Privacy Policy
This Privacy Policy has been lastly updated on 1st February 2022.
Definitions
In order to provide clarity and precision to the Privacy Policy, we use the following definitions throughout:
Client
end user of the Service, who has concluded an agreement with the Controller. It is provided with the Data of the Users who have agreed to such provision. The Client may process Users' Data in order to examine the suitability of its staff or for recruitment purposes;
Controller / We
If you live in one of the countries being a member state of the European Union or European Economic Area the controller of your Data is Human Culture spółka z ograniczoną odpowiedzialnością with its registered office in Szczecin (Poland), ul. Cyfrowa 6, postal code: 71-441 Szczecin, entered in the Register of Entrepreneurs kept by the District Court for Szczecin-Centrum in Szczecin, XIII Commercial Division under KRS number 0000856351, REGON: 386916808, NIP: 8513251510, share capital of PLN 5,600.00. If you use the Platform from another country, then Human Exponent Inc. based in Palo Alto, CA, USA is responsible for processing your Data;
Data
described in detail in the further part of the Privacy Policy, personal data of Users or Clients (if they are natural persons) or their Representatives in relation to which the obligation to provide information is fulfilled by making the information contained in the Privacy Policy available on an ongoing basis;
GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
Platform
the website located at www.gyfted.me through which we communicate with Clients and Users and provide Services;
Privacy Policy
this document which constitutes the fulfillment of information obligations towards you within the meaning of Articles 13 and 14 of the GDPR;
Representative
a natural person logging in to the Platform on behalf of a Client who is a legal entity or an organization without legal personality;
Services
The services we provide consist of conducting psychometric assessments, storing their results, as well as making these results available to the User in accordance with the User's instructions;
User
natural person, who voluntarily provides to the Controller his/hers Data in order to have Human’s Services delivered or enters Data as part of using the Service
You
You, and hence the person whose Data we process in accordance with the Privacy Policy
Introduction
Your privacy and the security of your Data is a priority for us. We take it very seriously. We make every effort to ensure that our Users' Data are processed in accordance with the applicable provisions of law.
The Privacy Policy informs you how we process the Data of the Users of the Services, in particular:
- Who is the controller of your Data?
- What Data do we process and is the processing of this Data necessary due to the services we provide electronically?
- For what purpose and on what basis do we process Data?
- How long do we process the Data?
- What rights do our Users have as Data subjects?
- With whom do we share the Data?
- How can you contact us?
The Privacy Policy also constitutes the fulfillment of the information obligations referred to in Articles 13 and 14 of the GDPR.
Information of the Controller and the Services
Data Controller is a provider of a tool in the form of the Platform, through which You can carry out psychometric assessment in the form of traditional psychical evaluations or analysis of Your digital footprints. If You want, You may share Your results with other Users or Clients on the Platform. You may also send anyone a direct link to any of Your individual psychical evaluations. Clients may use results of Your evaluations during their recruitment process or to assess Your capabilities needed for Your work performance. You may find more detailed information about this in our Terms and Conditions..
What does it mean to be a Controller?
The Controller decides on the purposes and means of Your Data processing. The Controller is also responsible for the security of Your Data.
User’s Data. Purposes and legal basis of User’s Data processing
We collect Users Data:
when You set up an account on the Platform
(In this situation, we collect Data from you in the form of your email address and the alias you use to activate your account on the Platform and send you your evaluation results.)
when You carry out psychometric assessments
(While performing psychological evaluations we collect Data coming from your direct answers to the questions asked. Depending on the type of assessment, we use them as a basis for psychometric analysis of your personality traits, motivation or for evaluation of your competences.)
when You order us to analyse Your digital footprints
(At your request, we analyze how you use certain websites. In this case, the Data comes from websites to which you have given us access or from information publicly available on the Internet. Data is processed only for the purpose of providing the Services and providing you with the assessment result.)
Scope of Data Processed in the Analysis of the Results of Individual psychical evaluation.
As part of the analysis of the results of your psychometric assessment, we analyze Data relating to your character traits or skills, depending on the assessment conducted.
Scope of Data necessary for analysis of your digital footprints.
For analyzing your digital footprints we download Data at Your consent from the website You have given us explicitly access to or from publicly accessible information, such as content of your posts or Internet activities. Analyzed information has been made public by You on or originate from your online activities and usage of the various sites.
Purposes of Data processing.
It is necessary for You to provide Data for the purposes of provision of the following services:
- assessment of your personality traits and Your motivation;
- assessing of Your competence levels;
- psychographic analysis of Your social media and Your digital footprints;
- giving You recommendations concerning Your personal and professional development.
Legal basis of Data processing.
The legal basis for the processing of the Data is your consent to the processing of the Data which you have knowingly given pursuant to Article 6(1)(a) of the GDPR.
Clients and Representatives Data processing
We collect Data from our Clients and Representatives:
when You as a natural person or Representative set up Client account and provide Data in it
(When You set up a Client account we collect from You such Data as Your e-mail address and Your chosen alias. They are necessary to provide services to You).
when You calibrate the Platform in order to get correct recommendations concerning Users being job candidates.
(In order to optimize the Service, we need to obtain information from you regarding the context of your organization's operations and Data from you or a person in a supervisory position within your organization. This allows us to correctly match the psychological profiles of the candidates with the needs and nature of your organization's business.)
Purposes of Data processing
We process Clients and Representatives Data in order to provide the following services:
Providing Data is necessary to perform a Service.
- setting up an account and entering into an agreement;
- juxtaposing the psychological profiles of the recruitment participants with the Client's model of operations, taking into account the psychological characteristics of the people managing the Client's business;
- providing assessment results to Clients;
Providing Data is necessary to perform a Service.
Legal basis of Data processing
- For a Client being a natural person legal basis of Data processing is article 9 (1) (b) of the GDPR, because Data processing is necessary to performance of the agreement;
- A Representative legal basis of Data processing is article 6 (1) (f) of the GDPR, because Data is being processed on the basis of legitimate interest of the Controller, which is provision Services for the Client he/she represents.
Data of Platform Users
We collect Data of Platform visitors:
When You consent for use of cookie files.
(Some cookies used by the Platform collect Data to a limited extent. You can find more information about cookies in the Cookie Policy.)
When You contact Us.
(We collect Data in order to respond to your inquiries when you contact us via email or contact form).
When You consent for a direct marketing.
Purpose and legal basis of Data processing
Support
Processing Customer or Representative Data to communicate with visitors of the Platform for technical support related to the Services provided.
- In the case of a Client who is a natural person and in the case of a User, Data processing is necessary for the performance of the agreement[Article 6 (1) (b) GDPR].
- In the case of a Representative, Data processing takes place on the basis of the Controller's legitimate interest resulting from the provided Service[ 6 (1) (f) GDPR].
Ensuring safe and secure use of the Services.
We process Platform visitor Data to ensure the safety, security and reliability of the Platform. This includes detecting, preventing and responding to fraud, abuse, security threats and technical issues that may harm Human, Customers or Users.
We process Data based on the Controller's legitimate interest in ensuring the secure provision of our Services [Article 6(1)(f) GDPR], i.e. the proper functioning of the Platform, provision of electronic services and ensuring the cyber security of the Services.
We process Data based on the Controller's legitimate interest in ensuring the secure provision of our Services [Article 6(1)(f) GDPR], i.e. the proper functioning of the Platform, provision of electronic services and ensuring the cyber security of the Services.
Direct Marketing.
Sending commercial offers and newsletters to those who have given their consent to it.
Data is processed on the basis of the consent of the Data subject (Article 6(1)(a) GDPR).
Data is processed on the basis of the consent of the Data subject (Article 6(1)(a) GDPR).
Functioning of the Internet Platform. Use of cookies.
The use of cookies for the purposes of analysis, improvement and online marketing of the Services provided.
- In the case of the Customer - a natural person and in the case of the User - processing of the Data is necessary for the performance of the contract- [Article 6 (1) (b) GDPR].
- In the case of a Representative - the processing of Data is based on the Controller's legitimate interest in providing Services to Customers [Article 6 (1) (f) GDPR].
Data retention period
We will only process Your Data for the period necessary to fulfill the purposes set forth in this Privacy Policy or the Service agreement, unless longer retention is required by law (e.g. for tax or accounting purposes or due to other legal requirements) or retention is necessary to establish, exercise or defend the Controller's legal claims, in which case we will only retain the Data necessary to exercise our claims or defenses for the period necessary in the case and not exceeding the statutory periods of limitation.
Before the expiry of the period referred to above, we may stop processing Your data and delete it, in the following situations:
Before the expiry of the period referred to above, we may stop processing Your data and delete it, in the following situations:
- where the basis of processing is the legitimate interest of the Controller - when You object to data processing;
- in case of withdrawal of granted consent for Data processing, where the processing is based on consent.
Data sharing
In some situations, we transfer Your Data to third parties. Data recipients may be:
Entities to which we outsource services
related to the processing of Data, these will be, for example: our subcontractors or law firms;
Clients
in the case of Users, we provide some User’s Data to Clients with the consent of the User. The Data provided in this way is limited to the Data necessary for the performance of the Service;
Public authorities
including the Police, the tax authority, law enforcement agencies, in connection with the proceedings conducted by them pursuant to the relevant provisions of law.
Data transfer to third countries
We do not and do not plan to transfer User Data from the European Economic Area (and the United Kingdom) to countries outside the European Economic Area.
Your rights and Data Protection Officer
You have a number of rights in relation to our processing of Your Data. The person responsible for maintaining contact with You regarding the exercise of Your rights is the Data Protection Officer (DPO), appointed Marta Kaczynska . You can also contact the DPO by e-mail at the address [email protected] on all other matters relating to the processing of your personal Data.
Your rights are:
- the right of access to Your Data and right to rectify or delete it (‘right to be forgotten’);
- the right to object to the processing of Data for direct marketing purposes, which results in the cessation of our processing of your Data for direct marketing purposes;
- the right to object for reasons related to Your particular situation, if we process Your Data on the basis of a legitimate interest. However, we will continue to process this Data to the necessary extent, if there is a legitimate reason on our side;
- the right to transfer Data processed in connection with the performance of the contract or on the basis of Your consent and the right to limit Data processing;
- if the basis for Data processing is Your consent, You have the right to withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
To learn more about Your rights concerning processing of Your Data you may visit this website https://uodo.gov.pl/pl/383/579.
If you believe that Our processing of Your Data infringes law, You may file a complaint to the President of Polish Data Protection Authority (Prezes Urzędu Ochrony Danych Osobowych). More information about how to file a complaint You may find here: https://uodo.gov.pl/pl/83/155.
Profiling and automated decision making
Profiling is an official term used in GDPR. Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict certain aspects concerning that natural person’s performance at work, economic situations, health, personal preferences, interests, reliability, behavior, location or movement.
In order to carry out the Service, we use profiling when processing your Data. This means that in order to analyze your fit for a specific role, team and/or organization or make predictions about your behavior, we evaluate selected personal factors of yours through automated processing of your Data.
Automated decision making as part of the Service, involves deciding whether or not to provide a profile of a particular User to the Client as part of our recommendation. Such a decision results from an objective and automatic comparison of the result of a psychometric assessment of the User with the needs and nature of the activity of the Client's organization.
In order to carry out the Service, we use profiling when processing your Data. This means that in order to analyze your fit for a specific role, team and/or organization or make predictions about your behavior, we evaluate selected personal factors of yours through automated processing of your Data.
Automated decision making as part of the Service, involves deciding whether or not to provide a profile of a particular User to the Client as part of our recommendation. Such a decision results from an objective and automatic comparison of the result of a psychometric assessment of the User with the needs and nature of the activity of the Client's organization.
Rights you have as a result of automated decision-making
We understand that to some extent automated decision-taking could be a threat of infringing rights of our Users. Protecting the rights, freedoms, and legitimate interests of Users of our Services is a top priority for Us.
In accordance with that, acting in with the provisions of the GDPR, Controller allows each User to whom automatic recruitment decisions are made to exercise the following rights:
We have made every effort to make it as easy and convenient as possible for you to exercise these rights.
To exercise your rights regarding automated decision-making, please contact us by emailing us at [email protected].
In accordance with that, acting in with the provisions of the GDPR, Controller allows each User to whom automatic recruitment decisions are made to exercise the following rights:
- right to obtain human intervention;
- right to express his/hers point of view;
- right to contest the decision.
We have made every effort to make it as easy and convenient as possible for you to exercise these rights.
To exercise your rights regarding automated decision-making, please contact us by emailing us at [email protected].