PRIVACY POLICY
Introduction
The document you are reading constitutes the privacy policy of the HRnest Website, hereinafter referred to as the Website, available at hrnest.io and hrnest.pl directed to entrepreneurs who are also employers.
Respecting the rights and freedom of the persons whose data we process and fulfilling our obligation under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: GDPR), we inform you:
Who is the Administrator of your personal data
The Administrator of personal data and the Administrator of the Website is HRnest Sp. z o.o. with its registered office in Gdynia, al. Zwycięstwa 96/98, 81-451 Gdynia, entered in the Register of Entrepreneurs of the National Court Register by the District Court Gdańsk-Północ in Gdańsk, National Court Register no.: 0000723806, NIP (Tax ID): 5833293000, REGON (National Economy Register): 369734182, share capital: PLN 40,000, hereinafter referred to as the “Administrator”.
Dear Customer, remember:
The Administrator of the personal data of your employees for whom you create an account on the Website as part of your Agreement with us – is you, as the entity that decides on the purposes and means of processing this data. We assist you in achieving your objectives by assuming the role of Processor.
How you can contact the Administrator regarding the processing of personal data
The Administrator has designated a point of contact, which the Data Protection Officer operates. In matters of personal data protection, the Administrator can be contacted:- • by e-mail to: dpo@hrnest.io,
- • by mail – by sending enquiries to the Administrator’s address (HRnest Sp. z o.o., al. Zwycięstwa 96/98, 81-451 Gdynia).
For what purpose, for how long and whose personal data we process
| OBJECTIVE | WHOSE DATA WE PROCESS FOR THIS PURPOSE | LEGAL BASIS | PROCESSING TIME |
|---|---|---|---|
| Responding to an enquiry sent from the contact form on the website or sent directly to the Administrator’s e-mail address | Details of those who sent an enquiry from the contact form. | Art. 6(1)(f) GDPR | For the duration of the correspondence – until the last response (in the case of enquiries). For enquiries and instructions, see below. |
| Responding to requests and instructions | Details of persons who have sent instructions or an enquiry. | Art. 6(1)(b) GDPR | For the duration of the Agreement in order to fulfil its subject matter |
| Art. 6(1)(f) GDPR | For the duration of the Agreement to perform the subject of the Agreement and for the period resulting from the statute of limitations for any claims. | ||
| Website traffic analysis | Data of website users who have consented to the installation of cookies. The information processed is anonymous data – the Administrator does not identify individuals, but processes indirect information about their activity on our Website. | Art. 6(1)(a) GDPR | At most, until the cookie is deleted from the User’s device, but no longer than 14 months. |
| Conclusion and execution of an agreement for the provision of electronic services on the HRnest website | Details of those who have registered an account with our hrnest.io system | Art. 6(1)(b) GDPR | We process the data for the duration of the Agreement and, after its execution, up to the statute of limitations for claims (including claims by the Party), as well as the obligation to keep accounting evidence – the current legal period is 6 years. |
| Responding to complaints | Details of persons who have sent instructions or an enquiry. | Art. 6(1)(f) GDPR | For the duration of the Agreement for the purpose of performing the subject of the Agreement and for the period resulting from the statute of limitations for any claims. |
| Handling a customer’s request for a phone call (submitted on the Administrator’s website) | The data of individuals who submitted inquiries through the contact form. | Art. 6(1)(a) GDPR | For a period of 12 months or until consent is revoked – whichever occurs earlier. |
Who can access personal data
Personal data may be disclosed to public authorities to the extent and for the purposes that result from the provisions of generally applicable law, as well as to entities that process personal data based on relevant agreements signed with the Administrator:
- • providers of hosting services, including e-mail,
- • a law firm in the event of legal questions or the initiation of a claim,
- • to suppliers supporting the Website’s operation, e.g. sending e-mail/sms notifications and/or newsletters, and if you use the chat option on the Website – your data will be processed on our behalf by the Website Provider.
Does the Administrator transfer personal data to third countries
We only transfer to third countries the information collected by cookies, which are provided by Google LLC (list below) and installed on your device after you have given your consent.
Otherwise, personal data is not transferred outside the European Economic Area.
What rights the person whose personal data we process may exercise
You can request that we exercise your rights at any time:
- 1. access to the data to the extent provided for by the GDPR (Art. 15 GDPR),
- 2. rectification of data (Art. 16 GDPR),
- 3. to request the deletion of data when one of the grounds indicated by the GDPR provisions is met (Art. 17 GDPR),
- 4. limitation of data processing in the cases specified by GDPR legislation (Art. 18 GDPR),
- 5. data portability (Art. 20 GDPR),
- 6. to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection (Art. 77 GDPR).
- 7. to object if the data are processed for legitimate purposes pursued by the Administrator (Art. 21 GDPR).
In addition, if we process your personal data with your consent, you have the right to revoke the consent given at any time. The revocation of consent will not affect the lawfulness of the processing of personal data that took place before the revocation.
You can exercise your rights by contacting our Data Protection Officer at dpo@hrnest.io or by sending a request by post. For details, please see “How can you contact the Administrator regarding the processing of personal data”.
COOKIES
Our Website, like most websites, uses so-called cookies. These are small files stored in your device’s memory (computer, phone, etc.), among other things, enabling you to use all the features of the Website. Cookies do not alter the settings of your device. Furthermore, you can delete them at any time using the appropriate options of your browser. Using these options, you can also block the use of cookies in the future. You will find details of the cookies we use below.
On this Website, cookies are used for the following purposes:
- • remembering information about your session,
- • statistics,
- • marketing.
To find out how to manage cookies, including how to disable them in your browser, you can consult your browser’s help file. You can read this information by pressing F1 in your browser.
Notwithstanding the above, a special mechanism has been installed on our Party to allow you to give the appropriate consents according to your preferences.
Necessary cookies
| Cookie | Domain | Description | Duration | Type |
|---|---|---|---|---|
| elementor | hrnest.com | This cookie is used by the website’s WordPress theme. It allows the website owner to implement or change website content in real time. | always | Necessary |
| moove_gdpr_popup | hrnest.com | This cookie is used to remember your choices regarding cookie settings. | 1 year | Necessary |
Statistical and marketing cookies
| Cookie | Domain | Description | Duration | Type |
|---|---|---|---|---|
| _gcl_au | hrnest.pl | Statistical and marketing Provided by Google Tag Manager to experiment with the advertising performance of sites using their services cookies. | 3 months | Statistics |
| test_cookie | doubleclick.net | The test_cookie file is set by doubleclick.net and is used to determine whether the user’s browser supports cookies. | 15 minutes | Marketing |
| _ga | hrnest.pl | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and tracks site usage for site analytics reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | 14 months | Statistics |
| _gid | hrnest.pl | The _gid cookie installed by Google Analytics stores information about how visitors use the website, while also creating an analytical report on the website’s performance. Some of the data collected includes the number of visitors, their source, and the pages they visit anonymously. | 1 day | Statistics |
| _gat_UA-{id} | hrnest.pl | A variation of the _gat cookie set by Google Analytics and Google Tag Manager to enable website owners to track visitor behavior and measure site performance. The pattern element in the name contains the unique identification number of the account or website to which it refers. | 1 minute | Statistics |
| _ga_{id} | hrnest.pl | This cookie is installed by Google Analytics. | 2 years | Statistics |
| _fbp | hrnest.pl | This cookie is set by Facebook in order to display advertisements on Facebook or on a digital platform supported by Facebook Ads, after you have visited the website. | 3 months | Marketing |
| _clck | hrnest.com | It retains the user ID and Clarity preferences, unique to this website and assigned to the same user ID. | 1 year | Statistical |
| _clsk | hrnest.com | It combines multiple page views of the user into a single Clarity session recording. | 1 day | Statistical |
| _uetsid | hrnest.com | It contains the session identifier for a unique session on the website. Note: Since July 2023, _uetsid has been updated with additional parameters as follows: Insights_sessionId, timestamp, page number, refresh, submit. | 1 day | Marketing |
| _uetvid | hrnest.com | UET assigns this unique, anonymous guest identifier representing a unique guest. UET stores this data in its own cookie file. Note: Since July 2023, _uetvid has been updated with additional parameters as follows: Insights_userId, cookieVersion, expiration time, consent, cookie creation time. | One year rounded to the nearest full month | Marketing |
Google Analytics uses “cookies”, that is, text files placed on the user’s computer in order to help the website analyse the way users use it, and “anonymous identifiers”, that is, a random string of characters used for the same purpose as cookies on the websites which include some of the mobile devices not supporting cookie technology. Information generated by cookies about the user’s use of the website (including his/her IP address) will be transferred to Google and stored by it on servers in the United States.
Google will be using this information in order to assess the use of the website by the user, prepare reports regarding movements on the websites for their operators and provide other services regarding movement on the websites and use of Internet. Google will not associate your IP address with any other data held by Google. You may refuse to use cookies by selecting the appropriate settings on your browser, however please remember that in such case you may not be able to use the full functionality of the Website. By using this Website, the user gives his/her consent to Google to process his/her data in a way and for the purposes specified above.
You can get information about the privacy policy of Google Analytics at: http://www.google.com/intl/pl/policies/privacy/
We use Google Tag Manager. This tool is used to manage tags (markers) in order to obtain detailed statistics on the use of the Website and to optimize the Website. You can read the details related to data processing by Google Tag Manager at: https://www.google.com/analytics/tag-manager/use-policy/
Our Website is also integrated with Google marketing services. The Operator’s Website uses a remarketing tool provided by Google company. Thanks to this functionality, the Operator can prepare messages appropriately adjusted to the type of recipient and his/her preferences (profiling). This tool collects information via cookies about visitors on the Website and may allow the Operator to reach the Clients in the future.
Google Signals. For web analytics purposes on our Website, we also use the Google Signals tool, which is an extension of Google Analytics Websites and enables so-called “cross-device tracking” (identifying users using multiple devices). This means that if your internet-enabled devices are connected to your Google Account and you have activated the “personalised advertising” option in your Google Account, then Google can generate reports on how you use our Party (in particular on the number of users using different devices), even if you change your device. We do not process your personal data in this respect; we only receive statistics based on Google Signals functions and technologies.
Therefore, your personal data will also be processed by entities outside the European Union. The appropriate level of protection of your data, including through the use of appropriate safeguards, ensures:
– application of standard data protection clauses adopted by the European Commission, referred to in art. 46 sec. 2 lit. c GDPR.
Clarity. We also use the Clarity tool provided by Microsoft Ireland Operations Limited (Ireland/EU). With the help of Clarity, we analyze your behavior on our websites, such as navigation, page scrolling, cursor movement, etc. We do this to optimize our websites for user experience.
Clarity uses cookies and other technologies to collect information about your behavior on the site and devices used to access the site, such as anonymized IP address, screen size, browser information, location, language. Clarity stores this information as part of a pseudonymized profile. This information is not used for your identification. More information about the privacy policy of the Clarity tool can be found at the following link: https://learn.microsoft.com/en-us/clarity/faq.
Each user has the option to disable activity measured by Clarity by selecting the appropriate options in the cookie management panel on our website.
We use Facebook Pixel marketing tools to target you personalized ads on Facebook. This is related to the use of Facebook cookies. As part of the cookie settings, you can decide whether you consent to the use of Facebook Pixel in your case or not.
Further information on the collection and use of data by Facebook as well as your privacy rights and options can be found in Facebook’s data protection policy at https://www.facebook.com/about/privacy/update.
Stape.io this is a service we use to improve the functionality and performance of our website. It may collect certain personal data and usage information during interactions with our website. This data may include your IP address, browser type, device information, and browsing activity. More information about the privacy policy of the Stape tool can be found at the following link: https://stape.io/eu-privacy-notice.
Microsoft Advertising / Bing Ads. On our website, we use the Microsoft Advertising service (hereinafter referred to as Microsoft Ads), provided by Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads). Microsoft Ads is an online service that utilizes Universal Event Tracking (UET) to assist us in displaying targeted advertisements through the Microsoft Bing search engine.
Microsoft Ads uses cookies. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers, and information about device and browser settings.
Microsoft Ads collects data through UET, allowing us to track target groups using remarketing lists. For this purpose, a cookie is stored on the user’s end device used when visiting our website. Microsoft Ads can thus recognize that our website has been visited and display an advertisement when Microsoft Bing or Yahoo is used at a later time. This information is also used to create conversion statistics, i.e., to record the number of users who visited our site after clicking on the ad. This informs us about the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information enabling personal user identification.
Details regarding Microsoft Ads, as well as the ability to manage settings, can be found on the https://account.microsoft.com/privacy/ad-settings/
ADDITIONAL INFORMATION
We take special care to protect your data, and in particular, we ensure that the data we collect is processed lawfully; collected for the designated, lawful purposes indicated herein and not subjected to further processing incompatible with those purposes; substantively correct and adequate in relation to the purposes for which it is processed; and stored in a form that enables your data to be processed for no longer than is necessary to achieve the purpose of the processing, and for no longer than there is a legal basis for the processing.
Any capitalised words or expressions in the body of this Privacy Policy shall be construed in accordance with their definition in the Website Regulations.
The provision of personal data in connection with the Website is entirely voluntary and up to you, but is at the same time necessary for using our Websites (including entering into an agreement with us) or features of the Website – due to their nature.
Where you have consented to receive marketing information from us, you will receive information from us based on that consent, including but not limited to information about promotions and special offers relating to our Website, to the e-mail address you have provided to us. Please note that your consent is completely voluntary and you can revoke it at any time. To revoke your consent, simply contact us. The processing remains lawful until you revoke your consent.
When processing your personal data, we use organisational and technical measures in accordance with the relevant legislation, including the use of encryption of the connection with an SSL certificate.
