Privacy Policy
CV Analyzer
This privacy policy is informational in nature, which means that it does not create obligations for the Users of the System. If the System User does not agree with them, they should immediately cease using the SmartyMeet system.
SmartyMeet sp. z o.o. provides services consisting of making available an information system used for the processing of personal data for the purpose of recruiting candidates by entities that express interest in such a service and by the candidates themselves ("SmartyMeet System"). The Company's Privacy Policy contains information on how information about entities using the SmartyMeet System service ("Service Recipients"), SmartyMeet System users on behalf of the Service Recipient ("System Users"), and individuals whose data are processed by the Company as a controller or processor to whom the processing has been entrusted ("Candidates") is collected, processed, and used.
General Provisions
The SmartyMeet System is used to optimize the recruitment process and assess a candidate's suitability for a given position; therefore, its essential feature is the use of personal data or other data (including CV files), which are entered by the System Users or Candidates. The Company requests that you carefully read the Privacy Policy before starting to use the SmartyMeet System and before sharing and entering data. If the Service Recipient, System User, or Candidate does not consent to the processing of personal data by the SmartyMeet System or to the collection of their data, or does not intend to entrust the processing of personal data of Candidates to the extent indicated in this Policy, they are asked to refrain from using the SmartyMeet System. Each Service Recipient, System User, and Candidate using the System accepts the terms contained in this Privacy Policy.
Data Controller
- The data controller of personal data collected through the System is SmartyMeet sp. z o.o., located in Wrocław (office address: ul. Robotnicza 42A, 53-608 Wrocław); entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000939052; Tax Identification Number (NIP): 7011064881; National Business Registry Number (REGON): 520764054, email address: help@smartymeet.com - hereinafter referred to as "Controller", "Company", or "SmartyMeet".
- In case of any doubts regarding the processing of personal data or privacy breaches, please contact the data protection officer at the email address: dpo@smartymeet.com
- The data controller or processor SmartyMeet may act as both Controller and Processor of personal data within the GDPR.
In most cases, SmartyMeet processes primarily the personal data of Candidates on behalf of the Service Recipient, System Users. In that case, we only act as a data processor.
Personal Data
Personal data means information about an identified or identifiable natural person. Processing of personal data is essentially any action on personal data, whether or not it is carried out in an automated way, such as collecting, storing, recording, organizing, modifying, reviewing, using, sharing, restricting, deleting, or destroying. The Company processes personal data for various purposes, and depending on the purpose, different methods of collection, legal bases for processing, uses, disclosures, and retention periods may apply. Please be informed that the provided personal data will be processed based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation / GDPR) for the following purposes:
a) in the case of sending a message via the contact form to respond to the question asked based on Article 6(1)(f) of the GDPR (handling inquiries directed through the form is our legitimate interest);
b) transmitting information about the Controller's products or services, including commercial offers by selected means of communication, based on Article 6(1)(a) of the GDPR (consent);
c) implementation of a submitted request to arrange a presentation of the SmartyMeet system based on Article 6(1)(f) of the GDPR (this is our legitimate interest);
d) conclusion and execution of a contract or when it is necessary to take action at the request of the data subject before entering into a contract, based on Article 6(1)(b) of the GDPR;
e) pursuit of claims or defense against claims based on Article 6(1)(f) of the GDPR (this is our legitimate interest);
f) sending a link to download a free ebook based on Article 6(1)(a) of the GDPR (consent);
g) within cookies – to tailor the content of the website to the user's preferences and optimize the use of the website, based on Article 6(1)(a) of the GDPR (consent) or, where applicable, based on Article 6(1)(f) of the GDPR (our legitimate interest is to ensure the operation of the website);
h) where appropriate, for the purpose of conducting recruitment (current or future) based on Article 221 § 1 of the Labour Code (to the extent of the data indicated by this provision) and based on Article 6(1)(a) of the GDPR (consent);
i) Ensuring the security of the service and the protection of its users' data – processing basis: Article 6(1)(f) of the GDPR (processing is necessary for the purposes arising from the legally justified interests pursued by the data controller or a third party).
Please be informed that personal data will be processed for the period necessary to achieve the above processing purposes. In the case of processing data based on consent – data will be processed until its withdrawal. To the extent that processing is based on the legitimate interest of the Data Controller – data will be processed until its realization or until an objection is raised. Data obtained through the use of the contact form may be processed for 3 years or until the expiration of any claims.
The person whose data is processed by the Controller has the right to:
a. access their personal data: the data subject has the right to obtain information whether their personal data is being processed, and if so, they are entitled to obtain the following information: the purpose of processing; categories of personal data processed; information about recipients or categories of recipients to whom their data has been or will be disclosed, especially to recipients in third countries; the planned period of personal data storage or criteria for determining this period; rights granted under the GDPR concerning the processing of personal data, including the right to lodge a complaint with the supervisory authority; the source of personal data; automated decision-making, including profiling; the safeguards applied in connection with the transfer of personal data to third countries. Furthermore, they have the right to obtain a copy of the personal data processed by the Company.
b. the right to rectification, deletion, restriction of processing, the right to object, and the right to data portability in the cases specified in the GDPR provisions; A submitted request for deletion of personal data does not apply to the extent that further processing is necessary to establish, pursue or defend claims, including in particular: name and surname, email address and correspondence address.
c. the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (particularly relevant for processing data for marketing purposes).
d. the right to object at any time to the processing of personal data – for reasons related to the particular situation of the person concerned, and the right to object to processing for direct marketing purposes.
To exercise the above rights, the person whose data is concerned should contact the Controller using the provided contact details and inform them which right and to what extent they wish to exercise.
The person whose data is concerned has the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office, if they believe that the processing of their personal data violates the GDPR provisions.
Types of Collected Data
During its operations, the Company processes data of Service Recipients and contact persons of Service Recipients, SmartyMeet System Users, and Candidates.
Data of Service Recipients and System Users
For the purpose of providing services related to the use of the SmartyMeet System, the Company processes the necessary data of Service Recipients, System Users, and other contact persons indicated by the Service Recipient enabling contact by the Company (name, surname, position, email address, phone) and documenting cooperation in accordance with applicable tax law. The Company is the data controller of the data of Service Recipients, System Users, and contact persons to the extent mentioned in the previous sentence. Data of Service Recipients, System Users, or other contact persons on behalf of the Service Recipient are entered by them during the process of creating and later using the account. This data is processed based on Article 6(1)(b) (processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before entering into a contract) and (f) (processing is necessary for the purposes arising from the legally justified interests pursued by the controller or by a third party) of the GDPR. Whenever the Company processes personal data based on the legitimate interest of the data controller, it analyzes and balances the potential impact on the person concerned (positive and negative) and the rights of that person arising from the provisions on the protection of personal data. The Company does not process personal data based on the legitimate interest of the controller if it concludes that the impact on the person concerned would outweigh their interests (in which case it may process personal data if it has the appropriate consent or if required or permitted by law).
Data of Other Persons Remaining in the Service Recipient's Organization
The SmartyMeet System allows System Users to enter personal data (name, surname, position, email address, phone number, and other, as indicated by the Service Recipient) of persons involved in recruitment processes, not being persons contacting the Company. The administrator of the data of the Service Recipient's employees entered by them for the use of the SmartyMeet System remains the Service Recipient, who has a valid data processing agreement with the Company.
Data of Candidates
Candidates' data are processed by the Company as follows:
The SmartyMeet System is used primarily for collecting and processing Candidates' data by Service Recipients for their recruitment processes. Candidates' data are entered by System Users, obtained by them from social networking sites, Users' mailboxes, or other systems. It should be remembered that in this case, the Service Recipient is the sole controller of the personal data of the Candidates, their processing by the Company occurs only to the extent entrusted by the Service Recipient, and the SmartyMeet System is only an application facilitating the storage and processing of data by the Service Recipient and acting on their behalf System Users. Service Recipients are responsible for ensuring there is a basis for processing personal data.
The SmartyMeet System is an open system that allows Service Recipients, who are the controllers of the entered personal data, to enter any personal data. The Company requires Service Recipients to process personal data following applicable laws.
Use of Data from the SmartyMeet System Entered by Service Recipients
The Company guarantees that the data of the Service Recipient, System Users, and Candidates' data entered by System Users in the SmartyMeet System remain the exclusive property of the respective Service Recipient and will not be used by the Company for any purpose except those indicated below: - the need for documenting cooperation between the Company and the Service Recipient following applicable tax laws and contacting the Company with the Service Recipient and System Users or other contact persons indicated by the Service Recipient for the purpose of providing services using the SmartyMeet System by the Company or proposing to extend the scope of these services.
Cookies
Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the pages of the Service Provider (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone - depending on the device used by the visitor). SmartyMeet may process data contained in Cookies while visitors use the Service Provider's pages for the following purposes:
- implementation of basic system functionalities, such as identifying Service Recipients as logged in and maintaining login sessions, storing dynamic data, such as settings;
- adapting the content of service pages to the individual preferences of the Service Recipient (e.g., concerning the language of the site);
- remembering the IP location, time zone;
- conducting anonymous statistics showing how to use the service pages.
By default, most web browsers available on the market accept the storage of Cookies by default. Everyone has the opportunity to define the conditions for using Cookies through their web browser settings. This means that you can, for example, partially limit (e.g., temporarily) or completely disable the ability to save Cookies – in the latter case, however, it may affect some functionalities of the services. Browser settings regarding Cookies are significant from the point of view of consent to the use of Cookies by the Service Provider's pages – according to the regulations, such consent can also be expressed through browser settings. If you do not express such consent, you should change your browser settings regarding Cookies accordingly. Detailed information on changing settings related to Cookies and their independent removal in the most popular web browsers is available in the browser's help section.
Sharing Personal Data
For the proper functioning of the SmartyMeet System, including the execution of concluded Contracts, it is necessary for the Controller to use the services of external entities. The Controller uses only the services of such processing entities that provide sufficient guarantees of implementing appropriate technical and organizational measures so that processing meets the requirements of the GDPR and protects the rights of the data subjects.
Personal data may be transferred by the Controller to a third country, with the Controller ensuring that in this case, it will take place in relation to a country providing an adequate level of protection - in line with the GDPR, and in the case of other countries, that the transfer will take place based on standard data protection clauses.
The transfer of data by the Controller does not occur in every case – the Controller transfers data only when it is necessary to achieve a given purpose of processing personal data and only to the extent necessary to achieve it.
We do not sell personal data to anyone and only share it with third parties that facilitate the provision of our services, including:
- Billing data, including invoices, payment registers, and other required for proper accounting will be transferred to the Accounting Office.
- Data transferred to service providers implementing the components of the SmartyMeet System and supplying the Controller with technical, IT, and organizational solutions, enabling the Controller to conduct business (in particular, providers of email and hosting and software suppliers for company management).
- Data will be made available to cooperating entities providing services for the development of the SmartyMeet System.
- Data of indebted persons in the process of pursuing claims may be transferred to external debt collection companies, law firms, common courts, and arbitration institutions.
- Furthermore, we inform you that in cases described in separate legal provisions and according to the procedure indicated in these provisions, personal data may be transferred to authorized state administration bodies.
- Personal data may also be disclosed for the purposes of audits, ensuring compliance with regulations, and exercising ownership supervision.
- The Controller declares that in every case, the sharing or transfer of personal data for processing is based on a data processing agreement or a legal obligation.
- Billing data, including invoices, payment registers, and other required for proper accounting will be transferred to the Accounting Office.
- Data transferred to service providers implementing the components of the SmartyMeet System and supplying the Controller with technical, IT, and organizational solutions, enabling the Controller to conduct business (in particular, providers of email and hosting and software suppliers for company management).
- Data will be made available to cooperating entities providing services for the development of the SmartyMeet System.
- Data of indebted persons in the process of pursuing claims may be transferred to external debt collection companies, law firms, common courts, and arbitration institutions.
- Furthermore, we inform you that in cases described in separate legal provisions and according to the procedure indicated in these provisions, personal data may be transferred to authorized state administration bodies.
- Personal data may also be disclosed for the purposes of audits, ensuring compliance with regulations, and exercising ownership supervision.
- The Controller declares that in every case, the sharing or transfer of personal data for processing is based on a data processing agreement or a legal obligation.
Age Restrictions
The SmartyMeet System is not intended for children, and we do not knowingly collect data about children.
Voluntariness of Entering and Processing Data
The System User has the option to decide what data they want to enter. The Company is not responsible for their accuracy, content, method of collection, legality, and the truthfulness of the data entered into the SmartyMeet System by System Users.
Changes to this Privacy Policy
due to the development of products and services, industry standards, or new regulations. Changes to this Privacy Policy take effect upon their publication on this page. The current wording of the Privacy Policy is valid from 22.03.2024