PRIVACY POLICY
§ 1 Geneneral provisions
This Privacy Policy applies from 1 April 2022.
For the interpretation of terms, the dictionary of the Regulations applies:
Application - the AppManager system installed on the Service Provider's servers, available via the Internet, operating in the domain appmanager.pl or in the Client's domain, enabling the provision of the Service.
Pricing - a list of prices for the provision of the Service referred to in the Regulations, which is an integral part of the Agreement. The price list is available to Users after logging in and inathe link https://appmanager.pl/cennik/.
Registration form - a part of the Application that collects information about Candidates. This form is displayed to the visitor - a third party - as a result of actions taken by the User related to the acquisition of Candidates.
Password - a unique string of characters that meets the technical requirements imposed by the Service Provider, chosen by the User for authorization and securing the Account against unauthorized access.
Candidate - a natural person who leaves their personal data during a visit to the form website.
Client/Clients - a natural person conducting business activity on their own behalf or a natural person representing a legal person or an organizational unit without legal personality, which is legally capable of concluding an Agreement with the Service Provider.
Account - a set of resources and settings stored in the Service Provider's database for the User as part of their use of the Service. Access to the Account is possible after logging in.
Login - User's e-mail address. Settlement Period - the period on which the Service is settled. Account Payment - an action performed by the Account Owner to use a paid Service on terms specified in the Regulations.
Software - proprietary scripts or programming code on which the Application operates, owned by the Service Provider.
Natural person - a natural person with full legal capacity who has concluded an Agreement not related to business activity or profession (consumer).
Third Party - a natural person, legal person or organizational unit without legal personality within the meaning of Polish law other than the User and the Service Provider.
Plan - a set of functionalities of a given Account specified in accordance with the Price list.
Payment - a fee charged for the use of the Service in accordance with the actual use of the Service, calculated in advance in accordance with the Regulations or calculated from the bottom up only for the Enterprise Account by means of a separate agreement concluded.
Privacy Policy - specifies the way in which data is processed in the Service and/or Application, including Cookies. Regulations - Regulations for providing access to the AppManager service from July 1, 2019.
Registration - an action that conditions the creation of an Account in the Application and subsequent use of the Service by the User.
Service - an electronic service provided through the Application by the Service Provider to the User.
Service provider/ Administrator - owner of the Application, AppManager Sp. z o.o. ul. Wiejska 17, 00-480 Warsaw, District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division, KRS 0000950666, Share capital 50,000 PLN (fully paid), NIP: 701-107-32-59, REGON: 521171853,
User - natural person or client using the Application,
Account owner - User who has registered and can pay for the Account and manage other Users of the Account,
We respect the right to privacy and take care of data security. To this end, a secure communication encryption protocol is used during Registration, logging in, and using the Application (i.e. SSL).
Personal data provided in the Application are treated as confidential and are not visible to other Users except for the Account owner, Users authorized by the Client, or authorized persons on the side of the Service Provider.
The Administrator of the data is the Service provider:
AppManager Sp. z o.o. with its registered office in Warsaw at ul. Wiejska 17 (00-480 Warsaw) entered into the National Court Register under the KRS number 0000950666, NIP: 701-107-32-59 (hereinafter referred to as: Administrator).
The Administrator has appointed a data protection officer, and contact with the Administrator or the officer is possible via email: dpo@appmanager.pl.
The Administrator directs this information (hereinafter referred to as: Privacy Policy) to all natural persons covered by his activity in connection with the functioning of the Service and the Application, as well as to the addressees listed below, in connection with the obligation to fulfill the obligation specified in Article 13 (1) and (2) and Article 14 (1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as: GDPR).
In the case of legal persons or sole proprietorships that are Clients, the information obligation is primarily fulfilled with regard to employees, associates, and representatives of such entities.
§ 2 Service Provider as Data Administrator of Account Owner and User
Purpose and legal basis for processing actions that are performed on your personal data:
Processing purpose: providing the possibility of using the Service and Application,
Legal basis for processing actions: taking actions aimed at performing the Agreement (Art. 6 (1) (b) GDPR) and the legally justified interest of the Administrator (Art. 6 (1) (f) GDPR), which should be considered as actions related to the functioning of the Service and Application, their maintenance, promotion of the statutory activity of the Administrator, as well as potential protection of Administrator's claims.
Source of origin of your data: we assume that you personally provided the data to the Administrator. Otherwise, your data comes from your employer or another entity that you represent.
Recipients of your personal data: your personal data may be transferred to other entities, such as: separate administrators:
legal advice, a company belonging to the capital group to which the Administrator belongs, exercising ownership supervision,
processing entities: companies belonging to the capital group to which the Administrator belongs, providing support services within the IT area, hosting service provider, as well as other processing entities supporting the Administrator within the IT area.
In accordance with the declaration received from the hosting service provider, we inform you that we do not transfer your personal data outside the European Economic Area, and personal data is stored on servers located in the European Union. In the event of any expansion of cooperation, your personal data may be transferred outside the European Economic Area in connection with the use of specific IT tools. The transfer is secured by so-called standard contractual clauses. If you are interested in detailed information regarding data transfer, please contact us via e-mail, i.e., dpo@appmanager.pl.
We process a catalog of your personal data to the extent necessary to perform the Agreement and use the Service and Application.
The period of personal data storage depends on the period of performing the Agreement and the period of protection of the Administrator's claims, i.e., the basic term of 6 years from the day on which the claim became due.
Your rights related to the processing of personal data are presented below: right of access to data, right to rectify data, right to erase data, right to restrict processing, right to data portability, right to object, right to lodge a complaint with the supervisory authority, i.e., the President of the Office for Personal Data Protection.
We require you to provide personal data necessary to use the functionalities of the Service and Application. The Service Provider has no influence on the scope of Forms created by the Client.
§ 3 Service Provider as a Customer’s Data Data Controller
The purpose and legal basis for processing your personal data are:
Purpose of processing: to fulfill the Agreement,
Legal basis for processing activities: the fulfillment of the Agreement, of which you are a party, or taking action prior to entering into such an Agreement at your request (Art. 6(1)(b) GDPR), the legitimate interest of the Controller (Art. 6(1)(f) GDPR), which includes actions related to the statutory activity, functioning of the Service with the Application and their maintenance, as well as any protection of the Controller's claims, and legal obligation of the Controller, which includes the necessity of performing certain accounting tasks (Art. 6(1)(c) GDPR).
Source of your personal data: We assume that you have provided your data to the Controller personally. Otherwise, your personal data comes from your employer or other entity that you represent.
Recipients of your personal data: Your personal data may be shared with other entities, such as: Separate controllers: postal operator, bank, a company that is part of the capital group to which the Controller belongs, exercising ownership supervision, any legal firms that may support the Controller, and other contractors engaged by the Controller to fulfill the Agreement. Processors: companies that are part of the capital group to which the Controller belongs, providing support services in the accounting, administrative, and IT areas, accounting services, hosting service provider, IT support entities, including the supply of IT tools, and other contractors engaged by the Controller to fulfill the Agreement.
According to the declaration received from the hosting service provider, we inform you that we do not transfer your personal data outside the European Economic Area, and personal data is stored on servers located within the European Union. In the event of any future cooperation, your personal data may be transferred outside the European Economic Area due to the use of specific IT tools by us. The transfer is secured by standard contractual clauses. If you require more detailed information about data transfer, please contact us via email: dpo@appmanager.pl.
We process your personal data only to the extent necessary to fulfill the Agreement.
The period for which personal data will be stored depends on the following criteria: the term of the Agreement and the period necessary to fulfill legal obligations, i.e., the basic period of 5 years from the beginning of the year following the financial year in which the transaction was finally completed or settled, the period of protection of the Controller's claims, i.e., the basic period of 6 years from the day on which the claim became due.
Your rights regarding the processing of personal data are presented below: the right to access data, the right to rectify data, the right to erase data, the right to restrict processing, the right to data portability, the right to object, the right to lodge a complaint with a supervisory authority, i.e., the President of the Personal Data Protection Office.
We require you to provide the personal data necessary to conclude the Agreement.
§ 4 Persons browsing and visiting the Website, as well as persons using the “Contact” option.
Purpose and legal basis for processing actions carried out on your personal data:
Purpose of processing: providing the possibility of using the Service and getting to know its content, including contacting the Administrator,
Legal basis for processing actions: taking actions aimed at concluding an agreement at your initiative (Art. 6(1)(b) GDPR) and the Administrator's legitimate interest (Art. 6(1)(f) GDPR), which includes actions related to the functioning of the Service, its maintenance, promotion of the statutory activities of the Administrator, promotion of the Application, and possible protection of the Administrator's claims.
Source of origin of your data: we assume that the data comes directly from you (including your IP address). Your data may also come to us from the entity you represent.
Recipients of your personal data: Your personal data may be transferred to other entities, such as:
separate administrators: legal advice, a company belonging to the capital group to which the Administrator belongs, supervising ownership,
processing entities: companies belonging to the capital group to which the Administrator belongs, providing IT support services, hosting service provider and website maintenance, and other processing entities supporting the Administrator within the IT area.
According to the declaration received from the hosting service provider, we inform you that we do not transfer your personal data outside the European Economic Area, and personal data is stored on servers located in the European Union. In the event of possible cooperation development, your personal data may be transferred outside the European Economic Area in connection with the use of certain IT tools by us. The transfer is secured by so-called standard contractual clauses. If you are interested in detailed information regarding data transfer, please contact us via email: dpo@appmanager.pl.
We process the minimum range of your personal data. In many cases, your personal data is processed for statistical purposes and, in principle, does not allow the Administrator to identify you. Furthermore, we indicate that we process personal data according to the scope indicated in the contact forms.
The period of personal data storage depends on the following criteria:
periods indicated in the table concerning Cookies files,
the period of protection of the Administrator's claims, i.e. the basic term of 6 years from the day on which the claim became due.
The catalog of your rights in connection with the processing of personal data is presented in the following list:
the right to access data,
the right to rectification,
the right to erasure of data,
the right to restriction of processing,
the right to data portability,
the right to object,
the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.
We require you to provide personal data necessary to use the functionality of the website. In many cases, we do not assume the collection of your personal data, and if processing takes place, it is the result of your action.
§ 5 Job candidates applying through the website
Purpose and legal basis for processing your personal data:
Processing purpose: conducting recruitment process and potentially conducting future recruitment processes related to job applications submitted through the website.
Legal basis for processing in the case of the recruitment process: consent of the data subject (Art. 6 (1) (a) GDPR), taking necessary steps to conclude a potential civil law contract (Art. 6 (1) (b) GDPR), fulfilling legal obligation of the Controller, which includes performing obligations arising from the Labor Code and/or other civil law obligations (Art. 6 (1) (c) GDPR), and legitimate interests of the Controller (Art. 6 (1) (f) GDPR), which include actions related to protecting the Controller's claims. In the case of special categories of personal data, such as health data, the legal basis is the explicit consent of the data subject (Art. 9 (2) (a) GDPR).
Legal basis for processing in the case of future recruitment processes: consent of the data subject (Art. 6 (1) (a) GDPR) and legitimate interests of the Controller (Art. 6 (1) (f) GDPR), which include actions related to protecting the Controller's claims. In the case of actual commencement of another recruitment process, the legal basis also includes fulfilling the obligation of the Controller, which includes performing obligations arising from the Labor Code and/or other civil law obligations (Art. 6 (1) (c) GDPR). In the case of special categories of personal data, such as health data, the legal basis is the explicit consent of the data subject (Art. 9 (2) (a) GDPR).
Source of your personal data: We assume that you provided your data personally to the Controller.
Recipients of your personal data: Your personal data may be transferred to other entities, including:
separate controllers: legal advisers, a company belonging to the capital group to which the Controller belongs, supervising ownership,
processing entities: companies belonging to the capital group to which the Controller belongs, providing support services within the HR and IT area, a hosting service provider, and a website maintenance company, as well as other processing entities supporting the Controller in the IT area.
In accordance with the declaration received from the hosting service provider, we inform you that we do not transfer your personal data outside the European Economic Area, and the personal data is stored on servers located in the European Union. In the event of a possible expansion of cooperation, your personal data may be transferred outside the European Economic Area in connection with our use of specified IT tools. The transfer is secured by standard contractual clauses. If you are interested in detailed information on data transfers, please contact us via e-mail: dpo@appmanager.pl.
We process a minimal set of your personal data. We would like to indicate that we process personal data within the scope specified in the Labor Code (Art. 221 of the Labor Code) or to the extent necessary to conclude a civil law contract.
The storage period of personal data is dependent on the following criteria:
If the recruitment process ended with rejection of your application and you did not consent to participate in future recruitment processes, the data will be deleted after the recruitment is closed.
If the recruitment process ended with rejection of your application and you consented to participate in future recruitment processes, the data will be stored for a period of 12 months from the date your data was entered into the candidate database.
If you withdraw your consent for the processing of personal data, the data will be stored until your request is processed, but no later than the expiry of the limitation period for claims.
If it is necessary to secure against possible future claims, the period of data storage is shaped by provisions regarding the protection of claims.
If the recruitment was successful, some of the data contained in the recruitment documents may be included in the employee's personnel files, and in this case, the processing period will be extended for the duration of the employment or civil law relationship, and for the period specified by separate provisions in the scope in which it shapes the process of storing employee personnel files.
Your catalog of rights related to the processing of personal data is presented as follows: The right to access data, The right to rectify data, The right to erase data, The right to restrict processing, The right to data portability, The right to object, The right to lodge a complaint with the supervisory authority, i.e., the President of the Office for Personal Data Protection.
Providing personal data necessary to participate in the recruitment process (i.e., those referred to in Art. 221 § 1 of the Labor Code) is mandatory if you want your application to be considered. Refusal to provide data will result in your application being rejected. Providing other personal data not specified in the content of Art. 221 § 1 of the Labor Code is voluntary and does not affect the recruitment process. If you want to participate in future recruitment processes, we process your data based on your consent, which is voluntary.
§ 6 Service provider as Data Processor
The Service provider is not a Data Controller of personal data of Candidates applying for Clients' job offers.
The personal data processing agreement is a separate document attached to the Agreement.
§ 7 Cookies
Cookies to log Users into their Accounts in the Application. Additionally, we use Cookies containing session IDs to monitor visits and recognize individuals visiting the Application, the Service or the form created by the User. The Client and the User acting on their behalf should take this information into account when creating their own privacy policy document included in the Form.
The Service, Application, and any form may use Cookies. Cookies that are processed analyze anonymous information about the use of the Service, Application, or any Form. These are internet analytics tools - the Service provider's proprietary solutions or external tools implemented in the User's forms. Cookies help improve the functionality of the Service, Application, or any Form, and better tailor it to the expectations and needs of visitors. The tools collect anonymous information, record trends on the website without identifying individual persons. Like many other services, these tools use their own Cookies to analyze the actions of visitors. These Cookies are used to store information such as the start time of current visits, whether the visitor has been on the site before, the website they came from, the screen resolution of their device, and how they navigate the site.
Each person browsing the Service, Application or any Form should manage Cookies by modifying the settings of their internet browser. If you do not want to use them, you can prevent Cookies from being saved on your device or permanently delete saved files. However, please note that this may affect the quality of the Service provided by not collecting Cookies and reading information based on them.
Detailed information on the Cookies used by the Controller:
Essential Cookies on the job offers page for Candidates.
| Name | Description | Period |
| __language | Country code (language) in the Candidate's browser visiting the website. | 1 year |
| appm-instance | Domain name under which the Application operates. | 1 year |
| _candidateCSRF | CSRF token protecting against unauthorized operations. | Session |
| _frontendSessionID | Candidate sesssion identificator | Session |
| _backendSessionID | User session identificator | Session |
| cookieconsent_status | The status of closing the window with information about Cookies | 1 year |
Additional Cookies on the job offers page for Candidates
The Administrator does not use additional analytical Cookies on the job offers page or in Forms. However, such files may be added by a Client using the Application. In this case, the Candidate's refusal to consent to the use of additional Cookies in the banner displayed at the bottom of the page will result in their deactivation.
Necessary Cookies in the administrative panel for the User.
| Name | Description | Period |
| appm-instance | Domain name under which the Application operates. | 1 year |
| _userCSRF | CSRF token protecting against unauthorized operations. | Session |
| _backendSessionID | User session identificator | Session |
| Device-uuid | Translates to "User device identifier used in the two-factor authentication mechanism. | Depends on the deadline defined in the Application. |
| _userIdentity | Used for User identification | Session |
| cookieconsent_backend_status, cookieconsent_backend_functional, cookieconsent_backend_additional | The status of closing the window with the information about Cookies as well as the settings regarding functional and additional cookies | 1 year |
d. Additional Cookies in the User Administration Panel
The Administrator uses tools to facilitate the use of the Application panel (e.g. chat, communication of changes in the Application). Most of these solutions use their own Cookies. The User can uncheck their consent to the use of these additional Cookies in the banner displayed at the bottom of the page, and in such a situation, they will be disabled.
Disabling such files may mean a limitation of functions available in the Application, e.g. disabling chat or lack of access to changes in the Application.
We provide additional information (e.g. names of additional Cookie files currently in use) at the address dpo@appmanager.pl
e. Additional Cookies on the Website
| Name | Description | Period |
| _gat_UA-61855198-4, _gid, _ga, _gcl_au | Cookies from the Google Analytics tool are used for analytical and marketing purposes. They store statistical information about the user's interaction with the Service (such as visit time, traffic source, anonymous identification of the user and their browser or device). The user has the option to block the use of these cookies in their browser by unchecking the appropriate option on the banner displayed at the bottom of the page. | Up to 2 years |
§ 8 External search engine and LinkedIn plugin
The user can use the built-in external search engine in the Application, which is configured to allow the user to find and download personal data of a Candidate that they have posted on the LinkedIn website and which are publicly available to visitors of the LinkedIn website. As a result of these actions, the user creates a Candidate profile in their candidate database in the Application.
The user can also use a dedicated plugin to search for a Candidate profile on the LinkedIn website, download personal data of the Candidate (including their CV) that they have posted on the LinkedIn website and which are publicly available to visitors of the LinkedIn website. As a result of these actions, the user creates a Candidate profile in their candidate database in the Application.
The client and the user acting on their behalf, using the solutions implemented in the Application and described in points 1 and 2, should take into account this information when creating their own information clauses or privacy policies. The client, as the administrator of personal data of the Candidate obtained through the LinkedIn website, should remember about the obligations of a personal data administrator, especially the information obligation resulting from Article 14 of the GDPR (arising in connection with the use of the external search engine and/or plugin) as well as securing the legal basis for processing personal data.
§ 9 Final provisions
This Privacy Policy is effective as of April 1, 2022.