Information clause concerning the processing of personal data for persons contacting On the Spot Development LTD.
Pursuant to Article 13(1) and 13(2) of Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1) (hereinafter referred to as “GDPR”) we inform that:
1. Data Controller The controller of personal data is On the Spot Development LTD, with its registered office at 12a Montpellier Parade, Harrogate, HG1 2TJ, UK, listed in the Companies House register under Company Number 10255271 (hereinafter referred to as the "Controller").
The Controller can be reached by sending an email to: legal@onthespotdev.com, or by traditional mail at the address of the Controller’s seat stated above.
2. Data Protection Officer The contact person in all matters related to the protection of personal data and your rights is the Data Protection Officer. You can contact the Data Protection Officer by sending an e-mail to legal@onthespotdev.com or by traditional mail at the address of the Controller’s seat stated above with a note saying “c/o the Data Protection Officer.”
3. Purposes and ground for processing personal data Your personal data, including your name, surname, email address, and phone number, may be processed for the following purposes:
Recruitment Services
Purpose: To facilitate your engagement with proper persons of the company by matching your profile to suitable roles and positions. Legal Basis: Processing is necessary for the performance of a contract or to take steps prior to entering into a contract, as per Article 6(1)(b) of the GDPR.
Client Projects and Assignments
Purpose: To enable your participation in specific projects and assignments carried out by the clients of the company. Legal Basis: Processing is based on the legitimate interests of the company and its clients to fulfill contractual obligations, in accordance with Article 6(1)(f) of the GDPR.
Communication and Coordination
Purpose: To maintain effective communication between you, the company, and the client, including project updates, meeting arrangements, and task management. Legal Basis: Processing is required for the legitimate interests of ensuring efficient workflow and coordination, as per Article 6(1)(f) of the GDPR.
Compliance with Legal Obligations
Purpose: To comply with applicable legal and regulatory requirements, including tax and labor laws. Legal Basis: Processing is necessary for compliance with a legal obligation, as outlined in Article 6(1)(c) of the GDPR.
Internal Administration and Performance Monitoring
Purpose: To support administrative tasks, such as timesheet management, invoicing, and tracking project outcomes. Legal Basis: Processing is based on the legitimate interests of optimizing operational efficiency and ensuring quality assurance, pursuant to Article 6(1)(f) of the GDPR.
Emergency and Safety Procedures
Purpose: To ensure your safety and well-being in case of emergencies or other urgent situations. Legal Basis: Processing is necessary to protect your vital interests, as per Article 6(1)(d) of the GDPR.
Organization of IT Conferences
Purpose: To send you information and updates about upcoming IT conferences and related events organized or supported by the company. Legal Basis: Processing is based on your consent, provided in accordance with Article 6(1)(a) of the GDPR, or on the company’s legitimate interest in promoting relevant professional events as per Article 6(1)(f) of the GDPR.
If additional personal data is collected or processed for other purposes, you will be provided with further information and, where required, asked for consent.
In the case of consent your personal data will be processed to:
Provide you with personalized offers, newsletters, and promotional materials.
Inform you about additional opportunities, products, or services that may be of interest.
Collect feedback and conduct surveys to improve the quality of services.
Share information about professional development programs, training sessions, and industry events.
Legal Basis: Processing is based on your explicit consent, given in accordance with Article 6(1)(a) of the GDPR.
4. Data recipients The recipients of your personal data are entities to which the Controller entrusted activities that involve the need for data processing, especially as regards managing electronic mail, administrative services, legal services or consulting, and provision of technical equipment. The recipients of your personal data may also be entities or authorities that have the right to receive your data, but only in justified cases and in compliance with applicable provisions of law.
Use of Contractors and Third-Party Services The company engages various contractors and third-party service providers to support its operations and ensure the efficient delivery of services. These third-party entities are carefully selected and are required to comply with the General Data Protection Regulation (GDPR) to ensure the lawful, secure, and ethical processing of your personal data.
Types of Third-Party Services Utilized
Recruitment and Employment Services: External platforms or agencies may assist in sourcing candidates and matching profiles with suitable roles.
IT Infrastructure and Cloud Services: Providers offering secure data storage, project management tools, and communication platforms.
Payment Processing and Accounting: Services that facilitate payroll, invoicing, and financial management.
Event Management: Companies that support the organization and promotion of IT conferences and other professional events.
Marketing and Communication Tools: Systems used to send newsletters, promotional materials, or updates about opportunities and events.
GDPR Compliance Measures
Data Processing Agreements (DPA): All contractors and service providers are required to sign agreements ensuring that personal data is processed in compliance with GDPR standards.
Data Security: Third parties must implement robust technical and organizational measures to safeguard personal data against unauthorized access, loss, or disclosure.
Restricted Access: Personal data is shared only to the extent necessary to perform the contracted services and is subject to strict confidentiality obligations.
Location of Processing: Preference is given to third-party providers located within the European Economic Area (EEA). If data is processed outside the EEA, appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other GDPR-approved mechanisms, are implemented.
5. The time for which personal data are stored Your personal data will be stored and processed until you submit a request: their deletion, restriction of processing, objection to their processing or transfer, or as long as On the Spot Development LTD. will perform its tasks in the field of IT services. Where the basis for processing is consent until it is withdrawn. The data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of the processing that was made on the basis of consent before its withdrawal. In the case of processing for the purpose of pursuing or defending against claims - the data will be processed until the claims expire in accordance with the generally applicable provisions of UK and EU law.
If the basis for processing is a legitimate interest - the data will be processed until an objection is submitted.
Until the expiry of the obligation to store personal data resulting from the generally applicable provisions of UK and EU law, in particular in connection with the Act of July 14, 1983 on national archival resources and archives.
6. Rights of data subjects Due to the processing of personal data, a data subject has the right to access data, right to rectify data, right to erase data, right to restrict the processing of data, right to object to the processing of data, right to transfer data, and the right to file a complaint with the Chairman of the Personal Data Protection Office. You are entitled to these rights in the scope provided for in generally applicable provisions of law, in particular provisions of the GDPR.
In addition, pursuant to Article 21 of the GDPR, with respect to processing which takes place pursuant to Article 6(1)(f), data subjects are also entitled to object to processing performed by the Controller in this respect.
7. Information about required/voluntary submission of data Providing personal data and granting consent for their processing is voluntary, but required to answer your inquiry.