I. Basic Provisions
- The personal data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) is xITee k.s., ID No.: 27224830 (hereinafter the “Controller”).
- Contact details of the Controller:
address: Rybná 682/14, Prague 1, 110 00
email: withdraw@xitee.com, info@xitee.com
phone: +420 234 262 311
- Personal data mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Controller has appointed a data protection officer. The Officer’s contact details are:
Kateřina Hůtová
email: dpo@xitee.com
phone: +420 774 984 485
II. Sources and Categories of Processed Personal Data
- The Controller processes the personal data you have provided or the personal data the Controller has obtained based on fulfilling your request.
- The Controller processes your identification and contact information and data necessary to execute your request.
III. Legal Basis and Purpose of Personal Data Processing
- The legal basis for processing the personal data is
- the consent granted by the data subject to its personal data being processed for one or more specific purposes pursuant to Article 6(1a) of the GDPR,
- the legitimate interest of the Controller in providing direct marketing (in particular for sending commercial messages and newsletters, including services or merchandise of third parties) under Article 6(1f) of the GDPR.
- performance of contract based on the legitimate interest,
- legislative decree.
- The purpose of personal data processing is
- the selection procedure for the job position in question; for such purpose, the personal data required are necessary in order to include the applicant into the selection procedure (including the first and last name, address, phone number and e-mail). The provision of personal data is a necessary requirement for the selection procedure, and without it, it is not possible to include the applicant into the selection procedure,
- registering your person as a potential employee of the Controller; for such purpose, the personal data required are necessary to enter the applicant into the job applicant register (e.g. first and last name, address, phone number, e-mail etc.). The provision of personal data is a necessary requirement for entering the applicant into the register, and without it, it is not possible to enter the applicant into the register; the consent is granted for a period of 1 year from the date of submitting the personal data,
- processing enquiries sent to the Controller via the online contact form (including the first and last name, company name, e-mail, phone number and the text of your message),
- performing statistical analyses and research or adapting the content of its services (within the IP address),
- sending commercial communications, newsletters (including services or goods from third parties) and performing other marketing activities,
- records of customers and job applicants.
2. The Controller is not involved in automated individual decision-making within the meaning of Article 22 of the GDPR.
IV. Cookies
- The Controller uses cookies on its website for the following purposes:
- maintaining User sessions; such cookies are essential for the Controller to be able to differentiate between individual Users when displaying the website and thus for displaying relevant data for specific Users only;
- basic settings for the Website and for Users who are not logged in that affect how the website is displayed according to the User’s preferences (e.g. when a user blocks certain graphic elements, such cookies allow such preference to be implemented) or the frequency and order of website browsing (e.g. during the first visit, information can be displayed that is not displayed during future visits).
- The Website can also contain third-party cookies that allow the Controller to acquire anonymous statistics relating to the frequency of visits and typical behaviour of Users on specific websites. As a rule, such third parties do not save any personal data in relation to the use of cookies, since the identity of the User is not known to them (provided the User is not a registered User of the products of the third party, such as Google).
- For more detailed information, please refer to the Terms and Conditions of Using Website or the Controller’s website: https://www.xitee.com/en/terms-and-conditions/.
V. Data Retention Period
- The Controller retains personal data
- for the period necessary to exercise the rights and obligations,
- for the period absolutely necessary when processing data to resolve enquiries,
- until the voluntary consent to process personal data is withdrawn in the case of registering your person as a potential employee, but no longer than 1 year from the date of submitting your personal data,
- until the voluntary consent to the processing of personal data for marketing purposes is withdrawn if personal data are processed under a consent.
- Upon the lapse of the retention period, the Controller shall erase the personal data.
VI. Recipients of Personal Data (Controller’s Subcontractors)
- The only recipients of personal data obtained from customers/job applicants are authorised employees of the Controller. We use all personal data solely for the internal use of the company, we protect them against misuse and do not provide them to third parties without prior notice or your consent.
- Exceptions are institutions which can receive personal data from the Controller based on legislative regulations (e.g. mandatory reports to state administration bodies, insurance companies, financial administration authorities etc.) or to the appropriate extent to selected service providers. We have entered into contractual relationships with such providers and such contain the necessary rules for handling personal data within the parameters required under Article 28 of the GDPR.
- Exceptions also include external companies (the processors below) which provide support services for us only to the extent necessary for processing purposes:
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the purpose of processing stated in Article III under point 2 item d)
- Facebook, Facebook Headquarters, 1 Hacker Way, Menlo Park, CA 94025, for the purpose of processing stated in Article III under point 2 item e)
VII. Your Rights
- Under the conditions set out in the GDPR, you shall have
- the right to access your personal data pursuant to Article 15 of the GDPR,
- the right to rectify your personal data pursuant to Article 16 of the GDPR or to restrict processing pursuant to Article 18 of the GDPR.
- the right to erase your personal data pursuant to Article 17 of the GDPR.
- the right to object to processing pursuant to Article 21 of the GDPR and
- the right to data portability pursuant to Article 20 of the GDPR.
- the right to withdraw your consent to processing in writing or electronically using the address or e-mail of the Controller specified in Article I of these Terms.
- You shall also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to privacy has been violated.
VIII. Privacy Policy
- The Controller declares that it has taken the appropriate technical and organisational measures to secure the personal data.
- The Controller has taken the appropriate technical measures to secure the data storages and personal data storages in paper copies, in particular, by: management of access rights, data encryption, application firewall protection, regular backups and many other secondary measures performed by the Controller as the holder of the ISO 27001 Certificate (information security management system).
- The Controller declares that personal data can only be accessed by persons authorised by the Controller.
IX. Final Provisions
- By sending an enquiry or request to the selection procedure via the online contact form, you acknowledge that you are familiar with the Privacy Policy and that you accept it in its entirety.
- You give your consent to this Privacy Policy by checking off your consent via the online form. By checking your consent, you acknowledge that you are familiar with the Privacy Policy and that you accept it in its entirety.
- The Controller is entitled to change this Privacy Policy. The new version of the Privacy Policy will be published on its website.
Privacy Policy
These Terms shall enter into effect as of: 25 May 2018
version: 1.0