By this Privacy Policy APS Holding provides information on the data processing conditions of employee candidates in accordance with regulation No 2016/679 of the European Parliament and of the Council on the General Data Protection Regulation (“GDPR”).
The personal data contained in your job application and collected during the recruitment process are handled by relevant local APS entity.
The contact details of the Data Controller (for Czech Republic) are as follows:
APS Investments, s.r.o.
Seat: Pobřežní 394/12, 180 00 Prague 8, Czech Republic
Email address: info@aps-holding.com
Website: www.aps-holding.com
The data of the Data Controller's Data Protection Officer are as follows:
Name: Barbora Kubíková – Group DPO
Email address: .gdpr_group@aps-holding.com
Phone number: 00420 776 505 103
(hereinafter „Controller”)
Please check relevant local contact for other contries in our General Data Protection Policy in local language.
Scope, legal basis and time of data processing
Please note that applying for any job advertised by the Controller, i.e., sending your CV, job application, which may be sent directly or through a recruitment agent, head-hunter, job advertising portal, is necessary in order to establish an employment relationship with you, to create an employment contract pursuant relevant Labor Act.
The legal basis for data processing is the establishment of an employment contract under Article 6(1)(b) of the GDPR and fulfillment with legal obligations under Article 6(1)(c) of the GDPR.
The personal data provided by you during recruitment process as well other personal data we collect, will be processed during the recruitment process and all your data will be deleted at the same time as the recruitment process is completed. If the recruitment process is delayed and lasts for more than three (3) months, your data will be processed for a maximum of three months from the date of submission, however we may ask you to permission to extend this period.
If we have not chosen you for such a position, your data will be deleted at the time of the decision, but within 3 months at the latest.
However, you also have the possibility to save and process this data in our database for future recruitment and job offer sending purposes, regardless of the position involved in your application. You can give a separate consent to this. If you have given your consent, the legal basis for our processing for storing in candidate’s database is voluntary consent under Article 6(1)(a) of the GDPR. In the event of such consent, we are entitled to process your personal data in our own database for another 2 year for this purpose. Before the expiry of the 2 years, we may contact you for another 2 years of data processing consent and we recommend that you clarify and update your data. If you do not consent to further data processing or do not declare within 30 days of sending the request, your data will be deleted from the database.
Please note that you are free to withdraw your consent at any time, in which case your data will no longer be processed and will be deleted from our database.
If we establish an employment relationship with you, the processing of your data is governed by the data processing period specified in our employee privacy policy.
The legal basis for data processing is determined separately by category of data and for data processing purposes:
| Data category | Data source | Purpose of processing | Legal basis | Storage |
|---|---|---|---|---|
| Contact data (Name, Surname, E-mail address, Phone number, Address, Signature, Date of Birth, ID number, Citizenship Signature, Photo) | Concerned applicant or job portal | Recruitment, Bidding, Contacts, Identification, Pre-employment checks, Store in database | Article 6(1)(b) GDPR: establishment of an employment contract, pre-contractual relationship and Article 6(1)(c) GDPR fulfillment with legal obligation relating to money laundering and In the case of storage a candidates database: Article 6(1)(a) GDPR: Consent | If no employment relationship is established: Until the date of the decision, but for a maximum of 3 months In case of special consent for storage in a database: for 2 years (or consent withdrawal if earlier event) |
| Professional data (applied position, work history, education, trainings, certificates, recommendation letters, language, driving license information) | Concerned applicant or job portal | Recruitment, Bidding, Contacts, Identification, Pre-employment checks, Store in database | Article 6(1)(b) GDPR: establishment of an employment contract, pre-contractual relationship In the case of storage a candidates database: Article 6(1)(a) GDPR: Consent | If no employment relationship is established: Until the date of the decision, but for a maximum of 3 months In case of special consent for storage in a database: for 2 years (or consent withdrawal if earlier event) |
| Personality and behavioral characteristics observed during the interview, necessary for assessing suitability | Controller | Recruitment, Bidding, Contacts, Identification, Pre-employment checks, Store in database | Article 6(1)(b) GDPR: establishment of an employment contract, pre-contractual relationship In the case of storage a candidates database: Article 6(1)(a) GDPR: Consent | If no employment relationship is established: Until the date of the decision, but for a maximum of 3 months In case of special consent for storage in a database: for 2 years (or consent withdrawal if earlier event) |
| Professional test answers and results | Applicant concerned | Recruitment, Bidding, Contacts, Identification, Pre-employment checks, Store in database | Article 6(1)(b) GDPR: establishment of an employment contract, pre-contractual relationship In the case of storage a candidates database: Article 6(1)(a) GDPR: Consent | If no employment relationship is established: Until the date of the decision, but for a maximum of 3 months In case of special consent for storage in a database: for 2 years (or consent withdrawal if earlier event |
| Job-related strengths, weaknesses, potential | Applicant concerned | Recruitment, Bidding, Contacts, Identification | Article 6(1)(b) GDPR: establishment of an employment contract, pre-contractual relationship | If no employment relationship is established |
Processing data from social media
If you apply for a position in APS, we may view your profile on social media platforms, including Facebook, LinkedIn, activity, posts, and comments to assess your suitability to the job position. We only view publicly available information about you on social media platforms and we do not search in private groups or other non-public places or in restricted public places. Furthermore, we do not save or store your social media profiles or record them.
We do not process sensitive or special information about you based on social media profile data. We only look at relevant information related to the job advertisement and the position you want to fill.
Compliance
We are subject to various legal obligations in terms of statutory (e.g. laws of the financial sector, anti-money laundering laws) and regulatory requirements. This includes processing your personal data for the purpose of compliance with applicable banking laws such as the applicable legislation on markets in financial instruments (MiFID), Know-Your Empoyee (KYE), and Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT), cooperation for the prevention of financial crimes, complying with requests from, and requirements of, local or foreign regulatory or law enforcement authorities.
Notification of the success of your application
If the recruitment process is completed within 3 months, we will inform you by e-mail whether we wish to establish an employment relationship with you or not.
If the recruitment process is not completed within 3 months, according to this Privacy Policy your data will be automatically deleted, therefore we will ask you for permission for further processing.
Granting and withdrawing consent
You may give us voluntary consent to the processing of the above personal data for storage purposes in the candidates database (by e-mail, other electronic means, in writing (including electronic documents, messages.
You can withdraw your consent at any time by the e-mail message sent to the above e-mail address, where mandatory data: name, date of birth and e-mail address, in order to identify whose data we shall delete.
If consent is withdrawn, all processed data will be deleted, including the data you provide for identification. The obligation to data deletion covers both electronic and paper data and applies to the our records and conclusions relating your job application.
The Controller may process personal data in connection with exercising data subjects exercise their data protection rights in connection with the data processing of the Controller.
Automated decision-making
When processing personnel agendas, we use analyzes, which consist in the evaluation of all available data that we have available. However, processing does not occur fully in these analyzes automated decision-making.
Recipients of personal data
The Controller does not transfer the personal data to third parties, with the exception of the general recipients (e.g. cloud provider, standard business applications providers) and public authorities specified in the law or the mandatory act of the European Union.
Your rights
The Controller ensures that your Personal Data are processed in secure and accurate manner. You may exercise all the rights described in this clause with the Controller.
How can you exercise your rights?
You may exercise each individual right via sending an email to barbora.kubikova@aps-holding.com or by calling to +420 776 505 103 eventually by sending a written request to the address of the Controller.
A statement or information on measures adopted shall be provided to you by the Controller as soon as possible, but not later than within 1 month from receipt of the request. The Controller is entitled to extend this period by 2 months taking into account complexity of the issue and number of requests submitted. The Controller will inform you on such an extension.
RIGHT TO BE INFORMED - AT LEAST ABOUT:
(i) the identity and the contact details of the Controller and of the Controller's representative;
(ii) the contact details of the DPO;
(iii) the purposes of the processing of the Personal Data as well as the legal basis for the processing;
(iv) the legitimate interests pursued by the Controller or by a third party, if applicable;
(v) the recipients or categories of recipients of the Personal Data;
(vi) if applicable, the fact that the Controller intends to transfer Personal Data to a third country or international organization and the existence or absence of an adequacy decision by the European Commission, or reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
RIGHT OF ACCESS
You may request access to your Personal Data and obtain information what Personal Data concerning your person are being processed, and access the following information:
(i) the purposes of the processing;
(ii) the categories of Personal Data concerned;
(iii) the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations;
(iv) the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine such period;
(v) the existence of the right to request from the Controller rectification or erasure of the Personal Data or restriction of processing of the Personal Data concerning you or to object to such processing;
(vi) the right to lodge a complaint with a supervisory authority;
(vii) where the Personal Data are not collected from you, any available information as to their source; and
(viii) if applicable, the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
The Controller shall provide a copy of the Personal Data undergoing processing. For any further requested copies, the Controller may charge a reasonable fee based on administrative costs. The DPO or other authorized person may decide that you should be asked to cover the costs or that your request can be rejected. Where the request is made by the electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.
RIGHT TO RECTIFICATION
(i) You have the right to request the Controller to rectify your inaccurate Personal Data.
(ii) You have also right to have your incomplete Personal Data completed, including by means of providing a supplementary statement. While executing this right, the purposes of the processing must be taken into account and the DPO shall decide whether it is appropriate or not.
RIGHT TO ERASURE
You have the right to ask the Controller to erasure your Personal Data. The Controller shall have the obligation to erase your Personal Data where one of the following grounds applies:
(i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(ii) you object to the processing and there are no overriding legitimate grounds for the processing;
(iii) the Personal Data have been unlawfully processed;
(iv) the Personal Data have to be erased for compliance with a legal obligation in an European Union or Member State law to which the Controller is subject.
Right to erasure shall not apply to the extent that processing is necessary for the establishment, exercise or defense of legal claims.
RIGHT TO RESTRICTION OF PROCESSING
You have the right to restrict the processing where one of the following applies:
(i) you contest the accuracy of the Personal Data, for a period enabling the Controller to verify the accuracy of the Personal Data;
(ii) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its processing instead;
(iii) the Controller no longer needs the Personal Data for the purposes of the processing, but you require it for establishment, exercise or defence of legal claims;
(iv) you have objected to processing pending the verification whether the legitimate grounds of the Controller override those of yours.
RIGHT TO OBJECT
You have the right to object, on grounds relating to the particular situation, at any time to processing of your Personal Data, including profiling.
The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (Czech Data Protection Authority, Pplk. Sochora 27, 170 00 Praha 7.) of the alleged infringement if you consider that the processing of the Personal Data infringes your rights.
12. General information
The Controller may change, amend, repeal or replace this notification any time if necessary while the updated Notification must be published at least 30 days before its effect.
General information how we process personal data can be found: https://www.aps-holding.com/personal-data-processing.
Date: 10.03.2022