Hays Poland
Candidate Privacy Notice

Effective from 1 July 2026.

If you are on this page because you wish to access your marketing preferences click here.

Introduction

This Candidate Privacy Notice explains how Hays collects, uses, shares, and protects your personal data when you engage with us or are contacted by us in connection with work related opportunities.  

Who is this notice for

This Candidate Privacy Notice applies to you if you engage with Hays as a candidate for permanent or temporary employment, or as a freelancer/contractor. It also applies if your profile or application has been introduced to Hays by another recruitment supplier, agency, or similar intermediary.

If you are seeking employment with Hays internally, you should refer to our Internal Recruitment Privacy Notice.

Who we are

We are Hays Group (“we”, “us”). We are the data controller, which means we decide how and why your personal data is used during recruitment. Depending on your country and the type of opportunities you are pursuing, different Hays entities may be responsible for the processing of your personal data. We provide a full list of the Hays data controllers which apply to you while reading this Candidate Privacy Notice in Appendix 1 below.

1. What personal data we collect
2. Where we obtain personal data from
3. How we use your personal data
4. What the candidate database is and how we use it
5. How long we retain your personal data
6. Who we share your personal data with
7. Where we transfer personal data
8. What your rights are
9. How to exercise your rights and contact us
10. How we use automated decision-making and artificial intelligence
11. How we protect your personal data
12. Updates to this policy
13. Appendix 1

 

1. What personal data we collect

We only collect personal data that is necessary to engage with you in connection with work-related opportunies, including the assessment of your profile, and, where applicable, the initaition, administration, and performance of any resulting contracutal relationship. Certain personal data (such as your CV and contact details) is required to assess your suitability and progress your application. If you do not provide this information, we may be unable to consider you for roles or continue the recruitment process.

Personal data you provide directly

  • Name and contact details
  • CV/resumé, work history, qualifications, education
  • Skills, certifications, professional memberships
  • Current and expected renumeration and benefits, or pay rate
  • Cover letters, questionnaires, assessment responses
  • Interview notes, meeting and call transcriptions, or recordings (if applicable)
  • Bank account information
  • Other information you may choose to share with us, such as photograph, date of birth, nationality, next-of-kin                                          

Sensitive or special category data (collected only when lawful and appropriate)

  • Health or disability information (used to provide adjustments)
  • Diversity information [e.g., ethnicity, gender, sexual orientation, religious affiliation, etc.] (only where permitted by law and subject to your explicit consent)
  • Vaccination or health‑screening data (only for roles requiring it)
  • Criminal background checks (only where permitted by law and for roles requiring it)

Personal data we collect indirectly from other sources

  • References and employment verification
  • Background screening (including right to work, education/qualification verification) from providers we contract with (where legal and appropriate)
  • Interview or role-specific feedback from our clients
  • Your published professional profile (e.g., LinkedIn)
  • CV/resumé or employment details provided to us by another recruitment agency, managed service provider, or recruitment outscourcer

Personal data we collect automatically

  • IP address and device identifiers
  • Log data (dates/times you access our platform)
  • Cookie or tracking data if you browse our website, apps, use our online recruitment systems or interact with our marketing emails
  • Behavioural insights (e.g., jobs viewed, interaction history)

Please note the above list of categories of personal data is not exhaustive and is subject to change depending on legal obligations, our legitimate interest, or through your explicit consent.

 

2. Where we obtain personal data from

In many cases, we collect your personal data directly from you, for example when you submit your CV, apply for a role, communicate with us, or otherwise engage with our (recruitment) services.

However, in some circumstances we may also receive personal data about you from other sources, including:

  • Recruitment suppliers, agencies or other intermediaries who introduce your profile to us in connection with potential work opportunities
  • Your current or former employer, referees, or professional contacts, where you have asked them to share your details with us or where this is appropriate in the recruitment context
  • Publicly available sources, such as professional networking platforms, job boards, talent pools, company websites or other online sources, where your personal data is made publicly accessible for professional or recruitment purposes
  • Third-party service providers we work with in the recruitment process, for example providers of skills assessments, background checks (where permitted by law), or similar services

Where we obtain your personal data from third parties or publicly available sources, we do so only where this is permitted by applicable data protection laws and where we have a lawful basis to process your data. We will use such personal data in accordance with this Candidate Privacy Notice and for the purposes described in it.

 

3. How we use your personal data

The legal bases we rely on for our recruitment related activities may differ depending on the country you are located in. While we generally process personal data on the basis of contractual necessity, legal obligation, or our legitimate interests where permitted by applicable law, we may rely on your consent for certain processing activities or in jurisdictions where consent is the primary lawful basis for processing. Where we rely on your consent, you may withdraw it at any time in accordance with applicable law. Further information on country‑specific requirements is set out in Appendix 1.

Where we rely on our legitimate interests to process your personal data, these interests are primarily connected to operating an effective, high‑quality and responsible recruitment business. In particular, our legitimate interests include:

  • identifying and matching suitably qualified candidates with relevant job opportunities;
  • maintaining an up‑to‑date candidate database to enable timely and efficient recruitment activities;
  • improving the quality, accuracy and efficiency of our recruitment technology, services and processes;
  • meeting the expectations of our clients by presenting suitable candidates for roles they are seeking to fill;
  • preventing fraud, misuse of our services and ensuring the security of our systems; and
  • establishing, exercising or defending legal claims.

We carefully consider the impact of such processing on your rights and freedoms and apply appropriate safeguards.

 

Purposes & Legal Bases

 

You have the right to object at any time to personal data processing where we have explained that we rely on Legitimate Interest. Please see the “How to exercise your rights and contact us” section. 

We do NOT sell your personal data to third parties.

This includes for California Consumer Privacy Act/California Privacy Rights Act purposes.

 

4. What is the candidate pool and how do we use it

If your details are held in our database, they form part of our “Candidate Pool”. This allows us to store and update your information, track your progress through recruitment processes, and consider you for current and future job opportunities. Our consultants regularly search the Candidate Pool to identify potential matches. If we find a role that may be suitable, we will contact you to check whether you are interested. If you are, we will continue the recruitment process with you; if not, your details will remain in the Candidate Pool so that we can consider you for other opportunities and continue offering you recruitment‑related support (such as training opportunities, salary guides, or guidance on CVs and interviews).

If you object we will record and respect your objection and, where needed, work with you to understand which processing you no longer want us to carry out.

 

5. How long we retain your personal data for

We follow Hays’ Group Data Retention Policy. Your personal data will be retained only for as long as required to meet legal obligations, where we have an ongoing relationship with you, or where we have a legitimate business interest.

Examples of legitimate interests include:

  • Keeping records of recruitment decisions
  • Considering you for future roles
  • Fulfilling audit or compliance requirements

When personal data is no longer needed, it is securely deleted or anonymised. We provide more information on the retention duration which applies to you in Appendix 1 below.

 

6. Who we share your personal data with

We may share your personal data with:


We require all third parties to protect your data, use it only as instructed, and ensure that appropriate safeguards are in place.

 

7. Where we transfer your personal data

As we are a multi-national organisation, your data may be accessed or stored in countries outside your home country.

Whenever we transfer personal data internationally, we use one or more of the following:

  • Adequacy decisions (countries officially recognised as having strong data protection laws)
  • Standard Contractual Clauses (SCCs) or similar safeguards
  • Other legally approved mechanisms

Where necessary, we complete Data Transfer Impact Assessments to assess the risk of transferring your personal data, and to ensure that we have acceptable safeguards in place.

You may request more information about these safeguards.

 

8. What are your rights

Depending on your location, you may have the following rights:

  • Access your personal data
  • Request correction of inaccurate personal data
  • Request deletion (with lawful exceptions)
  • Restrict certain processing
  • Object to processing based on legitimate interests
  • Data portability
  • Withdraw consent at any time (where processing is based on consent)
  • Right to not be subject to an Automated Decision
  • Right to complain to our Data Protection Team regarding our processing of your personal data
  • Right to complain to your local data protection regulator

 

9. How to exercise your rights and contact us

If you wish to exercise any of your rights, or if you have questions or concerns about how your personal data is used, you can contact the relevant Hays entity responsible for processing your personal data. As responsibility may vary depending on your country and the nature of your engagement with us, the appropriate contact details may differ.

We provide a full list of the relevant Hays entities and their contact details, including data protection contact points, in Appendix 1 below.

You may also contact your local data protection regulator/authority if you are not satisfied with our response.

 

10. How we use automated decision-making and AI

We are constantly exploring ways in which we can improve our service, and enable our colleagues to help you find the best match for your skills and experience. We use automated tools to support screening or matching, but hiring decisions are never made solely by automated means. Human review is always included. Our use of AI is focussed on connecting the best individuals to the best opportunities, and taking some of the administrative burden off our colleagues so they can spend more time connecting and understanding you and your needs. We will never use AI to fully automate the hiring process, and we will be transparent in our use of AI throughout our hiring processes.

 

11. How we protect your personal data

We are constantly improving our organisational and technical security measures to keep your data secure, including regular training for our colleagues, role based access controls, cyber threat detection, data encryption, secure data storage, and regular auditing.

 

12. Updates to this policy

We may update this policy to reflect changes in our practices or legal requirements. The latest version will always be available on our website and includes an “Effective Date”. Significant changes will be communicated when required.

 

13. Appendix 1

 

.

Related information

View all privacy information.