company

Privacy and cookie policy

Home Privacy and cookie policy

Privacy Policy and Cookie Policy describes the way User data is processed in connection with the use of the Duna Polska Service.

The owner of the service and the administrator of the personal data of the Service Users is Duna Polska, headquartered in Kraków at Opolska 110, entered into the register of entrepreneurs maintained by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under the number KRS 00000012902, NIP 6750001573. The administrator can be contacted via email at contact@dunapolska.pl, by phone at +48 12 664 80 00, or by mail at the company’s registered address.
We have appointed a Data Protection Officer, with whom you can contact via email at contact@dunapolska.pl or by mail at the administrator’s address: Opolska 110, 31-323 Kraków.

What data do we collect and how do we process it?

Personal data​

We collect personal data from Users when they voluntarily use available forms, email addresses, and phone numbers in the Service. We process data in accordance with the Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of natural persons regarding the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (“GDPR”). The scope and basis for the processing of personal data depend on the purposes listed below.

Basis, purposes, and period of data processing
1) Employee Recruitment

For the purpose of conducting the recruitment process, we process personal data provided by Users through the application form. Regarding personal data specified in Article 221 § 1 of the Labor Code (name, surname, date of birth, contact details provided by the person, education, professional qualifications, employment history), the legal basis for processing personal data is taking actions at the request of the data subject before the conclusion of a contract (Article 6(1)(b) GDPR) and fulfilling a legal obligation of the administrator (Article 6(1)(c) GDPR). Providing personal data by the User as indicated in Article 221 § 1 of the Labor Code in connection with Article 6(1)(b) and (c) GDPR is voluntary, but necessary to participate in the recruitment process.

If the User provides additional personal data (beyond what is indicated in Article 221 § 1 of the Labor Code), the purpose of processing is conducting the recruitment process, and the legal basis for processing the data is the User’s consent (Article 6(1)(a) GDPR). Providing additional data is voluntary. If the User does not want us to process additional personal data, they should not include it in the application form or in the documents submitted. Failure to provide such data will not affect participation in the recruitment process, will not be a reason for unfair treatment of the applicant, and will not lead to negative consequences, especially not being a reason for refusal of employment.

If the User wishes to participate in future recruitment processes, the legal basis for processing personal data is the User’s consent (Article 6(1)(a) GDPR). This consent is voluntary, and withholding it will not affect participation in the current recruitment process.
The personal data of the User will be processed for the duration of the current recruitment process, after which they will be deleted, or until the consent is withdrawn (in the case of consent given in the current recruitment process for processing additional personal data beyond those listed in Article 221 § 1 of the Labor Code). If the User provides additional consent for participation in future recruitment processes, their data will be processed for one year from the moment of consent or until it is withdrawn, after which it will be deleted.

2) Handling inquiries submitted via the contact form or email and phone numbers provided on the Service

For the purpose of responding, we process personal data submitted by the User via the contact form or through other methods provided by us, such as name, email address, phone number, and the content of the inquiry.
We process this data based on Article 6(1)(f) GDPR, i.e., in the legitimate interest of the administrator, which is fulfilling the request of the person concerned (receiving a response to the inquiry).
The data will be processed until the goal is achieved or a valid objection is raised to their processing.

Is providing data mandatory?

Providing data is voluntary but necessary to fulfill the User’s request (to receive a response to an inquiry or participate in the recruitment process).

Web server logs

When visiting and browsing the Service, the User’s browser automatically sends a set of temporarily stored information to the web server, such as IP address, browser type, language, access times, and the referring webpage. These data are not associated with specific individuals and are used anonymously to manage the Service.

Cookies

When visiting the Service, small text files are automatically saved on the User’s device (computer, tablet, smartphone), which contain information about the webpage from which they came, their storage time on the device, and a unique number. Each cookie has an expiration date, after which it becomes inactive. Cookies are used to identify the device through which the User accesses the website. We do not use cookies to determine the identity of the User. They provide statistical information about User traffic, activity, and usage patterns on the Service.

The Service uses cookies for:

  • Ensuring proper functioning of the Service, including adjusting content to User preferences (cookies allow the identification of basic device parameters, such as type, screen resolution, country, and language settings, enabling proper display of the website) – essential cookies,
  • Monitoring traffic on the Service, anonymous analysis of User behavior, and creating statistics (e.g., views of specific subpages, helping us understand how the Service is used and improve it) – statistical cookies.

To collect anonymous statistical data, we use cookies or similar technologies from third-party providers (third-party cookies). We use the following analytics tool:

  • Google Analytics (cookie administrator: Google Inc., USA), used for data analytics, which collects information about User behavior on the Service via cookies, such as the source from which Users arrived (via search engines, referral from another website, social media, advertising campaigns), location (country, city), software used (operating system, browser, device type), behavior on the page (time spent on specific subpages, number of visited pages). Google does not use the collected data to identify the User or combine this information for identifying a specific person. Information on the scope and rules of data collection for this service is available at: https://policies.google.com/technologies/partner-sites?hl=en. Users can install the Google Analytics blocking tool here: https://tools.google.com/dlpage/gaoptout.

How to manage cookies?

Web browsers by default allow cookies to be stored on the User’s device. The User can change cookie settings, particularly to block automatic cookie handling or be notified each time cookies are stored on their device. Detailed information on how to handle cookies is available in the browser settings. Users can also delete cookies at any time using the available functions in the browser they are using. Limiting cookie use may affect some functionalities available on the Service.

Recipients of data

We may disclose data to entities authorized under applicable legal regulations (e.g., police) and entities providing services for the administrator related to managing the Service, processing data exclusively on our behalf: Duna Polska Group companies, telecommunications and IT service providers, recruitment platform providers, and marketing agencies.
We also use providers who determine the purposes and methods of using personal data, such as Facebook or Google. If the provider is located outside the European Economic Area, the processing of data takes place based on guarantees of personal data protection, such as the commitment to apply standard contractual clauses adopted by the EU Commission.

Links (plugins) to other companies’ websites

The Service contains links to other companies’ websites, and the User should familiarize themselves with their privacy policies.

We also use Facebook and YouTube plugins that allow direct redirection of the User to our profiles on these platforms. When clicking on a plugin (e.g., “Like,” “YouTube”), the User’s browser directly connects to the Facebook or YouTube servers. If the User is logged in to one of these social media platforms, information about visiting our Service will be sent to their servers, which may be associated with the User’s account on the respective platform. If the User does not wish to provide this data, they should log out from the social media platform before clicking the plugin. The legal basis for processing data is Article 6(1)(f) GDPR, i.e., the legitimate interest of the administrator in promoting their activities. With the use of plugins for social media, the social media platform becomes a joint administrator of the User’s personal data. The purposes, legal bases for processing data, and the rights available to the User are described in the terms and privacy policies of these platforms. We encourage you to review them. More information is available here: https://pl-pl.facebook.com/privacy/explanation and https://policies.google.com/privacy?hl=en.

Contact via social media

You can also contact us through our social media profiles on Facebook (e.g., via Facebook Messenger), YouTube, LinkedIn, and Instagram. Data obtained in connection with an inquiry sent to us via social media platforms will only be used to respond. However, social media platforms collect personal data independently (related to user profiles), so the User should review the privacy policies of these platforms.

Rights of the User (data subject)

In cases specified in the GDPR, each User has the right to:

  • Access data – Article 15 GDPR
  • Rectify data – Article 16 GDPR
  • Erase data – Article 17 GDPR
  • Restrict data processing – Article 18 GDPR
  • Data portability – Article 20 GDPR
  • Object to data processing – Article 21 GDPR
  • Withdraw consent, in cases where it is the basis for processing data – Article 7 GDPR.

To exercise these rights, please contact us at: iod@dunapolska.pl
We will respond to any request promptly, but no later than within one month of receiving it. If we cannot fulfill the User’s request within one month (e.g., due to the volume of requests from other users), we will notify them in advance about the extended deadline. The User also has the right to file a complaint with the President of the Personal Data Protection Office if they believe the administrator has violated data processing regulations.

Data security on the Service

Data is protected against unauthorized access through technical and organizational security measures. In addition to protecting the operating environment, we use SSL encryption to prevent unauthorized access.

Making changes to the Privacy Policy and Cookie Policy

Any changes to this privacy policy will be made by publishing a new version of it on the Service.