Privacy Policy
Updated privacy policy valid from the 11th of June 2024 and onwards:
PRIVACY POLICY OF TEAMDASH
This Privacy Policy describes how Recruitment Software OÜ, (registry code: 14936047, address: Harju County, Tallinn, City Centre city district, Lõõtsa 8, 11415) (Administrator/We/Teamdash) processes personal data of its Clients, Client representatives, Users, Candidates and other data subjects (You) in connection with their use of the Teamdash Platform and Services.
This Privacy Policy applies if you use, have used, or have expressed an intention to use the Platform and/or Services by Teamdash, including in trial or demo version. This Privacy Policy also applies to potential clients of the Administrator.
Please read this Privacy Policy as it contains important information about the processing of your personal data.
If you have additional questions about how we process your personal data, do not hesitate to contact us (see Clause 2.1 for our contact details).
1. DEFINITIONS
1.1 Data protection terms have the same meaning as defined in the General Data Protection Regulation (EU) 2016/679 (GDPR). Other terms defined here originate from our Terms of Use, but have been added here for your convenience.
1.2 Administrator/we/Teamdash means Recruitment Software OÜ (registry code 14936047), address Harju county, Tallinn, Lasnamäe district, Lõõtsa tn 8, 11415).
1.3 Candidate is a natural person whose data and personal information are generally processed by the Client as a controller on the Platform and whose personal data is processed by the Administrator as an authorized processor.
1.4 Client is a person engaged in economic or professional activities who has entered into an agreement with the Administrator.
1.5 Platform is an integrated software solution for business and professional people for managing job advertisements, recruitment campaigns, campaign websites, recruitment process, Candidates, sales process, customer management process, clients, etc offered by us.
1.6 Service means any services offered to the Client under the agreement with the Client.
1.7 User is a natural person who uses the Platform and Services on behalf of the Client.
1.8 Website means a set of web documents (including images, videos, php and html files etc.) owned by us (for example, teamdash.com, recruitlab.co.uk, recruitlab.co, recruitlab.eu, recruitlab.ee, recruitlab.lv, and those of other websites registered under the domain name “teamdash”, “recruitlab” or “recruitmentsoftware” in different top-level domains) and accessible through named domains and subdomains. In addition, the term Website covers our social media pages where relevant.
2. CONTACTS AND GENERAL INFORMATION ABOUT THE PRIVACY POLICY AND PROCESSING
2.1 Teamdash/we are a private limited company Recruitment Software OÜ, registration code 14936047, address Harju maakond, Tallinn, Lasnamäe linnaosa, Lõõtsa tn 8, 11415, e-mail [email protected].
2.2 The Privacy Policy applies to personal data processing done by us when offering our Services and Platform. Please note, that our Clients are generally controllers of Candidates’ personal data, and processing done by them is governed by their respective privacy policies.
2.3 We have the right to unilaterally amend this Privacy Policy. We will notify the data subject of all important material changes on the Website or otherwise.
2.4 Information about controller-processor relationships: Our Clients are the controllers of their Candidates’ personal data in the recruitment procedure. We are processing Candidates’ personal data as authorized processor of our Clients’ when offering our Platform and Services. We are the controller of personal data of Users and Clients’ representatives when offering and developing our Platform and Services. We may be the controller of Candidates’ personal data when developing our Services and/or Platform or when we ourselves are hiring. In case of protection, proof and defence of claims we are the controller of personal data processed by us.
Please note, that if you want specific information about how your data is processed by our Clients in recruitment procedure, then you should contact relevant Client.
2.5 Our processing is governed by laws of the Republic of Estonia and our supervisory authority for personal data processing is Estonian Data Protection Inspectorate.
2.6 Information about other links/apps etc. Please note, that the links on our Website may lead to media that is governed by privacy terms of the respective service providers’, and not by this Privacy Policy. We are not responsible for anything on those other websites. Processing of your personal data on our social media channels, by providers of those platforms, is done according to the privacy terms of relevant platform. We follow our own Privacy Policy and relevant social media platform’s terms when processing personal data gathered via those platforms. In case we use third-party software in the course of Service provision, then personal data is processed by relevant third-party service providers in accordance with their privacy policies and agreement with us (in case of (sub-)processors).
3. DATA SUBJECTS AND COLLECTION OF PERSONAL DATA
3.1 Generally, we may process personal data of the following data subjects:
3.1.1 our Client’s representatives and employees, incl. Users;
3.1.2 potential client’s representatives and employees;
3.1.3 Candidates (potential employees of our Clients);
3.1.4 representatives of our cooperation partners;
3.1.5 our employees or contractors;
3.1.6 Website visitors;
3.1.7 and other data subjects.
3.2 We collect your personal data in the following ways:
3.2.1 You provide Teamdash with your personal data yourself;
3.2.2 Your personal data is provided to the Teamdash by our Client’s representative or a User;
3.2.3 Your personal data will be provided to Teamdash by a third party (for example, if a third-party payment service provider confirms whether your payment was successful or not);
3.2.4 In case of Candidates’ personal data, it is provided to Teamdash by the Client representative/User or a third-party (e.g., CV is uploaded); Client representatives and Users can add different personal data about different data subjects – Client is the controller for such personal data;
3.2.5 Via technical means or from different registers, e.g., as defined in the Administrator’s Cookies Policy. Such processing also includes the collection of data from potential client (trial or demo clients, potential clients, and their representatives) from public registers.
4. GENERAL PURPOSES AND LEGAL BASIS FOR PROCESSING
4.1 In general, Teamdash is a processor of personal data when offering its Services. This means that we rely on our Clients’ grounds for processing. In cases where we are the controller, we may use different grounds for processing as described below.
4.2 Teamdash may use consent as legal basis. Based on consent, Teamdash process personal data precisely within the limits, to the extent and for the purposes for which the data subject has given their consent. The data subject’s consent must be freely given, specific, informed, and unambiguous, for example, by ticking the box on the Website. Please note that you have the right to withdraw your consent at any time. Withdrawal of consent will not influence the rightfulness of personal data processing done under the consent before the withdrawal of the consent.
4.3 Teamdash may use entering into contract or fulfilment of contract (GDPR art 6 (1) b) as legal basis for processing of personal data, if Teamdash has contractual relationship with the data subject (e.g., when Teamdash itself hires someone). Upon entering into and performing a contract, Teamdash may process personal data for the following purposes:
(a) taking steps prior to entering into a contract, which are necessary for entering into a contract or which the data subject requests (mainly identification data, contacts are used);
(b) identifying the data subject to the extent necessary for entering into and performing a contract (mainly identification data and contacts are used);
(c) performing the obligations assumed (e.g., billing) (mainly identification data, contacts, usage data and technical data are used);
(d) communicating with the data subject, incl. sending information and reminders about the performance of the contract (all data may be used);
(e) protection of rights and claims (depending on the data all gathered data may be used);
(f) to detect, prevent and address technical issues (depending on the issue all gathered data may be processed);
(g) to provide support (all data may be used);
(h) to notify you about contract related notice (mainly identification data, contacts and usage data are used).
4.4 Teamdash has certain legal obligations for which personal data must be processed. Teamdash process personal data to comply with a legal obligation in accordance with and to the extent provided by law. Mainly we need to retain certain personal data to fulfil obligation to retain accounting documents from Accounting Act.
4.5 Teamdash may use legitimate interest as legal basis. Teamdash’s legitimate interest means our interest in managing or directing our activities and enabling us to offer the best possible Service. In case we are using legitimate interest, we have previously assessed our and your interests. You have the right to see conducted assessment connected to processing of your personal data. If you wish to do so contact as at [email protected]. We may process your personal data (except special categories of personal data) based on legitimate interest for the following purposes:
4.5.1 managing and analysing our Client database and Services to improve the availability, functions and quality of Service(s), e.g., using a CRM or analytics solutions to enable the foregoing (mainly identification data and contact data is used);
4.5.2 development of our Service and Website depending on the development all data may be used; incl. monitoring service usage data;
4.5.3 ensuring a better Client/User experience, to provide higher quality Service(s); we may monitor the usage of our Service and Website, analyse identifiers and personal data collected when our Website, Service, our social media pages and other sales channels are used, and we may collect statistics about Clients, Users and visitors (mainly usage data and technical data may be processed);
4.5.4 sending offers/information to the Client or potential client if the respective person has previously purchased or shown interest in a similar product/service, and if such processing is allowed in respective jurisdiction. In this case, the person is always guaranteed to have a simple opportunity to resign from the communication, and we have considered our and the (potential) client’s interests;
4.5.5 conducting satisfaction surveys and measuring the effectiveness of marketing activities performed (contact data is used and service usage general data);
4.5.6 making recordings and logging; we may record messages and orders given both in our premises and using means of communication (e-mail) as well as information and other activities we have performed. If necessary, we use these recordings to prove orders or other activities;
4.5.7 technical and cyber security reasons, for example measures for combating piracy and ensuring the security of the Website as well as for making and storing back-up copies and preventing/repairing technical issues (depending on the issue all data may be processed);
4.5.8 processing for organisational purposes, incl. between group companies (if any), foremost for management and processing of personal data for internal management purposes (but also for audits, providing information to investors and other potential supervision), including for processing the personal data of Clients or representatives (mainly general Service usage and Client data);
4.5.9 establishing, exercising or defending legal claims, incl. assigning claims to, for example, collection service providers, or using legal advisors (depending on the claim/issue all data may be processed);
4.5.10 mergers, acquisitions and other transactions, if we or a part of us is sold or other similar business transaction is taking place certain personal data may be processed by us and transaction partner and advisors to facilitate the deal and to conduct due diligence (mainly accounting data, biggest clients etc.; however, depending on the transaction all data may be processed);
4.5.11 If you have given us information about not sending you a certain type of information – retaining the information about such prohibition.
4.6 If you are a Client (natural person; if any), then main basis for the processing of your personal data is the performance of the agreement or the application of measures at your request before concluding the agreement. If you are a representative of the Client or a User, our legitimate interests are the legal basis for the processing of your personal data to enable use of the Platform and the Services, or the Client’s legitimate interests in using the Platform and the Services as requested by the Client.
4.7 If you are a potential client (trial or demo client, potential client or their representative), we process your personal data for the marketing and sales purposes of the Platform and the Services, and for your company to enter into an agreement with the Administrator. In order to achieve the above, we may process the following personal data: name, work e-mail address, work telephone number, Client’s company, position in the Client’s company, communication data, data related to the use of the Platform and the Services. The legal basis for the processing of your personal data is our legitimate interests in the marketing of Platform and Services of the Administrator. Considering that this is a B2B platform or platform for businesses, and that we process data related to your business and/or work, we assume that your right to privacy does not take precedence over our legitimate interests.
4.8 If you are a representative of the User or the Client, we will share your personal data with the Client, as it is necessary to fulfil our obligations to the Client arising from the agreement with the Client. The legal basis for such sharing is our legitimate interests to enable the use of the Platform and the Services, or the Client’s legitimate interests in the use of the Platform and the Services as requested by the Client. We may share your personal information with our auditors. The legal basis for such sharing is our respective legal obligation.
4.9 If you are Candidate of the Client or potential Candidate and/or if the Client of the Administrator has entered your data on the Platform himself/herself either manually or automatically, or enabled the entry of your data through automatic application forms or job portals and interfaces with other such environments or platforms, then your data will be treated as content created by the Client and/or User. Thus, the Administrator, i.e., Teamdash processes the personal data contained in the content on behalf of the Client in order to offer the Platform and provide the Services to the Client, and acts as an authorized processor of such personal data, while the Client acts as the controller of such personal data.
4.10 New purpose. Where personal data is processed for a new purpose other than that for which the personal data are originally collected or it is not based on the data subject’s consent, we carefully assess the permissibility of such new processing. We will, in order to ascertain whether processing for a new purpose is compatible with the purpose for which the personal data are initially collected, take into account, inter alia:
(a) any link between the purposes for which the personal data are collected and the purposes of the intended further processing;
(b) the context in which the personal data are collected, in particular regarding the relationship between the data subject and us;
(c) the nature of the personal data, in particular whether special categories of personal data are processed or whether personal data related to criminal convictions and offences are processed;
(d) the possible consequences of the intended further processing for data subjects;
(e) the existence of appropriate safeguards, which may include encryption or pseudonymisation.
5. DATA WE PROCESS AS CONTROLLER
5.1 Generally, our Client is the controller of personal data (e.g., Candidates’ personal data in recruitment procedure). However, we are controllers when developing our Service and processing Client’s representatives or Users data for our own purposes (e.g., billing, Client support to Users, analytics of User experience). Mainly we process Client representatives’ and Users’ personal data for concluding and fulfilling the agreement with the Client. This includes providing the Service, providing customer support, and contacting you for other reasons related to the Platform and the Services. We process the following personal data for the above purposes:
5.1.1 identification data (name, date of birth, picture);
5.1.2 contact information (work address, phone number, work e-mail address);
5.1.3 data concerning the work (Client’s company, position in the Client’s company);
5.1.4 communication data (e-mail, messages sent to the Administrator i.e., Teamdash);
5.1.5 Data related to the use of Teamdash Platform and Services (incl., technical and usage data – identifier, IP, geolocation, browser information, device information, usage of service and moving in the Platform/service, log information);
5.1.6 Candidates’ data if it is necessary for Platform/Service development.
Please note, that Clients are controllers of personal data of Candidates applying to work at Clients’. Clients decide what data is gathered and how it is processed. In general data such as CVs, identification data, contacts etc. and other personal data submitted to the Platform is processed. If you want more data how Client is processing your personal data then contact relevant Client (if needed we can help you with that).
5.2 As a controller we do not process personal data of persons under 18 years (our Platform and Service are not intended for kids).
5.3 As a controller we generally do not process special categories of personal data when offering our Services. If special categories of personal data are processed by us as a controller, then we will give information about such processing to the data subject and take measures to ensure suitable grounds for the processing of special categories of data.
6. AUTHORISED PROCESSING, DISCLOSURES AND TRANSFERS
6.1 Teamdash cooperates with persons to whom we may transmit data, including personal data, concerning the data subjects within the context and for the purpose of that cooperation. We may have different type of controller-processor-sub-processor relationships with those cooperation partners. When transferring personal data to third parties (generally our cooperation partners), we comply with the applicable data protection requirements. If we are processors ourselves, then use of subsequent sub-processors is done in accordance with data processing agreements with our Client (the controller).
6.2 Requirements for the usage of cooperation partners that are our processors. Such third parties may include:
6.2.1 data collection and analysis, management and storage service providers (all personal data);
6.2.2 e-mail service providers and messaging service providers (contacts);
6.2.3 customer relationship management and feedback service providers (contacts);
6.2.4 direct marketing service providers (technical data, contacts);
6.2.5 accountants and legal and other advisers (depending on the situation all data);
6.2.6 user experience analysis and improvement service providers (generally technical and service usage data);
6.2.7 web and server hosting service providers (all data);
6.2.8 Platform software bug and performance monitoring service providers (all data);
6.2.9 advertising and marketing partners (generally contacts and technical data);
6.2.10 video interview service providers (data on the recordings);
6.2.11 IT partners, i.e., service providers for various technical services (depending on the situation all data).
We may use such (sub)processors provided that the respective purpose and processing are lawful and personal data is processed pursuant to the instructions of the controller and on the basis of a valid data processing agreement.
If you wish to get more information about which processors we may give your personal data, please contact us at [email protected].
6.3 We may disclose your personal data:
(a) To our group companies (if any) and investors mainly for our internal and managerial purposes;
(b) To law enforcement or other official authorities if we are obligated to do so or have other legal basis. Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities. We always assess the lawfulness of information requests before disclosing any personal data.
(c) For business transactions if we or our subsidiaries are involved in a merger, acquisition or asset sale, your personal data may be transferred;
(d) In other cases, we may transmit your personal data to third parties provided that we have your consent or other suitable legal basis and your rights are adequately ensured under the GDPR.
6.4 In general, we do not transfer data outside the EEA. Our server rooms are in EU. But for our other activities, we may use service providers/co-operation partners from outside EEA. Such transfers are only commenced if requirements from the GDPR Chapter V are met e.g., adequacy decision* (see the GDPR art 45) or EU SCC (see the GDPR art 46). We usually use EU standard contractual clauses** for transferring your personal data outside of the EEA. In case of US data importer in certain cases Data Privacy Framework*** may be used. We will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. If you want more information about transfers outside the EEA, contact us at [email protected].
* Adopted adequacy decisions can be found here.
** You can find the text of standard contractual clauses here.
*** Parties to Data Privacy Framework can be found here.
7. DATA RETENTION
7.1 We retain your personal data for as long as is necessary for the purpose of collecting it, as long as it is necessary to protect the interests of Teamdash or as long as required by applicable law. In case we are the processor, we retain personal data of Candidates as long as instructed by the client.
7.2 If you are a potential Client (trial or demo client, potential client or their representative), we will retain your personal information for 12 months from the end of the respective trial or demo period, or from the moment your personal data was collected. Unless otherwise agreed, if you decide not to continue using the Platform under the price package after the end of the trial period, the trial version of the content, including the personal data contained therein, will be retained for 90 days after the end of your trial period.
7.3 If you are a paying Client or their representative or User, we will store your personal information as follows:
(a) in accordance with Estonian accounting and taxation laws, information related to invoices is stored for 7 (seven) years from the end of the respective financial year;
(b) in accordance with applicable (Estonian) law, we retain personal data related to such claims for a maximum of 10 (ten) years from the date on which the claim becomes collectible.
8. SECURITY AND INCIDENTS
8.1 We implement technical and organizational security measures to protect your personal data, taking into account (i) the state of the art, (ii) the cost of implementation, (iii) the nature, extent, context and purposes of the processing, and (iv) the risks you bear. Such security measures include, but are not limited to, encrypted storage and access control.
8.2 In the event of any incident involving personal data, we do our best to mitigate the consequences and alleviate the relevant risks in the future. We will follow notice requirements of the GDPR.
9. PRINCIPLES OF PERSONAL DATA PROCESSING
9.1 Our aim is to process personal data in a responsible manner where we are able to demonstrate the compliance of personal data processing with the purposes set and the applicable regulations.
9.2 All our processes, guidelines and activities related to personal data processing are based on the following principles: lawfulness, fairness, transparency, purposefulness, minimisation, accuracy, storage limitation, integrity, confidentiality, and data protection by default and by design.
10. YOUR RIGHTS AS A DATA SUBJECT
10.1 We would like to make sure you are fully aware of all of your data protection rights. Every data subject is entitled to the following rights (under certain preconditions):
10.1.1 The right to access – you have the right to access and to request copies of your personal data.
10.1.2 The right to rectification – you have the right to request that we correct any information that is inaccurate.
10.1.3 The right to erasure – you have the right to request that we erase your personal data, under certain conditions (e.g., we are processing your personal data under your consent).
10.1.4 The right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions (e.g., we are processing your personal data under consent).
10.1.5 The right to object to processing – you have the right to object to our processing of your personal data, under certain conditions (e.g., we are processing your personal data under legitimate interest).
10.1.6 The right to data portability – you have the right to request that we transfer the data that you have provided us to another organization, or directly to you, under certain conditions.
10.1.7 Rights in connection to consent- if we process your personal data using consent as legal basis, then you have the right to withdraw your consent at any time (e.g., by unsubscribing or emailing us). Withdrawing your consent won’t change the legality of processing done before withdrawal.
10.1.8 Rights in connection to use of legitimate interest – if we process your personal data under legitimate interest, then you have the right to see the conducted legitimate interest assessment connected to the processing of your personal data. For this write us at [email protected].
10.1.9 Rights related to automated processing and profiling mean that the data subject, on grounds relating to their particular situation, has the right to object at any time to the processing of personal data concerning them based on automated decisions/profiling and to require human intervention. The data subject may also require an explanation regarding the logic of making an automated decision. For avoidance of doubt, as a controller of personal data we do not use automated processing or profiling that has a significant effect on the data subject or their rights. If we commence such processing as a controller then we will provide necessary information.
10.1.10 The right to file a complaint and seek judicial remedy – you have the right to file a complaint with us or supervisory authority or court if you think that your rights in connection to personal data have been infringed. We kindly ask you to contact us first for finding a solution. If needed our data protection supervisory authority is Estonian Data protection Inspectorate (Andmekaitse Inspekstioon) contacts can be find: https://www.aki.ee/en/contacts. In addition, as a data subject you have a right to file a complaint in the EU Member State of your residence or a place of work or of where alleged infringement of the GDPR took place. If you are a resident of EU, you can find the details of respective data protection authority from here.
10.2 Responses and additional information. If you make a request connected to personal data processing, we have one month to respond to you. If you would like to exercise any of these rights or need more information on your rights, please contact us. Please note, that we may need to identify you before granting you any of the rights connected to your personal data.
If your inquiry is related to processing done by or for our Clients, then we will forward your inquiry to relevant Client or ask you for which Client the request is for.
If you have any questions regarding the processing of your personal data or if you wish to exercise your rights as a data subject, please contact us at: [email protected].
11. CHANGES
11.1 The latest changes and entry into force of the Privacy Policy:
- Publication: 11th of June 2024
- Entry into force: 11th of June 2024
- Key changes: New version of the Privacy Policy. We added distinction of controller-processor relationship. Tied processing purposes and basis with data categories. Modified data subjects’ rights information and generally updated our privacy policy. You can find our old Privacy Policy (not applicable anymore) below.
Privacy policy until the 11th of June 2024 (not applicable anymore):
This Privacy Policy describes how Recruitment Software OÜ, (registry code: 14936047, address: Harju County, Tallinn, City Centre city district, Lõõtsa 8, 11415), hereinafter also referred to as the Administrator or We) processes the personal data of its Clients, Client representatives, Users, Candidates and other data subjects (hereinafter also You) in connection with their use of the Teamdash Platform and Services. This Privacy Policy applies if you use, have used, or have expressed an intention to use the Platform and/or Services by Recruitment Software OÜ or Teamdash, including in trial or demo version. This Privacy Policy also applies to potential clients of the Administrator. Capitalized terms and concepts used in this Privacy Policy are also defined in the Terms of Use of Recruitment Software OÜ.
In the cases described, we act as the controller of your personal data and are responsible for their processing. This Privacy Policy does not apply to personal data processed by Clients of the Administrator in the Content of the Platform and when using the Services. In such a case, the Client acts as the processor of such personal data and is responsible for their processing. The Administrator processes such personal data on behalf of the Client, and we act as an authorized processor of the data (see clause 7 of the Administrator’s Terms of Use).
Personal data must be understood as any information concerning an identified or identifiable natural person (data subject).
Collection of your personal data.
We collect your personal information in the following ways:
- You provide the Administrator with your personal data yourself;
- Your personal data is provided to the Administrator by the Client’s (of your company) representative or another User;
- Your personal data will be provided to the Administrator by a third party (for example, if a third-party payment service provider confirms whether your payment was successful or not);
- Content created on the Platform by you or your users contains personal information of third parties (such as your Candidates)
- Automatically, including as defined in the Administrator’s Cookies Policy. Such processing also includes the collection of data from potential client (trial or demo clients, potential clients, and their representatives) from public registers.
Personal data to be processed, purpose and legal basis for processing.
We process your personal data mainly for concluding and fulfilling the Agreement with the Client. This includes providing the Service, providing customer support, and contacting you for other reasons related to the Platform and the Services. We process the following personal data for the above purposes:
- identification data (name, date of birth, picture);
- contact information (work address, work phone number, work e-mail address);
- data concerning the work (Client’s company, position in the Client’s company);
- communication data (e-mail, messages sent to the Administrator);
- Data related to the use of the Administrator’s Platform and Services;
- Personal data of Candidates of Clients of the Administrator, such as CVs, s and other personal data submitted to the Client for applying for a job, as well as personal data that Clients enter the Platform themselves as Content.
If you are a Client,
the basis for the processing of your personal data is the performance of the Agreement or the application of measures at your request before concluding the Agreement. If you are a representative of the Client or a User, our legitimate interests are the legal basis for the processing of your personal data to enable use of the Platform and the Services, or the Client’s legitimate interests in using the Platform and the Services as requested by the Client.
If you are a potential client
(trial or demo client, potential client or their representative), we process your personal data for the marketing and sales purposes of the Platform and the Services, and for your company to enter into an Agreement with the Administrator. In order to achieve the above, we may process the following personal data: name, work e-mail address, work telephone number, Client’s company, position in the Client’s company, communication data, data related to the use of the Platform and the Services. The legal basis for the processing of your personal data is our legitimate interests in the marketing of Platform and Services of the Administrator. Considering that this is a B2B platform or platform for businesses, and that we process data related to your business and/or work, we assume that your right to privacy does not take precedence over our legitimate interests.
If you are Candidate of the Client or a Potential Client of the Administrator, or Potential Candidate and/or if the Client
of the Administrator has entered your data on the Platform himself/herself either manually or automatically, or enabled the entry of your data through automatic application forms or job portals and interfaces with other such environments or platforms, then your data will be treated as Content created by the Client and/or User. Thus, the Administrator processes the personal data contained in the Content on behalf of the Client only in order to offer the Platform and provide the Services to the Client, and acts as an authorized processor of such personal data, while the Client acts as the controller of such personal data (as defined in clause 7 of the Terms of Use).
In addition, the Administrator may process your personal data to protect the Administrator’s rights (to identify, file and protect legal claims). The legal basis of the latter is the administrator’s legitimate interest in acting in this way.
The controller does not process any special categories of personal data. As the Platform and Services are not available to persons under the age of 18 in accordance with our Terms of Use, we do not process personal data of persons under the age of 18.
Processing on consent.
We may also process your personal data with your consent (e.g. for direct marketing purposes). If the processing is based on consent, you can withdraw your consent at any time by contacting us at the contact details below or by clicking on the ‘unsubscribe’ link at the end of each email. Withdrawal of consent shall not affect the lawfulness of processing based on consent which took place before the withdrawal of consent.
Authorized data processors
We use carefully selected service providers (authorized data processors) to process your personal data. By doing so, we remain fully responsible for your personal data.
We use the following categories of data processors: data collection, management and storage service providers, e-mail service providers, messaging service providers, customer relationship management and feedback service providers, direct marketing service providers, payment service providers, accountants and legal and other advisers, user experience analysis and improvement service providers, web and server hosting service providers, Platform software bug monitoring service providers.
For more detailed information on the authorized processors used by the Administrator (e.g. their names and locations), please contact us using the contact details below.
Third parties.
We will only share your personal information with third parties if it is set out in this document, if required by applicable law (e.g. if we are required to share personal information with public authorities) or with your consent.
If you are a representative of the User or the Client, we will share your personal data with the Client, as it is necessary to fulfil our obligations to the Client arising from the Agreement. The legal basis for such sharing is our legitimate interests to enable the use of the Platform and the Services, or the Client’s legitimate interests in the use of the Platform and the Services as requested by the Client. We may share your personal information with our auditors. The legal basis for such sharing is our respective legal obligation.
Transfer of personal data outside the European Union (EU) – We only transfer and store your personal data outside the EU if we have a legal basis to do so, including to the recipient of the data who is: i) in a country where an adequate level of protection of personal data is ensured; or ii) falls under a measure that meets EU requirements for the transfer of personal data outside the EU.
If you need more detailed information about the transfer of your personal data outside the EU (e.g. the names of the recipients and the exact legal basis for such transfer), please contact us using the contact details below.
Cookies Policy
For the website to function properly, the website stores small files – so-called cookies – on the device of this user (hereinafter user). A cookie is a small text file that a website stores on a user’s computer or mobile device when a user of the website visits a service provider’s website. This allows the website to remember user actions and preferences (such as username, language, text size, and other similar display preferences) for a period of time. This way, the user does not have to re-enter them each time they return to the page or browse the pages. The legal basis for the use of cookies is our legitimate interest in ensuring the technical functionality and functioning of the website in accordance with the user’s preferences. Cookies are usually valid for a short period of time (day, week or month), in some cases they can be valid for up to a year. We may use cookies and cookie-like tools to provide and improve service quality and to improve the user experience. Cookies may also be used by third parties whose services we use. Cookies are used for several reasons:
- to personalize content and ads;
- to provide social media features;
- to analyze the use of websites.
We may also provide our social media, advertising and analytics partners with information about how the website is used. The use of such cookies is not directly necessary for the functioning of the website, but it ensures a better browsing experience. Cookies can be deleted or blocked, but in this case not all functions of the website may work as intended. Cookies help us to offer our services better.
Control of cookies.
The user can check and / or delete cookies as desired (see www.youronlinechoices.com/). The user may delete all cookies already on the computer and reject the cookies at any time by changing the settings of their web browser (if the web browser allows it) or by terminating the use of the website. Please be aware that certain features of the website can only be provided using cookies and if you refuse cookies, these features may not be available to you. You can disable cookies in your browser settings or by visiting websites:
https://tools.google.com/dlpage/gaoptout?hl=en
http://www.youronlinechoices.com/
Google Analytics.
We may use Google Analytics, a web analytics service provided by Google, Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses cookies to analyze how a user uses your website. As discussed above, the user can disable the storage of cookies on the user’s computer with the settings of the web browser, but in this case the user will not be able to use all the functions of the website. The user may disable the collection of their data by Google Analytics at any time. To do so, the user must download and install the appropriate browser add-on from the following website: tools.google.com/dlpage/gaoptout?hl=en. For more information about how Google Analytics handles user data, see: https://support.google.com/analytics/answer/6004245?hl=en.
Website logs.
The server hosting our website may store queries made by the user to the server (web address opened by the user, browser and device used by the user, IP address, access time). This data is used only for technical purposes to ensure the operation and security of the website and to detect security incidents.
Security.
We implement technical and organizational security measures to protect your personal information, taking into account (i) the state of the art, (ii) the cost of implementation, (iii) the nature, extent, context and purposes of the processing, and (iv) the risks you bear. Such security measures include, but are not limited to, encrypted storage and access control.
Data retention.
We retain your personal data for as long as is necessary for the purpose of collecting it, as long as it is necessary to protect the interests of the Administrator or as long as required by applicable law.
If you are a potential Client (trial or demo Client, potential Client or their representative), we will retain your personal information for 12 months from the end of the respective trial or demo period, or from the moment your personal data was collected for marketing purposes based on the legitimate interests of the Administrator (see above). Unless otherwise agreed, if you decide not to continue using the Platform under the price package after the end of the trial period, the trial version of the Content, including the personal data contained therein, will be retained for 90 days after the end of your trial period.
If you are a paying Client or their representative or user, we will store your personal information as follows:
- in accordance with Estonian accounting and taxation laws, information related to invoices is stored for seven years from the end of the respective financial year;
- in accordance with applicable (Estonian) law, we retain personal data related to such claims for a maximum of 10 years from the date on which the claim becomes collectible.
Your rights.
You have all the rights of the data subject regarding your personal data to the extent required by the applicable data protection rules. These rights include:
- requesting access to your personal data;
- receiving a copy of your personal data;
- correction of incorrect or incomplete personal data;
- deletion of personal data;
- restrictions on the processing of personal data;
- transfer of personal data;
- an objection to the processing of personal data based on a legitimate interest and processed for direct marketing purposes.
If it appears that your rights have been violated, you have the right to lodge a complaint with a data protection authority or a court. To exercise your rights, please contact us using the contact details below.
Changes to the Privacy Policy.
If our personal data processing practices change or if there is a need to change the Privacy Policy in accordance with applicable data protection rules, other applicable legislation, case law or guidelines issued by the competent authorities, we reserve the right to unilaterally change the Privacy Policy at any time. In this case, we will notify you by email within a reasonable time before the changes take effect.
Applicable law.
The law of the Republic of Estonia applies to the processing of your personal data.
Contact details.
If you have any questions regarding the processing of your personal data or if you wish to exercise your rights as a data subject, please contact us at:
The privacy policy is updated on 01.06.2021 and is valid from 01.07.2021