NAKAMA
Privacy Policy in accordance with the General Data Protection Regulation (GDPR)
We at NAKAMA take our obligations in respect of the privacy of personal information very seriously and we will only process personal information as detailed in this policy unless we inform you otherwise. The following Privacy Policy informs you comprehensively about the handling of your personal data and your rights in this context when using our website. The use of our website is generally possible without providing personal data. Any personal data (e.g. name, address or e-mail address) collected on our website is done on a voluntary basis. If you do not want us to process personal data from you, please do not send it to us.
Within the scope of this Privacy Policy we refer to our services for individuals and companies as “services”, the natural persons currently or potentially placed by us as “candidates” and those who entrust us with the search for suitable candidates as “clients.
I. Definitions
The definitions used in our privacy policy correspond to those of Art. 4 GDPR.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by assigning him or her to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
“Processing” means any process performed, with or without the aid of automated procedures, or any such process associated with personal data, such as gathering, collecting, sorting, organizing, storing, adapting or modifying, selecting, retrieving, using, disclosure by transmission, dissemination or other means of provision, matching or linking, restriction, erasure or destruction;
“Restriction of processing” means the marking of personal data stored in order to limit its future processing;
“Controller” means the natural or legal person, public authority, entity or other body which, alone or jointly with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are specified by Union law or the law of the Member States, the controller or the specific criteria of their appointment may be provided for under Union or national law;
“Processor” means a natural or legal person, public authority, entity or other body that processes personal data on behalf of the controller;
“Recipient” means a natural or legal person, public authority, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular request for investigation are not considered to be recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor;
“Consent” of the data subject shall mean any voluntary expression of intent, given in an informed and unambiguous manner, in the form of a statement or other unambiguous confirmatory act, by which the data subject indicates that they agree to the processing of personal data concerning them.
II. Responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
NAKAMA EUROPE LTD.
Claudia Wulf
Ground Floor
71 Lower Baggot Street
Dublin D02 P593
Ireland
Kontakt E-Mail: hello (at) nakamaeurope.com
Website: www.nakamaeurope.com
III. Extent of processing of personal data
Any information that allows for a direct or indirect identification of a natural person, such as a name, identification number, location data or an online identifier, or information about the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, are personal data. In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of our users’ personal data takes place regularly only with the users’ consent (Art. 6 para. 1 lit. a GDPR). An exception applies in cases in which prior consent can not be obtained for real reasons and the processing of the data is permitted by law (e.g. a legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR consists).
The processing of personal data takes place exclusively according to the principles of Art. 5 GDPR. To ensure that the information we hold about you is accurate and up-to-date, we ask that you keep us informed of any changes.
IV. Data collection during visits to our website
1. Log files/ processing of IP addresses
You can visit our site without providing personal information. However, our system temporarily stores your IP address.
In order to provide the site for you, it is necessary that the information of the computer system of the calling computer (server log files) is collected. The data collected are as follows: name of the requested file, your IP address, date and time of the retrieval, amount of data transferred and the requesting provider (access data). The access data are used exclusively for the purpose of delivering the website content. An evaluation of the data for marketing purposes does not take place in this context.
The collection of this data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction basis on part of the user. The legal basis for the temporary storage of data and log files is Art. 6 par. 1 lit. f GDPR.
2. Data transfer to third parties
Your personal data may be passed on to third parties provided you have expressly given your consent, if this is required by law or if third parties process this data as part of the order as described below.
3. Use of cookies
Our website uses technically necessary cookies. Cookies are text files that are stored in the Internet browser or on the Internet browser on your device used to access our website or our services. These cookies contain characteristic strings that allow the browser to be clearly identified when the website is reopened. This allows a more efficient and better use of our services.
You may object to the setting of cookies by changing the settings of your Internet browser and delete already set cookies at any time via your Internet browser or third-party software. Please note, however, that deactivating the setting of cookies may mean you can not make full use of all functions of our website. We use technically necessary cookies. The following data is stored and transmitted in the cookies:
Information about the browser type and version used
The operating system
The user’s IP address of the user
Date and time of access
Websites from which the system reaches our website.
4. E-mail contact
We offer you the possibility to contact us via our e-mail address if you have any questions. The data is processed for the purpose of contacting us according to Art. 6 para. 1 sentence 1 lit. a GDPR based on your voluntarily granted consent. The personal data collected by us for the purpose of contacting you will be automatically deleted after the request has been completed. There is no disclosure of this personal data to third parties. If you contact us as a candidate, please also note our information under Section V. Based on the consent you have given us, we will keep e-mail messages and/ or addresses for future contact. We also retain e-mail addresses as user IDs for the personal profiles of our candidates.
5. Social Media Buttons
a) Twitter Button
On our website the social media button of the service Twitter is used. These buttons (e.g., “Tweet” or “Follow”) are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. If you click on the Twitter button as a user of our website, your browser establishes a direct connection to the servers of Twitter. The content of the Twitter button is transmitted by Twitter directly to the user’s browser. We therefore have no influence on the extent of the data that Twitter collects with the help of this plugin and hereby inform you according to our level of knowledge. After this only the IP address of the user, the URL of the respective website when the button is received, is used but not for purposes other than the presentation of the button. Further information can be found in the privacy policy of Twitter at https://twitter.com/en/privacy.
b) Xing Button
Our website uses a function of the network XING. Provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. If you click on the XING button (plug-in), you will be redirected to our services on XING in a separate browser window and, provided that you are logged into your XING user account, you can follow us on XING. The plug-in establishes a direct connection between your browser and the XING server. XING receives the information that you have visited our website with your IP address. We point out that we have no knowledge of the content of the transmitted (personal) data and their use by XING. Further information can be found in XING’s privacy policy at: https://www.xing.com/app/share?op=data_protection.
c) LinkedIn Button
Our website uses a feature of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States. If you click the LinkedIn button (plug-in), you’ll be redirected to our LinkedIn offer in a separate browser window and, if you’re logged in to your LinkedIn account, you can follow us on LinkedIn. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn receives the information that you have visited our website with your IP address. In addition, LinkedIn will be able to associate your visit to our website – if you are logged in to your LinkedIn account – with you and your user account. We point out that we have no knowledge of the content of the transmitted (personal) data and their use by LinkedIn. For more information, see the LinkedIn privacy statement at: https://www.linkedin.com/legal/privacy-policy.
d) Google reCAPTCHA
We use “Google reCAPTCHA” (hereafter “reCAPTCHA”) on our websites. Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
With reCAPTCHA we want to check if the data entry on our websites (for example in a contact form) is done by a human or by an automated program. For this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (for example, the IP address, the website visitor’s visit time on the website, or user mouse movements). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not advised that an analysis is taking place.
The data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated spying and SPAM.
For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/intro/v3beta.html.
V. Data collection when using our services as a candidate
If you make use of our services as a candidate, we need to process certain information about you. In principle, however, we only collect data that is necessary for the use of our services. NAKAMA EUROPE gives you the opportunity to send your resume (CV), certificates or other presentations (such as Design Portfolio) electronically or via our website. We store your documents in our database (“Hellotalent” of the provider Talentsoft SA, 8 Rue Heyrault, 92100 Boulogne, France with server location in Germany) and you will get an online access to your profile. To ensure that the information we hold about you is accurate and up-to-date, we encourage you to keep us informed of any changes or to update your online profile as needed. As a candidate you assure NAKAMA EUROPE to provide only truthful and complete information, especially regarding your person, education and professional career.
1. Personal data
Personal data that we process from you are:
- Name, address, date of birth, marital status, email and/ or other contact options if available
- Professional background (including information about placements through us), personal qualifications and skills
- Information on special professional knowledge and previous employers
- Details of your salary expectations
- Nationality (passport), visa, work permits or other information about your identity
- Contact details of reference persons
- Personal information about your hobbies, interests and leisure activities
These data are obtained i.a. from the following sources:
- Yourself (for example by sending us your CV, personal contact or by creating a user profile on our website)
- Social professional networks (e.g. XING, LinkedIn, Behance, etc.)
- Online job boards (e.g. Experteer)
- Referees
- Your own professional website (if available)
- Clients
- Other candidates
If we have received your data from third parties, we will inform you at first contact which source this data originates from.
2. Use of your personal information
We assess and test your suitability for potential positions and present you to the respective customer, if applicable. For this purpose, your personal data that you have provided to us or that originates from third-party sources (see v. 1.) will be transmitted electronically to the customer.
3. Consent to the use of personal data
The processing of the personal data voluntarily provided by you to us takes place within the scope of the consent given to us. If you send data and contents to NAKAMA EUROPE as a candidate for your self-presentation, you thereby expressly warrant that we are entitled to use this data for purposes of presentation to our customers, and that such use by NAKAMA EUROPE does not conflict with third-party rights.
You can revoke your consent at any time, distance yourself from our services and demand the deletion of your data.
For the purposes of candidate placement, your personal information may also come from third party sources (such as XING or LinkedIn). We will delete this information as soon as we no longer have any legitimate interest in using it, or you have notified us that you do not wish to use our services. Despite all this, we may retain your personal information in a reduced manner to avoid unwanted repeated contact.
4. Special categories of personal data
Data within the meaning of Article 9 (1) GDPR are generally irrelevant to the provision of our services (for example, religious affiliation or beliefs). Please refrain from transmitting such data to us. We require your express and unambiguous consent for the use of such data. Should it be necessary for the provision of our services in individual cases, we will collect this data from you.
5. Deletion of personal data
Your data will be stored for as long as there is a legitimate interest on our part in the data processing pursuant to Art. 6 para. 1 lit. f GDPR or your consent has been given. We will delete your data as soon as you request a deletion; an informal e-mail to our contact e-mail address is sufficient.
We will delete your data at the latest three years after the last use of our service or the last contact attempt on our part, provided there are no legal retention periods to the contrary (see VII).
6. Disclosure of data to third parties
We use your personal data exclusively for our own, afore mentioned services.
Excluded from this are our service partners, which we need for the technical provision of our services. In this regard, the data protection requirements are met. The scope of data transmission is limited to the minimum permissible extent.
The following service partners are involved in the transaction:
DomainFactory GmbH (Hosting)
Oscar Messter-Str. 33
85737 Ismaning
Managing Director: Dr. med. Claus Boyens, Tobias Mohr
Talentsoft SA (database)
8 Rue Heyrault
92100 Boulogne
Registered in the RCS of Nanterre, France, number 497 941 377
represented by M. Jean-Stéphane Arcis.
VI. Data collection when using our service as a client
In order to provide or prepare the contractual service to you as a client, we process personal data of persons employed in your company such as contact information, name and position as well as preferences for staffing and opinions on the candidates proposed by us. This is done on the basis of a legitimate interest on our part in the data processing pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the contractual execution of our service. For this purpose, we store personal data for the contract period. In addition, we store personal data of your internal contact person even after the end of the contract or if no contract has been concluded for the purpose of renewed contact for the use of our services. We have a legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR, in order to be able to offer our services, unless you expressly declare to us that you will in under no circumstances make use of our services in the future.
VII. Use Google G Suite (Google for work) and Google Cloud
For regular e-mail communication and advanced fulfillment of our services, we use Google G Suite and Google Cloud.
Google G Suite and Google Cloud are offers of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA.
In order to comply with the requirements for security and adequacy arising from the Data Protection Directive of the European Parliament and the Council of the European Union as well as from the EU General Data Protection Regulation (GDPR), we have concluded a “Data Processing Agreement” with Google for Google G Suite and Google Cloud.
For more information about data processing, see the Google Privacy Policy: https://www.google.com/intl/en/policies/privacy/
VIII. Rights of the persons concerned
If you are a data subject within the meaning of Art. 4 No. 1 GDPR,, you are entitled to the processing of your personal data under the GDPR (GDPR), the rights reproduced below. The full legal text of the rights listed below can be found here: https://www.bfdi.bund.de/SharedDocs/Publikationen/Infobroschueren/INFO6.pdf?__blob=publicationFile&v=44.
1. Right to confirmation and information
Under the preconditions of Art. 15 GDPR you have the right to request a confirmation as to whether personal data concerning you are being processed and receive a copy of this information at any time free of charge from the controller for personal data stored.
2. Right to correction
Under the conditions of Art. 16 GDPR, you have the right to demand the immediate correction of incorrect personal data concerning you. In addition, you have the right, under consideration of the purposes of the processing, to demand the completion of incomplete personal data, also by means of a supplementary declaration.
3. Right to be forgotten
Under the preconditions of Art. 17 GDPR, you have the right to demand that the personal data relating to you be deleted without delay, provided that one of the reasons stated in Art. 17 GDPR exists and the processing is not required.
4. Right to restriction of processing
Under the conditions of Art. 18 GDPR you have the right to demand the restriction of the processing of data from us.
5. Right to Data Portability
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data you have provided us in a structured, common and machine-readable format, and you have the right to transfer this data to another person without hindrance provided the further requirements of Article 20 GDPR are met.
6. Right to revoke consent
You have the right to withdraw your consent of the processing of personal data at any time with future effect. Please address the revocation to the contact data indicated above.
7. Automated decisions on a case-by-case basis, including profiling
You have the right not to be subjected solely to automated processing – including profiling – that has legal effects on you or similarly adversely affects you.
8. Right to object
Under the conditions of Art. 21 GDPR you have the right to object at any time to the processing of your personal data. If the conditions for an effective objection exist, we must no longer process your data. The above general right of objection applies to all processing purposes described in this privacy statement, which are processed on the basis of Article 6 paragraph 1 letter f) GDPR.
After exercising your right to object, we will not process your personal data further for these purposes, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.
9. Right to appeal
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular your Member State of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to the requirements of the GDPR.
State Commissioner for Data Protection and Freedom of Information, Wagmüllerstraße 18, 80538 Munich.
For questions and to exercise the rights mentioned above, please contact us at mail@nakamaeurope.com.