Privacy Policy

PRIVACY POLICY

HR CODE sp. z o.o. with its registered office in Wrocław

(effective February 16, 2026)

1. Personal data administrator

1) The administrator of personal data is HR CODE limited liability company with its registered office in Wrocław, at ul. Ameriga Vespucciego 13/51, 51-505 Wrocław, NIP 8992900098, REGON 389131261.

2) Email address for contact in matters related to personal data protection: dataprotection@hrcode.com.pl, telephone : +48 781 450 000

3) The administrator processes personal data in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).

2. Data Protection Officer

1) The administrator has not appointed a Data Protection Officer .

2) All matters related to personal data protection should be addressed directly to the Administrator at the address indicated in section 1, point 2.

3. Scope of data processed

The administrator may process the following categories of personal data:

1) Data provided directly by individuals:

a) first and last name,

b) email address,

c) telephone number,

d) data contained in CVs and application documents,

e) information on professional qualifications, education, and experience,

f) other data provided voluntarily in the correspondence.

2) Technical data:

a) IP address,

b) device and browser data,

c) data on activity on the website,

d) information stored in cookies.

4. Purposes and legal basis for processing

Personal data is processed for the following purposes:

Objective

Legal basis

Contact and handling of inquiries—to respond to inquiries sent via the contact form or email

Article 6(1)(b) or (f) of the GDPR

Recruitment processes – for the purpose of recruiting candidates for temporary or permanent employment

Article 6(1)(b) of the GDPR (pre-contractual measures); Article 6(1)(a) of the GDPR (consent – in relation to data beyond the scope of the Labor Code)

Execution of agreements with customers and employees—for the purpose of performing civil law agreements, employment agreements, or cooperation agreements

Article 6(1)(b) and (c) of the GDPR

Marketing of own services, including sending commercial information and newsletters

Article 6(1)(a) of the GDPR (consent)

Statistical analysis and improvement of website functionality, including the use of analytical tools

Article 6(1)(a) or (f) of the GDPR (depending on the type of cookies)

Investigation or defense against claims

Article 6(1)(f) of the GDPR

5. Recipients of data

1) Personal data may be transferred to the following categories of recipients:

a) IT and hosting service providers,

b) recruitment and CRM system providers,

c) entities providing accounting and legal services,

d) the Administrator's clients (employers, users),

e) entities providing marketing services (e.g., Google, Meta).

2) These entities process data on the basis of entrustment agreements or as separate controllers.

6. Transfer of data outside the EU/EEA

1) Personal data may be transferred to third countries, in particular to the United States, in connection with the use of tools such as Google Analytics, Google Ads, or Meta Pixel.

2) Data transfer is based on:

a) Standard Contractual Clauses (SCC) or

b) a decision confirming an adequate level of protection (e.g., Data Privacy Framework).

7. Data retention period

Personal data is stored appropriately:

a) for the duration of the recruitment process and up to 12 months after its completion,

b) for the duration of the contract and after its termination for the period required by law,

c) until consent is withdrawn – in the case of data processed on the basis of consent,

d) for the period of limitation of claims.

8. Obligation or voluntary nature of providing data

1) Providing personal data is:

a) mandatory, if required by law or necessary to conclude a contract,

b) voluntary, in other cases.

2) Failure to provide data may result in the inability to achieve a given objective (e.g., participation in recruitment).

9. Rights of data subjects

Every person has the right to:

a) access to data,

b) correction of data,

c) deletion of data,

d) restrictions on processing,

e) data portability,

f) raise an objection,

g) withdraw consent at any time,

h) lodge a complaint with the President of the Personal Data Protection Office.

10. Automated decision-making and profiling

1) Personal data is not used for automated decision-making that would have legal consequences for individuals.

2) The administrator may use profiling for marketing purposes only with the user's consent.

11. Data source

Personal data may come from:

a) directly from the individuals to whom the data relates,

b) from recruitment websites,

c) from the Administrator's business partners and customers.

12. Cookies

1) The website uses cookies for the following purposes:

a) technical (necessary for the website to function),

b) analytical,

c) marketing.

2) Analytical and marketing cookies are used only after obtaining the user's consent.

13. Security measures

The administrator shall implement appropriate technical and organizational measures, in particular:

a) connection encryption (SSL),

b) server security,

c) access control procedures,

d) staff training.

14. Changes to the privacy policy

The Administrator reserves the right to change this Privacy Policy.
All versions of the Policy, including archived versions, are available on the Administrator's website.