In application of the provisions of the General European Data Protection Regulation of April 2016 (RGPD), the Organic Law 3/2018 of December 5, Protection of Personal Data and guarantee of digital rights (LOPDGDD), and Law 34/2002 of July 11, Services Information Society and Electronic Commerce (LSSICE), we inform you that TALENTOO WEB SOLUTIONS, SL, owner of the domains www.talentoo.net and www.talentoo.es (hereinafter, “Talentoo“), as well as their Users (Employers/Recruiters), responsible for personal data, maintain a commitment to strict compliance with current legislation on the processing of personal data and security of information in order to ensure to those affected that the collection and processing of data provided are carried out with full security guarantees.
1. Data Processing Responsibility
The person responsible for the Employers’ and Candidates’ personal data shall be an organization or individual who is professionally engaged in the selection of personnel, recruitment and/or employment intermediation (hereinafter referred to as “Recruiters“). The contact details of the aforementioned Recruiters must be provided by each entity to the Employers and Candidates whose details they are processing. Talentoo will be considered, for these purposes, as the Data Processor is the Employer’s responsibility, given that it is the technological platform in which the communication and understanding relationship between the Employers and the Recruiters takes place.
In this sense and in order to be able to register as a user of Talentoo, the Selecter must complete an initial electronic form with the following data: commercial name, company name, CIF, contact person, position and contact person’s email, sector of the company, size of the company, country, telephone, fiscal address, postal code, website, description of the company and password. The data collected in this form must be truthful, adequate, relevant and not excessive in relation to the scope, purposes and determined, explicit and legitimate services.
2. Purpose of Data Processing
The Recruiters process Recruiters’ and Candidates’ data for the purposes detailed below:
- Search and selection of personnel for contact with the Employers. In this sense, the Recruiters manage vacancies and job vacancies by means of the registration by the Candidates for the job vacancies published by them.
- Management of the selection of the Candidates needed.
- Sending of messages by the Employers, through the Talentoo communication platform to inform the candidate of the status of their application.
- The use of instant messaging. The Employers may initiate a conversation with the Recruiters via Talentoo’s instant messaging service.
- Transfer of data to public bodies and authorities, provided that they are required to do so in accordance with laws and regulations.
In order to ensure that the information is always up to date and free from errors, those concerned are requested to communicate any modifications or corrections to their personal data as soon as possible.
3. Data Retention Period
Employers’ and Candidates’ data will be kept for the duration of the contractual and commercial relationship with the Recruiters, or until any of the affected parties requests its suppression, in compliance with the duration of the time necessary to comply with legal obligations.
The personal data of those affected will be kept for the time necessary to fulfill the purpose for which it was collected. If such data is used for various purposes that oblige the Recruiters to retain it for different periods, the longer period of retention will apply.
In any case, access to the data of those affected will be limited only to those persons who need to use it for the performance of their duties.
Data retention periods are based on business needs, so access to personal data that is no longer necessary will either be limited to the fulfilment of strict legal obligations or will be securely destroyed.
Regarding the use of Employers’ and Candidates’ information for the management of any contractual obligation they may have with the Selecter, the latter shall keep such data for the duration of the contract and for the following five years. In the case of the latter period, such data shall remain blocked, and may only be used for the purpose of attending to possible subsequent queries or claims.
Certain information must be kept for the periods required by specific applicable regulations (tax, commercial, money laundering, etc.). During this period of time, such data will remain blocked, and may only be used in order to be able to deal with possible queries or subsequent claims.
4. Basis of Legitimation
It shall be understood that the Recruiters have the express, unequivocal and informed consent of the Employers to process their personal data in accordance with the provisions of the RGPD.
The Recruiters must previously have the respective authorization and express, unequivocal and informed consent of the Candidates to process the personal data of their CV as well as the information contained therein, in order to register them in the Talentoo offers that are of their interest and/or appropriate to their professional profile. This, in turn, may provide the Recruiters with the information that can be viewed in their profile, namely: age, province, economic pretensions, availability for incorporation to the job and CV (anonymized) of the candidate of their interest. In the option “see CV” you will be able to download the CVs received from the Recruiters. These CVs will be presented anonymously (neither candidates’ identification nor their contact details will appear) but the answers to the key questions that the Contractor has formulated will be provided.
5. Data Recipients
The personal data of those affected will be communicated to third parties in the following cases:
Talentoo reserves the right to require the Employers, at any time, to demonstrate the veracity of the information provided on the platform, as well as the express, unequivocal and informed consent of the Candidates for the processing of their personal data.
- The personal data of those affected may also be transferred to the competent authorities in cases where there is a legal obligation.
6. Rights of the Affected
Those affected may exercise the rights recognised by the RGPD at any time and free of charge to the person responsible for processing personal data in each case.
To this end, as explained above, the Recruiters, who are responsible for processing, must provide information on the trade name, company name, VAT number, contact person, contact person’s position and email, company sector, company size, country, telephone number, fiscal address, postal code, website, company description and password in order to register as a Talentoo user. This data will be essential for those affected to exercise their rights of access, rectification, deletion, limitation, portability and opposition against those responsible in this regard:
- Those affected have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- In certain circumstances, you may request the limitation of the processing of your data, in which case it will only be kept for the exercise or defence of claims.
- In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. The data controller shall cease to process the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
- You may also exercise the right to the portability of the data, as well as withdraw the consents provided at any time, without this affecting the lawfulness of the processing based on consent prior to withdrawal.
Your exercise of these rights is subject to certain exceptions for reasons of general interest (e.g. prevention or detection of crime). If you exercise any of these rights, verifications will be made that you are entitled to do so, and you will receive an answer within the maximum period provided by Spanish legislation.
If you are not satisfied with the way your information is used or with the response to the exercise of any of these rights, you can file a complaint with the Spanish Data Protection Agency (www.agpd.es).
7. Security Measures
In order to ensure and maintain the protection, security, integrity and availability of your data, various security measures are carried out.
Although it is not possible to guarantee absolute protection against intrusions when transmitting data over the Internet or from a website, every effort is made to maintain the physical, electronic and procedural protection measures to guarantee the protection of your data in accordance with the applicable legal requirements in this area. The measures used include the following:
– limit access to data exclusively to those persons who need to know it in view of the tasks they perform;
– as a general rule, transfer the data collected in encrypted format;
– always store the most sensitive data (such as credit card data) in encrypted format;
– install perimeter protection systems for computer infrastructures (“firewalls”) to prevent unauthorised access, e.g. “hackers”
– regularly monitor access to computer systems to detect and stop any misuse of personal data.