Privacy policy

We would like to inform you about the processing of personal data during the use of our online tool INSYMBO, which is available at https://www.insymbo.com (the „Application“). The administrator of personal data is the company INSYMBO Labs s.r.o., with its registered office at Hlavní třída 904/8, 787 01 Šumperk, reg. number: 08362220, registered in the Commercial Register kept at the Regional Court in Ostrava under file no. No. C 79300 (“we”). However, we also act as processors of personal data for our clients. This client can be your employer, or a potential employer, agency, or, for example, a university. We provide these clients with services that are connected with your activities in the Application. In this document, we describe how we process your personal data.

We have also appointed a Data protection officer, which is Mgr. Tereza Kreizlová, a lawyer with registered office at Černohorská 110/2, 787 01 Šumperk, reg. number: 08893195, bar No.: 19306, e-mail: tereza.kreizlova@insymbo.com.

This Privacy Policy (the „Policy“) explains how we process personal information as a controller of personal information when you use the Application, register for the Application, or view the Application's web­site.

Don't want to read the whole Policy? Learn what each point of the Policy describes:

1. In the first point we explain what personal data we will process.
2. In the second point, we explain why we need personal data and what entitles us to do so.
3. In the third point, you will find out with whom we share your personal data.
4. In the fourth point, we explain how granting consent to the processing of personal data works.
5. In the fifth point we explain the sending of newsletters.
6. The sixth point deals with a period for which we will process your personal data.
7. The seventh point regulates the security of personal data.
8. The eighth point sets out your rights under the GDPR.
9. Appendix A deals with how we handle cookies.

We know that area of data protection uses many terms that can be more difficult to understand. Therefore, please feel free to contact us at dpo@insymbo.com.

1. WHAT PERSONAL DATA WE WILL COLLECT

You can use our Application in two ways. As users who are applying for a job or are employed by a specific employer. You can also use the application as employers who want to get information about potential candidates or your employees.

In both cases, we will process the following personal data when using the Application:

• Personal data necessary to create a user account in the Application and obtained while using the Application. To create a user account, we will require your name, surname, e-mail address, telephone number, address, IP address, browser information. Furthermore, when using the Application, we will process voluntarily provided information, such as your photo, language preferences, and other information related to the use of the Application.

If you are looking for a job or you are an employee, we will process the following personal information:

• Personal data we collect when you use the functionality of the Application. When using the Application, you can further edit your user profile and upload, for example, your CV. You can also play games in the Application. We will measure your behavior (how you react) and we will create your personal report from data based on playing games in the Application. We will share this report with the employer or potential employer if the conditions under point 2 of this Policy are met. If you are an employee or job seeker who uses the Application on the basis of an invitation from the employer, do not forget that your employer is also the administrator of your personal data, so if you have any requests regarding the processing of personal data, please contact him directly.
  • During the processing of your personal report, profiling will take place according to Article 4 point 4 of the GDPR. Profiling consists of creating personal reports based on playing games in the Application, which shows your cognitive and non-cognitive abilities in connection with other candidates or employees. During this profiling, we record your reaction times, type of response, and other data. The data (outputs) can then be used by the employer for the purposes of your evaluation or to decide whether you will be hired or not. This will always be done on the basis of decisions and actions of specific employees of the employer or by the employer himself, and there will be no automated decision-making process based on profiling. In the event that the employer uses personal data for purposes other than those set out in this Policy, the employer is obliged to inform you as the controller of personal data.

Information about your activity on our website https://www.insymbo.com and in the Application. By visiting our website or using the Application, your activity is recorded. We use cookie technology to analyze traffic on our website and in the Application. We try not to associate the information obtained with any of your personal data, such as the data you fill in forms or your IP address. Further information on the use of cookies is provided in the Appendix A to this Policy.

2. HOW WE USE THE COLLECTED INFORMATION AND ON WHAT LEGAL BASIS

• We use the data necessary for the registration of a user account in the Application in order to be able to set up a user account for you (as an employer or employees or job seekers) and you can use the services offered by the Application. The legal basis for processing is the fulfillment of mutual contractual obligations between you and us pursuant to the Article 6, paragraph 1, letter b) of the GDPR. We may also need the data for the purposes of fulfilling legal obligations pursuant to the Article 6, paragraph 1, letter © of the GDPR, in particular for tax and accounting purposes.
• We use the data obtained when using our Application for our own purposes in order to improve our Application and to adapt it so that the Application is as comfortable as possible for you. The legal basis for this processing is the fulfillment of mutual contractual obligations pursuant to the Article 6, paragraph 1, letter b) the GDPR and our legitimate interest under the Article 6, paragraph 1, letter f) of the GDPR, which consists in ensuring the functioning of the Application.
• We use the data obtained from playing games to pass it on to the potential employer, university or agency with whom we are in a contractual relationship and with whom you are applying for a job or communicating together. Given that profiling will take place within the meaning of Article 4 point 4 of the GDPR, the personal aspects of jobseekers and employees will be assessed. Based on such profiling, the employer will be able to make other decisions that may affect your position, so we will require your consent to this processing according to the Article 6, paragraph 1, letter a) of the GDPR for the transfer of data obtained from playing games. The conditions of consent are set out in point 4 of this Policy.
• If you register your account under the instruction of your employer (received invitation to register your account from your employer), the controller of your personal data is this employer. We only acquaint you with how we handle personal data as controller for our own purposes. This employer must inform you about other purposes of processing determined by your him/her. However, you must consider that all your personal data will be made available to your employer without your active consent.
• We may also use your e-mail address and your identification data to send you newsletters. Information about sending newsletters is provided in point 5 of this Policy.
• We use the information collected from cookies (when visiting our website and using the Application) to improve the user environment and the overall quality of our services. We use several third-party services for this purpose (see Appendix A – USE OF COOKIES ON OUR WEBSITE, including point 3.2. of this Appendix A – Third party functions). For example, if we save your language settings, we will be able to show you services in the language you prefer.

We process your personal data in accordance with this Policy on the basis of the performance of a mutual contract, on the basis of the fulfillment of our legal obligations, on the basis of our legitimate interest, or on the basis of your consent granted for specific processing. Before using information for a purpose not covered in this Policy, we will always evaluate whether your consent is required. In this case, we will inform you and ask you for it.

3. WHO HAS ACCESS TO YOUR PERSONAL DATA

The following recipients have access to your personal data:

• if you grant consent, the personal data will be accessible to the potential employer, university, or another agency that is interested in working with your data;
• your employer, if you logged in to the Application on the basis of his instruction and the provided link (provided invitation);
• provider of server where your personal data are stored. We always use only providers located in the EU/EEA. If you are interested where and by whom the personal data are stored, do not hesitate to contact us;
• the company TOPefekt s.r.o., which ensures the development and administration of the servers on which the Application is operated;
• our workers and contractors involved in the development and management of the Application.

We process your personal data in the territory of the European Union or the EEA, and they are not transferred outside of this territory, with the exception of potential employers or agencies where you want the personal data to be transferred outside the EU.

4. CONSENT TO THE PROCESSING OF PERSONAL DATA

As mentioned above, while using the Application, profiling may occur based on the games you play in the Application. We will only process personal data for the purposes mentioned above, but your personal data may also be passed on to employers if you are an employee or job seeker.

We analyze your data obtained from playing games and after analysis we may pass this data to the employer, or to the university or agency under which you logged in to the Application. These subjects will then further handle the data entered by you and analyzed by our Application. Because your registration is always connected with a specific link from a specific employer, university, or agency to which we provide our services, we must provide your data obtained from playing games with that employer, university, or agency before completing the registration, otherwise, we will not be able to fulfill our contractual obligations with them. Before completing the registration, you have to give us consent with the sharing for the purpose of transferring personal data to the employer, university, or agency from which you received the invitation, for as long as you have a user account created.

However, we respect your privacy therefore you can revoke your consent at any time by contacting us at dpo@insymbo.com, or by setting up your user account in the Application, or by deleting your user account in the Application.

Withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal. In other words, until you revoke your consent, we may use the data for that purpose. Therefore, if the employer has already used your personal data in the way described above, he could have done so on the basis of your consent.

After you revoke your consent, or at the end of the period for which it was granted, we will proceed in accordance with point 6 of this Policy.

Please also note that if you apply for a job and a potential employer, university, or agency accepts you based on the interview, it will further process the data you enter in the Application based on other legal bases, for example, based on the fulfillment of legal obligations. Therefore, if you are accepted as a candidate for a job, you will no longer be able to withdraw your consent to the processing, as personal data will be processed based on other legal bases directly by your employer, university, or agency.

5. NEWSLETTERS

If you are reading this Policy because you obtained a newsletter from us, it will probably be because you have subscribed to the receiving of newsletters, or you have not refused this option when registering in the Application. If you have subscribed to the receiving of our newsletters, you have given us your consent in accordance with the Article 6, paragraph 1, letter a) of the GDPR, for a period of 5 years. During the registration process to the Application, you have the option to refuse to send newsletters via the check box „I do not want to receive newsletters“. If you do not check this box, we will send you a commercial communication based on our legitimate interest pursuant to the Article 6, paragraph 1, letter f) of the GDPR, which consists of direct marketing, for the duration of the existence of your user account or mutual contractual relationship.

You can cancel the sending of newsletters at any time by writing to us at dpo@insymbo.com or via the link provided in each individual newsletter that we will send you.

6. FOR WHAT PERIOD WE WILL PROCESS YOUR PERSONAL DATA

Your personal data will be processed for the time necessary for the purposes defined above. We will process personal data for the period of existence of your user account, or for the period of the granted consent to the processing of personal data in accordance with the point 4 of this Policy. We may also process personal data for as long as it is necessary to protect ourselves from any claims and claims you may make against us (based on our legitimate interest in protecting our own legal claims). If you are interested in whether we still process any personal data about you, do not hesitate to contact us at dpo@insymbo.com and we will be happy to tell you how long we store your data.

After there are no other purposes for which we process personal data, your data will be anonymized so that we will not be able to identify you. We will therefore keep the statistical models and information obtained from playing games, but in a form that you cannot be further identified, and we can continue to provide services to our clients – employers. Employers will also be able to use the information obtained to create internal models and analyses. This is necessary in order to maintain the requirements of our clients (employers).

7. HOW WE SECURE YOUR PERSONAL DATA

We are aware that it is our important duty to secure personal data so that it cannot be misused. Therefore, we try to use the best possible security measures to prevent misuse or other unauthorized interference with your personal data. As part of our activities, we will do our best to prevent from occurring of security incident, in particular, we will regularly train on personal data protection all our employees who work with your personal data, we acquaint our workers with our internal personal data policies and we will always use only the most appropriate technical solutions to secure our processing, such as data encryption, complex passwords, and the most appropriate software.

We also secure personal data physically by ensuring access to data, we have a camera system and an alarm system.

8. WHAT RIGHTS YOU HAVE IN RELATION TO THE COLLECTED INFORMATION AND HOW YOU SHOULD EXERCISE THEM

You have the following rights in relation to our processing of your personal data:

• right of access to personal data;
• right to rectification;
• right to erasure (‘right to be forgotten’);
• right to restriction of data processing;
• right to data portability;
• right to object to processing;
• right to withdraw consent to the processing of personal data;
• right to file a complaint with respect to personal data processing.

Your rights are explained below so that you can get a better idea of their contents.

The right of access means that you can ask us at any time to confirm whether or not personal data concerning you are being processed and, if they are, you have the right to access the data and to information for what purposes, to what extent and to whom they are disclosed, for how long we will process them, whether you have the right to rectification, erasure, restriction of processing or to object; from which source we obtained the personal data, and whether automated decision-making, including any profiling, occurs on the basis of the processing of your personal data. You also have the right to obtain a copy of your personal data, while the first provision is free of charge, for the next provision, we can demand reasonable payment of administrative costs, namely in the amount of CZK 500.

The right to rectification means that you may request us at any time to rectify or supplement your personal data if they are inaccurate or incomplete.

The right to erasure means that we must erase your personal data if (i) they are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) the processing is unlawful; (iii) you object to the processing and there exist no overriding legitimate grounds for the processing; or (iv) this is required of us based on a legal duty.

The right to restriction of processing means that until we resolve any disputes regarding the processing of your personal data, we may not process your personal data by other way than by storing it and, where appropriate, using it only with your consent or for the purpose of determining, enforcing or defending our legal claims.

The right to object means that you may object to the processing of your personal data that we process for reasons of legitimate interest, including profiling based on our legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. In the event of an objection to processing based on other reasons, this objection will be evaluated, and we will then inform you whether we have complied with it and will no longer process your data, or that the objection was not justified, and processing will continue. In any case, processing will be limited until the objection is resolved.

The right to data portability means that you have the right to obtain personal data that concern you and which you have provided to us and which are processed in an automated manner and on the basis of consent or contract, in a structured, commonly used and machine-readable format, and the right to have these personal data transferred directly to another controller.

The right to withdraw consent to the processing of personal data means that you can withdraw your consent at any time within the meaning of the Article 6, paragraph 1, letter a) of the GDPR, under the conditions set out in point 4 of this Policy.

If you have comments or complaints regarding the protection of personal data or a question about the person responsible for data protection in our company or you exercise any of your rights, please contact our responsible person at the e-mail address dpo@insymbo.com or at the e-mail address of our Data protection officer at tereza.kreizlova@insymbo.com.

We will answer your questions or comments within one month.

Our activities are also supervised by the Office for Personal Data Protection, where you can file a complaint in case of your dissatisfaction. You can find out more on the Office's website (www.uoou.cz).

CHANGE OF THIS POLICY

Our Policy may change from time to time. The current version of the Policy can be found at https://portal.insymbo.com/…ivacy-policy. If there are significant changes to the Policy, we will inform you in more detail (we may notify changes to the Policy by e-mail or directly in the Application). We archive previous versions of this Policy for you to access in the future. These versions are available upon your request.

This Policy is effective from June 10th, 2021

Appendix A

USE OF COOKIES ON OUR WEBSITE

1. What are cookies?

Cookies are small text files saved by a website or the Application on your computer or mobile device when you start using the website or the Application. For a certain period of time, the website will thus remember your preferences and steps you have taken (e.g., login details, language, font size, and other display preferences), so that you need not to enter the data again and go from one page to another. At the same time, they can be used to analyze how you use our website and the Application, or to sufficiently secure the website and the Application.

2. Why do we use cookies?

Our website, just like almost all websites, use cookies to provide you with the best possible user experience. Specifically, our cookies help us:

• Operate our website and the Application as you would expect;
• Speed up and better secure our website and the Application;
• Constantly improve our website and the Application;

We do not use cookies for:

• Collecting any sensitive data;
• Transferring personal data to third parties; or
• Obtaining any commission on sales.

You can learn more about all the cookies we use below.

3. More information on cookies

3.1. Cookies used for the correct functioning of the website

We use some cookies to ensure that our website functions correctly, such as:

• To determine whether or not you are logged in the system;
• To ensure the security of the website and the Application.

Unfortunately, there is no way to prevent the use of these cookies other than by stopping the use of our website or the Application.

3.2. Third-party functions

Our website and Application also include functionality provided by third parties.

All data is collected through our website and Applications using Google Analytics and LinkedIn tools. These tools are used exclusively to improve existing services and marketing purposes but do not allow the identification of a specific user, respectively collection of his personal data. Our website and Applications use the following third-party services, and you can find specific information about the cookies used (including the purpose and time of storage) at the following links:

Google Analytics – https://developers.google.com/…cookie-usage

LinkedIn’s Insight Tag – https://www.linkedin.com/…cookie-table

We use the information obtained from these tools for the purpose of improving the website and the Application and for the purposes of basic analysis on the website and the Application. The legal basis is our legitimate interest according to the Article 6, paragraph 1, letter f) of the GDPR, which consists in improving of the provided services.

The possibility of preventing the collection of this information is described in the paragraph below. However, in no case do we sell, exchange, or rent this information. For more information, visit the website: https://en.wikipedia.org/…le_Analytics.

3.3. How to refuse the use of cookies

Some functions of our website are based on cookies. Even if you have given your consent to the use of cookies, which monitor your behavior on the website and the Application, you can subsequently block their use. If you choose to block cookies, you may not be able to log in or use these features, and your cookie-based preferences may be lost. The use of cookies can be set using your internet browser. Most browsers automatically accept cookies by default. You can use your web browser to reject cookies or set the use of only certain cookies. Most browsers automatically accept cookies by default. You can use your web browser to reject cookies or set the use of only certain cookies.

You can find information about browsers and how to set preferences for cookies on the following websites:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge
• Android