Privacy Policy

by aqua September 07, 2022 No comments

Privacy Policy

This Privacy Policy explains our policies and procedures to retain, process or manage the personal data of our users utilized in order to provide all our digital services for connecting employers with job seekers through our web-based platform, Aquanetwork (hereinafter, “App”), offered by GLOBAL INTEGRATED SOLUTIONS CHILE SpA. Employers utilize our App to post open positions they wish to fill, while job seekers browse job opportunities and submit their applications.

One of our main concerns is to protect the privacy of our users and, therefore, our Privacy Policy, adapted to the highest current standard (General Data Protection Regulation (RGPD) 2016/679 of the European Union). The following link provides more information on the GDPR: https://europa.eu/youreurope/business/dealing-with-customers/data-protection/data-protection-gdpr/index_en.htm.

Your privacy is extremely important to us and if you have any questions about the content of this policy document, please contact us at contact@aquanetwork.com.

This Privacy Policy does not cover any third party software intended for applications that integrate with our App offered by GLOBAL INTEGRATED SOLUTIONS CHILE SpA (referred to as “Third Party Services”), nor does it apply to any other external product, website, service or entity. In addition, there is a separate agreement, Terms and Conditions, that governs the provision, access and use of the App.

Responsible

The company responsible for the App and the processing of personal data included in the use of the App, is GLOBAL INTEGRATED SOLUTIONS CHILE SpA (hereinafter, “Company”, “We”, “we”, “Our”, “our”, “responsible”), with address at Agustinas 815 , Department 906, commune of Santiago, Santiago de Chile. You can contact the Company via the email address contact@aquanetwork.com.

The natural or legal persons entity that signed the Terms and Conditions (such as you as an employer or organization or individual) and accepted it has control over the services provided by us through the App.

The Company, as the person responsible for and provider of the App, uses some personal data to proceed with the registration, access and use of the App. Personal data is any information related to an identified or identifiable person (hereinafter, “interested party”, “you”, “user” or “your”). The interested party can be a natural or legal person, as appropriate, who for any reason accesses and/or uses our App.

Data collected

Our App uses personal identification and contact data, such as name, surname, unique national number, address, telephone number, internet protocol address, password and email address, which will be incorporated into virtual servers owned by DigitalOcean, LLC. In addition, personal data includes the details that you provide about your preferences, geographic location and areas of interest expressed during the use of the App.

Purpose of processing your personal data

When you visit our App and use it as a user or visitor, your consent is necessary in alignment with the terms outlined in our Cookie Policy.

During the process of accessing, registering, and using or navigating the app (whether you are a registered user or not), the personal data collected will be processed in accordance with the purposes indicated below:

A. Registration on our App: To register and use our App, you must fill out a “registration form” with personal data that is collected in order to provide all our digital services for connecting employers with job seekers through our App in the most efficient way, your consent being the basis of legitimacy of this treatment. The data collected in the registry is the following: contact information, profile photo (optional), account username, email address, name and surname, postal address, unique national number, user ID, occupation, telephone number (including mobile phone number), password, as well as other profile data and the creation of your CV, among which are some sensitive data, which you can grant or not. The purposes of the collection and storage of personal data indicated are:

    1. Maintain, provide and improve the commercial service contracted by the user.
    2. Allow the user to manage the use of the App.
    3. Personalize the user experience and adapt it to her needs.
    4. Guarantee the proper functioning and security of the App.
    5. Use email service providers to send emails on our behalf informing of essential circumstances for the proper management of the service.
    6. Customer service.
    7. Statistics.
    8. Compliance and Fraud Prevention.

You can update or modify your profile information and contact information at any time, except for the information of the company representative when you act as an employer or organization who contracts our service. Profile information is not publicly available in the App.

B. Contact form: through our “contact form” you can send us any questions or comments regarding our Company and services. The form allows the collection of personal data such as name and surname, email address, telephone and mobile phone number, as well as any other information voluntarily provided. That is why we will only treat the information necessary to respond to your query and provide the best possible service.

C. Use of the service: For the provision and use of contracted services, personal data of the user necessary for logging into the App will be processed. During the session, we may collect some information about your user experience, which will be processed in order to offer service improvements, profile preferences, and provide the most suitable functionalities available to users. In the use of the App, circumstances may arise that require customer service, technical support, training, during which we will collect personal data solely for the purpose of resolving incidents for our users. We will also send notifications, reminders, and alerts, as well as information about your account or changes in the App, necessary for the proper functioning and correct use of the App.

D. Management of selection and interviews of candidates: In order to progress in a selection process to which you are applying, we will process the data provided in the registration form and your CV, and we will make available to the recruiting employers those profiles that align best with the job’s requirements. If progress is made in this process, you could be invited for a job interview by the recruiting company. You should be aware that this interview could be recorded by the company in charge of the selection process. Therefore, we suggest that you clarify whether the job interview would be recorded or not before attending it. In addition, we encourage both candidates and recruiting companies to obtain the express authorization of the both parties (i.e. job seekers and recruiting companies). Finally, our App does not keep or have any connection with any recording made by a recruiting company or employer.

E. Payments for services: Our App offers paid services, so we work with a secure payment gateway provided by PayPal Pte. Ltd. and Webpay Plus, who will use payment data solely and exclusively to complete the payment transaction selected by our users. Payment can also be made through a direct bank transfer operation, for which the ordinary billing data of the user will be used. Once the payment is completed, a notification about its successful completion is generated through an email service provider, for purely informational purposes.

F. Email communication: we use your email address in order to deliver information about your account and information related to purchased services and products; to deliver the purchased product or service requested or subscribed; to send alerts on requested or recommended jobs, as well as reminders and information related to your account and applications. Occasionally, we may send news content through our newsletter to those users who have consented, which may include educational information about the App, promotional material related to it, and updates, among other related content. You can request at any time to unsubscribe from these communications by sending us your request to be removed from the distribution list at contact@aquanetwork.com.

G. Content generated or provided by a User: our App makes available to its registered users a forum, chat or blog that allows them to share opinions and experiences. Comments and data contained therein such as: interests, demographics, achievements, job goals, professional or educational degree or certification, job preferences (for example, type of job and salary), posted questions or answers, photos, messages can be used by the App for the sole purpose of collecting information that allows us to improve the service. Likewise, the App may monitor the content generated by users to ensure that it complies with our Privacy Policy and the Terms and Conditions.

H. Contact a User by phone or instant messaging: we use your phone number to deliver information about your account, services or products, job offers, interview reminders or events, among others. If you do not wish to receive further phone calls or instant messaging, all you have to do is email us at contact@aquanetwork.com.

    • The personal data that we collect from our users who visit our App are treated on the legal basis of giving their consent through the acceptance of the Cookies Policy.
    • The personal data we collect from users who use our App is processed on the legal basis of freely given, specific, informed, and unequivocal consent, obtained through the completion of the registration form and through the express prior acceptance of our Terms and Conditions and Privacy Policy.
    • The personal data we collect from users who use our App is processed based on the execution of a contract between you and the Company when we treat your data for the provision of the contracted services in accordance with the Terms and Conditions.
    • In cases where the existence of a legal obligation requires us to process personal data in accordance with the terms outlined in the law.
    • We inform you that we use data in order to satisfy the legitimate interest of the Company in sending commercial communications for marketing purposes and analyzing user behavior in the App to optimize its functioning and offer services to improve the user experience, without jeopardizing the fundamental rights or freedoms of the data subject.
    • If the interested party does not provide the Company with their data or does so incorrectly or incompletely, it will not be possible to proceed with the use of the App.

Minors

In order to register the user, use the App, or carry out any other lawful processing of personal data, the interested party must be at least of legal age, or according to the legal age applicable in each territory. Individuals under the legal age, or as determined by the legal age applicable in each territory, may only use the App with legal authorization or legal consent signed by parents or legal guardians. The Company does not knowingly collect or request personal information from individuals under the age of 18 or the minimum age as per local laws. If you believe we may have information related to a minor, please contact the Company at contact@aquanetwork.com.

Retention period for personal data

We will retain documents and process the personal data contained in them on our servers for the time necessary to fulfill the purpose stated in each of them, provided that the user does not exercise their right to deletion.

Once the purpose of the processing is fulfilled, and without prejudice to legal regulations to the contrary, the Company will proceed to delete the stored personal data, unless there is a legal or contractual obligation that requires their retention for the exercise and defense of judicial and/or administrative actions and claims. The collection, storage, modification, structuring, and, if necessary, deletion of data provided by data subjects constitute processing operations carried out by the Company, with the aim of ensuring the proper functioning of the App, content development, and the management, administration, information, provision, and improvement of the service.

Data recipients

The Company may grant access or transmit the personal data provided by the user to third-party service providers with whom it has entered into data processing agreements, and who only access such information to provide a service on behalf of and on behalf of the Data Controller. These third parties have signed confidentiality agreements with the controller, committing to maintain the confidentiality and security of the personal data to which they have access, in compliance with the provisions of the GDPR.

    • Accounting Advisory: for the proper accounting maintenance of the Company.
    • IT Advisory: for software development and maintenance of digital resources.
    • Hosting of architecture and Virtual Private Cloud (VPC) service provider to host all the software and data necessary to run the App.
    • Email service provider: to send emails to users from an application running on a virtual machine (VM) instance of Compute Engine.
    • Payment service provider.

If you would like more information about these third parties, please contact us at contact@aquanetwork.com. If you do not agree with any of the sub-processors from which we cannot reasonably separate our services, the only solution will be to cancel your subscription to the service that we cannot reasonably provide without a new sub-processor. This cancellation of service will be without the right to a refund of payments made for subsequent periods.

Transfer of personal data

In compliance with the regulations established by the GDPR regarding international data transfers, we inform you that due to the use of service providers who process personal data of our users, the following international data transfers are carried out:

    • DigitalOcean LLC, located at 101 6th Ave, New York, NY 10013, United States, for cloud information storage. In contracting with this provider, the corresponding Standard Contractual Clauses for Module Two, approved by the European Commission, have been signed, as established in the following link: https://www.digitalocean.com/legal/data-processing-agreement DPA.

The Company will ensure that international data transfers are carried out in accordance with the current personal data protection regulations. As a security measure, in the event that the Company shares personal data with its business partners, such as IP addresses, geographic location, or general user information, it will always do so through aggregated and anonymized data. Due to the non-identifiable nature of this data given its anonymous character, its processing falls outside the scope of personal data protection regulations.

Security

Technical and organizational precautions

In order to comply with the principles of data security, integrity, and confidentiality in accordance with the GDPR, the Company has implemented the following reasonable and necessary technical and organizational precautions to ensure the security of the personal data collected and to prevent tampering, loss, unauthorized access, or fraudulent use of the registered user’s personal information in the App:

    • Measures to ensure the physical security of locations where personal data is processed: The Company’s offices are located in non-recognizable buildings that are physically monitored and managed 24 hours a day to protect data, prevent unauthorized access, and mitigate environmental threats. CCTV cameras are used to monitor physical access to the offices. Cameras are placed to monitor perimeter doors, entrances and exits, reception areas, external areas such as parking lots, and other areas of the buildings.
    • Provision of access: To minimize the risk of data exposure, the Company follows the principle of least privilege through a system access control model. Company staff is authorized to access the user’s personal data according to their job function, position, and responsibilities, and such access requires approval. Access rights to non-time-based production environments are reviewed at least semi-annually. An employee’s access to the personal data of our users is immediately revoked upon the termination of their employment. To access the production environment, an authorized employee must have a unique username and password. Before a Company employee gains access to the production environment, management must approve such access.
    • Password Control: The current password management policy for employees in the Company focuses on the use of longer passwords, including special characters, and requires frequent password changes.
    • User data backup: The Company regularly backs up information provided by users, which is hosted on the infrastructure of data centers of DigitalOcean, LLC.
    • Protection against computer viruses: The Company protects its computers with antivirus software and firewalls.
    • Email Protection: The Company uses email services that have security features to protect emails from spam, phishing, and malware.

Confidentiality

The Company has controls in place to maintain the confidentiality of user data in accordance with the Agreement. All employees and contracted staff of the Company are subject to the Company’s internal policies regarding the confidentiality of user data and are contractually obligated to comply with these obligations.

Personnel security

    • Employee background checks: The Company conducts background checks on all new employees at the time of hiring in accordance with applicable local laws. The Company verifies the education and previous employment of a new employee and may conduct reference checks. When permitted by applicable law, the Company may also conduct criminal, credit, immigration, and security checks, depending on the nature and scope of a new employee’s role.
    • Employee training: At least once a year, Company employees must complete security and privacy training covering security policies, security best practices, and the Company’s privacy principles.

Virtual private server

DigitalOcean, LLC: The Company’s servers are hosted by DigitalOcean LLC in the United States of America and are protected by DigitalOcean, LLC’s environmental and security controls. The production environment within DigitalOcean, LLC where the Company’s services and user data segment services are hosted is logically isolated on a virtual private server. User data stored on DigitalOcean, LLC is encrypted at all times. DigitalOcean, LLC does not have access to unencrypted user data. More information about the security of DigitalOcean, LLC is available at https://www.digitalocean.com/legal/data-processing-agreement.

User rights

As the data subject of personal data protection rights, you have the following rights:

A. Access: You have the right to contact the Company to find out if your personal data is being processed and to obtain information about the purposes, data being processed, third parties to whom the data is communicated, retention period, origin, the existence of automated decisions including profiling, the existence of international transfers, and to obtain a copy of the personal data being processed. We may charge a small fee unless it is a second copy.

B. Rectification: You have the right to obtain the correction of inaccurate or incomplete personal data, clearly indicating the data and the correction in the request, and providing supporting documents as appropriate.

C. Opposition: You have the right to object to the Company processing your personal data.

D. Deletion: This right allows you to request that the Company delete your personal data from the databases that contain them. It can be exercised once personal data has been used for the purposes for which it was collected, if consent is withdrawn, if the right to object has been exercised, and for compliance with a legal obligation. The App user acknowledges and accepts that in the event of a request to block or delete their personal data: (i) such requests will not affect data processing carried out prior to the user’s request, which will remain valid and lawful.

E. Restriction of data processing: This right is exercised when challenging data processing or in the case of previous objection to data processing. It also involves preventing deletion and requesting data retention in the event of exercising or defending claims.

F. Data portability: The data subject has the right to receive their personal data that concerns them in a structured, commonly used, and machine-readable format and to request our Company to transfer the data to another data controller/recipient if it is technically feasible and not prevented by the designated recipient.

If the data subject wishes to exercise any of their rights, please send your request to GLOBAL INTEGRATED SOLUTIONS CHILE SPA through our email address: contact@aquanetwork.com, and it will be responded to within a maximum period of one month, as established by the international GDPR regulation. To process your request, it must contain a clear and precise description of the right being exercised, the data subject’s personal data, and a copy of their identity document or that of the legal representative or proxy of the data subject, subject to accreditation of representation or proxy, if requested by the Company. You also have the right to file a complaint with the competent authority for the protection of personal data.

Changes to the privacy policy

The Company reserves the right to modify the terms of this Privacy Policy at any time, in which case the updated policy will be published in the App. In any case, the Company will send a communication to your registered email address to inform you of the change in the Privacy Policy. This privacy policy was last updated on September 22, 2023 (the “Effective Date”).

en_USEnglish