flowork logo

Privacy Policy

As the IPF capital group, we respect the privacy of users of our websites, which is why we process users' personal data in accordance with applicable regulations, ensuring the highest level of diligence to keep this data secure.

This Privacy and Cookie Policy (hereinafter referred to as the "Policy") contains information regarding the processing of users' personal data by companies in the IPF capital group, who we are, what user information we collect when they use our websites and related services, as well as for what purpose and how we use this information. The Policy also explains the rights that users have in relation to the processing of their personal data.

§1. Information about the Personal Data Administrator

The IPF Group (i.e., a group of enterprises within the meaning of Article 4, point 19 of the GDPR) consists of the following companies:

  • IPF GROUP SPÓŁKA AKCYJNA, based in Poznań at Piekary 7, 61-823 Poznań, registered in the National Court Register under KRS number 0000597377, with its registry files maintained by the District Court of Poznań Nowe Miasto and Wilda in Poznań, VIII Commercial Division of the National Court Register, NIP: 7811921803, REGON: 363533525, acting as the parent company (controlling enterprise);
  • IPF GLOBAL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, based in Poznań at Piekary 7, 61-823 Poznań, registered in the National Court Register under KRS number 0000596494, with its registry files maintained by the District Court of Poznań Nowe Miasto and Wilda in Poznań, VIII Commercial Division of the National Court Register, NIP: 7811872080, REGON: 301902126, acting as a controlled company (controlled enterprise);
  • IPF JOBS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, based in Poznań at Piekary 7, 61-823 Poznań, registered in the National Court Register under KRS number 0000413119, with its registry files maintained by the District Court of Poznań Nowe Miasto and Wilda in Poznań, VIII Commercial Division of the National Court Register, NIP: 7811875747, REGON: 301986896, acting as a controlled company (controlled enterprise);

The administrators of users' personal data, in accordance with the Personal Data Protection Act and the General Data Protection Regulation (GDPR) of April 27, 2016, are the individual companies in the IPF group, depending on the purpose of processing, as described below:

PURPOSE OF PROCESSING - ADMINISTRATOR

  • Responding to inquiries – IPF Global Sp. z o.o.
  • Marketing activities, including sending newsletters – IPF Global Sp. z o.o.
  • Recruitment and employment-related activities – IPF Global Sp. z o.o.; IPF Group SA
  • Contract execution and pre-contractual activities – IPF Global Sp. z o.o.
  • Compliance with legal obligations, including tax and accounting – IPF Global Sp. z o.o.; IPF Group SA
  • Claims handling and legal proceedings – The IPF Group company specified in the contract, order, or applicable regulations.
  • User satisfaction surveys – IPF Global Sp. z o.o.; IPF Group SA
  • Website usage – IPF Global Sp. z o.o.; IPF Group SA

Users can contact us regarding data protection issues via traditional mail at IPF Group, ul. Piekary 7, 61-823 Poznań, or via email at rodo@ipf.jobs.

§2. Purposes and Legal Bases for Processing Personal Data

We may process your personal data to:

  • Provide you with information, including commercial information, about our services, including electronic services, conduct marketing activities, and enable you to ask questions about our offerings and receive responses.
  • Enable you to participate in recruitment processes if you are interested in working with us.
  • Enable you to subscribe to newsletters or other information channels about IPF group company services.
  • Allow you to participate in events organized by the IPF group companies.
  • Fulfill legal obligations imposed on us (e.g., for tax, accounting, and archival purposes and ensuring accountability).
  • Ensure the enforcement of potential claims, including debt collection, court proceedings, arbitration, and mediation.
  • Manage and optimize our website to understand how users use our websites and related services and improve our website.

Providing personal data is voluntary but necessary for us to fulfill the above purposes.

§3. How We Collect Users' Personal Data

We collect users' personal data in the following situations:

  • When users voluntarily provide their data to us, e.g., by subscribing to a newsletter, filling out a recruitment form or contact form, sending a CV, or signing a contract with us.
  • When users visit our websites.
  • When users interact with our social media channels.

Some personal data may be collected and processed automatically from the user's device when accessing our websites, particularly for statistical analysis or presenting personalized marketing content. However, this will not affect users' rights or cause any legal consequences for them. Information about automatic processing is included in the cookies section.

§4. How We Protect Personal Data

Knowing that personal data must be protected against unauthorized or unlawful processing as well as accidental loss, destruction, or damage, and in compliance with applicable legal requirements, we take special care to ensure data security by using appropriate technical and organizational measures.

We ensure that users' personal data is:

  • Processed lawfully, fairly, and transparently.
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Accurate, updated as necessary, and adequate for the purposes for which they are processed.
  • Stored in a form that allows identification of data subjects for no longer than necessary to achieve the processing purpose.

This Policy is regularly reviewed to ensure compliance with legal requirements and best practices in data protection.

§5. Retention Period of Personal Data and Criteria for Determining This Period

The retention period of personal data depends on the purpose and legal basis for processing. If a company within the IPF Group processes personal data based on:

  • Consent given – the processing period lasts until the data subject withdraws their consent or the processing purpose is completed. For example, if you have given consent for the processing of personal data for recruitment purposes, the data will be processed until consent is withdrawn or for 36 months after the recruitment process ends to defend against claims (unless you have consented to participate in future recruitment processes, in which case the data may be used for future recruitment processes until consent is withdrawn).
  • The legitimate interest of the data controller, such as permitted marketing activities, debt collection, legal proceedings, or document archiving – the processing period lasts until the aforementioned interest ceases (e.g., the limitation period for civil claims) or until the data subject objects to further processing, where applicable by law.
  • A contract in which the data subject is a party or in connection with the need to take pre-contractual steps at the data subject's request – the data processing period lasts for the duration of the contract and until the limitation period for claims arising from it expires.
  • Applicable legal provisions, e.g., in connection with the storage of accounting documents or compliance with accountability requirements – processing periods for this purpose are defined by specific legal provisions.

We process users' personal data only for the period justified by the purpose for which the data was collected and as permitted by law.

§6. Use of Other Websites

The website www.ipf.jobs may contain links redirecting users to other websites (e.g., to the websites of partners cooperating with IPF Group companies). External websites that we do not administer may have different privacy policies. Before providing personal data on these websites and for the purposes of their administrators, we recommend reviewing the applicable privacy policy.

To provide electronic services, IPF Group companies may also use external websites, such as those of entities they cooperate with. An example of this would be our job application forms, which are hosted on the websites of our partners. We ensure that all entities we work with to provide our services guarantee the proper protection of data, as described further in § 7 of this Privacy Policy.

§7. Transfer of Data to Other Entities

With the user's consent, personal data may be transferred to national and/or international companies within the IPF Group for the purposes described above, including marketing purposes.

Additionally, with the user's prior consent, we may transfer user data to clients we cooperate with and for whom we conduct recruitment, to initiate or manage the user's employment with the client.

In some cases, users' personal data will be transferred to entities providing legal, courier, IT, statistical, accounting, and recruitment services on our behalf. If required by law, your data may be disclosed to entities such as courts or law enforcement authorities.

We always ensure that the transfer of user data to other entities does not compromise the security of the data. Therefore, we require the entities we cooperate with to adhere to data processing rules that are no less stringent than those we apply, in accordance with legal regulations.

Users' personal data may be transferred to other countries where IPF Group companies or clients are based. However, these countries are all within the European Economic Area (EEA). This means that although user data may be transferred outside Poland, it will still be protected under the same rules as within the country.

If a user has any concerns regarding the adequate protection of their personal data, they may contact us at rodo@ipf.jobs.

§8. Users' Rights

Each user has the following rights:

  • The right to submit a written request to stop processing their personal data.
  • The right to object to the use of their personal data for purposes based on our legitimate interests; more information on the right to object can be found [here].
  • The right to access personal data.
  • The right to data portability.
  • The right to request completion, updating, rectification, temporary or permanent suspension of processing, or deletion of personal data if it is incomplete, outdated, incorrect, collected unlawfully, or no longer needed for the purpose for which it was collected. Additionally, users have the right to request the restriction of data processing.
  • The right to receive information on which personal data we process, since when, from what source we obtained the data, for what purpose and scope it is processed, and to whom it has been disclosed.
  • The right to withdraw consent, if data processing is based on consent. Withdrawing consent does not render prior processing unlawful. Likewise, processing of personal data of a user who has withdrawn consent will still be legal if we can process the user's personal data on another legal basis or if we are legally required to continue processing the data.

Users wishing to exercise any of these rights, especially those intending to withdraw consent for data processing, should submit a request via email to rodo@ipf.jobs, or in writing to our address provided at the beginning of this Policy. We will respond to every request within one month, even if we are unable to fulfill the request within that time. In such cases, we will inform the user of the actions taken.

Users may also send us an inquiry to confirm whether their personal data is being processed.

Right to Object to the Processing of Personal Data

A user whose data is processed for purposes based on the legitimate interests of the data controller or a third party (e.g., for direct marketing of our products or services, for profiling) has the right to object at any time to such processing for reasons related to their particular situation.

Once an objection has been submitted, we will cease processing the user's personal data unless there are compelling, legally justified grounds for processing that override the user's interests, rights, and freedoms or if the data is necessary for establishing, pursuing, or defending legal claims.

Users can object by, for example, sending us a message at rodo@ipf.jobs.

Right to File a Complaint

Every user has the right to file a complaint with the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych) at the following address:

ul. Stawki 2, 00-986 Warsaw, Poland.

§9. Cookies

We use cookies on our websites. Cookies are small pieces of information stored by the user's browser or smart device.

Cookies are used for the following purposes:

  • To create statistics that help us understand how users interact with our websites, enabling us to improve their structure and content.
  • To maintain user sessions (after logging in), so that users do not have to enter their login and password on every subpage of the website.
  • To determine user profiles in order to display tailored content in advertising networks, particularly the Google network.
  • To assess how users utilize the website, generate reports on website traffic for site operators, and provide other services related to website traffic and internet usage. Users’ IP addresses are not linked to any other data held by Google.
  • To analyze how our websites are used and measure the effectiveness of promotional activities (via Google Analytics).

Without your consent, we only install necessary cookies, i.e., those ensuring the proper functioning of the website. For other types of cookies, such as those used to generate statistical data or tailor displayed content, your consent is required. You can change your cookie preferences at any time. Detailed information about these changes can be found in the settings of your web browser. Users can block the storage of cookies this way. However, please note that completely blocking cookies may prevent full use of all functions on our website.

Our website uses two main types of cookies:

  • Session cookies – temporary files stored on the user’s device until they log out, leave the website, or close their browser.
  • Persistent cookies – stored on the user’s device for a time specified in the cookie parameters or until manually deleted by the user.

Server Logs

Information about some user activities is logged at the server level. This data is used solely for website administration and ensuring the smooth operation of hosting services.

The resources accessed are identified by URL addresses. Additionally, the following may be logged:

  • The time of the request.
  • The time of the server response.
  • The client’s device name – identified via the HTTP protocol.
  • Information about errors that occurred during HTTP transactions.
  • The URL of the previously visited page (referrer link) – if the transition to the site was via a link.
  • Information about the user’s browser.
  • The user’s IP address.

Google Analytics

Cookies enable the functioning of statistical measurement tools. Our website uses Google Analytics, which helps us gather and analyze information regarding browsers used, page visits, and the effectiveness of marketing campaigns.

The data obtained through Google Analytics is used to continuously improve our website for users. Users can prevent Google from collecting data generated by cookies regarding their use of the website (including their IP address) and from processing this data by downloading and installing the plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en.

Facebook

Cookies enable statistical functions on Facebook. This software helps collect and analyze information on the effectiveness of marketing campaigns. The data gathered through Facebook statistics is used to continuously improve our website.

Data of individuals who have liked the IPF business profile may be processed in a non-anonymized form in the following cases:

  • When communicating via Facebook Messenger.
  • When commenting on posts on the IPF profile.

The data of individuals who have liked the IPF profile will not be used for any other purpose than the one for which it was provided. Its processing will only take place on the Facebook platform and in accordance with Facebook’s general terms of use. Detailed information on Facebook’s privacy policy can be found here: https://www.facebook.com/about/privacy.

§10. Transfer of Data to a Country Outside the European Economic Area or to an International Organization

Due to our collaboration with service providers such as Google and Facebook, your data may be processed by these entities outside the European Economic Area (EEA), as their headquarters are located in the United States.

We assure you that these entities meet the security requirements for personal data processing set forth by the EU-U.S. Data Privacy Framework. This framework was implemented by the European Commission's decision on July 10, 2023, and issued by the U.S. Department of Commerce (EU-U.S. DPF). This ensures that data transfers from the EU to the U.S. are legally compliant while maintaining the privacy rights of EU citizens under European data protection regulations.

§11. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy to ensure compliance with current legal requirements. The latest version of the Privacy Policy will always be available on our website.