Your privacy is extremely important to us and if you have any questions about the content of this policy document, please contact us at email@example.com.
The company responsible for the App and the processing of personal data included in the use of the App, is GLOBAL INTEGRATED SOLUTIONS CHILE SpA (hereinafter, “Company”, “We”, “we”, “Our”, “our”, “responsible”), with address at Agustinas 815 , Department 906, commune of Santiago, Santiago de Chile. You can contact the Company via the email address firstname.lastname@example.org.
The natural or legal persons entity that signed the Terms and Conditions (such as you as an employer or organization or individual) and accepted it has control over the services provided by us through the App.
The Company, as the person responsible for and provider of the App, uses some personal data to proceed with the registration, access and use of the App. Personal data is any information related to an identified or identifiable person (hereinafter, “interested party”, “you”, “user” or “your”). The interested party can be a natural or legal person, as appropriate, who for any reason accesses and/or uses our App.
Our App uses personal identification and contact data, such as name, surname, unique national number, address, telephone number, internet protocol address, password and email address, which will be incorporated into virtual servers owned by DigitalOcean, LLC. In addition, personal data includes the details that you provide about your preferences, geographic location and areas of interest expressed during the use of the App.
During the process of accessing, registering, and using or navigating the app (whether you are a registered user or not), the personal data collected will be processed in accordance with the purposes indicated below:
A. Registration on our App: To register and use our App, you must fill out a “registration form” with personal data that is collected in order to provide all our digital services for connecting employers with job seekers through our App in the most efficient way, your consent being the basis of legitimacy of this treatment. The data collected in the registry is the following: contact information, profile photo (optional), account username, email address, name and surname, postal address, unique national number, user ID, occupation, telephone number (including mobile phone number), password, as well as other profile data and the creation of your CV, among which are some sensitive data, which you can grant or not. The purposes of the collection and storage of personal data indicated are:
- Maintain, provide and improve the commercial service contracted by the user.
- Allow the user to manage the use of the App.
- Personalize the user experience and adapt it to her needs.
- Guarantee the proper functioning and security of the App.
- Use email service providers to send emails on our behalf informing of essential circumstances for the proper management of the service.
- Customer service.
- Compliance and Fraud Prevention.
You can update or modify your profile information and contact information at any time, except for the information of the company representative when you act as an employer or organization who contracts our service. Profile information is not publicly available in the App.
B. Contact form: through our “contact form” you can send us any questions or comments regarding our Company and services. The form allows the collection of personal data such as name and surname, email address, telephone and mobile phone number, as well as any other information voluntarily provided. That is why we will only treat the information necessary to respond to your query and provide the best possible service.
C. Use of the service: For the provision and use of contracted services, personal data of the user necessary for logging into the App will be processed. During the session, we may collect some information about your user experience, which will be processed in order to offer service improvements, profile preferences, and provide the most suitable functionalities available to users. In the use of the App, circumstances may arise that require customer service, technical support, training, during which we will collect personal data solely for the purpose of resolving incidents for our users. We will also send notifications, reminders, and alerts, as well as information about your account or changes in the App, necessary for the proper functioning and correct use of the App.
D. Management of selection and interviews of candidates: In order to progress in a selection process to which you are applying, we will process the data provided in the registration form and your CV, and we will make available to the recruiting employers those profiles that align best with the job’s requirements. If progress is made in this process, you could be invited for a job interview by the recruiting company. You should be aware that this interview could be recorded by the company in charge of the selection process. Therefore, we suggest that you clarify whether the job interview would be recorded or not before attending it. In addition, we encourage both candidates and recruiting companies to obtain the express authorization of the both parties (i.e. job seekers and recruiting companies). Finally, our App does not keep or have any connection with any recording made by a recruiting company or employer.
E. Payments for services: Our App offers paid services, so we work with a secure payment gateway provided by PayPal Pte. Ltd. and Webpay Plus, who will use payment data solely and exclusively to complete the payment transaction selected by our users. Payment can also be made through a direct bank transfer operation, for which the ordinary billing data of the user will be used. Once the payment is completed, a notification about its successful completion is generated through an email service provider, for purely informational purposes.
F. Email communication: we use your email address in order to deliver information about your account and information related to purchased services and products; to deliver the purchased product or service requested or subscribed; to send alerts on requested or recommended jobs, as well as reminders and information related to your account and applications. Occasionally, we may send news content through our newsletter to those users who have consented, which may include educational information about the App, promotional material related to it, and updates, among other related content. You can request at any time to unsubscribe from these communications by sending us your request to be removed from the distribution list at email@example.com.
H. Contact a User by phone or instant messaging: we use your phone number to deliver information about your account, services or products, job offers, interview reminders or events, among others. If you do not wish to receive further phone calls or instant messaging, all you have to do is email us at firstname.lastname@example.org.
- The personal data that we collect from our users who visit our App are treated on the legal basis of giving their consent through the acceptance of the Cookies Policy.
- The personal data we collect from users who use our App is processed based on the execution of a contract between you and the Company when we treat your data for the provision of the contracted services in accordance with the Terms and Conditions.
- In cases where the existence of a legal obligation requires us to process personal data in accordance with the terms outlined in the law.
- We inform you that we use data in order to satisfy the legitimate interest of the Company in sending commercial communications for marketing purposes and analyzing user behavior in the App to optimize its functioning and offer services to improve the user experience, without jeopardizing the fundamental rights or freedoms of the data subject.
- If the interested party does not provide the Company with their data or does so incorrectly or incompletely, it will not be possible to proceed with the use of the App.
In order to register the user, use the App, or carry out any other lawful processing of personal data, the interested party must be at least of legal age, or according to the legal age applicable in each territory. Individuals under the legal age, or as determined by the legal age applicable in each territory, may only use the App with legal authorization or legal consent signed by parents or legal guardians. The Company does not knowingly collect or request personal information from individuals under the age of 18 or the minimum age as per local laws. If you believe we may have information related to a minor, please contact the Company at email@example.com.
We will retain documents and process the personal data contained in them on our servers for the time necessary to fulfill the purpose stated in each of them, provided that the user does not exercise their right to deletion.
Once the purpose of the processing is fulfilled, and without prejudice to legal regulations to the contrary, the Company will proceed to delete the stored personal data, unless there is a legal or contractual obligation that requires their retention for the exercise and defense of judicial and/or administrative actions and claims. The collection, storage, modification, structuring, and, if necessary, deletion of data provided by data subjects constitute processing operations carried out by the Company, with the aim of ensuring the proper functioning of the App, content development, and the management, administration, information, provision, and improvement of the service.
The Company may grant access or transmit the personal data provided by the user to third-party service providers with whom it has entered into data processing agreements, and who only access such information to provide a service on behalf of and on behalf of the Data Controller. These third parties have signed confidentiality agreements with the controller, committing to maintain the confidentiality and security of the personal data to which they have access, in compliance with the provisions of the GDPR.
- Accounting Advisory: for the proper accounting maintenance of the Company.
- IT Advisory: for software development and maintenance of digital resources.
- Hosting of architecture and Virtual Private Cloud (VPC) service provider to host all the software and data necessary to run the App.
- Email service provider: to send emails to users from an application running on a virtual machine (VM) instance of Compute Engine.
- Payment service provider.
If you would like more information about these third parties, please contact us at firstname.lastname@example.org. If you do not agree with any of the sub-processors from which we cannot reasonably separate our services, the only solution will be to cancel your subscription to the service that we cannot reasonably provide without a new sub-processor. This cancellation of service will be without the right to a refund of payments made for subsequent periods.
In compliance with the regulations established by the GDPR regarding international data transfers, we inform you that due to the use of service providers who process personal data of our users, the following international data transfers are carried out:
- DigitalOcean LLC, located at 101 6th Ave, New York, NY 10013, United States, for cloud information storage. In contracting with this provider, the corresponding Standard Contractual Clauses for Module Two, approved by the European Commission, have been signed, as established in the following link: https://www.digitalocean.com/legal/data-processing-agreement DPA.
The Company will ensure that international data transfers are carried out in accordance with the current personal data protection regulations. As a security measure, in the event that the Company shares personal data with its business partners, such as IP addresses, geographic location, or general user information, it will always do so through aggregated and anonymized data. Due to the non-identifiable nature of this data given its anonymous character, its processing falls outside the scope of personal data protection regulations.
Technical and organizational precautions
In order to comply with the principles of data security, integrity, and confidentiality in accordance with the GDPR, the Company has implemented the following reasonable and necessary technical and organizational precautions to ensure the security of the personal data collected and to prevent tampering, loss, unauthorized access, or fraudulent use of the registered user’s personal information in the App:
- Measures to ensure the physical security of locations where personal data is processed: The Company’s offices are located in non-recognizable buildings that are physically monitored and managed 24 hours a day to protect data, prevent unauthorized access, and mitigate environmental threats. CCTV cameras are used to monitor physical access to the offices. Cameras are placed to monitor perimeter doors, entrances and exits, reception areas, external areas such as parking lots, and other areas of the buildings.
- Provision of access: To minimize the risk of data exposure, the Company follows the principle of least privilege through a system access control model. Company staff is authorized to access the user’s personal data according to their job function, position, and responsibilities, and such access requires approval. Access rights to non-time-based production environments are reviewed at least semi-annually. An employee’s access to the personal data of our users is immediately revoked upon the termination of their employment. To access the production environment, an authorized employee must have a unique username and password. Before a Company employee gains access to the production environment, management must approve such access.
- Password Control: The current password management policy for employees in the Company focuses on the use of longer passwords, including special characters, and requires frequent password changes.
- User data backup: The Company regularly backs up information provided by users, which is hosted on the infrastructure of data centers of DigitalOcean, LLC.
- Protection against computer viruses: The Company protects its computers with antivirus software and firewalls.
- Email Protection: The Company uses email services that have security features to protect emails from spam, phishing, and malware.
The Company has controls in place to maintain the confidentiality of user data in accordance with the Agreement. All employees and contracted staff of the Company are subject to the Company’s internal policies regarding the confidentiality of user data and are contractually obligated to comply with these obligations.
- Employee background checks: The Company conducts background checks on all new employees at the time of hiring in accordance with applicable local laws. The Company verifies the education and previous employment of a new employee and may conduct reference checks. When permitted by applicable law, the Company may also conduct criminal, credit, immigration, and security checks, depending on the nature and scope of a new employee’s role.
- Employee training: At least once a year, Company employees must complete security and privacy training covering security policies, security best practices, and the Company’s privacy principles.
DigitalOcean, LLC: The Company’s servers are hosted by DigitalOcean LLC in the United States of America and are protected by DigitalOcean, LLC’s environmental and security controls. The production environment within DigitalOcean, LLC where the Company’s services and user data segment services are hosted is logically isolated on a virtual private server. User data stored on DigitalOcean, LLC is encrypted at all times. DigitalOcean, LLC does not have access to unencrypted user data. More information about the security of DigitalOcean, LLC is available at https://www.digitalocean.com/legal/data-processing-agreement.
As the data subject of personal data protection rights, you have the following rights:
A. Access: You have the right to contact the Company to find out if your personal data is being processed and to obtain information about the purposes, data being processed, third parties to whom the data is communicated, retention period, origin, the existence of automated decisions including profiling, the existence of international transfers, and to obtain a copy of the personal data being processed. We may charge a small fee unless it is a second copy.
B. Rectification: You have the right to obtain the correction of inaccurate or incomplete personal data, clearly indicating the data and the correction in the request, and providing supporting documents as appropriate.
C. Opposition: You have the right to object to the Company processing your personal data.
D. Deletion: This right allows you to request that the Company delete your personal data from the databases that contain them. It can be exercised once personal data has been used for the purposes for which it was collected, if consent is withdrawn, if the right to object has been exercised, and for compliance with a legal obligation. The App user acknowledges and accepts that in the event of a request to block or delete their personal data: (i) such requests will not affect data processing carried out prior to the user’s request, which will remain valid and lawful.
E. Restriction of data processing: This right is exercised when challenging data processing or in the case of previous objection to data processing. It also involves preventing deletion and requesting data retention in the event of exercising or defending claims.
F. Data portability: The data subject has the right to receive their personal data that concerns them in a structured, commonly used, and machine-readable format and to request our Company to transfer the data to another data controller/recipient if it is technically feasible and not prevented by the designated recipient.
If the data subject wishes to exercise any of their rights, please send your request to GLOBAL INTEGRATED SOLUTIONS CHILE SPA through our email address: email@example.com, and it will be responded to within a maximum period of one month, as established by the international GDPR regulation. To process your request, it must contain a clear and precise description of the right being exercised, the data subject’s personal data, and a copy of their identity document or that of the legal representative or proxy of the data subject, subject to accreditation of representation or proxy, if requested by the Company. You also have the right to file a complaint with the competent authority for the protection of personal data.