1. General provisions

1. This Privacy Policy sets out the rules for the processing of your personal data at www.murdio.com (hereinafter referred to as the Website) operated by the Controller.
2. The personal data Controller is Murdio sp. z o.o. with its registered office in Warsaw (00-124), Rondo Organizacji Narodów Zjednoczonych 1, National Court Register (KRS) entry number: 0000825138, taxpayer identification number (NIP): 1133009779, business statistical number (REGON): 385396991.
3. You may contact the Controller in matters concerning the processing of your personal data:
– by sending a letter to the address in section 1(2) hereinabove,
– by sending an e-mail to: contact@murdio.com.
4. The Controller, pursuant to Article 32(1) of the GDPR, shall comply with the principles of personal data protection and take suitable technical and organisational measures to prevent accidental or unlawful destruction, loss, modification, unauthorised disclosure of or unauthorised access to personal data processed in connection with its activities.
5. This Privacy Policy is subject to the Polish law and other generally applicable laws including the GDPR.

2. Rights of data subjects

1. As the data subject, at any time, you have the right to:­­
access – i.e. obtain confirmation from the Controller as to whether your data are processed. If your data are processed, you are entitled to access your data and obtain the following information: about the purposes of the processing, the categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, the data retention period or the criteria for determining it, the right to request rectification, erasure or restriction of the processing of personal data and to object to such processing (Article 15 of the GDPR);
obtain a copy of the data – you have the right to obtain a copy of the data subject to processing; the first copy shall be free of charge and the Controller may charge a reasonable fee for any subsequent copies resulting from administrative costs (Article 15(3) of the GDPR);
rectification – you have the right to request the rectification or completion of your personal data if inaccurate or incomplete (Article 16 of the GDPR);
erasure – you have the right to request the erasure of your personal data if there no longer is a legal basis for the Controller to continue the processing or if the data is no longer necessary for the purposes of the processing (Article 17 of the GDPR);
restrict processing – you have the right to request the restriction of processing of your personal data (Article 18 of the GDPR) when:
   – you question the accuracy of your personal data – for a period of time enabling the Controller to verify the accuracy of the data,
   – the processing is unlawful and you object to the erasure of the data by requesting restriction of the processing,
   – the Controller no longer needs the data, but they are necessary for you to assert, pursue or defend your claims,
   – you objected to the processing – until it is determined whether the legitimate interest on the part of the Controller prevail over the grounds for your objection (Article 18 of the GDPR),
data portability – you have the right to receive your personal data you have provided to the Controller in a structured, commonly used, machine-readable format and to request that the data be sent to another Controller if processed on the basis of your consent, if processed by automated means (Article 20 of the GDPR);
object – you have the right to object to the processing of your personal data on grounds relating to your particular situation, including profiling. The Controller shall then assess the existence of valid legitimate grounds for the processing, prevailing over your interests, rights and freedoms or grounds for asserting, pursuing or defending claims. If, according to the assessment, your interests outweigh the interests of the Controller, the Controller will be obliged to stop processing your data for these purposes (Article 21 of the GDPR).
2. In order to exercise the rights referred to above, you should contact the Controller (see the provided contact details) and inform them which right and to what extent you wish to exercise.
3. You also have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection in Warsaw (ul. Stawki 2, Warsaw).

3. Scope of processed data

1. The Controller processes the following personal data:
– name and surname,
– e-mail address,
– phone number,
– information regarding your previous employment, professional experience, education and other information voluntarily provided in your recruitment documents (CV).
2. Depending on the purpose of the processing, the Controller only processes the personal data necessary for a particular purpose.

4. Data processing purpose and basis

1. Processing personal data for the purpose of establishing cooperation
 – The Controller may process your personal data for the purpose of your participation in the Controller’s recruitment process, solely on the basis of your consent given prior to sending your job application (Article 6(1)(a) of the GDPR). Your consent is voluntary at all times but necessary for your participation in the recruitment process.
– You have the right to withdraw your consent to the processing of your personal data at any time, which does not affect the lawfulness of the processing prior to the withdrawal. However, withdrawing your consent will prevent you from further participation in any recruitment process conducted by the Controller.
– The personal data processed for your participation in the recruitment process are collected through a form available on the Website.
– Your personal data is processed during the recruitment process. By consenting to the processing of your personal data for this purpose, you also consent to the processing of your personal data in subsequent recruitment processes, for the period specified in section 5 (Data processing period) herein.

2. Processing personal data for the purpose of contacting the Controller
– The Controller may process your personal data in order to respond to your enquiries regarding the services provided by the Controller. The processing of your personal data for this purpose requires your prior consent (Article 6(1)(a) of the GDPR). Your consent is voluntary at all times but necessary to receive a response to your enquiry.
– You have the right to withdraw your consent to the processing of your personal data at any time, which does not affect the lawfulness of the processing prior to the withdrawal. However, withdrawal of your consent will prevent us from responding to your enquiry.
– The personal data processed for the purpose of responding to your enquiry is collected through a form available on the Website.
– Your personal data processed for the purpose of responding to your enquiry will be processed for the period specified in section 5 (Data processing period) herein.

3. Processing personal data for marketing and commercial purposes
– The Controller may process your personal data in order to send you marketing and commercial information regarding the Controller’s current activities. The processing of your personal data for the purposes referred to above requires your consent (Article 6(1)(a) of the GDPR) and is not necessary to achieve any other purpose of the processing.
– You may withdraw your consent to the processing of your personal data for the purpose of sending you marketing and commercial information at any time, which does not affect the lawfulness of the processing of your personal data prior to the withdrawal.

5. Data processing period

1. Personal data processed for the purpose of your participation in the recruitment process will be processed for the duration of the recruitment in which you are taking part and for the purpose of your participation in any subsequent recruitment processes for a period of 12 months from the date of your consent.
2. Personal data processed for the purpose of responding to your enquiry will be processed for the duration of the correspondence between you and the Controller.
3. Personal data processed for the purpose of sending you marketing and commercial information will be processed for a period of 10 years from the date of your consent, but not after you have withdrawn your consent.
4. At any time, your personal data may be processed until your potential claims that may arise in connection with the processing of your personal data and the purposes for which the personal data are processed become time-barred.
5. In the case of personal data processed for the purpose of recruitment, if we decide to enter into cooperation, your personal data will also be processed thereafter pursuant to generally applicable legal provisions.

6. Recipients of data, transferring data to third countries

1. Personal data processed by the Controller may be received by entities cooperating with the Controller, when necessary for the purposes for which the data are collected and processed.
2. The recipients of the personal data processed by the Controller may also include subcontractors, i.e. entities whose services are used by the Controller within the scope of data processing, e.g. accounting firms, law firms, entities providing IT services (including hosting services).
3. The Controller may be obliged to disclose your personal data under applicable laws, in particular to authorised state authorities or institutions.
4. Personal data will not be transferred to entities registered outside the European Economic Area.

7. Automated profiling

1. Your personal data will not be processed by automated means, including by profiling.

8. Cookie policy

1. The Controller does not collect any information by automated means, except for the information contained in cookies. The information contained in cookies is only collected during the use of the Website.
2. Cookies are files containing data which are stored on your device and are created while you are browsing the Website. Cookies usually contain the name of the website they come from, the time they are saved on your device and a unique number.
3. The entity saving cookies on your device and accessing them is the Controller.
4. Cookies are used to:
– adapt the content of the Website to your preferences and optimise the Website; in particular, these files allow the Controller to recognise your device and so that the Website can be displayed correctly, as adapted to your individual needs;
– compile statistics which help understand how you and other users use the Website in order to improve its structure and content;
– maintain your session.
5. The Website uses the following types of cookies:
– session cookies and persistent cookies. Session cookies are temporary files that are stored on your device until you log out, leave the Website or close your browser. Persistent cookies are stored on your terminal device for the time specified in cookie parameters or until you delete them;
– strictly necessary cookies enable the use of services available on the Website, e.g. authentication cookies used for services which require authentication on the Website;
– cookies used for ensuring security used e.g. to detect authentication abuse on the Website;
– performance cookies, enabling the collection of information about the use of the Website;
– functional cookies which make it possible to remember your selected settings and personalise your interface, e.g. with respect to your preferred language or region of origin, font size, website layout, etc.; and
– advertising cookies, enabling us to provide you with advertising content more tailored to your interests.
6. Internet browsers usually allow cookies to be stored on your device by default. You may change your cookie settings at any time. In particular, you may disable the automatic handling of cookies in your web browser settings or choose to be informed whenever cookies are stored on your device. Detailed information on the possibility and methods of handling cookies may be accessed in the settings of your software (web browser).
7. Please be advised that restricting cookies may affect some of the functionalities available on the Website.