Personal data means information about an identified or identifiable natural person. The processing of personal data is in principle any activity on personal data, regardless of whether it is carried out by automated means or not, e.g. collection, storage, recording, ordering, modification, viewing, use, sharing, restriction, deletion or destruction. JIT processes personal data for various purposes, whereby, depending on the purpose, different methods of collection, legal bases for processing, use, disclosure and retention periods may apply.

This privacy policy applies to all cases where the JIT is the controller of personal data and processes personal data. This applies both to cases in which JIT processes personal data obtained directly from the data subject and cases in which it has obtained personal data from other sources. The JIT fulfils its information obligations in both of the above cases.

The controller within the meaning of the GDPR regulation, in relation to personal data, is jointly:

JIT Team Sp. z o. o. (KRS no. 0000363948), JIT Services sp. z o.o. (KRS no. 0000750403) and JIT Services sp. z o.o. sp.k. (KRS no. 0000773386), based at ul. Łużycka 8C, 81-537 Gdynia.

Being a controller means that the JIT sets the purposes and means of processing personal data on its own and under its own responsibility.

Contact to the data administrator in all matters related to the protection of personal data may take place at:

Email: rodo@jit.team

JIT processes personal data in accordance with the law, complying with the provisions of Regulation (EU) of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR) and the Act of 10.05.2018 on the protection of personal data and its implementing provisions.

In order to ensure the transparency of personal data, the JIT informs individuals about the rules for the processing of personal data belonging to them.

Taking care of the protection of personal data, JIT uses appropriate safeguards and technical measures to ensure the protection of data processing, in particular:

• protects against the processing of personal data in violation of applicable law;
• secures personal data against access by unauthorized persons;
• protects personal data against loss (ensures data integrity);
• grants access to personal databases to persons authorized to process them only to the extent and to the extent that ensures the proper functioning of the company and compliance with personal data protection regulations.

JIT processes personal data in order to maintain and develop the Company's operations.

JIT may process personal data:

• employees and associates – in order to perform contracts concluded with them, conduct the Company's operations, including offering services to clients, as well as to fulfill legal obligations,
• candidates in recruitment processes – in order to attract employees and associates and offer services to clients,
• customers, their representatives and staff – in order to perform contracts concluded with customers,
• potential clients, their representatives – in order to conclude contracts, propose services provided by JIT,
• participants of organized events – in order to provide opportunities to conduct events such as trainings, lectures, congresses, etc.,
• persons contacting JIT – in order to maintain the possibility of contacting such persons,
• users of JIT websites (using cookies) – to improve and customize the content made available to these users,
• persons reporting an irregularity or abuse, called whistleblowers - in order to analyze the situation described in the report, take appropriate steps and respond to the report.

7a. Personal data of employees and associates

JIT processes personal data of employees and associates in order to implement contracts binding with these persons, to pursue the legitimate interests of the administrator, as well as to fulfill legal obligations incumbent on him.
Detailed information on the principles of processing personal data of JIT personnel is available in the internal JIT network.

7b. Personal data of candidates in recruitment processes

JIT processes personal data of candidates in recruitment processes in order to establish cooperation with these persons and to present them to clients and potential clients.

The processing of personal data, including their sharing with clients and potential customers, is based on the candidate's consent (Article 6(1)(a) of the GDPR).

The following data are processed: name, surname, address, contact details, education, career course, professional skills, as well as other data provided by the candidate in the CV. Providing data by the candidate is always voluntary.

The data is processed until the candidate withdraws his consent. The candidate has the option of withdrawing consent to the processing of his personal data at any time. If the candidate does not withdraw consent to the processing of his personal data in the event of conducting the recruitment process without time limit - until the purpose for which the personal data was obtained and is processed ceases to exist.

7c. Personal data of customers, their representatives and staff

JIT processed personal data of customers who are natural persons, as well as representatives and staff of customers in order to perform contracts concluded with customers (Article 6 (1) (b) of the GDPR, as well as due to the legitimate interest of JIT, in particular to defend their rights and pursue claims (Article 6 (1) (f) of the GDPR.

The following data are processed: name and surname, contact details, data on the participation of a given person in cooperation with JIT.

The data is processed for the period of cooperation and the period of limitation of possible claims.

7d. Personal data of potential customers and their representatives

JIT processed personal data of potential customers, who are natural persons and customer representatives in order to conclude a contract.

The following data is processed: name and surname, contact details.

The basis for the processing of personal data is to take action to conclude a contract at the request of the data subject (Article 6 (1) (b) of the GDPR) or on the basis of the consent of the person concerned (Article 6 (1) (a) of the GDPR).

The data is processed until the consent is withdrawn or until the end of activities related to the conclusion of the contract (e.g. negotiations).

7e. Personal data of event participants

JIT organizes events addressed to external persons, e.g. trainings, competitions, congresses, etc. For this purpose, jiT may process the personal data of their participants.

The following data are processed: name and surname, contact details, possible other data related to the nature of the event.

The basis for the processing of personal data is the consent of the person concerned (Article 6(1)(a) of the GDPR).

The data is processed until the consent is withdrawn or until the end of the event and the limitation of any claims related to it.

7f. Personal data of contact persons

JIT may process personal data of persons who initiate contact via the contact form on the website, by e-mail or other correspondence.

The following data are processed: name and surname, contact details, possible other data related to correspondence and voluntarily provided by this person.

The basis for the processing of personal data is the consent of the person concerned (Article 6 (1) (a) of the GDPR), and in special cases for the purpose of defending their rights and pursuing claims (Article 6 (1) (f) of the GDPR.

The data is processed until the consent is withdrawn or until the limitation period for any claims arising from correspondence, if any.

7g. Personal data of persons reporting violations of the law - whistleblowers

JIT may process personal data of persons reporting behavior or practices that constitute abuses or offenses in relation to applicable legal provisions.

The following data is processed: email, telephone number, title and description of the report and any other data resulting from the content of the report and provided by the reporting person.

Personal data will be processed in order to fulfill legal obligations arising from the Act of June 14, 2024 on the protection of whistleblowers. The legal basis for processing is Art. 6 section 1 letter c) GDPR. The data is processed for the period specified in the law and until the limitation period for any claims arising from the notification, if any, may arise.

The recipients of the data are persons designated to handle notifications - Compliance & Cybersecurity Manager and Head of HR. Additionally, people responsible for administering the mailbox may have access to the e-mail address - they do not have access to the content of the notifications.

JIT fulfils its information obligations both in the case of obtaining personal data from data subjects and in the case of obtaining data from other sources.

In the case of obtaining personal data from the data subject, the necessary information is provided in the process of data acquisition.

Where data are obtained from a person other than the data subject, the information obligation shall be fulfilled without delay, unless the data subject already has the information.

The data subject has the right to:

• inspect your personal data and request modification of personal data in the event that they are incorrect;
• request the deletion of your personal data from the database, with the exception of data used in accordance with the Tax Ordinance for accounting purposes or on the basis of other mandatory provisions of law – deletion of data may cause difficulties or inability to further cooperate with JIT.
• request the restriction of data processing;
• object to the processing of data for reasons related to his particular situation;
• request the transfer of personal data by making them available in a commonly used format that allows them to be sent to another administrator

The rights of data subjects are exercised by e-mail to the address indicated in point 3 of this Policy.

JIT does not share the processed personal data with other entities for use for other purposes of these entities not related to cooperation with JIT.

For candidates, JIT may share their personal data with clients and potential clients. The provision of the candidate's personal data is always subject to the possibility of their use only for the purpose of establishing cooperation between the JIT and the client resulting in the successful completion of the recruitment process in which the candidate participates.

JIT entrusts the processed personal data to entities acting on its behalf only after obliging these entities to maintain their confidentiality and after properly entrusting the processing of these data in accordance with the GDPR.

When processing personal data, JIT uses cloud services offered by service providers that meet the highest requirements for the security of personal data processing. As part of the provision of cloud services, personal data may be transferred outside the European Economic Area.

JIT uses the services of the following service providers in this respect:

• Microsoft - https://azure.microsoft.com/pl-pl/overview/trusted-cloud/privacy/
• Amazon Web Services - https://d1.awsstatic.com/whitepapers/compliance/PL_Whitepapers/pl_pl__GDPR_Compliance_on_AWS.pdf
• Amazon Web Services - https://www.atlassian.com/pl/trust/reliability/infrastructure

All these cloud service providers adhere to the highest security standards taking into account standard contractual clauses in accordance with current templates approved by the European Commission, which makes entrusting them with the processing of personal data safe and compliant with the requirements of the GDPR.