Privacy notice for Employees
We believe that our employees, just like our customers, deserve a “no shenanigans” approach to their personal data. We want you to understand how we protect your privacy when we obtain personal data from you, how we use that information, what your rights are in this respect and how we safeguard that.
By reading this Privacy Notice, you hereby acknowledge and agree that the personal data you provide to us is supplied at your own free will and will be used in accordance with the purposes described in this Privacy Notice. If you do not understand this Privacy Notice, please do not share your personal data with us.
We reserve the right to change and/or update our Privacy Notice at our discretion and at any time. You will be notified accordingly and in advance about these changes and or updates, which we kindly ask you to read carefully and make sure you understand and agree with.
1. General information
Axilis d.o.o. (hereinafter Axilis) is a company registered for computer and related activities that is providing sports betting solutions for a market-leading operator and acting as part of Superbet Group.
Superbet Group (1) and all affiliates is a betting & gambling organizer, trading under the brand name Superbet and part of the Superbet group of companies. For more info on how Superbetprocess your Personal data kindly please visit the following website XXXXX
Axilis d.o.o. is a Controller of the personal data we process about you.
The term “employee” refers to all employees, directors, officers and Board members ofAxilis.For the purposes of this privacy notice, it also refers to other consultants and individual contractors engaged by Axilis, even though they are not otherwise employees.
(1) Superbet group represents the following group of companies: SUPERBET BETTING&GAMING SA, X GAMING SA, SUPERBET ONLINE SRL, SB MAINTENANCE SRL, REVISTAPARIORILOR SRL, BLUE RADICAL SRL, PREMIUM SLOTS COMPANY SA, ADVANCED RETAIL SYSTEM SA, NEW BETTING GROUP SRL and all other companies who have a common UBO.
2. What personal information we collect?
As used in this Privacy Notice, personal data means any information that can be used to individually identify you, directly or indirectly, alone or along with other information, or contact you online or elsewhere.
The categories and volume of personal data that we collect vary depending on the activities in relation to which the data is collected and include, but are not limited to:
- Identification data – such as your name, gender, photograph, date of birth, employee ID number.
- Contact details – such as home address, telephone, email addresses, and emergency contact details.
- Insurance information – such as information for co-insured persons – name and surname of your wife/husband/children/parents, marital status, their phone number, a copy of their IDs and financial details of the spouse;
- National identifiers and documents - such as your national ID/passport, driving licence, birth certificate, children`s birth certificate, death certificates, marriage certificate, citizenship status, residency and work permit status – one copy from each of the documents will be kept by Axilis (including birth date and birthplace, home address, personal ID, serial number of your ID)
- Background information - such as your academic and professional qualifications, education, CV/Resume, former workplaces, previous employment contracts - one copy will be kept by Axilis
- Employment details – such as your job title/position, office location, employment contract, offer letter, hire date, termination date, performance history and disciplinary records, leave of absence, sick time, and vacation/holiday records.
- Financial information - such as your bank account details and statements, tax information, Fiscal administration certificate, salary, retirement account information, company allowances and other information necessary to administer payroll, taxes and benefits.
- Workplace, Device, Usage, and Content data processed by IT systems of the Group - such as emails sent and received, internet pages, downloaded files, IP address, building and information system access, Axilis device, system and application usage (including telemetry) when accessing and using Axilis corporate buildings and assets according to our Acceptable Use Policy.
- Video surveillance – such as images of yourself resulting from webcam systems monitoring your workplace, to prevent unauthorized access to our offices and to protect employees, authorized visitors, and our property as required by applicable laws.
- Your current location data (company car location through GPS monitoring system);
- Your information during any whistleblowing proceedings;
- Your route to work, for the specific SSM documentation;
- Data from internal administrative matters (e.g. internal investigations, etc.);
- Your signature;
- Timesheets and expenses’ reports;
- Your clothes size (for uniform received by you for free);
We also process sensitive personal data for a variety of reasons and this will vary in ourdifferent jurisdictions:
- Health information – such as, information about short- or long-term disabilities or illnesses that you share with us, information from medical certificates provided by you at hiring, during your employment time, or for your work absences;
Most often, the personal data we collect from employees is collected from them directly. In some cases, we may collect personal data about employees from third parties, for example, when we perform background checks that are necessary for the role to be performed by the employee. In most circumstances, we will get your permission before we collect personal data about you from a third party.
We may also collect certain demographic data that qualifies as sensitive personal data, such as race, ethnicity, sexual orientation, and disability to help us understand the diversity of our workforce. This information, when collected, is generally done so on a voluntary consensual basis, and employees are not required to provide this information, unless it is necessary for us to collect such information to comply with our legal obligations.
3. How we collect your personal information?
We solely collect your personal data with your informed knowledge and when you voluntarily submit it to us.
Collection of data occurs in various ways such as by filling in forms and documents by you or by members of the HR department and, sometimes, by special technologies (cookies, IP address registration, log files, access card use, GPS). For example, personal data collection happens:
- When you are hired and go through the hiring process;
- When you sign the employment contract;
- For the whole duration of the employment relationship with us.
- When we involve you in CodeCadets project
Once collected, we shall at all times ensure that any processing of your personal data is carried out in compliance with applicable laws, with this Privacy Notice and for the purpose for which you submitted your data to us.
4. What we use your personal information for?
By law, we must have a lawful reason for processing your personal information. The data we collect about you will only be used for the purpose for which you submitted it to us, to perform our legal obligations and our legitimate interests in specific circumstances. Such purposes are made clear to you at the point of collection or in this Privacy Notice. Thus, we process your personal data for the following purposes:
- To perform our contractual obligations arising from your employment contract with us or in order to take steps at your request to entering into such contract with you (e.g. to undertake payroll obligations, HR administration, benefits and health services administration, medical labour checking, pension and retirement administration, tax reporting, IT access and equipment, travel expenses, training administration, etc.)
- To comply with various employment laws that govern our business activity (e.g. to comply with Labour and Employment Law, for minimum wage, working time, tax, health and safety, anti-discrimination laws, global migration, fraud legislation, etc.)
- Based on your prior consent for different purposes (e.g. for contests or projects such as CodeCadets, internal usage of Axilis benefits, services and internal applications and tools including business data created by employees and external staff, to measure and improve these products)
- To protect your vital interest or those of another person (e.g.we may need to share your personal data with third parties in the event of an emergency at work)
- In our legitimate interests which we or a third party may have, except when such interests override by your interests or fundamental rights and freedom (e.g. such as general HR administration, our global directory of employees and external staff, general business management and operations, disclosures for auditing and reporting purposes, internal investigations, management of network and information systems security and business operations, provision and improvement of employee services, physical security and to protect the life and safety of employees and others. We may also process your personal data to investigate potential violations of law or breaches of our internal policies.);
Where the information we process is special category data, for example, your health data, the additional bases for processing that we rely on are:
- Your explicit consent (e.g. in the context of disability, etc.)
- To carry out our obligations and exercising our rights in employment and the safeguarding of your fundamental rights.
- To protect your vital interests or those of another person where you are incapable of giving your consent (e.g. medical data during a health or national emergency)
- For the purposes of preventative or occupational medicine and assessing your working capacity as an employee.
Also, we make sure that all our employees which have access to your personal data will process them only according their job responsibilities and in compliance with all laws, regulations or with your consent and these requirements are stated in their labour contract and the undisclosed agreement they signed with Axilis.
5. What happens if you do not provide or allow us to use your personal data?
You can decide at any time not to provide us with the requested personal data. However, if you refuse to share your personal data with us when requested, we may not be able to fulfil our contractual obligations as you employers if the collection and processing of such data is a legal obligation for us (for example, if refuse to provide us with a copy of your identity documentation, we cannot complete employment checks on you).
Your refusal to share your personal information with us in order to benefit from certain services may also limit the services and benefits we may offer you. For example, if you do not give us your consent to sign up for our sports and relaxing programs, you will not be able to receive such benefits.
6. Who do we share your personal data with?
We will never share your personal data with any third party who intends to use it for commercial purposes, unless we have expressly informed you and you have given us explicit permission to do so. In certain circumstances described below, we will share a minimum amount of personal data as follows:
- Data processors authorized and contracted by us to process personal data such as external services’ providers: Banks (_______),_______ (medical services benefit), ______ (sports services supplier),_____ (HR data processing supplier), ________ (optional retirement plan), hotels or buildings administration or travel agencies (for accommodation and transport benefits provided by Axilis), ______ (courier services), partners of our Group to whom we send your data in behalf of the current contract, legal companies or who are offering consultancy to us, other companies/institutions who are requesting information about the local point of contact of our group, power of attorneys in case of some inspections or in relation with the owner of the location where our betting agencies are activating;
- Third companies to whom you separately send your personal data (i.e. create a user account on their website). In these situations, we can fill in the data that they are using by sharing a common identifier, which is not personal data;
- Mobile phone companies/operators, technology providers, analyses’ services suppliers or platforms operators, operating systems or other mobile, electronic devices, or any other application developed for a specific device. By using services provided by the above-mentioned suppliers, it is possible for your personal information regarding your ID and how are you using mobile applications or electronic devices to be shared.
- Opt-Ins/Opt-Outs: Some of our services can have registration options (OPT-IN-express agreement of a customer or e-mail owner, to allow receiving of advertising, direct marketing, information, messages) to receive information from some companies related to commercial partnerships. If you register to receive this communication or you accept to share your personal data with these companies, then our Group will assure you that, before this transfer take place, those companies will safeguard their internal procedures to protect your personal data.
- Our activity or assets’ selling: if we sell SUPERBET Group or a part of it or of its assets, or like a result of a merge or transfer of the business, we can transfer totally or partially your information to a third party, in relation with that transaction only with a prior Privacy Notice notification. After this transfer, the policies and procedures of the new entity will run the use and processing of your information.
- State Authorities: to comply with local laws, we can use or disclose your information, totally or partially, to cooperate or support legal institutions, law enforcement, governmental or regulatory institutions, content protection organizations, or lawsuits in connection with or to prevent suspected or possible fraud (i.e. Tax Authority, Financial Agency...)
- Based on consent in cases where your personal data is transferred to any other third party where you have consented or requested that we do so.
- Also, we can use or disclose information that we consider is suitable, to the extent that the records were quoted or related to ongoing or potential disputes, or to impose or protect the rights or safety of others.
Usually, when we disclose this personal information to other companies and institutions, we are properly taking care to share the only minimum amount of personal needed to fulfil their functions, making them aware that these data can be used only when services are performing on our behalf or to comply with legal requirements. If the case, we apply security measures to request our services’ suppliers to protect your personal data.
It is possible to work with third parties’ networks in the advertising field or market research companies, for various polls, statistics, or to present to you some on-line commercials or to help us to evaluate some on-line services, viewing creatives or other contents. These companies can view, edit or set up their own cookies/technologies which allow them to collect information about your interaction with content and advertising when you are using our Group services. The use of these technologies by third companies is subject to their own policies and procedures and, even if not covered by this Privacy Notice, we will ensure that these companies are compliant with the legal framework regarding personal data protection.
7. Where is your personal data stored?
Your personal data will be kept, processed and stored by us and our service providers in the following territories: the European Union, EEA and the USA.
Each of our service providers who process and store your personal data have an obligation to keep it protected and secured, in accordance with applicable industry standards and whether less stringent legal provisions apply in their jurisdiction.
Where such recipients of data are located in third countries for which the European Commission has not issued an adequacy decision, Axilis has in place contractual relationships with each such recipient that include standard contractual clauses intended to ensure an adequate level of protection and will always conduct rigorous due diligence to ensure there are no risks to such transfers. A copy of the standard contractual clauses used by Axilis can be found at: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087.
8. How we keep your personal information up to date?
It is important that the information contained in our records about you is both accurate and current. We offer various self-help tools that will allow you to update certain of your personal data in our records.
If your personal data changes during the course of your employment, please use these self-help tools to update that data, where available, or let HR Ops [email protected] know of those changes.
9. How long we keep your personal information for?
Your personal data will only be stored for a necessary and strict period of time in accordance with the purpose for which it is collected and applicable laws or regulatory requirements. Generally, this means we will keep your personal data until the end of your employment with us, plus a reasonable period of time after that where necessary to respond to any employment inquiries, deal with legal, tax, accounting or administrative matters, or to provide you with ongoing pensions or other benefits. Your personal data will be retained as documented in our corporate data retention schedule and applicable riders and supplements.
- Permanently, for the evidence on working hours, in accordance with Croatian Ordinance on the content and manner of keeping records of Employees NN 73/2017, Article 5.
- For a period of 11 years as prescribed by the relevant legislation governing the retention of Bookkeeping documents in accordance with Croatian Accounting Act NN47/20,
- For a period of 6 months for video surveillance records in our locations according to our legal obligations under Law on implementation of GDPR (NN 42/18), Art. 29, unless it is differently required by another law or if serves as evidence in court, arbitration or administrative proceedings.
- during the existence of our legitimate interests in preserving our rights, security and protection of property, as well as responding to any complaints, requests or other questions regarding our services,
- for the duration of your consent (your explicit consent to the processing of personal data), i.e. until the moment of modification or withdrawal thereof,
Upon expiration of the set retention periods, your personal data will be deleted or anonymised. If, at any time, you wish us to discontinue the use of your personal data, please contact us in the manner described in “How to access, modify, delete or object to the use of your personal data” section.
If your requests to delete your personal data violate our legal or regulatory obligations, or the data related to the request for deletion are necessary to exercise or defend our legal claims, we may not be able to act upon your request and we will notify you of this decision.
10. How we keep your personal data secure?
Axilis has implemented all necessary technical and organizational measures, whether physical, electronic or procedural, to protect the confidentiality and security of the personal data you share with us. These measures have been implemented to protect data against unauthorized access, destruction, loss, alteration, access, disclosure or use. Our security controls are designed to maintain an adequate level of confidentiality, integrity and data availability. Information transmitted and received through the Superbet site and in our applications is encrypted using Secure Socket Layer (SSL) technology. Superbet has a 24/7network traffic monitoring system to detect signs of attacks or intrusions and prevent fraud.
Alongside our security measures, we ask you to remember that you need to keep your passwords secure, for all your e-mails/platforms/software belonging to our Group:
- Do not disclose/share your password with other people;
- Do not disclose/share your access codes for the locations you are working on;
- Do not borrow your company devices/tokens which were provided to you;
- Log out from e-mail/software/platforms/personal device or company devices when you leave your workstation. Failure to do so may lead to access to data by unauthorised persons.
11. Automated decision making and profiling
Your personal data will not be profiled, and currently, we do not have automated decision-making processes that affect you.
12. Your rights
At any given time, you will have the following rights regarding your personal data processed by us. Please note, other than your right to object to us using your information for direct marketing (and profiling for the purposes of direct marketing), your rights are not absolute in case of other applicable laws.
- The right to information: you have the right to be provided with information on the identity of the personal data controller, on the reasons for processing your personal data and other relevant information necessary to ensure the correct and transparent processing of your personal data.
- The right of access: you have the right to make a request for details of your personal information and a copy of that personal information.
- The right of rectification: you have the right to have inaccurate information about you corrected or removed without undue delay.
- The right of erasure ("right to be forgotten"): you have the right to have certain personal information about you deleted from our records.
- The right to restriction of processing: you have the right to ask us to use your personal information for restricted purposes only.
- The right to data portability: you have the right to ask us to transfer the personal information you have given us to you or to someone else in a format that can be read by computer.
- The right to object: you have the right to object to us processing (including profiling)your personal information in cases where our processing is based on a task carried out in the public interest or where we have let you know it is necessary to process your information for our or a third party’s legitimate interests. You can object to us using your information for direct marketing and profiling purposes in relation to direct marketing.
- The right in relation to automated decisions: you have the right not to have a decision which produces legal effects which concern you or which has a significant effect on you based only on automated processing, unless this is necessary for entering into a contract with you, it is authorised by law or you have given your permission for this.
In order to exercise any of the above rights, you can send a signed and written request to our postal address or in writing to [email protected] Your request will be reviewed and answered within 1 month of receipt, in accordance with the GDPR. If we receive a large number of requests, or particularly complex requests, the deadline can be extended by a maximum of another two months. In certain circumstances as prescribed by data protection law (i.e. excessive requests), we might refuse to act upon your request.
In the event your personal data is processed based on your consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent before its withdrawal.
You also have the right to lodge a complaint with the National Authority for the Supervision of Personal Data Processing:
Agencija za zaštitu osobnih podataka
Selska cesta 136, 10000 ZAGREB
13. How you can access, modify, delete or object the use of your personal data
In order to exercise the Rights mentioned above, you can contact us by emailing [email protected] At any time, you can refuse to share your personal data or object to our processing of your personal data. However, you should understand that if you choose this option in certain situations, we may not be able to fulfil our contractual obligations to you, as stated in "What happens if you do not provide or allow us to use your personal data” section above.
If you have consented to receive marketing communications from us and subsequently decide that you no longer wish to benefit from these, you can stop receiving such communications by unsubscribing at any time.
14. How to contact us
If you have any questions, comments, complaints or suggestions relating to this notice, or any other concerns about the way in which we process information about you, please contact our Data Protection Officer by emailing [email protected]