1. Information about Nelisa s.r.o.
1.1. This document contains the data processing principles adopted by Nelisa s.r.o., Company ID No.: 099 50 311, VAT ID No.: CZ09950311, with its registered office at Menclova 2538/2, Libeň, 180 00 Prague 8, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 344567 (“Nelisa”).
1.2. The Processing Principles apply to (i) Customers, (ii) Users who visit Nelisa.com (“web portal”) and who become Customers upon registration, and (iii) job applicants (hereinafter collectively referred to as “data subjects”).
Position of Nelisa
1.3. Nelisa acts both as a controller and a processor when processing personal data. Nelisa acts as an independent controller in relation to personal data provided by the Customer when creating and managing its profile, unless Nelisa services are ordered through an Alma Career entity. Nelisa also acts as an independent controller with respect to the processing of data through cookies on the Web Portal.
In other cases, in particular where a job applicant provides personal data through Nelisa in response to a Customer’s job advertisement or grants the Customer consent for longer retention of such data, Nelisa acts as a processor and the Customer acts as the controller.
Position of Nelisa and Alma Career
1.4. Where services are ordered through an Alma Career entity (see https://www.almacareer.com/our-offices), Nelisa and the relevant Alma Career company in the country where the services are provided act as joint controllers of the Customer’s personal data. The joint controllers have entered into an arrangement pursuant to Article 26 of Regulation (EU) 2016/679 (the “GDPR”), under which the Customer may contact any of the joint controllers regarding matters related to the processing of personal data via dpo@nelisa.com.
Where the Customer uses, in addition to Nelisa services, any of Alma Career’s electronic systems for managing job applicants, personal data within such systems are processed independently by the relevant Alma Career entity acting as a processor.
1.5. The Data Protection Officer may be contacted at dpo@nelisa.com.
2. What data do we process?
2.1. Registration data. Nelisa primarily processes data entered when creating and using a Customer profile. Certain personal data are necessary for registration (name and e-mail address) and are used for the basic identification of the User and for the provision of the services.
2.2. Data submitted in response to job offers. Nelisa also processes data provided by job applicants when responding to published job offers. Certain identification and contact data (name, surname and e-mail address) are mandatory and ensure that the applicant may be contacted by a specific Customer. Additional data, such as a CV or a link to a LinkedIn profile, may be provided voluntarily; however, the Customer may choose to require such data as mandatory.
2.3. Social media data. If social networks such as Facebook are used for login, the User enables Nelisa to access the User’s public profile. A public Facebook profile may include the name and surname, profile picture, age category, gender and other information depending on the User’s settings. In the case of LinkedIn, the headline, job title and e-mail address associated with the LinkedIn account, as well as other public information, may be accessible.
2.4. Data obtained through the use of the Web Portal and cookies. For the purposes of better targeting advertising campaigns and improving the Web Portal, Nelisa uses information regarding viewed job offers and companies, job offers to which an applicant has responded, and other activities on the Web Portal. Such data are collected automatically through Nelisa tools. If cookies are enabled on the User’s device, data are also collected through cookies. More information about the cookies used by Nelisa is available here.
3. How do we use personal data?
3.1. Processing on behalf of Customers. Nelisa always uses personal data exclusively for the purposes for which they were collected. Where Nelisa acts as a processor for advertising Customers, it may not extend the purpose for which the data were provided (response to a job offer / recruitment procedure).
3.2. Creation and management of Customer profiles. In this case, personal data are processed as part of the performance of contractual obligations and include all personal data provided by the Customer when using the profile.
3.3. Processing responses to specific job offers / recruitment procedures. Processing in this case forms part of the performance of contractual obligations and includes the transfer of all personal data provided by the applicant in response to a job offer to the advertising Customer. The Customer acts as the controller of personal data.
3.4. Sending job offers from a specific Customer. Processing is carried out solely on the basis of the applicant’s interest in positions advertised by the specific Customer. The applicant may grant the Customer consent to retain their data for a longer period for the purpose of receiving similar job offers in the future.
3.5. Sending offers and other updates from Nelisa to Customers. Personal data are processed on the basis of legitimate interest, unless the Customer opts out by contacting dpo@nelisa.com, in which case Nelisa will remove the Customer from the mailing database.
3.6. Push notifications. If this service is activated, Nelisa may send push notifications directly through the Web Portal interface. Information regarding the device used is processed for these purposes. Such notifications are displayed only on the basis of consent granted after the relevant notification has been displayed on the Web Portal.
3.7. Advertising targeting and improvement of Nelisa services. For the purposes of better advertising targeting and optimisation of the Web Portal, Nelisa uses information regarding activity on the Web Portal, in particular viewed job offers and responses thereto. This information also includes data obtained through cookies. Processing for advertising targeting purposes is carried out only on the basis of consent. Based on all collected data, Nelisa prepares statistics, analyses and reports concerning visitor behaviour on the Web Portal. For the same purposes, Nelisa also processes other personal data obtained in connection with tests published on the Web Portal or participation in surveys organised by Nelisa. Such data are used to improve Nelisa services, enhance User presentation and search for suitable job offers.
3.8. References on the Web Portal. All information related to references published on the Web Portal is obtained on the basis of consent and includes, in particular, the name, surname and photograph, and potentially information about the current employer.
3.9. Legal obligations. Nelisa performs further personal data processing operations only where necessary to comply with obligations arising from legal regulations or contractual arrangements binding upon Nelisa.
4. Withdrawal of consent and unsubscribing from commercial communications
4.1. Commercial communications. Customers may unsubscribe from commercial communications at any time by:
• clicking the relevant link located in the footer of each marketing communication; or
• using the contact details provided in these principles.
4.2. Advertising targeting (cookies). If a Data Subject wishes to disable the storage of cookies on their device, this may be done (i) through the cookie banner accessible via the “Customise Cookie Settings” link in the cookie policy available in the footer of the Web Portal, or (ii) directly in the browser settings. If selected cookies are disabled, certain parts of the Web Portal may not function properly.
4.3. Other advertising targeting and improvement of Nelisa services. If a Data Subject wishes to withdraw consent to the processing of personal data for other purposes related to advertising targeting and improving Nelisa services, including Nelisa surveys, such consent may be withdrawn by sending a request to dpo@nelisa.com.
4.4. Push notifications. Push notifications may be disabled in the web browser settings.
4.5. References. Consent to the publication of personal data in references on the Web Portal may be withdrawn at any time using the contact details provided in these principles.
5. Who has access to the data?
5.1. First and foremost, personal data of job applicants are processed by Customers (controllers) and also by Nelisa (processor), where such data are processed in connection with responses to job offers. All persons/entities within Nelisa (employees and contractors) who work with personal data are bound by confidentiality obligations.
5.2. Nelisa may use additional suppliers, i.e. processors, for the processing of personal data. Such entities may process personal data only for the purposes and in the manner determined by Nelisa and may not further disclose such data. We provide processors only with the data necessary to ensure the provision of Nelisa services. Nelisa primarily uses cloud service providers and online marketing tool providers to support its services.
6. How long do we process personal data?
6.1. Nelisa processes personal data of registered Users/Customers until the deletion of their profile. However, data stated on orders/invoices must be retained for tax and accounting purposes in accordance with applicable legal regulations for a period of 10 years.
6.2. Personal data of job applicants obtained for the processing of responses to job offers and recruitment procedures are retained until the relevant position has been filled, i.e. for the duration of the recruitment procedure. This period may exceed the validity period of the Customer’s advertisement published on the website.
6.3. In the case of cookies, data are retained until their expiration, provided that the visitor to the Web Portal has consented to cookies (except for strictly necessary cookies). Further information regarding cookies is available here.
6.4. Commercial communications are sent to Customers only unless they unsubscribe from receiving them.
6.5. Data obtained for marketing purposes, including sending commercial communications, advertising targeting and improving Nelisa services, are processed for the duration of the granted consent.
6.6. The retention period for personal data published in references is agreed individually with the Data Subject. Upon withdrawal of consent, Nelisa will cease processing such data and remove them from the Web Portal.
7. What are your rights?
7.1. In connection with the processing of personal data, any natural person – the Data Subject – may at any time contact Nelisa, as the controller, and request:
• information regarding (i) personal data, (ii) the purpose and nature of processing, (iii) retention periods and other information required by the GDPR;
• access to data provided to Nelisa in connection with the creation and use of a Customer profile, in response to a published offer or otherwise through the Web Portal. If this right is exercised, Nelisa will inform the Data Subject whether and which specific personal data are being processed where Nelisa acts as the controller;
• rectification of personal data if inaccurate or incomplete. Only up-to-date data enable Nelisa to process responses to published offers effectively;
• explanation and remediation of an unlawful situation (e.g. blocking, correction, completion or deletion of personal data) if the Data Subject believes that Nelisa processes personal data in breach of the protection of private and personal life or in breach of legal regulations;
• restriction of processing where the Data Subject does not wish the data to be erased but only wishes processing to be temporarily restricted;
• erasure of personal data (“right to be forgotten”) where the data are no longer necessary for the stated purposes or where Nelisa no longer has a lawful basis for processing, including cases where the Data Subject objects to further processing. Upon exercise of this right, Nelisa will assess whether grounds for further processing exist and, if not, erase the data in whole or in part;
• portability of personal data processed by automated means on the basis of consent or contract to another entity. Nelisa will provide the personal data in a commonly used format to the Data Subject or another controller as requested.
7.2. Where processing is based on consent, such consent may be withdrawn at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Where personal data are processed on the basis of legitimate interest, the Data Subject has the right to object to such processing. Unless Nelisa demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, processing will be terminated without undue delay following the objection.
7.3. If a Data Subject believes that Nelisa processes personal data in breach of the right to privacy or personal life, any natural person may request an explanation and remediation from Nelisa. It is always possible to contact the Data Protection Officer directly or lodge a complaint with the Czech Data Protection Authority; www.uoou.cz.
7.4. All rights may be exercised using the contact details provided in these principles.
8. Security
8.1. Nelisa places great emphasis on the security of personal data of all Data Subjects whose data it processes. Personal data are processed fully in accordance with applicable legal regulations. Nelisa places strong emphasis on both technical and organisational measures to secure processed data.
8.2. All personal data in electronic form are stored in databases and systems accessible only to persons who need to handle personal data to the necessary extent and for the purposes stated in these principles. The security of personal data is regularly tested and continuously improved by Nelisa.
9. Relationship between the Customer and Nelisa
9.1. Nelisa, Customers and other third parties that partially process personal data for Nelisa act as controllers, processors or sub-processors depending on who determines the purposes and means of processing. The relationship between controllers and processors is governed by a data processing agreement (see Article 8.2 et seq. of the General Terms and Conditions) and by the applicable legal regulations.
10. Contact
10.1. Any comments regarding the processing of personal data or requests concerning the exercise of rights may be addressed to the Data Protection Officer at dpo@nelisa.com or at Menclova 2538/2 (Dock in Five), Libeň, 180 00 Prague 8.
11. Effectiveness
11.1. These data processing principles are effective as of 26. 5. 2026.
Nelisa s.r.o.