To guarantee the highest quality of our services and maximum security of the data transferred to the System during the conversation with the Bot (if you are a Candidate) or entered directly (if you are a Recruiter), we shall make every effort to ensure that your data is properly protected.
Therefore, we only collect information that is necessary for us to support the recruitment processes conducted by Employers and to improve our services. This is done only with your consent. We use the information we collect only in connection with the services we provide. We do not share any of such information with third parties without your knowledge and consent.
- Data Controller – EMPLOCITY Sp. z o.o. seated in Warsaw (00-695) at Nowogrodzka 51 Street, 3rd floor;
- Bot – functionality of the System provided by the Data Controller, based on Messenger and Facebook Chat platforms, implemented on the website of the Data Controller, Employer, or another website, by means of which the Candidate, during an interactive conversation with a smart computer program, creates or supplements a Profile;
- Candidate – a natural person expressing an interest in establishing an employment relationship or cooperation with the Employer;
- Employer – an entity to which the Data Controller provides the access service to the recruitment support system;
- Recruiter – a person using the System to conduct recruitment processes on behalf and for the benefit of the Employer;
- Profile – the System’s functionality, which includes the personal information the Candidate provided during his or her interview with the Bot, allowing the Candidate to provide selected information, including career history, education history and other skills to Employers;
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- System – a website created by the Data Controller which includes the Bot that conducts automatic conversations with Candidates to match them with specific recruitment processes conducted by Employers.
II. Contact with the Data Controller
EMPLOCITY Sp. z o.o. with its registered office in Warsaw (00-695) at Nowogrodzka 51 Street, 3rd floor, is the controller of your personal data in connection with your use of the System.
If you have any questions concerning the operation of the Bot, the System, the control of your personal data by the Data Controller, or the rights you are entitled to, please contact us via email at: email@example.com.
III. Processing and use of personal data.If you are a Candidate, your personal data is processed for the following purpose:
to conduct recruitment processes:
On the basis of the personal data received from you during the interview with the Bot, the System will create a Profile which will then be pre-matched to the recruitment processes conducted by the Employers. In order to create your Profile, we collect the following personal data: name, surname, address, education and employment history, as well as other data that you provide during the interview with the Bot (including your photo).
Legal basis-> necessity for the performance of a contract for the provision of services to the Candidate (Article 6(1)(b) of the GDPR)
to conduct recruitment processes:
After a contract is concluded between the Data Controller and the Employer for the provision of access services to the system supporting recruitment processes, the Data Controller will provide the Recruiters indicated by the Employer with access to the System. In order to use the System as a Recruiter, you will have to log in to the System on your own. After logging in, you will be able to provide the following data: name and surname, email address, telephone and photo. This data will be included in the invitation you will send to selected Candidates.
Legal basis-> the consent of the data subject (Article 6(1)(a) of the GDPR)
to pursue claims:
In order to establish, exercise or enforce any claims arising from the way you use the services, the Data Controller may process certain personal data provided by you, such as your name, surname, date of birth, and other data concerning the use of our services, if necessary to prove the existence of a claim, including the extent of the damage suffered.
Legal basis-> the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR), consisting in the establishment, exercise or defense of legal claims in proceedings before courts or other government authorities.
to exercise of the rights vested in the data subject:
To enable you to use the rights resulting from the GDPR, in particular concerning the possibility to lodge complaints, enquiries and applications, the Data Controller shall have the right to process some of your personal data for this purpose.
Legal basis-> the legitimate interests pursued by Emplocity.pl (Article 6(1)(f) of the GDPR), consisting in enabling the data subjects the exercise their rights under the GDPR
marketing of services offered by the Data Controller
To enable you to get acquainted with the services we offer, we process your name, the name of the company which employs you, your email address and telephone number. On the basis of your additional consent, the Data Controller shall have the right to send you emails to the email address you provided and, possibly, to contact you by phone, in order to present their services.
Legal basis-> the consent of the data subject (Article 6(1)(a) of the GDPR). If such consent is given, the legal basis for personal data processing will also be Article 10(2) of the Act of 18 July 2002 on the provision of services by electronic means and Article 172 of the Act of 16 July 2004 – Telecommunications Law.
IV. Transmission of the Candidate’s data to the Employer
If you are a Candidate, the System checks whether your Profile matches the job offers posted by the Employer. If so, the Employer will receive notifications in the System about finding the Candidate and will be able to get acquainted with your Profile, which at this stage does not contain any personal data. The Employer may invite you to connect, in which case the Bot will provide you with information about the Employer who wants to meet you. If you agree to provide your personal data to the Employer, the Employer will receive full access to all information contained in the Profile, including your contact details. At this point, the Data Controller’s involvement ends and the recruitment process is conducted by the Employer potentially interested to hire you.
The Data Controller reserves that they do not guarantee that the Candidate will be matched to any job offer. At the same time, the Candidate waives to the maximum extent permitted by law any claims against the Data Controller arising or likely to arise from an unsuccessful recruitment process.
V. The need to provide data while using the System’s services?
Providing data is voluntary, but necessary for the provision of services rendered by the Data Controller. If you do not provide data, it will not be possible to match your Profile to the job offers published by Employers (if you are a Candidate) or it will not be possible for you to conduct the recruitment process on behalf and for the benefit of the Employer (if you are a Recruiter).
VI. Matching Profiles to job postings
The Data Controller shall make efforts to match the Candidates’ Profiles to the job offers in the best possible way (profiling).
Data profiling concerns you if you are a Candidate.
The Data Controller processes the personal data you provided during the conversation with the Bot. They are used to automatically create a professional profile, in line with your education, work experience, skills, and preferences. A Profile created in this way is then matched by the Data Controller to the requirements indicated by the Employers in the job offers they post.
The Data Controller does not use information about the Candidates that is not related to their professional development and planned career plans.
Cookies are text files that are stored on the device which you use to access the System (e.g. computer or smartphone). Cookies are designed to store information about how you use the System. They contain the name of the website, their unique number and the time of storing information on the device through which you have accessed the System.
The Data Controller is the entity placing cookies on the device from which you have logged in the System, and having access to them.
The Data Controller uses these files (cookies) for the following purposes:
- To adjust the content of the website to your individual preferences;
- To prepare statistics to help learn about the preferences and behaviors of the users of the System. Analyzing these statistics is anonymous and allows to adjust the content and appearance of the System to current trends. These statistics are also used to assess how popular is the System;
- To collect statistics and improve the functioning of the System. Anonymized statistical data are passed on to certain Data Controller’s clients in order to assess the effectiveness of their recruitment activities.
The website uses two basic types of cookies – session and persistent. Session cookies are temporary files, they are stored until the moment of leaving the System (by entering another page, logging out or turning off the browser). Persistent cookies are stored in the device through which you have accessed the System, until they are independently deleted or until they are deleted due to the lapse of time resulting from browser settings.
You can change your browser settings at any time to disable cookies or to obtain information about their placement on your device. You can check your browser settings for other available options. Please note that most browsers by default are set to accept the storage of cookies in the device from which you access the System.
The Data Controller informs that changes to the settings in your web browser may restrict access to some of the System’s functions.
Information about the settings of web browsers is available in their menu (Help) or on the website of their manufacturer.
VIII. Transmission of personal data
The Data Controller cooperates with entities that process the personal data of Candidates only on instructions from the Data Controller. This concerns, among other things, cloud computing services, mailings, and support for the System’s services (e.g. automatic creation of Candidates’ Profiles). All entities to which the Data Controller has entrusted the processing of data have their registered offices in the European Economic Area (EEA).
Authorized state authorities
The Data Controller has the right to make the personal data of the Candidates available on the recommendation of authorized state authorities, e.g. the Public Prosecutor’s Office, the Police, the President of the Office of Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
IX. Duration of data retention
The Candidate’s personal data is stored for the duration of his/her use of the System, for the purpose of providing services to the Candidate. When the Candidate’s use of the System ends, the Candidate’s Profile, along with most of his/her personal data, will be deleted, except for the following data: name and surname, email address, information about the recruitment processes to which the Candidate has been recommended and invited, and information about the consents given. The above data will be kept by the Data Controller for the period of 3 years from the date of deletion of the Profile, for the purpose of examining possible complaints and claims related to the use of the System.
We store the personal data of the Recruiters for the duration of the contract concluded between the Data Controller and the Employer, on the basis of which Recruiters obtain access to the System. After the termination of the contract with the given Employer or after the submission by the Recruiter of an application for removal of his/her data, most of the personal data of the Recruiter will be deleted, except for the following data: name and surname, email address, information about the recruitment processes conducted by the Recruiter and information about given consents. The above data will be stored by the Data Controller for a period of 3 years from the date of deletion of the Recruiter’s data for the purpose of examining possible complaints and claims related to the use of the System.
Personal data processed in connection with the Data Controller’s marketing activities will be processed during the time they are conducted or until the user objects to further processing of his/her personal data for marketing purposes, or revokes the consent to receive marketing information to the email address or telephone contact.
X. The rights of all users in relation to the processing of their personal data
Below are the rights of the Candidate, the Recruiter and users who have given their marketing consent with regard to the processing of their personal data by the Data Controller. In order to exercise any of the following rights, we encourage you to contact us by sending us an email to the following address: firstname.lastname@example.org
Withdrawal of consent (Article 7(3) of the GDPR)
Candidates and Recruiters have the right to revoke any consent given by the Candidate and the Recruiter at the time they start using the System or initiate a conversation with the Candidate. Withdrawal of this consent shall be effective from the time of withdrawal. At the same time, the withdrawal of a given consent by a Candidate or Recruiter does not affect the compatibility of the processing performed by the Data Controller before the withdrawal.
The user who has given his/her marketing consent may withdraw it at any time. The withdrawal of consent does not affect the lawfulness of the processing prior to the withdrawal of consent.
Withdrawal of consent shall not result in negative consequences for the person who withdrew consent. However, it may prevent further use of the System, which is possible only on the basis of prior consent (e.g. disclosure of the Employer’s Profile).
The right to object (Article 21 of the GDPR)
Candidates and Recruiters have the right at any time to object to the use of their personal data, including profiling, if the data are processed based on the legitimate interests of the Data Controller.
The user who has given his/her marketing consent may at any time object to further processing of personal data for marketing purposes.
As the Candidate’s resignation from receiving notifications of matched job offers in the form of notifications by the Bot, the Data Controller shall consider an objection by the Candidate to the processing of personal data, including profiling, for the purpose of matching profiles to job offers.
If a Candidate or Recruiter’s objection proves to be justified and the Data Controller has no other legal basis for the processing of the Candidate or Recruiter’s personal data, the personal data, the use of which has been objected to, will be deleted.
The right to erasure (Article 17 of the GDPR)
Every user has the right to request the deletion of all or some of his/her personal data. If a Candidate or Recruiter sends a request to remove all personal data, the Data Controller will treat such a request as a request to remove the automatically created Profile – in the case of a Candidate – or as a request to prevent access to the System – in the case of a Recruiter.
Every user has the right to request the deletion of data if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent insofar as his/her personal data were processed based on that consent;
- the data subject objected to the use of his/her personal data and the objection was found to be justified;
- the personal data have been unlawfully processed.
The Data Controller shall have the right to retain certain personal data in the scope necessary for the purposes of establishing, investigating or defending claims, despite the request to delete personal data, in connection with raising an objection or withdrawing consent. This applies in particular to the following personal data: name, surname, email address, information about recruitment processes to which the Candidate has been recommended and invited, information about the recruitment processes conducted by the Recruiter and information about the consents given, which we retain for the purpose of handling complaints and claims related to the use of the System.
Right to restriction of processing (Article 18 of the GDPR)
Every user has the right to request that the processing of his/her personal data be restricted. After receiving such a notification, the Data Controller shall prevent the use of the System to the extent that it requires the use of personal data covered by the request or will take action to limit its marketing activities.
Each user shall have the right to request that the processing of his/her personal data be restricted in the following cases:
- where the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data; but not longer than 14 days;
- where the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- where the personal data provided by the user are no longer needed for the purposes of the processing, but they are required by the user for the establishment, exercise or defense of legal claims;
- where the Candidate or Recruiter have objected to processing of their personal data –the restriction shall be then for the time needed for the verification whether the legitimate grounds of the Data Controller override those of the Candidate or Recruiter.
Right of access by the data subject (Article 15 of the GDPR)
Each user has the right to obtain from the Data Controller a confirmation as to whether or not personal data concerning him or her are being processed within the System. In the case of personal data being processed by the Data Controller, the user has the right to:
- access his/her personal data;
- obtain information about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of the data, the intended retention period or the criteria for determining that period, the right to request the rectification, erasure or restriction of the processing of personal data, the right to lodge a complaint with the supervisory authority, the source of the data, automated decision-making, including profiling, and the safeguards applicable in relation to the transfer of the data outside the European Economic Area;
- obtain a copy of his/her personal data.
Right to rectification (Article 16 of the GDPR)
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him/her. At any moment, the data subject also has the right to have the incomplete personal data completed.
Right to data portability (Article 20 of the GDPR)
Each user has the right to receive his/her personal data provided to the Data Controller, as well as to send these personal data to another controller of personal data. Each user has also the right to request that his or her personal data be sent directly to another controller, if technically possible.
The Candidate’s personal data will be sent in the form of a text file in .json format, which is a commonly used format, machine-readable and allowing for the transfer of the received data to another personal data controller.
The deadline for satisfying a request
If you wish to use the above-mentioned rights, your request will be satisfied (or, in justified circumstances, the Data Controller will refuse to execute it) immediately, but no later than within 14 days from the receipt of the relevant request by the Data Controller. However, if – due to the complicated nature of the request or the number of requests – the Data Controller is unable to satisfy your request within 14 days, the request shall be satisfied within the next 14 days, informing you in advance about the extension of the deadline.
For technical reasons, the Data Controller may need up to 72 hours to update your data. This may result in the fact that during the time of the update you may still receive notifications, which you have requested to be discontinued.
XI. Complaints, enquiries and requests
Each user may submit complaints, enquiries and requests concerning the processing of their personal data and the exercise of their rights via email at: email@example.com.
If you believe that your right to the protection of personal data or other rights granted to you under the GDPR have been violated, you have the right to lodge a complaint with the President of the Office for the Protection of Personal Data.
XII. How does the Data Controller ensure personal data security?
In order to ensure the security of the personal data being processed, the Data Controller shall make every effort to ensure a sufficiently high level of personal data protection. For this purpose, the Data Controller uses encryption for all Internet connections with System users, as well as for connections with third-party websites, and uses cryptographically signed security tokens to ensure the security of the data entered. Moreover, the data being processed by the Data Controller are placed in secure server rooms protected in accordance with the highest standards, and the software used to protect them is constantly updated to eliminate any possible security gaps. Access to servers on which personal data are processed is limited to a strictly defined group of authorized employees.
XIII. Information on data processing in connection with the use of Facebook Messenger