#GDPR How do we process your personal data

GDPR - what is it

General Data Protection Regulation is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). The GDPR regulates the processing of personal data in the EU, protects your fundamental rights and freedoms, in particular, your right to the protection of personal data.

Who is the Controller of your personal data

Conotoxia Holding is interested in recruiting specialists in various fields.
  1. You wish to apply only for a specific position and do not want to leave your documents for future recruitment? The Controller of your personal data will be the company that announces the hiring, e.g. Cinkciarz.pl Sp. z o.o.
  2. You are interested in a specific job position, but at the same time, you would like to provide us with your application documents for future recruitment? The Controller of your data will be the companies belonging to the Conotoxia Holding.
  3. Currently, you cannot find vacancies that match your qualifications, but you would like to give us your application documents? The Controller of your data will be the companies belonging to the Conotoxia Holding.

Why my data are processed

We process your data in order to carry out the recruitment process and review your application. That is all. Please remember that providing your personal information is voluntary, but necessary to evaluate your application.

Your data will not be processed based on automated decision making, including profiling. However, we will analyse them manually, checking your qualifications and previous experience.

What are the legal grounds for processing your personal data

You submit your application because you would like to conclude an employment contract (Art. 6(1)(b) of the GDPR). The Labour Code determines what data we should receive from you, and it imposes an obligation on us to collect them (Article 6(1)(c) of the GDPR).

However, you may also want to boast about things that go beyond the Labour Code, such as your photo and your area of interest. In such a case, your voluntary consent will be the basis for the data processing (Article 6(1)(a) of the GDPR). If you submit your application documents (regardless of how you do it), it means that you are interested in participating in the recruitment process. Therefore, by submitting your application to us, you agree to the processing of your personal data contained in it.

You decide how long we will store your data. Do you want to withdraw your consent? Write to us at [email protected]

If you have submitted your application before but have not been successful, we would like to know. Therefore, our legitimate interest (Article 6(1)(f) of the GDPR) is to store periodically the basic data about you. Those data include i. e. your name, surname, email address (due to the need to identify you unambiguously) and information about the position you were previously recruited for, the date of your application and the stage at which your application was rejected. This will allow us to know that you have already successfully passed the preliminary stages of the recruitment process.

Given the fact that we operate in the financial sector, if you successfully pass the recruitment process, and we offer you employment in one of our Companies, you will be required to submit a certificate of no criminal record from the National Criminal Register (legal basis: Act of 12 April 2018 on the principles of obtaining information on clean criminal records of job candidates and employees of financial sector entities).

How long will my data be processed

We will retain this information for a period of two years from the end of the recruitment process or, in the event of consent to participate in future recruitment procedures or spontaneous recruitment, from the end of the year in which it was provided to us.

Do you think this is too long?Contact us at [email protected], and we will immediately remove your application.

Who can access my data

Access to your data is primarily granted to the Controller / joint controllers (Cinkciarz.pl or other company of the Conotoxia Holding Group) due to the recruitment process.

Additionally, access to your data may be granted to our co-operating consulting agencies and suppliers of IT solutions supporting the recruitment process. In addition, if the recruitment process is carried out by a recruitment agency, the agency will also have access to your data.

What are my rights and how to exercise them

You are the one to apply - you are the one to decide! Your rights are:

  • right to access the data,
  • right to erasure ("right to be forgotten"),
  • right to rectification,
  • right to restriction of processing,
  • right to data portability,
  • right to object to processing.

You can exercise each of them by sending an email to [email protected]. Please note that we identify you by your email address. Therefore, your application should be sent from the same email address from which you sent us your application. You don't have to fill in any forms, and a simple email is enough.

Download the complete information clause Download Information about Joint Controllers

Do you still have any questions? Do not hesitate to contact us.

Małgorzata Sitkiewicz

Data Protection Officer

[email protected]