The protection of your privacy is paramount to us. We handle your data strictly in accordance with applicable laws, especially the European GDPR regulation. This Privacy Policy is intended for:
- Candidates: Independent specialists who are interested in joining our clients' projects and undergo a selection process with us for a specific project
- Contractors: External experts with whom we actively collaborate and who deliver their expert services to ongoing projects
- Client and Business Partner Representatives: Individuals with whom we manage and facilitate business collaborations
- Website Visitors: Anyone browsing or interacting with our web platform
Article I: Personal Data We Process
We only process data that is genuinely necessary to identify the right project for you or to fulfill our contractual obligations. Below is an overview of the data we may collect and maintain (we typically work with only a subset of these data types):
Basic Contact Information
- First name, last name, and academic titles
- Contact or business address
- Email address
- Telephone number
- Any additional information you choose to include in your message via the contact or registration forms on our website
Specific Candidate Data
- Professional experience, project history, and previous roles
- Education, language proficiencies, certifications, and specialized skills
- Availability details specifying when you have open capacity to start on a new project
- Your requested financial compensation (hourly or daily rate)
- Information contained within your professional curriculum vitae (CV), portfolio, and photograph (if included in your CV)
- Nationality or date of birth (only if you explicitly choose to provide them in your CV)
- Contact details of individuals who can provide professional references for you (always collected with your prior knowledge)
- Data from public professional profiles (especially LinkedIn): If we reach out to you as part of our active sourcing activities, we process the professional data that you have publicly published yourself
Specific Data of Collaborating Contractors
- Invoicing details: Business Identification Number (IČO), VAT Number (DIČ), registered office, and bank account number for processing your invoice payments
- Project data: Timesheets, monthly project activity reports, and performance evaluations provided by the client
We strictly adhere to the principle of data minimization; we only process personal data that is adequate, relevant, and limited to what is necessary for the specified purpose of processing.
Article II: Automatically Collected Data (Cookies and Logs)
When you visit our website, technical information and network identifiers are automatically collected using cookies and web server logs. This data is pseudonymized and does not allow for the direct identification of a specific individual. It includes:
- Internet browser type and version, along with operating system settings
- The website from which you accessed our platform (referral)
- The IP address of the accessing device and the network name of the computer
- Subpages visited on our website, including the exact time, date, and duration of the visit
- Search terms utilized to locate our website via external search engines
Necessary (technical) cookies: These are essential for the correct and secure operation of the website (e.g., enabling you to log into your account). They are deployed automatically and cannot be disabled. Analytical cookies (e.g., Google Analytics): These help us anonymously measure website traffic, monitor user behavior on the site, and continuously improve our services. Marketing cookies: These allow us to display relevant project offers and training opportunities tailored to your professional interests.
You can fully manage, permit, or reject the deployment of analytical and marketing cookies at any time via the cookie consent banner on our website. You can also globally opt out of Google Analytics tracking by utilizing the official browser add-on available at https://tools.google.com/dlpage/gaoptout.
Article III: Why We Hold Your Data and the Legal Basis for Processing
Every instance of data processing within our company is supported by a clear legal ground (legal basis pursuant to Article 6 of the GDPR). We utilize your data for the following purposes:
Selecting Specialists for Projects (Candidates)
- Purpose: To evaluate your professional experience, match you with a suitable project, introduce your profile to the client, and prepare the collaboration agreement
- Legal basis: Taking steps at your request prior to entering into a contract [Article 6(1)(b) of the GDPR] for a specific project, or your explicit Consent [Article 6(1)(a) of the GDPR] if we retain your profile in our database for future project opportunities
Active Sourcing of Specialists (LinkedIn Sourcing)
- Purpose: To identify suitable market experts for newly opened projects from our clients and offer them collaboration opportunities based on their public professional profiles
- Legal basis: Our legitimate interest [Article 6(1)(f) of the GDPR] in identifying qualified subcontractors on the open market. Personal data is processed in this manner only up to the point of first contact; if you do not express interest in collaborating, the data is immediately deleted
Project Execution and Collaboration (Contractors)
- Purpose: To ensure the smooth operation of active projects, maintain records of worked time (timesheets), facilitate communication with the client, and process your invoice payments
- Legal basis: Performance of a contract [Article 6(1)(b) of the GDPR]. The entire relationship is built upon the collaboration of independent business partners
Consulting Services and Client Care (Clients and Partners)
- Purpose: To deliver our advisory and consulting services, process strategic analyses, and manage client projects effectively
- Legal basis: Performance of a contract with the client [Article 6(1)(b) of the GDPR] and our legitimate interest in standard commercial communication [Article 6(1)(f) of the GDPR]
News, Education, and Project Offers
- Purpose: To send you updates regarding new open projects, training sessions, conferences, or professional networking events
- Legal basis: Our legitimate interest [Article 6(1)(f) of the GDPR] in the case of our active specialists and clients, or your explicit Consent [Article 6(1)(a) of the GDPR] if you subscribed independently. You can unsubscribe at any time with a single click via the opt-out link included in every email
Security and Protection of Our Rights
- Purpose: To safeguard our websites and IT systems against cyberattacks, prevent fraudulent activities, and maintain a record in the event that we need to defend our legal claims
- Legal basis: Legitimate interest [Article 6(1)(f) of the GDPR] in protecting our business operations
Article IV: Utilization of AI Tools and Human Oversight
We explicitly declare that we do not utilize fully automated decision-making systems or artificial intelligence (AI) without human intervention when sourcing, evaluating CVs, or selecting specialists for projects. Every professional profile, curriculum vitae, and project match is invariably evaluated individually by our human recruiters and specialists (the human-in-the-loop principle). Your personal data is not subjected to any automated profiling.
Article V: Who Has Access to Your Data
Your data is fully secure with us. Access is strictly restricted to personnel within the Projectman team who directly manage your projects or provide administrative support. We only share data outside our organization in the following clearly defined scenarios:
- With our Clients: We transfer professional profiles, technological competencies, and commercial terms of independent specialists (Candidates for allocation) to specific Clients who have requested expert capacities for their active projects. Regarding this data, the Clients and the Data Controller act as separate and independent data controllers
- With our technical providers: We utilize verified third-party tools and services (such as cloud storage providers, internal CRM/ATS systems for project management, and an external accounting firm). These partners are granted access to data solely for the purpose of maintaining and supporting our systems; they are strictly prohibited from utilizing the data for any other purpose and protect it under binding data processing agreements
- State authorities: We provide data to public authorities exclusively in cases where we are explicitly required to do so by applicable law (e.g., tax authorities)
Article VI: How We Secure Your Data
We take data security very seriously. We regularly review and update our technical and organizational security measures—ranging from communication encryption and protected servers to strict access controls governing which internal personnel can view data. We protect your information against loss, misuse, or unauthorized access. To access internal systems, we utilize security mechanisms that align with current industry standards, including rigorous access rights management.
Article VII: International Data Transfers
As we utilize Google Workspace cloud services for our company operations, certain personal data may be stored on servers operating outside the European Economic Area (EEA), specifically in the United States.Data transfers are legally structured and fully secured in compliance with Chapter V of the GDPR:
- Google LLC is a certified participant in the approved EU-US Data Privacy Framework, which the European Commission has recognized as providing an adequate level of data protection
- For scenarios extending outside this framework, contractual relationships are covered by Standard Contractual Clauses (SCCs) approved by the European Commission
Article VIII: Data Retention Periods
We do not retain your personal data indefinitely; it is kept only for the duration necessary to fulfill the specified purpose:
- Data resulting from executed contracts and projects must be retained for a period of 10 years following the termination of the collaboration to comply with statutory accounting and tax legislation
- We retain the data processed on the basis of your consent (our database for future projects, website registration) only for as long as strictly necessary, or until you withdraw your consent.
- Once the data is no longer required for the given purpose and we have no statutory obligation to retain it, it is securely and permanently erased
Technical logs, security records, and data collected via cookies are retained only for the period necessary to ensure the security of our systems, support website functionality, and perform analytical evaluations of traffic, up to the maximum duration defined in the settings of individual cookies or our internal security protocols.
Article IX: Your Rights and How to Contact Us
Under the GDPR, you maintain full control over your personal data. If you wish to exercise any of your legal rights, please contact us via email at dpo@projectman.cz. We will resolve your request within 30 days of receipt.
You have the right to request:
- Access to data: You have the right to know what data we maintain about you and request a copy of this data.
- Rectification: If your address, telephone number, or any other detail changes, you can request an immediate update.
- Erasure (The right to be forgotten): If you no longer wish to collaborate with us, you can request the erasure of your data, provided we are not legally obligated to retain it.
- Restriction of processing: In specific scenarios, you can request that we restrict the processing of your data, meaning we will store it securely but will not utilize it further.
- Data portability: We can export your data in a commonly used, machine-readable format so that you can transfer it to another controller.
- Objection: If we process your data on the grounds of our legitimate interest, you can object at any time, and we will evaluate whether our legitimate grounds override your privacy interests.
- Objection to direct marketing: If you receive project offers or training updates based on our legitimate interest and you no longer wish to receive them, you maintain an absolute right to object to this direct marketing at any time. Once you object, we will immediately and without any further conditions cease using your data for marketing purposes. You can exercise this right by clicking the unsubscribe link in any email or by writing to dpo@projectman.cz.
- Withdrawal of consent: You can withdraw your consent to be included in our database for future project opportunities at any time.
- Lodge a complaint: If you believe that we are not handling your data fairly or lawfully, you have the right to contact the Office for Personal Data Protection (Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz).