Last Updated: May 1, 2020
This privacy policy aims to provide all information on the processing of personal data carried out by uCV Tech OÜ when the user browses the website and uses the services of the Site (as further described below).
uCV Tech OÜ, headquartered in Tallinn (Estonia), registration number at the Chamber of Commerce no. 16824430 (hereinafter, the “Controller”), owner of the website ucv.online (hereinafter, the “Site”), as the controller of the processing of personal data of the users of the Site (hereinafter, collectively, the “Users”) provides the following privacy policy pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, “Regulation”, or the “Applicable Law”).
The Controller places great importance on the right to privacy and the protection of its Users' personal data.
Users can contact the Controller at any time using the following methods:
A Data Protection Officer (DPO) has not been appointed as the Controller is not subject to the obligation set forth in Article 37 of the Regulation.
By browsing the Site, one can use an online service aimed at job search and offer, offering two types of functionalities: one for job seekers (hereinafter, “Individual Account”) and the other for companies or employers interested in searching for personnel (hereinafter, “Organization Account”).
The services offered are (all collectively, the “Services”):
This Site and Services are reserved for persons who are eighteen years of age or older. Therefore, the Controller does not collect personal data related to individuals under 18 years old. At the Users' request, the Controller will promptly delete all personal data collected unintentionally relating to individuals under 18 years old.
The Users' personal data will be lawfully processed by the Controller for the following processing purposes:
a) Contractual obligations and provision of Services: to allow navigation of the Site or to execute the General Terms and Conditions of the Site, which the User accepts during the registration phase; to fulfill specific requests of the User.
More specifically,
1. concerning Individual Accounts, the Controller will collect, at the time of registration on the Site, registry data, contact data, desired job position, level of experience, professional experiences, education, skills and abilities, lifestyle information and availability, as well as any other personal information voluntarily published within their CV, including, where deemed necessary by the Individual Account, data belonging to special categories (for example, membership in protected categories);
2. concerning Organization Accounts, the Controller will collect registry data, contact data, organization name, staff information, Company data, contract terms, company policies, and all personal information voluntarily published about open positions.
Unless the User gives the Controller specific and optional consent to process their data for the further purposes provided for in the subsequent paragraphs, the Users' personal data will be used by the Controller solely to verify the User's identity (including through email address validation), thereby avoiding possible fraud or abuse, and to contact the User for service reasons only (e.g., sending links/OTPs for Site access and notifications regarding the services offered on it).
By registering on the Site, the Individual Account is made aware that all shared data will be made public through the Site itself (hereinafter, the “Public Data”), except for (i) contact data (email and/or phone) and (ii) surname (which, if the User decides to keep it private, will be replaced with the initial followed by a period), which will be made available only to Organization Accounts after the User's authorization, for example, following an application for a job offer (hereinafter, the “Reserved Data”).
In any case, the Individual Account may revoke the authorization given to individual Organization Accounts for viewing Reserved Data at any time. The User can also choose to make their surname public to all Users of the Site, regardless of applications.
Providing personal data for the processing purposes mentioned above is optional but necessary, as failure to provide such data will make it impossible for the User to make their request to the Controller.
Personal data necessary for pursuing the processing purposes described in this paragraph 3 are indicated with an asterisk within the request form.
Some personal data of the Individual Account like first name, last name, email address may also be processed by the Controller for the purpose of sending (i) notifications and alerts (for instance, concerning the posting of a job ad matching their profile, etc.) and/or (ii) communications from Organization Accounts (for instance, a request for an appointment for an interview, etc.) and/or (iii) essential notifications for the functioning of the Site (for instance, notifications of activation/deactivation of services and other transactional messages).
Failure to provide consent will not affect the possibility of registering on the Site in any way.
If consent is given, the Individual Account may revoke it at any time by making a request to the Controller using the methods indicated in the following paragraph 9.
Additionally, the Individual Account can easily oppose further sending of alerts and messages (excluding essential notifications) through their reserved area of the Site. After revoking consent, the Controller will show the Individual Account a confirmation message stating that the consent revocation was successful.
Some personal data of the User, like first name, last name, email address may also be processed by the Controller for the purpose of sending newsletters. Therefore, the User will periodically receive a newsletter from the Controller containing relevant information and updates about news related to the activities of the Site.
Failure to provide consent will not affect the possibility of registering on the Site in any way.
If consent is given, the User may revoke it at any time by making a request to the Controller using the methods indicated in the following paragraph 9.
Additionally, the User can easily oppose further promotional communications by clicking the specific link to revoke consent present in each email containing the newsletter. After revoking consent, the Controller will show the User a confirmation message stating that the consent revocation was successful.
Contractual obligations and provision of Services (as described in paragraph 3, letter a)): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, which means the processing is necessary for the performance of a contract to which the User is a party or to take steps at the User's request prior to entering into a contract.
Administrative-accounting purposes (as described in paragraph 3, letter b)): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, since the processing is necessary for the performance of a contract and/or to take steps at the User's request prior to entering into a contract.
Legal obligations (as described in the preceding paragraph 3, letter c)): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, since the processing is necessary for compliance with a legal obligation to which the Controller is subject.
Further processing purposes: for the processing relating to the activities of (i) sending notifications, alerts, and messages and (ii) sending newsletters (as described in the preceding paragraph 4.1)), the legal basis is Article 6, paragraph 1, letter a) of the Regulation, meaning the data subject’s consent to the processing of their personal data for one or more specific purposes. For this reason, the Controller requests that the User provide specific, free and optional consent to pursue these processing purposes.
In case of processing by the Controller of special category data published by the Individual Account within their CV, the legal basis will be Article 9, paragraph 2, letter e): the processing relates to personal data which are manifestly made public by the data subject.
The Controller will process Users’ personal data using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the same data.
The personal data of the Site’s Users will be retained for the period strictly necessary to carry out the primary purposes outlined in the preceding paragraph 3, or in any case according to what is necessary for the protection in civil proceedings of the interests of both the Users and the Controller.
In the cases referred to in the preceding paragraphs 4.1 and 4.2, the personal data of the Users will be retained for the period strictly necessary to carry out the purposes illustrated and, in any case, until the User revokes their consent.
In any case, any retention periods provided for by law or regulations are preserved.
The User’s personal data may be transferred outside the European Union and, in such cases, the Controller will ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in compliance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.
Employees and/or collaborators of the Controller appointed to manage the Site and User requests may become aware of the Users' personal data. These individuals, who have been instructed by the Controller pursuant to Article 29 of the Regulation, will process the Users' data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.
Third parties who may process personal data on behalf of the Controller as Data Processors may also become aware of the Users' personal data, such as, by way of example, providers of IT and logistics services functional to the operation of the Site, outsourcing or cloud computing service providers, professionals and consultants. Specifically, Rchilli Inc., as Data Processor, may access (without the possibility of storing them) the personal data of Individual Accounts in case of using the CV digitization function.
Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller using the methods indicated in the following paragraph 9.
Users can exercise the rights granted to them by the Applicable Law by contacting the Controller using the following methods:
Some rights, such as, by way of example but not limited to, the revocation of consents and authorizations towards Organization Accounts, can be exercised by accessing the Privacy Settings section of their Account.
Pursuant to the Applicable Law, the Controller informs that Users have the right to obtain indication (i) of the origin of the personal data; (ii) of the purposes and methods of the processing; (iii) of the logic applied in case of processing carried out with the aid of electronic instruments; (iv) of the identification details of the controller and processors; (v) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as processors or persons in charge.
Furthermore, Users have the right to obtain:
In addition, Users have: