logo UE
Arche Consulting
Home page/Privacy policy

Privacy policy

PRIVACY POLICY

DEFFINITIONS

  1. Controller: Arche Consulting Sp. z o.o. with its registered office in Katowice (40-112), 25 Morelowa street, entered in the register of entrepreneurs maintained in the District Court in Katowice, VIII Commercial Division of the National Court Register under the number KRS 0000904332, REGON: 242781524, NIP: 9542734358.

  2. Personal data: any and all the information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  3. GDPR: Regulation 2016/679 (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

  4. User: any natural person visiting the Website or using one or more services or functionalities provided on the Website.

  5. Website: Controller's website at: arche-consulting.pl.

  6. Privacy Policy: this document containing information regarding the scope and manner of processing personal data by the Controller.

PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE WEBSITE

Using the Website without registering an account

  1. Data of the user who uses the services of the Website (e.g. IP address, email address, IDs and information collected through cookies, etc.) is processed by the Controller for the following purposes:

    1. providing electronic services by sharing the content collected on the Website with Users. Legal basis: the need to process information for the performance of performing a contract (Article 6(1)(b) GDPR).

    2. analytics and statistics necessary to analyze User activity and preferences. The results of analyses are used by the Controller for technical and administrative purposes as well as to improve the functionalities applied and services provided. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

    3. establishment, investigation, or defense of potential claims. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

Registration on the Website as a Candidate

  1. A User (Candidate) may register on the Website to take advantage of additional free services of the Controller. When registering on the Website, the User will be asked to provide personal information necessary to create and operate an account. Upon registration, the User will have the opportunity to voluntarily provide additional personal information that relates to their professional profile. This data will make it possible, among others, to present job offers to the User fitting their professional profile and experience. The User will also be able to manage jobs that interest them, e.g. save interesting jobs, apply for jobs, communicate with consultants or potential employers, etc. Accordingly, the Data Controller will process personal data for the following purposes:

    1. providing electronic services related to maintaining and operating an account on the Website. Legal basis: the need to process information for the performance of performing a contract (Article 6(1)(b) GDPR), in the case of data provided on a voluntary basis, it will be processed on the basis of User's consent (Article 6(1)(a) GDPR

    2. analytics and statistics necessary to analyze registered User activity and preferences. The results of analyses are used by the Controller for technical and administrative purposes as well as to improve the functionalities applied and services provided. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

    3. establishment, investigation, or defense of potential claims. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

Registration on the Website as an Employer

  1. A User (Employer) may register on the Website to take advantage of additional free services of the Controller. When registering on the Website, the User will be asked to provide personal information necessary to create and operate an account. After registration, the User will be able to manage their job offers. Accordingly, the Data Controller will process personal data for the following purposes:

    1. providing electronic services related to maintaining and operating an account on the Website. Legal basis: the need to process information for the performance of performing a contract (Article 6(1)(b) GDPR), in the case of data provided on a voluntary basis, it will be processed on the basis of User's consent (Article 6(1)(a) GDPR

    2. analytics and statistics necessary to analyze registered User activity and preferences. The results of analyses are used by the Controller for technical and administrative purposes as well as to improve the functionalities applied and services provided. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

    3. establishment, investigation, or defense of potential claims. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

Participation in recruitment processes

  1. The Controller enables Website Users to participate in recruitment processes. The User may apply in response to specific job offers or may wish to participate in other future recruitment processes. Accordingly, the Data Controller will process personal data for the following purposes:

    1. taking action to conduct the recruitment process and conclude a contract. Legal basis: the need to process information for the performance of performing a contract (Article 6(1)(b) GDPR).

    2. execution of statutory obligations by the Controller, i.e. processing of data of persons applying for employment within the scope resulting from provisions of the labor law. Legal basis: the need to process information to fulfil a legal obligation of the Controller (Article 6(1)(c) GDPR).

    3. processing of data not required by law, provided by the candidate on a voluntary basis during the recruitment process. Legal basis: consent expressed through a clear affirmative action by providing personal data in an application form or through a declaration of intent (Article 6(1)(a) GDPR).

    4. processing of data to the extent necessary for future recruitment processes and candidate selection. Legal basis: consent to participate in future recruitment processes expressed through a separate declaration (Article 6(1)(a) GDPR).

Sharing Data with Employers

  1. The Controller will recommend Users participating in the recruitment process to Employers for whom the Controller conducts the recruitment process. Depending on the type of recruitment project, the extent of the data shared may vary. Accordingly, the Data Controller will process personal data for the following purposes:

    1. presenting your candidacy to potential Employers. Legal basis: consent to provision of data (Article 6(1)(a) GDPR), the legitimate interest of the Controller (Article 6(1)(f) GDPR) or the need to process in order to perform a contract (Article 6(1)(b) GDPR).

Contact form

  1. The Controller allows Website Users to contact them using electronic contact forms. To use the form, it will require you to provide personal information necessary to contact the Controller and receive their answer. Provision of other data is voluntary. Accordingly, the Data Controller will process personal data for the following purposes:

    1. receiving a contact inquiry, processing the inquiry, and responding. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR) and the need to process to perform the contract (Article 6(1)(b) GDPR).

    2. storage of correspondence for a period of the statute of limitations for any and all the claims. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

    3. sending marketing information in response to an inquiry sent using an electronic form. Legal basis: consent expressed through an clear affirmative action (Article 6(1)(a) GDPR).

Marketing

  1. The Controller may carry out marketing activities aimed at System Users. Accordingly, the Data Controller will process personal data for the following purposes:

    1. providing marketing content in the form of contextual advertising (not tailored to User preferences). Legal basis: consent to the processing of data for marketing purposes (Article 6(1)(a) GDPR) or the Controller's legitimate interest (Article 6(1)(f) GDPR) in the direct marketing of its own products or services.

Profiling

  1. Users' personal data will be processed by the Controller in an automated manner (including through profiling), but this will not have any significant consequences, including legal consequences, for the User. Accordingly, the Data Controller will process personal data for the following purposes:

    1. presenting job offers that meet User preferences as closely as possible. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

    2. providing the User with marketing content regarding the Controller's offer on other websites/other communication channels. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

    3. Users who do not wish to be subject to profiling should log out of all devices and delete cookies from them.

WEBSITE USER RIGHTS

  1. Users whose data is processed by the Controller have the following rights:

    1. The right to withdraw consent. If the processing of your personal data is based on consent, you have the right to withdraw all or some of your consents regarding the processing of your data for a specific purpose. The withdrawal of consent will not affect the processing of your data before the withdrawal of consent, or the legal basis for that processing.

    2. Right of access to data. You have the right to obtain confirmation as to whether your personal data is being processed by the Controller, as well as with regard to certain information, e.g. concerning the purposes of the processing, the categories of data processed, etc. You also have the right of access to your personal data by obtaining a copy of it.

    3. Right to rectify data. You have the right to demand that the Controller immediately correct your personal data if it is incorrect or incomplete.

    4. Right to erasure (“right to be forgotten”). You can request erasure of your personal data in case the data has been used unlawfully or if your consent for further processing has been withdrawn. “The right to be forgotten” does not, however, constitute an absolute right to erasure of your personal data, as there are certain exceptions to it, e.g. where the Controller needs to continue to use it to establish, assert or defend legal claims or to comply with a legal obligation.

    5. Right to restriction of data processing. You have the right to stop the Controller from further use of your personal data where, for example, the Controller is in the process of evaluating a request to rectify your data. In situations where processing of personal data is restricted, the Controller may still store the data, but may not actively use it further.

    6. Right to data portability. You have the right to obtain and re-use certain personal data for your own purposes from other, separate data controllers. You may only exercise this right in relation to the personal data that we process by automated means with your consent or for the performance of a contract. In such a case, we will provide you with a copy of your personal information in a structured, commonly used and machine-readable format.

    7. Right to object. If the processing of your personal data was based on a legitimate interest of the controller, you have the right to object to further processing. The Controller may deny you the above right if it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or grounds for establishing, pursuing or defending claims.

  2. If the User believes that the processing of their personal data violates the provisions of the GDPR, they have the right to lodge a complaint to the supervisory authority - the President of the Polish Personal Data Protection Authority.

DATA STORAGE PERIOD

  1. The period for which the User's personal data is processed by the Controller depends on the purpose for which it is collected and processed, as well as the provisions of law and any consents or other declarations obtained by the Controller. Accordingly, the Controller will retain personal information for the following periods:

    1. data processed to the extent necessary to conclude and perform the contract - for the duration of the contract, i.e. of the period of having an account in the Website or for the time necessary to use other services of the Controller. After the services are rendered, the Controller will store the data until the end of the statute of limitations for claims related to provision of services;

    2. personal data within an unconfirmed account in the Website - the data collected in connection with creating an account in the System which was not confirmed by the activation link sent automatically to the User's email address after creating the account or answering a job advertisement, will be stored by the Controller in the System no longer than 60 days.

    3. data processed on the basis of consent - until withdrawal of consent;

    4. data processed on the basis of a legitimate interest - for a period enabling the realization of this interest or until an effective objection is raised with regard to the data processed;

    5. data processed in connection with performance of legal obligations - until expiry of the obligation;

    6. data processed for recruitment purposes - for the duration of the current recruitment process or for a period of 3 years in the case of data processing for the purposes related to future recruitment processes. These periods will be reduced if the User withdraws consent to the processing of data for recruitment purposes.

    7. the information resulting from own cookies will be stored for duration of the current browser session and will be deleted when the browser is closed or for periods corresponding to the life cycle of individual cookies stored on the User's device.

  2. The period of data processing may be extended if it is necessary for determining, pursuing or defending against potential claims, while after that period - only in the case and in the scope required by provisions of the law.

OBLIGATION TO PROVIDE DATA

  1. Provision of personal data by the User is voluntary, except for situations when the law obliges to provide it or when its provision is necessary to use the Website, as well as to provide services ordered by the User.

DATA RECIPIENTS

  1. In connection with the provision of services, the Controller may disclose Users' personal data to the following data recipients:

    1. public authorities or entities entitled to request access to or receive personal data under the law;

    2. Employers to whom the Candidate will be recommended in the recruitment process;

    3. entities tasked with processing personal data by the Controller on the basis of concluded processing agreements, e.g. IT service providers;

    4. entities related to the Controller, including within the Arche group, in connection with performance of reporting obligations, as well as within recruitment cooperation.

  2. In the event of restructuring or sale of a business or part thereof and transfer of all or a significant portion of the assets to a new owner, Users' personal information may be transferred to the Buyer to ensure continuation of the Controller's services.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

 

  1. The Controller cooperates with entities that are based in the European Economic Area (EEA). However, due to the nature of its business, the Controller may also cooperate with entities of an international scope, which may result in the transfer of personal data outside the EEA. In such a case, mechanisms will be used with an appropriate degree of protection, in particular through:

    1. cooperation with processors of Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the determination of an adequate level of protection of Personal Data;

    2. use of standard contractual clauses issued by the European Commission.

cookies

  1. The Website uses cookies. Cookies are small pieces of text sent by the Controller's Website and stored while browsing the Service on the User's end device (computer, laptop, smartphone). Cookies contain various information necessary for the proper functioning of the website. Cookies can also be used by third party IT systems, e.g. for analytical or marketing purposes.

  2. The following types of cookies are used within the Website:

    1. _ga - used by the Service Google Analytics to collect aggregate statistical data about users of the Website. This type of cookies is kept for 2 years. It does not identify the user;

    2. _gat - used by Google Analytics to limit the number of requests. This type of cookie is kept for 1 minute;

    3. _gid - used by Google Analytics to collect statistical data about users of the Website. This type of cookie is kept for 1 day. It does not identify the user.

    4. ci_session - session cookie stored in user's end device until logout (leaving the site). This is a cookie necessary to provide the session and ensure security of the Website. This type of cookie is kept for 2 hours.

  3. In many cases, the software used to browse the Internet (web browser) allows the storage of cookies on the User's terminal device by default. Users of the Website may change their cookie settings at any time. These settings can be changed, in particular in order to block the automatic handling of cookies, in the settings of one’s web browser, or to inform on their timely placement in the device of the Website User. The detailed information about the possibility and methods of using cookies is available in your software (web browser) settings. Restrictions on the use of cookies may affect some of the functionalities available on the Website.
  4. Cookies placed in the Website User's end device can also be used by advertisers and partners cooperating with the Website operator.

ADDITIONAL TOOLS USED BY THE CONTROLLER

Social Media

  1. The Controller processes the personal data of Users visiting profiles maintained on social media (Facebook, Instagram, LinkedIn). Through its profiles, the Controller informs about its activities, promotes various events, services or products. Accordingly, the Data Controller will process personal data for the following purposes:

    1. promoting own brand. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

    2. establishing and maintaining contact with Users by means of messengers available within the given social media. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

Google Analytics Tools

  1. The Controller uses the Google Analytics tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for statistical and analytical purposes. In order to collect information about the Users, the Controller has implemented Google Analytics tracking code in the Website code. Legal basis: legitimate interest of the Controller (Article 6(1)(f) GDPR).

  2. The user can, at any time, block the collection of data concerning them by blocking the Google Analytics tracking code by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.

JOINT CONTROLLERS

  1. In order to achieve business objectives, and in particular to streamline recruitment processes, to ensure unified standards of security and services provided, as well as due to organizational, personal and infrastructural connections, an agreement for joint controllership of personal data, within the meaning of Article 26 GDPR, has been concluded. Therefore, the following entities are jointly the controllers of the User’s personal data processed in the recruitment processes:

    1. Arche Consulting Sp. z o.o. with its registered office in Katowice, Morelowa street No. 25 (hereinafter: Controller);

    2. Arche Solutions Sp. z o.o. with its registered office in Katowice, Morelowa street No. 25 (hereinafter: Joint Controller).

    3. hereinafter collectively referred to as the “Joint Controllers”.

  2. Based on the concluded agreement for joint controllership, in particular the following responsibilities for fulfilling the obligations under the GDPR have been agreed upon:

    1. each of the Joint Controllers is responsible for complying with the information obligation and for enabling the exercise of rights in relation to data processing;

    2. the Controller will be responsible for management of personal data breaches. The Joint Controllers are required to cooperate with respect to the identified breaches;

    3. each of the Joint Controllers is responsible for applying organizational and technical measures appropriate to the risks involved in order to ensure the confidentiality, integrity and availability of personal data.

DATA PROTECTION OFFICER

  1. In the matters concerning the personal data processed by the Controller, the Data Protection Officer appointed by Arche Consulting Sp. z o.o. should be contacted as follows:

    1. electronically at the following email addresses: iod@arche-consulting.pl;

    2. in writing to the correspondence address: ul. Morelowa 25, 40-112 Katowice.

FINAL PROVISIONS

  1. The Privacy Policy will be reviewed by the Controller on a regular basis and supplemented or updated as necessary. Additions and changes may result, among others, from new laws or new guidelines of the President of the Office for Personal Data Protection. We also reserve the right to change this Privacy Policy if the technology by which we process your data changes, or if the means, purposes or legal basis for the processing of your personal data changes. If we make changes to this Privacy Policy, we will notify you in a clear and appropriate manner, e.g. by displaying a prominent notice on our Website or by sending you an email.

Logos FE RP Śląskie UE
top of page