Your personal data will be processed for the following purposes:

1. to fulfill obligations under an employment contract or civil law contract – pursuant to Article 6(1)(b) GDPR;
2. to comply with legal obligations imposed on the controller (including OHS duties, recording working time, managing remuneration-related settlements, reporting to the competent authorities, and archiving documentation) – pursuant to Article 6(1)(c) GDPR in connection with applicable legal provisions, in particular the Labor Code, the Civil Code, and other relevant regulations;
3. to prepare analyses, reports, and summaries necessary for the proper implementation of personnel policy – based on the controller’s legitimate interest in managing personnel policy (Article 6(1)(f) GDPR);
4. to offer and administer employee benefits, if you choose to use them – based on the controller’s legitimate interest in implementing HR policy (Article 6(1)(f) GDPR);
5. to verify identity and employee identification, to protect and secure property in the workplace, and to establish, pursue, or defend against potential claims arising in connection with contract performance – based on the controller’s legitimate interest in ensuring workplace security and defending against claims (Article 6(1)(f) GDPR);
6. to develop and manage business relationships with the controller’s partners, including sharing data with business partners and storing documents related to the performance of contracts concluded by the controller – based on the controller’s legitimate interest in achieving business objectives (Article 6(1)(f) GDPR).

Your personal data may be shared with: entities authorized under applicable laws, the controller’s contractors, service providers engaged in HR policy matters, entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, providers of employee benefits, and external system providers). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Your personal data will not be transferred outside the EEA.

Your personal data will be retained for the duration of the contract and for the period required under applicable law relevant to the purposes of processing.

In relation to the processing of your personal data, you have the right to:

1. access your personal data and request rectification;
2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
3. request restriction of processing, under the conditions provided in Article 18 GDPR;
4. object to processing under the conditions set out in Article 21 GDPR.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Providing your personal data is mandatory to the extent required under applicable legal provisions, in particular Article 22(1) of the Labor Code, and is necessary to conclude and perform the contract. Providing additional personal data is voluntary, but necessary for the proper execution of rights associated with the contract.

We do not make any decisions that significantly affect you through automated means, including profiling.