Last updated: 25th of May, 2018
These impossible-to-read policies are one of the reasons the EU decided it was time for a change: the General Data Protection Regulation, or GDPR, comes into effect from 25th May, 2018. After this date, businesses will need to be clearer and more open about the way they collect and use your data.
At Schibsted, we think this is a positive change and we’ve been hard at work preparing for it. We’ve created tools, controls and simple guides that will help you understand your rights and stay in control of your privacy.
Schibsted Tech Polska is responsible for safely and securely storing your data on schibsted.pl and making sure any use of that data is lawful under the new Regulation.
Learn how we care about your data
Examples of data usage:
- When you are browsing Schibsted.pl website, we are using analytic cookies from Google Analytics, which are collecting data about your browser and device. However, we are not able to identify you personally, and those data are used solely for analytic purposes – to include those data in the plans to improve the website.
- When browsing Schibsted.pl website sometimes you might get a pop-up that is asking you to subscribe for our newsletter. By sharing your e-mail address & information about city and/or favorite technologies you’re giving us rights to send you e-mails about interesting events, job offers or interesting content from the blog. In every mail sent from us you receive links enabling you to edit your data or complete unsubscribe from the list.
- You received an e-mail from us about interesting event & you decided to register for it. Your data is sent to the Eventbrite platform which is enabling us to send you a ticket, verify it at the event & also send e-mails about event – like location, agenda & any other information related to that specific event. You have full rights including Rectification, withdraw consent & right to erasure at any given time.
- The data controller for any data acquired via schibsted.pl website is Schibsted Tech Polska sp. z o.o registered in Kraków, Armii Krajowej 28, KRS number: 000408354, assigned to Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy Krajowego Rejestru Sądowego, NIP: 6751471453, REGON: 122490640. Protecting your privacy is compliant with all the applicable laws, and the data are stored on the secure server.
- In order to protect your right for privacy & ensure that the transferred data are secured, all communication at schibsted.pl is running through SSL-secured protocol
- All the data acquired via any forms on the schibsted.pl website are treated as classified & they’re not visible for any unauthorized individuals.
The purpose of data collection
Every kinds of data collected via schibsted.pl website are used only for the following purposes:
- organizing events
- doing back ups
Data collected for our recruitment needs
- With the proper user’s permission Administrator & might collect data for a continuous recruitment needs & share those data with Schibsted ASA, Postboks 490 Sentrum, NO-0105 Oslo. The apply form enables Administrator to collect the following data: first name, last name, city of interest, e-mail address, phone number, link to your LinkedIn profile, CV in the PDF format, together with all the information included in the document (if the candidate applied the proper clause).
- We need your permission to process your personal data, however it’s necessary to in order to run the recruitment process that you’re taking part in. Your data is not being profiled or used by any automated software handling the decision process. You can withdraw your permission for data processing at any point of the recruitent process.
- For a legitimate interests purposes your data might be shared with the following types of external companies: law firm, IT service, delivery service logistic company, accounting office (in order to be prepared for your employment).
- Candidate data is kept in Jobylon 24 months after registration date for the following purposes:
– To be able to match candidates with relevant future job openings.
– To be able to evaluate interview data if the candidate re-applies. Stored data is used to create tasks, if the candidate wants to be marked as available for future vacancies.
– Business value: To be able to use stored candidates as a database for sourcing.
– Discrimination: In cases where Schibsted will need to show that the employment procedure was non-discriminatory.
If you apply for a job at Schibsted your personal data will be registered with and processed by us. The purpose of the registration is to enable us to handle the recruitment process in question and to use the data for future recruitment. Your application will be automatically deleted 24 months after first registration unless otherwise requested by you. An option to maintain your account beyond this timeframe will be sent to you prior to deletion. For active candidates, this data is necessary in order to facilitate the recruitment process, which is the legitimate interest of Administrator.
- Data acquired by the apply form might be used only for the recruitment needs and require user’s agreement (checkbox) in each application in order to process personal data.
- The candidate in the recruitment process and/or the one in the contacts base might be asked for additional permissions for data processing and have full data access rights, right to restrict processing, right of rectification, right to erasure, right to object to processing, right to withdraw constant, the right to lodge a complaint with a Data Protection Authority (DPA) & data portability rights.
Data collected for event organization purposes
- With the proper user’s permission Administrator might collect data for a event organization purposes using Eventbrite service. Your data is sent to the Eventbrite platform which is enabling us to send you a ticket, verify it at the event & also send e-mails about event – like location, agenda & any other information related to that specific event.
- Using forms provided by Eventbrite Administrator might collect the following data: first name, last name, city of interest, e-mail address, phone number, favourite technology, link to your LinkedIn profile & other data that user is not required to provide. You have full data access rights, right to restrict processing, right of rectification, right to erasure, right to object to processing, right to withdraw constant, the right to lodge a complaint with a Data Protection Authority (DPA) & data portability rights.
Data collected for e-mail marketing purposes
- With the proper user’s permission Administrator might collect data for e-mail marketing purposes – a newsletter sent no more than 4 times a month, with information about job offers, events, content from the blog related to Schibsted Tech Polska. Your data are stored for the time of newsletter being operational.
- The following data might be stored in external services, in order to have a prove that you’ve agreed to sign up for a newsletter: first name, last name, city, technology of expertise. When you sign up for our newsletter you always receive a confirmation e-mail. Your data will be stored only if you click the button clearly stating your confirmation.
- We might ask you to sign up for our e-mail newsletter using Facebook ads. You need to give Facebook permission to send data to Administrator and then you also need to confirm your e-mail address and click the button clearly stating your confirmation. For more information check out the privacy settings on your Facebook account.
- With the proper user’s permission Administrator might collect the following data: first name, last name, city of interest, e-mail address, favourite technology, link to your LinkedIn profile & other data that user is not required in order to sign-up.
Data collected for the backup purposes
- Administrator might collect the following data for the backup purposes: first name, last name, e-mail adress, IP adress, the content of the comment left on the Schibsted.pl
- Data collected through schibsted.pl website are stored on secured servers of Amazon Web Services – check out the full information.
- Administrator is obliged to take the full responsibility to take care of data collection & ensure that they’re used according to the given permissions, it means to recover data lost in case of: random factors, human error, hardware and/or software failure.
Data acquired for analytics purposes
It’s important to us that you get what you want out of Schibsted’s sites and products.
We run different types of user testing on all our products before we release them, but this can only tell us so much. The true test is how people in real life react to what we do, and we can only know that by looking at data.
One of the ways we decide that we need to make improvements is by looking at how people use our sites. This means we look at which buttons and links are most clicked on, how long people spend reading a certain page, how many people scroll all the way to the bottom of a page or article, and so on. If it looks like no one is interested in certain parts of our sites, we look at what we can do to make it better.
How we use the data
Schibsted sites use a range of data types in different ways to make our sites and content more interesting and relevant for you. The most important point to note about the way we use data is that we look for patterns in large groups of users; we don’t need to look at data belonging to any one individual person.
Here are some of the ways we use the different data we collect:
Personal profile data
Depending on how much you tell us about yourself, we make predictions about what sort of advertising might be useful and interesting for you, and what kind of content you might want to see first. If you don’t tell us your age or gender, for example, our algorithms try to guess which general group you belong to based on other people’s similar browsing habits.
When we see patterns in the types of articles, links and other content that large groups of our users click on and spend time looking at, we get a better idea of what people in a certain age-group, location or gender enjoy and we try to make sure they get more of it.
We design and build our sites and services with different browsers and devices in mind. When we know which device you’re using – like your mobile phone, a tablet or iPad, or your laptop, for example – we can make sure you get the version of our site that looks best and is easiest to use on that device.
Cookie is not the delicious, crunchy kind. When we talk about internet cookies, we mean small text files that are saved on your computer or device, via your browser, when you visit a website. The information in a cookie tells the website things like:
- whether you’ve visited before
- if you have an account that you chose to stay logged in to
- if you have items in a shopping cart
- ads you saw, pages you visited or buttons you clicked on
- The collected, non-personally identifiable data might include: IP address, browser name/version, language, type of operating system, ISP, data & time, localization & the data sent us via contact form.
- On Schibsted.pl we use the following type of cookies:
- necessary type of cookies – enabling the core functionality of the webiste – used for people with access to administration panel.
- security cookies – to prevent data breaches
- performance cookies – collecting data about your browsing on Schibsted.pl
- As a User you have a full rights to disable collecting cookies using settings in your browser. You can also delete the ones you’ve already collected. Check out the instruction here.
- Administrator has rights to share User personal data to authorites, based on the applicable law, including the data of your requests to erase all the information about you.
- If you would like to receive additional information about the data we’ve collected about you and/or exercise your rights, please write us an e-mail to firstname.lastname@example.org
- Administrator has 30 days to process your request, however we will do our best to quickly share with you all the information you need.
- If you are resident in the European Union and you are dissatisfied with how we have managed a complaint you have submitted to us, you are entitled to contact your local data protection supervisory authority. As Schibsted Tech Polska operates in Poland, it operates under the remit of the Polish Office of the Data Protection Commissioner (see: GIODO Website)