Terms
Privacy and cookies policy
§1 General provisions
1. The privacy policy concerns the processing and protection of personal data of Users in connection with their use of it.next.pl, hereinafter called “the Portal”, including its webpages, administered by FlexDev sp. z o.o. sp.k. with its registered office in Poznań, ul. Baraniaka 6, 61-131 Poznań, entered in the Business Register of the National Court Register under number KRS 0000759865, whose registration documents are maintained by the District Court for Poznań – Nowe Miasto i Wilda in Poznań, 8th Business Department of the National Court Register, hereinafter called “FlexDev”.
2. The privacy policy contains the principles for collecting and using the Users’ data applied by the Portal. Moreover, the Policy regulates the processing of personal data by FlexDev sp. z o.o. sp.k.
3. The overall objective of FlexDev sp. z o.o. sp. k. is to guarantee the safety of personal data at the level required by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter called “GDPR”).
§2 The principles for collecting personal data
1. Your personal data:
a. will be processed in a lawful, fair and transparent manner in respect of the natural person concerned (“lawful, fair and transparent processing),
b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”),
c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”),
d. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”),
e. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”),
f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
§3 Information on personal data processing
Recruitment through the website
1. The controller of your personal data is FlexDev sp. z o.o. sp.k. with its registered office in Poznań, ul. Baraniaka 6, 61–131 Poznań, entered in the Business Register of the National Court Register under number KRS 0000759865, whose registration documents are maintained by the District Court for Poznań – Nowe Miasto i Wilda in Poznań, 8th Business Department of the National Court Register.
2. In matters relating to personal data processing you may contact the Data Protection Officer appointed by the Controller at the following email address: iod@flexdevgroup.com or by calling the telephone number +48 570 996 993.
3. Your personal data to the extent specified in the provisions of the labour law (including Article 22(1) of the Labour Code, i.e. name(s) and surname, date of birth, contact details, educational background, professional qualifications, employment history) will be processed for the purpose of conducting the present recruitment proceedings (Article 6(1)(b) of the GDPR) (the said extent arises from the provisions of the labour law for persons applying for employment on the basis of an employment contract – Article 22(1) of the Labour Code), whereas other data, including contact details, will be processed on the basis of your consent (Article 6(1)(a) of the GDPR), which may be withdrawn at any time.
4. The Controller will process your personal data also during subsequent recruitments if you give your consent to this (Article 6(1)(a) of the GDPR), which may be withdrawn at any time.
5. If documents contain the data referred to in Article 9(1) of the GDPR (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data, data concerning health, sex life or sexual orientation), your consent to processing them will be necessary (Article 9(2)(a) of the GDPR), which may be withdrawn at any time.
6. Your personal data will be processed by the authorized employees and collaborators of the Controller. Personal data will also be processed by the entities cooperating with the Controller, including entities providing IT services, making available information systems, and rendering hosting services. Moreover, the company on whose project prospective employees/collaborators will be working, i.e. Next Holdings Limited, Desford Road, Enderby, LE19 4AT Leicester, will be the recipient of data.
7. Your personal data will not be transferred to third countries within the meaning of the GDPR.
8. Your data collected during the present recruitment process will be stored up until the end of the recruitment process. If you give your consent to personal data being used for the purposes of future recruitments, your data will be used for a period of 12 months.
9. If data are processed on the basis of your consent, you have the right to withdraw it at any time without affecting the activities carried out before the withdrawal.
10. You have the right of access to your data, to rectification, erasure, restriction of processing, the right to data portability, and the right to object.
11. You have the right to lodge a complaint with a supervisory authority, i.e. the President of the Personal Data Protection Office if you consider that the processing of data infringes the personal data protection regulations.
12. Providing your personal data such as name(s) and surname, date of birth, contact details, educational background, professional qualifications, and employment history is necessary for participating in the recruitment. Failing to provide the above data will make it impossible to participate in the recruitment being carried out. Providing other data is voluntary.
13. Giving consent to carrying out future recruitments is voluntary and has no effect on the recruitment carried out by the Controller at present.
14. Your data will not be used for the purposes of automated decision-making or profiling.
General information on personal data processing (agreements, contractors)
1. The controller of your personal data is FlexDev sp. z o.o. sp.k. with its registered office in Poznań, ul. Baraniaka 6, 61–131 Poznań, entered in the Business Register of the National Court Register under number KRS 0000759865, whose registration documents are maintained by the District Court for Poznań – Nowe Miasto i Wilda in Poznań, 8th Business Department of the National Court Register.
2. In matters relating to personal data processing you may contact the Data Protection Officer appointed by the Controller at the following email address: iod@flexdevgroup.com or by calling the telephone number +48 570 996 993.
3. Your personal data will be processed:
a. for the purposes of performing a contract – based on a contract entered into (Article 6(1)(b) GDPR),
b. for the purposes of compliance with legal obligations (including tax obligations) – based on a legal obligation to which the Controller is subject (Article 6(1)(c) GDPR),
c. and may be processed for the purposes of pursuing claims resulting from the provisions of the civil law, if any such claims occur – based on a legitimate interest of the Controller (Article 6(1)(f) GDPR).
1. Your data will be processed by authorized employees and associates of the Controller. The personal data recipients will be the entities providing services to the Controller, including in particular IT, accounting services, hosting.
2. Your data will not be transferred to any third countries (i.e. countries that are not members of the European Union or the European Economic Area).
3. Your personal data will be processed during the term of the agreement and the period required by law, including the prescription period of claims (if any).
4. You have:
a. the right to access your personal data,
b. the right to rectify, erase, or restrict the processing of your data,
c. the right to object.
4. You have the right to file an objection with the supervisory authority, i.e. the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, if you believe that the processing of your data violates the personal data protection regulations.
5. Although the provision of personal data is voluntary, it is necessary to sign the agreement. It is not possible to execute the agreement unless such data is provided.
6. Your data will not be used for the purposes of automated decision-making or profiling.
If the Controller processes your data due to the fact that you are the representatives, employees/associates of its Customer/Contractor, and the data was provided to the Controller for the purposes of ongoing execution of a contract or a legal relationship between the parties in connection with a contract signed, please be informed that:
1. The Controller of your personal data is FlexDev sp. z o.o. sp.k. with its registered office in Poznań, ul. Baraniaka 6, 61-131 Poznań, entered in the Business Register of the National Court Register under number KRS 0000759865, whose registration documents are maintained by the District Court for Poznań – Nowe Miasto i Wilda in Poznań, 8th Business Department of the National Court Register.
2. In matters relating to personal data processing you may contact the Data Protection Officer appointed by the Controller at the following email address: iod@flexdevgroup.com or by calling the telephone number +48 570 996 993.
3. Your personal data must be processed for the following purposes:
a. performance of the contract signed with your employer/customer – i.e. based on a contract signed (Article 6(1)(b) GDPR);
b. compliance with a legal obligation by the Controller – i.e. based on a legal obligation to which the Controller is subject (Article 6(1)(c) GDPR);
c. pursuance of the legitimate interests by the Controller, such as protection against claims and collection of receivables, or internal administrative, analytical and statistical purposes (Article 6(1)(f) GDPR).
1. The Controller may also process personal data obtained in email correspondence. In such cases, the personal data will be processed for communication purposes – i.e. based on the Controller’s legitimate interest (Article 6(1)(f) GDPR) referred to herein. Such personal data will be processed throughout the prescription period of claims, if any, depending on the subject matter of the emails.
2. Your personal data will be transferred to the entities processing data on behalf of the Controller, which take part in the performance of the Controller’s tasks, including the operators and providers of IT systems and the providers of accounting and hosting services. Your data will also be made available to other controllers, including postal operators and couriers.
3. Your personal data will not be transferred to any third countries.
4. Your personal data will be processed throughout the term of the contract and the prescription period of claims (if any). In the event of a pending dispute or proceedings, in particular court proceedings, this period may be extended.
5. The Controller will collect your personal data from your employer/customer or directly from you.
6. The Controller may process in particular the following categories of personal data: name, correspondence address, telephone number.
7. You have the right to access your data, rectify it, erase, restrict its processing, or file an objection.
8. You have the right to file a complaint in connection with the processing of personal data by the Controller with a supervisory authority, i.e. the President of the Personal Data Protection Office.
9. The provision of your personal data is necessary for the performance of the contract between your employer/customer and the Controller.
10. Your personal data will not be used for the purposes of automated decision-making or profiling.
§4 Profiling and cookies
1. The Controller does not collect automatically any information other than information contained in cookies.
2. Cookies are data files, including in particular text files, which are stored on the terminal device of a Portal User for the purposes of using the websites making up the Portal. Cookies usually contain the name of the website from which they originate, the duration of their storage on the terminal device and a unique number.
3. Information from cookies is used for automatic identification of a specific User by the server, which on this basis may generate a website addressed to that User.
4. Actions that may be taken based on the information about a User include:
a. preparing statistics that will help to understand how the Portal Users use the websites in order to improve their structure and content;
b. defining a User’s profile in order to display personalized material on advertising networks, including in particular the Google network.
1. Two types of cookies are used by the Portal:
a. session cookies – these are temporary files which remain on the device until the website is exited or the browser closed, and are subsequently removed,
b. persistent cookies – these files are stored on the User’s device for a fixed period defined in the cookie parameters or until they disable themselves.
5. Web browsers usually by default allow the storing of cookies on the Users’ terminal devices. The Portal Users may change this by changing the settings. The browser makes it possible to remove cookies. A User may change his/her preferences relating to cookie settings or remove them completely at any time. To do this, the User should change the browser settings. Information on cookies is contained in software settings, i.e. the settings of browsers such as Chrome, Opera, Mozilla Firefox, or Internet Explorer.
6. Restrictions relating to the use of cookies may affect some functionalities available on the Portal websites.
7. Cookies stored on the terminal device of a Portal User may also be used by advertisers and partners cooperating with the Portal operator. The Controller recommends reading the privacy policies of such firms in order to become familiar with the principles of using cookies for statistical purposes: Google Analytics privacy policy.
8. Cookies may be used by advertising networks, including in particular the Google network, to display advertisements tailored to the manner of using the Portal by a particular user. For this purpose, they may store information on the user’s navigation path or the time spent on a particular website.
9. A User may view and edit information on his/her preferences accumulated by the Google advertising network in cookies using the following tool: https://www.google.com/ads/preferences/.
§5 Google Analytics
1. The Portal uses Google Analytics, an analytical service provided by Google. Google Analytics is a system of statistics which provides the Controller with information about a User visiting the Controller’s website. Data about a User collected and processed by Google Analytics contain, e.g. information on how the User found the Shop, the region where the User is located, the system and software used by the User.
2. The legal basis for using Google Analytics is Article 6(1)(f) GDPR, i.e. the Controller’s legitimate interest, which involves preparing statistics and making constant effort to improve the Shop and increase the comfort of using it.
3. Information about the User’s activities in the Shop generated by cookies may be sent to a Google server in the USA to be stored there. From the EU perspective, in the USA there is no “sufficient level of protection” with respect to personal data processing, which would match the European standards. The required protection level may, however, be confirmed at the level of the individual companies by the EU-US Privacy Shield certification. Google has a Privacy Shield compliance certificate.
4. The Portal uses Google Analytics with “_anonimizelp()” filename extension and therefore IP addresses are processed further in an abbreviated form only. The purpose is to make it impossible to assign an IP address directly to a person. As a result of activating the IP anonymization option on this website, a User’s IP address will be abbreviated by Google if the User is located in an EU Member State or another country which is a party to the Agreement on the European Economic Area. In exceptional cases, a full IP address is sent to a Google server in the USA and abbreviated there.
5. The IP address sent by your browser for Google Analytics is not combined with other Google data.
6. A User may use the solution described on https://tools.google.com/dlpage/gaoptout to prevent collecting data generated by cookies, which relate to using the website, as well as the processing of such data by Google.
7. In order to make changes to the volume of data provided, the User should check the settings of its browser. Some of the information is made available automatically, however, a User may change the scope of information sent at any time.
§6 Final provisions
1. The Controller reserves the right to change and update this Privacy Policy. The Controller will communicate every change to this Policy to the Users through the website it.next.pl, the Privacy Policy tab.
2. This Privacy Policy shall enter into force on 19th February 2019.