1. Information about Nelisa s.r.o.
1.1. This document contains the processing principles adopted by Nelisa s.r.o., ID No.: 099 50 311, VAT No. CZ09950311, with its registered office at Menclova 2538/2, Libeň, 180 00 Prague 8, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 344567 ("Nelisa").
1.2. The processing principles apply to (i) Users and Customers (as these terms are defined in the General Terms and Conditions), as well as (ii) job applicants and (iii) visitors to the website ("web portal") (hereinafter also referred to as "data subjects").
1.3. Nelisa acts as both a controller and a processor when processing personal data. Nelisa is the controller in the case of personal data that the User/Customer fills in when creating and managing their profile, as well as in the case of consent given by the job applicant to Nelisa (i.e., cookies). In other cases, when a job applicant provides data through Nelisa in response to a Customer's advertisement, or gives consent to a longer retention period to the Customer, the Customer is the controller. Nelisa then acts as a processor that collects and further processes this data for the Customer.
1.4. The data protection officer is available at dpo@nelisa.com.
2. What data do we process?
2.1. Data provided during registration. Nelisa primarily processes data entered when creating and using a Customer profile. Some personal data is necessary for registration (name and email address) and is used for basic identification of the User and use of the services provided.
2.2. Data in response to a job offer. Nelisa also processes data that job applicants provide when responding to published job offers. Some identification and contact details (first name, last name, and email address) are mandatory and ensure that the applicant can be contacted by a specific Customer. Additional data, such as a CV or a link to a LinkedIn profile, may be provided voluntarily; Nelisa's Customer may choose to make this data mandatory as well.
2.3. Data from social networks. If social networks such as Facebook are used for login, the User also allows Nelisa access to their public profile. The public Facebook profile may include the first and last name, profile picture, age category, gender, and other information depending on the specific user's settings. In the case of LinkedIn, the motto, job title, and email address associated with the LinkedIn account, or other public information, may be made available.
2.4. Data obtained based on website use and through cookies. To better target advertising campaigns and improve the website, Nelisa uses information about job offers and companies viewed, job offers to which the applicant has responded, and other activity on the website. This data is obtained automatically through the Nelisa tool. If the user has enabled the storage of cookie files on their device, data is also collected through these files. More information about the cookies Nelisa uses is available here.
3. How do we use personal data?
3.1. Processing for the Customer.
Nelisa always uses personal data exclusively for the purposes for which it was collected. If Nelisa acts as a personal data processor for advertising Customers, it cannot extend the purpose for which the data is provided (response to an offer/selection procedure).
3.2. Creation and management of customer profiles.
In this case, data processing is carried out as part of the fulfillment of contractual terms and conditions and includes all personal data provided by the Customer when using the profile.
3.3. Processing responses to specific job offers/selection procedures.
In this case, processing is carried out as part of the fulfillment of contractual conditions and includes the transfer of all personal data provided by the job applicant to the advertising Customer in response to a job offer. The personal data controller is the Customer directly.
3.4. Sending job offers by a specific Customer.
Processing is carried out exclusively on the basis of interest in the job position(s) advertised by a specific Customer. The applicant may give the Customer consent to store their data for a longer period of time in order to send similar job offers in the future.
3.5. Sending offers and other news from Nelisa to Customers.
Data processing is based on legitimate interest, unless the Customer has opted out, which they can do by writing to dpo@nelisa.com, and Nelisa will remove them from the mailing list.
3.6. Push notifications.
If this service is activated, Nelisa may send push notifications directly in the website interface. Information about the device used is used for this purpose. These notifications are only displayed on the basis of consent given after the relevant notification is displayed in the website interface.
3.7. Targeting advertising and improving Nelisa's offer.
For better advertising targeting and website optimization, Nelisa uses information about activity on the web portal, in particular about viewing job offers and responses to them. This information also includes data obtained through cookies. Processing for advertising targeting purposes is only possible with consent. Based on all the data collected, Nelisa obtains statistics, analyses, and reports on the behavior of visitors to the web portal. For the same purpose, Nelisa also processes other personal data obtained in connection with taking tests published on the website or participating in various surveys conducted by Nelisa. In this case, the data is used to improve Nelisa's services, enhance user presentation, and search for suitable job offers.
3.8. References on the website.
All information related to the references provided and published on the web portal is obtained with consent and includes, in particular, the first name, last name, and photo, or possibly also information about the current employer.
3.9. Legal obligations.
Nelisa performs other personal data processing operations only if it is necessary to fulfill obligations arising from legal regulations or contractual agreements with the Customer to which Nelisa is bound.
4. Withdrawal of consent and cancellation of commercial communications
4.1. Commercial communications. Customers may cancel the receipt of any commercial communications at any time by: clicking on the relevant link located in the footer of each message that is a marketing communication; using the contact details provided in this policy.
4.2. Advertising targeting (cookies). If the data subject wishes to disable cookies on their device, they can change this (i) via the cookie banner, which can be accessed via the "Customize Cookie Settings" link in the cookie policy available in the footer of the web portal, or (ii) directly in their browser settings. If the data subject disables selected cookies, some parts of the web portal may not function properly.
4.3. Further targeting of advertising, improvement of Nelisa's offer. If the data subject wishes to withdraw their consent to the processing of data in other cases where processing takes place for the purpose of targeting advertising and improving Nelisa's offer, including Nelisa surveys, consent may be withdrawn by sending this request to dpo@nelisa.com.
4.4. Push notifications. Push notifications can be disabled in your web browser settings.
4.5. References. Consent to the publication of personal data in references on the web portal can be revoked at any time via the contacts listed in this policy.
5. Who has access to the data?
5.1. First and foremost, the personal data of job applicants is processed by Customers (the controller), but also by Nelisa (the processor) if the data is processed in connection with responses to their job offers. All persons/entities at Nelisa (employees, other suppliers) who work with personal data are bound by confidentiality.
5.2. Nelisa may use other suppliers, known as processors, to process personal data. These entities may only process personal data for the purposes and in the manner specified by Nelisa and may not distribute it further without further ado. We only provide processors with the data they need to ensure the provision of Nelisa's services. Nelisa primarily uses cloud providers and online marketing tool providers to support its services.
6. How long do we process data?
6.1. Nelisa processes the personal data of registered Users/Customers until their profile is deleted. However, Nelisa is required to retain the data provided on orders/invoices for tax and accounting purposes in accordance with applicable law for a period of 10 years.
6.2. The data of job applicants obtained for the purpose of responding to job offers and selection procedures is retained until the relevant position is filled, i.e. for the duration of the selection procedure. This period may be longer than the validity of the Customer's advertisement published on the website.
6.3. In the case of cookies, the data is stored until they expire, provided that the visitor to the web portal has expressed their consent to cookies (with the exception of necessary cookies). More information about cookies can be found here.
6.4. Commercial communications are sent to Customers only if they have not unsubscribed.
6.5. Data obtained for marketing purposes, including sending commercial communications, targeting advertising, and improving Nelisa's offer, are processed for the duration of the consent provided.
6.6. The period of personal data processing for the publication of references is agreed with the data subject individually. Upon withdrawal of consent, Nelisa will cease to process this data and will remove it from the web portal.
7. What are your rights?
7.1. In connection with the processing of personal data, any natural person – data subject – may contact Nelisa, as the controller, at any time and request:
Information regarding (i) personal data, (ii) the purpose and nature of the processing of personal data, (iii) the retention period and other information as required by the Regulation;
Access to data provided to Nelisa in connection with the creation and use of a Customer profile or in response to a published offer or otherwise on the web portal. If you exercise this right, Nelisa will inform you whether and what specific personal data it processes, if it is the controller of personal data.
Correction of personal data if it is inaccurate or incomplete in any way. It is important to note that Nelisa can only effectively respond to published offers if the data is up to date.
Explanation and removal of the defective condition (e.g., blocking, correction, supplementation, or disposal of personal data) if you believe that Nelisa is processing personal data in violation of the protection of personal and private life or in violation of legal regulations.
Restriction of processing if you do not wish to delete the data, but only to temporarily restrict its processing.
Deletion of personal data (the so-called right to be forgotten) if it is no longer necessary for the stated purposes or if Nelisa no longer has a legal reason to process personal data, including cases where you do not agree to its further processing. Upon exercising this right, Nelisa will determine whether there are grounds for further processing of personal data and, if not, will destroy/delete the data in whole or in part.
Transfer of automatically processed personal data obtained on the basis of consent or processed contractually to another entity. Nelisa will transfer the personal data in a commonly used format to you or another controller as requested.
7.2. If the processing is based on consent, the consent may be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. If the data is processed on the basis of a legitimate interest, the data subject has the right to object to the processing of personal data. Unless Nelisa demonstrates that there are compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, the processing shall be terminated without undue delay.
7.3 If the data subject believes that Nelisa is processing personal data in violation of the right to protection of private or personal life, any natural person may request an explanation from Nelisa and the removal of such a situation. It is always possible to contact the data protection officer directly or to file a complaint with the Office for Personal Data Protection; www.uoou.cz.
7.4. You can exercise all your rights through the contacts listed in this policy.
8. Security
8.1. Nelisa ensures the security of the data of all data subjects whose data it processes. Personal data is handled in full compliance with applicable laws. When processing personal data, Nelisa places great emphasis on the technical and organizational security of the data being processed.
8.2. All personal data in electronic form is stored in databases and systems that are only accessible to persons who need to "handle" personal data, to the extent necessary and for the purposes set out in this policy. The security of personal data is regularly tested by Nelisa and protection is constantly improved.
9. Relationship between the Customer and Nelisa
9.1. Nelisa, customers, and other third parties that process personal data for Nelisa in a partial manner act as controllers, processors, or other processors, depending on who determines the purpose and method of processing. The relationship between controllers and processors is governed by a processing agreement (see Article 8.2 et seq. of the General Terms and Conditions) and the relevant legal regulations.
10. Contact
10.1. If you have any comments regarding the processing of personal data or wish to exercise your rights, you can contact the data protection officer at dpo@nelisa.com or at Menclova 2538/2 (Dock in Five), Libeň, 180 00 Prague 8.
11. Effectiveness
11.1. This processing policy is effective from February 26, 2025.
Nelisa s.r.o.