PRIVACY PROTECTION PRINCIPLES
When you use MC services, you provide us with a variety of information, including your personal data. These Personal Data Protection Principles will primarily introduce you to the services we provide, which personal data we process, and how we use and protect such data.
We take the protection of your privacy seriously and would like to ask you to take the time to learn about our processes. If you have any questions, please feel free to contact us.
All MC services are in some way related to job-searching and personal development.
These services are provided by mediacity s.r.o.
Processed personal data
The vast majority of our processing of personal data occurs in the recruitment process, i.e., when you use services. Providing certain data is mandatory – specifically, data used for basic identification of a person (name, surname, email, and phone number (optional)), while other data are provided by applicants in their CVs and profiles without us requiring them. It is not possible to provide a complete list of all personal data that we process since there is no single template for CVs and hence each job applicant can provide completely different data.
On a general level, we usually process the following data: name and surname, title, date of birth, photo, email, phone number, job field, practice, education, citizenship, language skills, completed courses/training seminars/certificates awarded, know-how and skills, and personal interests.
We never request personal data which are not needed for the specific goal of the applicant (e.g., personal ID no., ID card no., copies of documents, etc.).
Our other services, i.e. those not directly related to the recruitment process, usually only use basic identification and contact data (name, surname, email, possibly phone number). The reason for the collection of such data is to ensure that services work correctly and to provide users with a history of their actions in the given service.
How we use personal data
Within our provided services, we only use personal data for the purpose for which they were given to us and we also transparently inform users of their purpose.
Here, it is important to emphasise that we are not always the administrators of the provided personal data. If a job applicant reacts to a job offer then the administrator of the personal data is the employer who is advertising the position. In such a case, MC is the processor of the personal data.
If an applicant does not provide the employer with consent to the processing of personal data above the scope of the given purpose (i.e. participation in a selection procedure), then the applicant’s data are deleted after the end of the selection procedure (or at most after six months).
If the applicant provides MC with consent to the processing of personal data above the scope of the given purpose, then MC shall be both the administrator of such data and the processor of data for the client. The purpose is always stated in the personal protection data notice or in the text of the processing consent.
Both the applicant and the clients consider that the client is not authorised to transfer the applicants’ personal data to other employers unless the applicants are transparently informed of this fact. If the client is an HR agency which provides the personal data of applicants to its clients, i.e. employers, then applicants are informed of this fact in the personal protection data notice at the end of each ad. Similarly, if the client is a group of companies with a joint recruitment procedure (a common situation for holdings and groups of companies), applicants are once again informed of this fact in the notice.
MC is authorised to process personal data both manually and automatically and to use designated processors of personal data for this purpose. Personal data are only accessible (or will only be made accessible) to authorised representatives of MC or of the processor, and only in the scope necessary for processing.
Most processors only have limited access to the personal data of applicants. Processors do sometimes receive personal data, but only in minimal amounts. No other processor is authorised to use the provided personal data for their own purposes (neither marketing or otherwise). Our services are continuously developing which is why we maintain an up-to-date list of other processors.
Some other processors are located outside of the EU, for instance in the United States of America. For the transfer of personal data to other countries outside of the EU, we uphold the principle that the free transfer of personal data within the EU is neither limited nor forbidden. We have concluded contracts with all suppliers, and these suppliers are obliged to regularly delete transferred personal data and to refrain from using such data for their own purposes. Aside from these cases, personal data are not transferred from MC to countries outside of the EU.
We use contact data (email, phone number) of our clients and users for marketing purposes regarding our own services only. Mostly, this concerns services and products which are like those that the applicants/clients have already received from us. We can only use this data to send marketing information if the recipient has not unsubscribed from receiving such information.
Everyone is authorised to unsubscribe from receiving marketing information through the links provided in the respective emails or by sending a message to any of the contacts specified in the footer of these Principles. The conditions for sending marketing information are governed in detail by provision § 7 of Act 480/2004, on certain Information Society Services and on Amendments to certain Acts, as amended.
We would also like to emphasise that not every message you receive from us is a marketing message. While providing a given service, sometimes it is necessary to communicate with clients and users directly, and due to many recipients, this cannot be handled by any other means than via a bulk email. Such messages do not provide marketing information (an example is a notification that the business terms and conditions have changed).
Based on your previous visit of our websites, we may remind you the ad messages that we would be happy to welcome you back to our websites. For these reminders we use the services of Google, Facebook, LinkedIn. They all use the Cookies stored in your browser to determine your previous visit.
To offer our services to other users like you, we use the creation of similar audience services offered by Google and Facebook. Both services store a person’s encrypted key (hash ID) as the identifier. In other words, they do not store your e-mail address.
We never share your curriculum vitae or its extracts to advertising companies and social network operators.
Developing and improving the quality of our services
To improve our services, we make use of the data we receive on how users use our services. The intended result is the optimisation of the quality of our services, especially in terms of providing the best recommendations of advertised positions to applicants on our portals and optimal recommendation of suitable courses for Seduo users. Data obtained for these purposes are stored at MC so that our employees cannot identify the actual personal data of users.
How we protect your data
MC implements all technical and organisational measures to ensure the protection of personal data in compliance with the law and other binding legal regulations. These include measures to prevent unauthorised or random access to personal data, the change, destruction or loss, unauthorised transfer, other unauthorised processing, and misuse of personal data. This obligation remains in effect even after the termination of the processing of personal data.
Personal data are continuously monitored both electronically and physically. We have implemented modern security and safety mechanisms to guarantee the maximum safety of data. We use User Access Control, a system for managing the rights and roles of users, to protect data against unauthorised access. All persons who encounter the client’s personal data during their work or their contractually stipulated obligations are bound by legal and/or contractual non-disclosure obligations.
Upon request, MC is also obliged to provide your personal data to certain government bodies (such as the Czech Police, public inspection bodies, etc.).
Always keep your data under control
Every user of our services has the following rights, which we at MC fully respect:
Whenever you enter personal data within MC services, we always transparently inform you of the purpose for which the entered data may be used, who uses these data, and who their administrator is. This document is part of each such notice that refers to it.
Right to access personal data
Right to correction
If an applicant discovers that some of their personal data are incorrect or not being processed correctly, they are authorised to have their personal data corrected as soon as possible.
Right to be forgotten
If personal data are being processed for a specific purpose and at some point, no longer become necessary for that purpose, we automatically delete them. If personal data are being processed based on consent and the owner of the data withdraws their consent, we also delete them. Here, however, it is necessary to note that we only delete personal data for which we hold the position of administrator. For personal data kept by our clients, it is necessary to apply to the clients who are administrators of the given personal data for the right to be forgotten. Furthermore, it is necessary to specify that the right to be forgotten is not absolute, and if we have an objective obligation to maintain the data (e.g. accounting), then we will only delete the personal data which are no longer necessary and needed.
Right to limit processing
Right to protection of privacy
If an applicant/customer discovers or believes that MC is processing their personal data in a way that violates the protection of their personal and private lives and/or illegally, especially if the personal data are inaccurate with respect to the purpose of their processing, they may request that MC provide an explanation or request that MC remedy the situation; this may especially refer to blocking, corrections, amendments, or deletion of personal data.
If MC does not comply with an applicant’s/customer’s request as per the previous sentence, then the applicant/customer is authorised to contact the Office for Personal Data Protection.
The authorised person for the protection of personal data at MC is:
If the client is the administrator of the personal data, then the client’s contact data are either listed in the notice which is part of the ad or on the client’s website. If the user is not aware of the client’s contact information for applying their rights, then MC can provide this information to the user.
These Principles enter into force on 6 April 2018 and are available online on the website of MC. MC is authorised to change these Principles using the procedure used to change the conditions of use of MC services.
Your personal data are kept private and safe and remain fully under your control.