Privacy Policy
§1
Data controller of the personal data
- Data controller of the personal data collected during using the Website at paragona.com and its related services is Paragona Polska spółka z ograniczoną odpowiedzialnością spółka komandytowa (limited partnership with limited liability company as a partner), with its registered office in Warsaw, Aleja Jana Pawła II 29, 00-867 Warsaw, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division – National Court Register under KRS number: 0000208952, REGON 015748340, NIP (Tax Identification Number): 526277185, e-mail: info@paragona.com
- The rules for the processing of cookies are available in the Cookie Policy, available at: https://www.paragona.com/polityka-cookies/
- This Privacy Policy relevant also data processing rules of Users and Followers on Fanpage – Facebook “@Paragona – Jobs for doctors”, as well as data collected through contact via e-mail (e-mail address, messenger / chat on the site) and by phone.
- Personal data are processed in accordance with applicable law, especially: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation/GDPR), which is EEA relevance (Official Journal of the European Union – L 119/1.4.5.2016).
§2
Definitions
For the purposes of this Privacy Policy we use:
- Personal data – any information relating to an identified or identifiable natural person (data subject), in particular their name and surname, contact details, image, location data.
- Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Processing – any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Website/Internet service – a website available at paragona.com, which through the User can view its content, contact the data administrator, including registering to apply for recruitment services.
- User/Data subject – a natural person about whom a controller holds personal data and who can be identified, directly or indirectly, by reference to the personal data, including a person applying for training or recruitment, also persons contacting via messages (messenger) sent on the Fanpage – Facebook “@Paragona – Jobs for doctors” or via the contact details on the Website.
§3
The purposes of the processing
The controller processes data for the following purposes:
-
- performance of the contract, if processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, i.e.: application for training, providing data for the conclusion of the contract and its implementation, based on Article 6(1) point (b) GDPR,
- recruiting for vacant positions:
- in order to perform obligations arising from legal provisions related to the employment process (in particular the Labor Code), based on Article 6 (1) point (c) GDPR;
- in order to protect rights or pursue claims, based on the legitimate interest of the Administrator (Article 6 (1) point (f) GDPR);
- in order to carry out the recruitment process in the scope of data not required by law, as well as for the purposes of future recruitment, based on Article 6 (1) point (a) GDPR;
- answering the question asked via the contact details available on the Website or through social media, based on Article 6(1) point (b) GDPR, i.e.: if processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,
- maintaining and managing social media profiles (e.g. communication with the community, organizing events) on the terms set out by the given social media – based on legitimate interest, i.e. Article 6 (1) point f) GDPR,
- documenting the contract, services or training, keeping accounting and tax documentation, based on Article 6(1) point (c) GDPR, i.e.: processing is necessary for compliance with a legal obligation to which the controller is subject, especially on the basis of Polish law (Article 70 of the Act of August 29, 1997 Tax Ordinance (Dz. U. 2023 poz. 2383) or any relevant act in the future,
- sending ordered commercial information by electronic means (newsletter) to the User’s e-mail address, based on Article 6(1) point (a) GDPR, i.e.: the data subject has given consent to the processing of his or her personal data;
- protection of rights or pursuing claims by the data controller, pursuant to Article. 6 (1 point (f) GDPR, i.e. in order to implement the legitimate interests of the data controller, related to, among others, with a limitation period for claims.
- The personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, based on Article 5(1) point (c) GDPR, i.e.: data minimisation.
- Providing data is necessary for the purpose of conclusion and implementation of contracts, keeping accounting records, participate in recruitment, pursue claims, as well as to answer questions.
- Failure to provide the required data prevents the correct performance of the contract, participation in the recruitment procedure, answering Providing other data is voluntary.
§4
The period of data processing – storage limitation
- The period of data processing by the controller depends on the purpose of the processing. As a rule, data is processed for the period necessary to perform the contract, until the consent is withdrawn by the data subject or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator.
- The period of data processing is agreed based on the following grounds:
- if the basis for processing is consent – the personal data processing period lasts until the purpose of processing ceases or until consent to data processing is withdrawn;
- if the basis for processing is a legitimate interest pursued by the Administrator, the period of personal data processing depends on the existence of the Administrator’s interest. In this case, the data processing period will depend in particular on the limitation periods for any claims arising from the concluded contract;
- if the basis for processing is related to the legal obligation imposed on the Administrator – the period of storing personal data results from specific legal provisions that impose an obligation on the Administrator to store data. In this case, the data processing period will depend in particular on the deadlines specified in the regulations regarding tax law and accounting.
- Personal data processed in the scope of conducting marketing activities are processed for the duration of their conduct by the Administrator or until the objection to further processing of personal data for marketing purposes is expressed, or until the consent to sending marketing information is withdrawn.
§5
The recipients of the personal data
- Acting on behalf of the administrator, personal data may be entrusted to external entities, in particular: entities providing accounting services, entities providing cloud systems, providers of IT services and analytical tools, entities providing electronic payment services, hosting companies or companies providing programs ensuring the functionality of the business.
- The Administrator may be obliged to transfer personal data on the basis of mandatory provisions of law, including at the request of authorized courts, bodies and institutions.
- The transfer of personal data is always carried out using technical means ensuring the security of the information transferred.
§6
Transfer of data outside the European Economic Area
- The Administrator transfers personal data outside the EEA only when necessary and ensuring an adequate level of protection.
- This Privacy Policy relevant also data processing rules of Users and Followers on Fanpage – Facebook “@Paragona – Jobs for Doctors”, when contacted through them. In the remaining scope, the data controller of users of these social networks is Facebook, Inc., based at 1 Hacker Way, Menlo Park, CA 94025, USA, and the processing of this data takes place on the terms described in the regulations and privacy policies of the users of this website: https://www.facebook.com/privacy. The processing of data outside the European Economic Area (EEA) will in this case be based on standard contractual clauses concluded between the personal data administrator and the service provider. Data processing will not violate the privacy of natural persons. The data controller and the service provider will provide the highest guarantees of protection of the entrusted data.
- The processing of User’s data outside the EEA may also be related to the use by the administrator of personal data from IT systems whose servers are located outside the European Economic Area, in particular in the United States of America (USA) and United Kingdom (UK), and this processing takes place on the basis of standard contractual clauses regarding the transfer of data to third countries, concluded between the personal data administrator and the solution provider, or on the basis of a positive decision of the European Commission stating an adequate level of protection for the United Kingdom (Commission implementing decision of 28.6.2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom).
§7
The rights of data subjects
- The data subject shall have the right:
- to access to the personal data,
- to rectification of inaccurate or incomplete personal data,
- to data portability, in a structured, commonly used and machine-readable format, where the processing is based on consent or on a contract and the processing is carried out by automated means,
- to erase / be forgotten, especially if the data subject withdraws consent on which the processing is based, the personal data have been unlawfully processed,
- to restriction of processing, especially if the accuracy of the personal data is contested by the data subject or when an objection to the processing of data has been submitted,
- to withdraw his or her consent, if the basis for data processing was the consent of the data subject. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal,
- to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions,
- the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except for the situations indicated in Article 22(1) GDPR,
- to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, also the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where the personal data are not collected from the data subject, any available information as to their source, based on Article 15 GDPR,
- to lodge a complaint with a supervisory authority – in Poland it is Urząd Ochrony Danych Osobowych (UODO)/Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa/Warsaw, Poland, or to any relevant supervisory authority in the European Economic Area, especially in the country of residence the subject data, if the data processing violates the provisions of the General Data Protection Regulation (GDPR).
- In order to exercise the right to information, access to the data, correct it, as well as other rights referred to in our Privacy Policy and GDPR, the subject data can contact the data controller at the address of the data controller or contact details, including e-mail: info@paragona.cm
§8
The data source
The personal data are collected directly from the subject data, especially via the contact forms on the website, as well as electronic or traditional means of communication.
§9
Final Provisions
In case of any changes to the applicable Privacy Policy, these appropriate modifications will be posted on this Website, especially when technical solutions are required or any changes of data protection law come into effect. Changes to this Privacy Policy will enter into force 14 days after publication.