Who is the personal data controller?

Contact details of the controller: phone: +421 (0) 908 857 752, e-mail: [email protected]

If you have any questions or if you wish to exercise your rights as a data subject with respect to personal data processing, please contact the controller’s data protection officer by e-mail at: [email protected].

Where do we collect personal data of a data subject?

In most cases, we collect personal data directly from the data subject. If we also collect personal data from other sources, we will inform the data subject where we collected their personal data and about the category of the relevant personal data.

We process personal data on the following legal bases:

The data subject is required to provide their personal data if their processing is necessary for the controller’s compliance with a legal obligation.

The data subject is also required to provide personal data if their provision is a contractual requirement resulting from a contract concluded between the controller and the data subject. The provision of personal data under pre-contractual and contractual relationships is necessary; otherwise, failing to do so could prevent the data subject’s participation in a selection procedure, or conclusion or performance of a contract.

If consent is the legal basis for the processing of personal data, consent is given on a voluntary basis. If we process personal data based on a data subject’s consent, the data subject has the right to withdraw their consent at any time.The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.The withdrawal of consent is neither charged nor sanctioned.

If we process your personal data based on our legitimate interests, the data subject has the right to object, on grounds relating to their particular situation, to the processing of their personal data on this basis, including to the profiling based on those interests (Article 21 of the GDPR).

How long do we store personal data of a data subject?

We store personal data for the period necessary to achieve the purpose for which the personal data are processed. If personal data are processed to comply with the controller’s legal obligations, we will store the personal data and the related documentation for the period required by the applicable law. A data subject will find more information about the storage period below in this document.

What are the purposes and legal basis of processing a data subject’s personal data?

For this processing, we act as joint controllers with Facebook, and the basic elements of the agreement of joint controllers for this case are available here: https://www.facebook.com/legal/terms/page_controller_addendum

Storage period: The storage period for personal data of employees is detailed in a separate document for employees. We keep personal data of other data subjects for the purpose of complying with our legal obligations for the period defined in the applicable legislation (10 years).

Information about Cookies

We use cookies on our website. Cookies are small text files that are stored on your device (computer or other device with internet access, such as a smartphone or tablet) when you visit websites. Cookies contain information about the activities of website users. We use cookies to optimise and constantly improve our services and to customise them to your interests and needs.

Cookies are transferred either to our website (“proprietary cookies”) or to another website to which the cookies belong (“third-party cookies”).

We use essential (strictly necessary) cookies for our website to function. They enable the basic functionalities of the website.

We process essential cookies on the basis of Article 6 (1) (f) GDPR (the legal basis is the controller’s legitimate interest). Our legitimate interest is the optimisation, functionality and security of the website.

You have the right to object to the storage of cookies that we collect on the basis of our legitimate interest, for reasons relating to your particular situation. You can send an objection to the controller’s e-mail address below. Not using essential cookies could negatively affect the functioning of the website.

With your consent, we would also like to use voluntary cookies (which are not essential):

These cookies include:

For voluntary cookies, we process personal data on the basis of Article 6 (1) (a) of the GDPR (consent of the data subject). The consent is voluntary. We ask for your consent to the use of cookies on our cookie bar.

By clicking “Allow all cookies”, you agree to the use of all cookies, including third-party cookies, that we use on our website.

However, if you do not want all cookies to be used on our website, you can choose a setting directly on the cookie bar and confirm your choice by clicking “Allow selection”.

You can also choose “Only essential cookies”. By clicking this button, you disable all cookies processed based on consent.

Cookies, except for essential cookies, will not be stored until you specify your preferences on the bar (click a button).

You have the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You can display the cookie bar at any time by clicking on the “cookies” icon at the bottom of our website, and withdraw your consent to the processing of cookies or change your preferences.

We inform you in detail about the individual cookie files used directly on the cookie bar.

We use the services of the supplier Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (tools for measuring traffic using Google Analytics systems). Google Analytics services allow us to improve the functionality of the pages by tracking your use of our website. The collection and reporting of information is anonymised and it is not possible to identify individual users using common means. The information created by the cookie file about the use of the website (including your IP address) will be transferred and stored by Google. Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

When using the services of some of our suppliers, data is transferred to a third country (the United States of America or other countries where companies in the group are located).

Data transfer by Google is subject to standard contractual clauses approved by the Commission, which can be found here:

Google Privacy Policy: https://policies.google.com/privacy

The supplier Zendesk, Inc. (USA) uses binding intracompany rules for data transfer within the group: https://d1eipm3vz40hy0.cloudfront.net/pdf/ZENDESK%20-%20BCR%20Processor%20Policy.pdf

Privacy Policy of Zendesk, Inc.: ttps://www.zendesk.com/company/agreements-and-terms/privacy-policy/

Data transfer by Meta Platforms Inc. is subject to standard contractual clauses approved by the Commission: https://www.facebook.com/help/566994660333381?ref=dp

Privacy Policy of Meta Platforms Inc.: https://www.facebook.com/policy.php

We use temporary and persistent cookies. Temporary cookies are stored on your device until you close the page. Persistent cookies remain on your device until they expire or until you delete them.

Controller: TITANS s.r.o., with its registered office at: Jungmannova 745/24, Nové Město, 110 00 Praha, Company ID: 06540970, is registered in the Commercial Register of the Municipal Court in Prague, file No.C 283964

Contact details of the controller: phone: +421 (0) 908 857 752, e-mail: [email protected]

Data protection officer: [email protected]

Which entities have access to personal data?

Recipients of personal data are, or may be, entities designated by legal regulations, especially state administration and public authorities, to exercise control and supervision, in particular, health insurance companies, the Social Insurance Agency, tax authorities, supplementary pension savings companies, state administration and public authorities for the exercise of control and supervision, courts, law enforcement agencies.

Depending on the purpose of processing and the particular circumstances, other persons (in the position of a processor or a separate controller) may be recipients of personal data of data subjects, in particular:

Based on a given consent, we will provide personal data of a specialist from our database of specialists to our clients who wish to undertake a project and are looking for a specialist in the relevant area of the specialist’s qualification or specialisation.

Recipients of personal data also include recipients of e-mails containing the data subject’s profile.

If we process a data subject’s personal data using processors as a special category of recipients of personal data, we make sure that they comply with the applicable laws and terms and conditions agreed in the personal data processing agreement, that they are bound by confidentiality and that they protect the data subject’s data in accordance with the GDPR requirements.

Social network operators have their own rules, service infrastructure and provisions for personal data protection. Privacy protection terms and conditions of social network platform providers:

– Facebook: https://www.facebook.com/policy.php

– LinkedIn: https://www.linkedin.com/legal/privacy-policy

– Instagram: https://help.instagram.com/519522125107875

– Twitter: https://twitter.com/privacy?lang=en

Google Privacy Policy: https://policies.google.com/privacy

More information on how Microsoft Corporation processes personal data can be found here: https://privacy.microsoft.com/sk-sk/privacystatement.

Is data transferred to third countries or an international organisation (outside the European Union)?

When using the services of our suppliers, which we use in connection with our online activities on social networks (Facebook, LinkedIn, Instagram, Twitter), data is transferred to the United States of America (USA). The USA is considered a third country that does not provide an adequate level of protection, but any transfer of personal data outside the EU and/or the European Economic Area takes place only within the framework of compliance with the protection of personal data in accordance with the requirements of the GDPR. As the EU-US Privacy Shield mechanism was invalidated by a ruling of the Court of Justice of the EU in the Schrems II case of 16 July 2020, data transfers to the USA are subject to standard contractual clauses approved by the Commission, which you can find here:

Facebook, Instagram: https://www.facebook.com/help/566994660333381?ref=dp

LinkedIn: https://www.linkedin.com/legal/l/dpa

Twitter: https://gdpr.twitter.com/en/controller-to-controller-transfers.html

The provision of software products and communication services by the suppliers Microsoft Corporation (intermediary) involves data transfers to the United States of America (USA). This data transfer is subject to standard contractual clauses approved by the Commission, which can be found here: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

When using the services of our supplier Google Ireland Limited, data is transferred to a third country (the United States of America). The data transfer is subject to standard contractual clauses approved by the Commission: https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/

Some projects with clients in third countries (outside the EU) may involve the transfer of personal data of specialists who participate in or are candidates for projects undertaken for clients. We will always inform specialists about the particular intended transfer and its conditions individually depending on the client. If the country does not guarantee a suitable level of security in line with the European Commission’s decision, other institutes in accordance with the GDPR will be used for the transfer. If there is no decision on the suitability or suitable safeguards of transfers, we will only make such transfer on the basis of the data subject’s explicit consent (after informing the data subject about the risks of such transfers due to the absence of a decision on the suitability and suitable safeguards), or if such transfer is necessary to perform a contract between the data subject and the controller, or for pre-contractual arrangements made at the request of the data subject.

Will the data subject’s personal data be used for automated individual decision-making?

Personal data will not be used for automated individual decision-making.

Rights of data subjects:

Right to access personal data under Article 15 of the GDPR:

The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. The data subject has the right to access their personal data (they have the right to be provided with a copy of their personal data available to the controller), and information on how the controller processes personal data in the scope under Article 15 of the GDPR.

Right to rectification of personal data under Article 16 of the GDPR:

The data subject has the right to have inaccurate personal data concerning them rectified or to have incomplete personal data completed. The controller must comply with a request to rectify or complete personal data without undue delay.

Right to erasure (right to be “forgotten”) under Article 17 of the GDPR:

The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay where one of the grounds in Article 17 (1) of the GDPR applies (e.g. if the personal data obtained by the controller are no longer necessary for the purposes for which they were collected or otherwise processed). The controller will assess this right of the data subject with respect to all relevant circumstances in accordance with Article 17 of the GDPR (e.g. the controller does not comply with the request if processing is necessary to comply with the controller’s legal obligation or to establish, exercise or defend legal claims).

Right to restriction of processing of personal data under Article 18 of the GDPR:

The data subject has the right to obtain from the controller restriction of processing of their personal data in one of the following circumstances specified in Article 18 (1) of the GDPR. Where processing has been restricted under Article 18 (1) of the GDPR, such personal data will, with the exception of storage, only be processed: (a) with the data subject\’s consent, or (b) for the establishment, exercise or defence of legal claims, or (c) for the protection of the rights of another natural or legal person, or (d) for reasons of important public interest of the Union or of a Member State.

Right to portability of personal data under Article 20 of the GDPR:

The data subject has the right to receive their personal data, which they have provided to the controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller, where the processing is based on consent, or on a contract and is carried out by automated means. The data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object under Article 21 of the GDPR:

If the processing is based on legitimate interests (Article 6 (1) (f) of the GDPR), the data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them, including profiling based on those interests. In this event, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

If the data subject objects to the processing of their personal data for the purposes of direct marketing, including profiling to the extent that it is related to such direct marketing, the personal data must no longer be processed for such purposes.

Right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic

The data subject has the right to file a motion to initiate proceedings on personal data protection at any time with the supervisory authority, i.e. Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, www.dataprotection.gov.sk.