1. Data Controller
The controller of your personal data is:
ul. Zamknięta 10/1.5, 30-554 Kraków, Poland
Tax ID (NIP): 9542824759
Employment Agency KRAZ no. 33768
Email: kontakt@nexthire.pl
Phone: +48 881 320 402
For all data protection enquiries, please contact us at kontakt@nexthire.pl with the subject line "Personal Data".
2. What Data We Process
Depending on how you interact with us, we process the following categories of data:
Job Applicants
- Name, contact details (phone, email)
- CV information: work history, education, skills, language proficiency
- Nationality, country of origin (where required by employment law)
- Any other data voluntarily provided in application documents
Clients (Employers)
- Contact details of company representatives (name, job title, email, phone)
- Business details (company name, address, tax ID)
Website Users
- IP address, browser type, operating system
- Analytics data (Google Analytics) — only after cookie consent
- Data submitted through contact forms
We do not process special categories of personal data (sensitive data) as defined in Article 9 GDPR, unless explicitly required and consented to.
3. Purposes & Legal Basis for Processing
We process your data only for specified, explicit and legitimate purposes, in accordance with Article 6 GDPR:
| Purpose | Legal Basis |
|---|---|
| Conducting recruitment processes | Art. 6(1)(a) — consent; Art. 6(1)(b) — performance of a contract / pre-contractual steps |
| Future recruitment (talent database) | Art. 6(1)(a) — consent |
| Responding to contact enquiries | Art. 6(1)(a) — consent; Art. 6(1)(f) — legitimate interests |
| Fulfilling client contracts | Art. 6(1)(b) — performance of a contract |
| Legal obligations | Art. 6(1)(c) — legal obligation |
| Website analytics | Art. 6(1)(a) — consent to cookies |
| Marketing of own services | Art. 6(1)(f) — legitimate interests (existing clients only) |
4. Retention Periods
We store your data for the time necessary to fulfil the purposes for which it was collected:
- Applicant data (active recruitment): for the duration of the process, then up to 12 months after completion or until consent is withdrawn
- Applicant data (talent database): up to 24 months from consent, or until consent is withdrawn
- Contact form data: up to 12 months after reply
- Client data: for the duration of the business relationship plus 3 years after termination (for legal claims)
- Analytics data (cookies): per Google Analytics policy — up to 14 months
After the above periods, data is permanently deleted or anonymised.
5. Recipients of Personal Data
Your data may be shared with the following categories of recipients:
- Client companies (employers): only to the extent necessary for recruitment, and only after candidate consent
- IT service providers: hosting and email providers — under data processing agreements only
- Google LLC (USA): via Google Analytics — data transferred under Standard Contractual Clauses (SCC) approved by the European Commission
- Public authorities: only when required by law
We do not sell or share personal data with third parties for marketing purposes.
6. Your Rights
As a data subject, you have the following rights under GDPR:
- Right of access (Art. 15): you can obtain confirmation of whether and what data we hold about you
- Right to rectification (Art. 16): you can request correction of inaccurate or incomplete data
- Right to erasure — "right to be forgotten" (Art. 17): you can request deletion when data is no longer necessary
- Right to restriction of processing (Art. 18): you can request restriction in certain circumstances
- Right to data portability (Art. 20): you can receive your data in a structured, commonly used format
- Right to object (Art. 21): you can object to processing based on legitimate interests
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
President of the Personal Data Protection Office (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
uodo.gov.pl
To exercise your rights, email kontakt@nexthire.pl with the subject "Personal Data". We will respond within 30 days.
7. Cookies & Tracking
Our website uses cookies — small text files stored in your browser. We use the following categories:
| Category | Examples | Purpose | Duration |
|---|---|---|---|
| Essential | nh_cookie, nh_lang, csrf_token | Site functionality, language preference, form security | Session / 1 year |
| Analytics (with consent) | _ga, _gid, _gat | Anonymous traffic analysis via Google Analytics | Up to 14 months |
You can manage cookies through your browser settings or via the cookie consent banner shown on first visit. You may withdraw consent at any time by clearing your browser cookies.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or destruction, including:
- SSL/TLS encryption (HTTPS) on all pages
- Access controls on data processing systems
- Regular data backups
- CSRF token protection on all forms
- Limited storage of uploaded CV files (retained only for the duration of recruitment)
9. Changes to This Policy
We reserve the right to update this Privacy Policy. For any material changes, we will notify you by:
- Updating the "Last updated" date at the top of this page
- Displaying a prominent notice on the homepage for 30 days after the change
We encourage you to review this page periodically. Continued use of our services after changes constitutes acceptance.
10. Data Protection Contact
For all matters relating to personal data processing and the exercise of your rights, please contact us:
ul. Zamknięta 10/1.5, 30-554 Kraków, Poland
Email: kontakt@nexthire.pl (subject: "Personal Data")
Phone: +48 881 320 402