Privacy Policy

Last updated: 1 November 2025

This Privacy Policy explains how Diaspora Sp. z o.o. (“Diaspora”, “we”, “our”, “us”) collects, uses, stores and shares personal data when you use the website diasporaeurope.com (“Site”) or interact with our services. It also explains your rights under the EU General Data Protection Regulation (GDPR) and the Polish Act on the Protection of Personal Data (commonly referred to as “RODO”).

1. Data controller

We are the controller of your personal data within the meaning of the GDPR and RODO. Contact details:

• Diaspora Sp. z o.o.

• Address: Grzybowska 2/31, 00-131 Warsaw. Poland

• Email: [email protected]

If you have questions about how we process your data, you can contact us at the above address or by email.

2. Categories of personal data we collect

We may collect the following categories of personal data directly from you or automatically when you use the Site:

• Identification and contact details – such as your name, email address, telephone number and postal address.

• Demographic information – such as your age or gender when provided voluntarily.

• Professional information – such as CV details, education and qualifications when you submit a job application.

• Usage and technical data – such as IP address, device identifiers, browser type, approximate location and information about how you interact with the Site.

3. Legal bases and purposes of processing

We only process personal data when we have a lawful basis under Article 6 of the GDPR. Depending on the context, we rely on the following bases:

• Performance of a contract – to provide our services, respond to enquiries, process orders and payments, and manage user accounts.

• Consent – for sending newsletters and marketing communications. When required by law, we ask for your consent. You can withdraw consent at any time.

• Legitimate interests – to improve our Site, prevent fraud, maintain security and ensure business continuity. We balance these interests against your rights and freedoms.

• Compliance with legal obligations – to comply with applicable laws and regulatory requirements (accounting, employment, tax and record‑keeping). Under the EU’s May 2025 simplification proposal, organisations with fewer than 750 employees must maintain records of processing activities only when processing poses a high risk to individuals’ rights . We nevertheless maintain appropriate internal records to meet our obligations.

We use personal data for the following purposes:

• To operate and maintain the Site, provide our services and fulfil contractual obligations.

• To personalise your experience, monitor usage and analyse trends.

• To communicate with you about updates, offers, news and events (where you have opted in).

• To process job applications and recruit new employees.

• To ensure the security of our Site and users, detect and prevent abuse or fraud.

• To meet our legal and regulatory obligations.

4. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described above and to comply with legal, accounting and reporting requirements. We regularly review our retention periods to ensure we are not keeping data longer than needed.

5. Data sharing and recipients

We do not sell or rent your personal data. We may share data with:

• Service providers who perform services on our behalf (e.g., IT hosting, analytics, payment processing). These providers are contractually obligated to safeguard your data and process it only as instructed.

• Professional advisers and authorities when required to comply with legal obligations, enforce our terms or protect rights, property or safety.

• Corporate transactions – if we enter into a merger, acquisition or asset sale, we may transfer your data to the new owner subject to this policy.

• Aggregated or de‑identified information that does not identify you may be shared publicly or with partners for research or statistical purposes.

6. International data transfers

If personal data is transferred outside the European Economic Area, we ensure appropriate safeguards in accordance with the GDPR, such as European Commission adequacy decisions or standard contractual clauses, to protect your data and ensure an equivalent level of protection.

7. Cookies and tracking technologies

We use cookies and similar technologies to provide and improve our services, analyse how the Site is used, personalise content and deliver marketing tailored to your interests. You can manage your cookie preferences via our cookie banner or your browser settings. Essential cookies necessary for the Site to function cannot be disabled. For more details, please see our Cookie Policy.

8. Data subject rights

Under the GDPR and RODO, you have the following rights with respect to your personal data :

1. Right to be informed – you have the right to know what data we collect, how long we keep it, how we use it and whether we share it with any third parties .

2. Right of access – you can request a copy of your personal data .

3. Right to rectification – you can ask us to correct inaccurate or incomplete data .

4. Right to erasure (“right to be forgotten”) – in certain circumstances you can request deletion of your data .

5. Right to restrict processing – you can ask us to limit processing of your data in certain situations .

6. Right to data portability – you can request that we transfer your data in a machine‑readable format to you or another controller .

7. Right to object – you can object to our processing of your data on grounds relating to your particular situation. This includes an absolute right to object to direct marketing .

8. Rights relating to automated decision‑making and profiling – you have the right not to be subject to a decision based solely on automated processing that has legal or similar effects.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month, and we may ask for proof of identity to verify your request. You also have the right to lodge a complaint with a supervisory authority.

9. Complaint to the supervisory authority

If you believe that the processing of your personal data infringes the GDPR or RODO, you have the right to lodge a complaint with the relevant data protection authority. In Poland, the supervisory authority is the Personal Data Protection Office (Urząd Ochrony Danych Osobowych) located at ul. Stanisława Moniuszki 1A, 00‑014 Warsaw . You can email [email protected] or call +48 22 531 03 00 . A list of other EU supervisory authorities is available via the European Data Protection Board.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or alteration. These measures include physical security, access controls, encryption, pseudonymisation, staff training and incident response procedures. We regularly review and update our security practices to maintain compliance with the GDPR and RODO.

11. Children’s privacy

Our Site and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected the personal data of a child without parental consent, we will delete that data promptly.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will revise the “last updated” date at the top of the policy. Significant changes will be communicated via the Site or by email if appropriate. We encourage you to review this policy regularly.

13. Contact us

For any questions, concerns or requests regarding this Privacy Policy or your personal data, please contact us at [email protected] or by mail at our registered address. We will be happy to assist you.