In accordance with Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter the “GDPR”), we hereby meet our information obligation with respect to the processing of personal data of data subjects (i.e. persons whose personal data are subject to processing: employee, specialist, supplier, candidate etc.).
TITANS s.r.o., with its registered office at: Jungmannova 745/24, Nové Město, 110 00 Praha, Company ID: 06540970, is registered in the Commercial Register of the Municipal Court in Prague, file No.C 283964
Contact details of the controller: phone: +421 (0) 908 857 752, e-mail: email@example.com
If you have any questions or if you wish to exercise your rights as a data subject with respect to personal data processing, please contact the controller’s data protection officer by e-mail at: firstname.lastname@example.org.
In most cases, we collect personal data directly from the data subject. If we also collect personal data from other sources, we will inform the data subject where we collected their personal data and about the category of the relevant personal data.
We process personal data on the following legal bases:
The data subject is required to provide their personal data if their processing is necessary for the controller’s compliance with a legal obligation.
The data subject is also required to provide personal data if their provision is a contractual requirement resulting from a contract concluded between the controller and the data subject. The provision of personal data under pre-contractual and contractual relationships is necessary; otherwise, failing to do so could prevent the data subject’s participation in a selection procedure, or conclusion or performance of a contract.
If consent is the legal basis for the processing of personal data, consent is given on a voluntary basis. If we process personal data based on a data subject’s consent, the data subject has the right to withdraw their consent at any time.The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.The withdrawal of consent is neither charged nor sanctioned.
If we process your personal data based on our legitimate interests, the data subject has the right to object, on grounds relating to their particular situation, to the processing of their personal data on this basis, including to the profiling based on those interests (Article 21 of the GDPR).
We store personal data for the period necessary to achieve the purpose for which the personal data are processed. If personal data are processed to comply with the controller’s legal obligations, we will store the personal data and the related documentation for the period required by the applicable law. A data subject will find more information about the storage period below in this document.
For this processing, we act as joint controllers with Facebook, and the basic elements of the agreement of joint controllers for this case are available here: https://www.facebook.com/legal/terms/page_controller_addendum
Storage period: The storage period for personal data of employees is detailed in a separate document for employees. We keep personal data of other data subjects for the purpose of complying with our legal obligations for the period defined in the applicable legislation (10 years).
Recipients of personal data are, or may be, entities designated by legal regulations, especially state administration and public authorities, to exercise control and supervision, in particular, health insurance companies, the Social Insurance Agency, tax authorities, supplementary pension savings companies, state administration and public authorities for the exercise of control and supervision, courts, law enforcement agencies.
Depending on the purpose of processing and the particular circumstances, other persons (in the position of a processor or a separate controller) may be recipients of personal data of data subjects, in particular:
Based on a given consent, we will provide personal data of a specialist from our database of specialists to our clients who wish to undertake a project and are looking for a specialist in the relevant area of the specialist’s qualification or specialisation.
Recipients of personal data also include recipients of e-mails containing the data subject’s profile.
If we process a data subject’s personal data using processors as a special category of recipients of personal data, we make sure that they comply with the applicable laws and terms and conditions agreed in the personal data processing agreement, that they are bound by confidentiality and that they protect the data subject’s data in accordance with the GDPR requirements.
Social network operators have their own rules, service infrastructure and provisions for personal data protection. Privacy protection terms and conditions of social network platform providers:
– Facebook: https://www.facebook.com/policy.php
– LinkedIn: https://www.linkedin.com/legal/privacy-policy
– Instagram: https://help.instagram.com/519522125107875
– Twitter: https://twitter.com/privacy?lang=en
More information on how Microsoft Corporation processes personal data can be found here: https://privacy.microsoft.com/sk-sk/privacystatement.
When using the services of our suppliers, which we use in connection with our online activities on social networks (Facebook, LinkedIn, Instagram, Twitter), data is transferred to the United States of America (USA). The USA is considered a third country that does not provide an adequate level of protection, but any transfer of personal data outside the EU and/or the European Economic Area takes place only within the framework of compliance with the protection of personal data in accordance with the requirements of the GDPR. As the EU-US Privacy Shield mechanism was invalidated by a ruling of the Court of Justice of the EU in the Schrems II case of 16 July 2020, data transfers to the USA are subject to standard contractual clauses approved by the Commission, which you can find here:
Facebook, Instagram: https://www.facebook.com/help/566994660333381?ref=dp
The provision of software products and communication services by the suppliers Microsoft Corporation (intermediary) involves data transfers to the United States of America (USA). This data transfer is subject to standard contractual clauses approved by the Commission, which can be found here: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA
When using the services of our supplier Google Ireland Limited, data is transferred to a third country (the United States of America). The data transfer is subject to standard contractual clauses approved by the Commission: https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/
Some projects with clients in third countries (outside the EU) may involve the transfer of personal data of specialists who participate in or are candidates for projects undertaken for clients. We will always inform specialists about the particular intended transfer and its conditions individually depending on the client. If the country does not guarantee a suitable level of security in line with the European Commission’s decision, other institutes in accordance with the GDPR will be used for the transfer. If there is no decision on the suitability or suitable safeguards of transfers, we will only make such transfer on the basis of the data subject’s explicit consent (after informing the data subject about the risks of such transfers due to the absence of a decision on the suitability and suitable safeguards), or if such transfer is necessary to perform a contract between the data subject and the controller, or for pre-contractual arrangements made at the request of the data subject.
Personal data will not be used for automated individual decision-making.
Right to access personal data under Article 15 of the GDPR:
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. The data subject has the right to access their personal data (they have the right to be provided with a copy of their personal data available to the controller), and information on how the controller processes personal data in the scope under Article 15 of the GDPR.
Right to rectification of personal data under Article 16 of the GDPR:
The data subject has the right to have inaccurate personal data concerning them rectified or to have incomplete personal data completed. The controller must comply with a request to rectify or complete personal data without undue delay.
Right to erasure (right to be “forgotten”) under Article 17 of the GDPR:
The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay where one of the grounds in Article 17 (1) of the GDPR applies (e.g. if the personal data obtained by the controller are no longer necessary for the purposes for which they were collected or otherwise processed). The controller will assess this right of the data subject with respect to all relevant circumstances in accordance with Article 17 of the GDPR (e.g. the controller does not comply with the request if processing is necessary to comply with the controller’s legal obligation or to establish, exercise or defend legal claims).
Right to restriction of processing of personal data under Article 18 of the GDPR:
The data subject has the right to obtain from the controller restriction of processing of their personal data in one of the following circumstances specified in Article 18 (1) of the GDPR. Where processing has been restricted under Article 18 (1) of the GDPR, such personal data will, with the exception of storage, only be processed: (a) with the data subject\’s consent, or (b) for the establishment, exercise or defence of legal claims, or (c) for the protection of the rights of another natural or legal person, or (d) for reasons of important public interest of the Union or of a Member State.
Right to portability of personal data under Article 20 of the GDPR:
The data subject has the right to receive their personal data, which they have provided to the controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller, where the processing is based on consent, or on a contract and is carried out by automated means. The data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to object under Article 21 of the GDPR:
If the processing is based on legitimate interests (Article 6 (1) (f) of the GDPR), the data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them, including profiling based on those interests. In this event, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
If the data subject objects to the processing of their personal data for the purposes of direct marketing, including profiling to the extent that it is related to such direct marketing, the personal data must no longer be processed for such purposes.
Right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic
The data subject has the right to file a motion to initiate proceedings on personal data protection at any time with the supervisory authority, i.e. Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, www.dataprotection.gov.sk.
Titans that have
Clients that have