Privacy Policy

Vroboti System Service Provider is committed to maintaining the confidentiality of information and Personal Data received and will take all measures necessary to ensure that they are safely stored.

This Privacy Policy governs the relationship between Vroboti (the Service Provider) and the User regarding the use of Confidential Information and Personal Data, its receipt, protection, processing, transfer and deletion, and is an integral part of the Vroboti Service Agreement.

What this Policy is about 

This privacy policy aims to give you information on how Vroboti collects and processes your personal data through your use of our websites (including vroboti.com, and any other web-apps).

Not intended for children: The Vroboti is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy information or notices we provide, so that you may understand how we use and keep your data secure.

Collection of personal data

We collect Personal Data from you for one or more of the following purposes: 

• To provide you with information that you have requested or that we think may be relevant to a subject in which you have demonstrated an interest.
• To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services.
• To fulfill an Agreement that we have entered into with you or with the entity that you represent. In these circumstances it may be your entity, rather than yourself, that has provided us with your Personal Data.
• To ensure the security and safe operation of our websites and underlying business infrastructure.
• To manage any communication between you and us.

Vroboti users

A Vroboti User is a natural or legal person who is registered in the Vroboti system and is the owner of an account. If you are a Vroboti User, we may process the following personal information about you: 

• Identity Data includes first name, maiden name, last name, username or similar identifier, date of birth, and gender.
• Contact Data includes address, email address, and telephone numbers.
• Profile Data includes your basic account information; username password and access information; photos you may choose to upload; other information you may provide in response to a questionnaire or survey; your interests, preferences, and feedback and survey responses; any other information you provide to use in relation to your Vroboti Account.
• Marketing and Communications Data includes your preferences in receiving marketing from us, any third parties and your communication preferences, including registering for our newsletter.

Technical information

In addition, to ensure that each visitor to our website can use and navigate the site effectively, we collect the following:

Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.

Your login information, browser type and version, time zone setting, browser plugin types and versions.

Operating the system.

Information about your visit, including the URL (Uniform Resource Locator) clickstream to, through and from our site.

Our Cookies Policy, which can be viewed from the homepage of our website, describes in detail how we use Cookies.

Below, we identify your rights in respect of the Personal Data that we collect and describe how you can exercise those rights.

This Privacy Policy uses the following terms in the following meanings:

• Vroboti System (System) - software, an ATS system for recruiting and other related services provided by Vroboti and which help automate routine personnel management work processes. The Vroboti System is subject to copyright and intellectual property rights, which are governed and protected by intellectual property and copyright protection laws.
• Personal data - information or a set of information about a natural person who is identified or can be specifically identified, directly or indirectly (‘data subject’);
• Confidential Information - information or data that is defined as confidential and received by the Service Provider and the User from each other in the process of providing the Vroboti System Services
• Data Import - entering data provided by the User into the Vroboti system;
• Processing Data - means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• Cloud storage - secure cloud storage for storing Data on multiple networked servers across the Ukraine.

Consent of the data subject to the transfer of data -freely given, specific, informed, unequivocal and clearly defined consent of the owner of the data or the legal and authorized user of such Data to their transfer, expressed, including, by accepting these terms and placing an order for the use of the Vroboti system;

Data Protection Legislation- means all applicable legislation in force from time to time in the European Union applicable to data protection and privacy including, but not limited to, the EU GDPR, the Data Protection Act 2018 (and regulations made thereunder), and the Privacy and Electronic Communications Regulations 2003 as amended;

General Data Protection Regulation - means EU General Data Protection Regulation 2016/679, the EU GDPR;

When placing an order for the use of the Vroboti system and entering his/her Personal Data, the User confirms that he/she has read the Privacy Policy and agrees to the processing of his/her Personal Data by Vroboti for the specified purposes. In case of consent, the User can revoke his/her consent to this  processing at any time.

Approval of this Privacy Policy is mandatory for obtaining the right to access the service, and is considered to be voluntary consent for the transfer and processing of Personal Data and Confidential Information in accordance with these terms and conditions, and the Vroboti system Service Agreement.

The relationship between the Service Provider and the User is governed by the laws of Ukraine and other countries in which compliance with the protection of Personal Data and Confidentiality is mandatory.

Guarantees

The User undertakes to respect the confidentiality of all data received in connection with the provision of the service of using the system Vroboti.

Compliance with the general data protection regulation

The Service Provider, in working with Personal Data, complies with the requirements of the GDPR, in particular:

• Processes Personal Data in a legal, legitimate and transparent manner in relation to the Data subject, namely, only after obtaining the consent of such data subject to the processing of Personal Data and taking into account that such processing is necessary for the performance of the Agreement on the provision of services for the use of the system Vroboti, to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into an Agreement;
• Collects Personal Data for the specified, clear and lawful purposes described in the Vroboti system Services Agreement and does not further process such data in a way that is incompatible with such purposes;
• Clearly identifies the received Personal Data and limits them to the extent necessary in view of the purposes of processing (“Data Minimization”);
• If necessary, updates the Personal Data and takes all appropriate measures to ensure that inaccurate Personal Data, taking into account the purposes of their processing, is deleted or corrected without delay (“accuracy”);
• Keeps Personal Data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed;
• Processes Personal Data in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’);
• Monitors the availability of consent to receive and process Personal Data;
• Provides the possibility for the data subject to withdraw their consent to the processing of Personal Data at any time and guarantees that the withdrawal of consent will not affect the legality of the processing of Personal Data, which was based on consent before its withdrawal. That is, it equally provides the possibility of both withdrawal and consent;
• Provides the possibility of rectification or erasure of Personal Data;
• Provides the possibility of restriction of processing of Personal Data concerning the data subject or to object to such processing;
• Depersonalises data for their further use by the Service Provider;
• Guarantees compliance with the GDPR 2016/679 regulations of all entities that have access to Personal Data;
• Does not receive and does not process Personal Data that reveal racial or ethnic origin, political beliefs, religious or philosophical beliefs, or membership in professional unions, as well as genetic data, biometric data for the purpose of unique identification of a natural person, data related to the state of health or data about the sexual life of a natural person or their sexual orientation and other data with a special regime for their access and storage;
• Stores data on secure data carriers that meet the requirements of GDPR and ensures ongoing confidentiality, integrity, availability and stability of systems and services for processing Personal Data;
• Involve only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.

Sources of obtaining personal data

The Service Provider receives Personal Data from the User solely for the purpose of providing access to the system, namely the data necessary for the User's registration in the Service Provider's system and further formation of the User's personal account.

After granting the User access to the system, the User independently (and at his/her own discretion) collects and uploads Personal Data of his/her employees, recruiters, third parties to the Service Provider's systems, while the Service Provider does not collect such Personal Data, but only stores them, and therefore is not responsible for their reliability, accuracy, legality, legality, legal way of their collection, etc.

The User is responsible for the truthfulness of the provided Personal Data, as well as for their timely updating. The User guarantees that they have received and transmitted Personal Data on legal grounds and with the sufficient consent and permission of the owner of such data. The Service Provider has the right to request confirmation of the veracity of such data and the sufficiency of the consent of the Personal Data owner.

Data import

After Vroboti system has become available for use, the User can independently upload data to the system. The Service Provider guarantees the security of such data in accordance with this Privacy Policy, and Terms of use of Vroboti system. The data entered by the User immediately after receipt is transferred to the cloud storage and cannot be used by the Service Provider. 

Third parties

The Service Provider may provide Confidential Information and Personal Data to Third Parties based on the Users’ direct order (e.g. for the purpose of system integration with other services). In this case, the Service Provider is not responsible for the safety of such data and cannot guarantee compliance with the special regime of such information.

The Service Provider may disclose Confidential Information and Personal Data to Third Parties solely for the purpose of providing services to the User, including involving third parties professionals, or integration with third-party software. In this case, the Service Provider is responsible for the actions of such third parties as its own. The use of Personal Data will only be carried out in accordance with the professional or employment duties of this Third Party. These Third Parties are obliged not to disclose in any way Personal Data that has been entrusted to them or that has become known to them in connection with their professional or official duties or employment.

By accepting the terms of this Privacy Policy, the User consents to the transfer of information to Third Parties.

Information may also be provided to law enforcement and other public bodies where such disclosure is mandatory and upon proper request, and the Service Provider shall immediately notify the User.

Data protection of information, personal data and security of their processing

The Service Provider guarantees protection of Personal Data and Confidential Information from accidental loss or destruction, from illegal processing, including illegal destruction or access to Personal Data, and implements appropriate technical and organizational measures which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the GDPR and protect the rights of data subjects, namely:

• Uses data encryption at the content level;
• Personal Data is isolated and protected by multiple levels of security using multi-conditional access and multi-factor authentication;
• The Service Provider ensures continuous confidentiality, integrity, availability and stability of processing systems and services;
• Ensures timely restoration of Personal Data in the event of a technical accident;
• Ensures regular testing, evaluation and analysis of the effectiveness of technical and organizational measures to guarantee the security of data processing;
• Keeps Data locked down at every level and applies many technical and organizational measures to ensure its preservation and to prevent data leakage and unauthorized access to data, such as:
• Active error search program;
• Frequent vulnerability scans;
• Web application firewall;
• Verification of input data;
• Continuous security management and monitoring;
• Backup data daily, every 6 hours.

The Service Provider uses exclusively safe and secure resources to store Confidential Information and Personal Data, including Cloud storage media.

The Service Provider engages operators to carry out Data processing, who provide sufficient guarantees regarding the implementation of the necessary technical and organizational measures in a way that allows for the compliance of the processing with the requirements of the GDPR and guaranteeing the protection of the rights of the Data Subject.

The Service Provider has what he believes are appropriate security controls in place to protect Personal Data.

Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of the Service Provider’s ISMS. The Service Provider does not, however, have any control over what happens between the User's device and the boundary of the Service Provider's information infrastructure. Users should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. The Service Provider accepts no liability in respect of breaches that occur beyond his sphere of control.

Purpose for which we will use personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the lawful bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us for further information.

Type of Data and purpose:

1. Opening Vroboti account - information about who the User is his/her contact information.
2. Administration and Protection of business and Vroboti system (including troubleshooting, fraud prevention, data analysis, testing, system maintenance, support, reporting and hosting data) - information on usage of the service.
3. Delivery of relevant Vroboti content to measure and understand the effectiveness of our website and services - information on usage of the service.
4. Using data analytics to improve Vroboti system, products/services, marketing, customer service - information about Vroboti service usage and technical information.
5. Making suggestions and recommendations about the services that might be of interest to you, your Employer, Partner or Supplier. - information about how to contact you and who you work for.

User’s rights as a data subject

As a Data Subject whose personal information Vroboti hold, the User has certain rights. If the User wishes to exercise any of these rights, he/she may write to the email: info@vroboti.com. To process the User's request, the Service Provider will ask to provide two valid forms of identification for verification purposes. The User’s rights are as follows:

• The right to be informed
• The Service Provider is obliged to provide clear and transparent information about its data processing activities. This is provided by this privacy notice and any related communications the Service Provider may send to the User. 
• The right of access
• The User may request a copy of their Personal Data held by the Service Provider free of charge. Once the Service Provider has verified User's identity and, if relevant, the authority of any third-party requester, the Service Provider will provide access to the personal data it stores about the User, as well as to the following information:
  • The purposes of the processing.
  • The categories of Personal Data concerned.
  • The recipients to whom the Personal Data has been disclosed.
  • The retention period or envisioned retention period for that Personal Data.
• When Personal Data has been collected from a Third Party, the source of the Personal Data.
• If there are exceptional circumstances that mean that the Service Provider may refuse to provide information, the Service Provider will explain this to the User. If responding to a request may require additional time or entail unreasonable costs (which may have to be borne by the User), the Service Provider will notify the User. 
• The right to erasure (the ‘right to be forgotten’)
• Where no overriding legal basis or legitimate reason continues to exist for processing Personal Data, the User may request to delete the Personal Data. This includes Personal Data that may have been unlawfully processed. The Service Provider will take all reasonable steps to ensure erasure. 
• The right to restrict processing
• The User may ask the Service Provider to stop processing his/her Personal Data. The Service Provider will still hold the Data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies the User may exercise the right to restrict processing.
• The right to rectification 
• When the User believes that the Service Provider holds inaccurate or incomplete personal information about the User, he/she may exercise his/her right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected. 
• The accuracy of the Personal Data is contested. 
• The right to data portability 
• The User may request his/her set of Personal Data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfillment of a contractual obligation. 
• The right to object 
• The User has the right to object processing of his/her data where:
  • Processing is based on legitimate interest;
  • Processing is for the purpose of direct marketing;
  • Processing is for the purposes of scientific or historical research; or
  • Processing involves automated decision-making and profiling.

Retention of information

The Service Provider retains User’s personal information for as long as it is required for the purposes stated in this Privacy Policy. Sometimes, the Service Provider may retain this information for longer periods as permitted or required by law, such as to maintain suppression lists, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax, accounting, or to comply with other legal obligations. When the Service Provider no longer has a legitimate need to process this information, the service Provider will delete or anonymize this information from its active databases. The Service Provider will also securely store the information and isolate it from further processing on backup discs until deletion is possible.

Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out in the table above.

• Internal third parties such as our employees or officers and legal entities within the Vroboti group of companies.
• With research and trial partners, being commercial research.
• External third parties, payment providers, specialist IT support, cloud hosting providers, communications partners and sub-contractors.
• Professional advisers including lawyers, bankers, marketing agencies, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
• Credit reference agencies, law enforcement and fraud prevention agencies.
• HM Revenue & Customs, regulators and other authorities who require reporting or processing activities in certain circumstances.
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

Limited Use Policy

Vroboti adheres to the restricted use requirements set out in the Google API User Data Policy.

We ensure that:

• Our data handling practices comply with Google API Services User Data Policy;
• Vroboti will only use the data obtained from Google APIs for the purposes specified in our Privacy Policy;
• Use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy including the Limited use requirements. 

Collection and Use

We collect the following personal information from your Google Calendar

• Event name
• Event date
• Event Time

We use this information to:

Synchronize your Google Calendar data in your Vroboti account (under the Calendar Tab or on the Candidate’s page) to see your availability or the availability of your colleague when scheduling an interview with the candidate.

We will only use this information for the specific reason for which it was provided to us.

Disclosure to Third Parties

We do not share or sell your personal information to third parties.

We disclose information only in the following cases:

• As required by law, such as to comply with a subpoena or similar legal process Session Status
• When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, to investigate fraud, or to respond to a government request if we are involved in a merger
• Acquisition, or sale of all or a portion of our assets

Security

The security of your Google Calendar personal information is important to us.

We take commercially reasonable measures and follow generally accepted standards to protect the information you provide us, both during transmission and once we receive it. For example, the information you provide is transmitted via encryption using secure socket layer technology (SSL) technologies.

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee that malicious actors will not access the data, although we will do our best to prevent that happening

Accessing Your Information

To review, correct, or update your customers’ information, you can request any modification by emailing info@vroboti.pro . We will retain the synced/imported information for as long as your account is active or as needed to provide you with our services.

If you wish to request that we no longer use your Google Calendar information you can simply disable the integration on your Vroboti Settings Page. If you have any concerns or further questions, please feel free to contact info@vroboti.pro

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact our Manager.

The Service Provider has appointed a Data Protection Officer to oversee its management of the User’s personal information in accordance with this Privacy Policy. If the User has any questions or concerns about Vroboti’s privacy practices with respect to User’s personal information, the User can reach out to our Data Protection Officer by sending an email to info@vroboti.com

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

Alternation of this policy

The Service Provider has the right to alter the terms and conditions of this policy, which he notifies to the User not later than one calendar month before such changes become valid. 

Changes to the Privacy Policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated on 05 January 2023. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes and this can be done through your Vroboti Account for all Vroboti Users.