Privacy Policy of HRBC Group Sp. z o. o.

1.  General information

This document sets out the rules for the processing and protection of personal data provided by Users in connection with the use of the website. The Privacy Policy was established to ensure full and transparent implementation of the information obligation resulting from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (GDPR). The document contains the principles of collecting and using data about Users in force on the Website. In order to ensure the integrity and confidentiality of data, the Data Controller has implemented procedures allowing access to personal data only to authorized persons. The Data Controller takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Data Controller.

02. Personal Data Controller

The Personal Data Controller of the Website Users is HRBC Group Sp. z o. o. with its seat at ul. Ślusarska 6/3, 30-710 in Krakow. The contact details of the Data Controller and the data of the Personal Data Inspector are available at in the Contact tab.


3. Scope of processed data

Personal data is any information that identifies or allows to identify the data subject. Personal data is processed only in cases where the data subject has consented to it, or when the Website has a different legal basis allowing for the processing of personal data.

The purposes of personal data processing together with the legal basis are listed below:

The period of personal data storage depends on the purpose of data processing for which it was collected. The criteria used to determine the appropriate storage period take into account:

  1. the need to achieve a given purpose,
  2. the period necessary for the performance of our services,
  3. the period for which consent was granted,
  4. legal regulations.


 4. Storage of personal data

Personal data is stored for the time necessary to achieve the purpose of processing. Personal data is stored by the Company:

  • If you agree to participate in future recruitment processes and being presented job offers, until your consent is withdrawn;
  • In the event of applying for a specific recruitment process, without consenting to the participation in future recruitment processes, for the duration of the recruitment process – the data will be removed if you do not commence work;
  • In the case of correspondence, the data will be stored for a period of 6 years until the completion of the cases, until the claims cease or until the termination of our obligations to the law;
  • If you use our Fanpage on Facebook, the data will be stored for the duration of the existence of the Fanpage or until you stop following it. The data being the content of the correspondence may be processed for a period of 6 years from the end of the cases or until the claims cease.

The HRBC Group company applies the principle of limiting the storage of personal data, which protects the data against processing for a longer period than is necessary for the purposes for which the data is being processed. When the Company achieves the purpose of processing, it deletes or anonymizes the data, which takes place in particular when:

  • The data subject withdraws consent to the processing of personal data (if consent was the basis for processing);
  • The data subject effectively objects to further processing (if the basis for processing was the legitimate interest of the Company);
  • Any claims will be time-barred (if the Company processed the data to perform the contract);
  • The deadlines resulting from other regulations have expired.

The collection of personal data by the Company takes place from the moment the candidate provides the Company with a set of his/her data contained in the registration form or in another form. The company does not use personal data for purposes other than those provided for by law.

5. Recipients of personal data

In connection with running the business that requires the processing of personal data, data may be disclosed to our subcontractors who help us perform specific tasks and provide selected services. Personal data may be made available to employers for the purpose of employment or further stages of recruitment. Data may be disclosed only in the scope of services provided to us, in particular to entities providing maintenance, advisory, consulting, legal and accounting services, IT service providers and hosting service providers.

6. Rights of data subjects

Each Website User can choose to what extent they want to use our services and what information they want to share about themselves. We would also like to inform you that the User has the right at any time to request the Controller to exercise the rights he is entitled to in accordance with the applicable provisions of the Regulation on the Protection of Personal Data. Data subjects have the following rights:

  • The right to access personal data relating to them – on this basis, the Controller provides the natural person submitting the request with information about the processing of data, including in particular about the purposes and legal grounds for processing, the scope of data held, entities which are disclosed and the planned date of data deletion.
  • The right to rectify data – the Controller is obliged to remove any possible inconsistencies or errors in the processed Personal Data and to supplement it if it is incomplete.
  • The right to delete data – on this basis, you can request the deletion of data, the processing of which is no longer necessary to achieve any of the purposes for which it was collected;
  • The right to limit processing – in the event of such a request, the Controller ceases to perform operations on Personal Data – with the exception of operations for which the Data Subject has consented – and their storage, in accordance with the adopted retention rules.
  • The right to transfer data – the data subject has the right to receive, in a structured, commonly used, machine-readable format, personal data concerning him/her, which he/she provided to the Controller, and has the right to send this data to another Controller.
  • The right to object to the processing of data – the data subject may at any time object – for reasons related to his/her particular situation – to the processing of Personal Data, which takes place on the basis of the legitimate interest of the Controller; objection in this respect should contain a justification.
  • The right to withdraw consent – if the data is processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal.
  • The right to file a complaint – if it is found that the processing of Personal Data violates the provisions of the GDPR or other provisions on the protection of Personal Data, the Data Subject may submit a complaint to the authority supervising the processing of Personal Data, competent for the Data Subject’s habitual residence, place of work or place of the alleged infringement.

Where we use contractors, your personal data remains under our control and we have procedures in place to ensure that your personal data is properly protected;

We make every effort to ensure that your personal data is processed safely and in accordance with the provisions of this Policy.

7. Information on cookies

The website uses cookies. These files are IT data, in particular text files, which are stored on the user’s end device and are intended for the use of websites. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number. The website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the user’s end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored on the user’s end device for the time specified in the cookie parameters or until they are deleted by the user. Software for browsing websites (web browser) usually allows cookies to be stored on the user’s end device by default. Users can change these settings at any time. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Restrictions on the use of cookies may affect some of the functionalities available on the website.


You have Successfully Subscribed!