ѻý

Przejdź do Treści

HR data privacy policy

Privacy Notice on employee and job candidate data

This privacy notice sets out what personal data ѻý Polska Sp. z o. collects and how ѻý uses and protects any personal data processed in relation to to potential or existing employment relationship with ѻý.

1. Who is collecting personal data

ѻý Polska Sp. z o.o, with registered office at 02-092 Warsaw, ul. Zwirki i Wigury 16a (“ѻý”), is a Data Controller and Edward Gołda (e-mail: dprequestpoland.pl@capgemini.com) is acting as Data Protection Officer, who is committed to ensuring that your privacy is protected.

2. What information is being collected and processed?

ѻý processes personal data of candidates, employees employed under a contract of employment and persons employed under a civil law contract, collectively referred to as „Employee/Candidate” and „Employees/Candidates”, respectively.

ѻý may collect the following information:

·        Personal details, such as name, date of birth, gender, age, address, telephone numbers, email address, number of children, citizenship,ID details, visa details, work permit details, emergency contact details, dependents details, marital status, life insurance beneficiaries, pictures or images;

·        Financial information relating to compensation, benefits and pension arrangements, such as details of salary, bank account, tax codes, travel expenses, stock options, stock purchase plan;

·        Recruitment information, such as CV, application form, notes of interviews, applicant references (if recorded), qualifications, test results (if applicable);

·        Employment administration information, such as employment and career history, grades, managers, employment contract details, absence records, safety records, health and sickness records if the applicable laws allow to collect such personal data, accident reports, personal development reviews, driving license details and associated documents, skills records, government issued identification numbers;

·        Professional experience information, such as professional resume, qualifications, details of projects Employee/Candidate has worked on, training records, mobility records;

·      Details of where Employee/Candidate is located in ѻý location to the extent recorded by ѻý electronic card access systems and cameras;

·        Details of IT and connection data to the ѻý IT systems;

·        Photos

3. How data is it collected?

ѻý collects certain information provided directly from Employee/Candidate. ѻý gets part of the personal data by recording how Employee/Candidate interacts with Human Resources electronic platforms and via electronic card access systems and video monitoring.

ѻý may also collect certain information indirectly, in particular from/or on the basis of:

·  Global database managed by the Affiliates of ѻý;

·  Its agents, representatives and service providers, for example recruitment agency;

·  Third parties who you have asked to provide your personal information to ѻý, including via referral process;

·  Insurance Companies to settle an insurance event;

·  Law enforcement, dispute resolution, statutory and regulatory bodies;

·  Marketing or event organisations, to the extent that personal data is required for conducting the recruitment processes;

·  Industry databases such as Pracuj.pl, LinkedIn, Infopraca.pl or other and publicly available sources such as the Internet and telephone directories.

4. For what purposes does ѻý collect, hold and use your personal information?

Typically, purposes for which ѻý processes Employee/Candidate Personal Data will include but are not limited to the following activities:

·         Recruitment, including future recruitment and background checks subject to local laws;
· Performance assessment and training;

· Pay-roll and administration of other employment-related benefits (including stock options, stock purchase plan, or other corporate plans or benefits);

· Day-to-day management activities, such as deployment on projects, promotion, disciplinary activities, grievance procedure handling;

· Marketing the professional services of consultants to potential ѻý clients (e.g., by providing details of experience on previous projects);

· Administration of current benefits, including the ѻý personal pension plan, life insurance scheme, private health insurance scheme;

· Employment analysis, for example, comparing the success of various recruitment and/or Employee retention programs;

· Compliance with health & safety rules and other legal obligations placed on ѻý as an employer;

· Where necessary, processing designed to enable ѻý to exercise its legal rights, and/or perform its legal obligations, as an employer, in so far as it is required by local law of the country where the Data Controller is established;

· IT, security, cybersecurity and access control;

· Human Resource Management, Career management and mobility, also via automated processing, including profiling;

· Internal and external communication;

· Company resources management;

· Video and electronic monitoring in the scope of ensuring the safety of Employee/Candidate due to the manner, quantity and quality of the usual services performed;

· Preventive activities in the area of ѻý property security by, for example, theft or destruction as well as data leakage and breach of confidentiality, or access to data by unauthorized persons;

· Audit and statistics.

5. What is the legal basis for collection of personal data?

A basis for lawful processing by ѻý are:

• Legal requirements related to Data Controller
• Contractual undertaking with Employee/Candidate
• Legitimate interests in regards to:

Employee/Candidate rights:

•&Բ;&Բ;Reasonable Expectations of the individual that their personal data are to be processed;

•&Բ; Management of Individual Right Requests ( ex. Continued processing when an individual requested erasure);•&Բ; Suppression (holding data on a suppressed file);

•  Profiling for analytical reasons;
•  Some Employee relations (to ensure that the employees receive benefits and trainings);

•&Բ; Keeping the Human Resources records for the event of employee claims;

•  Keeping the Records including records of monitoring:

•  Lawful monitoring.

Compliance and fraud cases:

•&Բ; Prevention activities within ѻý and its Affiliates, implemented on the basis of internal policies of ѻý

•&Բ; Risk management

IT Network, IT Security

• IT Network and Information Security regarding the management of Employee/Candidate profiles, the access rights, employees’ passwords;

• Application of the Artificial Intelligence in the analytical processes and related to automated decision-making processes.

The provision of Employees’ personal data is a statutory requirement or contractual requirement or a requirement necessary to perform contractual obligations. In the event of failure to provide such personal data ѻý shall not :

• Performing the obligations of the Data Controller for benefit of the Employees in the field of employment and social security and social protection law;

• Sending marketing communication, and/or commercial information (including the information relates to recruitment process) and evaluation of employment applications;

• Profiling of Employees or Candidates in order to prepare an appropriate recruitment offer;

• Detecting, investigating and preventing fraud;

• Verifying and provision an adequate level of protection of Employee/Candidate and property of ѻý.

6. How long does ѻý keep the personal information?

ѻý will retain personal information for the period required by applicable laws or for the period necessary to fulfil the purposes outlined in this Privacy Notice not longer than 10 years from date of the termination or expiration of the employment relation.

Regarding recruitment data ѻý will retain for period not longer than 3 years since its collection.

Regarding monitoring: ѻý will usually retain personal information for the period of 30 days from the recording date, and when the recording shall constitute an evidence of a prohibited act which may be used before any court or other formal proceeding, not longer than 10 years from date of the recording.

After the expiration of the above period, personal data shall be anonymised or deleted from any electronic devices and/or the copies of such Personal Information will be destroyed as well. Within the scope of the Employer’s obligations, regarding the archiving of employee files, ѻý shall comply with all mandatorily applicable laws.

7. Who will it be shared with?

ѻý shall not share Employees’/Candidates’ personal data to third parties unless ѻý has Employees’ permission or it is required by law to do so.

Affiliates of ѻý and/or strategic partners
ѻý shall only share the personal data with Affiliates of ѻý (entities controlled directly or indirectly by ѻý SE) or/and strategic partners that work with ѻý to provide products and services.

Service Providers
ѻý does share the personal data with companies who provide services to ѻý such as information processing, fulfilling orders, providing customer service, assessing interest in products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect personal data and keep confidentiality.

Public and governmental authorities
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities for ѻý to disclose Employees’ personal data. ѻý may also disclose information about Employees if ѻý determines that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

Service Providers
ѻý does share the personal data with companies who provide services to ѻý such as information processing, fulfilling orders, providing customer service, assessing interest in products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect personal data and keep confidentiality.

Public and governmental authorities
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities for ѻý to disclose Employees’ personal data. ѻý may also disclose information about Employees if ѻý determines that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

Please note that some of the above mentioned entities may be located outside the European Economic Area. ѻý will ensure that the transfer of personal data to a third country located outside the European Economic Area is conducted in compliance with the appropriate and/or suitable safeguards. Employees shall has the right at any time to obtain a copy of their personal data processed by such companies and to obtain the list of companies to which their personal data has been made available by sending a request to the e-mail address: dprequestpoland.pl@capgemini.com.

Such entities and business partners have implemented ѻý privacy standards with respect to the use of this data and are bound by appropriate confidentiality agreements.

8. How will the personal data be secured?

In order to prevent unauthorised access or disclosure, ѻý has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information ѻý collects and ѻý follows industry practices and standards in adopting procedures and implementing systems designed to prevent unauthorized access to personal data and to avoid its accidental loss, damage or destruction.
All Affiliates of ѻý have the obligation to abide the security standards established by the ѻý SE and adequately monitored.
In accordance with article 33 and 34 GDPR and taking into account the level of risk for the rights and freedom of Employees, ѻý shall report personal data breaches to the authorities and/or the Employees/Candidates if it becomes aware that the security, confidentiality or integrity of the personal data has been compromised.

9. How will Employee/Candidate control their personal information?

ѻý is committed to keep personal data accurate. ѻý shall provide Employees/Candidates with access to theirs personal data to view, update or correct this information directly in TETA HRM platform or via request through email: dprequestpoland.pl@capgemini.com.

Employee/Candidate may request by email dprequestpoland.pl@capgemini.com: deletion of the their personal data, the provision of details of their personal information which ѻý hold about them and/or copy of the personal data in a standard format.

Employee/Candidate may choose to restrict the collection or use of their personal data. Employee/Candidate have a right at any time to restrict processing or to object to processing of personal data or sharing their personal data to other Affiliates of ѻý.

Personal data may have undergone automated processing, including profiling. Please note that Employee/Candidate have a right at any time to object to such making automated decision, including profiling.

If Employees consider that processing of their personal data infringes data protection laws, they have a legal right to lodge a complaint with a supervisory authority responsible for data protection.

10. How to contact ѻý?

In case the Employees requires more information about how ѻý processes the personal data, then please go to the following  or contact ѻý by sending email  to this below address: dprequestpoland.pl@capgemini.com

HR Privacy Policy PL

In the event of the discrepancies between the Polish and English version of this Privacy Notice, the Polish version shall prevail.