Privacy Policy
Introduction
The main goal and priority of Empathy Talent is to ensure the confidentiality and protection of the personal data of our Customers, Suppliers, Consultants, Employees and Job Candidates and transparency in their processing. Below you can find the whole information on how we process and protect your personal data and how you can contact us for additional details.
Data Controller
In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of 27.4.2016 on the protection of natural persons with regard to the processing of their personal data and on the free movement of such data, and repealing Directive 95/46/EC, EU L 119 of 4.5.2016 (GDPR), we inform you that, the Controller of your personal data is Empathy Talent OU with its registered company number 16117371 (“The Controller” or “ET”) and with its registered office at Ahtri tn 12, Tallinn, 10151, Estonia.
About this Policy
This Policy describes the nature of Empathy Talent’s processing of your personal data. The policy scopes all services Empathy Talent delivers. The terms and conditions for the use of Empathy Talent services are described further in the Terms & Conditions for each service (General Terms & Conditions).
We may develop new services or offer additional services in the future. We will provide you with more information and/or additional terms and conditions about the launch of such services bringing about a material change in how we collect and process your personal data. Unless otherwise stated at the launch of such new or additional services, they will be subject to this Policy.
The purpose of this Policy is to:
- Ensure that you know what personal data we collect about you and understand the purposes for which we collect and process it, and who we share it with;
- Explain how we process the personal data you share with us;
- Explain your data subject rights and choices regarding the personal data we collect and process about you;
- Inform you on how we protect your privacy
Data Categories and Data Subjects
The table below describes which categories of personal data we collect with categories of data subjects included and process linked to your use of the service:
| Categories of personal data | Description |
| Platform services or website User | This is the personal data that you provided or that we have collected in order for you to register for and use ET services. The information includes username, email address, phone number, address, and country. Personal data that we request is required to fullfill the form or create your account. |
| Client /Customer’s representative | This is the personal data that you provide, or that we have collected, in order to be able to process you as a customer representative in order to maintain a business relationship with you and the company you represent. The data includes first and last name, email address, phone number, role. |
| Candidate/Job Aplicant | This is the personal data that you send when using our service platforms, when applying for a published job offer for a given position or when you give a consent for participating in the recruitment process, both via external job portals, as well as directly through contact our recruiter. The data may include first and last name, e-mail address, telephone number, city, roles, skills, language skills, personal description, as well as CV files, and other attachments regarding your career path and employment or education. |
| Consultant | This is the personal data that you or your representative / supplier provide or that we have collected in order to process the request for work order for you as a consultant, as well as for orders in future, data necessary for signing contract with you. This data may also include all information necessary during the duration of your work order and contract and the provision of your work services by you to our clients. This may include your name, social security nr, ID nr, address and phone nr, data and place of birth, position, education, career history, salary, taxes and time sheets. |
| Supplier Representative | This is the personal data that you provide, or that we have collected, in order to be able to process you as a supplier representative in order to maintain a business relationship with you and the company you represent. The data includes first and last name, email address, phone number, role. |
| Employee/Civil Contractor | This is the personal data that you provide to us as part of establishing permanent cooperation with us on the basis of an employment contract, civil job contract or B2B contract. The scope of the processed data is determined by the applicable legal regulations, e.g. Labour Code, and includes any other personal data to which you have voluntarily given your consent, e.g. due to participation in the ET social benefits program. The scope of data can include: name, surname, social security nr, ID number, email address, phone number, place of residence, date and place of birth, position, education, career history, renumeration, taxes, time sheets, holidays and sick leaves as well as other periods of absence, data necessary to launch the services of external providers of social, medical, sports and recreational services. |
| Family Member/Contact Person | This is the personal data that you provide directly or indirectly by ET’s employee or contractor due to your application to the benefit program or data provided to contact with you in connection with the employment of above mentioned persons, the Controller’s employees and contractors, in case of any emergencies in the workplace. |
Data processing purposes and legal grounds
When you collaborate with the Data Controller or use ET Service’s, we use a variety of techniques to process the personal data we collect about you for various reasons. In the table below, we describe the purposes for the processing of your personal data, the legal bases we rely on to process your personal data, and the categories of data subjects:
| Description of why ET processes your personal data (‘processing purposes’) | Legal basis for processing the personal data | Categories of personal data that ET uses for the purpose of processing |
| To provide and adapt our services. |
|
|
| To understand, diagnose, troubleshoot and solve problems for our delivery systems. |
|
|
| To evaluate and develop new features, technologies, and improvements to ET’s services. |
|
|
| In order to carry out the recruitment process and propose you new job offers and new work services orders. |
|
|
| In order to comply with legal commitments and inquiries in relation to the judiciary and any other Controller’s legal requirements. |
|
|
| In order to comply with contractual obligations to take appropriate measures regarding the information on infringements of intellectual property rights and inappropriate content. |
|
|
| For the purpose of establishing, exercising, or defending legal claims |
|
|
| To carry out business planning, reporting, and analysis. |
|
|
| To detect fraud and illegal use of the service. |
|
|
| To provide you, as an Employer or your contracting party, with additional benefits and services, that you had given consent to. |
|
|
| To maintain a business relationship with you and your company. |
|
|
| In order for your application for an assignment to be processed or a contract to be drawn up. |
|
|
| To be able to treat you as a supplier’s or customer’s representative to maintain a business relationship with you and your company. |
|
|
Right to consent withdrawal
When your data are processed on the legal ground of your consent, you have the right – as a data subject – to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Sharing your personal data – Recipients Categories
We have categorised the recipients of your personal data collected or generated through your use of the Service. Information that we may share:
| Categories of recipients | Reason for sharing information |
| Service Providers | We use service providers who perform services for us. These service providers may need access to certain personal data in order to deliver their services to us. For example, service providers can be companies that provide customer service support, operate the technical infrastructure we need to provide the service or help protect and secure our systems and services. |
| Other companies in ET Group | If necessary, we share your personal data with other companies in the ET Group for our day-to-day operations and to maintain and provide the service. |
| Judiciary and data protection authorities | We share your personal data where we deem it necessary to comply with our obligations under applicable law or to respond in a legal process, such as during a search, a court order, or a subpoena. We also share your personal data where we deem it necessary to safeguard our own, or a third party’s, legitimate interest in national security, law enforcement, litigation, criminal investigation, protection of the security of a person, or to prevent death or imminent bodily harm, provided that we believe that such interest does not override your interests or fundamental rights and freedoms that require the protection of your personal data. |
| Our customers and entities searching job candidates and consultants | We share your personal data as part of the provision of services to our clients, which are entities looking for employees and associates, both on a permanent basis and in projects. Your personal data is necessary in order to recommend your candidacy or sign a contract with you and also to transfer your data to the entities that will be end recipient of your work and services. |
| Buyers of our business | We share your personal data in cases where we sell or negotiate to sell our business to a buyer or prospective buyer. In this situation, ET continues to ensure your privacy and notifies you before your personal data is transferred to the buyer or subject to a different privacy policy. |
Storage and erasure of your personal data
We save your personal data only for as long as is necessary for you to use ET’s services, as well as for legitimate and essential business purposes, such as to maintain the provision of the Services, and as long to comply with our legal obligations and to resolve disputes.
Personal data obtained on the basis of consent we process for the period for which consent was given or until is withdrawn.
At your request, we remove or anonymize your personal data so that it no longer identifies you, unless we are legally entitled or obliged to retain certain personal data, such as in the following situations:
- If there is an unresolved issue attributable to your account, such as an outstanding claim or in the event of a dispute, we will save the necessary personal data until the issue is resolved;
- If there is a legal, tax, audit and/or accounting obligation for us to store personal data, we will store the necessary personal data for the period of time claimed by applicable law; and/or,
- If necessary for our legitimate business interests, such as to prevent fraud or maintain security for our users.
Transfer to other countries
ET as Data Controller may share your personal data within the EU/ESS with other companies in the ET Group in order to carry out the activities set out in this Policy. The processing of your personal data may therefore be governed by data protection legislation that is different from the law of your country.
For more information about the security measures we take to protect your personal data, please refer to Section 10. ‘How we protect your personal data’ in this Policy.
Links
We cannot control third party data protection management and content. If you click on a third-party advertisement or link, please note that this means that you leave ET’s control and that the personal data you provide outside the service is not covered by this Policy. Please read the third party’s privacy policy to find out how they collect and process your personal data.
How we protect your personal data
We are committed to protecting our users’ personal data. We take appropriate technical and organizational measures to ensure the protection of your personal data. We have implemented a framework of policies and processes, including anonymization/pseudonymization, encryption, and access and retention policies to protect against unauthorized access and unnecessary storage of personal data in our systems.
Your password protects your user account, so we recommend that you use a strong password that is used uniquely for your account, never share your password with anyone, restrict access to your computer and browser, and sign out after using the service.
Your rights
The EU Data Protection Regulation or “GDPR” gives individuals certain rights regarding their personal data. We, therefore, offer transparency and access controls that help users to exercise the rights available under applicable law and with the restrictions that apply by law. The rights of data subjects include:
- Right of access – the right to be informed about, and request access to, the personal data we process about you;
- Right to rectification – the right to request that we correct or update your personal data if it is incorrect or incomplete;
- Right to erasure – the right to request that we delete your personal data;
- Right to restriction – the right to request that we temporarily or permanently cease the processing of all or some of your personal data;
- Right to object – the right, at any time, to object to us processing your personal data for a particular purpose;
- Right to data portability – the right to request a copy of your personal data in electronic format.
Data Protection Authority
If you are not satisfied with our processing of your personal data, we hope that you will cooperate with us so that we can find a solution together. You can also contact or file a complaint to the Swedish Data Protection Authorities (Datainspektionen).
Changes to the Policy
Changes and updates to this Policy may occur.
When we make material changes to this Policy, depending on the circumstances, we will notify you in an appropriate manner, for example through clear information in the service or by contacting you via your registered email and/or a push notification. Make sure you read such messages carefully to understand what change or update has occurred, and how this change affects you.
If you want to know more about this Policy and how ET processes your personal data, you can contact us according to the contact details in ‘How to get in touch with us’.
How to get in touch with us
If you have any questions about this Policy, you can contact our Data Protection Officer by sending an email to dpo@empathytalent.com , or by writing to us at the following address:
Empathy Talent OU
Ahtri tn 12
Tallinn, 10151
Estonia
This Policy describes the purposes and methods of personal data protection resulting from the following legal acts:
- General Data Protection Regulation [“GDPR”]- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – Journal of Law L 119 of May 4th, 2016
- Guidelines of the Article 29 Data Protection Working Party of 4th April 2017 on Data Protection Impact Assesment [“DPIA”] and determining whether processing is “likely to result in high risk”, for the purposes of Regulation 2016/679; WP 248/17
- Guidelines of the Article 29 Data Protection Working Party of 13th December 2016 on data protection officers [“DPOs”], WP 243/16, revised on April 5th, 2017