The Company’s goal is also to properly inform Service Recipients, System Users and Candidates about the matters related to the processing of personal data, especially regarding the content of new provisions on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (“GDPR”) and the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018.1000 as amended). For this reason, in this document, the Company informs about the legal basis for the processing of personal data, the methods of collecting and using it, as well as the rights of data subjects related to it.
The TRAFFIT system is used to conduct recruitment processes, so its main feature is the use of personal data or other data (including CV files and other) that are entered by System Users or Candidates.
Each Service Recipient and System User and the Candidate using the System shall accept the principles specified herein.
Accurate company details and contact details
Traffit limited liability company in Gdynia
Al. Zwycięstwa 96/98.
NIP (Tax Identification Number): 5862288562
In case of any doubts regarding the processing of personal data or violation of privacy, please contact the data protection officer at the email address: [email protected]
What is personal data and what does processing mean?
Personal data shall be understood as all information about an identified or identifiable natural person. The processing of personal data is basically any activity on personal data, regardless of whether it is performed in an automated manner or not, e.g. collecting, storing, recording, organizing, modifying, viewing, using, sharing, limiting, deleting or destroying. The Company processes personal data for various purposes, and depending on the purpose, different collection methods, legal grounds for processing, use, disclosure and storage periods may apply.
Types of data collected
In the course of its activity, the Company processes the data of Service Recipients and contact persons of Service Recipients, Users of the TRAFFIT System and Candidates.
Data of Service Recipients and System Users
For the purpose of providing services related to the use of the TRAFFIT System, the Company processes the necessary data of Service Recipients, System Users and other contact persons indicated by the Service Recipient enabling contact by the Company (name, surname, position, email address, telephone) and documenting cooperation in accordance with applicable tax law.
The Company is the controller of the data of Service Recipients, System Users and contact persons, to the extent referred to in the previous sentence.
The data of Service Recipients, System Users or other contact persons on behalf of the Service Recipient is entered by them in the process of setting up and later use of the account. The data is processed on the basis of art. 6 it. 1 let. b) (processing is necessary to perform the contract to which the party is the data subject or to take action at the request of the data subject before the conclusion of the contract) and let. f) (processing is necessary for purposes resulting from legitimate interests pursued by the administrator or by a third party) of the GDPR Regulation.
Whenever the Company processes personal data based on the legitimate interest of the data controller, it analyzes and balances the potential impact on the data subject (positive and negative) and the rights of that person under the provisions on the protection of personal data. The company does not process personal data on the basis of a legitimate interest if it comes to the conclusion that the impact on the data subject would outweigh its interests (then it may process personal data if, for example, it has the appropriate consent or is required or permitted by law) ).
Data of other persons remaining in the Service Recipient’s organization
The TRAFFIT System allows Users of the System to enter personal data (name, surname, position, email address, telephone number and other, indicated by the Service Provider) of persons involved in recruitment processes who are not persons contacting the Company. The data of such people is processed by the Service Recipient for internal needs, and the Company has only been entrusted with such data processing as part of providing the TRAFFIT System. The administrator of the data of the Service Recipient’s employees entered by him for the purposes of using the TRAFFIT System is the Service Recipient who has a valid contract for entrusting the processing of personal data concluded with the Company.
Data of Candidates
Candidates’ data is processed by the Company in two ways.
The TRAFFIT system is used in particular for the collection and processing of data of Candidates by the Service Recipients for the purposes of conducting recruitment processes by a given Service Recipient. With its help, System Users gain systematic and largely automated access to this data.
The candidates’ data is entered by System Users, downloaded by them from social networks or from connected System Users’ email boxes.
It should be remembered that the Service Recipient is the sole administrator of the candidates’ personal data, its processing by the Company takes place only to the extent entrusted by the Service Recipient, and the TRAFFIT System is only an application that improves the storage and processing of data by the Service Recipient and the System Users acting on its behalf. Service providers are responsible for the fact that there is a basis for processing personal data.
In the scope of data from CVs of Candidates automatically downloaded by the TRAFFIT System from emails sent to e-mail boxes connected by the System User, the Company shall examine whether the Candidates have consented to the processing of their personal data by the Service Recipient for the purposes of recruitment.
The TRAFFIT system is an open system that allows any personal data to be entered by Service Recipients who are administrators of the personal data entered. Notwithstanding the above, the Company: requires the Service Recipients to process personal data in accordance with applicable law and checks whether personal data that violates applicable law is being processed.
Notwithstanding the above, the Company has introduced the functionality of the TRAFFIT System consisting in the possibility for the Candidates themselves to enter their personal data into the system. In this case, the Company is the administrator of personal data entered by the Candidate, and the processing of this data, including its disclosure to interested employers, is based on the consent given. The Candidate’s consent is voluntary and may be withdrawn at any time. Entities familiarizing themselves with the data of the Candidates stored in this part of the TRAFFIT System are to inform about the need to inform the Candidates about any further processing.
Use of data from the TRAFFIT System entered by the Customers
The Company guarantees that the data of the Service Recipient, System Users and Candidate data entered by the System Users in the TRAFFIT System remains the sole property of the given Service Recipient and its data set, and will not be used by the Company for any purpose with the exceptions indicated below.
The only exception is the need to document the cooperation of the Company with the Service Recipient in accordance with the applicable tax law and contact by the Company with the Service Recipient and System Users or other contact persons indicated by the Service Recipient in order to provide services of using the TRAFFIT System by the Company or to propose the extension of the scope of these services.
The second exception is the use of data sets after their full anonymization and removal of any references to Service Recipients, only for statistical purposes related to work on improving the TRAFFIT System carried out by the Company.
Subject to the rights of the data subjects resulting from legal provisions, the Service Recipient remains the sole controller of all data entered by it and the System Users acting on its behalf into the TRAFFIT System.
Use of data from the TRAFFIT System entered by the Customers
Data entered into the TRAFFIT System by the Candidates themselves into the part of the system intended for them is stored, systematized in order to facilitate their search and made available to interested employers looking for suitable employees. The company (except for the deletion of data) does not carry out other operations on this personal data. The company guarantees that the candidates have agreed to share their personal data with employers and provides the opportunity to withdraw their consent at any time. Employers who collect the data made available by the Candidates in the TRAFFIT System become their administrators and are responsible for their further lawful processing.
Use of Google User data in TRAFFIT System
The way Traffit accesses, uses, stores or shares Google user data.
TRAFFIT use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Google usage of data is limited to the following functionalities:
1. A customer can integrate user’s emails thanks to GMAIL REST API. Traffit does not save password, but it uses integration token for synchronization.
2. While Gmail boxes integration a user needs to choose folders for synchronization. Traffit saves chosen folders and emails in our database.
3. A user can send emails with attachments.
4. A user can set backward synchronization by giving the number of days from which emails need to be integrated.
5. Only a user who added an integrated inbox has access to it.
6. A user can browse and look for the content in the synchronized folders.
7. A user can remove the integrated boxes and folders from Traffit (our database) at any time.
8. The system checks every 8 minutes if there are new mails in the integrated folders. If so, new emails are synchronized and visible in Traffit.
9. All of the above functionalities require the use of the following scope: gmail.readonly, gmail.send.
Voluntary provision and processing of data
Each time the System User has the opportunity to decide what data he/she wants to enter into the TRAFFIT System, taking into account the functionality of the system. The Company is not responsible for the content, legality and truthfulness of data entered into the TRAFFIT System by System Users and Candidates or data downloaded from the System Users’ e-mail boxes in accordance with the Service Recipient’s decision.
In order to continually improve the provision of services, the Company collects information on the use of the TRAFFIT System by its Users and their IP addresses based on access log analysis. We use this information in diagnosing server-related problems, analyzing possible security breaches, and managing a website. Based on the information obtained in the above manner, in specific cases, aggregate general statistical summaries may be prepared solely for the Company’s own needs. These statements do not contain any data enabling identification of a given user of the TRAFFIT System.
Rights of Data Subjects
In connection with the processing of personal data, the Company enables the implementation of the following rights of data subjects:
- a) the right to access the data content: the data subject has the right to obtain information whether his personal data is processed, and if so, he has the right to obtain the following information: purpose of processing; categories of personal data processed; information on recipients or categories of recipients to whom his data has been or will be disclosed, in particular recipients in third countries; the planned period of storage of personal data or criteria for determining this period; rights granted under the GDPR Regulation in connection with the processing of personal data, including the right to lodge a complaint with a supervisory authority; about the source of personal data; on automated decision making in this profiling; on safeguards used in connection with the transfer of personal data to third countries. In addition, you have the right to obtain a copy of personal data that the Company processes.
- b) the right to rectify data: the data subject has the right to request the rectification of personal data if it is incorrect or to supplement it if it is incomplete.
- c) the right to delete their data (“right to be forgotten”): the subject of personal data may request their removal. The right to delete data is available if: – the data is no longer necessary to achieve the purposes for which they was collected, – the entity withdrew consent – to the extent that the processing of data was based on consent, – the data subject has objected to the processing of personal data, – personal data is processed unlawfully. The request to delete personal data does not apply to the extent that further processing is necessary to determine, pursue or defend claims, including in particular: name and surname, e-mail address and correspondence address.
- d) the right to limit data processing: the subject of personal data has the right to request the restriction of the processing of personal data, in the following cases: – when it questions the correctness of personal data – the restriction of the processing of personal data will take place for a period allowing checking their correctness, – when the processing is unlawful, and at the same time opposes the deletion of data, instead demanding a restriction of their processing, – when the data is no longer needed to achieve the purposes for which they was collected and processed, but the personal data subject needs it to assert, determine or defend their claims, – when the subject of personal data has objected to the processing of data – the restriction of data processing will occur until it is determined whether the grounds of objection outweigh the legal grounds for further processing of personal data.
- e) the right to object to the processing of personal data: the data subject has the right to object to the processing of his personal data at any time.
- f) data transfer rights: to the extent that data is processed on the basis of consent or an ongoing contract, the data subject has the right to obtain personal data concerning him for the purpose of transferring to another entity or to have the Company transfer this data directly to another entity (if it is technically possible).
- g) the right to lodge a complaint to the supervisory body: the subject of personal data has the right to complain to the supervisory body (the President of the Office for Personal Data Protection).
- h) the right to withdraw the consent given to the processing of personal data to which the consent related: the subject of personal data has the right to withdraw the consent given to the processing of personal data at any time. Withdrawal of the consent will not affect the lawfulness of processing before its withdrawal.
The Company will inform the Service Recipients who entrusted the processing of such data about the request to rectify, delete or limit the processing of the entity’s personal data. The request will be considered without undue delay, however it may depend on the actions of the Service Recipient – the administrator of this data.
If the above rights are exercised, the Candidate may not be able to participate in the recruitment processes conducted by the Customers.
Information security, limited use
The Company makes every effort to ensure the security of the information regarding System Users and Candidates in the TRAFFIT System.
Any data entered by Users of the TRAFFIT System may be used by the Company only after their anonymization and only for the purpose of the Company’s internal work on improving the TRAFFIT System in the scope related to the handling of this type of data.
Data entered by Users of the TRAFFIT System is not transferred by the Company to other entities in any way. The exceptions are only: (a) the transfer of this data to other entities obliged to maintain confidentiality for the purpose indicated in the previous paragraph (development of the TRAFFIT System in the scope related to the handling of such data), (b) the transfer of this data to authorized bodies on the basis of mandatory provisions rights, or (c) transfer of data as part of a business combination or acquisition of the entire enterprise of the Company. Otherwise, the transfer of data is not allowed.
Data entered independently by the Candidates may be made available to potential employers having access to the TRAFFIT System in accordance with the consents granted by these Candidates.
Access to personal data in the TRAFFIT System is restricted to persons from the Company’s staff for whom it is necessary to provide the service and only to the extent required by the tasks entrusted to them. This access takes place only in the following cases: (a) to provide technical support to the System User with his consent, (b) for the purpose of ensuring data security (e.g. in the case of considering security breaches), (c) to fulfill the obligations arising from mandatory provisions of law, or (d) to use aggregated and anonymized data for internal purposes of the Company. The company makes efforts to minimize the number of people who participate in the processing of personal data and to ensure full confidentiality of this data.