I. Preliminary provisions

  1. This Policy describes the ways in which the administrator of processes personal data for the purpose of providing services.
  2. The Controller of personal data is Smart Engineering Alliance sp. z o.o. with its registered office in Gdańsk (80-254), ul. Partyzantów 8/8, with NIP: 5842786943, REGON: 384309211, registered in the District Court of Gdańsk-Połnoc in Gdańsk, VII Commercial Division under KRS number: 0000802628, holding a share capital of PLN 5000.00.
  3. The Controller shall make every effort to ensure that personal data is processed in accordance with the applicable laws and that it is protected against loss, destruction, disclosure, access of unauthorized persons or misuse.
  4. The Controller also guarantees the confidentiality of all data provided by the Users by taking effective measures of security and protection of personal data. If the User has any suspicion that the personal data is not adequately protected, the User should contact the Controller at

II. Definitions

For the purposes of this Policy, the following notions shall mean as follows:

  1. Controller/Service Provider – Smart Engineering Alliance sp. z o.o.
  2. Application – the totality of personal data and information sent by the Employee via the Website.
  3. Personal data – any information relating to an identified or identifiable natural person.
  4. Account – the place available to the User after logging in (providing login and password) on the Website, through which the User can enter his personal data and use the Services offered by the Controller as part of the Website.
  5. Cookies – text files stored by a web browser on a computer disk or on a user’s mobile device in order to store information used to identify the User or remember the history of actions taken by the User on the Website.
  6. Employer – means a natural person, legal person or an organisational unit other than a legal person whose law confers legal capacity, carrying on its own behalf an economic or professional activity, who uses the services offered by the Controller for the purpose of searching/employing the Employee.
  7. Employee – means an adult natural person with full legal capacity, who uses the Services of the Website to find a job.
  8. Profile – means the functionality of the User’s account, allowing the User to collect selected information, including, for example, in the case of the Employee, information concerning the course of his/her professional career, history of education and other professional skills.
  9. Processing of Personal Data – an operation or set of operations performed on Personal Data or sets of Personal Data in an automated or non-automated manner, such as collecting, recording, organizing, ordering, storing, adapting or modifying, downloading, reviewing, using, disclosing by uploading, disseminating or otherwise making available, matching or combining, restricting, deleting or destroying.
  10. Regulation or GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  11. Terms and Conditions – the Terms and Conditions for the use of the Website.
  12. Website – an information system made available electronically by the Service Provider at, enabling Users to use the Services described in the Terms and Conditions.
  13. Service / Services – the services provided through the Website.
  14. User – any natural person who uses the Service in any way.

III. General Principles of the Processing of Personal Data

  1. Each time the scope of Personal Data required for the performance of a given service is indicated on the Website and in the contents of the Terms and Conditions. When data is being submitted by the User in forms, the system automatically marks mandatory data. Failure to provide obligatory Personal Data by the User may result in the User’s inability to use the Services provided by the Service Provider.
  2. The User is required to provide Personal Data to use the Website Services, including, among others, to create an Account or to submit an application/registration form.
  3. The Controller uses and makes available the User’s Personal Data:
    1. to the extent required to provide the Services and functions requested by the User and to implement the provisions of the Terms and Conditions;
    2. to the extent not exceeding the consent given by the User, which the User may revoke at any time;
    3. in order to safeguard the interests of the User,
    4. in accordance with applicable laws.
  4. The Controller may collect and process information provided by the User when creating or updating an Account on the Website, as well as when submitting an application form. This information may include, among others:
    1. in the case of the Employer: name and surname of the employer’s representative, company name, VAT number, company address, e-mail address, telephone,
    2. in the case of the Employee: name, e-mail, telephone, gender, age, years of experience, place of interest in the work, i.e. country, province, city, profession, specialization, and, optionally: command of foreign languages, work experience, education, courses, training, employment preferences, name and password used to log into the Account.

IV. Purpose and Scope of Collection and Processing of User Personal Data

Possible purposes of collecting and processing User Personal Data by the Controller are as follows:

  1. Conclusion and execution of a contract for the provision of Services, making payment transactions, providing confirmations and notifications concerning published Applications/advertisements as well as receiving and handling complaints
    1. The primary purpose of the processing of Personal Data by the Controller is the implementation of the Services and the maintenance of the functioning of the Website. On the Website, the User has the opportunity to create an Account by filling in the registration form. If the User completes the registration/application form, the Controller will process the data that the User has entered in the form and, in the case of registration of the Account, also the password provided.
    2. In order to run the recruitment portal, the Controller processes Personal Data also by collecting job offers from Employers and concluding contracts with them, collecting offers of Employees (candidates) looking for employment and forwarding them to Employers on the basis of Agreements entered into by the Controller and Employers.
    3. The Controller also uses the information to provide, personalize, maintain and improve the Services provided within the Website. This information may be used, among other, for the following purposes: creating and updating your Account, verifying User identity, or enabling Users to use the Services.
    4. The Controller processes Personal Data also in order to compile the information provided by Users in an automatic way and automatically match the Employee Profile to the job offers of Employers, in order to provide Services based on the latest technological solutions.
    5. The legal basis for processing is article 6 paragraph 1 point b of the GDPR (necessity for the performance of the contract for the provision of electronic services).
  2. Securing Claims
    1. In order to establish, pursue and execute possible claims against Users, the Controller may also process some of the Personal Data provided by them, data concerning the use of the Services, as well as other data that will be necessary to prove the existence of a claim, the execution of it or the defence against claims in proceedings before courts and other state bodies, and to
conduct litigation and storage of data for archiving purposes.
    2. The legal basis for processing is article 6 paragraph 1 point f of the GDPR, that is, the legitimate interest of the Controller. In this respect, data is processed for the statutory limitation period of the claims.
  3. Providing Content and Services
    1. In order to provide content and Services, including content tailored to the User’s interests, the Controller uses the available information (e.g. about the job advertisements that the Employee might be interested in).
    2. The Controller also collects information concerning the sharing of the Profile and the submission of the Application and statistics concerning published advertisements.
    3. The Controller also uses the abovementioned data to create a professional profile corresponding to the skills, education, experience, interests and preferences of the User (Employee). Based on the created professional profile, the Controller adjusts marketing information about the Services and Employers that may be of interest to the Employee.
    4. The Controller profiles Personal Data within the meaning of article 4 point 4 of the GDPR, which means any form of automated processing of Personal Data, which involves the use of Personal Data to evaluate certain personal factors of a natural person, in particular analysis or prediction of aspects related to work outcomes, his/her economic situation, health, personal preferences, interests, credibility, behavior.
  4. Conducting Research and Development
    1. The Controller may use the collected information to conduct tests, studies and analyses and to develop new Services. This allows to increase the security of services offered by the Controller, as well as to develop new features and products.
    2. The legal basis for processing is article 6 paragraph 1 point f of the GDPR, that is, the legitimate interest of the Controller, consisting in facilitating the use of the Services provided electronically and improving the functionality of these Services.
  5. Ensuring the Security of Information Processing on the Website
    1. The Controller also uses the information to verify the Accounts, detect spam, eliminate improper behavior and other actions incompatible with the Terms and Conditions, threatening the safe operation and the use of the Website Services.
    2. The legal basis for processing is article 6 paragraph 1 point f of the GDPR, that is, the legitimate interest of the Controller, consisting in facilitating the use of the Services provided electronically and improving the functionality of these Services.
  6. Cookies
    1. The Controller also collects information about the location of the User. Depending on the Services used by the User, the settings of the Website, of the Application and on the privileges granted to it, the Controller may collect information about the exact or estimated location of the User specified using data such as GPS position, IP address or Wi-Fi network data.
    2. The Controller also collects information about how the User uses the Services. That may include information such as dates and times of access, functions of the Service or pages viewed, Website failures and other types of system activity, browser type and information about third party websites or services that the User used before using the Service. In some cases, the Controller collects this information through Cookies.
    3. In order to optimize the content available on the Website and to adapt it to individual needs, the Controller uses information stored through Cookies on the User’s end devices. No information is collected automatically, except for the information contained in the Cookies.
    4. Cookies are text files that are stored in the end device of the Website User. They are required for the proper functioning of the Website. They contain the name of the website of their origin, a unique number, storage time on the end device.
    5. The Controller places Cookies on the end device of the User and has access to them.
    6. Cookies are used for the purpose of:
      • i. optimizing the content of the Website by adjusting its content to the individual needs of the User, including recognizing the User’s device, in order to display the website according to its preferences;
      • ii. preparing statistics, thanks to which it is possible to learn how the Website is used and to adapt its content to the preferences of Users and to assess the popularity of the website;
      • iii. enabling the User to log in into the Website and to maintain the session after logging in, on each subsequent subpage.
    7. Two types of Cookies are used on the Website:
      • i. session files, stored until the User leaves the Website;
      • ii. permanent files, stored until they are deleted or for the time specified in the parameters of Cookies.
    8. Options and parameters for the use of Cookies can be found in the settings of the web browser. Most browsers are set to accept the storage of Cookies on the end device by default. Changing these settings is possible at any time and may include blocking the use of Cookies or notifying the User when they are placed on the User’s device. Changing the default settings may result in restrictions to the availability and functionality of the Website content.
    9. The possibility of sharing Cookies placed on the User’s terminal device with advertisers and other cooperating entities is reserved.
    10. Detailed information about Cookies can be found in the browser menu or on the website of the browser manufacturer.
    11. Cookies are used by the Controller to develop, test and improve the Services and, among other purposes, to conduct research and surveys and test new products and functions, as well as to solve problems related to them.
    12. The Controller also uses information, including information about the actions of the User outside the Services, e.g. about the sites that the User visits and the amount of time spent on each of them, ads that the User watches, as well as data on search history, IP address, location, device ID, and browser and operating system data to help advertisers and partners measure the effectiveness and distribution of ads and Services.
    13. The Controller monitors the quality of the Services provided in order to meet the expectations of the Users. For this purpose, statistics on the use of individual functions and subpages of the Website by the User are collected with the use of:
      • i. internal analytical tools,
      • ii. statistical tools provided by analytical services partners.
    14. The legal basis for keeping statistics is the legitimate interest of the Controller (article 6 paragraph 1 point f of the GDPR), consisting in analyses of the User’s activity on the Website conducted in order to improve the functionalities of it.

  7. Communication
    1. The Controller can communicate with Users by means of system information, notifications, by e-mail or by phone.
    2. The User can directly contact the Controller at any time by sending a message in writing to the Controller’s post address or by e-mail sent to the Controller’s e-mail address indicated in section I point 4.
    3. The Controller keeps correspondence with the User for statistical purposes and in order to respond best and quickest possible to emerging inquiries, as well as to conduct complaints procedures. The data will not be used by the Controller for other purposes.
    4. The Controller also uses the information in order to send Users marketing messages, messages about the Services and to inform Users about the terms, regulations and updates of the Services.
    5. In the event the User contacts the Controller (e.g. in order to lodge a complaint), the Controller may again request the User to provide data, including Personal Data, e.g. in the form of name, surname, e-mail address, etc., in order to confirm the User’s identity and enable a return contact on the matter. This applies to data, including personal data, which has previously been provided by the User and for the processing of which the User has given prior consent. The provision of that data is not mandatory but may be necessary to perform actions or obtain information of interest to the User.
    6. The legal basis for handling complaints and applications and conducting communication with the User is the legitimate interest of the Controller (article 6 paragraph 1 point f of the GDPR), which consists in improving the functionality of services provided electronically and building positive relationships with Users.

  8. Newsletter
    1. The User may also grant consent to the processing of Personal Data in the form of an e-mail address and telephone number for direct marketing of the Controller’s Services during and after the end of the provision of the Service. The consent to the processing of data is voluntary.
    2. Providing Personal Data is necessary for the User to use the Newsletter service. Failure to provide data results in the inability of the User to use the Newsletter service.
    3. Personal data will be processed for the purpose of organizing and providing the Newsletter service, handling possible complaints, and in order to comply with the obligations provided for by the law.
    4. The User may resign from the Newsletter service at any time by cancelling his/her consent at no cost. For this purpose, it is sufficient to send the information to contact details listed in part 1 of the Information Policy (e.g. e-mail, letter).
    5. The legal basis for sending marketing messages to the User is the legitimate interest of the Controller (art. 6 paragraph 1 point f of the GDPR), which consists in promoting own brand. For the purpose of cooperation, the browser or other software installed on the User’s device also stores Cookies from entities carrying out such marketing activities, which may become the Controller of the User’s Personal Data.

  9. Social Networks
    1. The Controller also processes Personal Data of Users visiting the Controller’s profiles in social media (Facebook, YouTube, Instagram, LinkedIn, Twitter). The data is processed only in connection with the running of the profiles, for instance in order to inform Users about the activity of the Controller and to promote various types of events, services and products.
    2. The legal basis for the processing of personal data by the Controller for this purpose is his legitimate interest (art. 6 paragraph 1 point f of the GDPR), which consists in promoting own brand.

  10. Data that is not processed by the Controller
    1. The Controller does not process Personal Data belonging to special categories of Personal Data within the meaning of art. 9 of the GDPR and Personal Data relating to convictions and infringements of article 10 of the GDPR.

V. Possible Recipients of the User’s Personal Data.

  1. Personal data of the User may be transferred to entities processing it on behalf of the Controller, among others:
    1. marketing agencies, marketing partners and suppliers of marketing platforms;
    2. cloud service providers,
    3. IT service providers,
    4. processors and coordinating payment processes,
    5. data analysis services providers,
    6. consultants, lawyers, accountants and other professional service providers,
    7. entities associated with the Controller personally and in capital, which help the Controller to provide services or perform data processing tasks on the Controller’s behalf;

    – all such entities process data on the basis of a contract concluded with the Controller and only in accordance with the Controller’s instructions.

  2. In the event that the User applies to job offers published on the Website, the Controller processes the User’s Personal Data only on the instructions of the Employer who posted the job advertisement. The Controller only mediates the exchange of Personal Data between the Employer and the Employer and is not the controller of such data.
  3. The Controller also makes Personal Data available to authorized state authorities if they contact the Controller in connection with their tasks. These may include, in particular, the organizational units of the prosecutor’s office, the Police, the Inspector General for Personal Data Protection (in the future the President of the Office for Personal Data Protection), the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.

VI. Data transfers to third countries (outside the European Economic Area)

  1. When the Controller uses tools that support his current activity, Personal Data of Users may be transferred to a country outside the European Economic Area, in particular to the United States of America (USA) or another country where the entity cooperating with it maintains the tools used to process Personal Data in cooperation with the Controller.
  2. Appropriate security measures for the Personal Data provided by the User have been taken by the Controller through the application of data protection clauses that meet the requirements of the GDPR. In the case of data transfers from Europe to the USA, some entities operating there may additionally provide an adequate level of data protection in the so called Privacy Shield programme (more information available at

VII. Access to and Correction of Personal Data stored by the Controller.

  1. In connection to the processing of Personal Data by the Controller, the User has the following rights:
    1. the right to request access to data, to rectify or delete it or to restrict the processing,
    2. the right to object to the processing,
    3. the right to transfer Personal Data;
    4. the right to withdraw consent to the processing of Personal Data for a specific purpose, if the User has previously given such consent,
    5. the right to lodge a complaint to the supervisory authority in connection with the processing of the User’s Personal Data by the Controller.
  2. The User may exercise these rights in accordance with the rules described in articles 16–21 of the GDPR by sending a message to the Controller’s e-mail address.
  3. All requests received by the Controller will be completed in the shortest possible time. In the case of some submissions (of complicated nature), the execution time may be extended, however, in any case, within one month the User will be informed about the actions taken by the Controller in order to complete the application.

VIII. Personal Data Retention Period and the Archiving of Information That Includes Personal Data.

  1. The retention period for Personal Data depends, among other factors, on the nature of the data, and on the reason for the collection and processing of it.
  2. Personal data will be stored for the period required by the provisions of the generally applicable law, if this is separately regulated, with particular regard to the limitation periods of claims arising from obligations to which the Controller and the person whom the data concerns. The Controller declares that the User’s Personal Data will not be processed for a period longer than required by law or provided for in the internal regulations of the Controller.
  3. In the event of concluding a contract for the provision of Services, Personal Data will be stored for the period necessary for the performance of the contract, including, among other contexts, as long as it is needed by the Controller to provide the Services and provide Services to Users, as well as to complete recruitment processes, whereby the Controller is required to provide the Services and provide Services to Users, as well as to complete recruitment processes in which the data subject participates, but no longer until the person revokes consent to the processing of personal data.
  4. If the User has an Account on the Website, the User’s data will be processed for the duration of the User’s use of the Account, and in the event of its deletion or the termination of the contract for the provision of services by electronic means (regardless of the reason and basis for its termination), no longer than it is necessary for the purposes of handling complaints and claims related to the use of services provided by the Controller (limitation period of claims resulting from the Act).
  5. Personal data of the User contained in the resume form (Profile) is processed by the Controller from the moment of it is entered into the form until it is removed from the form (when the form is cleared). Processing of Personal Data will be terminated by a permanent deletion within 2 months of the removal of data from the form.
  6. Personal Data may be processed by the Controller, despite the withdrawal of the consent of the data subject, if this is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party in compliance with the requirements of provided for in Article 6 paragraph 1 point f) 16 of the GDPR.
  7. The Controller stores the Personal Data of non-logged-in Users for a time corresponding to the life cycle of cookies stored on their devices.

IX. Security

  1. The Controller applies technical and organizational measures to ensure the protection of processed Personal Data appropriate to the risks and categories of data covered by the protection, and in particular protects the data against disclosure to unauthorized persons, processing in violation of applicable laws and changes, loss, damage or destruction.
  2. Measures applied by the Controller include:
    1. protection of the data set against unauthorised access,
    2. SSL certificate on the pages of the Website where the User’s Personal Data is provided,
    3. access to the Account only on the Website after entering the login and password,
    4. creating regular backups,
    5. measures to prevent unauthorised copies of personal data processed using IT systems,
    6. system of registration of access to the system of personal data collection.
  3. In order to ensure the security of User Personal Data, the Controller regularly tests, measures and evaluates the effectiveness of the security applied.

X. Risk associated with the use of electronically provided services

  1. The Controller informs Users that when using the Services, at the time of inadequate care of the security of their data, they may expose themselves, among others, to the risk of:
    1. tampering with data by unauthorized persons who can view, copy, modify and delete data,
    2. receiving unsolicited e-mail;
    3. data phishing,
    4. interference of third parties in the transfer of information between the User’s system and the Controller’s system,
    5. infecting the system with malware.
  2. To minimize the above risks, it is recommended to:
    1. always use up-to-date versions of software, e.g. browsers,
    2. to check certificates before logging into the Account on the Website.

XI. Final provisions

  1. The Controller reserves the right to change the content of the Policy in the future. Changes in the Policy may be introduced for the following and other important reasons:
    1. changes in applicable laws, in particular concerning the protection of Personal Data, telecommunications law, services provided electronically and regulating consumer rights, which affect the rights and obligations of the Controller or the rights and obligations of the User;
    2. development of functionality or Services dictated by the progress of Internet technology, including the application/implementation of new technological or technical solutions affecting the scope of the Policy.
  2. The Controller shall each time post information on changes to the Policy on the Website.
  3. In case of doubts or contradictions between the Policy and the consents granted by the User, regardless of the provisions of the Policy, voluntary consent or legal provisions are always the basis for taking and determining the scope of actions by the Controller. This document constitutes a set of general, informative statements only (it is neither a contract or a binding set of terms and conditions).
  4. This version of the Policy applies from: 15.04.2020