Skip to main content

Processing of (personal) data by the entity in charge of the online application process

 

PRIVACY POLICY 

Last update: 01/02/2023

UNDO Studios SA, Via F. Pelli 13, 6900 Lugano, Switzerland (the "Company"), collects Personal Data (as defined below) in compliance with the applicable law and regulations, in particular the Swiss Federal Act on Data Protection ("FADP") as well as the General Data Protection Regulation (EU/2016/679) ("GDPR") (together "Data Protection Law").

Pursuant to the Data Protection Law, the following capital terms shall have the meaning indicated here below:

"Personal Data" means any information relating to an identified or identifiable natural or legal person;

"Processing" means any operation or set of operations, performed whether or not by automated means which are applied to Personal Data or sets of Personal Data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

This privacy policy applies to the extent that the Companies collect and/or process personal data in the capacity of a data controller and use the collected data in the capacity of a data processor.

1. What personal information we collect

We collect different information depending on how you use the site and how you interact with us.

The Company collects personal data on different ways:

a) via the game site we may collect data which include:

  • Technical data, such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the site;
  • Usage data, which includes information about how you use the site, and any communications we may receive from you;
  • Marketing and communications data, including your preferences in receiving marketing and other communications from us.

b) via the user managing portal we ask you to provide data which include:

  • Identity information, such as name, date of birth, gender.
  • Contact data, such as phone and email.

Our site is not intended for storing or 'special categories' of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information.

2. How we collect personal data

Different personal data are collected in different ways.

a) Personal data you provide to us:

  • When you complete the user managing portal, you will provide us with the information required. This data are collected via direct solicitation;
  • You will also provide us with personal data when you correspond with us, and if you apply for a position with the firm;
  • If you play a game and you are eligible to win a prize, you might be asked for personal data to claim the challenge rewards. We treat any information you send to us as strictly private and confidential and will only use it in order to give/send you the prizes;
  • When you sign up to one of our mailing lists, you will provide us with your contact information and your marketing preferences.

b) Personal data we collect automatically

  • As you use the site, we will collect certain technical data including your browser type, the Internet Protocol (IP) address used to connect your computer to the internet, and your usage habits, patterns and preferences. We collect this data using cookies, beacons and similar technologies. We use Google Analytics to help us analyse user habits while visiting our site. The data gathered from cookies may be transmitted to Google servers in the European Union and Switzerland. The information will be used by Google only for the purpose of evaluating website use, creating website activity reports, and other services relating to website activity and internet usage on behalf of the Companies. The IP address that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google.

We use the following cookies:
Cookie name                                 What it is used for
Google Analytics, Firebase        Website analytics and visitor tracking
Cloudfare                                        Website security and access control

You can remove cookies from your computer through the settings on your browser, but be aware that this may impact your ability to make use of some features on this and other websites. Management of cookie settings varies from one browser to another.

3. How and why we use personal data

We will only use your information where:

a) You have given us permission to do so

  • If you sign up to our mailing lists, we will use the personal data in the management of our relationship with you and for communication purposes, including to send you newsletters and invitations to events, training programs or lectures, and to maintain our list of contacts;
  • If you apply for a position with the Companies, we treat any information you send to us as strictly private and confidential and will only use it in relation to the applications you have submitted;
  • If you play a game and you are eligible to win a prize, you might be asked for personal data to claim the challenge rewards. We treat any information you send to us as strictly private and confidential and will only use it in order to give/send you the prizes.

b) We have a legitimate interest (reasonable business purpose) for doing so

  • We will use your information for our legitimate business reasons where our doing so will not unduly affect your rights;
  • We will use your identity, contact and usage information to keep our records up to date;
  • We will use your technical information to:

- provide and make improvements to the site, system maintenance, support, reporting and hosting of data, and troubleshooting;
- ensure that the site is secure;
- analyse how users interact with the site; and
- address any issues you may experience with the site.

  • We may also use any or all of the information above to administer and manage our business in general. If you feel that your interests and fundamental rights outweigh our business purposes, and that we should therefore stop processing your data, please let us know.

c) We need to comply with a legal or regulatory obligation

  • In certain circumstances, we may need to retain or use your data to comply with regulations and/or the law.
  • We will only retain this data for as long as is necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory or internal policy requirements.

4. How we share your personal data

We will only disclose your personal data where we are required to do so to comply with our legal or regulatory obligations; where we need to do so for business management or administration purposes; or because you have asked us to. This is likely to include:

  • within the Company;
  • to third parties who process your personal data on our behalf (such as IT systems providers and other service providers) or on behalf of the party which organized on our platform an event or a challenge in which you participated by winning a price (e.g. sending the price you won to your domicile);
  • to third parties who process your personal data on their own behalf but in connection with a service provided to us or you on our behalf (such as accountants, consultants, barristers and other providers of professional services, and in the case of disputes, with the Court or alternative dispute resolution providers);
  • to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation.

5. International transfers of personal data

Should we transfer your data outside Switzerland or the European economic Area to a country which Switzerland or the European Commission does not deem to have adequate data privacy laws, we will ensure that such transfer(s) are in accordance with applicable data privacy laws.

6. How we protect your personal data

The safety of your personal data is important to us, and we use various technical and organization measures to ensure that your data are secure.

We are committed to safeguarding and protecting personal data and maintain appropriate technical and organizational measures to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure. We also have in place safeguards including data encryption in motion and at rest, data access and security monitoring, and 24/7 network security monitoring for breaches or anomalous behavior to ensure the security of your data.

7. What are the measures we take when privacy breach is detected?

We take several urgent steps when a data breach is detected: the first is to record the date and time of detection as well as all information known about the incident at the moment.
The person who discovered the breach immediately reports to those responsible within the organization.
Security officers also restrict access to breached information to prevent the further spreading of leaked data.

Then, we proceed with the following 10 steps:

1. Document the date and time the data breach was discovered

2. Notify the response team

3. Isolate the location of the data breach

4. Stop additional data loss

5. Gather all possible data about the breach

6. Interview the people who discovered the breach

7. Perform a risk assessment

8. Document the investigation of the breach

9. Begin an in-depth investigation

10. Notify regulators and affected parties

8. Data subject rights

Under Data Protection Law, data subjects have a number of rights with regard to their personal data. They have the right to request from us access to and rectification or erasure of their personal data, the right to restrict or object to processing, as well as in certain circumstances the right to data portability.

If a data subject has provided consent for the processing of their data, he or she has the right (in certain circumstances) to withdraw that consent at any time.

Any data subject wishing to exercise any of the above rights should email us at: info@thenemesis.io.

We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests. We also reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning access to personal data, and for any additional copies of the personal data requested from us.

9. Data Controller and representative in the European Union

The Data Controller is UNDO Studios SA - Lugano.

The representative within the union is UNDO Studios IT Srl - Milano.

10. AR TrueDepth APIs & Face recognition

We use TrueDepth APIs to recognize the user's face through face tracking and place a sticker on the face. The information is not saved or used by us or third parties, the only result is a photo or video that the user can save in his personal roll or share.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.