Dated 1 June 2018
This document contains information on the processing of personal data of the Users of “CV Timeline” application (hereinafter: the “Application”), as required by the General Data Protection Regulation (hereinafter: the “GDPR”).
Personal data are any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The controller of the personal data provided by the users of the Application (hereinafter: the “Users” or “you”) is Toolbox For HR Sp. z o.o. sp. k. with its registered seat in Warsaw, at the address: ul. Dobra 56/66, 00-312 Warszawa (hereinafter: “us” or “Toolbox for HR”). You can contact us also via e-mail: [email protected] or by post, writing to the address indicated above.
As a controller, Toolbox protects your personal data and has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk and scale of the processing, as required by the GDPR. In particular, we ensure that all data is secured using SSL encryption, all passwords are hashed, and all API endpoints require authentication. Still the Users must remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Purpose and legal basis of personal data processing
We process your data so that you can use the Application (processing is necessary for the performance of contract pursuant to article 6.1(b) of the GDPR), this includes: providing and maintaining the Service, notifying you about changes to our Service, allowing you to participate in interactive features of our Service when you choose to do so, providing you with customer care and support. Additionally we process your data so that we can improve the efficiency of our Service, e.g. by contacting you using your e-mail address, monitoring the usage of the Service, and detecting, preventing and addressing technical issues (which constitutes our so-called “legitimate interest” pursuant to article 6.1(f) of the GDPR).
Recipients of personal data
Because our Application uses Google Analytics your personal data are transferred to the USA. The adequate to the GDPR level of protection of these transferred data is confirmed pursuant to the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176). You have a right to obtain a copy of the transferred personal data.
Period for which the personal data will be stored
Typically, your personal data will be stored by us as long as you use the Application. The data which are not necessary for the use of the Application (i.e. the data which we collected on the basis of our “legitimate interest”) will be stored by us until you object to the processing of those data. However, a longer period of time may stem from the statute of limitations on possible claims connected with the Application or relevant provisions of law binding us, for example when it comes to bookkeeping.
You are not required to provide us with your personal data, however, without the data we ask for while you download and install our Application you will not be able to use the Application. Lack of other data, which are not necessary for the use of the Application, may reduce the efficiency of the Service but will not make the use of the Application impossible.
Rights of the Users connected with the processing of their data
As a result of the processing of your personal data, you have a number of rights granted to you by the GDPR. You have the right of access to the personal data; if the date are inaccurate or incomplete, you can require that they are rectified; you have the right to erasure (especially in the event when the data are no longer necessary in relation to the purposes for which they were collected); the right to restriction of processing; the right to request portability of your personal information to a different controller and to object to the processing (the latter can be used towards the processing whose legal basis consists in a so-called “legitimate interest” of the controller).
In order to exercise your rights connected with personal data you may contact us by e-mail as indicated above.
Additionally, you have the right to complain to a data protection authority about the collection and use of your personal data. For more information, please contact your local data protection authority.
Information on the type of data processed
Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected
In order to use the Application you have to provide us with an e-mail address and create a password, or (if you log in using third providers) your name and e-mail address.
While using our Service, you can be additionally asked to provide us with certain personally identifiable information that can be used to contact or identify you. Such personal data may include:
- e-mail address
- first name and last name
- address, state, province, ZIP/postal code, city.
- cookies and usage data.
- Data that you (As a CV Timeline user) made public on your Linkedin profile
We may also collect information on how the Service is accessed and used (hereinafter: “usage data”). This usage data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings
- Security Cookies. We use Security Cookies for security purposes
Use of Data
Data of other user profiles you browse
We handle profile data in several ways, we do not view or process in any way shape or form any profile data that is not explicitly listed here. These data are processed on your browser and do not leave your browser (we do not process these data within the meaning of the GDPR):
- Profile’s Name
- Linkedin or Glassdoor Url
- Profile’s Job Description
Collected Anonymized Data:
These data are processed on your browser and leave your browser reaching our encrypted API. They are not sufficient to directly retrace a given profile and hence do not constitute personal data:
- Profile’s Job Roles, Companies, City and Duration
- Profile’s Degrees, Graduation Subjects and Attended Schools
- Profile’s Current City
- Hashed Profileâ€™s Name (We use it to cache responses, hashing is a type of one way encryption. It means we cannot un-encrypt it to get the name back)
Links To Other Sites
Our Service does not address anyone under the age of 18 (hereinafter: “children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children have provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers.