HR Privacy Policy

ACTYC SP. Z O.O. (the “Company”, “we”, “us”, “Actyc” or “our”) respects your right to privacy and maintains the highest level of personal data protection. In carrying out activities, we are committed to acting according to the applicable laws and regulations that define personal data protection.

We prepared this HR Privacy Policy (“Policy”) to provide you with information about the purposes for which your Personal Data will be acquired and how it will be used, what your rights are in relation to the processing of Personal Data we keep about you and how you can exercise them.

This Policy applies to:

  • potential candidates who apply for any job position published by Actyc on job boards, social media, or any other source or provide their personal data via emails, messengers, video and voice calls, or other means of communication in the context of the candidate selection
  • non-selected candidates who have consented to the retention of their Personal Data for future recruitment purposes;
  • current and former employees and independent contractors of Actyc.

What data do we collect and why? 

For the purpose of this Policy, "Personal Data" means any personal data within the meaning of GDPR related to natural persons who are current and former employees or independent contractors, potential candidates, job applicants, and other individuals as appropriate in the context of an employment or contractual work relationship or candidate selection.

As part of human resources procedures, we may process the following types of Personal Data, either submitted as part of an online application and/or directly obtained from you via job boards, e-mails, personal messages to a public page on social networks, video and voice calls, messengers, networking or personal meetings, or any other sources, as well as data obtained as part of the employment or contractual relationship:

Types of Personal Data

Identification Data:

  • Full name;
  • Gender;
  • Passport (ID) number;
  • Tax or social security number;
  • Other government-issued identifiers;
  • Payment details;
  • Other information contained in CV (date and place of birth; current location, photo, language skills, etc.).

Purposes for collecting Personal Data

We use your Identification Data to identify you, to maintain our HRM and ATS systems and HR records, to conduct employment/contractual verification and to facilitate our relationship with you, to administer payroll (or other financial transactions), and other employment/contractual obligations provided by law, as well as for other processing purposes described in this Policy.

Contact Data:

  • Full name;
  • Phone number;
  • Email address;
  • LinkedIn profile;
  • Information contained in the CV.

We use your Contact Data to communicate with you via respective means of communication about matters on employment or contractual relationship. This information can be uploaded by you via the online form on our website. We may use this information for initial and subsequent communications with you. This information may also be uploaded by your referrer as part of the Referral System. In such a case, we can also collect some personal data of the referrer: full name, phone number, email, payments details.

Communication Data:

  • Record of first interview;
  • Record of the correspondence;
  • Other information provided by you during communication.

We use Communication Data to support our recruitment process by storing and analyzing communications (for example, interview, correspondence) with you about your application or any other matters.

Analytics Data:

  • Information about how users interact with our website (e.g. page visits and page load speed);
  • Other information collected via cookies or other tracking technologies.

We may use Google Analytics to help us better understand how individuals use our website. You may install the Google Analytics Opt-Out Browser by clicking here to prevent Google Analytics from using your information for analytics. To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page.

Cooperation Data:

  • Cooperation history information;
  • Time sheets and attendance records; 
  • Contractor compensation records; 
  • Performance reviews records; 
  • Background check records;
  • Incentives and contracts’ breach records; 
  • Internal investigations and security breaches records.

We use Cooperation Data to manage the relationships with contractors and fulfill obligations provided by law (e.g., administration of compensation, incentives, time management and absence planning, monitoring premises, responding to inquiries, providing information and assistance, performance of security purposes, compliance and accountability programs, professional development programs, for archival and recordkeeping purposes, etc.).

We may collect relevant information about potential candidates, such as their children’s age, referral candidates or companies, etc. We don’t collect Personal Data from children under 16 unless a child under 16 is the only emergency contact an individual could provide us with. In most cases, we do not intentionally collect your sensitive data. However, in case that we do, we will only collect, use, and/or disclose sensitive data on the basis of your explicit consent or where permitted by law.

What are the legal bases for data processing?

GDPR provides an exclusive list of lawful bases allowing us to process personal data. During the personal data processing, we rely only on four of them, namely:

Performance of a contract: to enter into an employment/service contract with you or take steps at your request prior to entering into an employment/service contract with you. Although the submission of Personal Data for the entry into a contract is voluntary, without the necessary Personal Data we won’t be able to meet our contractual obligations as your employer or contractor.

Consent: we may occasionally ask you to give consent so we can use your Personal Data for one or more purposes, e.g., for the retention of your Personal Data for future recruitment offerings. Whenever the legal basis for the processing of your Personal Data is consent, we will inform you in advance. Processing your personal data on the basis of consent is always voluntary and without any negative consequences for you. So where the processing of your Personal Data is based on consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent, we will stop processing your Personal Data for that purpose unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of consent won’t impact any of our processing up to that point.

Please note that by uploading your CV or resume to us via our website, we presume you have consented to the further processing of your personal data for recruitment purposes. This processing includes but is not limited to storing, reviewing, and sharing your personal information with relevant parties involved in the recruitment process. If you wish to withdraw your consent, please contact us directly so we can assist you in realising your rights under the GDPR.

Compliance with a legal obligation: please, keep in mind that you are obliged to provide us with your Personal Data that we process on the basis of legal obligation. If you do not provide Personal Data that we absolutely need to collect and process as an employer, we cannot perform our legal obligations. 

Legitimate interest: we may process your Personal Data on the basis of our legitimate interests, for example:

  • to validate CV or resume (including by searching publicly available information) recommendations and references and make background checks in order to provide a healthy and safe working environment, prevent fraud, etc.; 
  • professional learning and development administration;
  • to analyze the performance of employees or contractors;
  • to process family members’ data in the context of HR records – emergency contact, benefits and insurance, etc.

How long do we keep your Personal Data? 

As a Data Controller, we are committed to the data minimization principle, hence we collect, keep, and process only Personal Data we need to fulfill the purposes defined in this Policy. 

Your Personal Data is kept in records in the HR department of Actyc. We store and process your Personal Data until we do not need it for any of the purposes defined in this Policy unless a longer retention period is required or permitted by law, including for the purpose of satisfying any legal, accounting, or reporting requirements, or any other lawful purposes (usually, for tax administration and financial statements, or if we have an ongoing legal proceeding where the employee or contractor is part of). 

In the case of most employee and independent contractor data, it is retained for the duration of your employment or contractual relationship with Actyc and for a particular period of time established under applicable laws and regulations with regard to the storage of such data after that relationship terminates.

When we collect and process your Personal data on the basis of your consent, we will keep your Personal Data during a period specified in this Policy, the consent or until the withdrawal of the consent. 

When we collect and process your Personal data on the basis of a contract, the time period for the retention of data is the entire period of the validity of the contract, including warranty or any other time periods arising from the concluded contract, unless we have a legal obligation for further storage of such data.

What rights do potential candidates, employees and contractors have?

You may exercise the following rights under the GDPR by submitting your request at

  • right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
  • right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data;
  • right to erasure (“to be forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws;
  • right to restriction of processing means that you may ask us to restrict processing where: your personal data is not correct or outdated; the processing is unlawful;
  • right to object to the processing means that you may raise objections on grounds relating to your particular situation;
  • right to data portability means that you may ask us to transfer a copy of your personal data to another organisation or to you;
  • right to withdraw the consent when your personal data processed on a basis of your consent;
  • right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data.

In case of any questions regarding data protection that we cannot answer, you can contact the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities via the link.

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

Where can we get your Personal Data, and to whom may we disclose it?

We may get your Personal data from the following sources:

Directly from you. We collect your Personal Data directly from you when you communicate with us via relevant means of communication such as email, phone number, our social media pages or provided by you via an online form on our website.

Your browser. When you browse our website, your browser automatically transmits certain standard data to us: in addition to your IP address, this includes the type of browser you use, its features, your operating system, as well as other automatically collected information.

Job boards and third-party services. While looking for a candidate, we may publish job positions on job boards, use third-party recruitment services which help us to look for potential candidates to take job positions on their own initiative, and offer relevant ones to us according to our request.

Referral system. We may receive your personal data from a third party who recommends you as a candidate for a specific job opening or for our Company more generally. This information can be uploaded by your referrer as part of the referral system, for example, via the online form on our website.

Other. We may collect information about you from publicly available information, such as social media or other online resources where your information is made publicly available.

We may share your Personal Data with our service providers or contractors to operate our HR processes. Such access is limited to the purposes for which Personal Data were collected. All third parties to whom we may share your Personal Data are bound to comply with the applicable laws as well as the provisions of this Policy.

Where and only to the limit necessary, we may disclose your Personal Data:

  1. To third parties which provide us with services:
    • Google Analytics (Google LLC, USA): to analyze statistical data on how the visitor uses the website in order to improve our website’s functionality. You may find its Privacy Policy here. 
    • Google Drive (Google LLC, USA): to store your data safely by using cloud solutions. You may find its Privacy Policy here.
    • CleverStaff (CleverStaff LLC, Ukraine): to store your data by using cloud solutions. You may find its Privacy Policy here.
    • Trello (Atlassian Pty Ltd, USA): to store data about you. You may find its Privacy Policy here.
    • Matchit (LLC “Matchit me”, Ukraine): to establish cooperation with new clients. You may find its Privacy Policy here. 
  2. To our clients, when we provide them with a service that involves an employee or contractor of our Сompany.
  3. To any state authorities, courts, or public administration bodies when required by law (e.g., Tax Authorities, Social Security Services, etc.).

Do we transfer your Personal Data outside of the European Economic Area?

Yes, we may transfer your Personal Data to countries outside the EU and EEA (the USA, Ukraine, etc.) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR. 

We only transfer your personal data to third parties within the requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where our contractor or customer has an appropriate data processing agreement in place, we may adjoin such a data processing agreement. If so, we may regulate the transfer of Personal Data to such a contractor or a customer by means of this data processing agreement.

For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.

We disclose your personal data to countries outside the EU and the EEA in compliance with our internal international transfer procedure in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons. 

We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA, e.g., prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.

How do we protect your Personal Data?

Your Personal Data is securely stored and processed using technical and organizational measures, which are regularly reviewed to ensure they are state of the art and remain up to date.

Organizational measures include access control to Personal Data. At Actyc your Personal Data may be handled by our HR department, Tech Lead, or other employees or contractors engaged in preparation and organization of job interviews. In all cases, access to your data is strictly restricted to those who are authorized to process personal data. 

Technical measures include work device protection (all the working devices are protected by password and have malware protection software installed). We also diversify data storage using both personal computers and cloud solutions such as Google Drive and Cleverstaff.

Actyc enters into respective contracts defining the protection of personal data to ensure that your Personal Data remains safe and secure in every transfer.

If a Personal Data breach occurs, we will immediately inform you and/or competent supervisory authority about the violation where required to do so as prescribed by data protection legislation.

Do we use profiling or Automated Decision Making?

We don’t use any software, artificial intelligence or any other technologies which are able to make automated decisions that have legal or other serious effects (e.g., reject a CV if it does not have keywords, etc.).


We reserve the right to periodically change this Policy to the actual situation and legislation regarding the protection of personal data. For this reason, we ask that you check the current version before submitting any personal data, so you will be familiar with any changes or updates.

In case of material changes, we will make all reasonable efforts to inform you in advance.

Contact us:

Actyc SP. Z O .O.
ul. Grochowska 44 lok. U3, Warsaw, Poland
+380 93 052 99 65