Recruitment Privacy Notice

1. General provisions

  • We put a strong emphasis on protecting personal data. This recruitment privacy notice (hereinafter referred to as "Privacy Notice") provides you with the necessary information on how OAK’S LAB s.r.o., Identification Company No. 052 18 390, with its registered seat at Staroměstské náměstí 604/14, 110 00 Prague 1, Czech Republic (hereinafter referred to as “OAK'S LAB”, “we”, “our”, “us”) as a controller of the candidate personal data, receives, stores and further processes your personal data and how we protect such personal data.
  • This Privacy Notice only applies to the personal data of job applicants and potential candidates for employment or partnership. This personal data is submitted directly to the OAK'S LAB website through the online application process located in the careers tab and follow-up communications and/or through alternative channels (e.g., via professional recruiting firms and portals). This Privacy Notice does not apply to our employees, contractors or clients, or to other personal data that we collect for other purposes.
  • Personal data is any information relating to an identified or identifiable person, therefore you, as our candidate, who is a natural person (hereinafter referred to as “you”).
  • This Privacy Notice explains and informs you about (i) how we collect and process your personal data (ii) your rights, and how you can exercise them.
  • We will process your personal data in accordance with this Privacy Notice, unless such processing conflicts with the requirements of applicable law, in which case, the applicable law will prevail.

2. Controller of personal data

  • Under the laws of GDPR, we are the controller of your personal data.
  • You may reach us on our email, our telephone number +420 777 749 649 or on our address Old Town Square 14, Prague 110 00, Czech Republic (hereinafter referred to as “Contact Details”).
  • We are not obliged by law to designate a data protection officer in accordance with Sec. 37 of the GDPR.

3. Terms and definitions

  • Personal Data – means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, date of birth, location data, email;
  • Processing of Personal Data – means any operation or set of operations which is performed on your personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of the processing of personal data; where the purposes and means of such processing is determined by the Union or Member State law, the controller or the specific criteria for its nomination may be provided for by the Union or Member State law; for means of this Privacy Notice it is OAK'S LAB;
  • Processor – means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
  • Purpose – is the reason why the controller is processing your personal data;
  • Legitimate Interest – processing is necessary for the purposes of the controller, processor or other entity except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data;
  • Recipient – the person that receives the personal data;
  • Third Party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
  • Consent – a freely given, specific, informed, and unambiguous indication of your wishes by which you, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to you.

4. Categories of personal data processed by us and how we collect it

  • Information you provide us with. We usually collect personal data directly from you when you apply for a role with us through our website. This includes personal data such as your name, contact information, CV, data on gained training, work and educational history, achievements, portfolio, or LinkedIn information.
  • Third-party recruitment portals. We may use third-party recruitment websites and publicly available sources to collect similar information about you in order to offer you a position at our company directly by reaching out to you. For example, we may find your profile on professional social media websites (such as LinkedIn), and contact you about suitable roles.

5. Processing and use of personal data

  • We collect and process your personal data as a prospective candidate based on legitimate interest or legal obligation. This means that we will only process and use your personal data for the following purposes:
  1. Identifying and evaluating candidates for potential employment or collaboration, as well as for future roles that may become available;
  2. Maintaining records in relation to recruiting and hiring;
  3. Ensuring compliance with legal requirements;
  4. Fostering our diversity and inclusion programs and practices;
  5. Protecting our legal rights to the extent authorized or permitted by law.
  • We collect and process your personal data as a prospective candidate based on legitimate interest or legal obligation. This means that we will only process and use your personal data for the following purposes:

6. Where we store personal data, and period of time of processing personal data

  • Typically we store candidate personal data in the following online databases depending on how we initiated the recruitment process:
  • Internal communication platforms (e.g. emails or private messages/channels);
  • Internal candidate database;
  • Or other third-party tools used for recruitment purposes.
  • Your personal information is held in our records until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
  • Additionally, your data may be stored on third-party recruitment portals through which you reached out to us or we reached out to you. In this case, we do not have the capacity to de-identify or destroy any data after we no longer need it for any purpose.

7. Transfer of personal data to third persons and beneficiaries of the personal data

  • We may transfer your collected personal data to third persons to ensure the performance of our obligation, including administration or IT support, organization and storage of the personal data, etc. These subjects are in the position of processors of your personal data.
  • The data that we collect from you may be transferred and stored at, a destination outside of the European Economic Area (EEA). It may be transferred to third parties outside of the EEA for the purpose of recruitment and administrative support. It may also be processed by personnel operating outside of the EEA who work for us or one of our suppliers. This includes personnel engaged in, among other things, our recruitment and administrative support. By submitting your personal data, you agree to this transfer, storing, or processing.
  • Beneficiaries of the collected personal data are in particular the following subjects: Our suppliers of IT systems and applications, who may have in specific cases access to your personal data, including the provider of our cloud services where we store all of our data; and our external providers of legal services that are necessary for the enforcement of our claims and for the protection of our legal entitlements. (hereinafter referred to as “Processors”).‍Our partner companies: OAK’S LAB DIGITAL s.r.o., with its registered office at Staroměstské náměstí 604/14, 110 00 Prague 1, Czech Republic, Identification Company No. 052 183 90;‍OAK’S LAB DIGITAL LLC, with its registered office at 401 Ryland St Ste 200-A, Reno, Nevada, NV 89502, the United States of America, Identification Company No. 84-4552751;‍OAK’S LAB BOOST - Taurus s.r.o., with its registered office at Branická 213/53, 14700 Praha 4, Czech Republic, Identification Company No. 083 30 433; and OAK’S LAB Academy s.r.o., with its registered office at Staroměstské náměstí 604/14, 110 00 Prague 1, Czech Republic, Identification Company No. 068 72 522 (hereinafter referred to as “Partner Companies”). The personal data is shared inside the Partner Companies for the purpose of administrative support and in order to provide you with suitable options if you seek employment or collaboration with us.
  • We provide you with a guarantee that we have concluded a contract on the processing of personal data with the Processors and a contract on personal information sharing within our Partner Companies listed above which ensure the same level of safety for your personal data as those described in this Privacy Notice.
  • We, including the Processors and our Partner Companies, are obliged to keep all the personal data confidential. The exemption is the duty to report your personal data to the designated public authorities and other entities who are entitled to request the personal data by law (i.e. Police of the Czech Republic, etc.).

8. Security of your personal data

  • We have introduced to our system necessary technical and organizational measures of internal control and processes of the safety of the information that is in compliance with best practices corresponding to the potential risk to you. At the same time, we take into consideration the perspective of future technological progress in order to protect your personal data from unauthorized disclosure, access, or loss. These measures include but are not limited to, personnel’s data protection training, regular backups of data, data recovery procedures, a mechanism of responsibility for an infringement of protected data, software and hardware protection, and two-factor authorization logins to access data, where applicable.

9. Your rights as a subject of personal data

  • If you exercise your right in accordance with this Sec. 9 of the Privacy Notice or in accordance with other applicable legal provision, we will inform every Processor who is processing such data, if such communication to the Processor is possible and/or does not require unreasonable effort about the adopted measure of your personal data.
  • If you wish to exercise your rights or to receive the relevant information, contact us via one of our Contact Details. When you contact us, we have to ask you to provide us with your identification information or other personal data, which you have provided us earlier. The provision of such information is necessary for the verification that it is you who has actually sent us such a request. We will provide you with an answer no later than (20) twenty business days after receiving such a request, whereby we retain the right to extend the length of response by (40) forty business days.
  • Your Rights. In accordance with the applicable law, you may require access to your personal data, which we, as a controller of personal data, process. You may also exercise your right for rectification, erasure or transferability, right to lodge a complaint, and right to require the restriction of the processing. At any time you may withdraw your consent for us to process your personal data.
  • Rectification of your Personal Data. In accordance with GDPR, you have the right for the rectification of the personal data that you share with us. If you have a request for rectification of your personal data, you may contact us with a request via one of our Contact Details. We accept measures to ensure that you have your personal data up-to-date and correct. Anytime you may contact us with a request if we still process your personal data.
  • Erasure of your Personal Data. Anytime you may provide us with a request to erase your personal data. After you contact us with such a request we will erase all your personal data from our databases without undue delay, unless we process some of your personal data for the purpose of performance of the contract, because of our legal obligation, or if it is in our legitimate interest. Further, we, as well as all the Processors, will erase your personal data if you withdraw your consent to process personal data or if the law requires it.
  • Withdrawing the Consent to Processing your Personal Data. Anytime you may withdraw consent for us to process your personal data that you granted us. If you want to withdraw your consent let us know via one of our Contact Details and we will erase your personal data in accordance with the Sec. 8.5 of this Privacy Notice. Please take into account that the withdrawal of the consent does not affect the lawfulness of the previous processing on the basis of the given consent.
  • Access and Transferability of your Personal Data. You have the right to receive the personal data you have provided to us. If you require, we can transfer all or only part of your personal data (processed on the basis of the contract or consent) directly to a third person (other controller of personal data), whom you mention in your request for the transfer of the personal data, if such request will not have a negative effect on the rights and freedom of other persons and will be technically feasible.
  • Restriction of Processing. If you request us to restrict the processing of your personal data, especially in cases when you doubt the accuracy, lawfulness, or our need to process your personal data, we will restrict the processing of your personal data to the necessary minimum (processing for assessment, enforcement or defense of our legal claims or because of the protection of the right of another natural or legal person). However, if the restriction of the processing is canceled and we will continue processing your personal data, we will give you a notice about this without undue delay.
  • A Complaint at the Office for Personal Data Protection. You have the right to lodge a complaint regarding our processing of personal data at the Office for personal data protection (in Czech “Úřad pro ochranu osobních údajů”), with its registered office at Pplk. Sochora 27, 170 00 Prague 7.

10. Privacy notice updates

  • We reserve the right to change or modify this Privacy Notice at any time without prior notice. Any changes to this Privacy Notice are effective after the revised version of this Privacy Notice is made publicly available on our website Please check the latest information posted herein to inform yourself of any changes.