Privacy policy

Recruitment privacy policy

This policy (hereinafter referred to as the "Policy") applies to the personal data of job candidates collected and used by Gemius S.A. or AdOcean sp. z o. o. for recruitment processes

Who processes your data?

The joint controllers of your personal data are Gemius S.A. (KRS: 0000041076) and AdOcean sp. z o.o. (KRS: 0000208080), both with their registered office at 48 Domaniewska Street in Warsaw (02-672). To achieve business goals, in particular, to improve recruitment processes and ensure unified security standards, as well as due to organizational connections, the companies act as joint controllers. "We" in this document means both joint controllers.

What is the legal basis for data processing?

Personal data is processed based on the Labor Code. If you provide other data to the extent not specified by law, we will process them based on your consent to processing personal data. You can voluntarily express your consent in this case. We will also process your data for the purposes of future recruitment if you agree. You can revoke any consent at any time.

To whom is the data transferred, and with whom is it shared?

The recipients of personal data may be providers of job advertisement publication services, providers of recruitment management systems, IT service providers (hosting), legal advisors, medical facilities (occupational medicine), courier or postal service providers, or entities authorized to do so under the binging law. We do not transfer your personal data outside the European Economic Area (EEA).

How long is the data stored?

Personal data will be processed until the end of recruitment, understood as signing a contract with one of the candidates. In the case of consent to data processing for future recruitment processes, we will process the data for 24 months.

What are your rights?

You have the right to:

  • revoke the consent at any time;
  • access your personal data and receive a copy thereof;
  • rectify your personal data;
  • restrict the processing of personal data;
  • erasure of personal data;
  • file a complaint to the President of the Data Protection Authority (address: Personal Data Protection Office, Stawki 2, 00 – 193 Warsaw, Poland).

Obligation to provide data

Providing personal data in the scope resulting from the Labor Code is necessary to participate in the recruitment procedure. Providing other data is voluntary.

The essence of the arrangements between joint controllers

We have established the following rules of cooperation related to the protection of your personal data in the course of recruitment:

  • Both joint controllers closely cooperate in implementing their own tasks regarding protecting personal data. Our cooperation includes, for example, ensuring the consistency of safety standards and legal and technical consultations.
  • Gemius S.A. is responsible for implementing information obligations on behalf of both joint controllers.
  • Each joint controller is responsible for handling personal data breaches found by the data controller in question. Gemius S.A. is responsible for handling the breach if the breach concerns both joint controllers.
  • You can contact any joint controller of your choice. Each joint controller independently exercises your rights resulting from the provisions of the GDPR (e.g., the right to access data), but the joint controller to whom you submit your request is delegated to handle communication with you.

Contact regarding the processing of personal data

Any questions and doubts regarding data processing can be reported by contacting us via e-mail zrr [at] or to the postal address of one of the joint controllers (Gemius S.A. or AdOcean sp. z o.o.) indicated above. We have also appointed a Data Protection Officer – Jacek Grabowski, whom you can contact at the following e-mail address: privacy [at] Under this email, you can obtain additional information on the content of the agreements between the joint controllers in accordance with Article 26(2) of the General Data Protection Regulation.