Personal data protection and cookie policy

(Reliability Solutions sp. z o.o. – hereinafter referred to as the “Company”)

Table of contents:

1. General information

1.1 What is GDPR?

1.2 What is personal data?

1.3 Special categories of data (sensitive data)

1.4 Who is a personal data controller?

1.5 What are the rights to the processing of personal data?

1.6 Right of objection

1.7 Consent

1.8 Who has access to personal data?

1.9 Contact for rights enforcement.

1.10. Changes in this privacy policy

1.11. External links

2. Individual purposes of data processing within selected data processing processes

2.1. Contact form (https://reliasol.ai/contact/)and telephone enquiry

2.2. Information for candidates for employment in the Company.

2.3 Site traffic data and information on cookies

2.4 Information on data processing in connection with the conclusion and performance of B2B contracts (service offering and performance of contracts)

1. General information

1.1 What is GDPR?

In accordance with the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as GDPR from 25 May 2018, we would like to provide you with some important information on how we process your personal data and what rights you have with regard to the processing thereof.

1.2 What is personal data?

Personal data means any information about an identified or identifiable natural person (“data subject”). This will therefore include information such as name, surname, address, date of birth, telephone number or e-mail address (the list is not closed).

1.3 Special categories of data (sensitive data)

Personal data being:

– personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and the processing of genetic data, biometric data to identify unambiguously a natural person or data concerning his or her health, sexuality or sexual orientation are so-called sensitive personal data.

1.4 Who is a personal data controller?

A personal data controller is an entity which independently or jointly with others determines the purposes and methods of personal data processing – i.e. decides how your personal data are processed and is responsible for their processing in accordance with the law.

The administrator of the categories of personal data presented below is the company:

Reliability Solutions Sp. z o.o., 57 Królewska Street, NIP: 945-21-79-373 -> hereinafter referred to as “Company” or “Data Administrator”. (mailing address: 57 Królewska Street, 30-084 Kraków). If the controller is a company affiliated with the Administrator, such information will be provided separately.

1.5 What are the rights to the processing of personal data?

You have the right of access to data, including the right to obtain a copy of the data, the right to data portability, the right to rectify and erase data, the right to restriction of processing and the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects or significantly affects it in a similar manner (see more: www.uodo.gov.pl). We also encourage you to read the leaflet on your rights available at https://www.gov.pl/cyfryzacja/rodo-informator. The effectiveness of submitted requests will be assessed by the Administrator through the prism of applicable regulations. For example, despite the request to delete the data, in accordance with GDPR, the controller may further process the data to the extent that processing is necessary to determine, claim or defend claims (for the time necessary to achieve these purposes).

You are also entitled to lodge a complaint to the supervisory authority (President of the Office for Personal Data Protection) -> see www.uodo.gov.pl.

1.6 Right of objection

Remember that whenever personal data will be processed on the basis of art. 6 act. 1 letter f) of GDPR (see below), i.e. in the case of the Administrator’s justified interest, you may at any time object – for reasons related to the specific situation – to the processing of personal data. After lodging an objection, the controller will no longer be able to process personal data, unless it proves the existence of valid legal basis for processing, overriding the interests, rights and freedoms of the data subject or basis for determining, claiming or defending claims.

You may object as indicated below (in the section on how to contact us).

1.7 Consent

GDPR provides for a number of legal bases for the processing of personal data. One of them is consent. If the processing of personal data on the basis of consent would take place, you can withdraw your consent at any time (e.g. by sending a request to the address below): Reliability Solutions Sp. z o.o., 57 Królewska Street, 30-081 Kraków). Withdrawal of consent does not affect the lawfulness of the processing, which was carried out on the basis of consent before its withdrawal. Consent can only be given by an adult with full legal competence. Consent is always voluntary. After withdrawal of consent, personal data will no longer be processed and will be deleted or anonymised with the exclusion of the scope necessary to document the proper performance of obligations related to data processing (including proper documentation of withdrawal of consent) for the purposes of protecting against GDPR claims (art. 6 act. 1 letter f), so-called legitimate interest of the data controller) and to perform obligations arising from GDPR (among others, accountability of art. 6 act 1 letter c) in connection with art. 5 act 2 of GDPR). In case of withdrawal of consent, the data will be processed up to a maximum period of limitation of potential related claims.

1.8 Who has access to personal data?

Your personal data will only be accessed by authorised employees acting on instructions. The data may also be disclosed to IT service providers supporting the implementation of the data controller’s objectives listed below (after concluding the relevant entrustment agreements). Details below.

If data will or may be transferred outside the European Economic Area (EEA), you will find this information below.

1.9 How can you notify us of your wish to enforce your rights or other data protection issues?

In all matters related to the protection of personal data (including the objection or withdrawal of consent and in connection with the observed violation of data protection regulations or the enforcement of your other rights) you can contact us by e-mail: office@reliasol.ai or

at the correspondence address: Reliability Solutions Sp. z o.o., 57 Królewska Street, 30-081 Kraków.

In response to your request, you may be asked to provide data necessary to identify your personal data (e.g. to find this information) or to verify your identity. In this case, only personal data will be processed to the extent necessary to document the proper performance of obligations related to data processing (including proper documentation of withdrawal of consent) for the purposes of protection against GDPR claims (art. 6 act. 1 letter f), the so-called legitimate interest of the Data Controller) and in order to perform obligations arising from the GDPR ( among others, accountability of art. 6 sec. 1 letter c) of GDPR). For these purposes, the data will be processed up to a maximum period of limitation of potential claims in this regard.

1.10. Changes in this privacy policy

We reserve the right to change the privacy policy of http://reliasol.ai, which may be influenced by the development of Internet technology, possible changes in the law on the protection of personal data. We will inform you about any changes in a visible and understandable way.

1.11. External links

Links to other websites may appear on the http://reliasol.ai website. Such websites operate independently of the service and are not supervised in any way by the service http://reliasol.ai. These websites may have their own privacy policies and regulations, which we recommend that you read.

In case of any doubts as to any of the provisions of this privacy policy we are at your disposal – our data can be found in the contact tab.

2. Individual purposes of data processing within selected data processing processes

The following is a list of purposes, legal basis and data processing periods, as well as information on the optional or mandatory provision of data, as part of the following data processing processes:

2.1 Contact form https://reliasol.ai/contact/ and telephone enquiry

2.2 Information for the candidates to work in the Company

2.3 Site traffic data and information on cookies

2.4 Information on data processing in connection with the conclusion and performance of B2B contracts

2.1. Contact form https://reliasol.ai/contact/ and telephone enquiry

Personal data will be processed for the following purposes:

  1. Answers to the question (via the contact form, e-mail address/phone number indicated for contact) and further correspondence in this regard (basis: art. 6 act. 1 letter f) GDPR -> the legitimate interest of the data controller;
  2. If further correspondence concerns the process of concluding or performing the contract, personal data will also be processed for this purpose (basis: art. 6 act. 1 letter b) GDPR in case of individuals – contracting parties or art. 6 act. 1 letter f) GDPR -> legitimate interest of the data controller, in case of persons delegated to perform the contract on behalf of a contracting party;
  3. Personal data collected in connection with correspondence may also be processed for the purpose of investigation or protection against GDPR claims (art. 6 act. 1 letter f), the so- called legitimate interest of the data controller).
  4. In order to direct marketing of the controller’s goods and services, if the circumstances of communication indicate that the data subject may expect marketing information – during theperiod of this legitimate expectation, which will be systematically assessed (basis of processing -> art. 6 act. 1 letter f) GDPR, i.e. the so-called legitimate interest of the data controller) (if, in accordance with special provisions, e.g. the Act on providing services electronically or telecommunications law, additional consent to marketing contact is required, the Company will obtain such consent).

Providing the data is optional but not unnecessary for the purposes mentioned above.

Personal data will be processed through the statute of limitations of potential claims related to the correspondence, in particular resulting from the process of concluding and performing the contract.

2.2. Information for candidates for employment in the Company

Attention!

In the case of recruitment conducted through the pracuj.pl job sites, the Company is not a controller of personal data processed in order to provide electronic services to its users by providers of such services. If the user of pracaj.pl website chooses the option “Sharing the profile”, personal data will be obtained by the Administrator from the service provider (i.e. Grupa Pracuj sp.z o.o.) within the scope specified within the indicated service and on the basis of the Regulations and the user’s consent.

For what purpose and on what basis will your data be processed?

General information

Below we present a list of purposes (i.e. reasons) for which data may be processed at the recruitment stage. Currently, the Polish Labour Law allows the employer to obtain the following categories of data at the stage of recruitment: first name (first names) and surname; first names ofparents; date of birth; place of residence (correspondence address); education; employment history to date. Within the scope of these data, processing takes place on the basis of the provisions of law (Labour Law).

If a specific provision (i.e. outside the Labour Law) provides the basis for data processing (e.g. in the scope of sensitive data), the employer will obtain them on the basis of this legal basis.

Where there is no legal basis in the Labour Law and special regulations – the provision of personal data by you may be based on your consent, with the restriction that the processing of personal data referred to in art. 9 act 1 and art. 10 of GDPR (i.e. sensitive data and data concerning convictions and violations of law or related security measures) is allowed only if it is necessary to fulfil the employer’s obligation imposed by law and therefore no consent will be collected in this respect.

If you send more data than it is expressly provided for by law (the scope of data listed above, i.e. the Labour Law and possible special provisions imposing an obligation on the employer to obtain other personal data), such behaviour will be treated as your consent to theprocessing of personal data for recruitment purposes. However, if you want your personal data to be used for future recruitment processes, you must give your explicit consent (e.g. checkbox on the recruitment form or pasting in a statement):

“I agree to the processing of my personal data provided within the recruitment process (including my CV) in order to be used in future recruitment processes conducted by Reliability Solutions sp. z o.o.”. I declare that I have been informed about the voluntariness of consent, the possibility and manner of its withdrawal at any time, as well as the consequences of withdrawal of consent”.

Consent (including the use of data for future recruitment) is always voluntary and you do not have to give it, especially if you think it would be unfavourable to you. If personal data would be processed on the basis of consent, the candidate may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent prior to its withdrawal. Lack of consent or withdrawal of consent shall never give rise to unfavourable treatment of the applicant for employment or worker and shall not have any negative consequences for them, in particular it shall not constitute a reason for refusing employment.

Purposes of the processing of data obtained at the stage of recruitment (detailed list)

Main objectives:

a) Recruitment for a specific post (including assessment of qualifications and selection of the candidate);

b) Use of personal data in future recruitment processes (other than ongoing recruitment or if not carried out at all – with permission);

Additional objectives:

c) Implementation of obligations related to keeping employee records – in the case of employment – to the extent that the obligation to process candidates’ data results from the provisions of the Regulation of the Minister of Labour and Social Affairs on the scope of keeping records by employers in matters related to the employment relationship and the manner of keeping personal files of the employee;

d)  Implementation of obligations resulting from the provisions on personal data protection (including the rights of candidates);

e)  Investigation, determination and protection against claims related to recruitment.

The list below indicates the legal basis for the processing of personal data obtained atthestage of recruitment within the above mentioned purposes and their retention [retention = maximum length of data processing – after this period personal data will not be used for a given purpose – attention! Within different purposes, the same categories of data may have different retention periods (storage)].

Re. a. Recruitment -> retention: 3 months from the date of submission of the CV or until the withdrawal of consent (for additional data) or until the moment of effective objection (when the processing of personal data will be based on art. 6 act. 1 letter f) GDPR), depending on what happened earlier -> basis:

  • With regard to the data indicated in the Labour Law: legal basis -> art. 6 act. 1 letter c) GDPR and Labour Law i.e. employer’s obligation / without the need to collect consent from the candidate.
  • With regard to the data indicated in the specific provisions: legal basis -> art. 6 act. 1 letter c) GDPR and these specific provisions, i.e. the employer’s obligation / without the need to collect consent from the candidate.
  • With regard to additional data made available by the candidate with his/her consent -> the basis is art. 6 act. 1 letter a) GDPR i.e. the candidate’s voluntary consent].
  • With regard to additional data on preferred remuneration -> the basis is art. 6 act. 1 letter f) GDPR, i.e. the legitimate interest of the Data Controller (the employer has a legitimate economic interest in -knowing the financial expectations of the candidate) / without the need to collect consent from the candidate.
  • With regard to personal data “generated” by the employer during the recruitment process, e.g. candidate assessment forms -> the basis is art. 6 act. 1 letter f) GDPR, i.e. the legitimate interest of the Data Controller (without this the selection of a suitable candidate may be difficult or even impossible) / without the need to collect consent from the candidate.

 

Re. b. Future recruitment -> retention: 24 months from the date of consent to the processing of data in future recruitment processes or until its withdrawal, whichever is the earlier -> basis: art. 6 act. 1 letter a) GDPR -> voluntary consent;

Re. c. Documentary obligations (in case of employment) -> retention: for the period of obligatory processing of data included in the employee documentation (personal files) -> basis: art. 6 act. 1 letter c) GDPR (data controller’s obligation under the law);

Re. d. Execution of obligations arising from GDPR, including within the scope of rights of persons whose data are processed -> retention: For this purpose, data may be processed only for the period of limitation of claims (including for the purpose of proving compliance with GDPR) -> basis: art. 6 act. 1 letter c) GDPR (data controller’s obligation arising from the law);

Re. e. Protection against claims relating to the stage of recruitment -> retention: For this purpose, data may be processed only for the period of limitation of claims or effective objection, depending on which event occurred earlier see below; art. 6 act. 1 letter f) GDPR (legitimate interest of the data controller -> without the protection against claims or their recovery would not be possible).

Providing personal data referred to in the Labour Law (e.g. name and surname, etc. mentioned above) and, if it concerns a given recruitment, data resulting from separate provisions – as well as information on preferred remuneration – is voluntary, but necessary to take part in the recruitment process. Giving other data and expressing consent, as referred to above, is voluntary and does not affect the possibility of participation in the recruitment process (it will not be the basis for unfavourable treatment of the candidate and will not constitute a reason justifying the refusal to employ).

In case of doubts as to what the withdrawal of consent concerns (additional data, future recruitment), you may be asked to clarify the request.

In case of recruitment, the Administrator uses recruitment companies on the basis of the relevant contracts of entrustment.

2.3 Site traffic data and information on cookies

The Company may process the following data characterizing the manner of use by visitors to the website (so-called exploitation data):

1. the ID number assigned to the person viewing the website,
2. designations identifying the termination of the telecommunications network (e.g. the IP address of the device on which the page is displayed),
3.information and communication.system(type of device,operating,Internetbrowser)used by the Internet user,
4. information on the start, end and scope of each use of the website (e.g. the following

information may be collected: the number of bytes sent by the server, the address of the website from which the visitor has accessed http://reliasol.ai via a link to http://reliasol.ai (HTTP referrer).

The operating data indicated above are not combined with information such as name, e-mail address and other data enabling easy identification of the visitor to the website. Processing is also not used to profile visitors to the website. The processing of this information may or may not be associated with the installation of cookies or similar technologies on the terminal equipment used to display it (for this purpose see information below). If cookies are used, exploitation data may include the information described below – obtained through these files.

The above mentioned exploitation data may constitute personal data within the meaning of the GDPR (General Data Protection Regulation 2016/679) -> if the above information is classified as personal data, we inform you that the Administrator of personal data is the Company (see above for contact details).

Processing of the above categories of data is necessary to maintain the website and take care of its quality, i.e. the purposes resulting from the legitimate interests of the data controller (art. 6 act. 1 letter f) GDPR). -> it is therefore relevant and necessary:

  • research on Internet users’ preferences and the use of the results of this research to improve the quality of the website;
  • occasionally, log files may be analysed to determine: which browsers are used by visitors; which bookmarks, pages or subpages are the most or least frequently visited or viewed; and whether the structure of the page contains no errors;
  • preventing unauthorised access to the website and the distribution of malicious codes, stopping ‘denied service’ attacks, and preventing damage to computer and electronic communication systems.

Based on the above information, statistics may be compiled, but they will not contain any information identifying or identifying a visitor to the website http://reliasol.ai Due to the very difficult identification of a person using the website, it will not be possible to execute the rights indicated in Articles 15-20 of GDPR, unless the data subject, in order to exercise the rights under these articles, provides additional information allowing to identify the data subject.

The data controller may entrust personal data, e.g. to IT service providers or to forward correspondence between authorised staff of the controller. You have the right to access the data, including obtaining a copy of the data, the right to transfer the data, the right to correct and delete the data, the right to limit the processing. You also have the right to object (where processing is based on art. 6 act. 1 letter f GDPR). You have the right to lodge a complaint with the supervisory authority (the President of the Office for the Protection of Personal Data). Personal data will be deleted or anonymised after the expiry of the statute of limitations of potential claims related to the use of the website (no later than 2 years from the date of recording), or earlier if you make an effective objection. Providing the data is voluntary but not unnecessary for the purposes mentioned above.

Cookies mechanism

Through cookies, the website may store or gain access to information already stored in the device used to display it – only to the extent necessary to display it. Cookies or similar technologies are not used to collect information about people visiting the website. They are also not used to track their navigation. Cookies used at http://reliasol.pl are not used to store personal data or other information collected from website visitors.

Through cookies, the website may store or gain access to information already stored in the device used to display it:

  • for the purpose necessary only to the extent required for its display. For this purpose, session cookies may be used, the installation of which is aimed at correct display of the page and only until the end of the browser session (i.e. for the time in which the page is displayed by the browser).
  • with the consent of the website visitor, so-called third party (partner) cookies may be installed, i.e. Google Analytics for the purpose of evaluating the preferences of Internet users for the purpose of improving the quality of the website; the following data may be collectedand analysed: number of users and sessions; duration of sessions; operating systems; device models; geographic data; first launch; application openings; application updates; purchases in the application -> more information: https://support.google.com/analytics/answer/6318039?hl=en. On this basis, the following statistical reports are created or can be created: https://support.google.com/analytics/answer/2799357?hl=en

The Google Analytics tool does not collect information such as name, surname and e-mail address from the operator of this website. It is not combined with other information for the purpose of identifying the visitor.

The installation of cookies can be disabled or restricted at the browser level.

How do I disable cookies?

o Firefox
o Chrome
o Internet Explorer o IOS Safari
o Safari

If you have any questions or problems with cookies, please contact the administrator of the website at: office@relia-sol.pl

In case of any doubts as to any of the provisions of this privacy policy we are at your disposal – our data can be found in the “contact” tab. (http://reliasol.pl/kontakt/).

2.4 Information on data processing in connection with the conclusion and performance of B2B contracts (service offering and performance of contracts)

Personal data (if it is processed within the scope of contracts signed with contractors/clients): the contractor/client, i.e. the party to the contract, as well as its representatives and other persons executing the contract, e.g.: employees or co-workers of the contractor/client, are processed in order to sign and execute the contract [basis for processing personal data of a private person who is a party to the contract -> art. 6 act. 1 letter b) GDPR /// basis for processing data of other private persons executing the contract on behalf of the contractor/client -> art. 6 act. 1 letter f) GDPR i.e. the so-called legitimate interest of the data controller].

Personal data may also be processed for the purpose of claiming, determining or protecting against claims related to the execution of an contract signed by the Company as well as for the purpose of direct marketing of the Company’s goods or services during the term of the contract and also after the termination of the contract, if the circumstances of its execution indicate that the data subject may expect marketing information – for the period of this legitimate expectation, but not longer than the statute of limitations of claims under the performed contract (processing basis -> art. 6 act. 1 letter f) GDPR i.e. the so-called legitimate interest of the data controller – if, in accordance with special regulations, e.g. the Act on rendering services by electronic means or telecommunication law, additional consent to marketing contact is required, the Company will obtain such consent). Personal data may also be used in order to fulfil legal obligations, including public-law obligations, as well as in order to exercise rights indicated in GDPR (art. 6 act. 1 letter c) GDPR).

In order to sign and execute the contract, including the presentation of the offer, personal data may be obtained from CEIDG and KRS (within the scope indicated there – basis: art. 6 act. 1 letter b) GDPR in case of private persons other than a party to the contract and also in order to present the offer at the initiative of the Data Controller).

In order to present an offer based on art. 6 act. 1 letter c) GDPR, personal data may be obtained at events, conferences, a potential business partner’s website, sources generally available and verified in terms of reliability), following an assessment of relations between purposes for which the personal data were collected (only business contacts will be used) and the intended further processing (commercial information); the context in which the personal data were collected (business contacts collected at events, conferences, potential contractor’s website, publicly available sources), in particular the relationship between data subjects and the data controller; the nature of the personal data (regular business contacts only); the possible consequences of the intended further processing for the data subjects; use of proper security, including encryption or pseudonymisation.

Whenever data are collected other than directly from the data subject, the Data Controller (at the latest at the first contact – unless the legislation requires information to be provided earlier), in addition to the other information indicated in Article 14 of GDPR, shall inform about the source of the data and the extent to which it was obtained from the source of such collection.

The data shall not be made available to anyone, unless it is necessary for the execution of an contract (based on art. 6 act. 1 letter c) or f) GDPR e.g. making the data available to other companies cooperating with the Data Administrator when executing a contract to which the contractor/client is party) about which the person whose data are processed will be informed separately or it will result from the regulations of law. The Company may disclose (after verifying the legal basis for disclosure) the above mentioned categories of personal data, e.g. to providers of IT services or accountants, legal advisors or forward correspondence between authorized employees of the Company.

Personal data will be deleted or anonymised at the latest after the expiry of the statute of limitations of potential claims related to the execution of the contract (including public-law liabilities), in particular claims resulting from the process of signing and execution of this contract, public-law obligations. Personal data may be deleted or made anonymous earlier if there is an effective objection or if consent is withdrawn (if it is obtained). In particular, the controller will verify whether there is still a basis for processing the data obtained for the purpose of the presentation of the offer, if no contract is signed.

Providing the data is voluntary but not unnecessary for the purposes mentioned above. In case of fulfilling public-law obligations, providing data may be obligatory.

Considering that the Company may receive personal data both directly – in the case oftheContractor’s data, and indirectly – in the case of employees or associates of the Contractor/client (processed for the purposes referred to above), the Contractor/client should inform the persons whose data are provided to the Company about the fact, basis and scope of making the data available.

The contractor/client may provide the Company with personal data of its employees/co-workers only on the legal basis of providing the data. If this premise is not the consent (but e.g. justified interest of the data controller), the contractor/client shall analyse with due diligence the existence of a legal basis for data processing.