PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA AND YOUR RIGHTS
under Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
In case you are providing your personal data, we as a data controller:
Spaceflow s.r.o., with its registered seat at: Italska 2581/67, 120 00 Prague, ID: 05184142, registered by the Commercial Register maintained by the Municipal Court in Prague, File No. C 259630,
would like to inform you about the processing of your personal data and of your rights related to the said processing.
WHAT ARE OUR PURPOSE AND LEGITIMATE INTERESTS FOR THE PROCESSING OF YOUR PERSONAL DATA?
- Selection of potential employees and talents.
- Mutual communication.
- Promotion of our events and our products.
- Targeted communication in social media and product promotion.
- Targeted communication through our website and product promotion.
- Cooperation with our business partners.
DESCRIPTION OF OUR PURPOSE AND LEGITIMATE INTERESTS:
- In case of a vacant position at Spaceflow, we look for the best fit to fill this vacancy. When doing that, we collect the CVs from the applicants directly or from the third persons recommending the potential applicant. After reviewing the CVs of the applicants, we invite them for personal interviews after which we send the follow-up information. In case there is no vacant position at the time or if the applicant has not been successful at the particular job opening, we may, upon consent, store the CVs of these persons to contact them in the future regarding the job opening.
- Our philosophy is to be open and transparent at all times. This includes being open to communication from any person interested in Spaceflow and the Application. Additionally, we have also published email, so you can contact them at any time with any question related to our Application and business you may have. However, to ensure such effective, flawless and clear communication, we process some of your personal data (including unstructured personal information – contained in email correspondence). If you send us your personal data based on a web-form on our pages, the processing is wider, therefore based on a consent, if you book a meeting with us (through a booking feature), we process such data upon the purpose of promotion of our products and services.
- Furthermore, we may process your personal data by taking the photographs and audio-visual recordings, name and surname, email contact which are used for the purpose and legitimate interests of promotion of our events and services (e.g. via our newsletter), and product news with respect to the Application and to help us improve our brand and goodwill by providing you with our newsletters and follow-up marketing materials related to our events and publishing the photographs (where you can appear) and audio-visual recordings on our social media profiles such as LinkedIn and Facebook and via other channels such as our website. In the case you subscribed to our newsletter and you are not our current/past customer, we send you our marketing materials under consent granted by you.
- We may also use social media marketing tools such as LinkedIn to process your personal data that you voluntarily submit to us, to the extent: name, surname, position in the company, email contact, for the purpose of promoting under C. or for further contact to support the sale of our products, and online tools like Google Tag Manager, Microsoft Advertising, LinkedIn Insight Tag and Facebook Pixel and SDK (social marketing media – like Custom Audiences and Lookalike Audiences) and analytical tools as Smartlook.
- If we cooperate with you as our business partner, we need both your personal information to enter into an agreement with you and be with you in a functional business relationship. These personal data will appear on a particular contract and may appear on tax documents, invoices, business cards, in an unstructured form in email (internal) communication and in our CRM systems.
What is our legal basis for the processing of your personal data?
- If you send us your CV regarding the specific vacant position, we process your personal data on the basis of the performance of a contractual relationship and your request prior to entering into a contract under Article 6 (1) (b) of GDPR (in case of failure to provide us with the personal data, we cannot enter into a contract with you). If you want us to keep your CV after the recruitment process or without applying for any particular position, we process your personal data on the basis of a consent under Article 6 (1) (a) of GDPR.
- If you contact us or any particular employee via email, we process your personal data with respect to such replies on the basis of legitimate interests under Article 6 (1) (f) of GDPR. If you contact us through a web-form on our webpage, we process your personal data for purposes of reply and further send marketing material on the basis of a consent under Article 6 (1) (a) of GDPR. If you book a meeting with us we process your personal data on the basis of legitimate interests under Article 6 (1) (f) of GDPR.
- In case of promoting our events and services provided by us, we process your personal data on the basis of the legitimate interests under Article 6 (1) (f) of GDPR and non-customers based on granted consent under Article 6 (1) (a) of GDPR. If we process your data through Hubspot, we do so on the basis of consent under Article 6 (1) (a) of GDPR.
- In case you send us a filled form with your personal data, we process your personal data on the basis of the legitimate interests under Article 6 (1) (f) of GDPR, if we process your data from Facebook Pixel or Google Analytics and Microsoft Advertising is processed on the basis of legitimate interests - Art. 6 (1) (f) of GDPR, with respect to the Custom Audiences and LookAlike Audiences on the basis of consent under Article 6 (1) (a) of GDPR.
- In the case you visit our website, we process your personal data on the basis of the legitimate interests under Article 6 (1) (f) of GDPR. If we process some of your data (as specified below and data required to enable chat features) through Hubspot, we do so on the basis of consent under Article 6 (1) (a) of GDPR.
- In case of contractual relationship and your request prior to entering into a contract, we process your personal data on the basis under Article 6 (1) (b) of GDPR (in case of failure to provide us with your personal data, we cannot enter into a contract with you).
WHAT KIND OF PERSONAL DATA DO WE PROCESS?
- Personal data included in the CV (such as name, surname, date of birth, address, email, phone number etc.).
- Name, surname, email address and phone number, in case of a web-form it is: email, name, surname, phone number. In case of booking features we process: name, email address, and phone number; email addresses of other people; the subject of the meeting; and any other information received by us pursuant to the privacy terms and terms of a provider of booking feature (Calendly).
- Name, surname, email address, photograph or/and audio-visual image of yourself.
- Name, surname, email address, address, details of activities related to a natural person, and web analytics. Personal data specifically acquired from Cognism include: name, job title, business phone and business email, linkedIn page, employment history and company name and details, office location (country & city), personal data specifically acquired from Salesloft include: IP address, browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, and other statistics), Hubspot: first name, last name, company email, company name, phone number.
- Name, middle name, surname, ID No., Tax ID No., registered office, email address and phone number, business name containing your personal name, job title, source of the contact, business category and market.
HOW LONG DO WE STORE YOUR PERSONAL DATA?
- In case of applying for a particular vacant position, we store your personal data until the end of the recruitment process. If you give us your consent to store your CV for future vacant positions, we store it for 3 years.
- If you contact us or any employee via email, we store your personal data until you unsubscribe from our contact database, or in case you send us your personal data through the web-form until you withdraw the granted consent, in case of use of booking feature, we collect for so long as is reasonably necessary to fulfill the purposes for which the data was collected.
- We store your personal data during the time strictly necessary to achieve the given purpose and for non-customers based on consent for 10 years.
- We store your personal data during the time strictly necessary to achieve the given purpose.
- We store your personal data during the time strictly necessary to achieve the given purpose.
- We store your personal data for the duration of the contractual relationship and till lapse of tax duty period and time limitation period for defending claims.
As soon as we no longer need your personal data for the processing purposes for which the personal data have been collected, we will delete them unless the statute-barred period applies. Certain details and correspondence may be retained until the time limit for claims, in respect of the pre-contractual or contractual relationship, has expired or in order to comply with regulatory requirements regarding the retention of such personal data.
MORE ABOUT TAGS ONLINE MARKETING TOOLS UNDER LETTER D.
Linkedin Insight Tag: This tag enables LinkedIn ads to our site visitors. The LinkedIn browser cookie is stored in a browser until cookies are deleted or the cookie expires (based on a rolling six-month expiration from the last time your browser loaded the Insight tag). You may also block or delete cookies. LinkedIn does not share personal data with us, it only provides summary reports about the website target group and ad performance. LinkedIn also provides a retargeting service for a website that allows us to use this data to show targeted adverts outside our website without identifying the member. For further information, please go here.
Facebook Pixel and Facebook direct marketing: This technology enables Facebook to identify visitors of our website as a target group for the display of ads (“Facebook Ads”). Accordingly, we use Facebook Pixel to display the Facebook Ads placed by us only to such Facebook users, who have actually shown an interest in our website or who have certain attributes (e.g. interests in certain topics or products as identified based on the visited webpages) that we transmit to Facebook (“Custom Audiences” and for further “Lookalike Audiences”).
By means of the Facebook Pixel, we would also like to ensure that our Facebook Ads match your potential interests and do not bother you. We can also track the effectiveness of the Facebook Ads by means of Facebook Pixel for purposes of statistics and market research because we can see whether you have been redirected to our website after clicking on a Facebook Ad (“Conversion”). Facebook Pixel is used when our website is retrieved directly from Facebook and it can store so-called cookies on your device. If you sign in to Facebook afterwards or visit Facebook while signed in there, the visit of our online offer will be logged in your profile.
The data gathered about you are anonymous to us, meaning they do not permit us to identify the users. However, the data is stored and processed by Facebook, so that it is possible to link them to the respective user profile and Facebook can use the data for its own market research and advertising purposes. If we should transmit data to Facebook for purposes of reconciliation, these will be encrypted locally in the browser and then be sent to Facebook via a secure https connection. This is done solely for the purpose of creating a comparison to the data equally encrypted by Facebook. How Facebook Pixel is used for advertising measures can be found out here. You can find more information on the data processing by Facebook here.
Based on Custom Audience we can create within Facebook the Lookalike Audiences and advertise our Product to the Lookalike Audiences which are not known to us. Facebook is the only actor who knows who the Lookalike Audience is and is capable of identifying them. Therefore we are in no position of controller to the Lookalike Audience.
Google Analytics: The information generated by the cookie about your use of our website (e.g. IP address, accesses, navigation flow, duration of the visit, browser and end devices used, language and country) will be transmitted to and stored by Google on its servers in the USA.
By activation of the IP anonymisation on this website (“_anonymizeIp()” function), your identified IP address, however, will be truncated within Member States of the European Union or in other signatory states of the Treaty on the European Economic Zone. In exceptional cases the complete IP address will only be transmitted into a server of Google in the USA and it will be truncated there. Google will use this information to analyze your use of our website, to compile reports about your website activities for the website operators, and to perform additional services relating to the use of the website and of the internet. Google may also transfer this information to third parties if applicable, provided that such is mandated by law or to the extent, as third parties process these data on account of Google.
By means of browser plug-ins, you can prevent Google from recording the data relating to your use that is generated by cookies. To do so, you can use the following browsers plug-in. If you use the internet with your mobile end device, you can prevent cookies from being recorded – similar as on a desktop device – by clicking the button below for deactivating Google Analytics.
Google Marketing Platform: For the purposes of the Google Marketing Services, your data are pseudonymized for processing. Google does not store and process, for example, your names and email addresses but resorts to cookie-related processing of the data within pseudonymous user profiles. This means that, from Google’s perspective, the advertisements are not managed and displayed for a specifically identifiable person, but for the holder of the cookie, regardless of who the holder of the cookie is. This does not apply if you have given Google express consent to process the data without pseudonymization. Your data collected by Google Marketing Services is transmitted to Google and stored on Google servers in the US.
We can use the “Google Tag Manager” to incorporate and manage Google analytics and marketing services on our website.
Microsoft Advertising (Bing Ads): We use Microsoft Advertising (Bing Ads) to advertise on external websites to draw attention to our attractive products and services. We use the UET tag (Universal Event Tracking) on our website. This enables us to determine how successful the individual advertising measures are in relation to the data from our advertising campaigns. In this way, we pursue the interest of displaying advertising to you that is of interest to you, of making our website more interesting for you and of achieving a reasonable calculation of advertising costs. The UET tag is also used to track events and allow Microsoft to identify users on our website. This enables us to remarket users after they visit our site and to track whether users have performed certain actions on our site (tracking, targeting, etc.). Microsoft stores cookies on users’ devices to determine whether users have come to our site through a Microsoft advertising
The UET tag is a service of Microsoft Corporation (Microsoft). If you are a resident of Europe, the Middle East or Africa (“EMEA”), this service is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. If you have your habitual residence outside the EMEA and outside Brazil and India, this service is provided to you by Microsoft Online Inc, 6100 Neil Road, Reno, NV 89511, USA
We have no influence on the extent and further use of the data collected by Microsoft through the use of the UET tag and therefore inform you according to our state of knowledge: Through the integration of the UET tag, Microsoft receives the information that you have called up the corresponding part of our Internet presence or clicked on our advertisement. Based on the integration of Microsoft, Microsoft receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Microsoft service, Microsoft may link the visit with your account. Even if you are not registered with Microsoft or have not logged in, it is possible that the provider will identify and save your IP address.
When our website is used, Microsoft processes the UET tag ID, Microsoft cookie, browser information, device information, user behavior and interaction with advertising material.
Bing Webmaster Tools: Bing Webmaster Tools from Microsoft stores both cookies and so-called “beacons” on your computer. Beacons, or tracking pixels, are small invisible graphics that can be used to register whether a web page has been accessed.
Microsoft also maintains servers in the USA. For the cases in which personal data is transferred to the USA, Microsoft has subjected itself to the EU-US Privacy Shield. You can view a current certificate here.
You can prevent the participation in this tracking procedure by preventing the storage of the necessary cookies by the appropriate setting of your browser. In addition, you can disable the display of interest-based advertising by making the appropriate settings on the following Microsoft opt-out page.
Microsoft keeps your data from the UET day for 180 days. The duration of the Microsoft cookie is 13 months.
For more information about data processing by Microsoft, please see the Microsoft Privacy Statement below. There you will also find further information on your rights in this regard and setting options to protect your privacy here.
FOR A SPECIFIC TYPE OF COOKIES
Smartlook provides qualitative website and mobile app analytics with always-on visitor recordings, automatic event tracking, conversion funnels, and heatmaps for websites. It captures an end user’s session so that we can monitor user actions to simplify or enhance your experience using the product and to improve the quality of our products. Smartlook allows for anonymised evaluation of website usage.
You can opt-out of SmartLook support analytics within the Services by visiting this page. Further information about the cookies used by SmartLook can be found here. Detailed information on processed Personal data is available here.
The cookies engaged by Marketing Hub are described on a separate cookie page as well as here.
WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
For a certain reason, we might provide your personal data to personal data recipients, to perform part of our activities through them (meant outsourced activities). Within our business, we use the following categories of personal data recipients:
– Google Ireland Limited (Marketing and Remarketing services, Cloud Service Provider, providing “platform as services“ e.g. environment, computing capabilities, for more information see here, the App runs on the Google Cloud Platform and (E-mailing services out of the App and cloud-storage services, e-mailing services for us), service provider terms are listed here.
– Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, providing social network and various marketing functionalities (Facebook Pixel, Custom Audiences). The data controller for the processing personal data in the context of using Facebook is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2. To claim your rights as a data subject and if you have questions relating to data protection, please contact Facebook’s data protection officer directly here.
– Message Systems, Inc. d/b/a SparkPost, Delaware, US, (E-mail service – Sparkpost, sending the email from the Application), for more information see this. The Application uses the API of the Sparkpost to send: 1) Addressing message, 2) email address of the addressee 3) content of email. Message Systems, Inc. d/b/a SparkPost is certified under the EU-U.S. Privacy Shield Framework.
– The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (Email service Mailchimp, sending from and out of the Application), contractor who provides us with e-mailing services related to the newsletter); service provider terms are listed here and DPA addendum here.
– LinkedIn Ireland Unlimited Company, (contact acquisition from social media marketing service), service provider terms are listed here.
– CRM software, communication software and project management software which may contain unstructured personal data in order to fulfill the purposes stated above.
We also may be obliged to provide your personal data to public authorities, in particular courts and law enforcement agencies (police and prosecutors) only to the extent necessary and within the limits of the law.
FROM WHOM DO WE GET THE PERSONAL DATA?
We get personal data from you and in order not to be so vague in explanation, by “you” we mean:
- Job applicants for a position with us.
- Interviewers and potential business partners.
- Participants in events we organize or participate in.
- Leads and business partners (Linkedin Insight Tag, Salesloft, Cognism).
- Visitors to our website.
- Potential and current business partners or customers and contractors.
DO WE USE AUTOMATED INDIVIDUAL DECISION-MAKING?
No, we do not use automated individual decision-making.
DO WE TRANSFER YOUR PERSONAL DATA TO THIRD COUNTRIES?
Your personal data is processed within the territory of the Czech Republic and other states of the European Union. Your personal data can be processed by a country outside of the European Union if this third country has been confirmed by the European Commission as a country with an adequate level of data protection or if other appropriate data protection safeguards exist (for example, binding corporate privacy rules or EU standard data protection clauses).
Personal data may also, in justified cases, be subject to use (processing) for the purpose of dealing with legal matters, including the performance of public authority obligations and monitoring for possible legal protection. Personal data may also be archived for a given public interest, as well as for scientific, historical or statistical research.
WHAT ARE YOUR RIGHTS?
Your rights as a data subject are stated below. Please note that the exact conditions to exercise these rights are set out in detail in Chapter III of GDPR, while in a particular circumstance not all rights may be exercised. You have the following rights:
- Access to personal data we process about you
- Rectification of incorrect or inaccurate personal data and add incomplete personal data
- Restriction, i.e. blocking of processing of your personal data
- The deletion of personal data in case the purpose absence or unauthorized data processing
- Submission of an objection to the processing of personal data if you believe that our data processing is not justified
- Be excluded from automated decision-making
- Listing of personal data in a structured and machine-readable format or for another controller
- Revocation of consent to the processing of personal data
- To lodge a complaint with the supervisory authority
HOW CAN YOU EXERCISE YOUR RIGHTS?
Spaceflow s.r.o., registered seat at: Italska 2581/67, 120 00 Prague or
We strive to protect your privacy as much as possible and therefore we process your personal data in compliance with GDPR and all other relevant laws. However, if you disagree with the way we handle your personal data, you can exercise your rights via our Data Protection Officer at:
Data Protection Officer’s contact:
JUDr. Theodor Klán, attorney-at-law
Seat at: Pobřežní 18/16, 186 00 Praha 8,
or you can file a complaint in supervising authority regarding the processing of your personal data. Your local supervisory authority may be found here.