Quote Request

Privacy

for persons visiting the websites of LeasingTeam Group companies and applying for employment in the LeasingTeam
Group Required by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the right to free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – GDPR

PROVISIONS COMMON TO EACH PURPOSE OF PROCESSING

The Company’s personal
data controllers forming the LeasingTeam Group, i.e.:

  1. LeasingTeam sp. z o.o. – Taśmowa 7, 02-677 Warsaw, KRS 246710, NIP 1231069185;
  2. LeasingTeam Professional sp. z o.o. – Taśmowa 7, 02-677 Warsaw, KRS 397410, NIP 5361909208;
  3. LeasingTeam Brand Management sp. z o.o. – 7 Taśmowa Street, 02-677 Warsaw, KRS 550844, NIP 9512390546;
  4. LeasingTeam Outsourcing sp. z o.o. – 7 Taśmowa Street, 02-677 Warsaw, KRS 344462, NIP 9512302358;
  5. IT LeasingTeam sp. z o.o. – Taśmowa 7, 02-677 Warsaw, KRS 570690, NIP 5213703573;
  6. LeasingTeam International sp. z o.o. – Taśmowa 7, 02-677 Warsaw, KRS 1010553, NIP 8992734079;
  7. Talentpoint sp. z o.o. – 7 Taśmowa Street, 02-677 Warsaw, KRS 458891, NIP 5361913552;
  8. LeasingTeam GmbH with its registered office in Berlin – Potsdamer Platz 10, 10785 Berlin, entered into the German Commercial Register under the number: HRB 246021 B;
  9. LeasingTeam s.r.o. with its registered office in Ostrava – Křížkovského 617/10, Muglinov, 712 00 Ostrava, identification number 17618321;
  10. LeasingTeam s.r.l. with its registered office in Timisoara – Emanuil Ungureanu No. 15, floor 1, premises 4, identification number 51508225,

have adopted a model of co-control of personal data in order to conduct broadly understood marketing activities and other activities leading to the acquisition of contractors, as well as to conduct recruitment processes. The aforementioned companies are hereinafter referred to jointly as “Joint Controllers” and separately as “Controller”.
The joint controllers operate in the field of broadly understood employment-related services (in particular, offering clients temporary work, outsourcing or recruitment mediation). Related areas of activity mean that the Joint Controllers are interested in a homogeneous customer base, which means that they also promote other Joint Controllers by conducting marketing activities promoting their own services. They also conduct recruitment processes both for themselves, in order to meet their own internal staffing needs, and to provide these services to their clients. Hence the adopted model of joint data controllership, described below.

DATA PROTECTION OFFICER

The Co-Controllers have appointed one Data Protection Officer (Anna Wiluś-Antoniuk), who can be contacted by phone, e-mail or traditional mail:
tel. +48 698978143
e-mail: iod@leasingteam.pl
address: 7 Taśmowa Street, 02-677 Warsaw, with a note indicating the name of any Administrator.

Basic principles of joint data control

Each of the Joint Controllers processes data for the same purpose, i.e. to expand the database of contractors, promote its business and build its reputation (and thus strengthen the business and reputation of other Joint Controllers), including by offering users websites presenting the LeasingTeam Group, as well as for the purpose of recruitment.

Within the framework of the concluded joint controller agreement in accordance with Article 26 of the GDPR, each Administrator is responsible for:

  1. performance of information obligations towards data subjects,
  2. responding to data subjects within the scope of their request,
  3. ensuring data confidentiality,
  4. ensuring access to data only to authorized persons,
  5. receiving and considering requests and requests submitted in connection with the GDPR in accordance with internal procedures,
  6. communicating with data subjects about rights under the GDPR in accordance with internal procedures,
  7. proper implementation of procedures established in connection with the GDPR,
  8. notifying the President of the Personal Data Protection Office and data subjects of personal data breaches in accordance with internal procedures.

LeasingTeam sp. z o.o. is responsible for keeping documentation related to the protection of personal data.

IT LeasingTeam sp. z o.o. deals with: a) providing and maintaining ICT infrastructure, b) granting/revoking authorizations to systems used by Administrators, c) storing data, d) implementing technical security measures, e) operating servers and f) creating backup copies.

TalentPoint sp. z o.o. is responsible for the operation of the TalentPoint program, which is a proprietary system supporting HR and administrative services for employees and associates in the LeasingTeam Group. TalentPoint provides ongoing on-line access to employee and associate data and allows, among m.in, for efficient handling of leave requests, absenteeism records, working time records, access to employment certificates, payslips, PIT declarations.

LeasingTeam Brand Management sp. z o.o. is responsible for marketing and promotion of the LeasingTeam Group’s products and services, including the provision of direct marketing services.

Regardless of the above division of duties, each Joint Administrator may conduct independent marketing activities, then being responsible for their effects. In addition, each Joint Controller is equally responsible for the proper and lawful processing of personal data.

Any requests and requests related to the processing of data can be directed to any of the Joint Controllers.

PURPOSES, BASES AND DURATION OF PROCESSING

Personal data provided via CONTACT FORMS (including those used to submit inquiries) are processed on the basis of:

  1. Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers, which should be considered:
  2. processing of data for the purposes related to the implementation of the sent inquiry/application and possible further contact;
  3. processing data in the event of a legal need to assert claims or defend against claims;
  4. Article 6(1)(a) of the GDPR, i.e. on the basis of the consent given for purposes related to the implementation of other marketing activities or sending commercial offers (information).

Providing data is voluntary, but necessary to respond to the message sent or to carry out the agreed marketing/commercial activities.

In the above scope, the data will be stored until the data subject submits a justified objection to such processing or withdraws the consent granted, extended by the time of implementation of the submitted request in the above scope, max. up to 30 days.

In the case of contact forms not related to the consent to carry out other marketing activities or send commercial offers, contact data will be processed until the inquiry is answered, and after the end of the contact up to 2 years.

In any case, the data processed for the purpose indicated in point 1 letter b) will be stored until the expiry of the limitation period, but not longer than 7 years.

Personal data provided for the purpose of subscribing to the NEWSLETTER are processed on the basis of:

  1. Article 6(1)(a) of the GDPR, i.e. on the basis of consent for the purposes related to the implementation of this marketing activity;
  2. Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers, which should be considered the processing of data in the event of a legal need to pursue claims or defend against claims.

Providing data is voluntary, but necessary to send the newsletter.

In the above scope, the data will be stored until the consent to receive the newsletter is withdrawn, extended by the time of implementation of the submitted request in the above scope, max. up to 30 days.

In any case, the data processed for the purpose indicated in point 2 will be stored until the expiry of the limitation period, but not longer than 7 years.

All personal data referred to above, to a limited extent, may also be processed for ANALYTICAL AND STATISTICAL PURPOSES on the basis of Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers.

In the above scope, the data will be stored until the data subject submits a justified objection to such processing, extended by the time of implementation of the submitted request in the above scope, max. up to 30 days, but not longer than for 10 years.

Personal data provided as a result of the USE OF THE WEBSITE by the User of any of the Joint Controllers derived from the so-called cookies may also be processed for analytical and statistical purposes on the basis of Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers. More about the cookies used here.

In the above scope, the data will be stored until the data subject submits a justified objection to such processing, extended by the time of implementation of the submitted request in the above scope, max. up to 30 days, but not longer than for 10 years.

Rights of data subjects

Anyone whose data is processed, in accordance with the GDPR, is entitled to:

  1. the right to access your data and receive a copy of it;
  2. the right to rectify (correct) your data if it is incorrect or outdated;
  3. the right to request deletion of data in cases specified by law;
  4. the right to withdraw the consent to the processing of data, whereby the withdrawal of consent does not affect the lawfulness of the processing of personal data, which was carried out on the basis of consent before its withdrawal;
  5. the right to request restriction of processing in cases specified by law;
  6. the right to object to the processing of data processed on the basis of the premise of the legitimate interest of the Administrators, which does not affect the lawfulness of the processing until the objection is taken into account;
  7. the right to lodge a complaint with the President of the Personal Data Protection Office (to the address of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw).

Profiling and automated processing

The joint controllers do not envisage profiling or automated decision-making based on the collected data.

Transfer of data outside the EEA

As a rule, your personal data will not be transferred to countries outside the European Economic Area (EEA).

An exception may be the transfer of data outside the EEA in the case of cooperation with providers of IT solutions located outside the EEA. In such a case, the safeguards of personal data referred to in Articles 46-49 of the GDPR will be applied, e.g. in the form of standard contractual clauses adopted by the European Commission. In the case of data transfer to the United Kingdom of Great Britain and Northern Ireland, the transfer is based on the decision of 28 June 2021 issued by the European Commission and stating the adequacy of the level of protection of personal data.

PROVISIONS

RELEVANT FOR WEBSITE USERS

Purposes, bases and duration of processing

Personal data provided via CONTACT FORMS (including those used to submit inquiries) are processed on the basis of:

  1. Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers, which should be considered:
  2. processing of data for the purposes related to the implementation of the sent inquiry/application and possible further contact;
  3. processing data in the event of a legal need to assert claims or defend against claims;
  4. Article 6(1)(a) of the GDPR, i.e. on the basis of the consent given for purposes related to the implementation of other marketing activities or sending commercial offers (information).

Providing data is voluntary, but necessary to respond to the message sent or to carry out the agreed marketing/commercial activities.

In the above scope, the data will be stored until the data subject submits a justified objection to such processing or withdraws the consent granted, extended by the time of implementation of the submitted request in the above scope, max. up to 30 days.

In the case of contact forms not related to the consent to carry out other marketing activities or send commercial offers, contact data will be processed until the inquiry is answered, and after the end of the contact up to 2 years.

In any case, the data processed for the purpose indicated in point 1 letter b) will be stored until the expiry of the limitation period, but not longer than 7 years.

Personal data provided for the purpose of subscribing to the NEWSLETTER are processed on the basis of:

  1. Article 6(1)(a) of the GDPR, i.e. on the basis of consent for the purposes related to the implementation of this marketing activity;
  2. Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers, which should be considered the processing of data in the event of a legal need to pursue claims or defend against claims.

Providing data is voluntary, but necessary to send the newsletter.

In the above scope, the data will be stored until the consent to receive the newsletter is withdrawn, extended by the time of implementation of the submitted request in the above scope, max. up to 30 days.

In any case, the data processed for the purpose indicated in point 2 will be stored until the expiry of the limitation period, but not longer than 7 years.

All personal data referred to above may also be processed to a limited extent for ANALYTICAL AND STATISTICAL PURPOSES on the basis of Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers.

In the above scope, the data will be stored until the data subject submits a justified objection to such processing, extended by the time of implementation of the submitted request in the above scope, max. up to 30 days, but not longer than for 10 years.

Personal data provided as a result of the USE OF THE WEBSITE by the User of any of the Joint Controllers derived from the so-called cookies may also be processed for analytical and statistical purposes pursuant to Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers. More about the cookies used here.

In the above scope, the data will be stored until the data subject submits a justified objection to such processing, extended by the time of implementation of the submitted request in the above scope, max. up to 30 days, but not longer than for 10 years.

Data recipients

The processed personal data may be transferred to: authorized offices and state bodies and other units on the basis of a justified request; processors who provide services to the Joint Controllers, e.g. providers of IT, marketing, analytical, legal services; as well as customers to whom a given Administrator provides a service related to an inquiry submitted by the data subject.

PROVISIONS RELEVANT TO JOB CANDIDATES

Purposes, bases and duration of processing

Personal data of CANDIDATES FOR EMPLOYEES are processed on the basis of:

  1. Article 6(1)(c) of the GDPR in order to conduct the recruitment process, on the basis of the employer’s right under Article 22¹ § 1 of the Labour Code;

  2. Article 6(1)(a) or Article 9(2)(a) of the GDPR in order to carry out the recruitment process, on the basis of consent to the processing of personal data in the scope of data provided voluntarily (other than those resulting from Article 22¹ § 1 of the Labour Code) and possibly in order to conduct future recruitment processes with your participation;

  3. Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers, which should be considered:

    a) processing of data obtained during the recruitment process in connection with checking your skills and abilities needed to work in the position specified in the advertisement,b
    ) processing of data in the event of a legal need to pursue claims or defend against claims.

Data processed for the purposes indicated in points 1, 2 and 3 letter a) will be stored for the time necessary to conduct the recruitment, but not longer than for 1 year. If consent has been given to participate in future recruitment processes conducted by the Joint Controllers, the data will be processed for the period for which consent was granted, no longer than for 3 years.

Data processed for the purpose indicated in point 3 letter b) will be stored until the expiry of the limitation period, but not longer than 7 years.

Personal data of CANDIDATES FOR CONTRACTORS are processed on the basis of:

  1. Article 6(1)(b) of the GDPR in order to carry out the recruitment process, in the scope of data the acquisition of which is necessary to conclude a contract of mandate;

  2. Article 6(1)(a) or Article 9(2)(a) of the GDPR in order to carry out the recruitment process, possibly also future recruitment, on the basis of the candidate’s consent to the data provided voluntarily (other than those resulting from point 1 above);

  3. Article 6(1)(f) of the GDPR, i.e. in the legitimate interest of the Joint Controllers, which should be considered:
    a) processing of data obtained during the recruitment process in connection with checking your skills and abilities needed to work in the position specified in the advertisement,b
    ) processing of data in the event of a legal need to pursue claims or defend against claims.

Data processed for the purposes indicated in points 1, 2 and 3 letter a) will be stored for the time necessary to conduct the recruitment, but not longer than for 1 year. If consent has been given to participate in future recruitment processes conducted by the Joint Controllers, the data will be processed for the period for which consent was granted, no longer than for 3 years.

Data processed for the purpose indicated in point 3 letter b) will be stored until the expiry of the limitation period, but not longer than 7 years.

Data recipients

The processed personal data may be transferred to: authorized offices and state bodies and other units on the basis of a justified request; processors who provide services to the Joint Controllers, e.g. providers of IT, marketing, legal services; as well as customers for whom a given Administrator provides a service related to the employment of the data subject.

REPORTING PROCEDURES