Privacy Policy – Scope and Purpose

1. Introduction

This Privacy Policy sets out the principles governing the processing of personal data by Re-cruiter sp. z o.o., as well as by entities affiliated with it either by capital or organisational ties (jointly referred to as the Re-cruiter Group). The Re-cruiter Group operates as a temporary employment agency and provides recruitment, HR consulting, and employee placement services to external clients.
This Policy applies to personal data collected and processed in connection with:
• the conduct of recruitment procedures and the provision of temporary staffing services;
• the management of business relationships with clients and contractors;
• the use of digital tools, including the company website, contact forms, and electronic communications.
The Re-cruiter Group ensures that all personal data are processed in compliance with applicable laws, in particular:
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR);
• the Polish Personal Data Protection Act;
• and other relevant provisions of national and European Union law.

The purpose of this Policy is to provide clear and transparent information regarding the processing of personal data and to ensure that such processing is carried out in accordance with legal requirements. In particular, the document sets out:
• the identity and contact details of the data controller;
• the categories and scope of the personal data processed;
• the purposes and legal bases for processing;
• the categories of data recipients and the rules governing data disclosure;
• information on possible transfers of data outside the European Economic Area (EEA);
• and the rights of individuals whose data are processed.

The Re-cruiter Group undertakes to process personal data in accordance with the principles laid down in the GDPR, including the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

The purpose of this Policy is to ensure transparency regarding the principles governing the processing of personal data and to guarantee that such activities are carried out in compliance with applicable legal provisions. This document provides information on:
• the data controller and its contact details;
• the scope and nature of the personal data being processed;
• the purposes and legal bases of the processing;
• the categories of recipients and the conditions for data disclosure;
• any potential transfers of personal data outside the European Economic Area (EEA);
• the rights of individuals whose data are being processed.

The Re-cruiter Group is committed to processing personal data in accordance with the principles set out in the GDPR, with particular regard to the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

2. Data Controller

The controller of personal data processed in connection with business operations is Re-cruiter sp. z o.o., with its registered office in Warsaw, at ul. Bracka 3/1A, 00-501 Warsaw, entered into the Register of Entrepreneurs of the National Court Register (KRS) under number 0000773344, NIP (Tax ID): 7010908839, REGON (Statistical Number): 382632617.
Re-cruiter sp. z o.o. also acts as the general partner in the following limited partnerships:
• Re-cruiter sp. z o.o. Experts sp.k., with its registered office in Warsaw, ul. Bracka 3/1A, KRS: 0001172441, NIP: 7011260300, REGON: 541727192;
• Re-cruiter sp. z o.o. Global sp.k., with its registered office in Warsaw, ul. Bracka 3/1A, KRS: 0001174523, NIP: 7011263379, REGON: 541930154;
• Re-cruiter sp. z o.o. Progress sp.k., with its registered office in Warsaw, ul. Bracka 3/1A, KRS: 0001174527, NIP: 7011263362, REGON: 541930007.

Each of the above entities processes personal data independently, in its own name, as a separate data controller, and makes autonomous decisions regarding the purposes and means of processing such data.
If you have any questions regarding which entity is processing your personal data, for what purpose, and on what legal basis, please contact us using the contact details provided later in this Policy.
For matters related to personal data protection, you may also contact our designated Data Protection Officer (DPO) by email at: rodo@re-cruiter.eu

3. HR Technologies and Automated Data Processing

As a provider of employment and recruitment services, the Re-cruiter Group implements modern technological solutions aimed at enhancing the efficiency of HR processes and improving the matching of candidates to job offers.

In the course of its operations, the Re-cruiter Group uses IT systems that enable, among other things:
• the preliminary assessment of a candidate’s profile in relation to the requirements defined in job offers;
• the retrieval of supplementary information not included in application documents;
• the automated provision of feedback regarding employment opportunities or alternative available positions;
• supporting candidates in career planning by identifying areas in which upskilling may be beneficial.

In selected cases, interactive communication tools – such as chatbots – are also used to allow candidates to conveniently supplement their information at any time and to receive answers to frequently asked questions without the need for direct contact with a recruitment consultant.

The technologies applied support Re-cruiter Group specialists in analysing large data sets and allow resources to be focused on those stages of the recruitment process that require individual consideration, expert knowledge, and personal assessment.

The Re-cruiter Group does not engage in fully automated decision-making within the meaning of Article 22 of Regulation (EU) 2016/679 (GDPR). This means that all decisions concerning the qualification of a candidate for further stages of recruitment or potential employment are made by a human, with due regard for legal requirements, professional ethics, and the interests of the data subjects.

The processing of personal data for the purposes described above is based on the legitimate interests pursued by the data controller (Article 6(1)(f) of the GDPR). Data subjects have the right to object to such processing, in accordance with the information provided later in this Policy.

4. Recipients of Personal Data

In the course of its business operations, the Re-cruiter Group — comprising Re-cruiter sp. z o.o. and other entities affiliated by capital or organizational ties — may disclose personal data to specific categories of recipients, solely to the extent necessary for the fulfilment of legal obligations, the performance of contracts, or the pursuit of the data controller’s legitimate interests.
Personal data may, in particular, be shared with the following categories of recipients:
• Entities forming part of the Re-cruiter Group – acting as separate data controllers, to the extent required for conducting recruitment processes, managing HR-related projects, and maintaining consistent service standards;
• Clients of the Re-cruiter Group – to the extent necessary for presenting candidates, conducting recruitment procedures, and entering into or performing cooperation agreements;
• Providers of payroll and HR services – including salary calculation, tax and social security settlements, and the preparation of statutory declarations (e.g., ZUS and PIT);
• IT solution providers – in particular, operators of applicant tracking systems (ATS), cloud service providers, database administrators, and suppliers of tools supporting operational processes;
• Communication and marketing service providers – to the extent necessary for organising events, sending recruitment-related communications, conducting informational campaigns, or maintaining contact with candidates and clients (e.g., through CRM systems, email marketing tools, or messaging platforms);
• External professional advisors and auditors – to the extent required for conducting audits, ensuring legal compliance, providing consultancy services (including tax advice), or representing the data controller before external institutions;
• Banks and insurance institutions – in connection with the processing of salary payments, handling of employee insurance, opening of bank accounts, and transmission of financial data;
• Public administrative bodies – such as the Social Insurance Institution (ZUS), tax offices, the National Labour Inspectorate, or the National Revenue Administration – only where the disclosure of data is required by law;
• Law enforcement and judicial authorities – including courts, public prosecutors, and the police – strictly in situations where the obligation to disclose data arises from ongoing legal proceedings or an official decision issued by a competent authority.

5. Transfer of Personal Data in Specific Cases and to Third Countries (Including Ukraine)

● Personal data may also be processed outside the European Economic Area (EEA), in particular in the territory of Ukraine, by authorized employees of the Re-cruiter Group – including members of call center teams – operating within the same capital group structure. Such processing takes place solely to the extent necessary for the performance of duties, such as contacting candidates and conducting recruitment
and operational processes. The data is not shared with independent third parties.
● Data transfers are carried out via an internal IT system, with the application of appropriate technical and organizational measures – in particular access control, assignment of permissions, and ensuring confidentiality – in accordance with Article 32(1)(b) and (d) of the GDPR, as well as internal security procedures in force within the Re-cruiter Group. Access to the data is granted only to authorized individuals.
● In cases of data processing outside the EEA, safeguards required under Regulation (EU) 2016/679 are applied, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission (Article 46(2)(c) GDPR). Where necessary, additional organizational or contractual measures are implemented to ensure an adequate level of data protection.
● In the event of organizational changes or alterations to the ownership structure of the Re-cruiter Group – such as mergers, divisions, restructurings, or transfers of business – personal data may be transferred to the acquiring entity or new owner, in compliance with applicable legal provisions and with the necessary safeguards in place.
● Any data subject may contact the Data Controller to request detailed information on the safeguards applied, and – in justified cases – to obtain a copy of the data transferred outside the EEA. Contact details are provided in the “Contact” section of this Policy.

6. Data Protection Measures

The Re-cruiter Group applies appropriate technical and organisational measures to ensure the security of the personal data it processes, particularly to protect such data against unauthorised access, disclosure, loss, destruction, alteration, or any other breach of integrity. As part of its data protection efforts, the following safeguards have been implemented, among others:
● restriction of access to personal data solely to authorised employees and cooperating entities, to the extent necessary for the performance of their official duties or contractually defined purposes;
● implementation of technical safeguards, such as data encryption, individual access passwords, firewalls, authorisation mechanisms, and antivirus protections;
● ongoing monitoring of the integrity of IT systems, along with their regular maintenance and updates;
● implementation of internal procedures for access control and user privilegemanagement;
● conducting training sessions and awareness-raising activities for employees and contractors regarding data protection and information security.

In cases where the processing of personal data is outsourced to external entities — e.g., IT system providers, cloud service operators, or payroll and HR service providers — such cooperation is governed by data processing agreements in accordance with Article 28 of the GDPR. The Re-cruiter Group cooperates exclusively with partners that guarantee a high level of data protection and compliance with applicable legal regulations.

At the same time, it should be noted that no IT system is entirely risk-free. For this reason, the Re-cruiter Group has developed and implemented incident response procedures for personal data breaches. These procedures include, among others: risk identification and assessment, mitigation of the breach’s consequences, documentation of the incident, and, where required, notification of the competent supervisory authority and affected data subjects.

In the event of a breach likely to result in a high risk to the rights or freedoms of natural persons, remedial actions shall be taken without undue delay, in full compliance with the obligations under the GDPR and other applicable legal provisions.

7. Rights of Data Subjects

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), every individual whose personal data is processed by the Re-cruiter Group (including Re-cruiter Sp. z o.o. and affiliated entities) is entitled – under specific conditions – to exercise the following rights related to the processing of their personal data:
1. Right to Information
You have the right to receive clear, transparent, and easily accessible information regarding the processing of your personal data – in particular the purpose, legal basis, retention period, and your rights. This information is provided throughout this Privacy Policy.
2. Right of Access
You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access such data and relevant information concerning the purpose of processing, data categories, data sources (if not collected directly from you), recipients, and the planned retention period. You also have the right to obtain a copy of the data undergoing processing.
3. Right to Rectification
If your personal data is inaccurate, incomplete, or outdated, you have the right to request its prompt rectification or completion.
4. Right to Erasure (“Right to Be Forgotten”)
You have the right to request the erasure of your personal data, in particular where:
– the data is no longer necessary for the purposes for which it was collected,
– you have withdrawn your consent and there is no other legal basis for the processing,
– the processing is unlawful,
– or you have successfully objected to the processing.
Please note that, in some cases, legal obligations may require us to continue processing certain data (e.g. for tax or employment law purposes).
5. Right to Restriction of Processing
You have the right to request restriction of processing in the cases provided for in Article 18 of the GDPR, including:
– when you contest the accuracy of the data,
– when processing is unlawful and you oppose the erasure,
– when the data is no longer needed by the controller, but you require it for legal claims,
– or when you have objected to processing and verification is pending.
During the restriction period, your data may be stored but not otherwise processed.
6. Right to Data Portability
Where the processing is based on your consent or a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and, if technically feasible, to have it transmitted directly to another controller.
7. Right to Object
You have the right to object, at any time, to the processing of your personal data based on our legitimate interest, including profiling. In such cases, we will cease the processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or where the processing is necessary for the establishment, exercise, or defence of legal claims.
Where the data is processed for direct marketing purposes, your objection will result in the immediate cessation of such processing.
8. Right to Withdraw Consent
If the processing of your personal data is based on consent, you may withdraw it at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out before its withdrawal.
9. Right Not to Be Subject to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or significantly affects you. This does not apply if:
a) the decision is necessary for entering into or performing a contract, b) you have given your explicit consent,
c) such processing is authorised by applicable law, provided that appropriate safeguards are in place to protect your rights, freedoms, and legitimate interests.

8. Exercising Your Data Subject Rights

1. To exercise any of the rights listed in Section 8 of this Privacy Policy, you may contact us using one of the following channels:
• Email: kontakt@re-cruiter.pl
• Postal address: Re-cruiter Sp. z o.o., ul. Bracka 3/1A, 00-501 Warsaw, Poland
2. To ensure the security and protection of your personal data, we may ask you to verify your identity before fulfilling your request – in order to confirm that the request originates from the correct individual.
3. If we are unable to fulfil your request – particularly due to legal obligations (e.g. related to archiving, tax regulations, recordkeeping, or defense of legal claims) – you will be informed of the reasons for refusal as well as the available legal remedies.
4. We will respond to your request without undue delay, and at the latest within 30 days from the date of receipt. If, due to the complexity of the request or the number of requests, an extension of this period is required, we will inform you within 30 days, providing the reason for the delay and the anticipated response timeframe – in accordance with Article 12(3) of the GDPR.

9. Right to Lodge a Complaint with a Supervisory Authority

1. If you believe that the processing of your personal data by the Re-cruiter Group – including Re-cruiter Sp. z o.o. or other affiliated entities operating within the same organizational and capital structure – violates applicable data protection laws, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), you have the right to lodge a complaint with the competent supervisory
authority.
2. In Poland, the supervisory authority responsible for personal data protection is:
President of the Personal Data Protection Office (PUODO)
ul. Stawki 2, 00-193 Warsaw, Poland
Website: https://uodo.gov.pl

10. Updates to the Privacy Policy

1. The Privacy Policy of the Re-cruiter Group may be updated from time to time, particularly in response to changes in legal regulations, modifications in the way personal data is processed, or developments in services and technological tools.
2. Each new version will be published on our website along with the effective date. We recommend reviewing the Privacy Policy regularly to stay informed about the current rules for data processing.
3. In the event of changes that significantly affect your rights or the scope of processing, we will notify you in a clear manner – for example, via email or a notice on our website.

11. Protection of Website Visitors’ Data

1. When you use our website, we may collect technical data related to the device you are using, the type of browser, and your activity on the site. This is done through cookies and similar technologies.
2. Cookies are small text files stored on the user’s device when visiting the website. They allow, among other things, remembering user settings (e.g. language preferences), facilitating navigation, recognizing returning users, analyzing traffic, and optimizing website content.
3. The use of cookies complies with applicable legal regulations. Users can manage cookies themselves through their browser settings – including limiting or blocking their operation. However, please note that restricting the use of cookies may affect the functionality of the website.

12. Scope of Data Collected During Website Use

1. While using the Re-cruiter Group website, technical data about your device and your interaction with the service may be automatically recorded.
2. In particular, the following information may be collected:
● the IP address assigned to your device,
● details identifying your internet service provider,
● device type and model, screen resolution,
● version of the operating system and web browser,
● browser interface language,
● approximate geographical location (e.g. country, region),
● date and time of access to the website,
● referring page URL (referrer),
● pages and sections visited on the website,
● time spent on the site,
● clicks on links, buttons, and other interactive elements,
● information about files downloaded or uploaded by the user.
1. This data is used for the following purposes:
● analytical and statistical – e.g. analyzing website traffic and user behavior,
● technical – ensuring website compatibility with devices and browsers,
● optimization – improving the website’s speed and performance,
● functional – remembering user preferences and settings.
1. This information is collected automatically through cookies and similar technologies, in accordance with applicable legal regulations.
2. If you contact us via the forms available on the website, we may also collect identifying and contact information necessary to process your inquiry (e.g. name, email address, phone number).
3. Due to the Re-cruiter Group’s presence on social media platforms (such as Facebook, Instagram, LinkedIn, X, or TikTok), users’ personal data may also be processed by the operators of these platforms – in accordance with the policies established by their administrators. We recommend reviewing the privacy policies of those platforms, as the data processed there is governed by their own rules, which may differ from those applicable within the Re-cruiter Group.
13. Purposes and Legal Bases for Processing Personal Data Personal data is processed in accordance with applicable legal provisions, in particular Article 6 of Regulation (EU) 2016/679 (GDPR), solely for clearly defined purposes and on appropriate legal bases. This applies to both the data controller and entities affiliated by capital or organizational ties.
1. Website management and technical infrastructure
Purpose: Ensuring the proper functioning of the website and the systems supporting its operation.
Legal basis:
✓ the controller’s legitimate interest (Article 6(1)(f) GDPR)
✓ consent – where required by local regulations or browser settings
2. Statistical analysis and content optimization
Purpose: Improving the structure and functionality of the website, as well as enhancing accessibility and user experience.
Legal basis:
✓ the controller’s legitimate interest
✓ consent – where required by applicable law
3. Delivery of requested materials and direct marketing
Purpose: Sending commercial or industry-related information (e.g., newsletters, reports, alerts) only upon the user’s prior consent.
Legal basis:
✓ the user’s consent (Article 6(1)(a) GDPR)
✓ the right to withdraw consent at any time
4. Handling inquiries and communication with users
Purpose: Responding to inquiries and maintaining communication with candidates, contractors, and clients.
Legal basis:
✓ the controller’s legitimate interest
✓ consent – where applicable depending on the nature of the inquiry
5. Compliance with legal obligations and protection of interests
Purpose: Fulfilling obligations under the law, cooperating with public authorities, and asserting or defending legal claims.
Legal basis:
✓ legal obligation (Article 6(1)(c) GDPR)
✓ the controller’s legitimate interest (Article 6(1)(f) GDPR)
14. Personal Data of Employees and Associates
1. In connection with the performance of work by individuals employed or cooperating with the Re-cruiter Group (i.e. Re-cruiter Sp. z o.o. and affiliated companies), the personal data of such individuals is processed solely to the extent necessary to:
● establish an employment or cooperation relationship,
● ensure the proper performance of contractual or professional duties,
● carry out HR, payroll, and tax-related settlements,
● fulfil archiving obligations following the end of employment or cooperation
1. Data processing is carried out in accordance with applicable laws, including the Labour Code, the Act on the Employment of Temporary Workers, tax and social security regulations, and the GDPR.
2. The scope of processed data may include, among others:
● Identification and contact details – name, surname, address, email, phone number, citizenship, date of birth, gender, language skills;
● Professional information – job title, workplace, organizational structure, business email, type of employment;
● Financial data – bank account number, bank name, tax ID, information necessary for settlements;
● Remuneration and benefits – salary amounts, payment frequency, bonuses, benefits;
● Performance evaluations – periodic results, internal reports, supervisor feedback;
● Disciplinary matters – if any such proceedings have occurred;
● Complaints or whistleblower reports;
● Official identification numbers – PESEL (Polish national ID number), tax ID, identity documents;
● Recruitment data – CVs, cover letters, interview notes, photos, assessments, references;
● Business travel information – costs, accommodation, booking system data;
● Voluntarily provided data – e.g., via email, phone, or helpdesk;
● Company vehicle data – license plate, usage costs, vehicle assignment;
● Visual materials – photos/videos from company events (if participation was voluntary);
● Trade union membership – only if provided voluntarily or required by law;
● Data of close relatives – name, relationship, contact details (e.g., for emergency or social purposes);
● Internal identifiers – employee number, access card, entry/exit logs;
● CCTV recordings – to the extent justified by safety and security purposes;
● Internal survey results – whether anonymous or identifiable;
● Usage of company systems – logs, email, browser, applications;
● Office visitor data – name, ID document, vehicle number;
● Health data – only to the extent required by law (e.g., sick leave, health & safety, workplace accidents);
● Compliance-related data – e.g., sanctions screening, PEP status (politically exposed person).

1. In connection with the use of electronic systems and websites belonging to the Re-cruiter Group, technical data may be collected automatically using cookies and similar technologies. This includes, for example, information about the device, browser, IP address, interactions with the website, and time spent on the site. Users can manage their cookie settings in their browser. Cookies are used in accordance
with applicable law, particularly for technical, analytical, functional, and optimization purposes.

Why Do We Need Your Personal Data?
The personal data of individuals performing temporary work is processed by the Re-cruiter Group (including Re-cruiter Sp. z o.o. and affiliated companies) for the purpose of fulfilling HR, administrative, and organizational obligations in accordance with labor law and applicable contracts.

The main purposes and legal bases for data processing include:
● Performance of an employment or civil law contract – including employee documentation, contact, working time records, and salary payments.
● Fulfillment of legal obligations – arising from regulations on temporary employment, labor law, tax, and social security regulations.
● HR process management – such as employee benefits, absences, payroll, training support, and professional development.
● Ensuring occupational health and safety compliance – including risk management and incident response in the workplace.
● Fulfilling reporting and audit obligations – both internal and those required by authorized external bodies.
● Pursuing the legitimate interest of the controller – including monitoring compliance with internal policies, organizational analysis, infrastructure security, fleet management, IT systems and communication support.
● Crisis and incident management – such as evacuations, health threats, and cybersecurity.
● Fulfilling obligations toward clients – in relation to services provided to entities using temporary staffing.
● Handling disputes and legal proceedings – including fraud prevention, protecting the company’s interests, and conducting internal investigations.
● Participation in recruitment projects and team-building initiatives – based on consent or the controller’s legitimate interest.

Terms of Service and Privacy Policy

The controller of your personal data is Re-cruiter Sp. z o.o., with its registered office at ul. Bracka 3/1A, 00-501 Warsaw, Poland, entered in the Register of Entrepreneurs maintained by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS number 0000773344, NIP (Tax ID) 7010908839, REGON 382632617, hereinafter referred to as the “Controller” or the “Company.”

Your personal data is processed in connection with the provision of our services in the field of human resources management, including recruitment, candidate selection, HR consulting, temporary employment, employee secondment, payroll and personnel administration, training, coaching, career planning, and broadly understood HR support (hereinafter: the “Services”).

Re-cruiter consistently implements innovative solutions to support candidates’ professional development and ensure the effective execution of recruitment processes. Our goal is to deliver transparent, professional, and tailored solutions – both in the domestic and international markets.

What Personal Data Do We Collect?
Depending on the nature of your cooperation with us and the services you use, we may process various categories of personal data. This applies in particular to candidates applying for job offers or participating in recruitment projects conducted by the Re-cruiter Group or its affiliated companies.

The data we may collect includes:
● Identification and contact details: first and last name, residential address, email address, phone number, citizenship, date of birth, gender;
● Data from application documents: information about your education, professional experience, previous job positions, skills, knowledge of foreign languages, and any data included in your CV, cover letter, or provided during interviews (including recruiter notes);
● Compensation and benefits information: current or expected salary, bonus components, employee benefits;
● Image data: photos or recordings from recruitment meetings, company events, or video conferences;
● Security-related identification data: in case of a visit to our office, we may register data such as your name, phone number, vehicle registration number, or ID document number – to ensure the physical security of our facilities;
● Health data (only in cases permitted by law): may be processed strictly when necessary to ensure sanitary safety or fulfill employer obligations under labor law (e.g. in relation to epidemic threats);
● Additional data you voluntarily provide: e.g. through email communication, phone calls, messaging apps, or other forms of contact with our team.

This data may originate directly from you or – in certain cases – be obtained from other sources, such as a third-party referrer, recruitment portal, partner agency, or outsourcing arrangement. If the data is not collected directly from you, we will inform you within 30 days of acquisition, including the source and purpose of processing – unless doing so would be disproportionately difficult or impossible.

What Personal Data Do We Process?
Depending on the type of services provided and the nature of the relationship, the Re-cruiter Group may collect and process various categories of personal data. This applies primarily to candidates applying for jobs or participating in recruitment projects carried out by the Company or on behalf of its business partners.

The scope of processed data may include, among others:
● Identification and contact details – such as: first and last name, residential address, email address, phone number, citizenship, date of birth, gender;
● Information included in application documents – including data on education, professional experience, employment history, qualifications, language skills, and any information provided in CVs, forms, cover letters, and during interviews;
● Compensation and benefits-related information – e.g. salary level, salary expectations, bonuses, or additional benefits;
● Image data – photos or video recordings taken during meetings, recruitment events, or video conferences;
● Access control data – such as data provided upon entering the office: name, phone number, vehicle registration number, or identity document details;
● Health data – only in cases provided for by law, e.g. related to occupational medicine or sanitary safety;
● Additional information provided voluntarily – for example, via email correspondence, phone calls, or meetings with Company representatives. Purpose and Legal Basis for Data Processing Your data is processed in accordance with Article 6(1)(a), (b), (c), and (f) of the GDPR and serves, among others, the following purposes:
● Provision of recruitment services – enabling contact with the candidate, selecting and presenting employment offers, conducting the recruitment process, and offering career advice. Data processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract.
● Referral for preventive and occupational health examinations – to comply with obligations arising from labor law.
● Improvement of internal processes and development of IT tools – data may be used for testing, training, and updating systems supporting the Company’s operations, applying appropriate anonymization mechanisms.
● Preventive measures and dispute handling – including safeguarding against potential claims and defending the Company’s legal interests.
● Compliance with legal obligations – e.g., labor law, tax regulations, or employment equality and diversity principles.
● Organization of events and meetings – such as workshops, trainings, or one-on-one consultations, based on your consent.
● Collection of feedback from candidates and clients – to measure satisfaction and improve service quality (based on the Company’s legitimate interest).
● Infrastructure and security management – including access control, monitoring, and preventive actions.
● Execution of corporate processes – such as restructurings, ownership changes, or mergers.

Additional Data Processing
In connection with the provision of services, your data may also be processed if you are employed by a business partner of the Re-cruiter Group, for example, in the context of commercial relations, quotations, or cooperation support.

What Personal Data Do We Process?
Depending on the type of cooperation and the nature of the services provided, the Re-cruiter Group may process various categories of personal data, including:
● Identification and contact details – such as name, email address, phone number (landline and mobile), gender, electronic signature, and languages you speak;
● Professional information – including job title, department, place of work, and other work-related details;
● Visual materials – photographs and video recordings from events, conferences, company meetings, or training sessions in which you participate;
● Survey information – responses provided in satisfaction or opinion surveys;
● Data recorded during visits to Company premises – including name, contact details, vehicle registration number, and identity document data; in justified cases, e.g., epidemiological threats, health data (e.g., symptoms) may also be collected;
● Voluntarily provided data – any additional information you choose to share with us, e.g., via email correspondence or during conversations;
● Compliance-related data – verification of whether a person holds a political function or appears on sanction lists, in accordance with applicable regulations.

For What Purposes Do We Process Personal Data?
Personal data may be processed for the following purposes:
● Contractual relationship management – including administration of relationships with clients and suppliers.
Legal basis: Necessity for the performance of a contract or to take steps prior to entering into a contract.
● Marketing activities and business development – such as sending commercial communications and maintaining relationships with current and prospective business partners.

Legal basis: Data subject’s consent or the controller’s legitimate interest.
● Security and infrastructure management – including access monitoring and the protection of company resources and personnel.

Legal basis: The controller’s legitimate interest.
● Occupational health and safety (OHS) – ensuring safe working conditions and protecting health.
Legal basis: Legal obligation, legitimate interest, or protection of vital interests.
● Mergers, acquisitions, and other corporate actions – analyzing and processing data in connection with organizational restructuring.
Legal basis: The controller’s legitimate interest.
● Organization of company and industry events – planning and execution of events aimed at building business relationships.
Legal basis: The controller’s legitimate interest.
● Fraud prevention and claims management – detecting irregularities and conducting internal investigations.
Legal basis: Legal obligation and/or the controller’s legitimate interest.
● Technical support and IT system security – ensuring the protection of data and IT infrastructure.
Legal basis: The controller’s legitimate interest.
● Surveys and quality assessments – gathering feedback to improve service standards.
Legal basis: The controller’s legitimate interest.
● Handling of incident reports and disputes – reviewing complaints, conducting investigations, and pursuing claims.
Legal basis: The controller’s legitimate interest.
● Compliance with applicable laws – such as document archiving and retention of accounting and tax records.
Legal basis: Legal obligation.
● Monitoring compliance with internal policies – overseeing adherence to company rules and procedures.
Legal basis: The controller’s legitimate interest.
● Auditing and reporting – performing internal and external audits and preparing necessary reports.
Legal basis: Legal obligation and/or the controller’s legitimate interest.
Personal Data Retention Period
We retain personal data only for as long as necessary to fulfill the purposes for which the data was collected, in accordance with applicable legal regulations. The specific retention periods depend on the nature of the relationship and the legal basis for processing:
● Candidate data – up to 24 months from the last contact, application, or interaction, provided that consent to the Privacy Policy has been given. For marketing purposes, data is retained until the consent is withdrawn.
● Data related to commercial relationships and contracts – for the duration of the cooperation, and thereafter for the period required by law (e.g. tax, accounting, and archiving regulations).
● Employment-related data:
● up to 50 years – for employment agreements concluded before January 1, 2019,
● up to 10 years – for employment started from January 1, 2019 onward,
● at least 5 years – for civil law contracts (e.g. mandate agreements, B2B collaborations).
Data may be retained for a longer period if it is necessary to:
● comply with legal obligations,
● establish, exercise, or defend against legal claims (e.g. in connection with ongoing legal proceedings),
● fulfill regulatory or audit requirements.
After the applicable retention periods expire, the data is either securely deleted or permanently anonymized.