Personal data processing principles - INTERWORK s.r.o.

Privacy Policy

Recitals

Interwork s.r.o. is an organization in the field of providing services to entities operating on the labor market. An integral part of the provision of these services is the security and protection of personal data, on the basis of which Interwork s.r.o. protects sensitive business and personal data from loss, damage, theft, modification and destruction, and at the same time ensures appropriate technical and organizational measures to ensure the level of security in the processing of personal data.

Interwork s.r.o. processes the personal data of data subjects exclusively in accordance with Act No. 18/2018 Coll. on the protection of personal data and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC on the protection of personal data.

In this document, Interwork s.r.o. includes the basic principles of personal data processing in the provision of services through the www.interwork.sk website (hereinafter referred to as the "Website"). Interwork s.r.o. reserves the right to amend this document, and immediately informs its business partners of the changes in the form of publication of changes on the Website, stating the date from which these changes come into force. All rights not expressly provided for in this document are governed by the applicable laws of the Slovak Republic.

This document complies with the applicable provisions:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC on the protection of personal data (hereinafter referred to as the "Regulation"), Act No. 18/2018 Coll. on the Protection of Personal Data (hereinafter referred to as the "Act"), Act No. 351/2011 Coll. on Electronic Communications, as amended.

Definitions

Personal data(s) means any information relating to an identified or identifiable natural person (hereinafter referred to as the "Data Subject"); An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more elements specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The data subject is the person to whom the personal data relates.

A controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are provided for in Union or Member State law, the controller or the specific criteria for its designation may be determined in Union law or in the law of a Member State.

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. The Client is a natural or legal person who uses or plans to use the services provided on the Website; A client is also a natural person who is applying for a job.

A business partner is a natural or legal person who uses the services provided on the Website in order to find a suitable employee. The business partner is a registered client of our company.

A Job Seeker is exclusively a natural person who uses the services provided on the Website, in particular in order to find a suitable job opportunity with a Business Partner.

The CV Database is a database containing CVs created and/or published by Job Seekers.

Services are products that Interwork s.r.o. provides to Business Partners and Job Seekers through the Website. The Services provided to the Job Seeker in terms of personal data processing include: the ability to respond to or respond to a published job offer via the website, to create/save and access/provide a CV in the CV Database, to send suitable job offers by e-mail. The Services provided to the Business Partner in terms of personal data processing include: publish a job advert, gain access to the CV database.

The processing of personal data is the performance of operations or a set of operations on personal data, in particular their collection, collection, dissemination, recording, organisation, processing or alteration, retrieval, consultation, regrouping, combination, transfer, use, storage, blocking, destruction, provision, disclosure or disclosure.

The provision of personal data is the transfer of personal data to a third party, which further processes it.

Disclosure of personal data is the communication of personal data or allowing access to it to a recipient who does not process it further.

The consent of the data subject is freely given an explicit and comprehensible expression of will, by which the data subject expresses consent to the processing of his/her personal data on the basis of the information provided. Consent is demonstrated in particular by a written consent or affidavit of the person who provided personal data to the information system, or in another credible manner. The written Consent is evidenced by a document confirming the provision of the Consent. Proof of Consent includes, in particular, information on who provided the Consent, to whom this Consent is given, for what purpose, list or scope of personal data and the period of validity of the Consent.

Anonymization of personal data is an act by which personal data is modified in such a form in which it cannot be attributed to the data subject to whom it relates.

Principles of processing and security of personal data

Personal data must be:

• processed lawfully, fairly and transparently in relation to the data subject ("lawfulness, fairness and transparency"),
• collected for specified, explicit and legitimate purposes and must not be further processed in a manner that is incompatible with those purposes ("purpose limitation"),
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation');
• correctly and updated as necessary; all necessary measures must be taken to ensure that personal data that are inaccurate in relation to the purposes for which they are processed are erased or rectified without delay ("accuracy"),
• stored in a form that permits the identification of data subjects for as long as it is necessary for the purposes for which the personal data are processed ('storage minimisation');
• processed in a manner that guarantees adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, through appropriate technical or organizational measures ("integrity and confidentiality").

The Operator is responsible for compliance with the above principles and must be able to demonstrate such compliance ("liability").
The processing of personal data is lawful only if and only to the extent that at least one of the following conditions is met:

• the data subject has consented to the processing of his or her personal data for one or more specific purposes;
• the processing is necessary for the performance of a contract to which the data subject is a party or for measures to be taken at the request of the data subject prior to entering into a contract;
• the processing is necessary for compliance with a legal obligation of the controller,
• the processing is necessary to protect the vital interests of the data subject or another natural person;
• the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

The Operator is also obliged in particular

• define the purpose of personal data processing before commencing the processing of personal data; the purpose of personal data processing must be clear, clearly and specifically defined and must be in accordance with the Constitution of the Slovak Republic, constitutional laws, laws and international treaties by which the Slovak Republic is bound,
• determine the conditions for the processing of personal data so as not to limit the right of the data subject provided for by law, to obtain personal data exclusively for a defined or established purpose, it is inadmissible to obtain personal data under the pretext of another purpose of processing or other activity,
• to ensure that only such personal data are processed that correspond to the purpose of their processing and are necessary to achieve it,
• ensure that personal data is processed and used exclusively in a manner that corresponds to the purpose for which it was collected; it is inadmissible to combine personal data that have been obtained separately for different purposes,
• to ensure that the collected personal data are processed in a form that allows the identification of data subjects for a period not longer than is necessary to achieve the purpose of processing,
• destroy in case of anonymization those personal data whose purpose of processing has ceased to exist; After the end of the purpose of processing, personal data may be further processed only to the extent necessary for historical research, scientific research and development or statistical purposes. During the processing of personal data for the purposes referred to in the previous sentence, the Controller is obliged to mark and anonymize them.

Processing of personal data in CVs and CV database

The Services provided to Job Seekers include the possibility to create a CV via an online form filled in on the Website and make it available/provided in the CV Database to Business Partners of Interwork s.r.o.

CVs stored in the CV Database contain data that are considered Personal Data under the Regulation and the Act. Therefore, this Personal Data may only be processed with the consent of the Data Subject. Before saving the CV, the Data Subject declares that all the Personal Data provided by him or her is true and subsequently gives his or her consent to the processing of his or her Personal Data to Interwork s.r.o.

The purpose of the processing of Personal Data is to provide assistance to the Data Subject as a Job Seeker to find a suitable job opportunity. Interwork s.r.o., based on the consent of the Data Subject and for the purpose specified in the previous sentence, is entitled to make the Personal Data contained in the Data Subject's CV available/provided to its Business Partners.

The personal data contained in the Data Subject's CV are made available/provided to Business Partners within the Internet computer network via the Website, for a period of two years from the date of granting consent to the processing of personal data. After the expiry of the above-mentioned period, the Personal Data contained in the CV will be inaccessible and stored in the CV Database in case they are made available again/provided by the Data Subject. The accessibility/provision of the CV can be terminated and renewed at any time at the decision of the Data Subject. On the basis of a written request of the Data Subject, Interwork s.r.o. is obliged to definitively delete the Personal Data.

CVs stored in the CV Database include: name, postal address, e-mail, telephone, marital status, height, weight, specification of the work area and job position in which he is interested, specification of the location in which he is looking for a job, the required type of employment, gender determination (exclusively for the purposes of statistical processing). The inclusion of additional data in the CV is at the sole discretion of the Job Seeker concerned; Interwork s.r.o. does not require the provision of additional data, Interwork s.r.o. does not in any case require the Job Seeker to provide data falling into a special category of personal data defined in Article 9 of the Regulation or § 16 of the Act.

Rights of data subjects

The Controller shall take appropriate measures to provide the data subject with all the information referred to in Articles 13 and 14 of the Regulation and all notifications pursuant to Articles 15 to 22 and Article 34 of the Regulation relating to processing, in a concise, transparent, comprehensible and easily accessible form, formulated in a clear and simple manner, in particular in the case of information specifically addressed to a child. The information shall be provided in writing or by other means, including, where appropriate, by electronic means. If requested by the data subject, the information may be provided orally, provided that the identity of the data subject has been proved by other means.

The data subject has the right to obtain from the controller confirmation as to whether personal data relating to him or her are being processed and, if so, the right to obtain access to such personal data and the following information:

• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged retention period of personal data or, if this is not possible, the criteria for determining it;
• the existence of the right to request from the controller the rectification of personal data relating to the data subject or their erasure or restriction of processing, or the right to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• if the personal data have not been collected from the data subject, any available information as to its source;

The data subject has the right to have the controller rectify incorrect personal data concerning him or her without undue delay. With regard to the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement.

The supervisory authority is the Office for Personal Data Protection of the Slovak Republic. The person concerned is entitled to lodge a complaint with the supervisory authority. The data subject is entitled to request Interwork s.r.o. to delete his/her personal data. All consents to the processing of personal data provided to Interwork s.r.o. are revocable. Please send your request to: info@interwork.sk

In Trnava, 24.9.2024