Personal data must be understood as any information concerning an identified or identifiable natural person (data subject).
Collection of your personal data. We collect your personal information in the following ways:
- You provide the Administrator with your personal data yourself;
- Your personal data is provided to the Administrator by the Client’s (of your company) representative or another User;
- Your personal data will be provided to the Administrator by a third party (for example, if a third-party payment service provider confirms whether your payment was successful or not);
- Content created on the Platform by you or your users contains personal information of third parties (such as your Candidates)
- Automatically, including as defined in the Administrator’s Cookies Policy. Such processing also includes the collection of data from potential client (trial or demo clients, potential clients, and their representatives) from public registers.
Personal data to be processed and legal basis for processing. We process your personal data mainly for concluding and fulfilling the Agreement with the Client. This includes providing the Service, providing customer support, and contacting you for other reasons related to the Platform and the Services. We process the following personal data for the above purposes:
- identification data (name, date of birth, picture);
- contact information (work address, work phone number, work e-mail address);
- data concerning the work (Client’s company, position in the Client’s company);
- communication data (e-mail, messages sent to the Administrator);
- Data related to the use of the Administrator’s Platform and Services;
- Personal data of Candidates of Clients of the Administrator, such as CVs, s and other personal data submitted to the Client for applying for a job, as well as personal data that Clients enter the Platform themselves as Content.
If you are a Client, the basis for the processing of your personal data is the performance of the Agreement or the application of measures at your request before concluding the Agreement. If you are a representative of the Client or a User, our legitimate interests are the legal basis for the processing of your personal data to enable use of the Platform and the Services, or the Client’s legitimate interests in using the Platform and the Services as requested by the Client.
If you are a potential client (trial or demo client, potential client or their representative), we process your personal data for the marketing and sales purposes of the Platform and the Services, and for your company to enter into an Agreement with the Administrator. In order to achieve the above, we may process the following personal data: name, work e-mail address, work telephone number, Client’s company, position in the Client’s company, communication data, data related to the use of the Platform and the Services. The legal basis for the processing of your personal data is our legitimate interests in the marketing of Platform and Services of the Administrator. Considering that this is a B2B platform or platform for businesses, and that we process data related to your business and/or work, we assume that your right to privacy does not take precedence over our legitimate interests.
In addition, the Administrator may process your personal data to protect the Administrator’s rights (to identify, file and protect legal claims). The legal basis of the latter is the administrator’s legitimate interest in acting in this way.
Processing on consent. We may also process your personal data with your consent (e.g. for direct marketing purposes). If the processing is based on consent, you can withdraw your consent at any time by contacting us at the contact details below or by clicking on the ‘unsubscribe’ link at the end of each email. Withdrawal of consent shall not affect the lawfulness of processing based on consent which took place before the withdrawal of consent.
Authorized data processors. We use carefully selected service providers (authorized data processors) to process your personal data. By doing so, we remain fully responsible for your personal data.
We use the following categories of data processors: data collection, management and storage service providers, e-mail service providers, messaging service providers, customer relationship management and feedback service providers, direct marketing service providers, payment service providers, accountants and legal and other advisers, user experience analysis and improvement service providers, web and server hosting service providers, Platform software bug monitoring service providers.
For more detailed information on the authorized processors used by the Administrator (e.g. their names and locations), please contact us using the contact details below.
Third parties. We will only share your personal information with third parties if it is set out in this document, if required by applicable law (e.g. if we are required to share personal information with public authorities) or with your consent.
If you are a representative of the User or the Client, we will share your personal data with the Client, as it is necessary to fulfil our obligations to the Client arising from the Agreement. The legal basis for such sharing is our legitimate interests to enable the use of the Platform and the Services, or the Client’s legitimate interests in the use of the Platform and the Services as requested by the Client. We may share your personal information with our auditors. The legal basis for such sharing is our respective legal obligation.
Transfer of personal data outside the European Union (EU) – We only transfer and store your personal data outside the EU if we have a legal basis to do so, including to the recipient of the data who is: i) in a country where an adequate level of protection of personal data is ensured (In the United States, if the recipient of the data has a Privacy Shield certificate); or ii) falls under a measure that meets EU requirements for the transfer of personal data outside the EU.
If you need more detailed information about the transfer of your personal data outside the EU (e.g. the names of the recipients and the exact legal basis for such transfer), please contact us using the contact details below.
Security. We implement technical and organizational security measures to protect your personal information, taking into account (i) the state of the art, (ii) the cost of implementation, (iii) the nature, extent, context and purposes of the processing, and (iv) the risks you bear. Such security measures include, but are not limited to, encrypted storage and access control.
Data retention. We retain your personal data for as long as is necessary for the purpose of collecting it, as long as it is necessary to protect the interests of the Administrator or as long as required by applicable law.
If you are a potential Client (trial or demo Client, potential Client or their representative), we will retain your personal information for 12 months from the end of the respective trial or demo period, or from the moment your personal data was collected for marketing purposes based on the legitimate interests of the Administrator (see above). Unless otherwise agreed, if you decide not to continue using the Platform under the price package after the end of the trial period, the trial version of the Content, including the personal data contained therein, will be retained for 90 days after the end of your trial period.
If you are a paying Client or their representative or user, we will store your personal information as follows:
- in accordance with Estonian accounting and taxation laws, information related to invoices is stored for seven years from the end of the respective financial year;
- in accordance with applicable (Estonian) law, we retain personal data related to such claims for a maximum of 10 years from the date on which the claim becomes collectible.
Your rights. You have all the rights of the data subject regarding your personal data to the extent required by the applicable data protection rules. These rights include:
- requesting access to your personal data;
- receiving a copy of your personal data;
- correction of incorrect or incomplete personal data;
- deletion of personal data;
- restrictions on the processing of personal data;
- transfer of personal data;
- an objection to the processing of personal data based on a legitimate interest and processed for direct marketing purposes.
If it appears that your rights have been violated, you have the right to lodge a complaint with a data protection authority or a court. To exercise your rights, please contact us using the contact details below.
Applicable law. The law of the Republic of Estonia applies to the processing of your personal data.
Contact details. If you have any questions regarding the processing of your personal data or if you wish to exercise your rights as a data subject, please contact us at: firstname.lastname@example.org.