Our Company Privacy Policy
The controller of the processing of the personal information is:
DNA325 OÜ (“We” or “us”)
Registry code 16661258
Correspondence address: Harju maakond, Tallinn, Kesklinna linnaosa,
Narva mnt 5, 10117, Estonia
Contact email address:
data@dna325.com
DNA325 OÜ is a company specializing in providing recruitment services (“Service”). It is essential that the individuals using the Service ("Users”) feel safe with and are informed about how we handle the User's personal data in the recruitment process.
General information
We handle all personal data following the higher standard for personal data protection introduced by the new European data protection act, better known as the General Data Protection Regulation (GDPR).
Our Privacy Policy explains what data we process, how we do that and how you may use your rights as a data subject (e.g., right to object, right of access).
This Privacy Policy is subject to change from time to time. If we make changes, you can find the current version of the Privacy Policy on our website. You can tell when this Privacy Policy was last updated by looking at the date at the top of the Privacy Policy. In some cases, we may provide additional notice by sending you a notification through email. Your further use of the website or any of our products and services will be subject to the updated Privacy Policy. We will not make substantial changes to this Privacy Policy or reduce your rights under this Privacy Policy without providing you notice through email.
This Privacy Policy applies to all Users' personal data that we process during the execution of the Service, including the personal data of visitors and users of our website dna325.com; our existing or potential customers (collectively referred to as “customers”), as well as candidates for current or future roles at our companies or our customers’ companies.
This Privacy Policy only covers handling data carried out by DNA325 OÜ. The Privacy Policy does not address, and we are not responsible for the privacy practices of any third parties.
This Privacy Policy is not absolute, and in certain cases, it is a subject to conditions as specified in the provisions of domestic and/or international law.
Collection of personal data (what & how)
We are responsible for the processing of the personal data that the Users contribute to the Service, or for the personal data that we in other ways collect with regard to the Service.
You directly provide us with most of the data we collect. We receive personal data directly from you when you interact with us, especially when:
- you make an application to job openings through the Service or otherwise, or by using third-party services, platforms and social media such as Facebook or LinkedIn, job boards, etc. These applications are subject to those external platforms’ terms of use and privacy policies as well.
- you use the Service to connect with our staff and recruitment consultants, adding personal data about yourself either personally by email, phone, Skype, WhatsApp, Telegram and other means, or by using a third-party source such as Facebook, LinkedIn, etc.
- you communicate about job openings, vacancies and potential job opportunities of any other type with us by phone or verbal communication, software (Skype, WhatsApp, Telegram and other means, or by using a third-party source such as Facebook, LinkedIn, etc.) or in person;
- you provide identifiable data in the chat provided through the website that uses the Service;
- you undergo a candidate selection process (for instance, have an interview, pass assessment tasks, etc.) for job openings, vacancies and potential job opportunities of any other type;
- you use or view our website via your browser’s cookies;
- you sign up for our newsletters, surveys and other informational content that DNA325 OÜ distributes;
- you fill in the contact form on our website;
- you use any of our products and services as a customer;
- you contact us with informational requests or requests to provide any other information, and/or for any other purposes.
We collect data from third parties, such as Facebook, Linkedin and other public sources. This is referred to as “Sourcing” and is manually performed by our staff and recruitment consultants and is also carried out by automated means. Data collection from third parties also occurs when we check professional references (such as seeking confirmation of a previous job title, length of employment, etc.).
In some cases, existing employees, other Users or third parties (e.g., by mentioning you in comments to social media posts where we promote job openings) can make recommendations about potential applicants. In the cases where this is made, and if we store any of your personal data, the potential applicant is considered a User in the context of this Privacy Policy and will be informed about the processing.
The User also consents to us collecting publicly available information about the User and compiles them for use in recruitment purposes.
Purpose and lawfulness of processing
The legal basis for the processing of your personal data is consent that you provide to us and is done with the purpose of Controller’s recruitment handling, products and services delivery, and content distribution.
The lawfulness of the processing of personal data is our legitimate interest in:
- simplifying and facilitating the recruitment process;
- conducting our business operations by approaching new professionals for available job openings, vacancies and potential job opportunities of any other type;
- the effective delivery of the Service to satisfy your demands, including the search and selection of candidates for our needs and/or for customers’ companies needs.
Personal data that is processed with the purpose of aggregated analysis or market research is always made unidentifiable. Such personal data cannot be used to identify a certain User. Thus, such data is not considered personal data.
We use your personal data in ways that you would reasonably expect, and our legitimate interest serves as a legal basis for the collection and processing of your personal data only if, and to, the extent it does not interfere with your rights and freedoms.
The consent of the data subject
The processing of the personal data of Users normally only takes place with the consent of the User, when the User allows us to process their personal data for the specific purpose. There are exceptions to this, in cases when obtaining consent in advance is impossible for objective reasons or the processing of data is required by laws and regulations.
You can revoke the consent whenever you want by contacting the Controller using the contact details listed in this Privacy Policy. Using this right may, however, means that the Service provision to you may be interrupted or terminated and/or you cannot apply for a specific job.
We may share your personal data with third parties outside DNA325 OÜ for other reasons than the one mentioned before when we have your explicit consent to do so, unless such is necessary for the provisions of the Services.
If you share personal data of any third person with us, you ensure that you have received freely given, specific, informed and unambiguous consent of that person to such transfer and further processing of respective data by us, and you may present appropriate evidence of it upon request.
All transfer of personal data is done with your explicit consent and following the EU-compliant methods.
Types of data we collect
The categories of personal data that can be collected through the Service can be used to identify natural persons from:
- contact details like names, addresses, email addresses, phone numbers, user IDs and usernames in messengers and telecommunication applications, other contact details, profile pictures and videos;
- links to and information from their accounts in social media, professional communities and public platforms, like Facebook, LinkedIn, Stack Overflow, GitHub, GitLab, Djinni, Kaggle, Medium, etc.;
- demographic data like age, gender, country of temporary and/or permanent residence, immigration status;
- professional background information like titles, education, work experience, skills, certificates, references, employers and/or clients and other information that the User provided through the Service;
- other information like salary and/or salary expectations, language proficiency, interests, hobbies, as well as any other personal data voluntarily provided by you;
- any personal data that is provided in resumes, CVs and cover letters provided by Users;
- answers to questions asked through the recruiting in correspondence, by phone or verbal communication, software or in person.
Only data that is relevant for the recruitment process is collected and processed.
We also collect details of any transactions and payments between us and the data subjects.
Certain types of data are not collected intentionally, like criminal records, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
The Service is not intended for individuals under the age of 18. DNA325 OÜ does not knowingly collect any Personal Identifiable Information from children under the age of 18. If you think that your child provided us with this kind of information, we strongly encourage you to contact us immediately, and we will put our best efforts to promptly remove such information from our records. If you are under 18, please do not provide us with any information about yourself.
Types of cookies we use
There are a number of different types of cookies, however, our website uses:
- Functionality — we use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and the location you are in. A mix of first-party and third-party cookies is used.
- Advertising — we use these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. We sometimes share some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
The user’s data collected in this manner are pseudonymized through technical means. This means that the data can no longer be matched to the user who opened the website. The data are not saved together with any other personal data of the user.
Cookies are saved on the computer of the User and transferred from it to our website. This is why you, as the user, have full control over the use of cookies. You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser or to alert you when cookies are being sent. However, in a few cases, some of our website features may not function properly. For more information about cookies and how to delete them, visit www.allaboutcookies.org.
Using your personal data
We may use your personal data for recruitment handling, products and services delivery, content distribution, and to run, maintain and develop our businesses, performing our obligations under a contractual arrangement.
To ensure that our services are in line with your needs, these data can be used for things like customer satisfaction surveys. We might also request another party to do this for us.
We may also process information about your use of the services to improve the quality of our services, e.g., by analyzing any trends in the use of our services. When possible, we will do this using only aggregated, non-personally identifiable data.
The lawfulness of the processing of personal data is our legitimate interest in:
- simplifying and facilitating the recruitment process, like communicating with candidates for the roles, evaluating data about candidates against the requirements set out to a specific role to select the appropriate candidates, sending offers to the selected candidates, organizing further cooperation with selected candidates, contacting candidates for future opportunities that may be interesting to them, etc.
- conducting our business operations by approaching new professionals for available job openings, vacancies and potential job opportunities of any other type;
- managing our website, allowing users to visit and search through our website, improving the website operation and enhancing user experience, troubleshooting, investigating, and fixing website-related errors;
- the effective delivery of the Service to satisfy your demands, including the search and selection of candidates for our needs and/or for customers’ companies needs.
Please be assured we will handle your personal data only in line with the purpose for which it was collected. If at any moment we intend to process your personal data for any other purpose, we will not do this without sending you respective notification / your prior explicit consent (subject to the exclusions and limitations which may be provided in the provisions of domestic and/or international law).
When you make an application to a job opening or send a spontaneous application to us, one of our recruitment consultants will receive and process your application. DNA325 OÜ is responsible for this personal data handling.
We also reserve the right to share images or video footage of Users on our websites and on social media, that are produced as a result of meetups, events or any other similar activities by DNA325 OÜ.
Transfer of personal data to a third party
We do not pass on, sell or exchange Users’ personal data to third parties.
We may transfer User's personal data to:
- our contractors and subcontractors, acting as our Processors and Sub-Processors in accordance with our instructions, for the provision of the Service;
- our customers to fill vacancies and maintain a candidate database for upcoming vacancies;
- authorities or legal advisors in case criminal or improper behavior is suspected;
- authorities, legal advisors or other actors, if required by us according to law or authority’s injunction.
We will only transfer Users’ personal data to contractors and subcontractors, processors and sub-processors that we have confidence in. We carefully choose partners to ensure that the User’s personal data is processed in accordance to current privacy legislations.
We may outsource particular operations to third parties and, consequently, transfer your personal data to our IT systems providers, website hosting providers, data analysis, data backup, security and cloud storage services, consultants and other providers. We only share personal data that they reasonably need to provide their services and will not transfer your personal data to any third parties for their own direct marketing purposes. Likewise, we ensure that third party service providers are authorized to use your personal data only as necessary to provide services on our behalf or in our interest.
Considering the nature of recruiting business, partners that we share your information with include our customers, like software development companies, outsourcing agencies and other businesses that we have a written Service Agreement with. If we find a suitable position for you within our other partner companies, we will share your personal data with them. In this case, your personal data will be used according to their terms of use and privacy policies.
We may share your personal data with third parties outside DNA325 OÜ for other reasons than the one mentioned before when we have your explicit consent to do so, unless such is necessary for the provisions of our services. You are entitled to withdraw this consent at all times.
In the event of a sale, merger, receivership or transfer of all assets of DNA325 OÜ, we reserve the right to assign or share your personal data with such third parties and their advisors. Please be assured that you will be sent notice of such an event should it occur with the ability to opt-out of such a transfer unless DNA325 OÜ and/or such third parties have a separate legitimate ground for such transfer and further processing of your personal data.
Storing your personal data
We use various technologies to collect and store information when you visit our website, including cookies. Cookies allow us to calculate the aggregate number of people visiting our websites and monitor the use of the websites. This helps us to improve our websites and better serve our Users. We also use cookies that make the use of the website easier for you, for example by remembering usernames, passwords and (language) preferences. We also use tracking and analytics cookies to see how well our services are being received by our Users.
Your personal is stored using tools, servers and/or software made available or hosted by third-party service providers. This storage shall not be considered a disclosure of your personal data to third parties as far as third-party service providers do not have direct access to it.
Tools and services we use to store personal data include:
Manatal, Google Workspace, Trello, Mailchimp, Facebook, HubSpot,
Pipedrive, Mailtrack, LinkedIn, Stack Overflow and other online
services on demand.
Our sites use Google Analytics and other web analytics services to compile reports on visitor usage and to help us improve our sites and services. For an overview of Google Analytics, please visit https://www.google.com/analytics/. You can opt-out of Google Analytics with this browser add-on tool: https://tools.google.com/dlpage/gaoptout.
You are free to withdraw your consent at any time by contacting us, upon which we will delete your personal data without further delay (unless we have a separate legitimate ground for further processing). If you withdraw your consent, it will not affect the lawfulness of prior processing of your personal data based on your consent before you withdrew it.
We do not store your personal data longer than is legally permitted and necessary for the purposes for which the data were collected. The storage period depends on the nature of the information and the purposes of the processing. Considering that the User as a candidate may be interesting for future recruitment, we may store the Users’ store CVs for a maximum of three years after submission, and other personal data for an unlimited period of time after submission until they are no longer of value as potential recruitments.
You can revoke your consent to have your personal data processed for this purpose (future recruitment) anytime by contacting the Controller using the contact details listed in this Privacy Policy.
The personal data collected as part of the Sourcing is a case when obtaining consent in advance is impossible for objective reasons. Unless the User provides consent to handling their personal data, their personal data is erased within 6 months.
We keep your personal data obtained in connection with your sign-up for our newsletters, surveys and other informational content that DNA325 OÜ distributes until you unsubscribe.
We store some types of personal data for a more extended period of time, if required by our legal and/or statutory obligations, like audit, accounting, tax reporting, service quality control, statistical purposes and alike. For these relevant reasons, your personal data will be stored for as long as necessary without further notice to you, and, if possible, anonymized in such a manner that you are not or no longer identifiable.
The personal data collected through the Service is stored and processed inside the EU/EEA, or such third country that is considered by the European Commission to have an adequate level of protection, or processed by such suppliers that have entered into such binding agreements that fully complies with the lawfulness of third country transfers (as Privacy Shield) or to other supplies where adequate safeguards are in place to protect the rights of the data subjects whose data is transferred.
Marketing
We would like to send you information about products and services of ours that we think you might like
If you have agreed to receive marketing materials, you may always opt out at a later date.
You have the right at any time to stop DNA325 OÜ from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please send an inquiry to data@dna325.com.
Your data protection rights
We would like to make sure you are fully aware of all of your data protection rights. Every User is entitled to the following:
- The right to access - you have the right to request us for copies of your personal data. The request for copies of your personal data are processed and are provided free of charge, unless the requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character.
- The right to rectification - you have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete information you believe is incomplete. We are not required to notify third parties to whom your personal data has been disclosed of any rectification when such notification involves an unreasonable burden or disproportionate effort.
- The right to erasure — you have the right to request that we erase your personal data, under certain conditions. We are not required to notify third parties to whom your personal data has been disclosed of any deletion when such notification involves a disproportionate effort or unreasonable burden.
- The right to restrict processing - you have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing - you have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability - you have the right to request that we transfer the data that we have collected to another organization or directly to you under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact the Controller using the contact details listed in this Privacy Policy.
Security
We endeavor to maintain the highest possible standard regarding the protection of personal data. We take the measures that can be reasonably expected to make sure that the personal data of Users and others is processed safely and in accordance to this Privacy Policy and the GDPR. Access systems are required on all computers and phones that handle personal data.
However, transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that you take care in deciding what information you send to us and take responsibility to ensure that your data is protected. It is the responsibility of the User that their login information is kept secret.
Should, despite the security measures, a security breach occur that is likely to have negative effects on your privacy, we will inform you about the breach as soon as reasonably possible and as directed by the Data Protection Authority.
Privacy policies of other websites
Our website contains links to other websites. Our Privacy Policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
Contact us
If you have any questions or complaints regarding this Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, or report any suspicious activity, including automated messages or calls from parties you cannot identify, please do not hesitate to contact the Controller using the contact details listed in this Privacy Policy.
Contacting the appropriate authority
Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact the relevant supervisory authority (the contacts of the European Union national data protection authorities are available at the website of the European Data Protection Board).