I. Co-administrators of personal data
1. Co-administrators, pursuant to Art. 32 sec. 1 GDPR, comply with the principles of personal data protection and apply appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data processed in connection with the conducted business. 2. Providing personal data by the website user is voluntary, but necessary in order to use the functionality of the FNDIT website. 3. The co-administrators process personal data only to the extent that is adequate for the purpose of data processing. 4. The co-administrators have established a common contact point for communication on personal data protection matters. The contact may be made by e-mail to the address (...).
II. Responsibility of the Joint Controllers
1. As part of the co-administration agreement concluded between the Co-administrators, the scope of responsibility regarding the purposes of personal data processing and the fulfilment of obligations under the GDPR has been agreed
2. The First Co-administrator is responsible in particular for: a) appropriate data protection in the processing activities carried out directly by him; b) providing the Joint Controller with legal and technical support.
3. The Second Co-administrator is responsible in particular for: a) the proper performance of the collection and processing of personal data; b) proper data protection - in particular on the electronic devices used by them, on websites and in any other places and methods of processing (except for data processing directly by the First Co-administrator on its devices); c) communication with data subjects and the performance of all obligations under the General Data Protection Regulation (GDPR), including in particular the obligations set out in art. 13-21 GDPR; d) properly documenting the consent to the processing of data from the data subject and documenting the fulfilment of information obligations
4. The content of the arrangements between the Co-administrators is available at the request of the person concerned.
III. Purpose and grounds for processing Personal data of the users of the FNDIT website may be processed for the following purposes: a) the provision of electronic services via the website, on the basis of a concluded contract (Article 6 (1) (b) of the GDPR); b) handling the complaint process, based on the obligation of the data controller in connection with applicable law (Article 6 (1) (c) of the GDPR); c) archiving data for the possible determination, investigation or defense against claims or the need to prove facts, which is the legitimate interest of the Data Controllers (Article 6 (1) (f) of the GDPR); d) contact by phone or via e-mail, in particular in response to inquiries addressed to the Co-administrators, which is the legitimate interest of the Co-administrators (Article 6 (1) (f) of the GDPR); e) sending technical information regarding the functioning of the website and services used by the user, which is the legitimate interest of the data controllers (Article 6 (1) (f) of the GDPR);f) marketing of the services of the Data Controllers, which is their legitimate interest (Article 6 (1) f) of the GDPR or based on prior consent (Article 6 (1) (a) of the GDPR).
IV. Data recipients. Data transfer to third parties
1. The recipients of personal data processed by the Co-administrators may be subcontractors - entities whose services are used by the Co-administrators in data processing, e.g. accounting offices, law firms, entities providing IT services. 2. Personal data of the website user may be transferred to entities that are potential employers for the website user. 3. Personal data will not be transferred to entities based outside the European Economic Area.
V. Period of personal data storage
1. The co-administrators store personal data for the duration of the contract or for the period of providing an electronic service to the data subject and after its termination for purposes related to the pursuit of claims related to the contract, performance of obligations under applicable law, but for no time. Longer than the limitation period in accordance with the provisions of the Civil Code 2. The co-administrators store the data processed for marketing purposes until the data subject withdraws the consent to data processing, but for no longer than 10 years. 3. The co-administrators store personal data for purposes other than those indicated in sec. 1-3 for a period of 3 years, unless the consent to data processing has been withdrawn and the data processing cannot be continued on a basis other than the consent of the data subject.
VI. Rights of the data subject
1. Every person whose personal data is processed by the Co-administrators has the right to access their data, the right to rectify it, delete it ("the right to be forgotten"), processing restrictions, the right to transfer data, the right to object and the right to withdraw consent. For data processing at any time. 2. Any person who considers that their personal data are processed by the Co-administrators in violation of the provisions of the GDPR or other relevant legal provisions regarding the processing of personal data, has the right to lodge a complaint with the President of the Personal Data Protection Office.
VII. Profiling The user's personal data may be processed automatically in order to match job offers to the user's profile, which is closely related to the service provided through the FNDIT.