PRIVACY POLICY
CANDIDATES AND WORKERS
Ostatnia aktualizacja 09/02/2026
PRIVACY POLICY
CANDIDATES AND EMPLOYEES
NORDIN Sp. z o.o.
INTRODUCTORY INFORMATION
This document sets out the detailed rules for the processing of personal data of job candidates and posted employees, in connection with recruitment processes, employment, and the provision of work for the benefit of NORDIN’s clients.
This document constitutes a supplement to the Privacy Policy (MASTER) and should be read jointly with the master document.
DATA CONTROLLER
The controller of personal data is:
NORDIN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
ul. Świętojańska 43 / 23
81-391 Gdynia, Poland
KRS: 0001179220
NIP: 5862418757
REGON: 542022513
Contact:
📧 [email protected]
DATA PROCESSOR
In certain operational processes, personal data may be processed by:
NORDIN CONSULTING
ul. Świętojańska 43 / 23
81-391 Gdynia, Poland
NIP: 5871553779
REGON: 193071579
NORDIN CONSULTING acts solely as a data processor, based on a data processing agreement and exclusively on documented instructions of the Controller.
SCOPE OF PERSONS COVERED BY THIS DOCUMENT
This policy applies to:
job candidates applying via forms,
email,
chatbots,
voicebots,
or other application methods,
individuals participating in recruitment processes conducted by NORDIN,
employees employed and posted to work for NORDIN’s clients,
individuals contacting NORDIN for the purpose of establishing employment cooperation.
SCOPE OF PROCESSED DATA
Within recruitment and employment processes, the following personal data may in particular be processed:
identification data (first name, last name, date of birth),
contact data (telephone number, email address, address),
data contained in CVs and application documents,
information on professional experience and qualifications,
data related to availability and readiness for work,
data required by labor law and posting regulations.
MORE DETAILED SCOPE OF PROCESSED PERSONAL DATA
(temporary workers posted to NORDIN’s clients)
If you are a temporary worker or a candidate posted to perform work for one of NORDIN’s cooperating clients, the Controller may process — to the extent necessary to perform cooperation, legal obligations, and operational purposes — the following categories of personal data:
Identification Data
The Controller may process identification data, including in particular: first and last name, contact details (residential address, telephone number, email address), citizenship, country of residence, date of birth, and in justified cases also gender, signature (including electronic signature), as well as information regarding foreign language skills.
Professional Information
Data related to the course and nature of work may be processed, including in particular: job position, description of duties, place of work, department or project, business email address, reporting structure, and employment status (e.g. full-time, part-time, project-based work).
Financial Information
The Controller may process financial information including, among others: bank account number, financial institution details, tax identification number (NIP), and other data required by tax or insurance regulations.
Remuneration Information
Data concerning remuneration may be processed, including in particular: amount and frequency of payments, salary components, allowances, non-wage benefits, bonuses, and other entitlements arising from contracts or legal provisions.
Performance Evaluation Information
The Controller may process information relating to work performance, including periodic evaluations, information on goal achievement, quality of performed duties, and other data used in operational and HR processes.
Disciplinary Information
Where justified, the Controller may process data concerning applied disciplinary or corrective measures, provided they were imposed in accordance with applicable law.
Complaints and Reports
For the purpose of enabling the submission of complaints, violations, or suspicions of irregularities, the Controller may process personal data of reporting persons, persons indicated in reports, and persons concerned by reports, to the extent necessary to conduct an analysis or explanatory proceedings.
Identifiers Issued by Public Authorities
The Controller may process identification data issued by state authorities, including in particular the PESEL number, NIP number, or other identifiers required by law.
Recruitment Documents
Data contained in application documents may be processed, including CVs/resumes, cover letters, interview notes, references, photographs, and other information provided during the recruitment process.
Travel and Expense Data
The Controller may process data related to the organization of travel and accommodation, including information on routes, tickets, hotel reservations, travel costs, and loyalty programs.
Voluntarily Provided Information
The Controller may process information you voluntarily choose to provide, including data shared during contact with technical support, helplines, or via telephone, email, video communication, or online tools.
Vehicle Information
In justified cases, the Controller may process data relating to private or company vehicles, including registration numbers, parking information, parking fees, or traffic violations.
Photographic and Video Materials
In the case of participation in events, meetings, training sessions, or other activities organized by the Controller or clients, images recorded in the form of photographs or video recordings may be processed.
Trade Union Membership
To the extent required by labor law or based on explicit consent, the Controller may process information regarding membership in trade union organizations.
Family Members and Dependents
The Controller may process data concerning family members or dependents, including emergency contact details and information required to fulfill employment or social obligations.
Identification and Access Control Data
Data contained on identification cards or access cards may be processed, including first and last name, identification number, photograph, and related organizational information.
Video Surveillance
The Controller may process recordings from video surveillance systems, to the extent permitted by law, for the purpose of ensuring the safety of persons and property.
Survey Results
The Controller may process responses provided in surveys, opinion polls, or satisfaction studies conducted in connection with employment or cooperation.
Use of IT Devices and Systems
Information relating to the use of devices, software, and IT systems provided by the Controller may be processed, including data concerning access to networks, email, and communication systems.
Visitor Data
In the case of visits to the Controller’s premises or client facilities, identification and contact data, vehicle data, and — where required by law — information related to health and safety may be processed.
SANCTIONS AND REGULATORY COMPLIANCE
The Controller may perform verifications regarding applicable trade sanctions, including checking whether a person holds a politically exposed position or is subject to restrictions under national or international regulations.
SPECIAL CATEGORIES OF DATA
To the extent required by labor law and posting regulations, NORDIN may process special categories of data, in particular:
information on fitness for work,
medical examination results,
health-related data.
The Controller may process health-related data, including information on fitness for work, accidents, illnesses, disabilities, absences, parental leaves, and other benefits, solely to the extent and on the legal bases provided for by law.
Other data required by law.
All special categories of data are processed with enhanced standards of security, confidentiality, and compliance with applicable regulations.
Such data are processed exclusively:
where necessary,
by authorized persons,
for the period required by law.
PURPOSES AND LEGAL BASES FOR PROCESSING
Personal data of candidates and employees are processed for the purpose of:
conducting recruitment processes,
contacting candidates regarding job offers,
employing and posting workers,
fulfilling obligations arising from labor law,
operational communication.
The legal bases for processing include in particular:
consent of the data subject,
performance of a contract or actions prior to entering into a contract,
legal obligations of the Controller,
the legitimate interests of the Controller.
From the moment cooperation is established and throughout its duration, personal data are processed to fulfill obligations arising from legal provisions, in particular labor law, tax, insurance, and national and international regulations.
To the extent necessary, data may be transferred to entities cooperating with the Controller, exclusively for the purposes indicated and in accordance with applicable law.
DETAILED PURPOSES AND LEGAL BASES FOR PROCESSING
Human Resources Management and Administrative Support
Purpose of processing:
Your personal data are processed to carry out general HR and administrative processes, including in particular personnel management, work organization, employment handling, and ongoing administration of the employment relationship.
Legal basis:
Processing is necessary for the performance of an employment contract or another contract constituting the basis for temporary employment; and/or
processing is necessary to fulfill legal obligations incumbent on the Controller under labor law, social security, and implementing regulations.
Remuneration, Payroll, and Expense Settlements
Purpose of processing:
Personal data are processed for the correct calculation and payment of remuneration, payroll handling, reimbursement of expenses, and settlements with clients where work is performed.
Legal basis:
Processing is necessary for the performance of an employment contract or another contract constituting the basis for employment; and/or
processing is necessary to ensure compliance with labor law, tax law, and social security regulations.
Insurance, Pensions, and Additional Benefits
Purpose of processing:
Data are processed for the purpose of administering insurance coverage, pension benefits, and other benefits arising from legal regulations or applicable employee programs.
Legal basis:
Processing is necessary for the performance of an employment contract or another agreement governing employment; and/or
processing is necessary to fulfill the Controller’s legal obligations arising from social insurance regulations.
Performance Management, Development, and Training
Purpose of processing:
Your data may be processed for the purpose of evaluating work performance, planning professional development, organizing training, and improving qualifications.
Legal basis:
Processing is necessary for the performance of an employment contract; and/or
processing is carried out within the legitimate interests of the Controller, including employee competence development and ensuring an appropriate level of provided services.
Fleet and Transportation Management
Purpose of processing:
Personal data may be processed for the purpose of managing the vehicle fleet and other means of transport used in the performance of professional duties.
Legal basis:
Processing is necessary for the performance of a contract; and/or
processing is carried out within the legitimate interests of the Controller, consisting in the protection of property and proper resource management.
Disciplinary Matters, Complaints, and Investigations
Purpose of processing:
Data may be processed for the purpose of handling disciplinary matters, reviewing complaints, conducting investigations, and managing reports of violations.
Legal basis:
Processing is carried out within the legitimate interests of the Controller, including the protection of its legal interests, safeguarding property, and managing disputes and claims.
Dispute Management and Legal Proceedings
Purpose of processing:
Personal data may be processed for the purpose of conducting, handling, and defending against claims, court disputes, or administrative proceedings.
Legal basis:
Processing is necessary to pursue the legitimate interests of the Controller consisting in the protection of its legal interests.
Occupational Health and Safety (OHS)
Purpose of processing:
Data are processed to ensure safe and hygienic working conditions, prevent accidents, and fulfill occupational health and safety obligations.
Legal basis:
Processing is necessary for the performance of an employment contract; and/or
processing is required by law;
and in justified cases — within the legitimate interests of the Controller or to protect the vital interests of data subjects.
Leave, Sick Leave, and Absences
Purpose of processing:
Personal data are processed for the purpose of managing leave, sick leave, and other forms of absence.
Legal basis:
Processing is necessary for the performance of a contract; and
processing is carried out within the legitimate interests of the Controller consisting in ensuring continuity and efficiency of work organization.
Compliance with Legal Regulations
Purpose of processing:
Data are processed to ensure compliance with labor law, tax, insurance, and other regulatory obligations.
Legal basis:
Processing is necessary to fulfill the Controller’s legal obligations.
IT Support and System Security
Purpose of processing:
Personal data may be processed to provide IT support, maintain IT systems, and ensure the security of technical infrastructure.
Legal basis:
Processing is necessary for the performance of a contract; and/or
processing is carried out within the legitimate interests of the Controller consisting in the protection of IT systems.
Facility Security and Emergency Management
Purpose of processing:
Data may be processed to ensure the security of facilities and individuals, as well as to manage emergency situations.
Legal basis:
Processing is necessary for the performance of a contract; and/or
processing is carried out within the legitimate interests of the Controller.
Monitoring IT Infrastructure and Network Access
Purpose of processing:
Data are processed to optimize the use of networks and devices and to apply IT security measures.
Legal basis:
Processing is carried out within the legitimate interests of the Controller consisting in the protection of IT resources.
Fraud Prevention and Sanctions
Purpose of processing:
Data may be processed to prevent fraud, detect abuses, and ensure compliance with national and international sanctions regimes.
Legal basis:
Processing is carried out within the legitimate interests of the Controller; and/or
processing is necessary to fulfill legal obligations.
Crisis Management
Purpose of processing:
Data may be processed for the purpose of managing emergency or crisis situations, in particular to protect employee safety.
Legal basis:
Legitimate interest of the Controller; and in exceptional cases — consent, if required by mandatory law.
Relocation, Mobility, and Business Travel
Purpose of processing:
Data are processed for the purpose of organizing relocation, business travel, and employee mobility.
Legal basis:
Processing is necessary for the performance of a contract; and/or
legitimate interest of the Controller.
Monitoring Compliance with Rules and Procedures
Purpose of processing:
Data may be processed to monitor and enforce compliance with applicable internal procedures.
Legal basis:
Legitimate interest of the Controller consisting in the protection of organizational interests and systems.
Monitoring Fulfillment of Legal Obligations
Purpose of processing:
Data are processed to ensure the fulfillment of obligations arising from contracts and legal regulations.
Legal basis:
Legitimate interest of the Controller consisting in the protection of its legal interests.
Recruitment and Staffing
Purpose of processing:
Data are processed to conduct recruitment processes, conclude contracts, and match candidates to projects.
Legal basis:
Necessity for concluding and performing a contract;
and in certain cases — legitimate interest of the Controller or consent.
Surveys, Statistics, and Analyses
Purpose of processing:
Data may be processed for the purpose of conducting statistical analyses, surveys, and qualitative research.
Legal basis:
Legitimate interest of the Controller consisting in improving processes and the quality of cooperation.
Events and Initiatives
Purpose of processing:
Data may be processed in connection with the organization of events and integration initiatives.
Legal basis:
Legitimate interest of the Controller.
Membership in Professional Organizations
Purpose of processing:
Data may be processed for the purpose of handling membership in professional organizations, to the extent required by law.
Legal basis:
Legitimate interest of the Controller.
Audits and Inspections
Purpose of processing:
Data may be processed for the purpose of conducting internal and external audits.
Legal basis:
Legitimate interest of the Controller consisting in ensuring regulatory compliance.
Corporate Transactions
Purpose of processing:
Data may be processed in connection with planned or implemented corporate transactions, including mergers, acquisitions, or share disposals.
Legal basis:
Legitimate interest of the Controller consisting in the development of business activity.
TELEPHONE, SMS, AND E-MAIL COMMUNICATION
In recruitment processes, NORDIN uses the following forms of communication:
telephone,
e-mail,
SMS (operational and automated).
SMS messages may concern, among others:
recruitment status,
interview schedules,
organizational information.
Marketing consents may be withdrawn at any time, including via the mechanism of sending an SMS with the content STOP.
If assistance is required, it may be obtained via the mechanism of sending an SMS with the content HELP.
CHATBOTS, VOICEBOTS, AND AUTOMATION
NORDIN uses AI chatbots and AI voicebots for the purpose of:
receiving and making calls,
collecting recruitment-related information,
scheduling interviews,
conducting initial candidate pre-selection.
These solutions:
do not make final recruitment decisions,
do not produce legal effects without human involvement,
serve solely to support the process.
🔴 SMS, AI and Automation – Privacy Policy
DATA RETENTION PERIOD – CANDIDATES
Personal data are retained:
for the duration of a specific recruitment process;
or
after its completion — with additional consent — for a maximum of 36 months;
or
until consent is withdrawn;
or
for the period required by law.
DATA RETENTION PERIOD – EMPLOYEES
Your personal data are retained for periods resulting from applicable legal regulations and for the time necessary to achieve the purposes for which they were collected, in particular:
Employee Documentation
Personal data included in employee documentation, in particular employment contracts and documents related to the establishment, course, and termination of employment, are retained in order to fulfill the statutory obligation to archive employee documentation, pursuant to:
Article 94 point 9b of the Act of 26 June 1974 – Labour Code,
Article 125a section 4 of the Act of 17 December 1998 on pensions and disability benefits from the Social Insurance Fund,
Article 7 section 2 of the Act of 10 January 2018 amending certain acts in connection with shortening the retention period for employee records and their digitization.
The retention period for employee documentation is:
50 years — for persons employed until 31 December 2018, counted from the date of termination of employment with a given employer;
10 years — for persons employed from 1 January 2019, counted from the date of termination of employment with a given employer.
Payroll Documentation
Personal data included in payroll documentation, in particular payroll lists and other documents forming the basis for determining pension or disability benefit entitlements, are retained in order to fulfill the statutory obligation to archive payroll documentation, pursuant to:
Article 94 point 9b of the Act of 26 June 1974 – Labour Code,
Article 125a section 4 of the Act of 17 December 1998 on pensions and disability benefits from the Social Insurance Fund,
Article 7 section 2 of the Act of 10 January 2018 amending certain acts in connection with shortening the retention period for employee records and their digitization.
The retention period for payroll documentation is:
50 years — for persons employed until 31 December 2018, counted from the date of termination of employment with a given payer;
10 years — for persons employed from 1 January 2019, counted from the date of termination of employment with a given employer.
Data Retention in Connection with Disputes and Legal Obligations
Regardless of the above periods, the Controller may retain your personal data for a longer period if necessary:
in connection with ongoing, pending, or potential disputes, court proceedings, administrative proceedings, or other legal proceedings — in such cases personal data will be retained until the final resolution of the dispute;
to fulfill obligations arising from legal regulations, in particular tax, insurance, or pension regulations — for the period required by applicable law.
END OF RETENTION PERIOD
After the expiry of the periods indicated above, personal data will be:
permanently deleted;
or
anonymized in a manner preventing identification of the data subject,
unless further retention is required under mandatory legal provisions.
DATA RECIPIENTS
Data of candidates and employees may be transferred to:
entities processing data on behalf of NORDIN,
NORDIN’s clients — solely to the extent necessary to perform cooperation (in such cases, clients become separate data controllers),
public authorities — where required by law.
RIGHTS OF CANDIDATES AND EMPLOYEES
Data subjects are entitled to the rights provided for under the GDPR, including the right to:
access their data,
rectify data,
erase data,
restrict processing,
object to processing,
withdraw consent.
DETAILED DOCUMENTS
Detailed information regarding data processing is available in dedicated documents:
🔴 Privacy Policy – Candidates and Employees
🔴 Privacy Policy – SMS, AI and Automation
🔴 Privacy Policy – Website Visitors
🔴 Privacy Policy – Clients and Partners
🔴 Privacy Policy – Our GDPR Policy
🔴 Privacy Policy – SELLBOOSTERS
CHANGES TO THE PRIVACY POLICY
The Controller reserves the right to introduce changes to this Privacy Policy.
The current version of the document is always available on the websites owned by NORDIN.
FINAL PROVISIONS
NORDIN uses modern technologies in the field of automation and artificial intelligence, while maintaining the principles of personal data protection, transparency, and compliance with applicable laws and regulations.
NORDIN reserves the right to update this document in the event of changes to applicable legal regulations or changes in the manner in which its websites operate.
View other Policies and Terms
View Other Regulations