INFORMATION ON THE PROCESSING OF PERSONAL DATA
In this document you will find information on how your personal data will be processed in connection with your participation in the selection procedure for a position in our company or for other cooperation with our company, including information on what rights you have in connection with the processing of your personal data and how you can exercise them.
For any questions about privacy and exercising your rights, please use the following contact:
· email: firstname.lastname@example.org
1. Who is the controller of your personal data?
The controller of your personal data ("Controller") is the company that advertised the job for which you are applying. This will always be one of the companies listed below that are part of our holding company:
APOLLO GAMES s.r.o. ID No.: 05422701, with registered office at V parku 2294/2, Chodov, 148 00 Praha 4, a company registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 268641 (hereinafter referred to as "APOLLO GAMES"),
APOLLO SOFT s.r.o., ID No.: 28179781, with registered office at V parku 2294/2, Chodov, 148 00 Praha 4, a company registered in the Commercial Register kept by the Municipal Court in Prague, Section C, Insert 266997 (hereinafter referred to as "APOLLO SOFT"), or
Apollo Line s.r.o., ID No.: 07889321, with its registered office at Holušická 2253/1, Chodov, 148 00 Prague 4, a company registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 309315 (hereinafter referred to as "APOLLO LINE").
2. For what purpose, on the basis of what titles and what personal data do we process?
2.1. Measures taken before the conclusion of the contract at the request of the applicant
2.2. The purpose of the processing of your personal data by the Controller is primarily to assess whether you are a suitable candidate for the offered position or cooperation and the possible conclusion of an employment relationship or a framework cooperation agreement with you. This includes, among other things, the preparation of the necessary contractual documents, informing the candidate about the position and cooperation, participation in the selection procedure, etc. The primary reason for the processing of candidates' personal data is to take the measures taken before concluding a contract with the candidate at their request.
For these purposes, the Administrator processes personal data that are necessary for the assessment of the suitability of the applicant and the subsequent negotiation and conclusion of a contract with the applicant for cooperation with the Administrator. Typically, this includes the following data:
- identification data (name, surname, title, date of birth),
- contact details (email, phone, Skype username, LinkedIn profile),
- information about your education, work experience, knowledge and skills and qualifications for the position, your portfolio,
- any other information you provide in your CV or in the job applicant questionnaire, and, where applicable, information you provide in the oral interview which we record in writing, and information from any entrance test, including its evaluation, if this is part of the selection procedure,
- other information from communications with you about the selection process.
The processing of this personal data is necessary to enable the Administrator to assess the suitability of the candidate for the position and to conclude an appropriate contract with the selected candidate (employment contract, cooperation contract, agreement on work outside the employment relationship, etc.).
2.3. The fulfilment of the legal obligations of the Administrator
In some cases, the Controller is required by law to process personal data. If an applicant is interested in a position in an employment relationship, the Controller is obliged, under the conditions set out in the law, to process information on whether or not the applicant is medically fit to perform the job. Health status is assessed by the occupational health service provider. The administrator does not hold or process any specific information about the applicant's health, only information about (un)fitness for work.
2.4. Protection of the legitimate interests of the Controller
In justified cases, the Controller also processes personal data in order to protect the Controller's legitimate interest in the possibility of asserting the Controller's claims or defending against claims of applicants or third parties, e.g. in the event of legal disputes, court proceedings, inspections by public authorities, etc. Here, the Administrator must demonstrate that it has complied with the law in the selection procedures. In this context, we process in particular the identification and contact data of the candidate, the data necessary to assess the suitability of the candidate, and data on mutual communication in connection with job offers.
2.5. Consent of the applicant
In some cases, your personal data may be processed on the basis of your consent, specifically for the purpose of inclusion in the internal database of applicants maintained by APOLLO GAMES, where this database will allow the applicant to be contacted with offers of other positions within the holding similar to those in which the applicant originally expressed interest. Thus, APOLLO GAMES will, with your consent inform you if you are unsuccessful in the selection process or if the Administrator does not have the required position for you and if such a suitable position becomes available in the future at one of the holding companies.
APOLLO GAMES will provide the applicant with the text of this consent and more detailed conditions for processing personal data on the basis of this consent. Unless otherwise stated in the respective consent, the consent is granted for a period of 1 year. You may withdraw your consent at any time by contacting us via the contact email mentioned above in this document. Failure to grant such consent shall not affect the ability of the Administrator to enter into a contract in respect of the position in which the applicant originally expressed an interest.
3. Who do we receive personal data from?
The Controller obtains personal data primarily from you, the candidate, from the information you provide to the Controller (in particular in your CV, by completing a job applicant questionnaire or otherwise as part of the selection process, including by providing access to your LinkedIn profile). You may provide data to the Administrator either directly (by sending your CV, filling in a contact form) or it may obtain your personal data from you indirectly, from internet portals used to connect job seekers or otherwise cooperate with employers where you have uploaded your CV ("Internet Portals"). The Controller may also obtain personal data from recruitment agencies that upload your data in the form of a CV to one of the aforementioned Internet Portals.
We may also obtain Personal Data from the Employment Agency.
The Administrator does not collect any other data about you other than that which you provide to the Administrator in your CV or other documents, documents and reports that you complete (or send to the Administrator) and that which the Administrator obtains indirectly in accordance with the preceding paragraphs.
You are only required to provide the Administrator with accurate information and you must update your information if your personal information changes.
4. How do we process your personal data?
The Controller always processes personal data in accordance with the relevant legal regulations and ensures that it is properly cared for and protected. The controller ensures that you never suffer any harm to your rights, in particular the right to human dignity, and that your private and personal life is not unjustifiably interfered with.
Personal data is processed in electronic form by automated means, specifically through the relevant Internet Job Portals, the Controller's internal systems, or, where applicable, within the systems of the Controller's individual processors.
Your personal data is also processed manually and may be processed by employees of the Administrator or other persons working for the Administrator, inter alia, for the purpose of evaluating your suitability for the offered job position, eliminating errors, inaccuracies, etc. However, these persons may only process personal data under the conditions and to the extent stated above and are bound by the obligation to maintain confidentiality of personal data and security measures, the disclosure of which would compromise the security of personal data.
You may be profiled as part of the selection process. The purpose is always solely to assess your suitability for the position offered. However, there is never any automated decision-making; there is always a human factor involved, which assesses the results and decides whether or not the candidate is suitable for the position.
We make sure that we only process accurate and up-to-date data.
5. To whom do we transfer your personal data?
The Controller uses the following processors to process your personal data:
LMC s.r.o., ID No.: 26441381, with registered office at Prague 7, Jankovcova 1569/2c, Postal Code 17000, as an operator of some Internet Portals for job mediation (e.g. Teamio system, Jobs.cz portals, etc.) for conditions of personal data processing see https://www.lmc.eu/cs/zasady-ochrany-soukromi/
- Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, a Microsoft 365 service provider, under the terms of the Processing Agreement and the Standard Contractual Clauses entered into with that processor.
In the event that APOLLO SOFT or APOLLO LINE is the Controller, APOLLO GAMES is used as the processor of your personal data, which within our holding provides HR agenda management for other companies.
Unless otherwise stated above for individual processors, we do not transfer personal data outside the EU.
Personal data may be transferred to public authorities for the purpose of exercising their legal powers.
6. How long do we process personal data?
The Administrator processes your personal data for the duration of the relevant selection procedure, typically for 1 month from its commencement.
If you become the selected candidate and an employment contract, an agreement for work outside the employment relationship, or other cooperation agreement with the Administrator is concluded, your CV, interview record and other data and records from the selection procedure will be included in your personal employment file. The terms and duration of the processing will then be governed by the Information on the Processing of Personal Data for Employees or the Information on the Processing of Personal Data for Contractors and Other Collaborators issued by the relevant Controller, which you will be made aware of before entering into the relevant contract with the Controller.
If you are unsuccessful in the selection procedure or are not contacted by the Administrator (typically within 2 (two) weeks from the initial contact of the Administrator by the Candidate), we will terminate the processing of your personal data no later than 1 month from the end of the selection procedure, unless you give APOLLO your consent to the processing of your personal data in accordance with Article 2.4 of this document.
Some personal data are processed by the Controller for longer than the above. This is done to protect the legitimate interests of the Controller as described in Article 2.3 of this document. The duration of processing for this purpose depends on the running of the relevant limitation periods, which in the Czech Republic may be up to 15 years from the occurrence of the relevant event. If no relevant proceedings are initiated, the retention period for these purposes is typically 3 years.
If the Controller does not process your data on the basis of your consent, it cannot delete it at your request. However, it will always assess whether it is still necessary to process the personal data on the basis of your request.
We then process personal data processed on the basis of your consent for the period for which the consent was given or until the consent is withdrawn.
7. What rights do you have?
In the first instance, you have the right to ask the Controller for access to your personal data, including a copy of all your personal data. You can do this by using the email address provided at the head of this document.
Your other rights:
The Administrator will always inform you of:
· the purpose of processing personal data,
· the personal data or categories of personal data which are the subject of the processing, including any available information about their source,
· the nature of automated decision-making, including profiling, and information concerning the procedure used, as well as the significance and foreseeable consequences of such decision-making for the data subject,
· the recipients or categories of recipients to whom the personal data have been or will be transferred and, in the case of a transfer of personal data to a third country, the appropriate safeguards applicable to the transfer to ensure the security of the personal data
· the planned period for which the personal data will be stored or, if this cannot be determined, the criteria used to determine that period,
· any available information about the source of the personal data, unless it is obtained from you.
Your other rights include:
· ask the Administrator for an explanation,
· require the Controller to remedy the situation, in particular to block, rectify, supplement, restrict processing or destroy the personal data (right to be forgotten),
· request a copy of the personal data processed, or request personal data relating to you in a structured, commonly used and machine-readable format, and to transmit such data to another controller, without any impediment from the Controller,
· file an inquiry or complaint with the Office for Personal Data Protection,
· object to the processing of personal data concerning you.
8. How we protect your personal data
The Controller protects your data. The following security measures are used for this: antivirus protection, firewalls, backups, authorization data, physical security measures, internal data protection regulations.
This information on the processing of personal data is effective from 18.8.2022.
In this document, you will find all necessary information regarding the processing of your personal data by our company APOLLO SOFT s.r.o., ID no. 28179781, with registered office at V parku 2294/2, Chodov, 148 00 Praha 4, registered in the Czech Commercial Register maintained by the Municipal Court in Prague, Section C, entry 266997 (hereinafter the “Operator”), as personal data controller, in connection with the operation of website www.apollogames.com (hereinafter the “Website”) and business cooperation between the Operator and its customers (hereinafter the “Customer”).
In case of any questions regarding your personal data and privacy, and the exercise of your rights, do not hesitate to contact us via:
· e-mail: email@example.com
1 For which purposes, on which grounds and what personal data do we process?
1.2 Analysis and improvement of the Website
We may process personal data of visitors of our Website to be able to analyze the use of the Website and improve it if necessary. Fort this purpose, we may collect and further process data such as IP address, date and time of access to the Website, use of its functions, information about the internet browser, the device used or language settings.
We process the above personal data based on our legitimate interest (to operate a functional adn relevant Website).
1.3 Defence of rights
We further process personal data specified in paragraph 1.1 above for the purposes of protection of our legitimate interest, which is to ensure the possibility of our defence in potential legal disputes, court proceedings or inspections by state or other public authorities. We process the data in order to be able to prove, if necessary, that we have acted in accordance with our contractual obligations and legal regulations.
1.4 Obligations of the Provider arising from legal regulation
In addition to the above, we may have to process personal data to comply with our legal obligations. In particular, we have to process personal data to the extent required by the relevant legislation in connection with our obligations in the field of accounting and related tax obligations, or obligations imposed by the Archiving Act.
2 From whom do we receive personal data and to whom do we pass it on?
We collect personal data from the data subjects. You are obliged to provide us only with accurate data and if your personal data changes, you must update the data.
We may hand over personal data under the conditions set out by law to public authorities for which the law requires us to do so, or if the authority so requests within the limits of its competences.
Unless otherwise stated above, personal data is not transferred outside the EU.
3 How we process the personal data?
Personal data may be processed electronically by automated means (in our systems or systems of data processors specified above). We may process your personal data manually in case manual processing is necessary or appropriate for the particular purpose.
Our employees and other co-workers may process your personal data only under the conditions and to the extent stated above and are bound by the obligation of confidentiality about personal data and security measures the disclosure of which would compromise the security of personal data.
We always process personal data in accordance with the relevant legislation and provide them with due care and protection. We make sure that you do not suffer harm to your rights, in particular the right to preserve human dignity and your private and personal life.
4 How long do we process personal data?
4.1 Contract with the Customer
For the purpose of concluding and fulfilling contracts with the Customers, the personal data are processed until termination of the Contract.
After that, we may still process personal data for the following purposes:
4.2 Analysis and improvement of the Website
The personal data are processed for this purpose for two months.
4.3 Defence of rights
The data processed to protect our legitimate interest of our legal defence are processed for the duration of the relevant limitation periods, which may last for up to 15 years from the occurrence of the relevant event. Unless a relevant claim is made or procedure is commenced, the data is typically processed for 5 years from the termination of the contract with the Customer.
4.4 Legal obligations
We process personal data processed under our legal obligations within the time limits required by the respective legal regulations.
We must process the personal data required by the legislation regulating the Tax and Accounting obligations (typically billing data and information about the provided performance) for accounting and tax compliance purposes. The processing period is 5 years from the end of the accounting year, in the case of documents relevant for VAT payments, it is 10 years from the end of the tax period in which the transaction took place.
We archive relevant personal data in accordance with the requirements of the Archiving Act.
4.5 Longer processing
Personal data may be processed for a longer period than that set out above where there is a relevant reason for further processing, typically an administrative or legal proceeding is initiated for which the personal data is relevant.
5 What are your rights?
First of all, you have the right to ask us to access your personal data, including making a copy of all your personal data, via contact e-mail stated above.
Withdrawal of consent to processing: Unless otherwise stated above, we do not process your personal data on the basis of your consent. Therefore, in these cases, it is not possible to withdraw your consent to the processing. However, upon your request, we will always assess whether it is still necessary to process your personal data for any of the above purposes.
Your further rights: We will always inform you about:
· the purpose of processing personal data,
· personal data or, where applicable, categories of personal data subject to processing, including any available information about their source,
· the nature of the automated decision-making, including profiling and information relating to the procedure used, as well as the relevance and expected consequences of such processing for the data subject,
· beneficiaries and, where appropriate, categories of beneficiaries,
· the planned period during which the personal data will be stored or, if it cannot be determined, the criteria used to determine that period,
· all available information about the source of personal data unless it is obtained from you.
Your other rights include:
· to ask us for an explanation,
· to require us to remove the situation, in particular blocking, repairing, supplementing, restricting the processing or destruction of personal data (right to be forgotten),
· to request personal data relating to you in a structured, commonly used, and machine-readable format and transfer this data to another controller without hindering it in any way;
· to submit a question or complaint to the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), website: uoou.cz.
· to object to the processing of personal data based on legitimate interest.
INFORMATION SECURITY POLICY
The goal is to ensure the confidentiality, availability and integrity of all proprietary and customer data information to successfully support our business activities.
1. To enforce this policy, Apollo Games. has implemented security regulations according to the ISMS standard - Information Security Management System according to ISO/IEC 27001 as an integral part of its management. URL link to the certificate
2. Availability and integrity of information (information undamaged, unaltered, complete, etc.) at the time and place according to the business needs of the company, only to those who need it for their work activities, thus maintaining the confidentiality of information according to the established classification of information (public, restricted, confidential).
3. Managing the entire information lifecycle, i.e. processing information from the moment it is acquired or created to its disposal.
4. Taking security measures directly proportional to the current level of risk associated with information security threats.
5. By regular monitoring, risk assessment, security incident management, corrective and preventive measures, we will increase the effectiveness of
information security management.
6. The Information Security Policy is binding on all employees and stakeholders.
7. Employees are continuously educated and trained in information security.
8. External entities are contractually obliged to comply with the internal regulations of Apollo Games.
9. Violation of the information security rules is considered a serious breach of a duty arising from the legal regulations relating to the work performed by the
employee and is subject to disciplinary proceedings.
10. All employees and external workers have the opportunity to report any discrepancies with this policy directly to their manager or by email to firstname.lastname@example.org.
This policy is reviewed annually by the management of the company, the last review being dated 01.11.2022. Tomáš Burdych, Security manager