Privacy Policy

Binding language clause: This English version is a faithful translation of the Polish Privacy Policy. In the event of any discrepancies or inconsistencies, the Polish version shall prevail.

HRPanorama Sp. z o.o., the owner of the hrpanorama.com website, makes every effort to protect the privacy of persons using this website.

This Privacy Policy defines how we take care of your personal data and ensure the exercise of your rights in connection with your personal data collected in the situations described in this Privacy Policy. It also aims to fulfill our obligation to process personal data in a lawful, fair and transparent manner.

Definitions used in the Privacy Policy

HR Panorama or Controller – HRPanorama Spółka z ograniczoną odpowiedzialnością with its registered office in Kraków, ul. Feliksa Wrobela 13, 30-798 Kraków.

Account – a set of data and settings created for the User within the System used to manage services provided via the System.

Profile – a functionality of the Account enabling the User to collect selected information, including employment history, qualifications, education history and other skills.

Newsletter – a service provided via electronic mail in which information is sent by HR Panorama to the e-mail address provided by the User.

Privacy Policy – this document.

Terms and Conditions – the Terms and Conditions for the provision of electronic services within the System belonging to HRPanorama Sp. z o.o., in the currently binding version.

GDPR – Regulation (EU) 2016/679.

Website – websites operated by HR Panorama: www.hrpanorama.com, www.hrpanorama.pl, hrpanorama.no.

System – the HR Panorama IT system provided in the SaaS model.

User – an adult natural person using the services of HR Panorama.

You, Your – the User.

I Personal Data Controller

1. The Controller is HRPanorama Spółka z ograniczoną odpowiedzialnością with its registered office in Kraków, ul. Feliksa Wrobela 13, 30-798 Kraków, entered into the Register of Entrepreneurs under KRS 0000827108, NIP 6793196738, REGON 385580424, share capital PLN 50,000.

2. Contact: [email protected].

3. The Controller applies appropriate technical and organizational measures pursuant to Article 32 GDPR.

4. Providing personal data is voluntary. In some cases it is necessary to create an Account or use services provided via the System or subscribe to the Newsletter.

5. The Controller processes personal data only to the extent necessary for the purposes defined in this Privacy Policy.

II Purposes and Legal Bases

The Controller processes personal data for:

a) preparation and sending of commercial offers – legitimate interest (Art. 6(1)(f));

b) conclusion and performance of a contract – (Art. 6(1)(b));

c) complaint handling – legal obligation (Art. 6(1)(c));

d) accounting and settlement obligations – legal obligation (Art. 6(1)(c));

e) archiving and backups – legitimate interest (Art. 6(1)(f));

f) establishing, pursuing or defending claims – legitimate interest (Art. 6(1)(f));

g) contact by phone or email – legitimate interest (Art. 6(1)(f));

h) technical and service-related information – legitimate interest (Art. 6(1)(f));

i) marketing and Newsletter – legitimate interest or consent (Art. 6(1)(f) or (a));

j) analytics and System improvement – legitimate interest (Art. 6(1)(f));

k) processing on behalf of third parties – processor role.

III Recipients of Data and Transfers Outside EEA

Recipients may include processors such as hosting providers, cloud providers, email and SMS providers, payment operators, IT service providers, analytics tools and marketing providers.

Data may also be disclosed to public authorities or other independent controllers (e.g. banks, law firms) where required by law.

Data may be transferred outside the European Economic Area. In such cases the Controller ensures appropriate safeguards, including Standard Contractual Clauses (SCC).

The Website may contain links to external websites operated by third parties. Those websites have separate privacy policies.

Social media plugins: When using the Website, your IP address and browser identifier may be transmitted to social media providers. The Controller and Facebook Ireland Ltd act as joint controllers in relation to statistical data processing (Page Insights). Detailed information is available at:

https://www.facebook.com/legal/terms/page_controller_addendum

and

https://www.facebook.com/legal/terms/information_about_page_insights_data

IV Data Retention

The Controller stores personal data:

– for the duration of the contract and limitation periods,

– for compliance with legal obligations,

– marketing data for up to 3 years from the end of the year of collection or until consent is withdrawn or objection is raised,

– backup and archive data according to internal security policies.

V Rights of the Data Subject

The User has the right to access, rectify, erase, restrict processing, data portability, and object to processing.

The User may lodge a complaint with the President of the Personal Data Protection Office (PUODO) in Warsaw.

VI Profiling

Profiling may be used for marketing purposes and to tailor content, but it does not produce legal effects or significantly affect the User.

VII Security

We apply appropriate security measures including SSL encryption, access controls, Two-Factor Authentication (2FA), data encryption and regular backups.

VIII Cookies

Details regarding cookies are described in a separate Cookies Policy.

IX Changes

We may update this Privacy Policy. Information about changes will be published on the Website or sent by email where required.