PRIVACY POLICY
CLIENTS AND PARTNERS

PRIVACY POLICY

CLIENTS AND PARTNERS OF NORDIN

NORDIN Sp. z o.o.

INTRODUCTORY INFORMATION

This document defines the principles for processing personal data of clients and business partners using sales services, employee leasing, permanent recruitment, and other HR services provided by NORDIN Sp. z o.o.

The document applies in particular to companies that:

lease workers through NORDIN,

commission NORDIN to conduct permanent recruitment processes,

commission NORDIN to acquire clients,

receive candidate and employee data in connection with cooperation.

This document constitutes a supplement to the Privacy Policy (MASTER) and should be read jointly with the primary document.

DATA CONTROLLER

The controller of personal data is:

NORDIN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
ul. Świętojańska 43 / 23
81-391 Gdynia, Poland

KRS: 0001179220
NIP: 5862418757
REGON: 542022513

Contact:
📧 [email protected]

ENTITIES INVOLVED IN DATA PROCESSING

In certain operational processes, personal data may also be processed by:

NORDIN CONSULTING
ul. Świętojańska 43 / 23
81-391 Gdynia, Poland

NIP: 5871553779
REGON: 193071579

This entity acts solely as a data processor, based on a personal data processing agreement and documented instructions from the Controller.

SCOPE OF APPLICATION

This Privacy Policy applies to personal data processed in connection with:

client acquisition services,

employee leasing services,

permanent recruitment processes,

transfer of candidate data to clients,

HR and payroll services,

fulfillment of obligations arising from labor law regulations,

operational and business communication with clients.

CLIENTS USING NORDIN HR SERVICES

For the purposes of this document, clients are entities that:

use employee leasing services provided by NORDIN,

commission NORDIN to conduct permanent recruitment processes,

receive recruitment, employee, and payroll documentation,

commission NORDIN to acquire clients.

SCOPE OF TRANSFERRED DATA

As part of cooperation with clients, personal data may be transferred, including in particular:

candidate CVs,

employee identification data,

information on qualifications and professional experience,

employment contracts or civil law contracts,

payslips,

information on working time, holidays, and absences,

documents required by labor law and social security regulations.

LEGAL BASIS AND CONSENT OF DATA SUBJECTS

The transfer and exchange of the above data take place exclusively:

with the knowledge and consent of the data subjects, where required by law,

based on applicable labor law and social security regulations,

in accordance with GDPR provisions.

In particular, the legal basis for data processing and transfer includes:

Article 6(1)(a) GDPR – consent of the data subject,

Article 6(1)(b) GDPR – necessity for the performance of a contract or pre-contractual actions,

Article 6(1)(c) GDPR – legal obligation of the controller,

Article 6(1)(f) GDPR – legitimate interest of the controller,

Article 22¹ of the Polish Labor Code – scope of data collected from candidates and employees,

provisions of the Social Security System Act and implementing regulations.

Data is transferred only to the extent necessary, in accordance with the principle of data minimization.

ROLES AND RESPONSIBILITIES IN HR PROCESSES

Depending on the cooperation model:

NORDIN acts as a data controller or data processor, in accordance with the concluded agreement,

the client receiving candidate or employee data acts as an independent data controller,

the client is responsible for further data processing after receipt, in particular for compliance with labor law and GDPR.

DATA TRANSFER TO CLIENT SYSTEMS

At the request of the client—and in justified cases also at the request of the candidate or employee—personal data may be transferred to the client’s IT systems, including HR, payroll, or internal recruitment systems.

Data transfer takes place:

for the purpose of client acquisition, recruitment, employment, or HR/payroll services,

in compliance with applicable laws,

based on an appropriate legal basis,

with respect for the rights of data subjects.

After data is transferred to the client’s systems, the client becomes an independent data controller and bears responsibility for further processing.

DATA RETENTION PERIOD

Personal data processed in connection with cooperation with clients is stored:

for the duration of the cooperation,

after its termination, for the period required by law,

for a maximum of 36 months, unless specific regulations provide otherwise,

or in accordance with other detailed internal rules of NORDIN.

RIGHTS OF DATA SUBJECTS

Individuals whose data is processed as part of HR processes have all rights under the GDPR, in particular the right to:

access their data,

rectify or delete data,

restrict processing,

object to processing,

withdraw consent at any time.

SEPARATE RULES FOR THE SELLBOOSTERS PLATFORM

This document does not regulate the detailed rules for processing personal data of users of the SELLBOOSTERS platform who use it independently of employee leasing or permanent recruitment services.

Detailed rules applicable to SELLBOOSTERS users are described in a separate document:

🔴 Privacy Policy – SELLBOOSTERS

DATA SECURITY

NORDIN applies appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized access, loss, or modification of data.

🔴 Our GDPR Policy

DETAILED DOCUMENTS

Detailed information regarding data processing is available in dedicated documents:

🔴 Privacy Policy – Candidates and Employees

🔴 Privacy Policy – SMS, AI and Automation

🔴 Privacy Policy – Website Visitors

🔴 Privacy Policy – Clients and Partners

🔴 Privacy Policy – Our GDPR Policy
🔴 Privacy Policy – SELLBOOSTERS

CHANGES TO THE PRIVACY POLICY

The Controller reserves the right to introduce changes to this Privacy Policy.
The current version of the document is always available on the websites owned by NORDIN.

FINAL PROVISIONS

NORDIN uses modern technologies in the field of automation and artificial intelligence, while maintaining the principles of personal data protection, transparency, and compliance with applicable laws and regulations.

NORDIN reserves the right to update this document in the event of changes to applicable legal regulations or changes in the manner in which its websites operate.