Acting pursuant to Article 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), JCI hereby inform that:

 

• The Controller of your personal data is Jagiellońskie Centrum Innowacji Sp. z o.o. with its registered office in Krakow at the address: ul. Bobrzyńskiego 14, 30-348 Kraków, entered in the register of businesses of the National Court Register maintained by the District Court for Kraków – Śródmieście, 11th Commercial Division of the National Court Register with number KRS: 0000212725, NIP (tax identification number): 676-226-66-85 and REGON (statistical number): 356845374, with share capital of PLN 11,667,900.00 (hereinafter “Controller”). The Controller’s Data Protection Officer may be contacted by post at the Controller’s address or electronically via e-mail at iodo@jci.pl.

 

• Your personal data may be processed for the following purposes:
  • protection of a vital interest of the Controller’s employee, namely providing information on the accident (pursuant to Article 6(1d) of GDPR); or
  • compliance with a legal obligation to which the Controller is subject (pursuant to Article 6(1c) of GDPR), i.e. fulfilment of obligations arising out of labour law provisions, including with regard to the storage and archiving of documentation or subjecting to control;
  • legitimate interests pursued by the Controller or by a third party (pursuant to Article 6(1f) of GDPR), i.e.:
    • establishing contact;
    • drawing up evidence of contact or a note and archiving it;
    • ensuring the security of the Controller’s employee, including the addressing of the Controller’s employee’s request regarding notification of the identified person of the accident;
    • establishing, exercising or defending legal claims, including instigation or conducting of proceedings or negotiations.
  • The following may be recipients of your personal data:
    • persons you have authorised – in the identified scope;
    • entities which render the services of providing technical solutions and organisational solutions for the Controller (e.g. providers of IT services, transport services, servicing, courier or postal services);
    • entities which provide legal services if it is necessary to assert claims (including courts or enforcement authorities) or financial services (e.g. banks);
    • entities authorised pursuant to generally applicable legal provisions;
    • entities authorised to carry out inspections, supervision or audits, including Jagiellonian University authorities or certification bodies;
    • entities which carry out scientific research;
    • entities which provide insurance or health services.
  • The Controller processes your personal data provided by the Controller’s employee which is necessary for your clear identification and for contacting you (e.g. first name, last name, address of residence, telephone number or e-mail address). The Controller will not process special categories of your personal data.
  • Your personal data will be stored for the period necessary for the purpose, i.e. until withdrawal of the Controller’s employee’s declaration or until the termination of the employment relationship of the Controller’s employee and upon termination until the completion of factual and legal activities related to the purpose or for the term determined in accordance with the Controller’s obligations arising out of separate legal provisions and until the expiration of claims, until the completion of proceedings, until the fulfilment of the legitimate interests of the Controller which are the basis of personal data processing.
  • You have the right to request that you gain access to your personal data (pursuant to Article 15 of GDPR), that your personal data be rectified (pursuant to Article 16 of GDPR), that your personal data be erased (pursuant to Article 17 of GDPR), that the processing of your personal data be restricted (pursuant to Article 18 of GDPR), the right to personal data portability (pursuant to Article 20 of GDPR or by law) or the right to object to processing (pursuant to Article 21 of GDPR).
  • You have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of GDPR if you find that your personal data is processed by the Controller contrary to GDPR.

1. The Controller of your personal data is Jagiellońskie Centrum Innowacji Sp. z o.o. with its registered office in Krakow at the address: ul. Bobrzyńskiego 14, 30-348 Kraków, entered in the register of businesses of the National Court Register maintained by the District Court for Kraków – Śródmieście, 11th Commercial Division of the National Court Register with number KRS: 0000212725, NIP (tax identification number): 676-226-66-85 and REGON (statistical number): 356845374, with share capital of PLN 11,667,900.00 (hereinafter “Controller”). The Controller’s Data Protection Officer may be contacted by post at the Controller’s address or electronically via e-mail at iodo@jci.pl.

2. Your personal data may be processed for the following purposes:

• compliance with a legal obligation to which the Controller is subject in relation to employing staff, including for conducting or enabling the instigation of administrative (including control) proceedings, executing binding orders from public authorities, storing or archiving HR or accounting documentation (pursuant to Article 6(1c) of GDPR);
• legitimate interests pursued by the Controller in the form of protection of economic, legal and financial interests of the Controller (pursuant to Article 6(1f) of GDPR), for example:
  • establishing, exercising or defending legal claims, including potential sale of claims to third parties;
  • instigating or conducting proceedings or negotiations;
  • creating analyses, lists and statistics for the Controller’s internal purposes;
  • ensuring the safety of employees or property protection or production control or keeping information secret;
  • conducting internal controls and controls by authorised third parties.

3. The following may be recipients of your personal data:

• persons you have authorised – in the identified scope;
• entities which render the services of providing technical solutions and organisational solutions for the Controller (e.g. providers of IT services, transport services, servicing, courier or postal services);
• entities which provide legal services if it is necessary to assert claims (including courts or enforcement authorities) or financial services (e.g. banks);
• entities authorised pursuant to generally applicable legal provisions;
• entities authorised to carry out inspections, supervision or audits, including Jagiellonian University authorities or certification bodies;
• entities which carry out scientific research;
• entities which provide insurance or health services.

4. Your personal data will be stored for the period necessary for the purpose, i.e. after the termination of the employment relationship or until the completion of factual and legal activities related thereto – only based on the Controller’s obligations arising out of separate legal provisions (e.g. data processed for accounting purposes and due to tax obligations – for 5 years counted from the beginning of the year following the financial year to which the data refers), until the expiration of claims, until the completion of proceedings or until the fulfilment of the legitimate interests of the Controller which are the basis of personal data processing.
5. You have the right to request that you gain access to your personal data (pursuant to Article 15 of GDPR), that your personal data be rectified (pursuant to Article 16 of GDPR), that your personal data be erased (pursuant to Article 17 of GDPR), that the processing of your personal data be restricted (pursuant to Article 18 of GDPR), the right to personal data portability (pursuant to Article 20 of GDPR or by law) or the right to object to processing (pursuant to Article 21 of GDPR).
6. You have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of GDPR if you find that your personal data is processed by the Controller contrary to GDPR.
7. You provide your personal data voluntarily in relation to the establishment and performance of an employment obligation. However, refusal to give your data will make it impossible for us to conclude and perform the employment contract or perform the related obligations of the Controller.

• The Controller of your personal data is Jagiellońskie Centrum Innowacji Sp. z o.o. with its registered office in Krakow (postcode: 30-348), at the address: ul. Bobrzyńskiego 14, entered in the register of businesses of the National Court Register maintained by the District Court for Kraków – Śródmieście, 11th Commercial Division of the National Court Register with number KRS: 0000212725, NIP (tax identification number): 676 226-66-85 and REGON (statistical number): 356845374, with share capital of PLN 11,667,900.00 (hereinafter “Controller”).
• The Controller’s Data Protection Officer may be contacted by post at the Controller’s address or electronically via e-mail at iodo@jci.pl.
• Your personal data will be processed for the purposes of recruitment to the position you have chosen or in accordance with the consent you have given, also for future recruitment processes.
• Basis of personal data processing:

 

1. For

• given name(s) and last name,
• date of birth,
• contact details (mailing address, e-mail address or telephone number),
• the legal basis is Article 22¹ § 1 of the Polish Labour Code of 26 June 1974 (Journal of Laws No. 24, item 141, consolidated text: Journal of Laws of 2019, item 1040 as amended, hereinafter: “Labour Code”) in conjunction with Article 6(1c) of the General Data Protection Regulation;

 

2. For other than specified in item i.) above and mentioned in the advertisement when it is necessary to perform specific work or on a specific position, regarding:

• education,
• professional qualifications,
• employment history,

the legal basis is Article 22¹ § 2 of the Polish Labour Code in conjunction with Article 6(1c) of the General Data Protection Regulation;

 

3. For other than specified in items i.) or ii.) above and mentioned in the advertisement when it is necessary to exercise a specific right or comply with an obligation resulting from legal provisions, the legal basis is Article 22¹ §4 of the Polish Labour Code in conjunction with Article 6(1c) of the General Data Protection Regulation;
4. The legal basis of the processing of personal data other than specified above provided to the Controller in relation to participation in recruitment will be your consent pursuant to Article 22^1a §1 of the Polish Labour Code in conjunction with Article 6(1c) of the General Data Protection Regulation. At the end of this document, you can find the proposed wording of the consent which covers the above. The consent can be included in the footnote of your recruitment documents.

• You can also give your consent to personal data processing in future recruitment processes. At the end of this document, you can find the proposed wording of the consent which can be included in the footnote of your recruitment documents.
• The recipients of your personal data may be entities which render recruitment, IT, servicing, postal, legal, security services or entities authorised to control and supervise the Controller’s operations.
• Your personal data will be stored for the period necessary for the purpose, i.e. until the completion of recruitment or for the period to which you have given your consent but no longer than for 6 months of the end of the recruitment process.
• You have the right to request that you gain access to your personal data (pursuant to Article 15 of GDPR), that your personal data be rectified (pursuant to Article 16 of GDPR), that your personal data be erased (pursuant to Article 17 of GDPR), that the processing of your personal data be restricted (pursuant to Article 18 of GDPR), the right to personal data portability (pursuant to Article 20 of GDPR or by law) or the right to object to processing (pursuant to Article 21 of GDPR).
• You have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of GDPR if you find that your personal data is processed by the Controller contrary to GDPR.
• You give your data voluntarily but failure to provide your personal data referred to in items i.), ii.) or iii.) above will cause that you will not participate in recruitment. If you send the data referred to in item iv.) above without consent to processing, the Controller will be obliged to erase the data. However, this will not give grounds for your unfavourable treatment in recruitment and will not cause any adverse consequences on your part.
• In the absence of consent to personal data processing for future recruitment processes, you will only participate in the selected recruitment.
• If you have given your consent to personal data processing in the defined scope, you have the right to withdraw this consent at any time by sending information to the Controller’s e-mail address given above.

 

Examples of consents.

• “I consent to the processing of my personal data other than described in Article 22¹ 1 or §2 or §4 of the Polish Labour Code included in recruitment documents by Jagiellońskie Centrum Innowacji Sp. z o.o. for the purposes of recruitment to the position of  …………………………….”
• “I consent to the processing of my personal data included in recruitment documents by Jagiellońskie Centrum Innowacji Sp. z o.o. for the purposes of future recruitment processes for up to 6 months of the completion of the current recruitment process.”

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “GDPR”), please be informed that:

 

1. The Controller of your personal data is Jagiellońskie Centrum Innowacji Sp. z o.o. with its registered office in Krakow at the address: ul. Bobrzyńskiego 14, 30-348 Kraków, entered in the register of businesses of the National Court Register maintained by the District Court for Kraków – Śródmieście, 11th Commercial Division of the National Court Register with number KRS: 0000212725, NIP (tax identification number): 676-226-66-85 and REGON (statistical number): 356845374, with share capital of PLN 11,667,900.00 (hereinafter “Controller”).

The Controller’s Data Protection Officer may be contacted by post at the Controller’s address or electronically via e-mail at iodo@jci.pl.

 

2. The processing of your personal data is necessary for purposes of performance of a civil law contract and for taking actions prior to the conclusion of the agreement upon the request of the data subject if such actions are necessary for the conclusion of the agreement. The legal basis of your personal data processing is:

• 6(1b) of GDPR (processing is necessary for the purposes of the performance of the agreement to which you are a party or for taking action upon your request prior to the conclusion of the agreement),

• 6(1c) of GDPR (purpose and scope of personal data processing results from generally applicable legal provisions, e.g. tax purposes, archiving obligation),

• 6(1a) of GDPR (the basis of personal data processing is your consent regarding e.g. the data given in your CV or in the service provider’s declaration other than required by law if you have given your voluntary consent to the processing of this data by sending us your CV or the service provider’s declaration. The consent is voluntary which means that if you do not give us your consent or withdraw it, this will not be grounds for unfavourable treatment and will not cause any adverse consequences to you),

• 6(1f) of GDPR (the processing of your personal data results from the Controller’s legitimate interests. e.g. protection of persons and property, seeking the satisfaction of claims).

 

3. The recipients of your personal data may be any entities to whom JCI is obliged to provide data pursuant to applicable legal provisions, e.g. Tax Office, suppliers of equipment and software, security, server owner, entity responsible for reception desk, entities offering courier or postal services.

 

4. The Controller does not intend to transfer your personal data to a third party or an international organisation.

 

5. Your personal data will be kept for the period resulting from legal provisions or for the period of limitation of claims of the data controller and claims against the data controller, and in relation to the fulfilment of the archiving obligation.

 

6. You have the right to request that you gain access to your personal data (pursuant to Article 15 of GDPR), that your personal data be rectified (pursuant to Article 16 of GDPR), that your personal data be erased (pursuant to Article 17 of GDPR), that the processing of your personal data be restricted (pursuant to Article 18 of GDPR), the right to personal data portability (pursuant to Article 20 of GDPR) or the right to object to processing (pursuant to Article 21 of GDPR).

 

7. You have the right to withdraw your consent at any time and this will not affect the lawfulness of processing done based on the consent before its withdrawal.

 

8. You have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of GDPR if you find that your personal data is processed by the Controller contrary to GDPR.

 

9. The provision of your data required by the Controller is the necessary condition of concluding a civil law contract and taking action prior to the conclusion thereof. You are not obliged to provide the data. However, failure to do so will make it impossible for us to conclude a civil law contract and to take action prior to the conclusion of the agreement.

I declare that I am familiar with the data protection provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “GDPR”) and personal data protection policies implemented in Jagiellońskie Centrum Innowacji Sp. z o.o. (hereinafter: “Controller”).

 

In view of the foregoing, I hereby undertake that I will:

• obey by the personal data protection rules resulting from GDPR and personal data protection procedures implemented by the Controller;
• process personal data only in the scope of and for the purpose resulting from the authorisation given to me by the Controller;
• keep secret the personal data processed by the Controller and the methods of securing such data;
• protect the personal data processed by the Controller against accidental, unauthorised or unlawful processing;
• report any personal data protection breaches to immediate superiors, the Controller or the Controller’s attorney.

 

Furthermore, I hereby confirm that:

• I have been informed that the breach of personal data protection, in particular procedures or generally applicable provisions of law, may result in liability, in particular disciplinary action;
• I have been informed that acting as the employer the Controller will monitor employees’ e-mails in order to ensure property (including data) protection, to control the secrecy of information which, if disclosed, may cause the employer’s damage, and to control the proper performance of employee duties. The monitoring of e-mails will only concern corporate e-mails and will respect the secrecy of correspondence and other personal interests of the employee. E-mails will be monitored by the Controller or by the authorised person for a maximum period of one week and monitoring may be repeated during the term of the employment relationship. Upon request, the Employee will be obliged to promptly provide access data to corporate e-mail and specify the potential scope and justification of the secrecy of correspondence. Upon the completion of monitoring, the employee is obliged to change his or her e-mail access data.
• I have been informed that acting as the employer the Controller has implemented special surveillance of the area of the work establishment and areas near the work establishment using technical measures of video recording (CCTV) for the purpose of ensuring the security of employees, property protection, control of production and keeping the secrecy of information which, if disclosed, could cause the employer’s damage. Part of the work establishment excluding sanitary facilities, a cloakroom, a canteen, a smoking room or rooms made available to trade unions will be under surveillance. Surveillance by the Controller will be performed by installing fitted camcorders and verifying recordings on an ongoing basis. Video recordings will be processed only for the purposes for which they are collected and will be stored for a maximum period of 3 months of the date of recording. If the video recording is to be evidence in any proceedings conducted by law or may be evidence in proceedings, the time limit is extended until the final and non-appeallable judgment. After the expiry of time limits referred to above, video recordings obtained as a result of surveillance will be destroyed unless separate provisions provide otherwise.
• I have read the instruction regarding the processing of my personal data (in accordance with Article 13 of GDPR) by the Controller:
• The Controller of your personal data is Jagiellońskie Centrum Innowacji Sp. z o.o. with its registered office in Krakow at the address: ul. Bobrzyńskiego 14, 30-348 Kraków, entered in the register of businesses of the National Court Register maintained by the District Court for Kraków – Śródmieście, 11th Commercial Division of the National Court Register with number KRS: 0000212725, NIP (tax identification number): 676 226-66-85 and REGON (statistical number): 356845374, with share capital of PLN 11,667,900.00 (“Controller”). The Controller’s Data Protection Officer may be contacted by post at the Controller’s address or electronically via e-mail at iodo@jci.pl.
• Your personal data may be processed for the following purposes:
  • performing actions based on the granted consent, e.g. offering additional insurance benefits, ensuring commercial medical services, using the image as well as first and last name on JCI’s website and social media for marketing purposes or using biometric data for the purpose of accessing the Controller’s premises (pursuant to Article 6(1a) of GDPR); or
  • performing an employment relationship; in this scope, this also refers to all preparatory activities which precede the conclusion of an employment contract and activities in the process of concluding an employment contract, performing or terminating an employment contract, or activities related to the employment contract (e.g. granting a power of attorney, organisation of work, execution of quality management procedures), where the processed data is restricted in accordance with Articles 21¹p. or 22² of the Polish Labour Code, and the data regarding your health status is processed pursuant to Article 9(2b) of the Regulation (pursuant to Article 6(1b) of GDPR); or
  • fulfilment of legal obligations of the Controller, i.e. offering social aid, insurance, ensuring occupational health and safety, work organisation, drawing up and storing documents (e.g. accounting or financial documents), executing the personal data protection procedures implemented by the Controller, conducting or possible instigation of administrative proceedings (including audits), performing binding orders of public authorities (pursuant to Article 6(1c) of GDPR);
  • legitimate interests pursued by the Controller in the form of protection of economic, legal and financial interests of the Controller (pursuant to Article 6(1f) of GDPR), for example:
    • establishing, exercising or defending legal claims, including potential sale of claims to third parties;
    • instigating or conducting proceedings or negotiations;
    • representing vis a vis third parties for the purpose of establishing or performing the established legal relationship;
    • creating analyses, lists and statistics for the Controller’s internal purposes;
    • ensuring the safety of employees or property protection or production control or keeping information secret;
    • conducting internal controls and controls by authorised third parties.
  • The following may be recipients of your personal data:
    • persons you have authorised – in the identified scope;
    • entities which render the services of providing technical solutions and organisational solutions for the Controller (e.g. providers of IT services, transport services, servicing, courier or postal services);
    • entities which provide legal services if it is necessary to assert claims (including courts or enforcement authorities) or financial services (e.g. banks);
    • entities authorised pursuant to generally applicable legal provisions (including administration bodies);
    • entities authorised to carry out inspections, supervision or audits, including Jagiellonian University authorities or certification bodies;
    • entities which carry out scientific research;
    • entities which provide insurance or health services;
    • individuals who use JCI’s website and social media (with the consent).
  • Your personal data will be stored for the period necessary for the purpose, i.e. until the termination of the employment relationship or until the completion of factual and legal activities related thereto and after the termination of the employment relationship – only based on the Controller’s obligations arising out of separate legal provisions (e.g. data processed for accounting purposes and due to tax obligations – for 5 years counted from the beginning of the year following the financial year to which the data refers), until the expiration of claims, until the completion of proceedings, until the fulfilment of the legitimate interests of the Controller which are the basis of personal data processing or until the withdrawal of consent (with respect to the data processed based on the consent).
  • You have the right to request that you gain access to your personal data (pursuant to Article 15 of GDPR), that your personal data be rectified (pursuant to Article 16 of GDPR), that your personal data be erased (pursuant to Article 17 of GDPR), that the processing of your personal data be restricted (pursuant to Article 18 of GDPR), the right to personal data portability (pursuant to Article 20 of GDPR or by law) or the right to object to processing (pursuant to Article 21 of GDPR).
  • You have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of GDPR if you find that your personal data is processed by the Controller contrary to GDPR.
  • You provide your personal data voluntarily. However, failure to give your data will make it impossible to conclude and perform the employment contract.
  • You have the right to withdraw your consent at any time by sending information to the Controller’s address or e-mail given above (with respect to the processing of personal data based on consent).

…………………………………………………………….

Date and signature