- why we are able to process your information
- what purpose we are processing it for
- whether you have to provide it to us
- how long we store it for
- whether there are other recipients of your personal information
- whether we intend to transfer it to another country
- whether we do automated decision-making or profiling and
- what rights you have
Our activities related to storing and processing of all data aim to guarantee you a sense of complete security and lawful processing at a level appropriate to the data protection law applicable in Poland, including Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - called GDPR.
Personal Data Controller
The entity deciding on the purposes and methods of using your personal data (meaning their controller according to GDPR) is ChallengeRocket Sp. z o.o. with its registered office in Rzeszow (Poland), entered in the Register of Entrepreneurs of the National Court Register under number 0000638669.
You can contact us in many ways, by:
- phone +48 689 520 111,
- e-mail email@example.com,
- mail: Rynek 60/U6 st., 50-116 Wroclaw,
- contact form.
More details here.
Due to the possibility of publishing on the Platform challenges or jobs and by the other user, the Controller of your personal data may also be a potential Employer or Organizer of the challenge.
We are not responsible for compliance with the rules of protection of personal data by the Organizers or Employers with GDPR regulations. In any case, before registering for the challenge or recruitment process, we recommend you read the information provided by the potential Employer or Organizer.
We conscientiously approach the protection of data concerning you and constantly develop our systems and security processes. The security measures we use include:
- limited physical access to our buildings and user access to our systems - only for those who are entitled
- control mechanisms such as firewall, user verification, strong data encryption and separation of roles, systems and data
- proactive monitoring
We also use the highest standards in the industry to support the maintenance of a solid information security management system.
What data do we process?
Most of the personal data processed by us is passed directly to us due to one of the following reasons:
- you use the services we provide
- we service as the processor of the who is the controller of your data and these data have been made available to us in the scope binding us with the client,
- we obtained it directly from you or from a third party authorized to provide us with your information,
- you have filed a complaint or inquiry
- you have asked us for information
- you took part in the event organized by us
- you represent your organization
We only require the information necessary for the proper functioning of certain parts of our services. Failure to provide the required data will block the performance of certain fields, requiring the data concerned, which includes the personal data of a person responsible for the contact matters, business registration number. Remember that your password and email address will never be displayed publicly!
The basis for the processing
In any case, when we process your personal data, we must have a so-called "Legal basis". The legal bases result directly from the law (GDPR), below are those on which we most often rely:
- Consent: You have indicated to us that you agree to the processing of your data for a specific purpose e.g. to receive marketing messages
- Legitimate interests: only if processing is necessary for us to conduct our business and it does not interfere with the right to respect your privacy e.g. for direct marketing of our products or services
- Performance of the contract: we must process your personal data in order to be able to provide you with one of our services,
- Legal claims: when data processing is necessary to establish, enforce or defend our legal claims,
- Legal obligation: when we are obliged under law to process your personal data.
How do we use your personal data?
There are many ways and possibilities to use personal data regarding you, depending on how you interact with us. For example, if you do not provide us with your contact details (@), we will not be able to create an account for you on the Platform or provide other services.
We may also want to tell you about our (or our partners) job offers, challenges, ideas, products and services that we think may interest you. If we have your consent or it is in our legitimate interest, we can do it via mail, email, text message or other electronic means of communication. We will not send you marketing messages if you do not want to, but if you purchase a service from us, we can send you messages related to the service.
Evaluation of your preferences and interests
Our Platform aims to match events, recruitment process and messages to your interests and preferences (profiling) as best as possible. In order to provide you with the most transparent information below, we describe what profiling is about.
Recommended challenges or recruitment processes may be presented to you on the Platform after logging in, as well as in the form of notifications in the web browser and sent to the email address provided by you.
For this purpose, we process personal data provided by you, about your activity on the Platform, recorded and stored via cookies, in particular information about sent applications on challenges of recruitment process, achieved results and pageviews that have not been completed by sending a registration.
We can use the above data to create a professional profile that suits your skills, interests and preferences. Then, based on the profile created in this way, we can choose and present the best matching events or jobs.
In order to optimize the performance of the ChallengeRocket Platform and services for Users, we perform automated processing of Personal Data evaluating certain specific aspects relating to a user, in particular to analyze or predict aspects concerning a user’s personal preferences or interests in terms of ChallangeRocket’s Platform and services. Where it occurs, such processing is carried out if it is necessary for the performance of our agreement with our Users, to allow us to provide its services to Users and Clients, including analyzing applications and resumes on behalf of Clients, or in other cases on the basis of a user’s consent. We constantly analyze personal data in order to match the User’s activity and the results of the tasks to the offer.
After weighing our interest and your interests, rights and freedoms, we believe that marketing combined with profiling will not interfere excessively with your privacy or will not be too burdensome for you.
We respect your will and facilitate the realization of Your rights. For this purpose, we provide the opportunity to easily withdraw consent or object to processing.
Who might we share your personal information with?
In addition to us, access to your data may have a number of entities. They may be service providers with whom we cooperate, and who help us in delivering services that you expect from us or support us in our business. These entities process personal data on our behalf and must meet high security standards. We only share information that allows them to provide us services or facilitate their provision to you.
We compare your profile with the expectations of potential Employers or Organizers in order to recommend it to those who are the most appropriate and potentially meet the criteria you set. Therefore, access to your data (in particular, your profile data) may also be granted to potential Employers or Organizers whose requirements match your profile.
In some circumstances, we may also be legally obliged to disclose information about you - for example, by court order, law or public authority decision. In any case, we make sure that we have a legal basis to share information about you and document our decisions.
If you consider that the job offer you are making should be public, any outside person will have access to your personal information. We are not responsible for any copying or distribution by any third party.
Access to your data will also be available to the organizer of the recruitment process or the challenge for which you applied.
International transfers of personal data
For the purposes of the processing purposes described in this policy, we may transfer your personal information to our suppliers, partners or service providers located outside the European Economic Area (EEA). In any case, if your data can be transferred outside the EEA, we will inform you about it.
At the same time taking care of the security of your data we strictly follow the rules of their transfer resulting directly from the GDPR.
How long do we keep your personal data?
Is there an obligation to provide personal data?
As a rule, providing your personal data is completely voluntary, however, it may be necessary for the implementation of specific services or your requests, eg. creating an account on the Platform, execution of your processing rights, organizing or participation in the challenges of recruitment process etc. providing data may also be necessary due to the applicable law.
In accordance with the provisions of the law on the protection of personal data - GDPR, you have specific rights depending on the basis for processing your data.
Right to access personal data
You have the right to know if and how we use or store your personal data - the so-called right to access personal data. By using this right, you can also ask us for a copy of your data.
Right to correct personal data
You may question the accuracy of the data we process and ask us to correct it. This is the so-called "right to correct personal data". If your data is incomplete, you can also ask us to complete it, e.g. by adding new information.
Right to erasure
You can ask us to delete your data and in some circumstances we must do so. This entitlement is also known as so-called "The right to erasure". This right is not absolute and applies, among others in the following circumstances when:
- we do not require your data anymore,
- you initially agreed to the processing, but now you have withdrawn it,
- you opposed the use of your data,
- We processed your data unlawfully.
We may deny you the right to "erasure" in the following circumstances:
- when we are legally obliged to store your data,
- data storage is necessary to establish, enforce or defend legal claims.
Right to restrict use of your data
You have the authority to limit the way we use your data, especially if you are concerned about the accuracy of the data or how it is used. If necessary, you can also submit a request to delete certain information about you. This right is closely related to your rights to question the accuracy of your data and the ability to object to their use.
The right to export the data
You have a right to gain access to your personal data in a version which can be open on the computer, e.g. csv file. You can also ask the company for sending your personal data to the other economic subject. We can do this only if, as it was said in GDPR, it will be technically possible. It concerns only the information given for us on your own and the export goes in electronic format.
The right to withdraw the consent
If the processing of personal data is based on the sign consent, you can withdraw the permission at any moment. However, it doesn’t involve the data processed earlier.
The right to make a complaint to supervisory authority
The processing of personal data in our company covers the highest standards of security. If you have some questions or doubts, please contact us and we will answer. If you still are unpleased by the given answer or the execution of your privileges, you can make a complaint to the supervisory authority (in Poland President of the Personal Data Protection Office) about the way we process your personal data.
The execution of your rights
You can ask for the execution of your privileges in a written or oral form. If your request will be in oral form, we advise you to send us also a written form or e-mail message to provide us with the correspondence trace. The correspondence gives us clear evidence of your action and helps with answering according to your expectations as soon as possible.
The execution of your rights is free of charge and we answer no longer than a month after the request. In case of possible delays, you will be informed immediately.
Our website may use the cookies files, which are the IT data, especially text files, which are stored on the Data Terminal Equipment (DTE). In general, cookie files contain the www address of the page from which they came from, the time of storing in DTE and the unique number.
The subjects, who can insert information in the form of cookies files in the device which you use to browse the website and who can get the access to them is ChallengeRocket and our partners who for instance provide analytical services, advertisers or applications providers.
The cookies files are used to:
- service provision,
- make browsing the websites in an easy way,
- identify the end device, on which the files were already downloaded, in case of reconnecting with the website,
- create the statistics, which help in understanding how the users browse the website or what can make the structure and content of the website better,
- adjust the content of website to the specific preferences and optimize browsing the web pages, all adjusted to the individual needs of users,
- exchange information with our business partners in order to broker in supplying their services while using the website.
The types of cookies files
We can use the following types of the cookie files on our website:
- “sessional”- they are stored on the DTE till the user leaves the page or closes the browser,
- “permanent”- they are stored on users DTE for the time which is determined in their parameters or to the deleting them by the user,
- “performance testing”- they record the information how the web pages are used,
- “functional”- they make possible to remember settings chosen by the user and the personalization of the interface,
- “internal”- provided by the website,
- “external”- sourced on another site than our website.
The full list of cookies we use can be found here.
The website settings management
The software to browse the website, i.e. web browser, usually by default allows storing the cookies files on DTE. You can change those settings.
The web browser allows delaying the cookies files. You can also automatically block the cookies. More detailed information about the case might be found in the “help” option or in the records of your browser.
Using the Platform by children (<13 years)
ChallengeRocket does not collect personal information from children under the age of 13. If you're under 13, you must ask your parents or legal guardians for permission to use the service before sending any information about yourself.
We pay great attention to the security of your personal information. We also encourage you to protect your data from unauthorized access to your account. Please remember to log out of the service every time after using a shared computer.
Information that ChallengeRocket processes on your behalf
If you are the organizer of the event or recruitment process whose registration and course you conduct using the Platform in accordance with the GDPR, you are the controller of the participants' data. We hold the data of your participants in your account as long as you or candidate/participant choose to use Platform. After you terminate your account, your data will be deleted.
The data processing of participants in your event takes place on your behalf in accordance with the Terms and art 28 of GDPR. More in Terms and Conditions.