Lonsley

Money-making AI solutions tailored specially for you

Privacy policy of personal data of job candidates

Read policy

Privacy policy of personal data of job candidates

1. Who we are and how to find us
We are LONSLEY EWELINA WOŁOSZYN and we are the administrator of your personal data. Our office is located in Kraków, 19c/28 Dywizjonu 303 street. You can contact us via e-mail: gdpr@lonsley.com.

2. Why do we process your personal informations
If we consider you as a good candidate to work with us, we process your personal data to ensure your participation in recruitment.
Processing is necessary for purposes arising from legitimate interests pursued by the administrator of personal data, that is us (art. 6 par. 1 lit. f of GDPR).
Your candidacy comes to us directly from you, along with the documents (such as CV/resume or cover letter) sent by you. However, you should know that we sometimes supplement this personal data sent by you by viewing your publicly available profiles on professional or business social media. Employment of a programmer or salesperson in the IT industry is associated with the necessity to carefully examine the suitability of a given person for specific tasks that often require very narrow specialization. Personal data contained in standard CVs are usually not sufficient for this purpose. So we have a legitimate interest in completing this information on our own, from sources available to the public.
We hope that you will not regard our actions as violating your rights and freedoms. We make effort to ensure that our activities do not include unnecessary data and were not a surprise for you. By creating a profile on social media of a business or professional nature, taking part in events of this type and taking part in online discussions on the topics close to us - you can expect to be interested in you (as a good specialist) by more than one potential employer!

3. What personal informations do we process
We process following informations about the job candidates::
1) name and surname;
2) contact address;
3) email address;
4) telephone number;
5) picture (in CV/resume);
6) education;
7) the course of previous employment;
8) professional specialization;
9) publicly available data in business or professional social media (LinkedIn, GitHub, topic-related groups on Facebook).

4. Who do we disclose your personal informations to Your personal data is being processed in the IT system, partly located in the public cloud called Google Cloud (provided by Google LLC, Google Ireland Limited and Google Asia Pacific Pte. Ltd.). We used the option provided in the regulations of this service (https://cloud.google.com/terms/data-processing-terms#6-data-security-security-compliance-audits), to ensure that your personal informations processed there will not be transferred to third countries.

5. How long will we process your personal informations
Your personal informations are being processed till the end of recruitment process for a given position. After this time they are being removed.

6. How do we enable you to fulfil your rights
We strive to make you happy with working with us. However, remember that you have a lot of privileges that allow you to influence the way we process your personal informations, and in some cases cause the cessation of such processing. These rights are the following:
- the right of access to your personal data (regulated in art. 15 of the GDPR)
Article 17

The right to delete data ("the right to be forgotten")

1. The person who is a data subject has the right to request the administrator to delete his personal data immediately and the administrator has the duty to delete the personal data without undue delay, if any of the following occurs:
a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject has withdrawn the consent on which the processing is based in accordance with art. 6 par. 1 lit. a) or art. 9 par. 2 lit. a), and there is no other legal ground for processing;
c) the data subject files an objection under art. 21 par. 1 in relation to processing and there are no overriding legitimate grounds for processing or the data subject has an objection under art. 21 par. 2 towards processing;
d) personal data were processed unlawfully;
e) personal data must be erased in order to comply with the legal obligation provided for in European Union law or the law of the Member State to which the administrator falls;
f) personal data have been collected in connection with the provision of information society services in accordance to art. 8 par. 1.

2. If the administrator made the personal data public and due to par. 1 is required to delete this personal data, then - taking into account the technology available and the cost of implementation - take reasonable steps, including technical measures, to inform further administrators processing this personal data that the data subject requests that these administrators must remove any links to these data, copies of these personal data or their replications.

3. Par. 1 and 2 do not apply to the extent to which processing is necessary:
a) to execute the right to freedom of expression and information;
b) to comply with a legal obligation requiring processing under European Union law or the law of the Member State to which the administrator belongs, or to perform a task carried out in the public interest or in the execution of official authority entrusted to the controller;
c) for reasons of public interest in the field of public health in accordance with art. 9 par. 2 lit. h) and i), and art. 9 par. 3;
d) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with art. 89 par. 1, as long as it is probable that the right referred to in par. 1, will prevent or seriously hinder the implementation of the purposes of such processing; or
e) to establish, investigate or defend claims.


- the right to limit processing (regulated in art. 18 of the GDPR)
Article 18

The right to limit data processing

1. The data subject has the right to request the administrator to restrict processing in the following cases:
a) the data subject questions the correctness of personal data - for a period allowing the administrator to check the correctness of this data;
b) the processing is unlawful and the data subject opposes the removal of personal data, requesting instead to limit their use;
c) the administrator no longer needs personal data for processing, but it is needed by the data subject to establish, assert or defend claims;
d) the data subject has lodged an objection under art. 21 par. 1 before processing - until it is determined whether the legitimate grounds on the part of the administrator override the grounds for objection of the data subject.

2. If due to par. 1 the processing has been limited, such personal data may be processed, with the exception of storage, only with the consent of the data subject, or to determine, assert or defend claims, or to protect the rights of another natural or legal person, or due to important reasons of public interest of the European Union or of a Member State.

3. Before revoking the processing limit, the administrator shall inform the data subject about it, who requested a restriction under par. 1.


- the right to object the processing (regulated in art. 21 of GDPR)
Article 21

The right to object

1. The data subject has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data based on art. 6 par. 1 lit. e) or f), including profiling based on these provisions. The administrator is no longer allowed to process such personal data, unless he demonstrates the existence of valid legally valid grounds for processing, superior to the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
2. If personal informations are being processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his personal data for marketing purposes, including profiling, to the extent to which the processing is related to direct marketing.
3. If the data subject complains against processing for direct marketing purposes, personal data may no longer be processed for such purposes.
4. At the occasion of the first communication with the data subject, it shall be clearly informed of the right referred to in par. 1 and 2, and be presented clearly and separately from any other informations.
5. In relation to the use of information society services and without prejudice to Directive 2002/58/WE the data subject may exercise the right to object through automated means using technical specifications.
6. If personal data are processed for the purpose of scientific or historical research or for statistical purposes pursuant to art. 89 par. 1, the data subject has the right to object - due to reasons related to his particular situation - to the processing of his personal data, unless the processing is necessary to perform the task carried out in the public interest.


- the right to transfer data (regulated in art. 20 of GDPR)
Article 20

The right to transfer data

1. The data subject has the right to receive, in a structured, commonly used machine-readable format, personal data about him that he provided to the administrator and has the right to send such personal data to another administrator without any interference from the administrator to whom that personal data was provided, if:
a) processing is carried out on the basis of art. 6 par. 1 lit. a) or art. 9 par. 2 lit. a) or on the basis of contract, due to art. 6 par. 1 lit. b); and
b) processing is carried out in an automated manner.
2. By using the right to transfer data pursuant to par. 1, the data subject has the right to request that personal data must be sent by the administrator directly to another administrator, if it is technically possible.
3. The execution of the right referred to in par. 1 of this Article shall be taken without prejudice to art. 17. That right does not apply to processing which is necessary for the execution of a task carried out in the public interest or in the exercise of official authority entrusted to the controller.
4. The right referred to in par. 1, may not adversely affect the rights and freedoms of others.


To use any of these rights, please contact us by e-mail, using the address we contacted you, or: gdpr@lonsley.com.

7. Complaint to the supervisory authority
According to the art. 77 of GDPR you have the right to lodge a complaint to the supervisory authority, in particular in the State of your habitual residence, your place of work or the place of the alleged violation, whether you believe that the processing of personal data concerning you violates the provisions of the GDPR.

8. Is the data provision necessary to enter a contract with us
We do not conclude any contract with you at this stage. Providing this data is necessary in order to participate in recruitment process.

9. Where do we get your personal informations
Probably you answered our job advertisement using the application form on the website or by emailing us, or by contacting us via social media. In that case, we received the first handful part of data from you. However, we may want to supplement them using publicly available sources, e.g. by browsing your profile on LinkedIn.

10. Automated processing and profiling
We do not process your data in an automated way and we do not profile it within the meaning adopted by the GDPR.