IRONIN SP. Z O.O. SP. K. is committed to protecting the private nature of your personal information. Our procedures ensure that your data is handled responsibly, in accordance with applicable data protection laws and state-of-the-art security measures. Our solutions prevent unauthorized access to your data.
The administrator of your data and your Personal Data Administrator is IRONIN SP. Z O.O. SP. K.; Al. Jana Pawła II 80 / 39, 00-175 Warsaw, Poland; The District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register; KRS: 0000665728 NIP: 5252700722 REGON: 366646626, hereafter referred to as “iRonin”, “Data Controller”, “Personal Data Administrator” or “We”.
You can contact us to learn more about data processing and your legal rights. A Data Protection Officer was appointed at iRonin. To communicate with our Data Protection Officer, please email firstname.lastname@example.org. If you feel that your laws are violated in any way by our data processing activities or that we do not guarantee sufficient measures of data protection, you can make an official complaint by contacting the President of the Personal Data Protection Office (e-mail: email@example.com, address: Stawki St. 2, 00-193 Warsaw; phone number: +48 22 531 03 00; fax: +48 22 531 03 01).
We select and use appropriate measures (both technical and organizational) to protect personal data that is being collected and processed by us. Access to the collected data is only possible for persons authorized by iRonin. We protect the data against unauthorized access.
iRonin protects personal data against its processing in violation of the applicable laws. All collected personal data is processed in accordance with applicable laws, including the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 (“GDPR”). Providing personal information is a voluntary action.
We may process your personal data, including: IP address, and the following data if it was provided: e-mail address, first name, last name, phone number, country, city, mailing address and career details. We retain collected personal data as long as is necessary for the fulfillment of the above mentioned purposes.
If you sign up for our newsletter or mailing list (both hereafter referred to as “Newsletter”), we will process your e-mail address and any additional information provided by you, as it is necessary in order to deliver to you the Newsletter you have signed up for, and you expressed your consent to the processing of your Personal Data. This data is stored and processed as long as you wish to receive our mailing services, and your consent to this lasts until you express a deliberate request to delete you from our database by contacting firstname.lastname@example.org.
If you contact us using our chat widget (provided by Intercom), comment section (provided by Disqus) or using any other available communication tool, you are agreeing to the collecting and processing of data you provide during such communication and data required or collected by the given tool, according to appropriate privacy policies and terms of such tool.
We may provide your personal data to third parties at the request of state authorities authorized to do so. In such an event, the processing of personal data is necessary for compliance with iRonin’s legal obligations.
We may provide your personal data and non-personal data to external data processors - our third party vendors. Your personal data may be transferred to, stored and processed outside the European Economic Area. Our third party vendors are fulfilling a required protection level based on the European Commission’s decision (12 July 2016), complying with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
The scope of data we may deliver to third party companies acting as a processor on our behalf:
- details about your connecting to our website, including: information about your browser and operating system (screen resolution, screen colors, browser ID, browser type and version, OS, device type, other device details, language, used plugins and their versions), date and time of connection, source of the traffic.
- details about your behaviour on our site: visited pages on our websites, items clicked, actions taken on our website, event data, web session duration, page view duration.
- details about your interactions with e-mails you received from us, including: what links were opened, information about e-mail delivery status and if a given e-mail was opened by you.
- your personal data, including: IP address, e-mail address, demographic data, and the following data if it was provided: first name, last name, phone number, mailing address.
- TMS (Talent Management System) - data collected after you are redirected to the application form in the following tab of the iRonin website: https://www.ironin.it/careers.html iRonin recruits for its own needs and for the clients to whom we provide services. Therefore, we would like to inform you that Users’ data can also be processed by iRonin’s clients. At the same time, we would like to inform you that by consenting to a particular recruitment process, this consent applies to only the one process. Consent for future recruitment will apply to both recruitment for a specific position included in the job advertisement and for other future recruitment opportunities. This means that we will store Personal Data in our database in order to send you information about job offers tailored to your profile and professional experience. The User may withdraw the consent for further processing at any time, in accordance with the “User rights” section of this Policy.
- The User’s Personal Data may also be processed should the User receive a recommendation in the form of a document provided to us through our official contact addresses or internal communication tools. In this situation, the person making the recommendation provides us with a CV or other documents containing the data of the recommended person. iRonin verifies the profile of the recommended person, received from the recommender, regarding the consent of the recommended person for the processing of Personal Data that meets the requirements of the GDPR. If the required consent has been given, iRonin has the authority to use this data as part of our recruitment processes.
Your personal data will be processed by the Personal Data Administrator for purposes related to:
- fulfilling a contract entered into with a given person, which will include sending to them the Newsletter, and managing and monitoring the correctness of the contract and any transactions (Article 6 paragraph 1 point b of GDPR);
- maintaining accounting and bookkeeping documentation (Article 6 paragraph 1 point c of GDPR)
- solving conflicts and claiming rights resulting from the claimant’s economic activity - which is a lawful purpose of the Administrator (Article 6 paragraph 1 point f of GDPR)
- responding to Users (via the e-mail addresses and phone numbers provided by them) who previously made inquiries through Intercom or via other ways of contacting iRonin, including the e-mail addresses provided on the website www.ironin.it. In the case of contacting the User in order to provide a response, the legal basis for the processing of Personal Data is the consent of each User to the processing of personal data (Article 6 paragraph 1 point a of GDPR);
- evaluating a person as a candidate for employment, consideration of a job application submitted by the User and possible completion of the recruitment process by iRonin, after prior consent of the User to the processing of their data as included in a CV or in an interactive application form - which is a lawful purpose of the Administrator (Article 6 paragraph 1 point f of GDPR);
- monitoring website traffic, enhancing user experience, providing additional communication channels (e.g. real-time chat and a commenting feature for articles), improving marketing materials and iRonin’s offer. The legal basis is the User’s consent to the processing of Personal Data (Article 6 paragraph 1 point a of GDPR) and the requirements of pursuing legitimate interests by the Data Controller (Article 6 paragraph 1 point f of GDPR).
Any person whose personal data is collected, stored and processed (hereafter referred to as: “Data Subject” or “User”), has the following rights:
- the right to request access to their personal data and the information on data processing; in the case of incorrect data the Data Subject holds the right to request data rectification (Article 15 and 16 of GDPR);
- the right to the restriction of processing of their data in the situations and rules described in Article 18 of GDPR - the Data Subject may request restriction of their data processing where one of the following applies:
- the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
- the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests a restriction on their use instead;
- the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
- the Data Subject has objected to the processing of their data, pursuant to Article 21(1) of GDPR, pending verification of whether the legitimate claim of the Data Controller overrides that of the Data Subject.
- the right to the erasure of personal data, according to Article 17 of GDRP (“right to be forgotten”);
- the right to personal data portability, according to Article 20 of GDPR - the right to receive from the Data Controller personal data in a structured, commonly used and machine-readable format, and the right to transmit these data to another controller; this right concerns only data provided to the Data Controller by the Data Subject themselves;
- the right to object at any time, on grounds relating to the Data Subject’s particular situation, to the processing of personal data concerning themselves by the Data Controller for purposes of the Data Controller’s legitimate business (Article 21 of GDPR);
You have the right to access your data (by requesting a copy of all your data), modify the data and delete any given data, as well as to rectify, erase and limit the processing of the data, transfer of the data, object to the processing of the data based on a legitimate interest of iRonin, withdraw consent at any time without affecting the lawfulness of the processing (where the processing takes place on the basis of a consent) carried out based on the consent given before its withdrawal (legal basis: article 7 paragraph 3 GDRP). All the mentioned operations regarding your data can be requested by contacting us at email@example.com or using the appropriate functionality of the Service provided, if such functionality was made available to the user.
Personal data shall be stored only for the period necessary to achieve the particular purpose for which it was provided, or in order to comply with the law. The period of data processing depends on the type of service provided, the purpose of the processing and its legal basis:
- in the case of processing personal data on the basis of consent, the period of processing continues until you withdraw your consent;
- in the case of processing personal data based on the justified interest of the data controller, the processing period lasts until the cessation of the above-mentioned interest (e.g. the period of limitation of civil claims) or until the person whose data are concerned objects to further such processing – in situations where such an objection is in accordance with the law;
- in the case of legal disputes, personal data will be stored and processed at least until the final resolution of a given legal dispute;
- for accounting-related purposes your data (if applicable) will be stored for a period of 5 years in accordance to the Accounting Act;
- in the case of a recruitment process, personal data shall continue to be processed within the period of twenty-four months after the completion of the recruitment process;
- we may store data limited to name and surname, e-mail, application history and information on expressed consents for the purpose of defending against possible claims for a period of 3 years from the deletion of other previously provided data;
- in case of processing cookies, we will process your personal data for the period within which cookies will be stored on your device.
The governing law is the law governing over the administrator’s registered seat. All disputes shall be resolved through amicable negotiations, and in case of lack of settlement the dispute shall be resolved by the court competent for the registered seat of the Administrator.