issued by the company Marians List s.r.o., ID No.: 23050471, with its registered office at Karolinská 654/2, 18600, Prague 8, Czech Republic, registered in the Commercial Register maintained by the Municipal Court in Prague, File No. C 420585 (the "us", "Marian's List" or "Controller").

We do not take the protection of personal data lightly. In this Privacy Policy, you will find out for what purpose, for what reason and how we process your Personal Data. You will also find information on what your rights are in relation to the protection of Personal Data.

If you have any further questions about the processing of your Personal Data, please contact us at e-mail info@marianslist.com.

 

1. DEFINITIONS

To make the text easier to read, we will simplify your reading with a few terms we use in this Privacy Policy:

Agreement - agreement between Marian's List and the Client for the provision of Services (within the framework of individual orders as well as long-term cooperation), i.e. primarily for the selection and recruitment of employees or job hunting, but also for other Services provided by Marian's List;

Client - a person who has entered into the Agreement with us, whether as the Employer or the Candidate;

Employer - is an entrepreneur who has decided to use our Services to fill job positions within his/her business, or uses our other Services, therefore is our Client;

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council;

Job applicant - is a job candidate who has decided to use our Services to secure employment or to monitor vacancies on the labour market and is therefore our Client;

Newsletter - usually an e-mail or SMS message sent to the addressee for the purpose of promoting similar products and services; a newsletter is often used for commercial communications;

Personal Data - any information on the User on the basis of which the User can be directly or indirectly identified;

Processing of Personal Data - means any operation or set of operations with the Personal Data or sets of Personal Data that is carried out with or without the aid of automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction;

Processor - we use other entities that process Personal Data on the basis of a contract or other mandate for the Controller;

Service - is a service in the field of HR, within which Marian's List provides Candidates with job searching services and recommend them to the Employers and other similar HR services;

Special category of Personal Data - data that we consider to be more sensitive. For example, it relates to what your ethnicity is, what your sexual orientation is, whether you are in a trade union, how your health is, or what your faith is. Genetic and biometric data are also considered to be a special category of data if they are processed for the purpose of uniquely identifying a natural person;

User / you - a natural person to whom the Personal Data relate, most often this is the Client or a potential client, or the user of our Website, also referred to as "you";

Website - are the websites operated by the Controller: www.marianslist.com.

2. HOW DO WE APPROACH THE PROCESSING OF PERSONAL DATA?

Your privacy is our priority, so we only request Personal Data from you that is necessary to provide the Services. Our Services comply with the standards required by the GDPR. If you entrust us with your data, we undertake to treat it in accordance with the relevant legislation that applies to you (GDPR, CCPA, etc.). Our Processing of Personal Data may also adapt to the specific legislation in the countries of processing, but the minimum standard for us is in any case the GDPR. We inform you about your rights in relation to Personal Data below.

We also use artificial intelligence (AI) in the processing of Personal Data where justified. However, we do not use it for automated decision-making or profiling within the meaning of the GDPR (in particular Article 22). All processing of Personal Data is subject to human discretion, the AI itself does not make any decisions about you. We use AI primarily for the provision of HR Services, in particular for searches and optimizations, and we use it similarly for our internal HR services.

3. WHAT OUR ROLE IS IN RELATION TO PERSONAL DATA

With respect to the Services we provide, we may find ourselves in the position of both Controller and Processor in relation to Personal Data.

When does this Privacy Policy apply? This Privacy Policy applies only to situations where we are in the position of Controller unless otherwise stated in the Privacy Policy. Please note that this Privacy Policy applies to the Processing of Personal Data of our Users, not their customers or other personal data subjects.

A. MARIAN'S LIST AS THE CONTROLLER

When does Marian's list act as Controller? In relation to the Users, we act as the Controller. You have entrusted us with certain information about yourself (e.g. your name and email).

An overview of the Personal Data we process, including the reasons for processing it, can be found below. If anything is unclear, please do not hesitate to contact us at info@marianslist.com.

Transfer of Personal Data to independent controllers. If you provide us with your Personal Data, you agree and expect that it will be transferred to selected employers as independent controllers of such Personal Data. You will be informed of any transfer. We will request your consent before each transfer of Personal Data; we will not transfer your Personal Data to anyone without your prior consent, even if the Employer has requested it.

Other Processors. In order to provide you with the best quality of our Service, we involve other entities to do so. We have concluded the necessary contracts with all of them and require the highest possible level of protection and security for Personal Data. You can find all of our processors in Section 7 of this Privacy Policy.

B. MARIAN'S LIST AS THE PROCESSOR

When does Marian's list act as a processor? We provide Services in the HR industry. Because of this, we may find ourselves, particularly with the Employers, as a processor of Personal Data for some of the types of Services. If we process Personal Data of personal data subjects in respect of whom you are a controller, then we do so on your behalf as a processor, and in accordance with your instructions (i.e. the User's instructions). The protection of Personal Data and the rights and obligations arising therefrom are governed in this case by the Data Processing Agreement (DPA).

If you are another personal data subject whose Personal Data is processed by one of our Users (in particular the Employer), we recommend that you carefully read their documentation regarding the Processing of Personal Data. This should tell you how that User collects and uses information about you. If our User has provided us with your Personal Data and you wish to exercise any rights, please check directly with the relevant User. Our employees have limited ability to access your Personal Data. If, nevertheless, you wish to submit your request regarding the exercise of rights relating to your Personal Data directly to Marian's list please also provide the name of our User. We will forward your request to that customer as soon as possible.

Sub-processors. We involve other entities in the provision of the Services. If we find ourselves in the position of the processor, we may use other sub-processors in accordance with the Personal Data Processing Agreement (DPA). We and our sub-processors have very limited access to your data that you store in the system, i.e. Personal Data for which you are the personal data controller, although we ensure that our sub-processors are committed to providing the same level of protection for Personal Data as we do.

4. WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU?

How do we process your Personal Data? We process your Personal Data only to the extent necessary to achieve the purpose for which the data was collected and we comply with technical and organizational security rules when processing it. The process of processing Personal Data is automated, however, there is no automated decision-making, nor do we carry out profiling. The specific purposes of the data processing and the categories of Personal Data we process for each purpose are set out in the following section. As a general rule, we only hold the following data about you. If we also process other Personal Data about you, we will inform you of this directly under the specific purpose of processing.

We process the following types of Personal Data:

 

• Name and surname

• Contact details (in particular your email, telephone number) and other information you voluntarily provide

• Billing information and bank details (data necessary for bookkeeping and making payments)

• Comments posted by you to our posts on social networks (in particular Facebook and LinkedIn), as well as your profile name (nickname) on these social networks and your publicly accessible information on your profiles

• CV information (details of former employment, LinkedIn profile, education, interests, skills, certifications and other information you provide as part of the recruitment process)

• Details in an enquiry sent by a customer or other person

• Registration for our Services (in particular the data filled in by the Client in the context of expressing interest in our Services)

• Information you disclose to us when communicating with us (this will include in particular your questions and answers to your questions, communication with you)

• Cookies and IP address, activity data (including information about your device or operating system)

• HR information (any Personal Data relating to HR that you provide to us in interviews and is relevant)

Special categories of Personal Data. We do not process any Personal Data of a sensitive nature about you.

5. MARIAN'S LIST INTERNAL PROCESSING

In this section you will learn how we process Personal Data for our internal purposes. This section applies to you in particular if you visit our Website or wish to become part of our team. If you have any further questions about the processing of your Personal Data, you can contact us at info@marianslist.com.

A. USERS OF OUR WEBSITE

If you visit our Website, we process your Personal Data for the purposes set out below. In order to subscribe to our Newsletter, you must provide us with your consent to process some of your Personal Data.

Access to the Website

Why? Providing basic functions of our Website, analytics, improving our Services. We also process Personal Data to show you relevant content or our advertising on other websites. You can set preferences in the cookie bar. The legal basis for processing Personal Data is consent (analytics, marketing cookies) or our legitimate interest (necessary cookies).

What data? Information about when and how you visit and browse our Website, which may include: your IP address, the date and time you accessed our Website, information about your Internet browser, operating system or language settings, and your history on the Website. If you visit our Website via a mobile phone, we may also process data about your phone.

How? Cookies or other technologies to track User behavior.

How long? The length of processing varies depending on the type of cookies. Some process data only for a session (visit), and some for longer.

Communication with the Users, requests and complaints

Why? By submitting an enquiry, you consent to the processing of Personal Data for the purpose of dealing with the enquiry.

What data? Name, surname, telephone number, e-mail, name of your company, other information you provide us.

How? We process Personal Data necessary for the purpose of processing the enquiry. Communication takes place by telephone, e-mail or directly on our Website.

How long? Closed queries are periodically deleted, but no later than 3.5 years after the query was submitted.

Sending Newsletters (direct marketing)

Why? You have subscribed to our Newsletter. If you no longer wish to receive it, you can unsubscribe in the footer of the email. We send Newsletters on the basis of your consent.

What data? Name, surname, telephone number and e-mail.

How? We send the Newsletter to inform you about our Services and news.

How long? The data is processed for a period of 2 years from the last active viewing of the Newsletter, unless you unsubscribe earlier.

Blog, social networks, contests and other promotions

Why? Please note that any information you put in a comment on our blog can be viewed by anyone. We may conduct surveys, run contests or other promotions on our Website or through social media, including contests conducted as raffles. By entering a competition, you also agree to receive a Newsletter.

What data? Name and surname, address, date of birth, telephone number, e-mail address, username and similar data.

How? Any information, communications or materials provided through a social media platform are also provided in accordance with the privacy policies of those platforms.

How long? We keep your comments on a post for as long as it is published on our profile, unless you ask us to delete your comment sooner. In the case of competitions, the data is processed for 3.5 years after the end of the competition, unless you withdraw your consent earlier.

6. PROVISION OF SERVICES

A. SERVICES VIA OUR WEBSITE

In this section, you will learn how we process Personal Data if you choose to become a Client (Candidate or Employer) through www.marianslist.com. This section applies to you in particular as a Candidate or Employer or potential Candidate or Employer.

Access to the Website

Why? Providing basic functions of our Website, analytics, improving our Services. We also process Personal Data to show you relevant content or our advertising on other websites. You can set preferences in the cookie bar. The legal basis for processing Personal Data is consent (analytics, marketing cookies) or our legitimate interest (necessary cookies).

What data? Information about when and how you visit and browse our Website, which may include: your IP address, the date and time you accessed our Website, information about your Internet browser, operating system or language settings, and your history on the Website. If you visit our Website via a mobile phone, we may also process data about your phone.

How? Cookies or other technologies to track User behavior.

How long? The length of processing varies depending on the type of cookies. Some process data only for a session (visit), and some for longer.

Sending a quote

Why? You may contact us to request a quote for our Services by contacting us at info@marianslist.com. By submitting the form, you consent to the processing of your Personal Data for the purpose of sending you a quote and to subsequent communications.

What data? Name, surname, telephone number, e-mail, name of your company, other information you provide us.

How? In order to process the request for a quote, we process Personal Data that is necessary for the preparation of the offer and the eventual conclusion of the Agreement. The communication takes place by phone, e-mail or on our Website.

How long? Closed requests are deleted periodically, but no later than 3.5 years after the request. In the event that the Agreement is signed, Personal Data is processed for the duration of the Agreement and subsequently for 4 years after the end of the Agreement.

Conclusion of the Agreement

Why? In order for us to provide you with our Services, you must first enter into the Agreement with us. In this case, we process your Personal Data on the basis of your consent. Once the Agreement is concluded between us, we will process the Personal Data for the purpose of performing the Agreement.

What data? In order to enter into the Agreement we will need your name, surname, date of birth and address.

How? You will provide us with this information when you fill in the contact form and/or in our communication to conclude the Agreement.

How long? The data is processed for the duration of the Agreement and thereafter for a period of 4 years from the end of the Agreement.

Provision of the Service to Candidates

Why? As a Candidate, we will generally provide you with the Service of job placement. The processing is based on the performance of the Agreement.

What data? These are the details you provide to us in your submitted resume: name and surname, address, date of birth, phone number, email address, optionally a link to social media, information about previous employment, education, interests, skills, and certifications. We do not process the Special category of Personal Data.

How? You provide this information when using the Services for the purpose of performance of the Agreement.

How long? We process the data for the duration of the Service and for 4 years after its termination unless you request earlier removal from the database.

Sending Current Job Offers to Candidates

Why? If we provide the Service of job placement we have a legitimate interest in occasionally offering you other suitable job positions. We also have a legitimate interest in keeping you informed about similar job opportunities, unless you previously express your objection. This way, you won't miss any interesting job offers, while we will respect your preferences.

What data? These are the details you provide in your submitted resume: name and surname, address, date of birth, phone number, email address, optionally a link to a social network, information about previous employment, education, interests, skills, and certifications. We do not process Special Categories of Personal Data.

How? Communication typically takes place via email, or by phone if further clarification is needed regarding the job position.

How long? We process the data for the duration of the Service and for 4 years after its termination, unless you request earlier removal from the database. You also have the option to choose whether we can offer you another available job position from the same employer or from other employers.

Satisfaction rating and questionnaire

Why? We have a legitimate interest in finding out whether you were satisfied with our Services and if you chose the recommended Employer.

What data? Name, surname, email and information about your potential positions.

How? Unless you have previously opted out (e.g., during an order process), we will disclose certain Customer Personal Data to a third party for the purpose of evaluating customer satisfaction.

How long? We process the data for the duration of the Candidate's contractual relationship with us and subsequently for 4 years after its termination.

Provision of Service to Employers

Why? As an Employer, we will generally provide you Services according to our Agreement. We will recommend Candidates to you according to their job profile. The processing is based on the performance of the Agreement.

What data? These are the details you provide for a specific Service. At a minimum, this includes name, surname, phone number, email, and all Personal Data of your employees that we process for you.

How? You provide this information when using the Services for the purpose of performance of the Agreement.

How long? We process the data for the duration of the Service and for 4 years after the termination of the Agreement.

Communication with customer support, requests and complaints

Why? You can send us a query by email, phone or via the Website. By submitting your inquiry, you consent to the processing of your Personal Data for the purpose of handling your inquiry.

What data? Name, surname, phone number, email, invoice number.

How? For the purpose of handling inquiries, requests, or complaints, we process the Personal Data necessary for their resolution. Communication takes place via phone or email.

How long? Closed inquiries and complaints are regularly deleted, but no later than 3.5 years after the inquiry was made or the complaint was resolved.

Direct Marketing, including Newsletters

Why? If you use our Services or have subscribed to our Newsletter, we will send you the Newsletter. If you no longer wish to receive it, you can unsubscribe via the link in the email footer. We process your Personal Data based on our legitimate interest or your consent.

What data? Name, surname, email address, company name, and your job position.

How? We send Newsletters to inform you about our Services and other updates.

How long? The data is processed for 2 years from your last active viewing of the Newsletter unless you unsubscribe earlier.

Accounting

Why? We are paid a remuneration for the provision of the Services and issue you with accounting and tax documents, which we then archive and continue to work with for the purposes of proper accounting and compliance with legal obligations.

What data? Invoice data - name, surname, e-mail address, billing address, or other identification of the User and details of performance under the Agreement.

How? After filling in the payment information in the profile, we will save this information to create an invoice.

How long? We are legally obliged to archive or retain the relevant document, the period depends on what the law requires (3-10 years).

Sending information related to the performance of the Agreement

Why? This includes any necessary communication for the purpose of performance of the Agreement.

What data? Name, surname, email address, billing address, or other User identification and details regarding the fulfillment of the Agreement.

How? We also process your Personal Data for the purpose of sending information related to our contractual relationship.

How long? The data is processed for the duration of the contractual relationship and subsequently for 4 years after the termination of the Agreement.

Compliance with legal obligations

Why? In certain cases, we must process your Personal Data in order to comply with obligations imposed by law.

What data? In particular, this may include name, surname, email address, billing information, or other identification of the User.

How? In this case, we process your Personal Data in order to comply with the applicable law (compliance with a legal obligation).

How long? We process your Personal Data for the period of time specified by the applicable law.

7. WHO ARE OUR PROCESSORS?

Processors. We only use proven Processors with whom we have concluded a written contract and who provide us with at least the same guarantees as we provide to you. We have set out above the data that Processors may process, including the purpose and legal title of the processing. Details of the processors are available on request.

We list below the Processors for our internal purposes and for the provision of the Services:

Website operation and its security: Railway (https://railway.com)

Regular Website traffic analysis: Google Analytics (https://developers.google.com/analytics)

Provision of Services: React framework (https://react.dev), Jotai state manager (https://jotai.org), Airtable database (https://www.airtable.com/guides/build/create-your-database), Vite bundler (https://vite.dev), Express.js server (http://express.js)

Inquiry handling, communication with us: Gmail (https://workspace.google.com/intl/cs/gmail/)

Accounting: Fakturoid (https://www.fakturoid.cz)

Marketing and Social media: LinkedIn (https://www.linkedin.com)

Legal obligations. We may transfer Personal Data to third parties other than our Processors if required to do so by law or in response to lawful requests by public authorities or a court order in litigation.

8. CHILDREN AND MINORS

Our Services are intended for persons over 18 years of age. We do not knowingly process the personal data of children and minors under this age, except in justified cases. It is possible under the law for us to have people over the age of 15 to apply for certain positions, in which case we will take reasonable steps to process their Personal Data. However, we do not intend to actively process such Personal Data.

We have drafted this Privacy Policy to be as clear as possible. However, if you are under the age of 18, use our Service and this Personal Data Processing Policy is not sufficiently clear to you, please contact us at info@marianslist.com.

9. WHAT MEASURES HAVE WE TAKEN TO PROTECT YOUR PERSONAL DATA?

Technical measures. Security is very important to us and we are constantly working to ensure that your Personal Data is protected. When choosing appropriate measures, we take into account the extent of processing, the risks involved in the processing, or the state of our technology.

- we regularly back up data;

- we update our antivirus software systems;

- we encrypt data using SSL/TLS ("secure sockets layer/transport layer security") for all data transmissions;

- we use secure https protocol;

- we develop our technology with privacy by design in mind;

- access passwords to information systems (where Personal Data will be processed) and access permissions are controlled at the individual level.

Organizational measures. We have adopted and are committed to the following measures:

- our employees and our service providers are bound by confidentiality;

- our employees are properly trained and also receive further regular training on GDPR and are familiar with the rules of safe working on work equipment;

- in case of API key retention, we remove authorization data;

- access to all systems including the IT system is personalized and covered by secure passwords.

10. YOUR RIGHTS AND THE POSSIBILITY TO FILE A DATA PROTECTION REQUEST

In relation to the protection of personal data, you are guaranteed the rights described below, which you can exercise:

- e-mail info@marianslist.com,

- by post at the address of the registered office at Karolinská 654/2, 18600, Prague 8, Czech Republic.

How quickly can we process your request? We will respond within one month at the latest. If providing the information would jeopardize the privacy of others, or would be disproportionate to the risks or costs of providing it, we may not be able to comply. In order to deal with your request as soon as possible, we may need to verify your identity. In the event of a repeated request, the Controller will be entitled to charge a reasonable fee for a copy of the Personal Data.

Right of access to personal data

We will confirm whether we are processing your Personal Data.

You have the right to be informed about the purposes of the processing, the categories of Personal Data, the recipients to whom it is disclosed, and the duration of the processing.

You have the right to know whether any right has already been exercised.

It is also a prerequisite that the rights and freedoms of other persons will not be adversely affected.

Right to rectification of inaccurate data

You have the right to request the correction of inaccurate personal data.

Right to erasure

If there is no other reason to further process the data, we will delete or anonymise the data requested by you.

Right to restriction of processing

Please contact us if you believe that we are processing data incorrectly. Whether it is the reasons for the processing or the extent of the processing.

Right to be notified of rectification, erasure, or restriction of processing

If you contact us with your request, we will inform you of the result. Sometimes we may not be able to comply (e.g. the email address from which you wrote to us is no longer working).

Right to portability of personal data

We will provide the Personal Data that you have provided to us in a structured and machine-readable format to another controller of personal data at your request.

Right to object to the processing of personal data

If we process your data on the basis of a legitimate interest (e.g. sending a Newsletter). It is up to us to prove our legitimate interest. If your objection is justified, we will stop processing Personal Data.

Right to withdraw consent to the processing of personal data

If you have changed your mind, please let us know. Processing for marketing and commercial purposes can be revoked at any time.

Automated individual decision-making, including profiling

Don't want to be decided by a computer? We respect your rights, so we do not carry out profiling. We provide a Service, where your Personal Data may be processed automatically.

11. CONCLUSION

This Privacy Policy may only be amended in writing. You will be informed of this via our Website.

If you have any questions about our Privacy Policy, please contact us at info@marianslist.com.

If you are dissatisfied, you may at any time file a complaint with the Office for Personal Data Protection, located at Pplk. Sochora 727/27, 170 00 Prague 7 - Holešovice, Czech Republic (more information at www.uoou.cz).

This privacy policy replaces all previous documents on the processing of Personal Data and takes effect on info@marianslist.com.