Privacy Policy

Onwelo S.A. is the owner of the Hello Astra application intended for managing recruitment processes. with its registered office in Warsaw (01-207 Warsaw), ul. Karolkowa 30 (hereinafter “Onwelo” or ” Controller”).

We make every effort to protect the privacy of people who use our services, including application Hello Astra. In this Privacy Policy, we specify how we collect and process your personal data when you use our website and application.

Read the definitions of terms that you will come across in our Privacy Policy:

• Application – the Hello Astra application, enabling the Customer to manage the candidate database and recruitment processes.
• Client – a legal person, an organizational unit without legal personality, as well as a natural person conducting business activity, which has concluded an Agreement with Onwelo for the provision of Services.
• User account – User’s individual profile, created after registration in the Application, through which he can use the functionality and resources of the Application.
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation) of 27 April 2016 (Official Journal of the EU No. 119, page 1).
• Service – website at https://helloastra.com, under which Onwelo provides its services.
• Services Agreement – contract for the provision of paid access to the Application contain nonpaid access.
• User – a natural person using the Application, employed by the Customer in any form, including under a civil law contract.

Data controller

Onwelo is the controller of data that we collect when you use the Application. You can contact us by e-mail: contact@onwelo.com or in writing to the address of the registered office.

We have also appointed a data protection officer, whom you can contact by e-mail: daneosobowe@onwelo.com or in writing (to the registered office with the note: Data Protection Officer).

Purposes and legal basis

The scope of your personal data that we collect, the purposes and the basis for their processing depend on the services you use via our website or Application. You will find the required information for each service in the list below.

Contact	Scope of data: Personal data Purpose of data processing: Contact, verification Basis of data processing: 3 years from the date Period of data storage: Our legitimate interest
Contact regarding the application	Scope of data: Provided when completing the online contact form and data on your business activities obtained from publicly available sources (e.g. CEIDG) Purpose of data processing: The accuracy of the data provided in the form, communication in matters related to the Application Basis of data processing: of sending the completed form. After this period, the data will be deleted, anonymized or will be processed for another purpose specified in the Privacy Policy Period of data storage: (art.6 par.1 lit.f GDPR) which is to enable you to become familiar with the Application and its functions
Conclusion and performance of contracts	Scope of data: Personal data provided when completing one of the forms to conclude a contract Purpose of data processing: Conclusion, performance and settlement of Agreements and performance of tax and accounting obligations, debt collection and determination, investigation or defense against claims arising from non-performance or improper performance of Agreements Basis of data processing: 6 years from the date of expiry or termination of the Agreement and for tax and accounting purposes for the period specified in specific tax and accounting regulations Period of data storage: Actions necessary to conclude and perform the contract (art.6 par.1 lit.b GDPR) Compliance with legal obligations incumbent on Onwelo SA (art.6 par.1 lit.c GDPR) Our legitimate interest (art.6 par.1 lit.f GDPR) which is the ability to establish, investigate or defend against claims
Using the application	Scope of data: Login and data contained in the user’s profile and data related to the user’s activity in the Application (e.g. the frequency of using certain functions) Purpose of data processing: Authentication in the Application, enabling the use of specific functions and monitoring activity in the Application in order to improve it and provide technical support Basis of data processing: The period of using the Application, but no longer than 3 years from the date of the last login to the Application. After this period, the data will be deleted, anonymized or will be processed for another purpose specified in the Privacy Policy Period of data storage: Our legitimate interest (art.6 par.1 lit.f GDPR), which is to ensure security in the Application and its proper functioning as well as keeping statistics for technical support and development of the Application
Newsletter sending	Scope of data: E-mail address Purpose of data processing: Ongoing information on events organized by us (e.g. webinars), published articles, new Application functionalities and other Onwelo offers Basis of data processing: Until you unsubscribe from the newsletter. After this period, the data will be deleted, anonymized or will be processed for another purpose specified in the Privacy Policy Period of data storage: Our legitimate interest (art.6 par.1 lit.f GDPR) which is the promotion of our products and services, if you agree to receive the newsletter
Marketing of our products and services	Scope of data: Personal data provided when completing one of the online forms or when subscribing to the newsletter Purpose of data processing: Sending commercial information, including direct marketing, understood as directing marketing messages (including information, commercial and promotional content) via e-mail Basis of data processing: Until you withdraw your consent or object to receiving commercial information, but no longer than for a period of 3 years from the date of recording your last activity in our marketing campaigns (e.g. opening advertising mailing). After this period, the data will be deleted, anonymized or will be processed for another purpose specified in the Privacy Policy Period of data storage: Our legitimate interest (art.6 par.1 lit.f GDPR), consisting in direct marketing of your own products and services – if you have consented to communication by e-mail or telephone to receive such information from us or you have subscribed to our newsletter
Answering questions, applications and complaints	Scope of data: First name, last name, email address, data on the use of the Application related to the inquiry, information contained in the content of the inquiry Purpose of data processing: Answering questions, applications and complaints Basis of data processing: Until the answer to the question, consideration of the application or complaint, but no longer than 3 years from the receipt of the question. Period of data storage: Our legitimate interest (art.6 par.1 lit.f GDPR), which is communication with the client and handling his inquiries
Determination, investigation and defense against claims	Scope of data: Name, email address, data on the use of the Application Purpose of data processing: Determination, investigation and defense against claims, including claims for damage caused by unlawful use of the Application Basis of data processing: 6 years from stopping using the Application Period of data storage: Our legitimate interest (art.6 par.1 lit.f GDPR), which is the ability to establish, investigate or defend against claims

Information on the requirement of data

Providing the indicated scope of data is a condition of access to and use of the Application or is required for the implementation of other services – such as answering an inquiry, receiving a newsletter or receiving ordered marketing and promotional information.

Information about profiling and automated decision making

The processing of your personal data does not include automated decision making, including profiling.

Recipients of personal data

The recipients of your personal data will be our authorized employees, persons cooperating with us on the basis of civil law contracts and entities providing services to us, including IT, hosting, legal and consulting services.

Transmission of data outside the eea

Some of our suppliers may be based outside the European Economic Area (EEA), in which case we transfer data on the basis of standard contractual clauses adopted by the Commission (EU) or participation in the “Privacy Shield” program established by Commission Implementing Decision (EU) 2016/1250 of on July 12, 2016 on the adequacy of protection provided by the EU-US Privacy Shield. The conditions for the transfer of personal data to third countries can be found at:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Social media

Contact via social media – contact with us is also possible through our social profiles on Facebook, LinkedIn and Twitter. We can use the services of our partners to keep in touch with you or provide you with content. We only use the data obtained in connection with the inquiry addressed to us through social networking sites to provide the answer. Nevertheless, social media collects personal data independently (in connection with the user profiles created in them), therefore the User should read the privacy policies of these portals.

Links to other companies ‘websites – the website contains links to other companies’ websites, you should read their privacy policies. We also use the so-called Facebook, Instagram, Linkedin and Twitter plugins that allow direct redirection to our profiles on these websites. When you click the plug-in, your browser directly connects to the server of the given portal. If you are logged in to one of the social networks at that time, information about your visits to our Website will be sent to their servers, which will be able to be assigned to your account on this portal. If you do not want to transfer this data, you should log out of the respective social network before clicking on the plugin.

Your rights in connection with the processing of personal data

Under the terms of the GDPR, you have the following rights:

• Right to access your personal data and receive a copy of it ( Article 15 GDPR)
• Right to rectify (correct) your personal data (Article 16 of the GDPR)
• The right to limit the processing of personal data in the cases specified in Article 18 GDPR
• The right to delete personal data in the cases specified in Article 17 clause 1 GDPR, subject to the exceptions set out in Article 17 clause 3 GDPR
• The right to transfer data in the cases specified in Article 20 GDPR
• he right to object to the processing of personal data in the cases specified in Article 21 GDPR – you have the right to object to the processing of your personal data, including profiling, at any time, if we process your data based on our legitimate interest (e.g. in the case of marketing our products and services).
• The right to withdraw consent – you have the right to withdraw your consent at any time, if we process your personal data on the basis of consent, its withdrawal only works for the future and does not affect the processing carried out by us in accordance with the law before its withdrawal.

Demands for the exercise of rights should be sent via e-mail to daneosobowe@onwelo.com.

You have the right to lodge a complaint with the supervisory body if you feel that the administrator is processing your personal data contrary to legal requirements. The supervisory body for the processing of personal data by Onwelo SA is the Polish Office for Personal Data Protection https://uodo.gov.pl.

Data safety

We make every effort to ensure the security of your personal data, including by encrypting data transmission during registration and logging into the Application.

Updating privacy policy

Any changes to the above Privacy Policy will be made by publishing its new version on the website, and in the event of significant changes by sending separate notifications to the e-mail address you specify.