Privacy Policy

jobcenter.buzz (hereinafter, the "Controller") is the data controller in respect of personal data processed in connection with its advisory services. This Privacy Policy describes the categories of personal data processed, the legal bases relied upon, the security measures deployed, and the rights of data subjects under Regulation (EU) 2016/679 ("GDPR") and the Polish Personal Data Protection Act of 10 May 2018.

• Identification data: name, position, corporate affiliation.
• Contact data: business email, telephone, electronic correspondence.
• Engagement data: corporate documentation, credentials, applicant dossiers, prior immigration history.
• Transactional data: invoice and gateway-level metadata necessary to process payment.
• Technical data: log files, IP address, device and session metadata related to use of the Controller's digital channels.

• Performance of a contract — Article 6(1)(b) — for engagement delivery.
• Compliance with legal obligations — Article 6(1)(c) — including AML/CFT and accounting law.
• Legitimate interests — Article 6(1)(f) — including the prevention of fraud and the maintenance of service integrity.
• Consent — Article 6(1)(a) — where expressly obtained for specific, optional processing operations.

The Controller implements technical and organizational measures aligned with GDPR Article 32, including: transport-layer encryption (TLS 1.2 or higher) for all data in transit; at-rest encryption (AES-256 or equivalent) for sensitive client dossiers; multi-factor authentication for personnel accessing client records; role-based access control with documented authorization matrices; regular vulnerability assessments and patch-management cycles; and segregated backup storage with documented retention and erasure schedules.

Electronic correspondence containing sensitive documentation is transmitted via encrypted channels and stored within jurisdictionally segregated repositories selected for their adequacy under European data-transfer rules.

Personal data is not sold and is not disclosed to third parties for marketing purposes. Limited sharing may occur with (i) duly licensed counsel coordinating on the engagement, (ii) payment processors operating under their own GDPR-aligned terms, and (iii) competent authorities where legally required. Any transfer outside the European Economic Area is conducted on the basis of an adequacy decision or appropriate safeguards under GDPR Chapter V.

Engagement records are retained for the period required by applicable tax, accounting, and AML legislation, and thereafter erased or anonymized in accordance with the Controller's documented retention schedule. Marketing-related data is retained only for so long as the underlying consent or legitimate interest subsists.

Data subjects are entitled, subject to the conditions of the GDPR, to exercise rights of access, rectification, erasure, restriction, portability, and objection, and to withdraw any consent previously given. Requests may be submitted to info@jobcenter.buzz. Data subjects further retain the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes UODO) or any other competent supervisory authority.

This Privacy Policy may be revised from time to time to reflect changes in law or in the Controller's practices. The version in force at the time of any processing operation governs that operation.