1. Purple Group

1.1 Purple Group is managed by a controlling entity Purple Holding a.s., Company ID: 06528554, registered seat at Masarykova 409/26, Brno-město, 602 00 Brno, consisting, in particular, of:

• Purple Technology s.r.o., Company ID: 29364973, registered seat at Masarykova 410/28, Brno-město, 602 00 Brno

1.2 Purple Group hereby declares that with regard to the nature of personal data, it processes it with high respect towards its protection and purpose of processing, while such data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection natural persons with regard to the processing of personal data (hereinafter referred to only as the “GDPR”) and other valid legislation. Pursuant to art. 12 of GDPR, we inform the data subject, i.e. the applicant, about the processing, protection of his/her personal data and rights. (hereinafter referred to only as the “Privacy policy”)

2. Who is the personal data Controller?

2.1 If you’re an applicant for any of the companies within the Purple Group, the Controller of your personal data is always the company that will be your employer. (hereinafter referred to only as the “Company” or the “Employer”)

2.2 The status of Purple Technology s.r.o. towards its applicants is the status of Controller within the period of the recruitment process. For other companies within the Purple Group, it’s a processor.

3. Who is this information dedicated to?

3.1 This information is dedicated to:

• Applicants for employment

(hereinafter jointly referred to only as the “Applicant” unless specifically stated)

4. What personal data of applicants do we process?

4.1 For the purpose of recruitment, we process personal data in the following scope:

• Address and identification data (name, surname, titles, date of birth, permanent residence address).
• Contact data (phone number, e-mail).
• Curriculum vitae, motivational letter.
• Data from the test – results and information acquired from tests such applicant filled/provided within the recruitment procedure
• Work reference – recommendations from previous employers, including the data acquired from their verifications. (Hereby, the applicant takes into account that the information included in the Work reference entitles the Company to access such personal data)
• Other information (e.g. information acquired during the interviews or any other information provided by the applicant).
• Information the applicant decided to share with the Company within the recruitment procedure voluntarily – the scope of such personal data is defined on a case-by-case basis, as it depends on the fact which information such applicant decides to share with the Company (E.g. Company does not require photography or birth certificate number to be sent by the applicant. However, some applicants send their photography or their birth certificate number as e.g. part of their curriculum vitae to the Company.)

5. Why do we process such data?

5.1 We process data for the following purposes:

• Recruitment procedure

5.2 Legal ground for processing:

We process personal data on the basis of employment agreement, meeting of our legal obligations, on the ground of our legitimate interest or on the basis of consent. Legal ground is, in particular:

• Obligations arising from the law (especially the Labor Code, the Employment Act, etc.)
• Employer’s legitimate interest
• Applicant’s consent

6. Purpose of personal data processing

Purpose of processing:

• Recruitment of applicants for new or free work positions (Recruitment)

Closer specification:

• Company searches for people, who could represent new employees of the Company, actively.
• We need to assess if our future potential colleagues have the education, experiences, skills and personal prerequisites necessary for the position they are recruited for.
• Company processes curriculum vitae and other data on the basis of consent of the applicant, provided to the recruitment agency, so such consent may come also from such agency.
• In the event the applicant is not successful during the recruitment procedure and provides his/her consent to the Company to keep his/her data for the case any other position becomes vacant such applicant is interested in, the Company will keep the curriculum vitae of such applicant or any other shared relevant information.
• Keeping of personal data of unsuccessful applicants for a period of 6 months due to retroactive verification of results of recruitment procedure on the basis of complaint of unsuccessful applicant.

Legal ground:

• Obligations arising from the law
• Protection of rights and rightfully protected interests of the Company.
• Consent of applicant to the processing of personal data for the purpose of keeping him/her in the database of applicants for any future recruitment for vacant positions (consent necessary).

Purpose of processing:

• Preparation of employment contract or its amendments during employment.

Closer specification:

• Employment is based on an employment contract that shall be concluded in a written form. In such employment contract, mutual rights and obligations are included. During the employment, it may happen, that such contract could have to be amended.

Legal ground:

• Meeting of legal obligations, in particular: a) Labour Code
• Meeting of employment contract

7. Does the applicant have to provide us his/her personal data?

7.1 Provision of personal data is always voluntary. In the event such applicant refuses to provide us personal data for the purpose of processing, having any other legal ground for processing as the consent of applicant, such applicant could not enter the recruitment procedure as the provision of personal data for these purposes is a necessary prerequisite for the conclusion of agreement.

8. In which way we process personal data of applicants?

8.1 We perform processing of personal data on the basis of information acquired directly from the applicants, practicing students and our applicants as well as on the basis of information derived from work activities. Personal data of practicing students are processed also on the basis of information provided by their school we have an agreement on practice guarantee concluded with.

8.2 Processing is performed by assigned persons. Processing is performed manually in a paper form and by computing equipment while meeting all security standards for the administration and processing of personal data. We keep actual personal data of applicants and process it to necessary extent for the fulfilment of rights and obligations based on the employment contract.

9. How long do we keep personal data?

9.1 We process personal data of employment applicants for a period such recruitment procedure lasts. Any unsuccessful applicant may provide his/her consent to keep such personal data (his/her curriculum vitae) for the case if any work position becomes vacant. Personal data of applicants are processed for a period of employment duration. After the termination of employment, only such personal data is kept, whose keeping is necessary on the basis of legal rules or on the basis of our legitimate interest. Agreements on student practice guarantee are kept for a period of one year. After the expiration of such period, personal data is shredded, erased or anonymised.

9.2 Periods for keeping of personal data:

• Processing of personal data based on the legitimate interest of the employer - 1 year
• Personal data processed on the basis of Applicant’s consent are processed for a period of 4 years.

9.3. In the event the Candidate's personal data is processed without his/her direct acknowledgement (e.g. manually added from specialized databases such as Linkedin.com) and the Candidate does not show further interest in his personal data being processed within the recruitment procedure (e.g. through active communication via email, social networks, etc.), such personal data is processed only for a maximum of 14 days.

10. How is the personal data of applicants secured?

10.1 The security of personal data of applicants is ensured by appropriate physical or electronic procedures so no unauthorized or incidental access to personal data, its change, destruction or loss, unauthorized transfers or processing or any other misuse of personal data is allowed.

10.2 In accordance with security directive, personal data remains under physical, electronic and procedural control. For the purpose of data protections, the so-called control system of information security and related organisational and technical safeguards of protection, incl. technical, organisational and human resources measures, are defined. For maximum safety, control, technical and security procedures are executed, defined by legal rules and internal regulations. Each person, coming into contact with personal data within its work position (or within contractually adopted obligations) shall be trained and bound by confidentiality obligations.

11. Who has access to personal data of applicants?

11.1 The Company does not share your personal data with any other personal data Controller, unless it’s mandatory for the Company or it’s entitled to do so on the basis of legal rule or its legitimate interest, or if you provided consent thereto.

11.2 For the purpose of sharing of personal data with personal data processors, your consent is not necessary. We always verify the subjects that should become processors of personal data to comply with technical and organisational safety measures. With each subject that could become processor of personal data, we control, within its activities, a written agreement on personal data processing is concluded and this processor may treat such personal data only to the extent necessary for the fulfilment of his task, for the purpose of his task and for a period agreed.

11.3 We may include third subjects into some of our activities – our suppliers. Depending on the nature of respective activity, your personal data may be processed by this supplier in the status of supplier of personal data Controller.

11.4 Company forms part of the group around controlling entity Purple Holding a.s, having an outsourcing agreement concluded between each other, on the basis of which certain activities any of such entities would otherwise perform, are performed by affiliated entities and vice versa. Purple Technology s.r.o. fulfils its role of being an HR department for the other companies within the group and so, it has the status of a personal data processor.

Our suppliers are companies with their registered seat within the EEA.

11.5 Other suppliers are, in particular, the following:

• IT services providers
• Attorney and tax offices
• Subjects providing publishing and postal services
• Subjects providing shredding and archiving services
• Subjects providing advisory services
• Subjects providing employment medical services
• Subjects providing payroll services
• Subjects providing administrative services and ensuring employees’ benefits
• Subjects providing educational and training services
• External auditor

11.6 On the basis of legal rule, we may be, in certain circumstances, obliged to share your personal data without your consent with third parties (e.g. bailiffs, health insurance companies, labour offices, social security bodies, insolvency administrators) for the purpose of meeting their obligations or enforcement of decisions.

11.7 Processing of personal data of applicants by other processors is performed always on the basis of agreement on the processing of personal data. Personal data is provided to providers and third parties only to necessary extent and under conditions set by legal rules.

12. Processing of personal data of applicant in abroad

12.1 Within the European Economic Area (hereinafter referred to only as the “EEA”), free movement of personal data applies and the same rules apply to processing as in the Czech Republic.

12.2 In certain cases, our suppliers could process data in third countries (so outside of the EEA), however, always with the condition of meeting all legislative requirements.

13. What are the rights of applicant?

13.1 Each applicant has the right to access his/her personal data and following information about:

• Purpose of processing,
• Category of affected personal data,
• Recipient or category of recipients who such personal data was or will be made accessible,
• Planned period during which such personal data is stored,
• All accessible information about the source of personal data, unless acquired from the data subject.

13.2 Any applicant, who finds out or believes that the Employer processes his/her personal data in contradiction to law, may perform the following:

• Request explanation from the Employer,
• Request limited processing,
• Request the Employer to perform rectification, supplementation or erasure of personal data.

13.3 If the applicant provided his consent to the processing of his personal data, he/she may withdraw it at any time. By the withdrawal of consent, the legality of processing, based on the consent before such withdrawal, shall not be affected. Withdrawal of consent shall not affect our contractual relationship in any way.

In the event the Employer does not meet the request of such applicant, the applicant may file a complaint to the Office for Personal Data Protection.

In the event the applicant files a request related to the rights described in previous points, we will inform him about adopted measures without delay, in no later than one month after the application was received. If necessary, with regard to the difficulty and number of applications, this period could be prolonged by two months.

At his/her request, we will provide a copy of processed personal data to the applicant. If the applications, submitted by applicant, are unjustifiable or inadequate (e.g. repetitive), such applicant will be charged the fee in the amount of administrative costs or we will refuse to meet the application in full or in part.

In the event of application, submitted by applicant, we may request provision of other information or performance of activities for the purpose of verification of his/her identity. Information will be provided to the applicant in an electronic form, unless other method is requested.

14. How can the applicant contact us?

In relation to the execution of his rights and in the event of queries or information related to the treatment of applicant’s personal data, he/she may contact us at the following addresses:

• Address for physical correspondence: Masarykova 410/28, Brno 602 00
• Email: HR@purple-technology.com
• Email: dpo@Purple-technology.com

15. Final provisions

15.1 Privacy policy is issued in writing and accessible to all applicants in an electronic form. The counterpart is stored at the HR, Legal & Compliance Departments. Applicant received it during the first contact.

15.2 Interpretation of Privacy policy and related generally binding legal rules shall be provided to the applicants, if necessary, by:

• HR Department;
• Legal & Compliance Department

15.3 Any proposal for amendments or supplementations to the Privacy policy are submitted to the HR Department. Amendments and supplements to the Privacy policy are accepted and issued in writing by a statutory body of the Company.

15.4 Company shall inform the applicant about any issue, amendment or suspension of the Privacy policy sufficiently in advance before any publishing, amendment or suspension comes into effect.

15.5 Privacy policy comes into effect on April 1, 2021.

 

---

Consent to Personal Data Processing

I, undersigned below, hereby provide my content to

Company name: Purple Technology s.r.o.

Company ID: 29364973

Registered seat: Masarykova 410/28, Brno-město, 602 00 Brno

File No.: C 75634 held at the Regional Court in Brno

(hereinafter referred to only as the “Controller” or “Company”),

to process the following personal data in terms of the Regulation (EU) 2016/679, on Personal Data Protection (hereinafter referred to only as the “GDPR”):

• Address and identification data (name, surname, titles, date of birth, permanent residence address).
• Contact data (phone number, e-mail).
• Curriculum vitae, motivational letter.
• Data from the test – results and information acquired from tests such applicant filled/provided within the recruitment procedure.
• Work reference – recommendations from previous employers, including the data acquired from their verifications.
• Other information (e.g. information acquired during the interviews or any other information provided by the applicant).
• Information the applicant decided to share with the Company within the recruitment procedure voluntarily – the scope of such personal data is defined on a case-by-case basis, as it depends on the fact which information such applicant decides to share with the Company (e.g. Company does not require photography or birth certificate number to be sent by the applicant. However, some applicants send their photography or their birth certificate number as e.g. part of their curriculum vitae to the Company.)

(hereinafter referred to only as the “Personal Data”)

On the basis of recruitment procedure for work position in accordance with internal regulation – recruitment privacy policy (hereinafter referred to only as the “Internal Regulation”), I have provided Personal Data to the Controller for the following purpose:

• Recruitment of employees for new or vacant work positions (Recruitment)

Within the recruitment, the Controller may process Personal Data on the basis of his legitimate interest (even without any consent) for the period of 1 year.

Controller intends to process my Personal Data for the purpose of recruitment for other future work positions or for a direct replacement of recruited applicant, for a longer period of time. This consent is provided for a period of 4 years. This consent may be prolonged.

I hereby provide my explicit consent to the processing stated above. I may withdraw my consent at any time, e.g. by sending an e-mail or correspondence to the contact data of the Company:

• Address for physical service: Masarykova 410/28, Brno 602 00
• Email: HR@purple-technology.com
• Email: dpo@Purple-technology.com

 

Processing of Personal Data is performed only by the Controller. However, Personal data may be processed also by external Processors:

• Software providers.
• Any other providers and entities/individuals cooperating with the Controller in the area of accounting and law.

 

I take into account that I have the following right on the basis of act on Personal Data Protection:

• Withdraw consent at any time.
• Request information from the Controller what Personal Data he processes.
• Submit complaint against processing.
• Request access to such data from the Controller and update or correct it.
• Request erasure of such Personal Data from the Controller.
• In the event of doubts about the observance of obligations related to the processing of Personal Data, to request the Controller or the Office for Personal Data Protection.

 

Data may not be provided to third countries.

I PROVIDE MY EXPLICIT CONSENT TO THE ABOVE-STATED