HomePolandInformation on the processing of personal data

Information on the processing of personal data

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April
2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR"), we inform you that:

1. Data Controller

The controller of your personal data is Burson Poland Sp. z o.o. with its registered office in Warsaw, address: Plac Konesera 11, 03-736 Warsaw, registered in the District Court for the m.st. of Warsaw in Warsaw, XIV Commercial Division of the National Court Register, under KRS number
0000104923, NIP: 521-100-42-85, REGON: 010783514, share capital PLN 50,000.00, tel. 22 536 38 00, hereinafter referred to as "Burson" or “Controller”.

The Controller can be contacted at the following email address: [email protected].

2. Categories of personal data

Burson processes the following categories of your personal data: identification data, address data, education data, previous employment data and contact details.

3. Purpose of data processing and legal bases

Personal data may be processed by Burson for the following purposes:

  • in the case of recruitment for the position indicated in the advertisement in order to conclude a contract with respect to name and surname, date of birth, contact details, education, professional qualifications and the course of previous employment – pursuant to Article 6(1)(b) and (c) of the GDPR, and in the scope of other than the above-mentioned categories of personal data, these data will be processed on the basis of your voluntary consent – Article 6(1)(a) of the GDPR;
  • to take actions, including those related to current and future recruitment, on the basis of your voluntary consent – Article 6(1)(a) of the GDPR;
  • fulfilment of legal obligations, including financial and tax obligations related to the performance of the contract for the benefit of the Controller – Article 6(1)(c) of the GDPR;
  • sending prizes awarded in competitions organized via social media (applies to competition participants), which is a legitimate interest of the Controller - Article 6(1)(f) of the GDPR;
  • execution of creative mailings and provision of transport and accommodation for customers
    in connection with events organized by Burson, which is the legitimate interest of the Controller - Article 6(1)(f) of the GDPR;
  • determining the terms of cooperation in projects carried out on behalf of Burson's clients, which is the legitimate interest of the Controller - Article 6(1)(f) of the GDPR
  • conducting a candidate satisfaction survey after the recruitment process is completed, which is the legitimate interest of the Controller – Article 6(1)(f) of the GDPR;
  • pursuing or defending against possible claims, as well as conducting disputes, proceedings before public authorities and other proceedings, as well as conducting promotional or marketing activities, in particular targeting new offers and proposals for cooperation, which is the legitimate interest of the Controller - Article 6(1)(f) of the GDPR.

4. Sharing of personal data

Your data may be shared by Burson to:

  • entities and bodies to which Burson is obliged or authorized to make personal data available on the basis of generally applicable law;
  • entities that cooperate with Burson to provide services;
  • entities from the capital group of which Burson is a part.

5. Retention period of personal data

Your personal data will be stored for the period resulting from the provisions of law that may oblige the Controller to process data, and in relation to other purposes based on Burson's legitimate interest, for the period of validity of these purposes or until an objection is raised. The data provided in connection with the performance of the contract will be processed for the duration of the contract. If consent is given, the processing will take place until the purpose for which consent was given is fulfilled or until consent is withdrawn.

6. Your rights

In connection with the processing of your personal data by Burson, you have the right to:

  • access your personal data,
  • rectify your personal data,
  • delete personal data (the right to be forgotten),
  • restrict the processing of your personal data,
  • data portability,
  • object to the processing of data, including profiling, and for the purposes of direct marketing, including profiling,
  • withdraw your consent in the event that Burson processes your personal data on the basis of consent, at any time and in any manner, without affecting the lawfulness of the processing based on consent before its withdrawal,
  • lodge a complaint with the President of the Office for Personal Data Protection (Stawki 2, 00-193 Warsaw) if you believe that the processing of personal data violates the provisions of the GDPR.

7. Source of data

If your personal data is not provided directly, Burson may obtain it from your statutory representative, principal in the case of a power of attorney granted, employer, party to the agreement concluded with Burson and from publicly available sources, in particular from databases and registers: National Court Register (KRS), Central Registration and Information on Business (CEIDG), websites.

8. Automation

Your data may be processed in an automated manner within the IT system. Burson does not use other methods involving automated decision-making, including profiling.

9. Obligation to provide personal data

Providing personal data is voluntary. However, failure to provide personal data will result in the inability to cooperate with Burson, except for situations in which the legal basis for the processing of personal data is your voluntary consent.

10. Transfer outside the European Economic Area

The Controller may transfer your personal data outside the European Economic Area to entities cooperating with the Controller, which have their registered offices outside the European Economic Area, where the level of personal data protection is not guaranteed comparable to the level of protection in the European Union. In such cases, we transfer your personal data with appropriate security measures, using Standard Contractual Clauses approved by the European Commission or other measures indicated in Article 46(2) of the GDPR.