Information Clause of the Personal Data Controller for Candidates for employees and partners


  1. ATS DISPLAY Sp. z o.o. with its registered office at ul. Boryszewska 22 C, Wiązowna 05-462, entered in the Register of Entrepreneurs maintained by the District Court in Warsaw for the Capital City Warsaw, XIV Commercial Division of the National Court Register, under KRS number: 0000075752, Taxpayer Identification Number (NIP): 5321790563, National Business Registry Number (REGON): 01744535800000 – is the Data Controller (hereinafter referred to as the Controller) of the personal data of candidates for employees and associates, hereinafter referred to as Candidates.
  2. The personal data of Candidates is processed by the Controller for the purposes of:
  • conducting recruitment for employees and associates,
  • for future recruitment needs, provided that the Candidate gives consent for such processing.
  1. Providing personal data is voluntary, but necessary for the Candidate’s participation in the recruitment process. In particular, the Controller has the right to request Candidates to provide or document personal data as indicated in Art. 221 § 1 of the Act of 26 June 1974 – Labour Code or personal data necessary to conclude a civil law contract.
  2. The Controller processes personal data for the period necessary to achieve the objectives mentioned in clause 2 above. Furthermore, if the Candidate gives consent for the processing of personal data for future recruitment purposes, as referred to in clause 2(b) above, the Controller will process such data for this purpose for a period of three years from the date of giving such consent or until the Candidate withdraws their consent before the expiry of this period, which will not affect the lawful processing of data before the withdrawal of consent. Personal data may be processed for a longer period than that indicated in this clause, where such an obligation imposed on the Controller arises from specific legislation or is justified by the assertion or defence of claims.
  3. The source of the personal data processed by the Controller is Candidates.
  4. The legal basis for processing the personal data of Candidates is:
  •   Art. 6(1)(b) of the GDPR, i.e. the necessity to take action at the request of the Candidate before concluding a contract, or
  •   Art. 6(1)(a) of the GDPR, i.e. the Candidate’s consent to process personal data for future recruitment needs, or
  •   Art. 6(1)(c) of the GDPR – a legal obligation arising from legal provisions – i.e. Art. 229 of the Labour Code, or
  •   Art. 9(2)(h) of the GDPR – the necessity of processing for health or occupational medicine purposes and to assess the employee’s ability to work, or
  •  Art. 6(1)(f) of the GDPR – the legitimate interest of the Controller consisting of the possibility to take actions related to the protection against claims or the pursuit of claims related to the recruitment process.
  1. The personal data of Candidates is not transferred to a third country within the meaning of the GDPR provisions.
  2. The Controller does not disclose personal data to third parties without the express consent of data subjects. Personal data, without the consent of the data subject, may be disclosed only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement agencies and other entities authorised by generally applicable legal provisions, such as the Social Insurance Institution or the Tax Office) in cases provided for by generally applicable legal provisions.
  3. Personal data may be entrusted for processing to entities processing such data on behalf of the Controller. The Controller entrusts the personal data of Candidates to:
  •  IT companies providing hosting services, managing Internet domains and dealing with the operation of computer systems used by the Controller,
  • suppliers of recruitment platforms,
  • security firms,
  • CRM tool providers,
  • companies providing document destruction services.
  1. Candidates’ personal data is not subject to profiling.
  2. In accordance with the GDPR provisions, Candidates have the right to:
  • be informed about the processing of personal data,
  • access their personal data,
  • correct, supplement, update, rectify personal data,
  • delete data (right to be forgotten),
  • restrict processing,
  • transfer data,
  • object to the processing of personal data,
  • in the case of the legal basis referred to in point 6(b) above – the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,
  • not be subject to profiling,
  • lodge a complaint with the supervisory authority (i.e. the President of the Personal Data Protection Office), taking into account the principles of using and exercising these rights arising from the GDPR provisions.
  1. The Controller has appointed a Data Protection Officer, who is Konrad Cioczek. All inquiries, applications and complaints regarding the processing of personal data by the Controller should be directed to the DPO’s email address: or in written form to the address: ul. Boryszewska 22 C, Wiązowna 05-462.
  1. In the content of the submission, it is necessary to clearly indicate:
  • the data of the person or persons concerned by the Submission,
  • the event that gives rise to the Submission,
  • your request and the legal basis for these requests,
  • the way in which the case is expected to be handled.