Privacy Policy – EN

Last updated: 25th of May, 2018

Introduction

In the past, you probably signed up for a lot of websites or services after only a quick glance at their privacy policy. We know how it is – you know you should read it, but it’s so long and full of heavy legal language. No one’s got time for that.

These impossible-to-read policies are one of the reasons the EU decided it was time for a change: the General Data Protection Regulation, or GDPR, comes into effect from 25th May, 2018. After this date, businesses will need to be clearer and more open about the way they collect and use your data.

At Schibsted, we think this is a positive change and we’ve been hard at work preparing for it. We’ve created tools, controls and simple guides that will help you understand your rights and stay in control of your privacy.

Schibsted Tech Polska is responsible for safely and securely storing your data on schibsted.pl and making sure any use of that data is lawful under the new Regulation.

This Privacy Policy applies to all the websites & services used and operated by Schibsted Tech Polska sp. z o.o. except where otherwise noted.

Learn how we care about your data

Examples of data usage:

  1. When you are browsing Schibsted.pl website, we are using analytic cookies from Google Analytics, which are collecting data about your browser and device. However, we are not able to identify you personally, and those data are used solely for analytic purposes – to include those data in the plans to improve the website.
  2. When you decide to apply for a job – you need to fill out the form and check the box that you agree with our Privacy Policy. In order to process your data you need to include a clause in your CV. Your data will be stored on Jobylon – our recruitment service, which is allowing us to contact you throughout the recruitment process and/or propose you a similar job offer in the future. You have full rights including Rectification, withdraw consent & right to erasure at any given time.
  3. When browsing Schibsted.pl website sometimes you might get a pop-up that is asking you to subscribe for our newsletter. By sharing your e-mail address & information about city and/or favorite technologies you’re giving us rights to send you e-mails about interesting events, job offers or interesting content from the blog. In every mail sent from us you receive links enabling you to edit your data or complete unsubscribe from the list.
  4. You received an e-mail from us about interesting event & you decided to register for it. Your data is sent to the Eventbrite platform which is enabling us to send you a ticket, verify it at the event & also send e-mails about event – like location, agenda & any other information related to that specific event. You have full rights including Rectification, withdraw consent & right to erasure at any given time.
  5. You’ve seen on Facebook one of the articles from the Schibsted blog. It was an interesting topic to you and you’ve decide to leave a comment. You are doing this using Disqus platform, one of the most popular of its kind in the world. The content of your comment, together with your IP & e-mail address is handled by the platform, to which as a user you have a full access (you always need to register for the platform and accept its privacy policy). For the backup purposes the content of your article, together with IP & e-mail address will be stored on a secured Amazon server.

General

  1. The data controller for any data acquired via schibsted.pl website is Schibsted Tech Polska sp. z o.o registered in Kraków, Armii Krajowej 28, KRS number: 000408354, assigned to Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy Krajowego Rejestru Sądowego, NIP: 6751471453, REGON: 122490640. Protecting your privacy is compliant with all the applicable laws, and the data are stored on the secure server.
  2. In order to simplify this privacy policy page, the following terms are introduced: “Administrator” – Schibsted Tech Polska sp. z o.o.; “User” – any person visting the Schibsted.pl website; “RODO” & “GDPR” – (EU) 2016/679 a regulation in EU law on data protection and privacy for all individuals within the European Union.
  3. In order to protect your right for privacy & ensure that the transferred data are secured, all communication at schibsted.pl is running through SSL-secured protocol
  4. All the data acquired via any forms on the schibsted.pl website are treated as classified & they’re not visible for any unauthorized individuals.

The purpose of data collection

Every kinds of data collected via schibsted.pl website are used only for the following purposes:

  • recruitment
  • organizing events
  • marketing
  • doing back ups
  • analytics

Data collected for our recruitment needs

  1. With the proper user’s permission Administrator &  might collect data for a continuous recruitment needs & share those data with Schibsted ASA, Postboks 490 Sentrum, NO-0105 Oslo. The apply form enables Administrator to collect the following data: first name, last name, city of interest, e-mail address, phone number, link to your LinkedIn profile, CV in the PDF format, together with all the information included in the document (if the candidate applied the proper clause).
  2. Data acquired by the apply form are shared with our recruitment software provided by Jobylon AB, with Swedish registration number 556810-6172, a company incorporated under the laws of Sweden and with its registered office is located at Brahegatan 10, 114 37 Stockholm, Sweden. See the privacy policy page here.
  3. We need your permission to process your personal data, however it’s necessary to in order to run the recruitment process that you’re taking part in. Your data is not being profiled or used by any automated software handling the decision process. You can withdraw your permission for data processing at any point of the recruitent process.
  4.  For a legitimate interests purposes your data might be shared with the following types of external companies: law firm, IT service, delivery service logistic company, accounting office (in order to be prepared for your employment).
  5. Candidate data is kept in Jobylon 24 months after registration date for the following purposes:
    – To be able to match candidates with relevant future job openings.
    – To be able to evaluate interview data if the candidate re-applies. Stored data is used to create tasks, if the candidate wants to be marked as available for future vacancies.
    – Business value: To be able to use stored candidates as a database for sourcing.
    – Discrimination: In cases where Schibsted will need to show that the employment procedure was non-discriminatory.
    If you apply for a job at Schibsted your personal data will be registered with and processed by us. The purpose of the registration is to enable us to handle the recruitment process in question and to use the data for future recruitment. Your application will be automatically deleted 24 months after first registration unless otherwise requested by you. An option to maintain your account beyond this timeframe will be sent to you prior to deletion. For active candidates, this data is necessary in order to facilitate the recruitment process, which is the legitimate interest of Administrator.
  6. Data acquired by the apply form might be used only for the recruitment needs and require user’s agreement (checkbox) in each application in order to process personal data.
  7. The candidate in the recruitment process and/or the one in the contacts base might be asked for additional permissions for data processing and have full data access rights, right to restrict processing, right of rectification, right to erasure, right to object to processing, right to withdraw constant, the right to lodge a complaint with a Data Protection Authority (DPA) & data portability rights.

Data collected for event organization purposes

  1. With the proper user’s permission Administrator might collect data for a event organization purposes using Eventbrite service. Your data is sent to the Eventbrite platform which is enabling us to send you a ticket, verify it at the event & also send e-mails about event – like location, agenda & any other information related to that specific event.
  2. Event Brite is operated by Eventbrite, Inc., a Delaware corporation, registered in San Francisco, 155 5th Street, Floor 7, San Francisco, CA 94103, Reg. No. 4742147 (“Eventbrite US”). According to the law the company has signed Privacy Shield enabling the service to send user’s data for servers placed outside the European Union. See the Privacy Policy page.
  3. Using forms provided by Eventbrite Administrator might collect the following data: first name, last name, city of interest, e-mail address, phone number, favourite technology, link to your LinkedIn profile & other data that user is not required to provide. You have full data access rights, right to restrict processing, right of rectification, right to erasure, right to object to processing, right to withdraw constant, the right to lodge a complaint with a Data Protection Authority (DPA) & data portability rights.

Data collected for e-mail marketing purposes

  1. With the proper user’s permission Administrator might collect data for e-mail marketing purposes – a newsletter sent no more than 4 times a month, with information about job offers, events, content from the blog related to Schibsted Tech Polska. Your data are stored for the time of newsletter being operational.
  2. The following data might be stored in external services, in order to have a prove that you’ve agreed to sign up for a newsletter: first name, last name, city, technology of expertise. When you sign up for our newsletter you always receive a confirmation e-mail. Your data will be stored only if you click the button clearly stating your confirmation.
  3. We might ask you to sign up for our e-mail newsletter using Eventbrite service (our event software). This option is not a mandatory in order to participate in the event. Privacy policy | Privacy Shield
  4. We might ask you to sign up for our e-mail newsletter using SurveyMonkey service (our survey software). This option is not a mandatory in order to share your feedback in the survey. Privacy Policy | Privacy Shield
  5. We might ask you to sign up for our e-mail newsletter using Google Forms service (our second survey software). This option is not a mandatory in order to share your feedback in the survey. Privacy Policy | Privacy Shield
  6. We might ask you to sign up for our e-mail newsletter using Facebook ads. You need to give Facebook permission to send data to Administrator and then you also need to confirm your e-mail address and click the button clearly stating your confirmation. For more information check out the privacy settings on your Facebook account.
  7. By browsing Schibsted.pl website you might also get a pop-up asking you to sign-up for our e-mail newsletter. It’s powered by Mailjet SAS, a company registered under the laws of France under number 524 536 992 with the Paris Trade & Companies Register, and having its registered office at 13-13 bis, rue de l’Aubrac 75012 Paris, France. Privacy Policy.
  8. With the proper user’s permission Administrator might collect the following data: first name, last name, city of interest, e-mail address, favourite technology, link to your LinkedIn profile & other data that user is not required in order to sign-up.
  9. All the acquired data is shared with our e-mail tool provider – Mailjet SAS, a company registered under the laws of France under number 524 536 992 with the Paris Trade & Companies Register, and having its registered office at 13-13 bis, rue de l’Aubrac 75012 Paris, France. Privacy Policy. The data are processed for the following purposes: sending e-mails, ability to track the statistics of open rate, clickthrough rate, sending campaigns to the specific segments (based on technology, city of living, etc.). Under each e-mail you can find a link to update the data you shared with us or to completely unsubscribe from the mail list. The full list of your rights include: full data access rights, right to restrict processing, right of rectification, right to erasure, right to object to processing, right to withdraw constant, the right to lodge a complaint with a Data Protection Authority (DPA) & data portability rights.

 

Data collected for the backup purposes

  1. Administrator might collect the following data for the backup purposes: first name, last name, e-mail adress, IP adress, the content of the comment left on the Schibsted.pl
  2. Data collected through schibsted.pl website are stored on secured servers of Amazon Web Services – check out the full information.
  3. Administrator is obliged to take the full responsibility to take care of data collection & ensure that they’re used according to the given permissions, it means to recover data lost in case of: random factors, human error, hardware and/or software failure.
  4. By leaving a comment on Schibsted.pl website or any of its subdomains you agree to send the data to Disqus, a subsidiary of Zeta Interactive Corp., 185 Madison Avenue5th Floor, New York, NY 10016, United States. Privacy Policy/Privacy Shield. In order to leave a comment User have to sign up for the Disqus service & accept its Privacy Policy. After registering the following data might be shared with Disqus use the comment section on Schibsted.pl website: the full content of the comment, including all information shared inside, e-mail address, IP address, Disqus Cookies ID.

Data acquired for analytics purposes

It’s important to us that you get what you want out of Schibsted’s sites and products.

We run different types of user testing on all our products before we release them, but this can only tell us so much. The true test is how people in real life react to what we do, and we can only know that by looking at data.

One of the ways we decide that we need to make improvements is by looking at how people use our sites. This means we look at which buttons and links are most clicked on, how long people spend reading a certain page, how many people scroll all the way to the bottom of a page or article, and so on. If it looks like no one is interested in certain parts of our sites, we look at what we can do to make it better.

How we use the data

Schibsted sites use a range of data types in different ways to make our sites and content more interesting and relevant for you. The most important point to note about the way we use data is that we look for patterns in large groups of users; we don’t need to look at data belonging to any one individual person.

Here are some of the ways we use the different data we collect:

Personal profile data

Depending on how much you tell us about yourself, we make predictions about what sort of advertising might be useful and interesting for you, and what kind of content you might want to see first. If you don’t tell us your age or gender, for example, our algorithms try to guess which general group you belong to based on other people’s similar browsing habits.

Browsing patterns

When we see patterns in the types of articles, links and other content that large groups of our users click on and spend time looking at, we get a better idea of what people in a certain age-group, location or gender enjoy and we try to make sure they get more of it.

Device type

We design and build our sites and services with different browsers and devices in mind. When we know which device you’re using – like your mobile phone, a tablet or iPad, or your laptop, for example – we can make sure you get the version of our site that looks best and is easiest to use on that device.

Cookies

Cookie is not the delicious, crunchy kind. When we talk about internet cookies, we mean small text files that are saved on your computer or device, via your browser, when you visit a website. The information in a cookie tells the website things like:

  • whether you’ve visited before
  • if you have an account that you chose to stay logged in to
  • if you have items in a shopping cart
  • ads you saw, pages you visited or buttons you clicked on
  1. We use cookies on all domains & subdomains of schibsted.pl. Those are small text files sent by our server and stored by your browser on your device. When your browser connects again with our website, we can track the type of the device you’re using, enabling faster & more convenient browsing of the website.
  2. The collected, non-personally identifiable data might include: IP address, browser name/version, language, type of operating system, ISP, data & time, localization & the data sent us via contact form.
  3. We collect this data to analyze in which way our Users are browsing the website & improve the user experience, navigation, etc. In order to track this data we use Google Analytics which is tracking your behavior on our website. We can’t identify you – all those mentioned data are combined to display an interactive report. Check Google’s Privacy Policy for more information.
  4. On Schibsted.pl we use the following type of cookies:
    • necessary type of cookies – enabling the core functionality of the webiste – used for people with access to administration panel.
    • security cookies – to prevent data breaches
    • performance cookies – collecting data about your browsing on Schibsted.pl
  5. As a User you have a full rights to disable collecting cookies using settings in your browser. You can also delete the ones you’ve already collected. Check out the instruction here.

Final provisions

  1. Administrator has rights to share User personal data to authorites, based on the applicable law, including the data of your requests to erase all the information about you.
  2. If you would like to receive additional information about the data we’ve collected about you and/or exercise your rights, please write us an e-mail to privacy@schibsted.pl
  3. Administrator has 30 days to process your request, however we will do our best to quickly share with you all the information you need.
  4. From time to time, we might change this Privacy Policy. At the top you can always find the last date of update, first time you visit the Schibsted.pl website after our Privacy Policy has changed, you will receive a notifying pop-up.
  5. If you are resident in the European Union and you are dissatisfied with how we have managed a complaint you have submitted to us, you are entitled to contact your local data protection supervisory authority. As Schibsted Tech Polska operates in Poland, it operates under the remit of the Polish Office of the Data Protection Commissioner (see: GIODO Website)