PRIVACY POLICY OF RELOUT SP. Z O.O.

INTRODUCTION

This document, entitled “Privacy Policy” (hereinafter referred to as the “Policy“), sets out the rules for the processing of personal data by Relout Sp. z o.o. with its registered office at ul. Prezydenta Gabriela Narutowicza 40/1, 90-135 Łódź, entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000937966, NIP 7282857576, REGON 520643630 (hereinafter referred to as “Relout“, the “Company” or the “Controller“).

The Policy specifies the rules for the collection, processing, use, and protection of personal data of candidates, clients, contractors, cooperators, and users of websites operated by Relout.

The Policy applies to all websites operated by Relout, in particular at: https://relout.team/ . The current version of the Privacy Policy is available at: https://relout.team/privacy-policy/

Before using our services and providing personal data, please read this Policy.

DEFINITIONS

  • Controller – Relout Sp. z o.o.

  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

  • Personal data – information relating to an identified or identifiable natural person.

  • User – a candidate for employment or cooperation, client, contractor, cooperator, person contacting Relout, or visiting the Controller’s websites.

  • Services – services provided by Relout, in particular recruitment, consulting, outsourcing, and services related to the acquisition of IT specialists.

PERSONAL DATA CONTROLLER

The controller of personal data is: Relout Sp. z o.o. ul. Prezydenta Gabriela Narutowicza 40/1, 90-135 Łódź. KRS: 0000937966 NIP: 7282857576 REGON: 520643630.

The Data Protection Officer at Relout sp. z o.o. is Gerard Stańczak, e-mail iodo@relout.team. In all matters regarding the processing of personal data, please contact the e-mail address indicated above.

DATA PROTECTION

The Controller applies appropriate technical and organizational measures aimed at ensuring the security of the processed personal data, in particular, protection against their loss, destruction, unauthorized access, disclosure, or modification. Only persons authorized by the Controller have access to personal data.

PURPOSES OF PROCESSING PERSONAL DATA AND DATA RETENTION PERIODS

1. CONDUCTING RECRUITMENT PROCESSES

Purpose of processing and legal basis: Your personal data is processed in connection with:

  • the implementation of recruitment processes conducted by Relout Sp. z o.o. for its own needs or those of the Company’s clients – Art. 6 sec. 1 lit. b and f of the GDPR;

  • presenting candidates to Relout clients participating in the recruitment process – Art. 6 sec. 1 lit. f of the GDPR;

  • conducting future recruitment processes – based on voluntarily expressed consent – Art. 6 sec. 1 lit. a of the GDPR;

  • documenting the course of recruitment interviews, preparing notes and transcripts of meetings – Art. 6 sec. 1 lit. f of the GDPR.

Data retention period:

  • until the end of the recruitment process and for the period necessary to defend against potential claims;

  • up to 36 months from expressing consent to participate in future recruitment processes or until the consent is withdrawn.

Categories of data recipients:

  • Relout clients participating in the recruitment process;

  • providers of IT systems supporting the recruitment process;

  • entities providing legal, accounting, and administrative services.

2. CONCLUDING AND SERVICING CONTRACTS WITH CLIENTS

Purpose of processing and legal basis: Your personal data is processed in connection with:

  • the conclusion and implementation of commercial contracts;

  • conducting current business cooperation;

  • the fulfillment of obligations resulting from legal provisions;

  • pursuing or defending against claims. The legal basis for processing is Art. 6 sec. 1 lit. b, c, and f of the GDPR.

Data retention period: For the duration of the contract and for the period required by law, in particular tax and accounting law, as well as for the limitation period of potential claims.

3. SERVICING CONSULTANTS, B2B COOPERATORS, AND EMPLOYEES

Purpose of processing and legal basis: Your personal data is processed in connection with:

  • the conclusion and performance of cooperation agreements;

  • the fulfillment of obligations resulting from labor, tax, and insurance law provisions;

  • conducting onboarding, offboarding, and cooperation management processes;

  • organizing work and internal communication. The legal basis for processing is Art. 6 sec. 1 lit. b, c, and f of the GDPR.

Data retention period: For the duration of the cooperation and for the period required by law or necessary to secure potential claims.

4. CONTACT FORM AND CORRESPONDENCE

Purpose of processing and legal basis: Your personal data is processed in connection with:

  • providing answers to submitted inquiries;

  • conducting business communication;

  • presenting information about Relout’s services. The legal basis for processing is Art. 6 sec. 1 lit. a or f of the GDPR.

Data retention period: Up to 12 months from the end of contact, unless further retention results from other legal bases.

5. MARKETING AND COMMERCIAL ACTIVITIES

Purpose of processing and legal basis: Your personal data may be processed in connection with:

  • sending commercial information;

  • conducting marketing activities;

  • organizing industry events;

  • customer satisfaction surveys;

  • building business relationships. The legal basis for processing is Art. 6 sec. 1 lit. a or f of the GDPR.

Data retention period: Until the consent is withdrawn or an objection is effectively raised, but no longer than 3 years from the last contact.

6. ORGANIZATION OF WEBINARS, TRAININGS, AND EVENTS

Purpose of processing and legal basis: Your personal data is processed in connection with:

  • the registration of event participants;

  • organizing webinars and training sessions;

  • handling participation in events. The legal basis for processing is Art. 6 sec. 1 lit. a or b of the GDPR.

Data retention period: For the period necessary to organize the event and for the period resulting from the Controller’s documentation obligations.

EXTERNAL SERVICE PROVIDERS AND DATA RECIPIENTS

Your personal data may be processed by entities cooperating with Relout Sp. z o.o. based on concluded data processing agreements, cooperation agreements, or other legal bases provided for by law.

Personal data may be shared with:

  • employees and cooperators of Relout Sp. z o.o. possessing appropriate authorizations to process personal data;

  • clients of Relout Sp. z o.o. for whom recruitment processes are conducted or consulting, outsourcing, and technological services are provided;

  • entities providing accounting, legal, tax, administrative, and auditing services;

  • entities providing postal and courier services;

  • entities providing hosting, ICT, and IT infrastructure maintenance services;

  • public authorities and institutions authorized to receive data on the basis of legal provisions.

Tools and systems used by the Controller

The Controller uses the following tools and systems in which the personal data of candidates, clients, contractors, consultants, cooperators, and website users may be processed:

Recruitment processes

  • Traffit – an ATS system used to conduct recruitment processes;

  • LinkedIn – a social networking site used for communication and recruitment activities;

Communication and cooperation

  • Google Workspace (Gmail, Google Drive, Google Docs, Google Sheets);

CRM and sales

  • HubSpot – a CRM system used to manage relationships with clients, potential clients, and business partners.

Hosting and IT infrastructure

  • OVHcloud – provider of hosting and infrastructure services;

  • LH.pl – provider of hosting services and website maintenance.

Transfer of data outside the European Economic Area

In connection with the Controller’s use of services of technology providers located or having infrastructure outside the European Economic Area, personal data may be transferred to third countries. This applies in particular to services provided by:

  • Google LLC,

  • LinkedIn Corporation,

  • HubSpot Inc.

In such cases, the Controller ensures an adequate level of personal data protection required by the GDPR, in particular through the use of Standard Contractual Clauses approved by the European Commission or other mechanisms provided for by applicable law.

PROFILING

The Controller does not make decisions concerning data subjects based solely on automated data processing that would produce legal effects or similarly significantly affect these persons. The Controller may use analytical and statistical tools supporting marketing, sales, and recruitment processes, but does not conduct automated decision-making within the meaning of Art. 22 of the GDPR.

RIGHTS OF DATA SUBJECTS

Every person whose personal data is processed by Relout Sp. z o.o. has the right to:

  • access their personal data;

  • rectify their data;

  • erase their data;

  • restrict data processing;

  • data portability;

  • object to data processing;

  • withdraw consent at any time if processing is based on consent;

  • lodge a complaint with the President of the Personal Data Protection Office.

Requests regarding the exercise of rights may be directed to the following address: iodo@relout.team 

The Controller will respond without undue delay, no later than within 30 days of receiving the request.

QUESTIONS REGARDING DATA PROTECTION

In case of questions regarding this Privacy Policy or the method of processing personal data by Relout Sp. z o.o., please contact us at: iodo@relout.team

CHANGES TO THE PRIVACY POLICY

Relout Sp. z o.o. reserves the right to introduce changes to this Privacy Policy. The current version of the Policy is published on the website: https://relout.team/privacy-policy/ . Changes enter into force on the date of their publication, unless otherwise indicated.