Personal data processing based on Data Protection Act FI 1050/2018
Information we collect on the service:
When you use the Service, we may collect information contained in your resume, your name, profile photo, email address, mailing address, mobile phone number, nationality, geographic area preferences for job, language skills, compensation expectations, job-related skills and derived personality attributes, interests and affinities, information about your current job and position, information about previous jobs and positions, user activity data, IP address (except the host id or the last 3 digits of an IPv4 address) and we may link this information with other information about you. You may provide us with information in various ways on the Service. For example, you provide us with information when you register for an account, upload your resume, log-in via various other services and websites such as Facebook, Google, and LinkedIn, take the various assessments we offer, provide an audio or video clip, tell us your job preferences and geographic preferences and current compensation and compensation expectations or otherwise use the Service. If you choose to integrate your account with a social service, Facebook, Google, or LinkedIn, we may collect your email address, messages, emails, and basic profile information. In case the user is a Talent contributor on the SCIKEY Talent Commerce Platform, we store the financial data, such as bank account details and details of transactions. In case the user is a Talent contributor on the SCIKEY Talent Alignment Platform, we store the inference data in the form of parameters and reports, based on the user responses, when the user opts to appear for the SCIKEY assessment.
Address Book Information from Third-party Applications.
You may choose to connect your SCIKEY.ai account to third party application Gmail, from Google LLC, Facebook and Linkedin. If you do, we will access your contact information from your address book associated with that third party account in order to create a graph of your contacts, to produce graphs of your connections, and to allow you to invite your contacts to use the Service. If any of your contacts use the Service, we will use contact information from your address books to create their connection graphs.
Cookies and Automatically Collected Information.
We obtain information about your physical location, by inference from other information we collect (for example, your IP address indicates the general geographic region from which you are connecting to the Internet).
Third Party Web Beacons and Third Party Buttons.
How we use the information we collect?
We use information we collect on the Service in a variety of ways in providing the Service and operating our business, including the following:
We use the information that we collect on the Service to recommend jobs to you that we believe you would be interested in and potentially qualified for.
We use the information that we collect on the Service to operate, maintain, enhance and provide features of the Service, to respond to comments and questions and otherwise to provide support to users, and to process and deliver rewards in connection with promotions that may be offered from time to time on the Service.
We use the information that we collect on the Service to understand and analyze the usage trends and preferences of our users, to improve the Service, and to develop new products, services, feature, and functionality.
Using SCIKEY’s applications or third party platforms, we may use your email address, cellular phone number or other information we collect to contact you for administrative purposes such as notifying you of matching jobs, in order to update you on the status of your job applications and for other purposes such as customer service reasons or to send communications, including updates on promotions and events, relating to products and services offered by us and by third parties. By agreeing to these terms & conditions, you agree and consent to receive all communications at the mobile number provided, if you are an India user, even if this mobile number is registered under DND/NCPR list under TRAI regulations. And for that purpose, you further authorize Company to share/disclose the information to any third party service provider or any affiliates, group companies, their authorized agents or third party service providers.
When We Disclose Information.
Except as described in this Policy, we will not disclose information about you that we collect on the Service to third parties without your consent. When you apply for a job that we have recommended to you, you are giving us your consent to share information with the company that has the job in question. We may disclose information to third parties if you consent to us for doing so, as well as in the following circumstances:
Any information that you voluntarily choose to include in a publicly accessible area of the Service will be available to anyone who has access to that content. Example: If you create a public Fresume (A digital version of your resume), the information on this page, would be accessable to anyone visiting the url of your public fresume.
If you have elected to make your profile searchable by potential employers.
With your permission, we will disclose your information in connection with providing the Service, including making your resume and work experience, job related skills and derived personality attributes, job preferences, interests, compensation expectations, available to potential employers.
We work with third party service providers to provide website, application development, hosting, maintenance, and other services for us. These third parties may have access to or process information about you as part of providing those services for us. Generally, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information. List of processors is shared below.
We may disclose information about you if required to do so by law or in the good-faith belief that such action is necessary to comply with laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
We also reserve the right to disclose information about you that we believe, in good faith, is appropriate or necessary to: (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available; or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
Information about our users may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
We may make certain aggregated, automatically-collected, or otherwise non-personal information available to third parties for various purposes, including: (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
Accessing your Personally Identifiable Information
If you find that the information on your account is not accurate, complete or up-to-date, please provide us the necessary information to correct it.
At any time, you can contact us at: email@example.com and request to access the personally identifiable information that we keep about you. We will ask you to provide us certain credentials to make sure that you are who you claim to be and to the extent required under the applicable law, will make good-faith efforts to locate your personally identifiable information that you request to access.
If you are eligible for the right of access under the applicable law, you can obtain confirmation from us of whether we are processing personally identifiable information about you, and receive a copy of that data, so that you could verify its accuracy and the lawfulness of its processing.
You may, of course, decline to share certain information with us, in which case we may not be able to provide to you some of the features and functionalities of the Service. You may request the correction, amendment or deletion of your personally identifiable information if it is inaccurate or if you believe that the processing of your personally identifiable information is in violation of the applicable law. This can be done by accessing your account preferences page on the Service or sending email to firstname.lastname@example.org.
If EU data protection laws apply to the processing of your personal data by SCIKEY, then the following terms apply:
For the purposes of the SCIKEY platforms, we are a data processor and our customers are data controllers, or data processors as well. SCIKEY’s data processing addendum, can be availed by emailing us at email@example.com.
Where we process your personal data as a data controller, the processing is based on the following lawful grounds:
All processing of your personal data which are not based on the lawful grounds indicated below, are based on your consent.
We process your account and payment details to perform the contract with you.
We will process your personal data to comply with a legal obligation and to protect your and others’ vital interests.
We will further rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
Communications with you, including direct marketing where you are our client or a user of our client, or where you make contact with us through our website and other digital assets.
Support, customer relations, service operations
Enhancements and improvements to yours and other users’ experience with our services.
Fraud detection and misuse of the Service.
In addition to your rights under other sections in this policy, you have the following rights:
AT ANY TIME, CONTACT US IF YOU WANT TO WITHDRAW YOUR CONSENT TO THE PROCESSING OF YOUR PERSONAL DATA. EXERCISING THIS RIGHT WILL NOT AFFECT THE LAWFULNESS OF PROCESSING BASED ON CONSENT BEFORE ITS WITHDRAWAL.
Request to delete or restrict access to your personal data. We will review your request and use our judgment, pursuant to the provisions of the applicable law, to reach a decision about your request.
If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you may request to be informed that third parties that hold your personal data, in accordance with this policy, will act accordingly.
You may ask to transfer your personal data in accordance with your right to data portability.
You may object to the processing of your personal data for direct marketing purposes. Additional information about this right is available under the Choice section in this policy.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.
You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the GDPR.
A summary and further details about your rights under EU data protection laws, is available on the EU Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.
Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request.
If we need to delete your personal data following your request, it will take some time until we completely delete residual copies of your personal data from our active servers and from our backup systems. When you delete your account, we will delete your personal information part of backup data, within a maximum period of 30 days, from the day of request.
If you have any concerns about the way we process your personal data, you are welcome to contact our privacy team at: firstname.lastname@example.org. We will look into your inquiry and make good-faith efforts to respond promptly.
We retain different types of personally identifiable information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements under the applicable law.
For example, we will need to keep the information about the payment transactions that you made for several years due to tax related requirements, for accounts settling, record keeping, archiving and legal issues.
We will maintain your contact details, to help us stay in contact with you. At any time before or after the termination of your account, you can contact our privacy team at: email@example.com and request to delete your contact details. Note that we may keep your details without using them unless necessary, and for the necessary period of time, for legal requirements and proceedings.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
In any case, as long as you use the Service, we will keep information about you, unless the law requires us to delete it, or if we decide to remove it at our discretion, according to the terms of this policy.
When you request to delete your data or make changes in your profile, changes you make will be reflected in active user databases within a reasonable period of time, we may retain all information you submit as part of our 30 day backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
Sharing user information with others
With Third-party services
The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We have data processing agreements with the processors; we share your data with.
The following are the processors of data:
Name of Other Processor
Type of Services
Google LLC (Google Docs)
Google LLC (Google Analytics)
Email validation service
To the authorities
We will need to disclose personally identifiable information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Aggregated and analytical information
We use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies and they use their own cookies to provide their service (for further information about cookies, please see the ‘Cookies’ section in this policy).
We use the standard analytics tools of Google Analytics and we will use additional or other analytics tools, from time to time, to learn about how you and other users use the Service, in support of our Service-related activities and operations.
We use anonymous, statistical or aggregated information and will share it with our partners for legitimate business purposes. It has no effect on your privacy because there is no reasonable way to extract data from the aggregated information that we or others can associate specifically to you.
We will share your personally identifiable information only subject to the terms of this policy, or subject to your prior consent.
At any time, you can unsubscribe our mailing lists or newsletters, by following the instructions contained within the email. You may also opt out from receiving commercial email from us by sending your request to us by email at firstname.lastname@example.org or by writing to us at the address given at the end of this policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Service. If you connect your SCIKEY.ai account to your Gmail account, you can modify your preferences for the Google services by visiting https://myaccount.google.com/security. Please be aware that if you opt out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to thirty business days for us to process your request, and you may continue receiving promotional communications from us during that period. Additionally, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service. At any time you can stop using the SCIKEY website. Termination of your SCIKEY Service account is subject to the terms of your subscription agreement with us.
Note that if one of our users uploaded content to our Service with your personally identifiable information , then you can contact us with the request to remove your personally identifiable information.
At any time, you can exercise your following opt-out options:
object to the disclosure of your personally identifiable information to a third party, other than to third parties who act as our agents to perform tasks on our behalf and under our instructions; or,
object to the use of your personally identifiable information for a purpose that is materially different from the purposes for which we originally collected such information, pursuant to this policy, or you subsequently authorized such use.
You can exercise your choice by contacting us at: email@example.com
We request and collect minimal personally identifiable information that we need for the purposes that we describe in this policy. Following the termination or expiration of the Service, we will stop collecting any personally identifiable information from or about you.
However, we will store and continue using or making available your personally identifiable information according with our data retention section in this policy.
Protecting the privacy of young children is especially important. Our Site is a general audience site not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13 without obtaining parental consent.
We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of information that we collect and maintain.
Data security training
To increase awareness about security we ensure that we conduct regular Information Security training through email and awareness workshops. This covers the best security practices like good password habits, data security & physical security. Apart from this, there’s also a yearly training for all the employees, based on a pre-defined schedule.
It’s mandatory that all the employees go through a security check before being offered a position at SCIKEY.
Special care is taken to monitor any change to the hardware, applications or configurations to make sure to minimize the impact of change-related incidents upon service quality and day to day operations.
To prevent unauthorized access, SCIKEY supports 2FA Authentication. To access some parts of the SCIKEY accounts, apart from a user name and password, users also require a phone number verification.
All SCIKEY developers follow certain security guidelines to make sure the products we create are secure in design, during development and after deployment.
SCIKEY regularly conducts external vulnerability assessments and penetration testing exercises, in collaboration with well-known cyber security partners.
All the Personal Identifiable Information in SCIKEY systems is encrypted using AES 128 standards. In order to protect the data in transit, we encrypt the network traffic by supporting TLS 1.2.
Cloud & Network Infrastructure Security
Asset Management encompasses planning, demand, acquisitions, usage, maintenance, and disposal of information assets in order to achieve efficient and effective service delivery.
Network Traffic is automatically re-routed to backup networks in case of any failure. This help in preventing any downtimes in cases of network failure or traffic surge.
SCIKEY employs robust access controls to limit access to infrastructure. Any access to our infrastructure is logged and we restrict any direct access to the production infrastructure. Access to infrastructure components go through a strong process and the access is routed via a bastion host to prevent any attack from the public internet.
Our data centers are spread across various locations in India and the United States. All the network data is regularly monitored for speed, packet drops, and Quality of Service in order to ensure safety & performance.
All of our systems use firewalls to safeguard the control access between a trusted network and a less trusted network. It helps to avoid any internal or external risks.
Our employees use industry-standard authentication systems for secure user and code access. The secret tokens are stored using standard encryption methods. Only authorized personnel are allowed to access the VMs using secure SSH connections.
Monitoring & Vulnerability
All critical incidents are monitored by our team and can be reported 24/7 on our website and through email at firstname.lastname@example.org.
Audit Logging and Monitoring
Most of computing resources not limited to server, desktops, laptops, network devices are monitored to ensure conformity to logical access policies and procedures. This is essential to determine the effectiveness of the measures adopted.
Regular backups are performed for all data for customers across the globe.
IT Disaster Recovery Planning involves planning for the recovery of critical IT systems and services in a fallback situation following a disaster that overwhelms the resilience arrangements.
Data Center Security
SCIKEY utilizes azure data centers for hosting services. Azure provides enterprise encryption and security. They also make sure to continuously monitor their cloud infrastructure for suspicious activity.
To know more about the physical security at Azure you can visit – https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security
The Service is hosted in India and the United States and is intended for visitors located across the world. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from Indian law, then please note that you are transferring your personal information outside of those regions to India and the United States for storage and processing. In addition, we may transfer your data from India and the U.S. to other processors that might be operating in other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. By providing any information, including personal information, on or to the Service, you consent to such transfer, storage, and processing.
Changes and Updates to this Policy.
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify this Policy, we will make it available through the Service, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change via email or our website. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of this Policy.
Please contact us with any questions or comments about this Policy, information we have collected or otherwise obtained about you, our use and disclosure practices, or your consent choices by email at email@example.com
SCIKEY (Venture of SRKay Consulting Group)
805-806, B Block, ICC Trade Towers,
Senapati Bapat Road, Pune 411016,
SCIKEY (Venture of SRKay Consulting Oy)
Last updated: 30th December, 2019.