top of page

The Privacy Policy

​

Effective Date: 24 May 2018 (updated periodically to reflect legal and operational changes)

​

This privacy notice explains how IT.HR Recruitment Agency Agnieszka Grabowska (the “Data Controller”) collects, uses, stores and protects personal data, in accordance with applicable law, including the European Union’s General Data Protection Regulation (GDPR).

 

1. Data Controller

The Data Controller is:
IT.HR Recruitment Agency Agnieszka Grabowska
Registered office: al. Jerozolimskie 81, 01-002 Warsaw, Poland

Personal data collected is controlled and processed by the Data Controller. Where applicable, personal data may also be processed by affiliated entities or joint controllers in compliance with GDPR.

2. Scope of this Notice

This privacy notice applies to:

  • Job candidates and recipients of our recruitment/career services.

  • Associates (individuals sourced or placed on assignment with clients, or for whom we provide outplacement/career transition services).

  • Users of our websites and apps, including www.ithr.pl (the “Sites”), and representatives of our clients, vendors and business partners.

This privacy notice does not apply to staff directly employed by IT.HR Recruitment Agency Agnieszka Grabowska operates in its internal headquarters (separate internal policies apply).

3. Information We Collect

We collect personal data through various channels: our Sites, social media, events, phone/email, job applications and direct interactions with clients or vendors. The type of data collected depends on the relationship and may include:

  • Contact details (name, postal address, email address, phone number).

  • Account data (username, password on our Sites).

  • Information you provide about other individuals (e.g., emergency contacts — you must ensure you are authorised to share such data).

  • Job application data: CV/resume details, education and work history, language skills, professional qualifications, references, date of birth, gender, work authorisation, tax/banking data (as required by law), etc.

  • Special category data (e.g., health/disability data, diversity monitoring) will only be collected with your explicit consent or when required by law.

4. How We Use Personal Data

We process data (as permitted by law) to:

  • Provide recruitment and workforce solutions.

  • Manage candidate and client relationships.

  • Assess candidate suitability and qualifications.

  • Operate and improve our services, perform analytics, accounting and auditing.

  • Comply with legal and contractual obligations (e.g., payroll, taxes).

  • Prevent fraud or unlawful activity.

  • Send marketing communications or job alerts only with your prior consent.

Legal bases:

  •  

    Performance of a contract or steps before entering a contract (Art. 6(1)(b) GDPR).

  • Compliance with legal obligations (Art. 6(1)(c) GDPR)

  • Legitimate interests (Art. 6(1)(f) GDPR) — see section Legitimate Interest below.

  • Explicit consent where required (Art. 6(1)(a) and Art. 9(2)(a) GDPR).

5. Legitimate Interest

Processing based on legitimate interest may include:

  • Improving services and communications.

  •  

    Ensuring IT/network security.

  • Preventing fraud.

  • Limited direct marketing.

Your rights and freedoms are always taken into account. You have the right to object to such processing at any time (Art. 21 GDPR).

6. How We Protect Data

We maintain technical and organisational security measures:

  • Encryption of data in transit.

  • Strong authentication and access controls.

  • Network monitoring and hardened infrastructure.

Data is kept only as long as necessary for the purposes stated or as required by law (tax, accounting, statutory limitation).

7. Data Retention

We determine retention periods based on:

  • Necessity to provide services.

  • Legitimate business interests. 

  • Legal obligations (statutory retention periods).

  • Data is stored in an identifiable form no longer than necessary.

8. Information Sharing

We do not sell your personal data. Data may be shared with:

  • Service providers acting on our behalf (bound by confidentiality and data protection obligations).

  • Clients with relevant job opportunities (for candidates, with prior consent where required).

  • Affiliates and subcontractors assisting in recruitment.

  • Public authorities were required by law or in legal proceedings.

  • Successors in case of business reorganisation or sale.

9. Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure an adequate level of protection using:

  • EU Commission adequacy decisions;

  • Standard Contractual Clauses or other safeguards approved under GDPR.

     

10. Your GDPR Rights

Under Articles 15–22 GDPR, you have the right to:

  • Access your data.

  • Rectify inaccurate data.

  • Request erasure ("right to be forgotten").

  • Restrict processing.

  • Data portability.

  • Object to processing (including direct marketing).

  • Not be subject to automated decision-making (including profiling).

  • Complain to the supervisory authority (PUODO in Poland).

Where processing is based on consent, you may withdraw it at any time.

Requests may be submitted via email to gdpr@ithr.pl or by writing to our Data Privacy Officer (see below).

11. Updates

We may update this notice periodically. The latest version will always be available on our website with the date of the last update indicated.

12. Contact Information

Data Privacy Officer:
Agnieszka Grabowska

IT.HR Recruitment Agency Agnieszka Grabowska
al. Jerozolimskie 81, 01-002 Warsaw, Poland
Email: gdpr@ithr.pl

bottom of page