1. Purple Group

1.1 Purple Group is managed by a controlling entity Purple Holding a.s., Company ID: 06528554, registered seat at Masarykova 409/26, Brno-město, 602 00 Brno, consisting inter alia of:

• Purple Technology s.r.o., Company ID: 29364973, registered seat at Masarykova 410/28, Brno-město, 602 00 Brno

1.2 Purple Group hereby declares that with regard to the nature of personal data, it processes it with high respect towards its protection and purpose of processing, while such data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection natural persons with regard to the processing of personal data (hereinafter referred to only as the “GDPR”) and other valid legislation. Pursuant to art. 12 of GDPR, we inform the data subjects, i.e. the website visitors, about the processing and protection of their personal data and about their rights.

2. Who is the personal data administrator?

2.1 Where personal data about users of the website is collected as part of the use of cookies on the website, Purple Technology s.r.o. ("Company" or "we") is the data controller.

2.2 If the user is also a job applicant for one of the Purple group companies, the controller of his/her personal data is always the company that is his/her potential/future employer ("Employer"). For the other Purple group companies, Purple Technology s.r.o. acts as a data processor in such cases.

3. Who is this information intended to?

3.1 This information is intended for:

• users of purple-technolgy.com, blog.purple-technology.com and other websites where this policy is available,
• subscribers to the newsletters of blog.purple-technology.com and other websites where this policy is available,
• job applicants or similarly situated persons (e.g. students doing an internship, etc.)

(hereinafter collectively referred to as "users" or "you" unless specifically stated otherwise).

4 What personal data do we process?

4.1 When browsing the website, data about individual users, their preferences, behaviour and general use of the website is collected through the use of cookies. Cookies may be used to collect certain data that can be classified as personal data within the meaning of the GDPR. If personal data is collected through cookies when browsing the site, such data is subsequently processed by us in accordance with the relevant law and this Policy.

The extent of data collected may vary from user to user depending on whether or not you consent to the use of cookies. Detailed information on the use of cookies and the data collected may be found here.

4.2 For the purpose of sending newsletters, resp. educational, informational and promotional materials, we process the following personal data from subscribers:

• e-mail address.

4.3 For the purpose of recruitment, we process following personal data of the applicants:

• address and identification data (name, surname, titles, date of birth, permanent residence address)
• contact data (phone number, e-mail address)
• curriculum vitae, motivational letter
• data from the test – results and information acquired from tests such applicant filled/provided within the recruitment procedure
• work reference – recommendations from previous employers, including the data acquired from their verifications.
(hereby, the applicant acknowledges that the information included in the Work reference entitles the Company to access such personal data)
• other information (e.g. information acquired during the interviews or any other information provided by the applicant).
• information the applicant decided to share with the Company within the recruitment procedure voluntarily – the scope of such personal data is defined on a case-by-case basis, as it depends on the fact which information such applicant decides to share with the Company (E.g. Company does not require photography or birth certificate number to be sent by the applicant. However, some applicants send their photography or their birth certificate number as e.g. part of their curriculum vitae to the Company.)

5. Why do we process such data?

5.1 We process data for the following purposes:

• marketing activities and improving the quality of services provided (data of all users of the site)
• educational, information and promotional activities (subscribers)
• the recruitment procedure (applicants).

5.2 Legal ground for processing:

We process personal data primarily on the basis of your consent; besides that, we process the data for the purposes of fulfilling an employment or other contract, fulfilling our legal obligations, or for our legitimate interest.

Unless you have given your consent to the processing of personal data, only those data which the Company is entitled to process on other legal grounds are processed, and only to the relevant extent.

6. Purpose of personal data processing

Personal data of users

Purpose of processing:

• Marketing activities

Further specification:

• Cookies are used to collect data about the browsing activity of website users and user preferences, which the Company uses for its marketing needs.

Legal ground:

• User consent

Purpose of processing:

• Preparation of employment contract or its amendments during employment.

Personal data of subscribers

Purpose of processing:

• Education in fintech topics, information activities, mediation of establishing professional relations and contacts, promotion of the Society's activities

Further specification:

• On the basis of subscription, subscribers are sent educational and informational communications focused on financial technology. These communications can also serve as a means of engaging with the fintech community, connecting its individual members and establishing professional contacts. Last but not least, the communications serve to promote the Company and its activities.

Legal ground:

• The performance of contract

Personal data of applicants

Purpose of processing:

• Recruitment of applicants for new or free work positions (Recruitment)

Further specification:

• Company actively searches for people, who could represent new employees of the Company.
• We need to assess if our future potential colleagues have the education, experiences, skills and personal prerequisites necessary for the position they are recruited for.
• Company processes curriculum vitae and other data on the basis of consent of the applicant, provided to the recruitment agency, consent may also be given through such agency.
• In the event the applicant is not successful during the recruitment procedure and provides his/her consent to the Company to keep his/her data for the case any other position becomes vacant such applicant is interested in, the Company will keep the curriculum vitae of such applicant or any other shared relevant information.
• Retention of personal data of unsuccessful applicants for a period of 6 months due to retroactive verification of results of recruitment procedure on the basis of complaint of unsuccessful applicant.

Legal ground:

• Protection of rights and rightfully protected interests of the Company.
• Consent of applicant to the processing of personal data for the purpose of keeping him/her in the database of applicants for any future recruitment for vacant positions (consent necessary)

Purpose of processing:

• Preparation of employment contract or its amendments during employment

Closer specification:

• Employment is based on an employment contract that shall be concluded in a written form. In such employment contract, mutual rights and obligations are included. During the employment, it may happen, that such contract could have to be amended.

Legal ground:

• The performance of a legal obligation, specifically:
a) the Employer's obligations arising from Act No. 262/2006 Coll., the Labour Code, as amended
• The performance of employment contract.

7. Do you have to provide us with your personal data?

7.1 The provision of personal data is always voluntary. If you do not consent to the use of cookies, no personal data will be collected through them. In this context, only your choice regarding the use of cookies will be stored in accordance with the Cookie Policy (this is not personal data within the meaning of the GDPR).

7.2 The provision of personal data when subscribing to the newsletter is voluntary and can be cancelled at any time. There are no penalties or other negative consequences associated with cancellation.

7.3 If a candidate refuses to provide personal data for processing purposes that have a legal basis for processing other than his/her consent, it will not be possible for him/her to become our candidate, as the provision of personal data is a prerequisite for the conduct of the recruitment procedure and the eventual entering into an employment contract.

8. How do we process personal data?

8.1 Processing is carried out by authorised persons. The processing is carried out manually in paper form and by computer technology in compliance with all security principles for the administration and processing of personal data.

8.2 We keep applicants' personal data up-to-date and process it to the extent necessary to fulfil the rights and obligations arising from the employment contract.

8.3 We process personal data on the basis of information we obtain directly from users and, in the case of applicants, also on the basis of information generated in the course of employment. We also process the personal data of students doing internship on the basis of information provided by the school with which we have an internship agreement.

9. How long do we keep personal data?

9.1 Personal data of users of website is processed for as long as the cookies store it. The duration of data collection through cookies varies according to the specific type of cookie and is set out in the Cookie Policy.

9.2 We process the personal data of subscribers for the duration of the subscription to the newsletter. After the subscription has ended, only those personal data whose retention is necessary on the basis of legal regulations or our legitimate interest are retained.

9.3 We process the personal data of job applicants for the duration of the recruitment process. Unsuccessful applicants may consent to the retention of their personal data (their CV) in the event that another similar position becomes available. We process the personal data of successful candidates for the duration of the employment relationship. After the end of the employment relationship, only those personal data whose retention is necessary on the basis of legal regulations or our legitimate interest are retained. We keep student internship contracts for one year from the date of their termination. After that period, personal data is shredded, deleted or anonymised.

9.4 Time limits for retention of personal data:

• Personal data collected via cookies according to the retention period specified for the specific type of cookie file
• Subscribers' personal data - duration of subscription and 2 months after its termination
• Curriculum vitae and personal data of applicants – 6 months after the data has been provided
• Personal data on the basis of consent are processed for a period of 3 years after the consent is given.

This is without prejudice to the processing of personal data on other legal grounds, if they last beyond the abovementioned periods.

10. How is the personal data secured?

10.1 The security of personal data of applicants is ensured by appropriate physical and electronic procedures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transfers, unauthorised processing or other misuse of personal data.

10.2 In accordance with the Security Policy, personal data is under constant physical, electronic and procedural control. In order to protect the data, the so-called information security management system and the related organisational and technical protection measures, including technical, organisational and personnel measures, are clearly defined. Control, technical and security procedures defined by law and internal regulations are implemented for maximum security. All persons who come into contact with personal data in their work position (or in the context of their contractual obligations) are trained and bound by the obligation of confidentiality.

11. Who has access to personal data?

11.1 The Company does not, as a matter of principle, share your personal data with other data controllers, unless the Company is obliged or entitled to do so by law or by its legitimate interest or you have given your consent thereto.

11.2 Your consent is not required to share personal data with data processors. We always carefully screen entities that are to become processors of personal data that Purple Group manages to ensure that they comply with appropriate technical and organisational security measures. Any entity that, in the course of its activities for us, may become a processor of personal data, which we control, is subject to a written contract for the processing of personal data. Such processor is authorised to process personal data only to the extent necessary for the performance of its task, for the purposes of its task and for the agreed period of time.

11.3 We may involve third parties - our suppliers - in some of our activities. Depending on the nature of the activity in question, your personal data may be processed by this supplier in its capacity as a processor or data controller.

11.4 The Company is part of a group around the parent company Purple Holding a.s., which have outsourcing agreements between them under which certain activities that would otherwise be carried out or could be carried out by one of them are carried out through related companies and vice versa. Purple Technology s.r.o. acts as the HR department for the other companies in the group and is thus in the position of the processor of the applicants' personal data. Our suppliers are companies based in the European Economic Area ("EEA").

11.5 Other suppliers are, in particular, the following:

• IT services providers
• Attorney and tax offices
• Subjects providing publishing and postal services
• Subjects providing shredding and archiving services
• Subjects providing advisory services
• Subjects providing employment medical services
• Subjects providing payroll services
• Subjects providing administrative services and ensuring employees’ benefits
• Subjects providing educational and training services
• External auditor

11.6 We may be required by law to share your personal data without your consent with third parties (e.g. bailiffs, health insurance companies, labour offices, social security authorities, insolvency practitioners) for the purpose of fulfilling their obligations and, where applicable, enforcing decisions.

11.7 The processing of applicants' personal data by other processors is always carried out on the basis of a contract for the processing of personal data. Personal data are only provided to processors and third parties to the extent necessary and under the conditions laid down by law.

12. Processing of personal data of applicant abroad

12.1 Within the EEA, a regime of free movement of personal data applies and the same rules apply to the processing of personal data as in the Czech Republic.

12.2 In some cases, our suppliers may process personal data in third countries (i.e. countries outside the EEA), but they are always obliged to comply with all legislative requirements.

13. What rights do you have?

13.1 Each user has the right to access his/her personal data and following information about:

• purpose of processing,
• category of relevant personal data,
• recipient or category of recipients who such personal data was or will be made accessible to,
• a planned period during for which such personal data is stored,
• all accessible information about the source of personal data, unless acquired from the user.

13.2 If you find out or believe that the Company is processing your personal data in breach of the law, you may:

• request explanation from the Company,
• request limitation of data processing,
• request the Company to perform rectification, supplementation or erasure of personal data.

13.3 If you have provided consent to the processing of your personal data, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. Withdrawal of consent has no effect on the contractual relationship, in particular the employment relationship.

If you make a request concerning the rights described in the preceding paragraphs, you will be informed by the Company of the measures taken without undue delay, at the latest within one month of receipt of the request. In justified cases, taking into account the complexity and number of requests, this period may be extended by up to two months.

Upon request, we will provide you with a copy of the personal data processed. If the requests made are manifestly unfounded or unreasonable (e.g. due to repetition), you will be charged a fee equal to the administrative costs or the request may not be processed in full or in part.

In the event that the request does not contain all the information necessary for its processing, you may be asked by the Company to provide further information or to carry out activities to verify your identity. The requested information will be provided electronically unless you request otherwise.

If your request is not granted by the Company, you have the right to lodge a complaint with the Data Protection Authority.

14. How can you contact us?

14.1 In relation to the exercise of your rights and in case of questions or information regarding the processing of personal data, you may contact us in the following ways:

• Address for physical correspondence: Masarykova 410/28, Brno 602 00
• Email: HR@purple-technology.com
• Email: dpo@Purple-technology.com

15. Final provisions

15.1 The Privacy Policy (the "Policy") is issued in writing and is accessible to all via the Company's website.

15.2 Interpretation of Policy and related generally binding legislation shall be provided to the applicants, if necessary, by:

• HR Department or
• Legal Department

15.3 Proposals to amend or supplement the Policy shall be submitted to the HR Department. Amendments and supplements to the Policy shall be adopted and issued in writing by the Company's statutory body.

15.4 This Privacy Policy comes into effect on 01.01.2023.

 

---

Consent to Personal Data Processing

I, undersigned below, hereby provide my content to

Company name: Purple Technology s.r.o.

Company ID: 29364973

Registered seat: Masarykova 410/28, Brno-město, 602 00 Brno

File No.: C 75634 held at the Regional Court in Brno

(hereinafter referred to only as the “Controller” or “Company”),

to process the following personal data in terms of the Regulation (EU) 2016/679, on Personal Data Protection (hereinafter referred to only as the “GDPR”):

• Address and identification data (name, surname, titles, date of birth, permanent residence address).
• Contact data (phone number, e-mail).
• Curriculum vitae, motivational letter.
• Data from the test – results and information acquired from tests such applicant filled/provided within the recruitment procedure.
• Work reference – recommendations from previous employers, including the data acquired from their verifications.
• Other information (e.g. information acquired during the interviews or any other information provided by the applicant).
• Information the applicant decided to share with the Company within the recruitment procedure voluntarily – the scope of such personal data is defined on a case-by-case basis, as it depends on the fact which information such applicant decides to share with the Company (e.g. Company does not require photography or birth certificate number to be sent by the applicant. However, some applicants send their photography or their birth certificate number as e.g. part of their curriculum vitae to the Company.)

(hereinafter referred to only as the “Personal Data”)

On the basis of recruitment procedure for work position in accordance with internal regulation – recruitment privacy policy (hereinafter referred to only as the “Internal Regulation”), I have provided Personal Data to the Controller for the following purpose:

• Recruitment of employees for new or vacant work positions (Recruitment)

Within the recruitment, the Controller may process Personal Data on the basis of his legitimate interest (even without any consent) for the period of 1 year.

Controller intends to process my Personal Data for the purpose of recruitment for other future work positions or for a direct replacement of recruited applicant, for a longer period of time. This consent is provided for a period of 4 years. This consent may be prolonged.

I hereby provide my explicit consent to the processing stated above. I may withdraw my consent at any time, e.g. by sending an e-mail or correspondence to the contact data of the Company:

• Address for physical service: Masarykova 410/28, Brno 602 00
• Email: HR@purple-technology.com
• Email: dpo@Purple-technology.com

 

Processing of Personal Data is performed only by the Controller. However, Personal data may be processed also by external Processors:

• Software providers.
• Any other providers and entities/individuals cooperating with the Controller in the area of accounting and law.

 

I take into account that I have the following right on the basis of act on Personal Data Protection:

• Withdraw consent at any time.
• Request information from the Controller what Personal Data he processes.
• Submit complaint against processing.
• Request access to such data from the Controller and update or correct it.
• Request erasure of such Personal Data from the Controller.
• In the event of doubts about the observance of obligations related to the processing of Personal Data, to request the Controller or the Office for Personal Data Protection.

 

Data may not be provided to third countries.

I PROVIDE MY EXPLICIT CONSENT TO THE ABOVE-STATED