Search in portal

Privacy policy

Compass Group Poland sp. z o.o. places great importance on privacy and its protection. This privacy policy outlines how Compass collects, processes, and uses information, including information about users of the website https://www.compass-group.pl/en/ .In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), we kindly ask you to review the following information and acknowledge its content.

1. Data Controller

The Data Controller, i.e., the entity deciding how your personal data will be used, is Compass Group Poland sp. z o.o., headquartered at ul. Jana Olbrachta 94, 01-102 Warsaw, Poland (hereinafter referred to as Compass or the Controller).

2. How to contact us for more information about the processing of Your personal data?

You can obtain all information related to the processing of your personal data and the exercise of your rights by contacting our Data Protection Officer, Maria Hryniewicz-Wilczopolska, via email at iodo@compass-group.pl or by writing to the following address: Compass Group Poland sp. z o.o., ul. Jana Olbrachta 94, 01-102 Warsaw, Poland.

3. Cookies

In addition to this document, we have prepared a separate document titled Information about cookies” available at the following link: https://www.compass-group.pl/en/information-about-cookies, providing information for users of Compass's website on how we use cookies to personalize content and advertisements, offer social media features, and analyze traffic on our website.

Information about your use of our website may be shared with our social media, advertising, and analytics partners. These partners may combine this information with other data you have provided to them or that they have obtained during your use of their services. The Controller will have access to the aforementioned data and information during your next visit to the domain https://www.compass-group.pl/. Your data will be processed for purposes consistent with the consents you have provided.

4. For what purpose, on what legal basis, and for how long does Compass process Your personal data?

We inform you that Compass processes your personal data for the purposes described below:

I. Recruitment

This section of our privacy policy applies when you participate in the recruitment process at Compass.

1. For what purpose and on what legal basis do we process Your personal data?

a. Data processing in the recruitment process

If you apply for a position at Compass, we process your personal data to conduct the recruitment process. The legal basis for this is Article 22[1] § 1 and 2 of the Labor Code and Article 6(1)(b) and (c) of the GDPR.

b. Voluntary consent for additional data processing

With Your consent, we may process:

  • Your image (CV photo) – based on Article 22[1a] § 1 and 3 of the Labor Code and Article 6(1)(a) of the GDPR,
  • Other personal data beyond legally required information, excluding special categories of data – Article 22[1a] § 1 and 3 of the Labor Code and Article 6(1)(a) of the GDPR,
  • Special category data (e.g., biometric data) – Article 22[1b] § 1 of the Labor Code and Article 9(2)(a) of the GDPR,
  • Data for future recruitment processes – Article 6(1)(a) of the GDPR.

c. Legitimate interest of the data Controller

We may process your data under Article 6(1)(f) of the GDPR to prevent fraud and protect against claims.

2. Your rights regarding consent

You have the right to withdraw your consent for data processing at any time, without affecting the lawfulness of processing carried out before the withdrawal.

3. Voluntary data submission

Providing personal data required by the Labor Code is voluntary but necessary to participate in the recruitment process. Refusing consent to process additional data (such as your image) does not affect the recruitment process.

4. How long do we store Your personal data?

  1. Data processed for recruitment purposes – up to 60 days after the recruitment process concludes.
  2. Data processed with consent for future recruitment – up to 12 months or until consent is withdrawn.
  3. Data processed under the legitimate interest of the Data Controller – until an objection is raised or claims become time-barred.

5. No automated decision- making

Your personal data will not be subject to automated decision-making or profiling.

6. Additional information about application

By submitting your CV, you consent to the processing of your personal data for recruitment purposes. If you do not wish for additional information to be processed, please do not include it in your application documents. Please avoid providing sensitive data, such as: Health conditions, Disabilities, Political or religious beliefs Other data specified in Article 9 of the GDPR.

Applications containing sensitive data will only be considered if you have given explicit consent.

II. Conclusion and performance of contracts with contractors

This section of the Privacy Policy pertains to the principles of processing personal data of our contractors, their representatives, employees, and associates, as well as other persons working or cooperating with our contractors in connection with the conclusion and performance of agreements entered into by Compass.

1. For what purpose and on what legal basis do we process Your personal data?

 a. Conclusion and performance of a contract

If you are a party to a contract, your personal data is processed for the purpose of concluding and performing the contract in accordance with Article 6(1)(b) of the GDPR.

b. Representation of the contractor

If you represent a contractor, your data is processed to determine and verify the right to represent the company based on Article 6(1)(f) of the GDPR (legitimate interest of the data controller).

c. Maintaining contact and cooperation

If you have been designated as a contact person or are involved in implementing the terms of the contract, your data is processed to ensure proper performance of the contract and ongoing communication between the parties, pursuant to Article 6(1)(f) of the GDPR.

d. Assertion and defense of claims

Your data may be processed to establish, assert, or defend claims arising from Compass's business activities, based on Article 6(1)(f) of the GDPR.

2. Voluntary data submission

Providing personal data is voluntary but necessary for concluding and performing the contract. Failure to provide data will prevent the contract's conclusion and its proper execution.

3. How long do we store Your personal data?

Your personal data will be stored for the duration of the contract between Compass and the contractor in accordance with legal provisions and for the period necessary to assert potential claims between the contracting parties.

III. Whistleblowers (Speak Up platform)

This section of the Privacy Policy concerns the personal data of whistleblowers submitting reports through the Speak Up platform.

1. For what purpose and on what legal basis do we process Your personal data?

 a. Handling reports of legal violations

The personal data of whistleblowers is processed for the purpose of considering the report of a legal violation and taking appropriate follow-up actions, in accordance with the provisions of the Whistleblower Protection Act. Legal basis: Article 6(1)(c) of the GDPR in conjunction with Article 8(4) of the Whistleblower Protection Act of June 14, 2024.

b. Processing special categories of data

If the report contains special categories of data (e.g., related to health or sexual orientation), we process such data due to a significant public interest as regulated by the Whistleblower Protection Act, based on Article 9(2)(g) of the GDPR.

c. Disclosure of data based on consent

Personal data may be disclosed only with the whistleblower’s consent, based on Article 6(1)(a) of the GDPR.

d. Data regarding criminal convictions

If it is necessary to process information about criminal convictions, this is done according to specific legal provisions under applicable law.

e. Assertion and defense of claims

Data may be processed to protect our legitimate interests related to establishing, asserting, or defending claims, based on Article 6(1)(f) of the GDPR.

2. Obligation to provide data

Providing personal data is necessary to enable the submission and review of a legal violation report.

3. How long do we store Your personal data?

 a. Data retention period:

Personal data is stored for three years from the date the report is received or until the conclusion of any proceedings initiated after the report, including potential court proceedings, until the case is finally resolved.

b. Deletion of irrelevant data::

Data that is irrelevant to the review of the report is not collected, and if inadvertently collected, it is deleted within 14 days of determining its irrelevance.

IV. Other participants in the proceedings (Speak Up Platform)

This section of the Privacy Policy pertains to the personal data of other participants involved in the proceedings related to a report submitted via the Speak Up platform.

1. For what purpose and on what legal basis do we process Your personal data?

 a. Handling reports of legal violations

Your personal data is processed for the purpose of considering the report of a legal violation and taking appropriate follow-up actions, in accordance with the provisions of the Whistleblower Protection Act. Legal basis: Article 6(1)(c) of the GDPR in conjunction with Article 8(4) of the Whistleblower Protection Act of June 14, 2024.

b. Processing special categories of data

If the report contains special categories of data (e.g., related to health, sexual orientation), we process it due to an important public interest, regulated by the Whistleblower Protection Act. Legal basis: Article 9(2)(g) of the GDPR.

c. Data regarding criminal convictions

If it is necessary to process information about criminal convictions, this is done according to specific legal provisions under applicable law.

d. Assertion and defense of claims

Data may be processed to protect our legitimate interests related to establishing, asserting, or defending claims, based on Article 6(1)(f) of the GDPR.

2. Obligation to provide data

Providing personal data is necessary to fulfill legal obligations arising from applicable law.

3. How long do we store Your personal data?

Your personal data will be processed for 3 years from the date the report is received or until the conclusion of any proceedings initiated following the report, including possible court proceedings, until the case is finally resolved.

V. Communication and Promotion on the Website and Social Media

This section pertains to the processing of personal data by Compass for communication and promotion of the company's activities, including self-promotion on social media and the website https://www.compass-group.pl/.

1. For what purpose and on what legal basis do we process Your personal data?

 a. Managing the Facebook fan page and user communication

We process your personal data to manage our Facebook fan page and respond to comments, reactions, and private messages, based on Article 6(1)(f) of the GDPR (Compass’s legitimate interest in fan page management and communication).

b. Statistical data analysis

We process your data to analyze statistical data and more effectively target content to our audience, based on Article 6(1)(f) of the GDPR (our legitimate interest in optimizing marketing efforts).

c. Correspondence and responding to messages

We process your personal data to manage correspondence and respond to your messages, based on Article 6(1)(f) of the GDPR (Compass’s legitimate interest in conducting correspondence).

d. Marketing of Compass products

If a relevant and appropriate relationship exists between you and Compass, we process your data for marketing offers based on Article 6(1)(f) of the GDPR (Compass’s legitimate interest). If such a relationship does not exist, direct marketing of our products and services is conducted only with your consent, based on Article 6(1)(a) of the GDPR, which you can withdraw at any time.

2. How long do we store Your personal data?

We process your data no longer than necessary to achieve the specified purposes. Personal data processed in connection with information exchange or correspondence will be retained for the duration of such communication. In the case of potential claims, the data will be processed for as long as necessary to establish, assert, or defend claims in accordance with legal requirements.

5. Recipients od Your data

  • Your data may be shared with relevant state authorities as required by law.
  • Compass may transfer your personal data to other recipients processing data on its behalf, ensuring an appropriate level of data security.
  • Generally, we transfer your data to entities within the European Economic Area (EEA), subject to EU data protection regulations or equivalent security standards. However, your data may be transferred to third countries and international organizations if these entities provide adequate data protection through mechanisms such as European Commission adequacy decisions or Standard Contractual Clauses.
  • Social Media: For data processed on Facebook, the data controller is also Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("FB"). The collaboration between Compass and FB follows the platform's Terms of Service.

6. What Are Your Rights?

According to applicable data protection laws, you have the right to:

  1. obtain access to your personal data and receive a copy of the processed data;
  2. correct inaccurate personal data, including completing incomplete data;
  3. request the deletion of your personal data when circumstances specified in Article 17 of the GDPR apply;
  4. request restriction of data processing in cases specified in Article 18 of the GDPR;
  5. object to the processing of your personal data in cases specified in Article 21 of the GDPR;
  6. if your personal data is processed automatically based on your consent or a contract, you have the right to request that your data be transferred to you or another entity;
  7. withdraw your consent at any time. Withdrawal of consent does not affect the legality of data processing carried out before the withdrawal.

If you believe that your personal data is being processed unlawfully, you have the right to file a complaint with the supervisory authority in Poland: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.

7. Where Do We Obtain Your Data?

  • We collect your personal data directly from you when you send a request for contact or information, enter into an agreement, participate in events, or establish other personal, telephone, or digital contact with Compass.
  • The personal data of individuals representing and designated for contact by potential, current, or former contractors come directly from the contractors.
  • It is also possible to collect and update personal data using the websites of contractors, public and private registers, and public institutions. The collection of personal data from such sources is done in compliance with applicable data protection regulations.
  • Speak Up: If the data was not collected directly from the individual to whom it pertains, it may have been provided by someone assisting in making the report.
  • Speak Up: We inform other participants in the proceedings related to a report made via the Speak Up platform that the source of their personal data cannot be disclosed under the provisions of the Whistleblower Protection Act, unless the reporting person consents to the disclosure of their data.

 8. Data security

Compass is responsible for processing your personal data and has therefore implemented the necessary technical and organizational measures to ensure its security and confidentiality. Furthermore, we only cooperate with processors who are able to provide sufficient guarantees regarding the technical and organizational security measures.

9. Changes to Privacy Policy

Compass reserves the right to make changes to this Privacy Policy. The latest version of the Privacy Policy is always available on our website.

Find out more
Stories from our people