Legal, document 02

Privacy Policy.

Effective date: to be set upon publication · Version: draft for review

This Privacy Policy explains how STAFFLAB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ("Stafflab", "we", "us") collects, uses and protects personal data when you visit our website or contact us. We process personal data in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR").

1. Data controller

Controller
STAFFLAB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
KRS
0001050605
NIP
9731095066
REGON
525994362
Address
ul. Rybitwy 22/318, 30-722 Kraków, Poland
Email (privacy)
info@stafflab.se

2. Scope

This policy applies to personal data processed via the website stafflab.se and any of its language versions (SE/EN/PL), including contact forms, email correspondence, and the hosting-provider logs generated when you visit the site.

3. What we collect

We only collect data that is necessary for the purposes listed below. We do not collect special categories of data (health, religion, political opinions, etc.) through this website.

  • Contact form submissions: first name, last name, work email, company name, role requested, urgency, free-text request.
  • Email correspondence: contact details and content of messages you send to our email addresses.
  • Server and form logs: our hosting provider (Netlify) records IP address, user agent, timestamp and URL of each request for security, anti-abuse and debugging purposes. Form submissions are stored in Netlify's dashboard.
  • Anonymous analytics: we use Plausible Analytics, which does not set cookies and does not collect personal data or IP addresses. Only aggregated statistics (page views, referrers, country) are stored.
  • Browser storage: one cookie-consent record and one UI-preferences record stored locally in your browser. These never leave your device.

4. Why we process it

  • To reply to your enquiry and propose matching candidates.
  • To create and administer the staffing contract, if one is agreed.
  • To comply with Polish and Swedish tax, employment and anti-money-laundering obligations.
  • To operate, secure and improve the website.
  • To produce anonymous usage statistics.

5. Legal basis

  • Contract or pre-contractual steps (GDPR Art. 6(1)(b)): responding to enquiries, preparing offers, delivering staffing services.
  • Legal obligation (Art. 6(1)(c)): tax, accounting and employment law retention.
  • Legitimate interest (Art. 6(1)(f)): securing the website, preventing abuse, improving our services. You may object at any time (see §9).
  • Consent (Art. 6(1)(a)): where required, e.g. non-essential cookies if ever added.

6. Recipients and processors

We do not sell personal data. We share it only with service providers acting as data processors on our instructions, or with authorities where legally required.

ProcessorPurposeLocation
Netlify, Inc.Website hosting, form submission storage, CDN logsUSA / EU
Plausible Insights OÜAnonymous website statisticsEU (Germany)
Google LLCWeb font delivery (Google Fonts)USA / EU
Stafflab payroll and accounting softwareContract administration after engagementEU

A list of sub-processors is available on request.

7. International transfers

Where a processor is located outside the European Economic Area (e.g. Netlify, Google), the transfer is covered by the European Commission's Standard Contractual Clauses (SCC) and supplementary technical measures. You may request a copy of the relevant safeguard by contacting us.

8. Retention periods

  • Unsuccessful enquiries: up to 12 months from last contact, then deleted.
  • Active client records: duration of the business relationship.
  • Accounting records: 5 years after the end of the tax year, as required by Polish and Swedish tax law.
  • Server logs: up to 30 days.
  • Plausible aggregates: indefinite (no personal data involved).

9. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request erasure, where legal retention obligations do not apply;
  • request restriction of processing;
  • data portability;
  • object to processing based on legitimate interest;
  • withdraw consent at any time where processing is based on consent;
  • lodge a complaint with a supervisory authority, in Poland, the President of the Personal Data Protection Office (UODO, uodo.gov.pl); in Sweden, the Swedish Authority for Privacy Protection (IMY, imy.se).

To exercise any of these rights, email info@stafflab.se. We respond within one month.

10. Cookies

The website uses only strictly necessary browser storage and does not set tracking or advertising cookies. Full details are available in our Cookies Policy.

11. Security

We apply reasonable technical and organisational measures to protect personal data, including TLS encryption in transit, access controls, audit logs and regular security reviews of our processors.

12. Changes

We may update this Privacy Policy from time to time. The latest version is always published on this page, with the effective date indicated above. Material changes will be announced at least 30 days in advance where feasible.

13. Contact

Questions or requests regarding personal data should be sent to:

STAFFLAB Sp. z o.o.
ul. Rybitwy 22/318
30-722 Kraków, Poland
Email
info@stafflab.se