Work Booster Europe Sp. z o.o. with registered office in Wrocław
(effective from February 26, 2026)
1. Data Controller
1. The controller of personal data is Work Booster Europe Sp. z o.o. with registered office in Wrocław, at ul. Ameriga
Vespucciego 13/51, 51-505 Wrocław, NIP 8952283334, REGON 540827419, KRS 0001153276.
2. Email address for data protection inquiries: contact@wbeurope.eu, phone +48 781 450 000
3. The Controller processes personal data in accordance with applicable law, in particular Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April 2016 (GDPR).
2. Data Protection Officer
1. The Controller has not appointed a Data Protection Officer.
2. All matters related to personal data protection should be directed to the Controller at the address indicated in section 1,
point 2.
3. Scope of Processed Data
The Controller may process the following categories of personal data:
1) Data provided directly by individuals:
– first and last name
– email address
– phone number
– data contained in CVs and application documents
– data regarding professional qualifications, education and experience
– other data voluntarily provided in correspondence
2) Technical data:
– IP address
– device and browser data
– website activity data
– information stored in cookies
4. Purposes and Legal Bases for Processing
Personal data is processed for the following purposes:
┌─────────────────────────────────────────────────────────────────────────────────────────────┬────────────────────────────┐
│ Purpose │ Legal Basis │
├─────────────────────────────────────────────────────────────────────────────────────────────┼────────────────────────────┤
│ Contact and handling inquiries – to respond to inquiries submitted via the contact form or │ Art. 6(1)(b) or (f) GDPR │
│ email │ │
├─────────────────────────────────────────────────────────────────────────────────────────────┼────────────────────────────┤
│ Recruitment processes – to conduct recruitment of candidates for temporary or permanent │ Art. 6(1)(b) GDPR; Art. │
│ employment │ 6(1)(a) GDPR │
├─────────────────────────────────────────────────────────────────────────────────────────────┼────────────────────────────┤
│ Performance of contracts with clients and employees – to execute civil law contracts, │ Art. 6(1)(b) and (c) GDPR │
│ employment contracts or cooperation agreements │ │
├─────────────────────────────────────────────────────────────────────────────────────────────┼────────────────────────────┤
│ Marketing of own services, including sending commercial information and newsletters │ Art. 6(1)(a) GDPR │
├─────────────────────────────────────────────────────────────────────────────────────────────┼────────────────────────────┤
│ Statistical analysis and website improvement, including the use of analytical tools │ Art. 6(1)(a) or (f) GDPR │
├─────────────────────────────────────────────────────────────────────────────────────────────┼────────────────────────────┤
│ Pursuing or defending against claims │ Art. 6(1)(f) GDPR │
└─────────────────────────────────────────────────────────────────────────────────────────────┴────────────────────────────┘
5. Data Recipients
1. Personal data may be transferred to the following categories of recipients:
– IT and hosting service providers
– recruitment system and CRM providers
– entities providing accounting and legal services
– clients of the Controller (user employers)
– entities providing marketing services (e.g. Google, Meta)
2. These entities process data based on data processing agreements or as separate controllers.
6. Transfer of Data Outside the EU / EEA
1. Personal data may be transferred to third countries, in particular the United States, in connection with the use of tools
such as Google Analytics, Google Ads or Meta Pixel.
2. Data transfer is carried out on the basis of:
– standard contractual clauses (SCC), or
– an adequacy decision (e.g. Data Privacy Framework)
7. Data Retention Period
Personal data is stored respectively:
– for the duration of the recruitment process and up to 12 months after its completion
– for the duration of the contract and after its termination for the period required by law
– until consent is withdrawn – in the case of data processed on the basis of consent
– for the limitation period of claims
8. Obligation or Voluntariness of Providing Data
1. Providing personal data is:
– mandatory if it results from legal provisions or is necessary for concluding a contract
– voluntary in other cases
2. Failure to provide data may result in the inability to achieve a given purpose (e.g. participation in recruitment).
9. Rights of Data Subjects
Every person has the right to:
– access their data
– rectify their data
– delete their data
– restrict processing
– data portability
– object to processing
– withdraw consent at any time
– lodge a complaint with the President of the Personal Data Protection Office (UODO)
10. Automated Decision-Making and Profiling
1. Personal data is not used for automated decision-making that would produce legal effects for individuals.
2. The Controller may use profiling for marketing purposes, solely based on the user’s consent.
11. Source of Data
Personal data may come from:
– directly from the data subjects
– recruitment portals
– business partners and clients of the Controller
12. Cookies
1. The website uses cookies for the following purposes:
– technical (necessary for the website to function)
– analytical
– marketing
2. Analytical and marketing cookies are used only after obtaining user consent.
13. Security Measures
The Controller applies appropriate technical and organizational measures, in particular:
– encrypted connections (SSL)
– server security
– access control procedures
– staff training
14. Changes to the Privacy Policy
The Controller reserves the right to amend this Privacy Policy. All versions of the Policy, including archived versions, are
available on the Controller’s website.