Organization and conducting of competitions | Art. 6 para. 1 point a GDPR - consent to the processing of personal data | Full name E-mail address Address of residence (this applies to Users-winners ofcompetitions) Post code City |
Organization of conferences, seminars, events, webinars | Art. 6 para. 1 point a GDPR - consent to the processing of personal data | Full name E-mail address Phone number |
Profiling the data held in order to better match marketing information and job offers to the User's preferences | Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | Full name E-mail address Device's IP address Data obtained from the User for the conduct of the recruitment process Data obtained from the User in connection with conducting marketing activities |
Contacting customers' and suppliers' representatives to coordinate activities under the contracts. Conducting negotiations, discussions with potential suppliers / customers | Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | Full name Work e-mail address Work phone number Job posiiton Entity name PESEL number (applies only to persons entered in the National Court Register) |
The following chapters provide more detailed information on the Personal Data processed:
Legitimate interest is one of the legal grounds provided for in Art. 6 para. 1 GDPR, which assumes that there are situations in which the Personal Data Administrator may perform specific processing of Personal Data. Such legitimate interests that we use at Sii include:
In the event of contact with the User in order to provide an answer, the legal basis for the processing of Personal Data is the legitimate interest of Sii as the administrator of Personal Data provided on the contact form (Art. 6 para. 1 point f GDPR). The legitimate interest is manifested in the possibility of responding to the inquiry sent, providing the User with a comprehensive answer. Without the processing of Personal Data, in particular contact data, we will not be able to provide an answer, and thus, help in resolving an issue indicated in the inquiry.
The processing of personal data generally continues until the purpose for which the Personal Data was obtained and processed and stored, for the purpose of achieving it, ceases to exist. After achieving the goal or its termination, Sii removes all personal data obtained from the User. However, there are situations in which Sii stores Personal Data even if the purpose of processing has been achieved or will no longer be achieved. This is due to legal requirements or business needs.
Importantly, the provisions of the GDPR make it possible to show the exact duration of the storage of Personal Data (days / weeks / months / years) and to indicate the criteria for data storage for a given period of time, e.g. "for the period of limitation of the User's potential claims against Sii", "until withdrawal consent to the processing of Personal Data ".
Below, information on the storage periods of Personal Data.
Purpose of processing personal data | Personal data storage period | The basis for the storage of personal data | What does the retention period result from? |
Conducting recruitment for the needs of Sii | Until the consent to the processing of Personal Data is withdrawn | Art. 6 para. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - candidate. |
Conducting recruitment for projects carried out for Sii customers | Until the consent to the processing of Personal Data is withdrawn 5 years after the completion of the recruitment process at the customer with a negative result | • Art. 6 para. 1 point a GDPR - consent to the processing of personal data • Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | Sii's authorization obtained based on the consent of the User - candidate. Data storage for 5 years - requirements set out in contracts with customers regarding the prohibition of Sii from offering again a previously rejected candidate. |
Sending answers to Users, to the e-mail addresses or telephone numbers provided by them, to previous inquiries sent via the contact form, as well as to contact the Users and answer their previously sent messages and inquiries. | 2 months | Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | Mechanisms set up in the IT system to remove messages-inquiries after they are handled by a dedicated employee |
Sending marketing and promotional information about products and services, events and news, including subscription to the newsletter. | Until the consent to the processing of Personal Data is withdrawn | Art. 6 para. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - recipient of marketing materials. |
Providing the User with marketing information by phone or SMS | Until the consent to the processing of Personal Data is withdrawn | Art. 6 para. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - recipient of marketing materials. |
Pursuing and defending rights in the event of mutual claims. | Limitation period for potential claims | Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | A right resulting from legal provisions (especially the Civil Code) |
Organizing and conducting trainings for Users and employees of Sii customers. | Time to organize and conduct the training. Limitation period for potential claims. | • Art. 6 para. 1 point b GDPR - conclusion and performance of the contract between the User and Sii • Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | Implementation of the training contract between the User and Sii, the contract concluded by subscribing to the training. A right resulting from legal provisions (especially the Civil Code) |
Organization and conducting of competitions | Time to organize and conduct the competition | Art. 6 para. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - competition's participant |
Organization of conferences, seminars, events, webinars | Time of organization and implementation of the event / seminar / conference / webinar | Art. 6 para. 1 point a GDPR - consent to the processing of personal data | Sii's authorization obtained based on the consent of the User - participant of the event / seminar / conference / webinar. |
Profiling the data held in order to better match marketing information and job offers to the User's preferences | Until the User objects to further profiling | Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | Business need to match marketing information / job offers to have information provided by or obtained from the User or available on professional social networks such as LinkedIn / Goldenline. |
Contacting customers' and suppliers' representatives to coordinate activities under the contracts. Conducting negotiations, discussions with potential suppliers / customers | The time of Sii's cooperation with a customer / supplier or the period of negotiations with a potential supplier / customer. Limitation period for potential claims (3 - 6 years). | Art. 6 para. 1 point f GDPR - legitimate interest of Sii as the Administrator of personal data | Agreements concluded with suppliers and customers. A right resulting from legal provisions (Civil Code) |
Ensuring the quality of services provided through the Sii Contact Center | • The time necessary to answer the question asked by the User or to take the action requested by the User. • The time necessary to evaluate the actions taken by Sii as a result of the conversation. • The period of limitation of potential claims (5 years). | Art. 6 para. 1 point a GDPR - consent to the processing of personal data | A right resulting from legal provisions (Civil Code). |
The abovementioned list of store periods for Personal Data is general and does not contain details that are relevant in each case. The mentioned details were recorded:
There are situations in which Sii transfers the User's Personal Data to other external entities - companies, entrepreneurs or public institutions. The transfer of Personal Data results from:
The transfer of Personal Data takes place in the form of sharing or entrusting them. Below is an explanation of the differences between the indicated forms.
Sharing Personal Data | Entrusting Personal Data |
Enstrusting Personal Data consists of transferring data to another entity based on one of the legal grounds specified in the provisions of the GDPR - specifically: Art. 6 para. 1. i.e. User's consent (point a) Performance of the contract between the User and Sii (point b) Provision of law authorizing or obliging Sii to provide Personal Data (point c) Sii's legitimate interest as the Personal Data Administrator resulting from the provisions of law (point f). Note: other grounds: vital interests (point d) and acting in the public interest (point e) do not apply to Sii, as it does not conduct activities for which it obtains and processes Personal Data on their basis. | Entrustment is the transfer of Personal Data based on Art. 28 GDPR - Sii, as the Administrator of Personal Data, transfers them to another entity by concluding a special so-called contracts for entrusting the processing of personal data. |
Sii provides or entrusts Personal Data to the following entities:
Sharing Personal Data | Entrusting Personal Data |
Sii customers (in the scope of contact details of representatives) | Entities providing mass marketing e-mail / SMS mailing services |
Sii's potential customers (in the scope of contact details of representatives) | Entities providing services that conduct certification exams at the end of courses and training |
Suppliers (in the scope of contact details of representatives) | Training providers |
Public administration bodies authorized under the provisions of law | Entities intermediating in the organization of events (owners of portals for registering for events) |
Sii provides Users' Personal Data to its customers in connection with their recruitment for the purpose of employment, then delegation to provide services under the outsourcing of specialists or entire teams. Sii has concluded appropriate agreements and contracts specifying the rules for disclosing Personal Data. Each User has the right to access information to which customer Personal data has been made available on the terms set out in Chapter V of this Policy.
Sii is a company that has Subsidiaries, in particular Sii Sweden. Due to the fact that the Subsidiaries use IT systems belonging to Sii for organizational facilitation in the implementation of recruitment and marketing purposes, managing relations with customers, suppliers, etc., Sii transfers Users' Personal Data to its Subsidiaries. The transfer of Personal Data to subsidiaries is carried out pursuant to Art. 6 para. 1 point f GDPR, i.e. the legitimate interest of Sii as the Personal Data Administrator. The legitimate interest manifests itself in the following matters:
The transfer of Personal Data to the Subsidiaries takes place by enabling the employees of these companies to access the CRM system belonging to Sii. And the use of one, common CRM system for the abovementioned purposes is the so-called co-administration of Personal data, i.e. Sii and its Subsidiaries jointly decide on the purposes (for what?) and methods (how?) of processing Users' Personal Data. In order to protect Personal Data, Sii has concluded special agreements with its subsidiaries - agreements for the co-administration of Personal Data. In the context of Subsidiaries based in a country not belonging to the European Union or the European Economic Area, Sii concluded additional contractual clauses with such subsidiaries securing the processed data and meeting the requirements of Art. 44-49 GDPR. These clauses are concluded due to the fact that in the case of subsidiaries based in a country outside the European Union or the European Economic Area, the rules set out in the GDPR do not apply to Personal Data processed by such entities.
Each User has the rights related to the processing of his Personal Data by Sii, in accordance with Chapter III: Art. 15-22 GDPR:
What law? | What is it? | Situations excluding the implementation of the law |
The right to access one's Personal Data (Art. 15 GDPR) | The User receives a list of Personal Data obtained from him by Sii and processed in documents and IT systems. | None |
The right to rectify the processed data (Art. 16 GDPR) | The User may report the need to update, supplement the Personal Data provided to Sii or request correction if Sii uses incorrect data. | None |
The right to delete data ("the right to be forgotten") (Art. 17 GDPR) | Sii deletes all Personal Data obtained from the User. This right is exercised without undue delay in one of the following circumstances: 1) The Personal Data held are no longer needed by Sii to achieve the purpose or the purpose for which the Personal Data is processed has expired. 2) The User has withdrawn consent to the processing of Personal Data, which is the only legal basis for Sii (Art. 6 para. 1 point a GDPR). 3) The User objects to the further processing of his Personal Data, based on the legitimate interest of Sii as the Personal Data Administrator (Art. 6 para. 1 point f GDPR). 4) Sii processed Personal Data contrary to the applicable law. 5) The law requires the deletion of Personal Data. | Legal provisions that require further processing - the storage of Personal Data despite the lack of purpose for their processing. Considerations of public interest in the field of public health. Archival purposes. Establishing, pursuing or defending claims by Sii or the User. |
Right to restriction of processing (Art. 18 GDPR) | The User may request the restriction of the processing of his Personal Data, i.e. he may oblige Sii, for example, not to disclose them to another entity to be used for the implementation of marketing mailing, to withhold access to them by Sii employees. The User may exercise this right in the following situations: 1) He has doubts as to the correctness of Personal Data held by Sii and wants to clarify any doubts. 2) Sii no longer needs the data to achieve the goal, but the User does not want them to be deleted in order to be able to pursue claims against Sii or defend against them. 3) The User has objected to further data processing and wants to receive information from Sii whether his legitimate interests as the basis for the processing of Personal Data override the interests and rights of the User. | None |
Right to transfer of Personal Data (Art. 20 GDPR) | The User may submit a request for Sii to prepare a report / statement with his Personal Data, and then for Sii to provide the report / statement to another entity - the Personal Data Administrator. This right is exercised if: 1) Sii processes Personal Data based on the User's consent or the data is necessary for the performance of the contract between Sii and the User. 2) Personal data is processed in an automated manner = in IT systems. | None |
Right to object to further data processing (Art. 21 GDPR) | The User may object to Sii against further processing of their Personal Data, regardless of the reason. From the moment the objection is raised, Sii cannot continue processing Personal Data. | Sii will prove to the User that its own legitimate interests for data processing override the User's rights. The data is processed for the purposes of scientific, historical or statistical research. |
The right not to be subject to decisions based solely on automated processing, including profiling (Art. 22 GDPR) | The User has the right to be assessed on the basis of comprehensive actions based on the Personal Data obtained from the User, not only by special algorithms that bring the data together, but also by actions taken by employees. | Making decisions is necessary for the performance of the contract between Sii and the User. The law authorizes to make such decisions. The user has consented to such decisions. |
The right to withdraw consent to the processing of Personal Data (Art. 7 sec 3 GDPR) | The User may revoke the previously expressed voluntarily consent to the processing of his Personal Data. Wherever consent is the only legal basis for Sii to process Personal Data, this right is strictly enforced. That is, inter alia: 1) conducting recruitment processes; 2) sending newsletters; 3) participation in the competition. | None |
The right to file a complaint against the processing of Personal Data (Art. 13 para. 2 point d GDPR; Art. 14 sec 2 point e GDPR) | The user may notify the GDPR control authority - in Poland it is: The President of the Office for Personal Data Protection, that Sii violates the provisions of the GDPR, that, for example, it fails to secure data, has obtained more data than is actually necessary for a specific purpose. Contact details: Polish Data Protection Commissioner (Urząd Ochrony Danych Osobowych) Stawki 2, 00-193 Warsaw, www.uodo.gov.pl, e-mail: [email protected], telephone number: 606-950-000 | None |
The implementation of each of the above rights takes place at the User's request sent to [email protected]. Sii examines the submitted application and sends a reply within 1 month from the date of receipt of the application together with an indication of the result of the examination - what specific actions have been taken with the estimated time for the processing of the entire application, if specific activities require a longer processing time.
Sii reserves the right to respond to a request for the exercise of any right later than the abovementioned date: up to two months (resulting from Art. 12 para. 3 GDPR), due to the number of inquiries or the complex nature of the inquiry sent. By complexity, we understand the need to compile data from many IT systems or the need to consult more than one person from a department or departments in order to obtain information that is the subject of the application. In each case, Sii undertakes to inform the User about this fact, providing justification.
Sii also reserves that it may refuse to exercise any of the rights specified in Art. 15 - 22 of the GDPR in a situation where the User submits applications in a continuous, excessive manner, without any justification. Each time Sii will justify the refusal to exercise the right indicated in the application. By persistent and excessive nature, we mean sending subsequent requests with a similar request to the original one, despite the examination and notification of its processing, e.g. The User sends the request for access to information, Sii executes it - it sends a summary of the information it has, and the User sends the second and the same request again, without explaining the reason for the repeated request for information.
Under the right to withdraw consent, the User may at any time withdraw consent to further processing of Personal Data for purposes that require consent, provided that the withdrawal of consent does not affect the lawful use of Personal Data in activities based on consent before its withdrawal. The following chapters provide details on how to withdraw consent for a specific purpose (recruitment, marketing, competitions, etc.)
Under the right to access information, the User is entitled to obtain the following information in the form of a report or statement:
Sii also informs that each subsequent copy of Personal Data is associated with a fee resulting from the costs incurred in connection with the creation of another copy of Personal Data. Sii notifies the User about the costs after assessing the scope of the information indicated in the application.
With regards to the right to delete Personal Data, Sii deletes not only data obtained from the User himself, but also information obtained as a result of the analyzes, e.g. information about the User's interests in specific categories of information, products, services based on the User's-consumer activities; information about the professional experience of the User-candidate obtained as a result of the interview, the candidate's own assessment based on the course of the interview.
Exceptions to the implementation of the law, shown in the table, result from applicable law. Sii analyzes each case of an exception individually for each case - the relationship between Sii and the User.
What is crucial, this right shall always be executed. Legal or internal - business requirements are only factors that extend the full implementation of the request for the removal of Personal Data.
The right to object to the further processing of Personal Data is that the User indicates that he does not want his Personal Data to be used for purposes that are pursued as legitimate interests within the meaning of Art. 6 para. 1 point f GDPR. After receiving the objection, Sii analyzes whether the objection may be taken into account or whether there are grounds to reject it, as it is not an absolute right. There may be situations in which the User's right to object to further data processing will make it impossible for Sii to achieve the goal. Examples of the purposes of processing Personal Data in a legitimate interest, where the objection may be disregarded:
Each case is analyzed individually. The result of the analysis, together with the decision and justification for not considering the objection, is sent to the User by Sii as part of the examination of the submitted application.
If the analysis shows that Sii has no prerequisites for further processing of Personal Data, the objection is accepted and Sii deletes the Personal Data.
With regards to the right not to be subject to decisions based solely on automated processing, including profiling - it is important that no automated activities are performed at Sii. Employees compile Personal Data, as discussed in more detail in Chapter XII of this Policy. Typical automated processing activities are e.g. carrying out a creditworthiness assessment.
As Sii, we recruit for our own needs and for customers, to whom we provide specialist delivery services or specialist teams, so-called body leasing. Therefore, we would like to inform you that the data of the User - candidate (hereinfrom in this chapter: candidate) may also be processed by Sii customers, as mentioned in the content of the job advertisement, indicating that we are recruiting for the customer.
The legal basis for the acquisition and processing of Personal Data for recruitment by Sii is the candidate's consent (Art. 6 sec 1 point a GDPR). At the same time, we would like to inform you that by agreeing to the recruitment processes, this consent will apply to both recruitment for a specific position included in the job advertisement, and for future recruitment for similar positions tailored to the profile and professional experience. As a candidate, you can withdraw your consent to further processing at any time, in accordance with Chapter VIII of this Policy, which, however, does not affect the lawful use of Personal Data in activities carried out on the basis of consent before its withdrawal.
However, it is important to emphasize that there is a specific scope of Personal Data obtained from the candidate, which results directly from the law - Art. 221 § 1 of the Labor Code, which fills in Art. 6 para. 1 point c GDPR - a legal provision authorizing or obliging to obtain and process Personal Data. These are the following data:
Other data, incl. regarding the assessment of the candidate's competences from previous employers, public image, Sii acquires on the basis of the candidate's voluntary consent.
As far as the sources of obtaining Personal Data for the purpose of recruitment processes are concerned, these are the following:
As mentioned at the beginning of the chapter, Sii recruits for its own needs and for its customers. Recruitment for customers is carried out:
Generally, Sii first recruits, conducts interviews and technical tests (verification of practical skills). The result of the interview is a decision whether the candidate will be offered to the customer or not. If so - the recruiting employee prepares a CV in a special format, consisting of the candidate's data such as: name, date of birth, description of education, work experience, completed courses and training.
The CV prepared in this way is forwarded to the customer by an employee representing Sii in contacts with the customer. The customer verifies the candidate presented and decides whether they wish to conduct an interview. If so - the customer arranges an interview with the candidate through the Sii employee responsible for contact with the customer. After the interview, the customer decides whether or not to hire a candidate.
In the context of Personal Data provided to the customer and processed by him, the following issues are relevant:
An important issue in recruiting for customers are additional requirements on the part of some customers to carry out the so-called background check. This process consists of verifying the information provided by the candidate in the CV: information about education, work experience, completed courses, training, language skills (level of proficiency in foreign languages). Verifications are carried out by Sii in accordance with the requirements specified in the cooperation agreements. They are followed by, among others:
In addition to the above, the customer may require a background check extended to include information on criminal record, credit history, and financial matters (debt). In Poland, there is a general prohibition of verification of the abovementioned information, except for the exceptions specified directly in Polish law (banking law, provisions on the rules for obtaining information on a clean criminal record, etc.). Therefore, in contracts with customers, Sii agrees that the background check of the information contained in the CV is carried out by Sii, and in the field of no criminal record, credit history, and financial matters, the customer conducts the background check on the candidates.
Recruitment processes are conducted by Sii independently, however, there are situations where Sii seeks and recruits a candidate together with its subsidiaries. Such situations are related to recruitment for customers, especially those with extensive structures - with branches in many countries, which means that work for customers is carried out jointly, the supply of specialists or teams of specialists is carried out jointly. Joint recruitment allows the Subsidiaries to have access to the Personal Data of candidates in the CRM system belonging to Sii.
In the context of the GDPR, the candidate's Personal Data is shared with the customer. The legal basis for disclosure is a legitimate interest (Art. 6 para. 1 point f GDPR) resulting from the concluded body leasing contract with the customer, in which the customer requires the transfer of Personal Data in order to verify the candidates presented and their professional competences, whether they are adequate for the service that the Specialists would perform.
By submitting an inquiry or signing up for a training, conferences or other event organized by Sii, the User may consent to processing of personal data in order to receive marketing information on products and services offered by Sii, including newsletters. The rules for obtaining such consent have been described in the chapter VI points 1-2 of this Policy. The consent may be withdrawn anytime taking into consideration rules defined in the chapter VIII of this Policy.
User’s consent for processing personal data (Art. 6 para. 1 point a GDPR) is the legal basis for sending newsletters. It can be granted while providing one’s e-mail address in the newsletter subscription form or gated content as well as by checking a box while completing a contact or recruitment form. Providing the e-mail address in the newsletter subscription form is a clear affirmative action of consenting to processing personal data as defined in the Art. 4 para. 11 of GDPR regarding the definition of consent as well as connected 32nd motif of GDPR explaining the clear affirmative action.
According to the abovementioned motif, a clear affirmative action includes informing Sii that User’s e-mail address provided in the form may be used for sending newsletter that includes Sii’s promotional information. It is one of acceptable forms of consenting to using provided e-mail address for the defined purpose (such forms also include checking a box located near the content of the consent).
Consent to sending unsolicited marketing information, according to Art. 10 of rules for electronically supplied services and Art. 172 para. 1 of Telecommunication Act, is provided by the user independently and separately by checking a dedicated box located near the content of the consent.
In order to obtain some materials uploaded to Sii’s website, it may be necessary to complete a form that requires providing personal data. Such data will be processed according to the consent (Art. 6 para. 1 point a GDPR) expressed by a clear affirmative action. If the User wishes to receive other marketing information, he/she may state so by checking a relevant box. If the User will not state so, it means that he/she is not interested in receiving other information thus Sii will not send it.
One of the areas of Sii's activity are open and dedicated training for Sii's customers and any other interested person. Therefore, Sii will process the Personal Data of Users declaring participation in training, to the extent necessary to carry out matters related to the training. Details on the purposes for which the Users' Personal Data - training participants are processed and other information are specified in the dedicated chapter on the protection of Personal Data in the Training Regulations available at the time of enrollment for the training.
Sii processes Users' personal data in connection with organizing and conducting events. By signing up for the event - using a special form or by sending an application to a dedicated e-mail address - the User gives consent to the processing of his Personal Data for the implementation of all activities related to the organized event. Consent stands for the legal basis for data processing (Art. 6 sec 1 point a GDPR) expressed in the form of an explicit affirmative action. The User may at any time withdraw consent under the rights in accordance with Chapter VI, but this means that he / she will not be able to continue participating in the event. Details on the purposes for which the Users' Personal Data - event participants are processed and other information are specified in the dedicated chapter on the protection of Personal Data in the Training Regulations available at the time of enrollment for the event.
Sii processes Users' personal data in connection with organizing and conducting events. By signing up for the competition - using a special form or by sending an application to a dedicated e-mail address - the User gives consent to the processing of his Personal Data for the implementation of all activities related to the organized competition. Consent stands for the legal basis for data processing (Art. 6 para. 1 point a GDPR) expressed in the form of an explicit affirmative action. The User may at any time withdraw consent under the rights in accordance with Chapter VI, but this means that he / she will not be able to continue participating in the competition. Details on the purposes for which the Users' Personal Data - competition participants are processed and other information are specified in the dedicated chapter on the protection of Personal Data in the Training Regulations available at the time of enrollment for the competition.
Sii records voice conversations of Users calling the Sii Contact Center number. Therefore, it processes Personal Data in the form of the voice of the caller and other Personal Data provided by the User during the call. The aim of the data processing is to answer the questions asked by the User during the call, undertake the actions requested by the User, ensure the quality of services offered by Sii, and assert possible claims resulting from the conversation. The basis for processing the Personal Data is the consent (Art. 6 sec. 1 point a GDPR) expressed by the User calling Sii Contact Center. The User may withdraw consent at any time within the framework of their rights, in accordance with Chapter VI, which, however, does not affect the lawful use of Personal Data in activities performed on the basis of consent prior to its withdrawal. Furthermore, withdrawal of consent may prevent Sii from responding to the question asked by the User or from taking actions requested by the User. Call recordings are stored by Sii for a period of 5 years, after which they are permanently deleted. Call recordings are not made available to other external entities except for situations concerning state bodies and strictly required by law.
Sii processes Personal Data of:
Detailed information is presented below:
Personal Data Controller: | Sii |
Source of obtaining Personal Data: | Public registers of business entities (applies to persons representing a business entity) Employees of the customer / potential customer / supplier / potential supplier |
Purpose of processing Personal Data | Coordination of cooperation. providing necessary information related to the contract, settlement of work performed, ensuring the safety of personnel, property and information belonging to Sii. |
Legal basis: | Art. 6 sec 1 point f GDPR - legitimate interest of Sii as the administrator of personal data |
Scope of processed personal data | Full name Work e-mail address Work phone number Job posiiton Entity name PESEL number (applies only to persons entered in the National Court Register) |
Personal data storage period | The time of Sii's cooperation with a customer / supplier or the period of negotiations with a potential supplier / customer. Limitation period for potential claims |
Recipients of Personal Data | Public administration bodies authorized under the provisions of law Entities providing cloud solution delivery services Subsidiary companies |
Personal Data protection rights | Details are presented in Chapter V of this Policy |
In Sii, profiling is understood as a form of automated processing of personal data that includes using some of User’s personal data. Obtained data may include information from social media profiles, location or data provided by Users via Sii’s website. It allows Sii to:
The tools used by Sii for profiling link the data provided by the User during the recruitment process or as a result of receiving a newsletter with the data available, e.g., in social networks – which were provided by the User themselves. Data binding allows Sii to create User’s profile which can be used in:
Owing to that, we do not sent irrelevant and unwanted information as well as reduce the risk of creating spam.
An example of such activities may be binding data provided during recruitment process (e.g. CV, covering letter) and contact data (e.g. e-mail, phone number) with information provided on websites such as LinkedIn or Goldenline (e.g. identification and contact data, professional experience description, education, skills or interests). In this case, binding data means connecting information from own IT systems (such as job candidate data kept in CRM) with information provided online.
Using the profiling tool influences the scope of information sent to the User e.g. content of newsletter that may include information on trainings, events, current promotions or discounts. In case of recruitment, the obtained data allows making a decision whether the User should be still processes as a job candidate, have technical tests or be presented to a customer.
All of the abovementioned aspects of using the tools and its effects are the justified interest of Sii as a Data Controller (Art. 6 sec 1 point f GDPR). The reason being that personal data obtained by the tools allows Sii to make decisions that enable decreasing the operational cost of recruitment processes, marketing activities that aim at building Sii’s reputation as a reliable company which focuses on the quality of provided services and worker satisfaction as well as respecting User’s needs and requirements in terms of sent information.
Sii ensures that information or data gained by the tools are used only for purpose described above and are not shared with other parties that specialize in creating such profiles. The User may object to profiling at any given moment according to chapter VIII, points 6-7 of this Policy. As a result, the User will not receive any marketing or sales information as well as updates with job offers tailored to his/her profile or competences. In addition, it also means that Sii will stop using the tool to profile this User’s personal data but is still able to process it in case of having a different legal basis e.g. consent.
Sii has implemented appropriate (organizational and technical) security measures to protect personal data from loss, misuse, unauthorized processing or modification. Sii is obliged to protect any information disclosed by Users in accordance to security and confidentiality standards.
Sii has implemented the Information Security Management System that is certified as compliant with international ISO 27001 security norms which ensure that Sii operates according to GDPR regulations in terms of implemented security measures for processing personal data (Art. 32 GDPR). Sii has proper procedures for managing accesses to IT systems that disable unauthorized workers from processing data. Sii’s workers are subjected to regular trainings regarding secure processing of personal data and current threats. In order to guarantee the security of personal data provided by the users, Sii uses dedicated SSL certificates that use data encryption keys based on most reliable encryption algorithms such as RSA or SHA (min. 1024 bites) to transfer data provided on Sii’s websites to IT systems.
The websites belonging to Sii (including www.sii.pl) use cookies. By using these websites, the User agrees to the storing of cookies on the device with which they enter the website, as explained below.
Cookies are small text files sent to the User’s browser by a site they visit at a given time. Cookies allow it to remember information about the visit. As a result, on subsequent visits, the site is easier to use and better adapted to the User’s preferences.
Settings regarding cookies used on the www.sii.pl and other websites may be modified via our website or via a third-party website. Cookies are used by Sii to:
Types of cookies used by Sii:
The User may block saving cookies by accessing the preference settings in the cookies window that appears when visiting the website for the first time, accessing the “Cookie Settings” link located in the footer of the website, or changing their browser settings. Disabling cookies may affect the functioning of the website.
In relation to the development and progress of technology and changing regulations, the principles set out in this Privacy Policy may change. Any changes to these rules will be communicated to Users by publishing the new contents of this document on the www.sii.pl/en/privacy-policy/ website.
Are you sure you want to leave this page?
Är du säker på att du vill lämna sidan?