Privacy policy
Privacy policy1. GeneralPinto Consulting GmbH (also referred to as “Pinto”, “we” and “us”) recognises the importance of the privacy of our experts, individuals others (e.g. donors, beneficiaries, consultancy organisations, suppliers, etc.) with whom we are in contact with (e.g. website visitors, prospective clients, potential experts, etc.). The processing of personal data takes into consideration the data protection regulations such as the General Data Protection Regulation (GDPR).2. What kind of personal information do we collect?Depending on the circumstances we may collect the type of information listed below.2.1. Data from ExpertsNameAge/date of birthSex/genderPhotographMarital statusContact detailsEducation detailsEmployment historyEmergency contacts and details of any dependantsReferee detailsNationality/citizenship/place of birthA copy of passport/identity cardFinancial information (where we need to carry out financial background checks)Social security number (or equivalent) and any other tax-related informationDetails of any criminal convictions if this is required for a role that you are interested in applying forDetails about current remuneration, pensions and benefits arrangementsInformation on interests and needs regarding future employmentOther information that they choose to tell usOther information that referees choose to tell us about expertsOther information that our clients may tell us about experts, or available via third-party sources such as job sitesPlease note that the above list of categories of personal data we may collect is not exhaustive.2.2. Data from individuals working in organisations (donors, beneficiaries, consultancy organisations, suppliers)NamePositionTelephone numberEmail addressContact historyProject history / references2.3. Data from Website visitorsWe collect a limited amount of data from our website visitors which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, your browser type, the location you view our website from, the language you choose to view it in and the times that our website is most popular.Please review our cookies policy, section 11 (“Cookies policy”), to learn more. If you contact us via the website, for example by using the contact form, we will collect all information that you provide to us, for example, your name and contact details.2.4. Data from Prospective clients and potential expertsNamePositionTelephone numberEmail address3. How do we collect your personal data?We collect expert personal data in three primary ways:3.1. Personal data that experts provide to usThese may include:Entering your details on the Pinto website or via an application form, as part of the registration process;Leaving a hard copy CV at Pinto’s officeEmailing your CV to a Pinto consultant or being interviewed by themApplying for jobs through a job aggregator, which then redirects you to Pinto’s website3.2. Personal data that we receive from other sourcesWe also receive personal data about experts from other sources. Depending on the relevant circumstances and applicable local laws and requirements, these may include personal data received in the following situations:Your referees may disclose personal information about youOur clients may share personal information about you with usWe may obtain information about you from searching for potential experts from third-party sources, such as LinkedIn and other job sitesIf you ‘like’ our page on LinkedIn or similar social media or ‘follow’ us we will receive your personal information from those sites3.3. Personal data that we collect automaticallyTo the extent that you access our website we may also collect your data automatically or through you providing it to us. For more information please review section 2.3 (“Data from website visitors”).Data may be provided by clients and experts directly, however, we may also collect it via third-party platforms such as LinkedIn, Developmentaid.org, etc. Client and expert must provide written consent to any further data collected by Pinto before it can make any use of it.When you visit our website, we may automatically collect certain information, whether or not you decide to use our services. This includes your IP address (anonymous), the date and the times and frequency with which you access the website and the way you browse its content. We also collect data from you when you contact us via the website, for example by using the contact form.You have the choice to opt out of your data being stored when using the contact form, however, the reason we store data is to keep track of contact requests. Moreover, emails are not always 100% reliable as there are multiple points at which an email could be blocked or at which delivery fails.We collect your data automatically via cookies, in line with cookie settings in your browser. If you are also a candidate or client of Pinto, we may use data from your use of our websites to enhance other aspects of our communications with or service to you. If you would like to find out more about cookies, including how we use them and what choices are available to you, please review section 11. (“Cookies Policy”).4. Why and how do we use the data collected?4.1. Data from expertsWe generally use data from experts in four ways:a) Recruitment ActivitiesOur intention is to find relevant experts to be proposed and contracted on tenders or awarded projects, with the expert’s prior consent. We’ve listed below various ways in which we may use and process your personal data for this purpose. Please note that this list is not exhaustive.Collecting your data from you and other sources, such as LinkedIn;Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to recruitment;Providing you with our recruitment services and to facilitate the recruitment process;Assessing data about you against vacancies which we think may be suitable for you;Sending your information to clients to apply for projects or to assess your eligibility for job opportunities;Enabling you to submit your CV and apply online for jobs or to subscribe to alerts about projects we think may be of interest to you;Carrying out our obligations arising from any contracts entered into between us;Carrying out our obligations arising from any contracts entered into between Pinto and third parties in relation to your recruitment;Facilitating our payroll and invoicing processes;Carrying out satisfaction surveys;Verifying information you have provided, using third party resources, or to request information (such as references, qualifications and potentially any criminal convictions, to the extent that this is appropriate and in accordance with local laws);Complying with our legal obligations in connection with the detection of crime or the collection of taxes or duties; andProcessing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.We may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests. If you want to know more about what this means, please review section 12.1 (“Legitimate interests”). If you do not agree to this, in certain circumstances you have the right to object and can find out more about how and when to do this in section 8.1 (“Right to object”)b) Marketing activitiesWe may periodically send you information that we think you may find interesting, or to ask for your help with connecting other candidates with jobs. We may wish to use your data for the purposes listed below, where appropriate and in accordance with any local laws and requirements. Please note that this list is not exhaustive.To enable us to develop and market other products and services;To display promotional excerpts from your details on Pinto’s website(s) as a success story (where we have obtained your express consent to do so).We need your consent for some aspects of these activities which are not covered by our legitimate interests (such as the collection of data via cookies, and the delivery of direct marketing to you through digital channels) and, depending on the situation, we’ll ask for this via an opt-in or soft-opt-in. Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example by submitting a job application or CV, or registering a vacancy to be filled), and we are marketing other recruitment-related services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most people, this is beneficial as it allows us to suggest other jobs to you alongside the specific one you applied for, significantly increasing the likelihood of us finding you a new position.If you do not agree with our marketing approach, you have the right to withdraw your consent at any time and can find out more about how to do so in section 8.2 (“Right to withdraw consent”). Even if you have opted out from our marketing communications through our preference centre, it is possible that your details may be recaptured through public sources in an unconnected marketing campaign. We will try to make sure this doesn’t happen, but if it does, we’re sorry. We’d just ask that in those circumstances you opt out again.c) To help us to establish, exercise or defend legal claimsIn more unusual circumstances, we may use your personal data to help us to establish, exercise or defend legal claims.d) ProfilingAlthough at present all our recruitment activities involve human-decision making during the process, we may in the future use fully automated technologies such as expert systems or machine learning to complete a candidate selection process from end-to-end, where appropriate and in accordance with any local laws and requirements.Where appropriate, we will seek your consent to carry out these activities. If you do not provide consent to profiling, your application will continue to be reviewed manually for opportunities you apply for, but your profile will not be automatically considered for alternative roles.You have the right to withdraw that consent at any time and can find out more about how to do so in section 8.2 (“Right to withdraw consent”).4.2. People whose data we receive from experts and staff, such as referees and emergency contactsWe will only use the information that our expert gives us about you for the following purposes:If our experts or staff members put you down on our form as an emergency contact, we’ll contact you in the case of an accident or emergency affecting them;If you were put down by our experts or a prospective member of staff as a referee, we will contact you to take up a reference. This is an important part of our experts’ quality assurance process and could be the difference between the individual getting a job or not;If you were put down by our experts or a prospective member of staff as a referee, we may sometimes use your details to contact you in relation to recruitment activities that we think may be of interest to you, in which case we will use your data for the same purposes for which we use the data of clients;We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests. If you would like to find out more about what this means, please review section 12.1 (“Legitimate interests”).4.3. Data of individuals that work in organisationsWe use your data to contact you for cooperation opportunities or running projects.4.4. Website visitorsWe use your data to help us to improve your experience of using our website. If you would like to find out more about cookies, including how we use them and what choices are available to you, please review section 11 (“Cookies policy”).5. Who do we share your personal data with?Where appropriate, we may share your personal data, in various ways and for various reasons, with the following categories of people:Any of our group companies (e.g. Pinto Luvent GmbH, which performs consultancy services);Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;Tax, audit, or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);Third party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;In the case of experts: potential clients, and other recruitment agencies/organisations to increase your chances of finding employment opportunity; consortium partners for specific projects and third parties who we have retained to provide services such as reference, qualification and criminal convictions checks, to the extent that these checks are appropriate and in accordance with local laws;If Pinto merges with, creates a joint venture or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.The information you provide may be transferred outside your country to another country that does not have similar data protection legislation and may provide a lower level of protection for your information. By providing us with your information you consent such transfers.If you do not agree and would like to withdraw consent, please review section 8.2 (“Right to withdraw consent”).6. How do we protect your personal data?We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. We use HTTP Secure (HTTPS) for secure communication on our website. In HTTPS the communication protocol is encrypted using Transport Layer Security (TLS).If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately. Details of how to contact us can be found in section 15. (“Reasons and how to contact us”).7. How long do we keep your personal data for?Pinto does not keep personal data for longer than is necessary for the purposes for which it was collected and processed. You are able to request deletion of all your data at any time, review section 15 (“Reasons and how to contact us”) to gain information on how best to contact us.8. How can you access, amend or take back the personal data that you have given to us?The main objective of GDPR and similar is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.To get in touch about these rights, please contact us. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.8.1. Right to objectThis right enables you to object to us processing your personal data where we do so for one of the following four reasons: i) our legitimate interests; ii) to enable us to perform a task in the public interest or exercise official authority; iii) to send you direct marketing materials; and iv) for scientific, historical, research or statistical purposes.The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply to our experts, website users, clients and other individuals in contact with us. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:We can show that we have compelling legitimate grounds for processing which overrides your interests;We are processing your data for the establishment, exercise or defence of a legal claim.If your objection relates to direct marketing, we must act on your objection by ceasing this activity.8.2. Right to withdraw consentWhere we have obtained your consent to process your personal data for certain activities, you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to, unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.8.3. Data Subject Access Requests (DSAR)You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons for doing so.8.4. Right to erasureYou have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:The data are no longer necessary for the purpose for which we originally collected and/or processed them;Where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;The data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);It is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller;If we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.We would only be entitled to refuse to comply with your request for one of the following reasons:To exercise the right of freedom of expression and information;To comply with legal obligations or for the performance of a public interest task or exercise of official authority;For public health reasons in the public interest;For archival, research or statistical purposes;To exercise or defend a legal claim.When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.8.5. Right to restrict processingYou have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until: i) one of the circumstances listed below is resolved; ii) you consent; iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest.The circumstances in which you are entitled to request that we restrict the processing of your personal data are:Where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;Where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;Where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; andWhere we have no further need to process your personal data but you require the data to establish, exercise or defend legal claims.If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves a disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.8.6. Right to rectificationYou also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves a disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.8.7. Right to lodge a complaint with a supervisory authorityYou also have the right to lodge a complaint with your local supervisory authority. If you would like to exercise any of these rights or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), details of how to contact us can be found in section 15. (“Reasons and how to contact us”). Please note that we may keep a record of your communications to help us resolve any issues which you raise. You may ask to unsubscribe from job alerts at any time. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.9. Who is responsible for processing your personal data on Pinto’s website?Our Stelle office is responsible for processing your personal data:Pinto Consulting GmbHGeusbleek 721435 StelleGermany10. How do we store and transfer your data internationally?In order to provide you with the best service and to carry out the purposes described in this Privacy Policy, your data may be transferred:Between and within Pinto entities;To overseas clients;To clients within your country who may, in turn, transfer your data internationally;To a cloud-based storage provider;To other third parties, as referred to in section 5. (“Who do we share your personal data with?”)We want to make sure that your data are stored and transferred in a way which is secure.To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.11. Cookies policyCookies denote very small files that are written from a website onto the visitor’s computer. They cannot be used to read other data on the computer. Websites use cookies to restore previous user settings and trace the history of visitor inquiries.Pinto Consulting GmbH uses cookies to understand the needs of our website visitor and enhance the structure and the content of our website in the best possible way. The information is also used to further improve the navigation structure of www.pintoconsulting.de and design it in a more user-friendly way.It is possible that additional cookies may be placed by various other providers whose additional services are offered on our website. We have no influence on these providers and do not make use of their cookies for our own purposes.By default, all cookies are accepted by any Internet browser. You can instruct the browser, however, to not accept cookies or to delete them automatically after each Internet session. Please refer to the appropriate instructions on the support pages of your browser manufacturer. You can also deactivate cookies of different advertising providers via the following website: YourOnlineChoices (http://www.youronlinechoices.com/uk/your-ad-choices)11.1. LinkedInWe use the LinkedIn icon to provide a link to our companies profile. No data will be collected in any way. Visit https://www.linkedin.com/legal/privacy-policy for more information.11.2. XingWe use the Xing icon to provide a link to our companies profile. No data will be collected in any way. Visit https://privacy.xing.com/en/privacy-policy for more information.11.3. FacebookWe use the Facebook icon to provide a link to our companies profile. No data will be collected in any way. Visit https://www.facebook.com/policy.php for more information.11.4. Google AnalyticsThe website of Pinto Consulting GmbH uses Google Analytics for web analyses. By the use of this analysis service, cookies are stored on your computer as well.Google will possibly pass this information on to third parties where this is required by law or where third parties process the data on behalf of Google. More information about Google Analytics can be found online at http://www.google.com/analytics/terms/gb.html.Pinto Consulting GmbH uses the functions of Google Analytics to analyse site usage, e.g. in the form of anonymous evaluations and graphics on page views and visits, as well as for remarketing, reports on impressions in the Google Display Network, integration of DoubleClick Campaign Manager and Google Analytics reports on performance according to demographics and interests.By using this site you consent to the processing of data gathered about you by Google in the manner and for the aforementioned purposes described above.You can completely stop the tracking by Google Analytics by clicking here: Disallow Google Analytics to track me. For this objection to be undertaken permanently, your browser must accept cookies. Alternatively, you can object to the data collected through the use of a Google Browser-Plugin (https://tools.google.com/dlpage/gaoptout?hl=en-GB)12. Our legal bases for processing your data12.1. Legitimate interestsArticle 6(1)(f) of the GDPR says that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”We believe that our activities do not prejudice individuals but rather help us to offer you a more tailored, efficient service. However, you have the right to object to us processing your personal data on this basis. If you would like to know more about how to do so, please review section 8.1. (“Right to Object”).12.2. Expert DataWe believe that it is reasonable to expect that if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you agree that we collect and use your personal data to offer or provide our recruitment services to you, share that information with prospective clients and assess your expertise against our opportunities. Prospective clients may also want to double check any information you’ve given us or to confirm your references, qualifications and criminal record, to the extent that this is appropriate and in accordance with local laws. We need to do these things so that we can function as a profit-making business, and to help you and other candidates to obtain work opportunities.We want to provide you with tailored job recommendations to help you in finding new job opportunities. We, therefore, think it’s reasonable for us to process your data to make sure that we send you the most appropriate content.We also need to use your data for our internal administrative activities, like invoicing where relevant.We have our own obligations under the law, which it is a legitimate interest of ours. If we believe in good faith that it is necessary, we may, therefore, share your data in connection with crime detection, tax collection or actual or anticipated litigation.12.3. People whose data we receive from candidates and staff, such as referees and emergency contactsIf you have been put down by a candidate as one of their referees, we use your personal data to contact you for a reference. This is a part of our quality assurance procedure and so we deem this to be necessary for our legitimate interests as an organisation offering job opportunities for experts.If a candidate has given us your details as an emergency contact, we will use these details to contact you in the case of an accident or emergency. We are sure you will agree that this is a vital element of our people-orientated organisation, and so is necessary for our legitimate interests.13. ConsentIn certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” This means that:You have to give us your consent freely, without us putting you under any type of pressure;You have to know what you are consenting to – we ensure we give you information, such as through the Privacy Policy;You should have control over which processing activities you consent to – we ensure we give you information, such as through the Privacy Policy;You need to take positive and affirmative action in giving us your consent – we ensure we give you information, such as through the Privacy Policy and the email that you submit your CV with.We will keep records of the consents that you have given in this way.As we have mentioned, you have the right to withdraw your consent to these activities. You can do so at any time, and details of how to do so can be found in section 8.2.14. Establishing, exercising or defending legal claimsSometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.15. Reasons and how to contact usIf you suspect any misuse or loss of or unauthorised access to your personal information, if you want to access, amend or take back the personal data that you have given to us, withdraw your consent to the processing of your personal data (where consent is the legal basis on which we process your personal data) or have any comments or suggestions concerning this Privacy Policy, you can write to us at the following address:Pinto Consulting GmbHGeusbleek 721435 StelleGermanyAlternatively, you can send an email to info@pintoconsulting.de