Profesia is a job portal where candidates look for work and employers look for employees. Profesia is developed by the company Alma Career s.r.o., registered office: Pribinova 19, Bratislava 811 09, Slovak Republic, company ID no. 35 800 861 (hereinafter referred to as "Alma Career"). Profesia operates through the Google cloud service/platform and offers software as a service to customers. Alma Career as the Application Service Provider (ASP) ensures its continuous operation.
Software as a service
Profesia operates as SaaS (Software as a Service), which means:
it is operated in the cloud,
it requires internet access,
it requires a web browser and/or mobile client (Android, iOS),
it is not possible to operate it (the service) within the customer's own IT environment,
it is located in several data centers due to ensure high availability,
the servers and data are located in several data centers in the EU,
as the Application Service Provider (ASP), Alma Career ensures continuous operation.
Data protection
Basic information
Users of Profesia are divided into two groups:
Candidates: Users who use Profesia to search for work
Employers (hereinafter "customers"): Legal entities that use the Profesia to search for employees
Customers must be legal entities, self-employed individuals, civic associations, etc. that is, persons with an ID number. From a GDPR perspective, Alma Career is a data processor and customers are controllers of personal data.
We never request personal data that is not necessary for a specific purpose.
Information on the scope and type of data processing and other information related to the processing of personal data is provided in the Privacy Policy.
Professional services cannot be provided to customers without prior agreement with the Product terms and conditions.
Deletion of personal data
Candidates can delete their personal data by deleting their account on Profesia (accessible through the candidate's account).
If the customer wishes to delete personal data, they can do so via candidate detail using the "Anonymize" action.
Candidates' personal data is automatically anonymized in customer accounts after 36 months.
The customer can change the period after which the candidates' personal data is anonymized in the Settings/Company settings section.
Recovery of anonymized data is not possible.
Internal access restriction in Alma Career
Customer care (40+) - receiving customer requests and processing them (first line). At the request of the customer, they can access a Profesia account and resolve the support request.
Support (20+) - technical support staff (second line of the processing chain).
Sales department (20+) - handles functional requirements for products, campaigns, etc. (third line).
System administration (10+) - maintenance of technical resources (servers, backups...).
The roles described above must (or potentially can) have access to partial or all user data. The indicative staffing numbers are proportionate to the size of support that must inevitably access personal data. User data is available only to a limited group of authorized employees. Security measures include monitoring operations and activities associated with the operator's identity.
Acceptance of terms and conditions of service
Each customer must agree to the terms and conditions of service upon registration.
Candidates have access to job openings on Profesia without the need for registration or login. If they wish to perform an action that requires their personal data (creating a CV, responding to a job advertisement, sending job openings to an e-mail address, etc.), it is necessary to register and/or log in to an account. When registering, candidates must agree to the terms and conditions of service and familiarize themselves with the Privacy Policy.
Technical and security measures
Customer login is possible using a login name and password.
Candidates can register using their e-mail address and a password.
User access is secured through an encrypted connection.
The non-production (development/testing) environment is separated from the production data, the data is "mocked" or anonymized.
Activities related to security in production systems are monitored, recorded and evaluated in a timely manner.
Profesia is constantly being developed and tested (for both functionality and security).
Updates and fixes are released several times a week (in the case of serious problems, more often).
The processing and protection of user data is ensured in accordance with EU legislation, in particular the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
All detected cases of personal data protection violations are reported to the customer, i.e. to the personal data controller, who is fully assisted in reporting possible personal data protection violations to the supervisory authority or to the affected persons.
Operation monitoring takes place continuously (24/7). The status is monitored daily (between 7am and 10pm) and all problems are reported.
External monitoring services and internal systems are used to check the status.
Penetration testing is undertaken at Profesia.
Data transfer
Web access allows only HTTPS connection, i.e. encrypted.
It supports the TLS 1.0, 1.1, 1.2, 1.3 protocol.
The X509v3 SSL certificate is signed by trusted certificate authorities (accepted by all leading/most widely used web browsers).
A client certificate is not required or supported.
Separation of individual client sessions is ensured by a cookies mechanism.
All production system traffic in both directions is filtered and only HTTPS is allowed for user interaction and encrypted access (SSH protocol with key authentication) to maintain/update the application.
Local data
Profesia code works in docker containers as a PHP and React application built on hardened Linux operating systems. All components run virtualized on a private cloud solution for high availability and fast crash recovery options. Data is stored in MySQL and MariaDB databases. Data is continuously synchronized and mirrored in several places; backup is also done regularly. The backup takes place according to the defined schedule (retention is implicitly set to 14 days):
Cloud platform snapshots are taken daily.
Data is backed up:
Every hour (stored for 1 week)
Every day (stored for 2 weeks)
Every week (stored for 2 months)
A multi-level backup system is used:
Online replication of data to multiple locations.
A backup of the private cloud itself.
Internal backup systems.
Development cycle
The development, integration and testing environments are fully virtualized and run on a cloud platform. The environments are logically divided (by a firewall). Access rights to different environments are different. In other words, the production environment is fully separated (physically) from non-production environments.
The planning, development and testing of any updates/new versions of Profesia takes place within agile development (we cycle using two-week SCRUM sprints).
Several review mechanisms are performed before accepting functionality changes, including, but not limited, to code review, unit tests, integration tests, end-to-end tests, and static code analysis.
Ensuring security
All the main principles, measures and technical solutions used for the safe development and operation of Profesia are listed on this page. Upon request, we provide our business partners with a detailed description of Alma Career security measures in the format defined by the ISO/IEC 27001 standard. This level of disclosure of security information to third parties is final (any additional information such as test reports, internal security guidelines, etc. are confidential in accordance with the product security policy and are not made available to customers).
Compatibility and minimum requirements
Profesia is accessible through a web browser (it is compatible with the leading/most widely used browsers - Firefox, Chrome, Edge and Safari at least the last two versions).
JavaScript and cookie support are required for proper functionality.
Customer care and user support
Support requests are collected and recorded using Helpdesk and processed by the customer support team in the shortest possible time, during standard working hours (Mon –Fri, 8.00 – 17.00 CET).
Contract documentation
General terms and conditions, Terms of personal data processing and List of suppliers/other processors
Product terms and condition for the Profesia service
Privacy policy
In the case of any questions regarding the protection of personal data, please contact the person responsible using the e-mail address DPO-SK@almacareer.com.
Update on 1.9.2024.