Information on the processing of personal data by eq system group companies

 

The purpose and scope of the privacy policy

The privacy policy governs the obligations of the personal data controller towards natural persons whose personal data are processed in connection with the professional activities of eq system companies, and informs about the rights of the above-mentioned natural persons.

The privacy policy applies to all operations carried out by eq system companies as part of their business activities which involve the processing of personal data, including operations carried out using websites and web applications and social media provided by companies, hereinafter referred to as the Websites.

We declare that the Websites operate at an appropriate technical level. The services will be characterized by due diligence, respect for the rules of professionalism, and compliance with applicable law, in particular the law protecting the privacy of natural persons:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (EU OJ L 119, 4 May 2016, pages 1-88), hereinafter referred to as the GDPR;
  2. Act of 18 July 2002 on the provision of electronic services, consolidated text: Journal of Laws of 2013, item 1422, as amended;
  3. Act of 16 July 2004 – Telecommunications Law, consolidated text: Journal of Laws of 2014, item 243, as amended.

 

Definitions introduced for the purposes of the privacy policy

Data Controller – each of the eq system group companies separately, within the scope of their business activities, or jointly, where appropriate, i.e.:

eq system technology sp. z o.o. with its registered office at the address: ul. św. Antoniego 50, 41-303 Dąbrowa Górnicza, entered in the Register of Entrepreneurs kept by the District Court in Katowice, 8th Commercial Division of the National Court Register under number KRS 0000108452, NIP 6370102776, and

eq system sp. z o.o. with its registered office at the address: ul. św. Antoniego 50, 41-303 Dąbrowa Górnicza, entered in the Register of Entrepreneurs kept by the District Court in Katowice, 8th Commercial Division of the National Court Register under number KRS 0000175772, NIP 6292263139 and

eq system consulting sp. z o.o. with its registered office at the address: ul. św. Antoniego 50, 41-303 Dąbrowa Górnicza, entered in the Register of Entrepreneurs kept by the District Court in Katowice, 8th Commercial Division of the National Court Register under number KRS 0000486510, NIP 6793096787.

Contact with the Controller is possible at the joint address, as indicated above, or by e-mail at the joint address: info@eqsystem.pl

Personal data – any information related to an identified or identifiable natural person: one or more specific factors determining the physical, physiological, genetic, psychological, economic, cultural or social identity of a natural person, including device IP number, location data, Internet identifier and information collected using cookies and other similar technology.

Processing of personal data – any automated or non-automated operation or set of operations performed on personal data or in personal data filing systems, including: collecting, recording, organizing, structuring, retaining, adapting or modifying, searching, consulting, using, disclosing through transmission, distribution or otherwise sharing, alignment or combination, restriction, erasure or destruction of personal data.

Contact Person – any natural person representing a company or an institution with which the Data Controller intends to establish or has established business contacts, in particular visiting the Websites, using their functionalities or using one or more services provided by the Data Controller.

Job Candidate – any natural person who has submitted their application to be employed with the Data Controller’s company.

The scope and sources of personal data

When receiving business contacts from companies and institutions, conducting meetings, talks and correspondence related to the identification of requirements to prepare offers for products and services that are best tailored to the expectations of potential customers, and when concluding contracts for deliveries, licences or services, we process the following personal data of the Contact Persons: name, surname, business e-mail address, business telephone number, name and address of the company or institution, and the organizational unit represented by the contact person, job position or function in the above-mentioned company or institution. These data may:

  • originate from public registers and publicly available websites,
  • be provided directly when signing up on the Websites (e.g. via the contact form),
  • be provided directly in an e-mail message,
  • be provided in person (e.g. business card, paper form),
  • be provided in requests for proposal (e.g. under procurement procedures),
  • be provided indirectly in B2B contacts.

When receiving applications from Job Candidates, we process their personal data:

  • provided directly when signing up in the recruitment section of the Website, via the contact form,
  • provided directly in an e-mail message and attachments,
  • provided in person in the form of a paper CV, cover letter, etc.,
  • provided indirectly, e.g. from recruitment companies or web portals.

Notwithstanding the foregoing, specific data referred to further in the policy may be collected automatically via cookies, active on the Websites, based on the activity of the Contact Person, Job Candidate or other persons using the Websites.

Purposes and grounds for processing personal data

If we send to you any communication regarding product and service marketing

In order to conduct marketing activities intended for companies and institutions, we process the personal data of Contact Persons based on the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR). Our legitimate interest involves the use of the business personal data of the Contact Person for marketing of our products and services only in professional B2B contacts with the company or institution represented by the Contact Person.

 
If you use our Websites: web pages

Data related to the activities of Contact Persons on the Website, collected via cookies or other similar technologies, are processed by the Data Controller to provide electronic services that involve sharing the content collected on a specific Website – in this case, the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR) and for analytical and statistical purposes – in this case, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as analysing the activities of Contact Persons and their preferences to improve the functionality and quality of the services provided.

Our websites www.eqsystem.pl and www.xprimer.pl contain a link to out company profile on Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). This plugin on our website is marked with the Facebook logo and is used to connect to our Facebook profile. Facebook may then obtain the information that you have visited our site from your IP address. If you visit our site while logged in to your Facebook profile, Facebook will record information about the visit. Even if you are not logged in, Facebook is able to obtain information about your IP address.
We assure you that Facebook does not provide us with information about the data collected and how these data are used. We are not aware of the purpose and scope of the data collected by Facebook. For additional information regarding privacy on Facebook, please contact Facebook directly or read their privacy policy at: https://www.facebook.com/about/privacy/

 
If you use our Websites: website application

The activities of the Contact Person who has their profile on the Website is recorded in system logs (a special database used to store chronological records containing information about activities performed on the Website). The information collected in these logs is processed mostly for purposes related to the performance of the contract for the provision of services, which the Data Controller concluded with the company or institution represented by the Contact Person. The Data Controller also processes such data for technical and administrative purposes, to ensure the security of the Website and to manage it, and for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as caring for the quality of services provided electronically and statistical analysis of these services.

 
If you use our Websites: social media

We use Facebook, LinkedIn and YouTube social media for PR and promotional purposes, we share information about our achievements and planned events, thus we are the Controller for the personal data of users of these media who visit our company profiles. We administer and manage company profiles created in these media, including by publishing information, responding to posts and comments, and overseeing the content posted by users. We perform these activities based on the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as the possibility of running and managing company profiles. On the same basis, we also perform activities aimed at ensuring ICT security, preventing fraud and financial crimes, and ensuring the possibility of pursuing and defending claims.

Social media operators record behaviours of their users through cookies and other similar technologies by themselves, including whenever they interact with eq system company profiles. The full scope and purposes of the processing of personal data on social media are determined by their operators:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland – for Facebook.
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland – for LinkedIn.
  • Google Inc. Google LLC, D/B/A YouTube 901 Cherry Ave, San Bruno, CA 94066 USA – for YouTube.

As an administrator of our own company profiles, we have access to general aggregated statistics, provided by the operators of various social media, regarding the interests and demographic data of users visiting our company profiles, but we do not have access to any personal data used by social media operators when generating such statistics. If the user has their own profile on a specific social media platform, we have access to information that the user has set as public, on the same terms as other users of the social media platform. For more information on the user’s rights in the field of data protection in connection with the generation of website statistics and the possibility of using them directly in interactions with social media, please visit:

If you fill in the contact form available on the Website (e.g. to download materials, such as an e-book, obtain information about events, products and services, etc.)

If the Contact Persons has filled in the form to receive materials or information, the Data Controller will provide the service that involves sharing the material and mailing to those persons. Providing one’s data and ticking off appropriate consents is required to provide the service in the appropriate scope, otherwise we will not be able to provide such service. The basis for the processing of personal data to provide the service that involves sending materials and mailing is the performance of the contract (Article 6(1)(b) of the GDPR).

If any activities and contents related to the marketing of products and services are intended for the Contact Person who has filled in the contact form, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).

When making analyses and generating statistics, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as improving the functionalities of the Websites and sending mailings with more relevant contents.

In order to assert, pursue or defend against claims – the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as enabling the Data Controller to defend their rights.

If you sign up for a webinar, video-conference, presentation

If the Contact Persons have filled in the form on the webinar platform to participate in the event (webinar, video-conference, presentation, etc.), the Data Controller will provide the service that involves participation in the event to those persons. Providing one’s data and ticking off appropriate consents is required to provide the service in the appropriate scope, otherwise we will not be able to provide such service. The basis for the processing of personal data to provide the service that involves participation in the event is the performance of the contract (Article 6(1)(b) of the GDPR).

If any activities and content related to the marketing of products and services are intended for the Contact Person who has filled in the participation form, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).

When using analyses and statistics, the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as the evaluation of the event by participants to better plan subsequent events, improve the content presented and forms of communication.

In order to assert, pursue or defend against claims – the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), such as enabling the Data Controller to defend their rights.

If we carry out activities aimed at concluding or we have concluded a contract for the supply of products/provision of services with a company or institution that you represent

If the Data Controller, together with the company or institution represented by the Contact Person, carries out any activities to conclude a contract or has concluded a contract for the delivery of products and/or provision of services, the Contact Person’s data will be processed on the basis of legitimate interest of the Data Controller, such as the preparation and performance of the contract, and to assert and defend the Controller’s rights (Article 6(1)(f) of the GDPR).

If you intend to participate in the recruitment process

During the recruitment process, based on the right under Article 22¹ of the Labour Code, we process the following personal data: first name, middle name and surname, date of birth, contact details, education, professional qualifications, employment history. The basis for the processing of the above-mentioned personal data is the legal obligation (Article 6(1)(c) of the GDPR).

In order to carry out the recruitment process, if it is necessary to process personal data other than those indicated above, provided via the contact form posted on the Website, in the Job Candidate’s application or other documents supplied, the basis for processing is the Job Candidate’s consent (Article 6(1)(a) of the GDPR).

In order to verify the skills and abilities of the Job Candidate, presented in the application and required to work in a specific position, the processing of the data obtained in this way is based on our legitimate interest (Article 6(1)(f) of the GDPR). In addition, if there is a legal need to prove facts or demonstrate the fulfilment of obligations stemming from the recruitment process, the legal basis for the processing of personal data will be the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).

The use of personal data provided by the Job Candidate for future recruitment processes will be possible, provided that the Job Candidate agrees to the processing of personal data provided via the contact form posted on the Website, in the Job Candidate’s application or other documents. In this situation, the basis for processing is such consent (Article 6(1)(a) of the GDPR).

Profiling and automated decision-making

In order to conduct marketing activities, we collect information about the business needs related to the position/function held by the Contact Person to best adjust our marketing communication, and tailor the product and service offer to the needs of the company or institution represented by the Contact Person. We process this information in our IT systems supporting the proper completion of the services we provide.

Profiling, within the above-mentioned meaning, is not used for the purposes of automatic decision-making and is based on our legitimate interest (legal basis: Article 6(1)(f) of the GDPR), such as conducting marketing communication that will be tailored to the needs of the Contact Person and primarily to the needs of the company or institution represented by the Contact Person.
Our activities only pertain to professional relations.

Cookies

Online services, in particular websites, use “cookies”, which are stored on the final device, e.g. notebook, smartphone, etc., used by the Contact Person, Job Candidate or other person using the website. The information contained in cookies is, in particular: the name of the domain from which they originate, the length of time they are stored on the terminal device, a unique identifier. The information contained in cookies is read each time the above-mentioned persons visit our Services. They may also be used by trusted third-party tool providers cooperating with eq system companies to present relevant content, monitor traffic and website activity.

Cookies are not used to process or store personal data and cannot be used to directly identify the above-mentioned persons, nor do they introduce configuration changes to the web browser or terminal equipment.

Changing the settings relating to the use of cookies, or even disabling their use, can be done independently through the configuration tool used on the website, the Cookie Consent Management platform – a tool used to obtain and store consent from users of the website to process their data in terms of cookies. If you do not block cookies, you run the risk that the website may not function properly. If you do not restrict the use of cookies in the configuration options of your web browser, this means that cookies will be stored on your terminal equipment and thus the website will access them.

The websites use the following categories of cookies:

  • Necessary – necessary for the proper functioning of the pages.
  • Preferences – adapting the content of the site to your preferences.
  • Statistics – creating statistics on how the pages are used.
  • Marketing – providing users with advertising content tailored to their interests.

 

Details of what type of cookies you have consented to are available by clicking on the “safety pin” icon in the bottom left-hand corner of the page and selecting “Show details”, while by selecting “Change your consent”, you can make changes to the consent you have given for the use of cookies. In the details of the cookies used, you can also find information on the providers and their privacy policies.

Recipients of data

We disclose the personal data of the Contact Person to the following categories of trusted recipients:

  • authorized employees and associates of the eq system group,
  • providers of hosting services and tools,
  • providers of services that support marketing activities carried out by eq system companies using the Websites, including social media operators on which we run company profiles,
  • providers responsible for the servicing and maintenance of IT systems directly used by the Data Controller,
  • subcontractors responsible for the servicing and maintenance of IT systems provided by the Data Controller to the company or institution represented by the Contact Person.

The Controller reserves the right to disclose selected information about the Contact Person to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.

We disclose the Job Candidate’s personal data to authorized employees and associates of the eq system group, participating in the recruitment process, and providers of hosting services and tools which may be used by the Job Candidate to upload their application.

 

Data retention period

We retain personal data for marketing purposes until the Contact Person opts out of receiving marketing and commercial information from the eq system group (withdraws their consent or raises an objection), but for not longer than a period 5 years counted from the date of recording their last activity in contacts related to marketing activities of eq system companies, unless the further retention of the Contact Person’s personal data is required by law or is necessary to perform contracts or resolve disputes, or the Contact Person’s activity may indicate interest in services or products offered by the eq system group. After the occurrence of the circumstances or the expiry of the period referred to above, the personal data of the Contact Person will be erased or anonymized.

The processing of personal data while performing contracts that involve the delivery of supplies, the grant of a licence or the provision of services will generally continue throughout the duration of the contract. The data processing period may be extended if the processing is necessary to assert, pursue or defend against any claims, and after this period, only if and to the extent that it is required by law. After the expiry of the processing period, the data will be irreversibly erased or anonymized.

For company profiles on social media run by the Data Controller, the data will be processed until the user cancels the like or ceases to follow the company profile.

For recruitment, the personal data of Job Candidates will be processed until the end of the recruitment for the position for which the Job Candidate has applied or – provided that they has consented to the processing of personal data for the purposes of future recruitment – for two years from the date of filing of the application, unless the Job Applicant withdraws earlier their consent to the processing of personal data.

 

Transfer of personal data outside the EU

We will not transfer directly the personal data of Contact Persons outside the territory of the European Union, however, due to the Controller’s use of cloud solutions provided by Microsoft, the data may be transferred – on the basis of standard data protection clauses – to a third country. The standard contractual clauses used by Microsoft in accordance with the templates approved by the European Commission are available at: https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx.

It cannot be ruled out that in connection with the use of IT solutions of our other providers who use hosting services offered by global third parties (e.g. Microsoft, Google, Amazon), personal data may be processed outside the territory of the European Union. In that case, we assure you that the transfer of data will take place on the basis of an appropriate decision of the European Commission or on the basis of appropriate regulations or an agreement with the provider, containing standard data protection clauses, as adopted by the European Commission.

We will not transfer any personal data of Job Candidates outside the territory of the European Union.

The rights of data subjects

The data subject has the right to:

  • opt out of receiving marketing and commercial information which means, as the case may be, an objection or withdrawal of consent: (1) to the processing of data for purpose of direct marketing, (2) to receiving marketing and commercial information by telephone or e-mail. An objection or withdrawal of consent may be submitted by post to the address of the eq system companies or to the following e-mail address: iod@eqsystem.pl,
  • request access to their personal data for the purpose of rectification, erasure or limitation of processing and transfer of data to another data controller. The requests may be submitted by post to the address of the eq system companies or to the following e-mail address: iod@eqsystem.pl,
  • file a complaint with the President of the Office for Personal Data Protection regarding matters related to the processing of their personal data by the eq system group.

When using eq system company profiles on social media, the user will be able to exercise their rights by themselves, using the appropriate tools provided by operators, including management of “likes” and followed pages, private messages, privacy settings of the user’s own profile.

For more information on the user’s data protection rights on social media, please visit:

Facebook: https://www.facebook.com/privacy/explanation

LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL

Google/YouTube: https://policies.google.com/privacy

Personal data security

The Data Controller analyses the risk on an ongoing basis to ensure that the personal data are processed by them in a safe manner, providing access to data only to authorized persons and only to the extent that it is necessary for the tasks performed by them. The Data Controller ensures that all operations on personal data are recorded and performed only by authorized employees and associates.

The Controller takes all necessary steps to ensure that their suppliers, subcontractors and other cooperating entities guarantee the use of appropriate security measures, whenever they process personal data on behalf of the Data Controller.

Contact regarding the processing of personal data and miscellaneous

Contact with our Data Protection Officer is possible by post, at the address: ul. Św. Antoniego 50, 41-303 Dąbrowa Górnicza, by telephone at: +48 32 262 60 22 or e-mail at: iod@eqsystem.pl.

In matters not covered by this privacy policy, the provisions of the GDPR shall apply. The policy may be verified on an ongoing basis and updated, where necessary. We reserve the right to change individual provisions of the privacy policy without prior notice. The data subject may read, at any time, the current version of the privacy policy available on the website https://www.eqsystem.pl or https://www.xprimer.pl,  under “Privacy Policy”.