Privacy Policy & GDPR

Last Updated: May 1, 2020

This privacy policy aims to provide all information on the processing of personal data carried out by uCV Tech OÜ when the user browses the website and uses the services of the Site (as further described below).

1. INTRODUCTION - WHO ARE WE?

uCV Tech OÜ, headquartered in Tallinn (Estonia), registration number at the Chamber of Commerce no. 16824430 (hereinafter, the “Controller”), owner of the website ucv.online (hereinafter, the “Site”), as the controller of the processing of personal data of the users of the Site (hereinafter, collectively, the “Users”) provides the following privacy policy pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, “Regulation”, or the “Applicable Law”).

2. HOW TO CONTACT US? 

The Controller places great importance on the right to privacy and the protection of its Users' personal data. 

Users can contact the Controller at any time using the following methods:  

  • By sending a registered letter with acknowledgment of receipt to the Controller's headquarters in Tallinn (Estonia), at Harju maakond, Kesklinna linnaosa, Tornimäe tn 3 // 5 // 7, 10145;
  • By sending an email to: [email protected]

A Data Protection Officer (DPO) has not been appointed as the Controller is not subject to the obligation set forth in Article 37 of the Regulation. 

3. WHAT DO WE DO? – PURPOSES OF PROCESSING  

By browsing the Site, one can use an online service aimed at job search and offer, offering two types of functionalities: one for job seekers (hereinafter, “Individual Account”) and the other for companies or employers interested in searching for personnel (hereinafter, “Organization Account”).

The services offered are (all collectively, the “Services”):

  1. Service for Individual Account:
  1. Free functionalities: Individual Accounts can use the service for free to create their Curriculum Vitae (CV), either from scratch or from an existing resume to be digitized. They can enter contact information, previous work experiences and specify the type of job opportunities they are looking for.
  1. Service for Organization Account:
  1. Free functionalities: Organization Accounts can post job ads for free to find the professional figure most suited to their needs;
  2. Premium functionalities: for advanced use, Organization Accounts have the option, for a fee, to contact more candidates simultaneously and sponsor published job ads to gain more visibility.

This Site and Services are reserved for persons who are eighteen years of age or older. Therefore, the Controller does not collect personal data related to individuals under 18 years old. At the Users' request, the Controller will promptly delete all personal data collected unintentionally relating to individuals under 18 years old.

The Users' personal data will be lawfully processed by the Controller for the following processing purposes: 

a) Contractual obligations and provision of Services: to allow navigation of the Site or to execute the General Terms and Conditions of the Site, which the User accepts during the registration phase; to fulfill specific requests of the User.

More specifically,

1. concerning Individual Accounts, the Controller will collect, at the time of registration on the Site, registry data, contact data, desired job position, level of experience, professional experiences, education, skills and abilities, lifestyle information and availability, as well as any other personal information voluntarily published within their CV, including, where deemed necessary by the Individual Account, data belonging to special categories (for example, membership in protected categories);

2. concerning Organization Accounts, the Controller will collect registry data, contact data, organization name, staff information, Company data, contract terms, company policies, and all personal information voluntarily published about open positions.

Unless the User gives the Controller specific and optional consent to process their data for the further purposes provided for in the subsequent paragraphs, the Users' personal data will be used by the Controller solely to verify the User's identity (including through email address validation), thereby avoiding possible fraud or abuse, and to contact the User for service reasons only (e.g., sending links/OTPs for Site access and notifications regarding the services offered on it).

By registering on the Site, the Individual Account is made aware that all shared data will be made public through the Site itself (hereinafter, the “Public Data”), except for (i) contact data (email and/or phone) and (ii) surname (which, if the User decides to keep it private, will be replaced with the initial followed by a period), which will be made available only to Organization Accounts after the User's authorization, for example, following an application for a job offer (hereinafter, the “Reserved Data”).

In any case, the Individual Account may revoke the authorization given to individual Organization Accounts for viewing Reserved Data at any time. The User can also choose to make their surname public to all Users of the Site, regardless of applications.

  • a) Administrative-accounting purposes, that is, to carry out organizational, administrative, financial, and accounting activities, such as internal organizational activities and functional activities for fulfilling contractual and pre-contractual obligations;
  • b) Legal obligations, that is, to comply with obligations established by law, by an authority, by a regulation, or by European legislation.

Providing personal data for the processing purposes mentioned above is optional but necessary, as failure to provide such data will make it impossible for the User to make their request to the Controller.

Personal data necessary for pursuing the processing purposes described in this paragraph 3 are indicated with an asterisk within the request form.

4. FURTHER PROCESSING PURPOSES

1. Sending notifications, alerts, and messages

Some personal data of the Individual Account like first name, last name, email address may also be processed by the Controller for the purpose of sending (i) notifications and alerts (for instance, concerning the posting of a job ad matching their profile, etc.) and/or (ii) communications from Organization Accounts (for instance, a request for an appointment for an interview, etc.) and/or (iii) essential notifications for the functioning of the Site (for instance, notifications of activation/deactivation of services and other transactional messages).

Failure to provide consent will not affect the possibility of registering on the Site in any way.

If consent is given, the Individual Account may revoke it at any time by making a request to the Controller using the methods indicated in the following paragraph 9. 

Additionally, the Individual Account can easily oppose further sending of alerts and messages (excluding essential notifications) through their reserved area of the Site. After revoking consent, the Controller will show the Individual Account a confirmation message stating that the consent revocation was successful. 

2. Sending newsletters 

Some personal data of the User, like first name, last name, email address may also be processed by the Controller for the purpose of sending newsletters. Therefore, the User will periodically receive a newsletter from the Controller containing relevant information and updates about news related to the activities of the Site.

Failure to provide consent will not affect the possibility of registering on the Site in any way. 

If consent is given, the User may revoke it at any time by making a request to the Controller using the methods indicated in the following paragraph 9. 

Additionally, the User can easily oppose further promotional communications by clicking the specific link to revoke consent present in each email containing the newsletter. After revoking consent, the Controller will show the User a confirmation message stating that the consent revocation was successful. 

5. LEGAL BASIS

Contractual obligations and provision of Services (as described in paragraph 3, letter a)): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, which means the processing is necessary for the performance of a contract to which the User is a party or to take steps at the User's request prior to entering into a contract.

Administrative-accounting purposes (as described in paragraph 3, letter b)): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, since the processing is necessary for the performance of a contract and/or to take steps at the User's request prior to entering into a contract.

Legal obligations (as described in the preceding paragraph 3, letter c)): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, since the processing is necessary for compliance with a legal obligation to which the Controller is subject.

Further processing purposes: for the processing relating to the activities of (i) sending notifications, alerts, and messages and (ii) sending newsletters (as described in the preceding paragraph 4.1)), the legal basis is Article 6, paragraph 1, letter a) of the Regulation, meaning the data subject’s consent to the processing of their personal data for one or more specific purposes. For this reason, the Controller requests that the User provide specific, free and optional consent to pursue these processing purposes.

In case of processing by the Controller of special category data published by the Individual Account within their CV, the legal basis will be Article 9, paragraph 2, letter e): the processing relates to personal data which are manifestly made public by the data subject.

6. DATA PROCESSING METHODS AND DATA RETENTION PERIOD  

The Controller will process Users’ personal data using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the same data.

The personal data of the Site’s Users will be retained for the period strictly necessary to carry out the primary purposes outlined in the preceding paragraph 3, or in any case according to what is necessary for the protection in civil proceedings of the interests of both the Users and the Controller.

In the cases referred to in the preceding paragraphs 4.1 and 4.2, the personal data of the Users will be retained for the period strictly necessary to carry out the purposes illustrated and, in any case, until the User revokes their consent.

In any case, any retention periods provided for by law or regulations are preserved.

7. DATA COMMUNICATION AND DISCLOSURE

The User’s personal data may be transferred outside the European Union and, in such cases, the Controller will ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in compliance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.

Employees and/or collaborators of the Controller appointed to manage the Site and User requests may become aware of the Users' personal data. These individuals, who have been instructed by the Controller pursuant to Article 29 of the Regulation, will process the Users' data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.

Third parties who may process personal data on behalf of the Controller as Data Processors may also become aware of the Users' personal data, such as, by way of example, providers of IT and logistics services functional to the operation of the Site, outsourcing or cloud computing service providers, professionals and consultants. Specifically, Rchilli Inc., as Data Processor, may access (without the possibility of storing them) the personal data of Individual Accounts in case of using the CV digitization function.

Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller using the methods indicated in the following paragraph 9.

8. RIGHTS OF DATA SUBJECTS

Users can exercise the rights granted to them by the Applicable Law by contacting the Controller using the following methods:

  • By sending a registered letter with acknowledgment of receipt to the Controller's headquarters in Tallinn (Estonia), at Harju maakond, Kesklinna linnaosa, Tornimäe tn 3 // 5 // 7, 10145;
  • By sending an email to: [email protected]

Some rights, such as, by way of example but not limited to, the revocation of consents and authorizations towards Organization Accounts, can be exercised by accessing the Privacy Settings section of their Account.

Pursuant to the Applicable Law, the Controller informs that Users have the right to obtain indication (i) of the origin of the personal data; (ii) of the purposes and methods of the processing; (iii) of the logic applied in case of processing carried out with the aid of electronic instruments; (iv) of the identification details of the controller and processors; (v) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as processors or persons in charge.

Furthermore, Users have the right to obtain:

  • a) access, updating, rectification, or when interested, integration of the data;
  • b) erasure, anonymization, or restriction of data processed in violation of the law, including data which does not need to be kept for the purposes for which the data was collected or subsequently processed;
  • c) certification that the operations mentioned in letters a) and b) have been notified, as far as their content is concerned, to those to whom the data was communicated or disseminated, except where this requirement proves impossible or involves a disproportionate effort compared to the right being protected.

In addition, Users have:

  • a) the right to withdraw consent at any time, if the processing is based on their consent;
  • b) the right (where applicable) to data portability (the right to receive all personal data concerning them in a structured, commonly used, and machine-readable format);
  • c) the right to object:
    • i) in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection.
    • ii) in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication;
    • iii) if the personal data is processed for direct marketing purposes, at any time, to the processing of their data for such purposes, including profiling to the extent that it is related to such direct marketing.
  • d) if they consider that the processing concerning them violates the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State where they usually reside, work, or where the alleged violation occurred). The Italian supervisory authority is the Garante per la protezione dei dati personali, headquartered at Piazza Venezia no. 11, 00187 – Rome (http://www.garanteprivacy.it).

Create your CV

Sign in

For Organizations

Menu