PRIVACY POLICY

Here at STAFFINO we deeply care about the protection of your personal data. Therefore, all the personal data is processed in accordance with all applicable data protection regulations, such as the Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation) (“GDPR”), as well as with applicable local laws and standards.

This Privacy Policy reflects such regulatory obligations and clarifies how the personal data is processed by us while providing our services to our Customers and Clients.

1. WHO WE ARE AND HOW CAN YOU CONTACT US

This is us: STAFFINO s. r. o., with its registered seat at Volgogradská 84, 080 01 Prešov, Slovak Republic, ID No.: 47 645 407, registered in the Commercial Register maintained by the District Court Prešov, Section: Sro, Insert No. 31750/P (“STAFFINO”).

In the core of STAFFINO´s business, we collect, analyze and manage data on (i) evaluation of businesses, companies, units, public institutions (“Operations”) and (ii) evaluation of employees or other persons active within an Operation (“Employees“) given by independent third parties having a recent experience with the Operation and its Employees (“Customers”).

We tried to make this policy as simple and user friendly as possible, however, should you after reading it have any additional questions or inquiries, please do not hesitate to contact us, either directly at our seat: Teslova 26, 821 02 Bratislava, Slovak Republic, or via e-mail at: tomas@staffino.com.

2. WHICH PERSONAL DATA WE PROCESS

a) As a data controller, we process the personal data of our Customers and our Clients. These personal data mainly include identification and contact details, such as name, surname, nickname, e-mail, phone number. Our Customers also may provide us with other publicly available personal data through our social network partners.

b) As a data processor, we process for the benefit of our Clients the personal data of their Employees (or contract workers) and their Customers. The personal data of Client’s Employees usually include their names, surnames, titles, e-mails, work IDs, work positions, photographs and language skills. The personal data of Client’s Customers usually includes contact details, such as e-mail or phone number, but other personal data depending on what the Client provides us with also may be processed by us.

3. HOW AND WHY WE PROCESS PERSONAL DATA

The personal data of our Customers, Clients and their Employees is collected and used always for the stipulated purposes and in accordance with applicable regulations. Therefore,

a) based on the legal ground of fulfillment of contract, we use the personal data of our Customers, submitted to us while registration and / or log-in into our Web Application for the purpose of correct identification, subsequent use of the Web Application in accordance with the Terms and Conditions for the use of Staffino Web Application (“Terms”) and for providing non-marketing updates related to the Web Application. Provision of the data is a contractual requirement and failure to provide it would make it impossible for us to provide our Customers with our services;

b) based on the legal ground of fulfillment of contract, we use the personal data of our Clients, submitted to us within registration and / or log-in into our Web Application for the purpose of correct identification and subsequent use of the Web Application in accordance with the Terms and for providing non-marketing updates related to the Web Application. Provision of the data is a contractual requirement and failure to provide it would make it impossible for us to provide our Clients with our services;

c) based on the legal ground of Client’s legitimate interests (improvement of customer services) and, depending on the scope of provided information, the compliance with legal obligations, we as a data processor may use the personal data of our Client’s Employees, provided to us by our Clients, for the purpose of intermediating digital Customer feedback to the Client and their Employees. For this purpose, some of the personal data is disclosed to the public online, via our Web Application, including name, work position, place of work and photograph. Provision of the data is a not a contractual nor a legal requirement and failure to provide it would make it impossible for us to provide our Clients with our services. Client’s Employees may always object to processing their personal data based on Client’s legitimate interests;

d) based on the legal ground of Client’s legitimate interests (improvement of customer services) or consent, we as a data processor may use the personal data of our Client’s Customers’, provided to us by our Clients, for the purpose of requesting and intermediating Customer feedback to the Client and their employees. Provision of the data is a not a contractual nor a legal requirement and failure to provide it won’t have any negative consequences for the Customer, however, it would make it impossible for us to provide our Customers with our services. Client’s Customers may always object to processing their personal data based on Client’s legitimate interests or withdraw their consent for processing;

e) based on the legal ground of our legitimate interests (direct marketing), we may use the personal data of our Customers (excluding Customers, whose personal data was provided to us by our Clients for the purpose of requested feedback), Clients and their Employees for the purpose of promoting our services via electronic means. Provision of the data is a not a contractual nor a legal requirement and failure to provide it won’t have any negative consequences. Customers, Clients and their Employees may always object to processing their personal data for marketing purposes based on legitimate interests. Should any objection be raised we will cease using the data for marketing purposes;

f) based on the legal ground of compliance with legal obligations, we may use the personal data of our Customers, Clients and their Employees for the purpose of adhering to applicable legal obligations, such us the archiving regulations. Provision of the data is a legal requirement and failure to provide it would make it impossible for us to adhere to these legal obligations;

g) based on the legal ground of our legitimate interests, mainly for the interest of improving our services and protecting our legal rights and interests, we may use the personal data of our Customers, Clients and their employees for the purpose of improvement of our services and establishment, exercise or defense of legal claims;

h) based on the legal ground of consent we may use the personal data stated therein for the purposes stipulated therein. Providing the data is never required and the data subject may reject giving consent, or latter, withdraw it, without any negative consequences.

We guarantee your personal data will be used only for the stipulated purposes or compatible purposes in accordance with applicable regulations.

We also pledge not to transfer your personal data to any third countries, outside the EU, or to any international organizations.

4. HOW WE SHARE PERSONAL DATA

The personal data we process are only provided to other persons within the limits of the law and based on appropriate agreements ensuring adequate protection.

4.1 Appointed data processors or sub-processors

We work with various business partners who help us provide and improve our services. Any personal data we share with such partners is processed only in accordance with our express instructions and subject to a strict confidentiality obligation. Subject to Client’s approval we may also use sub-processors.

4.2 Our partners mainly help us with (i) providing our services, (ii) providing data storage services, (ii) marketing communication, (iii) software engineering and programming, (iv) design, (v) new business, sales and support, (vi) customer experience consulting and analysis, etc.

4.3 Other recipients

We also share processed personal data with legal entities, natural persons and state and public authorities, if we in good faith believe that access to such information, its use, storage or disclosure is reasonably necessary for:

a) Compliance with relevant legal regulation, legal process or official request of a state or public authority;

b) Exercise and enforcement of relevant contractual terms;

c) Fraud prevention, investigation of fraudulent, technical or security incidents;

d) Protection of rights or interest of our company, our Clients, our Customers or the public, as required or permitted by law.

While sharing the personal data, we always ensure not to provide more details as is absolutely necessary for the given purpose.

5. HOW TO ACCESS AND CONTROL YOUR PERSONAL DATA

Applicable legal regulations guarantee data subjects certain rights in respect to personal data protection. To exercise these rights, you may use our contact details specified above. Depending on whether in respect to a particular data subject we act as data controller or a data processor we will either (i) resolve your request directly, or (ii) forward your request to the respective Client, acting as data controller, and upon his request help him to resolve it. When acting as data controller we will try to respond to your request at our earliest convenience, however we will always make sure to respond within one month of receiving the request. Taking into account the complexity and number of the requests we also may further prolong the period for response by another two months.

Should the request be manifestly unfounded or excessive we may charge you an administrative fee or refuse to act on your request, otherwise you may exercise your rights free of charge. In case of doubts we may ask you for further verification of your identity.

Data subjects have guaranteed mainly the following rights:

a) Right to access

As a data subject, you have the right to require confirmation as to whether we process your personal data, and where that is the case, require a copy of these personal data, together with additional information stipulated in the Art. 15 of the GDPR.

b) Right to rectification

To process accurate personal data we ask you to notify us of any changes to your personal data. In case, we process inaccurate or not actual data, we will amend it upon your request.

c) Right to erasure

Should your situation meet the conditions of Art. 17 of the GDPR, you have the right to require erasure of your personal data. For example, you can request erasure of your personal data, if you withdrew your consent for data processing and there is no other legal ground for the processing, or in case we process your personal data unlawfully, or once the personal data are no longer necessary in relation to the purposes for which they were collected for or otherwise processed. We will however not erase your personal data if we need it for establishment, exercise or defense of legal claims.

d) Right to restrict processing

Should your situation meet the conditions of Art. 18 of the GDPR, you have the right to require restriction of processing of your personal data. For example, you can request restriction of processing, when you contest the accuracy of the personal data, or if the processing is unlawful and you oppose the erasure of the personal data and request restriction of their use instead. We will however not restrict the processing of your personal data entirely if we need it for establishment, exercise or defense of our legal claims.

e) Right to data portability

Should the processing be based on consent or fulfillment of contract concluded with you, and the processing is carried out by automated means, you have the right to receive from us your personal data in a structured, commonly used and machine-readable format. Furthermore, should you wish and should it be technically feasible, you have the right to require we directly transmit those data to another controller.

f) Right to object

As a data subject, you have the right to object on grounds relating to your particular situation, to processing of personal data based on legitimate interests, including profiling. Based on your request, we shall restrict processing the personal data unless and until we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Should your interests, right and freedoms prevail, we will erase your personal data.

Should you object to processing your personal data for marketing purpose, we will always erase your personal data and cease to process it for this purpose.

g) Right to lodge a complaint

If you believe our processing of your personal data infringes the GDPR, as a data subject, you have a right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. For the territory of the Slovak Republic the role of the supervisory authority fulfills the Office for Personal Data Protection of the Slovak Republic, with registered seat at Hraničná 4826/12, 820 07 Bratislava, Slovak Republic, webpage: www.dataprotection.gov.sk, phone: +421/2/3231 3214.

h) Right to withdraw consent

Should the processing of your personal data be based on consent, you have the right to withdraw it at any time. Withdrawing consent however will not affect the processing performed prior your withdrawal.

6. WHERE PERSONAL DATA ORIGINATES

The personal data we process is collected either from (i) our Clients, who may be your employer or service provider, or (ii) from you directly.

Should you access our Web Application through your social network, upon your consent, we process your personal data publicly available therein.

7. HOW LONG AND WHERE WE STORE PERSONAL DATA

Depending on the legal basis and purpose of processing we store your personal data for various periods of time. In general, we process and store your personal data:

a) Based on consent for the period of time stated therein, or until you withdraw your consent;

b) Based on compliance with legal obligations, until we are so obliged by the law;

c) Based on performance of contract, until the end of performance of the contract (provision of services) or until the end of precontractual measures;

d) Based on legitimate interests, until these interests override your rights and interest or until the end of performance of the contract (provision of services).

After such time, we will be able to process and store your personal data only for compatible purposes or special purposes, such as statistics or archiving. The personal data is always stored only on our hard drives, servers or on the servers of our reliable business partners such as cloud services providers.

8. CHANGES TO THE POLICY

We reserve the right to amend this Privacy Policy at any time, in particular due to legislative changes, or other changes to means and purposes of the processing. Your rights arising out of this Privacy Policy will not be restricted in a consequence. Should there be any material changes to this Privacy Policy, we will let you know in an appropriate manner beforehand.

All previous versions of this Privacy Policy may be found at: www.staffino.com/business/privacy-policy.html.