This Privacy Policy (“Policy”) establishes the comprehensive legal framework under which APM Digital Solutions, s.r.o. (“APM Digital,” “we,” “us,” or “our”) collects, processes, stores, and disseminates personal data provided by data subjects (“you” or “your”) in connection with our IT outsourcing, recruitment, and ancillary services.

​

This Policy is effective as of June 10, 2018 and will be regularly updated to reflect any changes in our data processing practices or in applicable laws. This Policy, together with its sub-pages and related documents, explains how APM Digital Solutions, s.r.o. and its affiliates and newly acquired companies (collectively “APM Digital”) protect and control your personal data, and details the rights you have regarding such processing.

 

By accessing or using our services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.​

​​​​​

​

Table of Contents

​

1. Introduction and Scope

2. Definitions and Interpretative Provisions

3.  Categories of Personal Data Collected

4. Legal Bases and Purposes for Processing

5. Data Sharing, Disclosure, and Transfers

6. Data Collection Methodologies and Sources

7. Data Retention and Storage Policies

8. Technical and Organizational Security Measures

9. Data Subject Rights and Mechanisms for Exercise

10. Cookies, Tracking Technologies, and Similar Mechanisms

11. Consent, Revocation, and Withdrawal Mechanisms

12. Record Keeping, Audit, and Compliance Monitoring

13. Data Breach Notification and Incident Management

14. Group Companies and Internal Data Sharing

15. International Data Transfers and Jurisdictional Considerations

16. Dispute Resolution, Governing Law, and Miscellaneous Provisions

17. Privacy Impact Assessments and Risk Management

18. Final Provisions and Contact Information

​

1. Introduction and Scope

​

1. This Privacy Policy (“Policy”) establishes the comprehensive legal framework under which APM Digital Solutions, s.r.o. (“APM Digital,” “we,” “us,” or “our”) collects, processes, stores, and disseminates personal data provided by data subjects (“you” or “your”) in connection with our IT outsourcing, recruitment, and ancillary services.

2. This Policy applies to all personal data processed by APM Digital regardless of the medium—electronic, paper-based, or otherwise—and extends to every digital platform, mobile application, and physical site operated by our organization, including those of our Group Companies and affiliated entities under common ownership.

3. Our objective is to provide an exhaustive account of our data processing activities while ensuring strict adherence to applicable data protection regulations, including the General Data Protection Regulation (GDPR), relevant national laws, and international statutes. This Policy delineates the responsibilities of APM Digital as a data controller, elaborates on the measures implemented to safeguard personal data, and specifies the conditions under which data may be shared with third parties and transferred internationally.

4. Additionally, this Policy serves to inform you of your rights regarding your personal data and to describe the procedures through which you may exercise such rights. We are committed to transparency and accountability, while also ensuring that our operational integrity is maintained through rigorous security and compliance measures.

 

2. Definitions and Interpretative Provisions

2.1 Definitions

​​

1. Personal Data
   “Personal Data” means any information relating to an identified or identifiable natural person. Such information may include, but is not limited to, your name, identification numbers, location data, online identifiers, and any other factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity, either alone or in combination with other data.

2. Processing
   “Processing” refers to any operation or set of operations performed on personal data, whether by manual or automated means. This encompasses the collection, recording, storage, organization, structuring, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or erasure of data.

3. Data Subject
   “Data Subject” denotes any natural person whose personal data is processed by APM Digital.

4. Group Companies
   “Group Companies” includes any companies, subsidiaries, affiliates, or other entities that are under common or shared ownership and/or control with APM Digital.

5. Third Parties
   “Third Parties” comprises any entities not directly affiliated with APM Digital or its Group Companies. This includes external service providers, business partners, and governmental bodies.

6. Consent
   “Consent” means any freely given, specific, informed, and unequivocal indication of your wishes, which is expressed by a clear affirmative action (for example, selecting an opt-in checkbox), thereby signifying your agreement to the processing of your personal data.

7. Sensitive Data
   “Sensitive Data” refers to categories of personal data that require enhanced protection due to their inherently sensitive nature. This includes, but is not limited to, data concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric or genetic information, health details, and any other data as defined by applicable law.

​

2.2 Interpretative Provisions

​

1. All headings and subheadings in this Policy are provided solely for convenience and do not affect the interpretation of its substantive provisions.


2. References to a singular term shall include the plural and vice versa, unless the context clearly indicates otherwise.

3. Any reference to a statute or regulation shall be interpreted to include its amendments, re-enactments, and any related supplementary legislation.

​

3. Categories of Personal Data Collected

​

1.  We may collect personal data that facilitates the identification and communication with you, such as your full name, postal address, email address, telephone number, and any other contact details you provide directly or indirectly through your interactions with our services.

2. Data related to your professional background, including information contained in your curriculum vitae (CV) or resume, employment history, qualifications, certifications, and professional references, is collected to evaluate your suitability for roles and projects.

3.  Information automatically gathered during your use of our digital platforms includes technical details such as your IP address, browser type, device identifiers, operating system information, log files, and cookie data, all of which are aggregated and used for system analytics, diagnostics, and optimization.

4. We retain a comprehensive record of all communications with you. This includes all forms of correspondence such as emails, telephone calls, letters, and digital interactions, along with any associated metadata that supports our record-keeping obligations.

5. Where you provide data that qualifies as sensitive, such information is processed with enhanced security measures and only when explicitly provided, ensuring that it is afforded heightened protection in accordance with legal requirements.

6. We may also collect additional data that you voluntarily provide through surveys, event registrations, feedback forms, and interactions on social media, which further assists us in tailoring our services to your needs.

7.  To ensure completeness, we may supplement the data you provide with information obtained from publicly accessible sources, including government records, public databases, or professional networking sites, provided such information is legally available.

​

 

4. Legal Bases and Purposes for Processing

​

1. The processing of your personal data is undertaken exclusively on lawful grounds. We rely on one or more of the following legal bases: explicit consent, contractual necessity, legal obligation, and our or a third party’s legitimate interests. These legal bases are employed in a manner that respects and safeguards your fundamental rights.

2. In order to effectively manage our recruitment and candidate management processes, we process your data to evaluate your qualifications, match you with appropriate roles or projects, communicate employment opportunities, and maintain detailed recruitment records.

3. Your personal data is processed to provide IT outsourcing, staffing, and related services, manage client relationships, administer contracts, and support ongoing service delivery and customer support functions.

4. Operationally, your data is used to conduct internal audits, monitor system performance, manage risks, and ensure compliance with all legal and contractual obligations. This includes using data for internal reporting, performance evaluations, and business continuity planning.

5. With your consent, we also process personal data for marketing, communication, and public relations purposes. This includes the distribution of newsletters, promotional materials, and updates, as well as the analysis of aggregated data for market research and strategy development.

6. Personal data may be shared with our Group Companies and select Third Parties under rigorous contractual, technical, and organizational safeguards. Such sharing supports integrated service delivery, administrative efficiency, and enhanced data analytics.

7. To facilitate global operations, personal data may be transferred internationally, including transfers to US-based cloud services and data processing centers. In these instances, we implement robust legal safeguards such as Standard Contractual Clauses or adequacy decisions, ensuring that the data receives a level of protection equivalent to that within the EEA.

8. In addition, personal data may be processed for research and development purposes, fraud prevention, risk management, and security monitoring. These activities are conducted in full compliance with applicable laws and serve to continuously improve our services and protect the interests of our data subjects.

9. We employ artificial intelligence (AI) tools to assist in the processing of candidate profiles by extracting and organizing relevant information from CVs and other submissions. However, no final decision-making is conducted by AI; all determinations regarding candidate selection are made solely by human recruiters.

10. By providing your personal data, you expressly consent to its processing and storage for a period of five (5) years. Should you wish to extend this retention period beyond five years, you may request such an extension by contacting us at recruitment@apmdigital.eu, and such requests will be evaluated in accordance with applicable legal requirements.

​​

​

5. Data Sharing, Disclosure, and Transfers

​

1.  Internal data sharing among APM Digital and its Group Companies is conducted to optimize operational coordination, enhance service delivery, and support administrative functions. All such sharing is subject to strict internal protocols and data protection measures.

2. Externally, your personal data may be disclosed to business and service partners, including clients and project collaborators, for purposes such as recruitment, project evaluation, and service delivery. Such disclosures are governed by stringent confidentiality and security obligations.

3. Third-party service providers, including those responsible for IT support, hosting, data analytics, and communications, may access your personal data under binding contractual arrangements that ensure the highest standards of data protection.

4. We may also disclose your personal data to legal or regulatory authorities as required by law or to protect our legal rights, in accordance with applicable statutory requirements.

5.  International transfers of personal data, including to cloud services and processing centers located in the United States, are executed only with internationally recognized safeguards. Such safeguards, including Standard Contractual Clauses or adequacy decisions, ensure that your data receives an equivalent level of protection to that provided within the EEA.

6. While we predominantly utilize secure transmission channels such as encrypted connections and secure file transfer protocols, there may be instances where data is transmitted via standard channels. Should you have any concerns regarding the security of data transmission, you may contact us at recruitment@apmdigital.eu.

​

6. Data Collection Methodologies and Sources

​​​

1. Personal data is collected directly from you via online forms, CV upload portals, email communications, telephone interviews, and face-to-face meetings.

2. We utilize third-party services to facilitate data collection. In particular, our website employs Zoho Forms for managing online form submissions. Data collected via Zoho Forms is processed by Zoho on our behalf, and is subject to their internal data protection policies. We have ensured that appropriate technical and organizational safeguards are in place for the transmission and processing of this data. You are encouraged to review Zoho’s Privacy Policy for further details regarding their data processing practices.

3. We may supplement the data you provide with information obtained from publicly accessible sources such as government records, public databases, or professional networking sites, provided that such information is legally accessible.

4. Additional data may be gathered through interactive channels such as surveys, feedback forms, event registrations, or other methods to enhance our understanding of your needs.

5. Data collected from multiple sources may be aggregated and anonymized for the purpose of generating statistical insights and analytical reports, which are used solely for internal analysis and are not attributable to any individual.

​

7. Data Retention and Storage Policies

​

1. Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable legal, regulatory, or contractual obligations. Our retention practices adhere strictly to the principle of data minimization.

2. Recruitment data is generally retained for a period of up to 5 years from your last interaction, unless extended by legal mandates. Operational and administrative data is maintained for the duration of contractual relationships, while marketing data is stored until you opt out or withdraw your consent. Research and analytical data may be retained in aggregated or anonymized form for extended periods to support strategic analysis.

3. All personal data is stored within secure data centers that employ state-of-the-art physical, technical, and administrative safeguards, including robust encryption, access controls, and regular security audits.

4. Upon the conclusion of the designated retention period, your personal data is either securely archived or irreversibly deleted using methods that guarantee its complete destruction, in full compliance with our documented data disposal protocols.

​

8. Technical and Organizational Security Measures

​

1. We have implemented a comprehensive framework of technical and organizational measures to safeguard your personal data against unauthorized access, alteration, loss, or disclosure.

2. Our technical safeguards include advanced firewalls, intrusion detection and prevention systems, and encryption protocols for data at rest and in transit. Secure socket layer (SSL) technology and strict access control mechanisms are in place, and regular vulnerability assessments and independent penetration tests are conducted to ensure our systems remain secure.

3.  Organizational measures include strict internal data protection policies, mandatory training programs for all employees, regular internal audits, and comprehensive incident response procedures. Access to personal data is limited to authorized personnel with a legitimate need, and all such personnel are bound by confidentiality agreements.

4. We have established robust business continuity and disaster recovery plans to ensure that, in the event of a catastrophic incident, critical systems are promptly restored and data integrity is maintained.

5. Our security infrastructure is subject to continuous monitoring and periodic reviews, and is updated regularly to address emerging threats, incorporate technological advancements, and adapt to evolving legal requirements.

​​

9. Data Subject Rights and Mechanisms for Exercise

​

1. You have the right to request a complete, detailed copy of all personal data we process concerning you. We shall provide such information within the statutory timeframe and in a manner that is both comprehensive and transparent.

2. Should you detect any inaccuracies or incomplete data, you are entitled to request that we promptly rectify the information to ensure it accurately reflects your current circumstances.

3. If it is determined that your personal data is no longer necessary for the purposes for which it was collected, or if its retention is contrary to legal requirements, you may request its full erasure, subject to any overriding legal obligations.

4. Under specific conditions, you may request that the processing of your personal data be restricted until any disputes regarding its accuracy or lawfulness are resolved, thereby limiting its use during that period.

5. You have the right to object to the processing of your personal data, particularly when such processing is based on our legitimate interests or for direct marketing purposes, unless we can demonstrate compelling reasons that justify the continued processing.

6.  In order to facilitate the transfer of your personal data, you may request that all data provided by you be delivered in a structured, commonly used, and machine-readable format, which enables data portability to another data controller.

7. Where processing is based on your consent, you have the right to withdraw that consent at any time. While withdrawal does not affect the lawfulness of any processing carried out prior to its revocation, it may restrict our ability to offer you certain services.

8. To exercise any of these rights or for additional clarification, please submit a written request to recruitment@apmdigital.eu. We will process your request in accordance with all applicable statutory deadlines.

9. If you believe that your rights have been infringed or that our data processing practices do not comply with applicable legal standards, you are entitled to lodge a complaint with the relevant supervisory authority without prejudice to any other legal remedies available to you.

​

10. Cookies, Tracking Technologies, and Similar Mechanisms

​

1. Our websites utilize cookies, web beacons, and similar tracking tools to enhance your browsing experience, monitor website traffic, and tailor content to your preferences. These technologies may automatically collect technical data such as your IP address, device identifiers, and browsing patterns.

2. You may manage or disable cookies through your browser settings; however, please note that such actions may impair the functionality of certain features on our websites.

3. Our website is hosted on the Wix platform, which provides the technical infrastructure for our online presence. Consequently, certain aspects of data processing, including cookie management, may be facilitated by Wix. We encourage you to review Wix’s Privacy Policy for further information on their data processing practices.

4. For any additional details regarding the tracking technologies employed, the data they collect, and the purposes for which this data is used, please contact us at recruitment@apmdigital.eu.

​

11. Consent, Revocation, and Withdrawal Mechnism

​

1. Where the processing of your personal data is based on explicit consent, we secure your agreement through clearly articulated affirmative actions, such as opt-in checkboxes, which unambiguously indicate your consent.

2. You have the right to withdraw your consent at any time by contacting recruitment@apmdigital.eu. Upon receipt of your withdrawal request, we will promptly cease the relevant processing activities, to the maximum extent permitted under applicable law.

3. It is important to note that the withdrawal of consent shall not affect the lawfulness of any processing performed prior to its revocation, although it may limit our capacity to provide you with certain services or communications that rely on that consent.

​

12. Record Keeping, Audit, and Compliance Monitoring

​​

1. We maintain comprehensive records of all personal data processing activities in strict compliance with applicable legal requirements.

2. These records are subject to regular internal audits performed at our discretion to ensure conformity with this Policy. Additionally, we reserve the opportunity to engage independent third-party auditors on a voluntary basis to assess the effectiveness of our data protection measures and to obtain certifications attesting to our commitment to data security and privacy.

3. Our Data Protection Officer and dedicated compliance teams continuously monitor our processing activities, and any discrepancies or instances of non-compliance identified are promptly addressed through appropriate corrective actions.

4. All documentation related to internal audits, and any external assessments conducted, will be retained for at least the minimum period required by applicable law, ensuring robust accountability and traceability.

​

​

13. Data Breach Notification and Incident Management

​

1. We have instituted an Incident Response Plan that outlines the specific procedures to be followed in the event of a data breach or security incident. This plan includes immediate containment, assessment of the breach’s scope and impact, and initiation of remedial measures.

2. In the event of a breach that compromises personal data, we will adhere strictly to the notification requirements set forth by applicable data protection regulations. Affected data subjects and supervisory authorities will be informed promptly with full disclosure of the breach’s nature, impact, and the steps taken to mitigate it.

3. Following any breach, a detailed post-incident analysis will be conducted to ascertain the root cause and to develop measures aimed at preventing future occurrences. The results of such analyses will be integrated into our ongoing security enhancement efforts.

4. All incidents, notifications, and corrective actions are meticulously documented and maintained as part of our compliance records, ensuring that every breach is subject to thorough review and continuous improvement.

​

14. Group Companies and Internal Data Sharing

​

1. “Group Companies” or “Affiliated Entities” include any companies, subsidiaries, sister companies, joint ventures, or other organizations under common or shared ownership with APM Digital.

2. Personal data may be shared among these entities to facilitate consolidated recruitment management, cross-promotional marketing, internal analytics, and coordinated service delivery. Such sharing is critical to the seamless integration of our business processes.

3. All internal data transfers are conducted in strict accordance with rigorous contractual, technical, and organizational safeguards that ensure your personal data is processed securely and your rights are consistently upheld.

4. A robust intercompany data governance framework is maintained to oversee all internal sharing activities. Should you wish to exercise your rights regarding data processed by any affiliated entity, please contact recruitment@apmdigital.eu.

​

15. International Data Transfers and Jurisdictional Considerations

​

1. In instances where personal data is transferred outside the European Economic Area (EEA), including to US-based cloud services and data processing centers, we implement internationally recognized safeguards such as Standard Contractual Clauses or rely on adequacy decisions to ensure equivalent protection.

2. Our operations may involve the use of cloud services based in the United States for data processing and storage. In such cases, we enforce comprehensive legal and technical measures to ensure that your personal data is protected in accordance with EU data protection standards.

3. All international transfers are carried out in strict compliance with the relevant legal frameworks, ensuring that your data receives the same level of protection regardless of its geographic location.

4. We continuously review and update our international data transfer protocols and conduct regular audits to guarantee that our mechanisms remain fully compliant with both internal policies and external regulatory requirements.

​

16. Dispute Resolution, Governing Law, and Miscellaneous Provisions

​

1. This Policy shall be governed by and construed in accordance with the laws of Slovakia. All disputes arising from or related to this Policy shall be subject to the exclusive jurisdiction of the Slovak courts.

2. In the event of any disagreement or dispute regarding this Policy or our data processing practices, we encourage you to contact us at recruitment@apmdigital.eu to seek an amicable resolution. Should such efforts fail, you may file a formal complaint with the relevant supervisory authority.

3. If any provision of this Policy is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect. This Policy constitutes the entire agreement between you and APM Digital regarding the processing of your personal data and supersedes all prior agreements or communications.

4. We reserve the right to amend or update this Policy at any time to reflect changes in our practices or legal obligations. All amendments will be published on our website with a revised Effective Date, and continued use of our services will constitute acceptance of the updated terms.

5. All notices and communications regarding this Policy will be disseminated through our official channels, and we will make every reasonable effort to notify data subjects of any significant changes.

6. ​APM Digital Solutions, s.r.o. shall not be held liable for any indirect, incidental, special, or consequential damages arising out of or in connection with your use of our services or this Policy, except as expressly provided by applicable law. In no event shall our total liability to you for all damages exceed any amount paid by you, if any, for accessing our services.

​

17. Privacy Impact Assessment and Risk Management

​

1.  In order to continuously enhance our data protection practices, we conduct periodic Privacy Impact Assessments (PIAs) to evaluate the potential risks associated with our processing activities.

2. These assessments are used to identify and mitigate risks prior to the implementation of new technologies or processing activities, ensuring that all risks are adequately addressed and managed.

3. The results of these assessments form an integral part of our risk management framework and are reviewed regularly by our Data Protection Officer and compliance teams.

4. In addition to PIAs, we maintain a comprehensive risk management program that includes regular reviews of potential vulnerabilities, threat assessments, and the implementation of preventative measures to safeguard your personal data.

​

18. Final Provisions and Contact Information

​

1. By accessing our services or providing your personal data, you acknowledge that you have read, understood, and fully agree to the terms and provisions set forth in this Privacy Policy.

2. For any queries, clarifications, or concerns regarding this Policy or our data processing practices, please contact:

   APM Digital Solutions, s.r.o.
, Attn: Data Protection Officer, Mostová 185/2, 81102 Bratislava
Slovakia, Email: recruitment@apmdigital.eu.

3. We welcome your feedback and are committed to addressing any concerns regarding our privacy practices. All feedback and complaints should be directed to the above contact email, and we will endeavor to respond promptly in accordance with applicable statutory requirements​