Privacy Policy

  1. Basic Provisions
    1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is Cybrela s.r.o., ID No.: 175 97 943 (hereinafter: "Controller").
    2. The contact details of the Administrator are
      • address: Rybná 682/14, Prague 1, 110 00
      • e-mail: info@cybrela.com
      • phone: +420 774 984 485
    3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Sources and categories of personal data processed
    1. The Controller processes personal data that you have provided to it or personal data that the Controller has obtained as a result of your request.
    2. The controller processes your identification and contact data and the data necessary to process your request.
  3. Lawful basis and purpose of the processing of personal data
    1. The lawful reason for processing personal data is
      • consent by the data subject to the processing of his or her personal data for one or more specific purposes pursuant to Article 6(1)(a) of the GDPR,
      • the legitimate interest of the Controller in providing direct marketing (in particular for sending commercial communications and newsletters including 3rd party services or goods) pursuant to Article 6(1)(f) GDPR.
      • performance of the contract on the basis of a legal title, legislative regulation.
    2. The purpose of the processing of personal data is
      • the selection procedure for a given job position; for this purpose, the personal data required for the inclusion of the candidate in the selection procedure (name, surname, address, telephone number and email) are required; the provision of personal data is a necessary requirement for the selection procedure, without the provision of personal data the candidate cannot be included in the selection procedure,
      • registration of your person as a potential employee with the Administrator; for these purposes, personal data is required that is necessary for the inclusion of the applicant in the register of job seekers (e.g. name, surname, address, telephone number, email, etc.; the provision of personal data is a necessary requirement for the inclusion of the applicant in the register, without the provision of personal data it is not possible to include the applicant in the register; consent is granted for a period of 1 year from the date of sending personal data,
      • handling of inquiries sent to the Administrator via the web contact form (within the scope of name, surname, company name, email, phone number and text of your message),
      • to carry out statistical analyses and research or to customise the content of its services (within the scope of the IP address),
      • sending commercial communications, newsletters (including 3rd party services or goods) and other marketing activities,
      • records of customers and job applicants.
    3. There is no automatic individual decision-making by the Controller within the meaning of Article 22 GDPR.
  4. Cookies
    1. A cookie is a small file that a website stores on a User's computer, tablet or smartphone, which allows the website to "remember" your actions or preferences in the long term. It is used to distinguish individual Users accessing the xITee Site, but not to obtain personal information about Users (the information obtained may include, for example, the IP address of the connecting computer or the type of browser used).
    2. The Administrator uses cookies on its website for the following purposes:
      • to maintain the user session; these cookies are necessary to enable the Administrator to distinguish individual users when displaying the website and thus display relevant data only for the user;
      • basic settings of the website also for non-logged-in users, affecting the display of the website according to the user's choice (e.g. if the user disables the display of a certain graphic element, these cookies allow the user's choice to be respected) or taking into account the frequency or order of browsing (e.g. on the first visit, information may be displayed that is no longer displayed on subsequent visits).
    3. The website may also contain third-party cookies, which are used by the administrator to obtain anonymous statistics on traffic and typical user behaviour on individual pages. These third parties generally do not store any personal data in connection with the use of cookies, as the identity of the user is not known to them (provided that the user is not also a registered user of the products of such a third party, e.g. Google). These are the following cookies:
      • Google Analytics - xITee uses this service to obtain statistical information and Google may also retain the data collected for its own use in accordance with the Privacy Policy available at http://www.google.com/intl/cs/policies/privacy; http://www.google.com/intl/cs/policies/privacy;
    4. The user can allow, block or delete cookies stored on his/her computer by configuring his/her browser, but such choice will affect the correct display of the site. More on the most used browsers:
    5. Users have the option to exclude the processing of cookies via the Visual Website Optimizer on specific websites here: http://visualwebsiteoptimizer.com/opt-out.php.
  5. Data retention period
    1. The controller stores personal data
      • for as long as necessary to exercise the rights and obligations,
      • for as long as necessary, in the case of processing to deal with enquiries,
      • for the period until the voluntary consent to the processing of personal data is withdrawn in the case of registration of your person as a potential employee, but no longer than 1 year from the date of sending the personal data,
      • until the voluntary consent to the processing of personal data for marketing purposes is withdrawn, if the personal data is processed on the basis of consent.
    2. After the expiry of the retention period, the Controller will delete the personal data.
  6. Recipients of personal data (subcontractors of the Controller)
    1. The recipients of personal data obtained from customers / job applicants are only authorized employees of the Controller. We use all personal data exclusively for internal company use, protect it from misuse and do not disclose it to third parties without prior notice or your consent.
    2. The exceptions are institutions that may receive personal data from the Controller on the basis of legislative regulations (e.g. mandatory reporting to government authorities, insurance companies, financial administration authorities, etc.) or to a reasonable extent to selected service providers. We have contractual relationships with these suppliers that contain the necessary rules for the handling of personal data within the scope and parameters required under Article 28 of the GDPR.
    3. An exception is also made for external companies (the processors listed below) that provide support services for us only to the extent necessary for the purposes of processing:
      • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the purpose of the processing referred to in Article III., under number 2. and under d)
      • Facebook, Facebook Headquarters, 1 Hacker Way, Menlo Park, CA 94025, for the purpose of the processing referred to in Article III., under No. 2. and under e)
  7. Your rights
    1. Under the conditions set out in the GDPR you have:
      • the right of access to your personal data under Article 15 of the GDPR,
      • the right to rectification of personal data pursuant to Article 16 of the GDPR or restriction of processing pursuant to Article 18 of the GDPR.
      • the right to erasure of personal data pursuant to Article 17 GDPR.
      • the right to object to processing under Article 21 GDPR; and
      • the right to data portability under Article 20 GDPR.
      • the right to withdraw consent to processing in writing or electronically to the address or email of the Controller specified in Article I of these Terms.
    2. You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
  8. Personal data security conditions
    1. The controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data.
    2. The Controller has taken technical measures to secure data storage and storage of personal data in documentary form, in particular through: access control, data encryption, protection by application firewall, regular backups and many other partial measures that the Controller implements.
    3. The controller declares that only persons authorised by it have access to the personal data.
  9. Final Provisions
    1. By submitting an enquiry via the web contact form, you confirm that you are aware of the privacy policy and that you accept it in its entirety.
    2. The administrator is entitled to change these conditions. It will publish the new version of the Privacy Policy on its website.

Privacy Policy
These terms and conditions take effect on: 5.12.2022
version: 1.0