2. TERMS AND DEFINITIONS
- GENERAL DATA PROTECTION REGULATION (GDPR) - The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and consolidate the personal data protection processes of all individuals within the European Union (EU). The regulation also applies to the transfer of personal data outside the EU;
- Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Data subject is any natural person whose identity is identified or identifiable and whose personal information is subject to processing by the processing manager in charge of processing personal data;
- Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Processing restriction - means the marking of stored personal data with the aim of limiting their processing in the future;
- Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
- Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
- Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be following the applicable data protection rules according to the purposes of the processing;
- Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
- Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- User is any natural person who accesses our website and is involved in any processing of personal data;
- Candidate is a respondent who is a candidate or potential candidate for a position with the Client.
- The client is a contracting party to SMART GROUP RECRUITMENT Ltd.
3.3 If you have any questions or requests regarding the handling or protection of your personal information, please email us at email@example.com.
4. WHAT PERSONAL INFORMATION DO WE HANDLE?
4.1 We process the following personal information:
- name, gender, date of birth, place of residence (street and house number, place, postal code);
- contact information (telephone number, email address, address or other communication channel ID);
- information from your LinkedIn profile or from any social media account;
- professional qualification and title, previous and present work experience (name / company of previous employers, job titles, length of service);
- your interests (the information you provide yourself in the application form / CV);
- the results of psychological testing if you approach it;
- references and opinions - notices you give to others;
- Notices for analysis and marketing purposes;
- photos and videos of your accessibility at events in our organization (you will be able to refuse to take or take pictures at those events);
- information about disabilities and adjustments we should consider at your workplace;
- In some cases, we will also collect sensitive personal information when permitted to do so by law (in certain countries, we will ask you about your past for equal opportunity purposes).
5. For what purpose do we process your personal information?
5.1 We process your personal information for the following purposes:
- To look for a job for you, track and develop your career and make contact when opening a new business opportunity. To this end, we may process your personally identifiable information, for example, from online portals (e.g., MyPosao.net) and specialized social networks (e.g., LinkedIn), as well as information that you provide to us (e.g., in open petitions, ad submissions for jobs and the like). In this case, the basis for processing your personal information is a legitimate interest (there is a mutual interest in your employment).
- To take the actions necessary to select and recruit new employees for our clients and eventually contract our clients (for example, to select candidates for a job interview, to arrange interviews, psychological and other testing, and to present potential candidates to our clients). In this case, the basis for processing your personal information is legitimate interest.
- To send you our newsletter, if you have given your consent to submit it. In this case, the basis for processing your personal information is your consent.
- In order to fulfill our legal duties. In this case, the basis for processing your personal information is the fulfillment of our legal duty.
- To protect our legitimate interests (such as when necessary to enforce security measures). In this case, the basis for processing your personal information is legitimate interest.
- To perform statistical and analytical research, for example to compare the effectiveness of our candidate mediation in different business sectors and in different geographic areas, and to identify factors that could affect these identified differences. In this case, the basis for processing your personal information is your consent.
6. WHO HAS ACCESS TO YOUR PERSONAL INFORMATION?
6.1 We treat your personal information as a business confidential and as such protect it in accordance with applicable laws and best practices.
6.2 Third parties are only allowed to access and process your personal information in the situations described below:
- Our clients (employers for whom we carry out the selection process and / or who you will be assigned to if we hire you) have the right to access your personal information if you are a candidate whom we have chosen to present to them on the basis of appropriate criteria. So, if you are involved in the selection process in one of the ways explained in Article 5.1 above, we have introduced you to the identity of the employer and during the process have met the required criteria, we are sharing your information with the client.
- Third party service providers who provide us with the services required for our operating business, such as accounting services, postal services, archives, etc. In this case, they process your personal information solely in accordance with our instructions.
- Processing contractors (such as providers for verifying personal information). If we hire a third-party processing performer to process your personal information, the processing performer is conditioned on contractual obligations so that: (1) it processes personal information in accordance with our prior written instructions; and (2) implement measures to protect the confidentiality and security of personal data.
- Third party service providers whose services we use to fulfill a legal obligation or when we have a legitimate interest in doing so, and who process your personal information in accordance with their legal authority. In this case, they process your personal information on the basis of, and in accordance with, legal authority. For example, there are various advisers, auditors and the like.
- Competent authorities in supervising the legality of business and conduct. In this case, they process your personal information in accordance with their legal authority.
7. IS MY PERSONAL INFORMATION TRANSFERRED TO THIRD COUNTRIES?
7.1 We will only transfer your information outside the EU to countries where the European Commission decides to provide the appropriate level of protection or to countries where we have taken appropriate security measures to ensure the privacy of your data.
8. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
8.1 We make every effort to ensure the security of personal information. Your information is constantly protected from loss, forgery, manipulation, unauthorized access or unauthorized disclosure.
8.2 Your personal information is contained within secured computer networks and systems and is only available to a limited number of persons who have special access rights to those systems and are required to keep the information confidential.
8.3 Some of the safeguards we are implementing are as follows:
- Regular and effective updating of the software and computer equipment to which we store your personal information.
- Educate employees who process personal data at work.
- Implementing database alias and / or encryption whenever possible.
- Use secure methods in proportioning your personal information to prevent unauthorized access.
- Application of modern methods of protection and control of access to data resources containing personal data.
- Continuous monitoring of all resources (physical spaces where your data is stored) used to process personal data.
- Monitor and take appropriate action in the event of any security incidents that prevent or limit the occurrence of personal data damage.
9. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
9.1 Your personal data is stored in accordance with applicable laws and (1) only for as long as is necessary to achieve the purpose for which the data is processed, or (2) for a period prescribed by law (e.g. 10 years for storing invoices) or ( 3) for the period required for the performance of the contract, including any warranty periods and time limits within which any claims under the contract can be determined (e.g. for 5 years from the fulfillment of contractual obligations). We keep your information throughout this period and delete it for an additional period of one year.
9.2 We hold personal data that we process on the basis of a legitimate interest for as long as our legitimate interest exists and delete it for a period of 1 year from the termination of our legitimate interest.
9.3 In the case of processing on the basis of legitimate interests, we or a third party (Art.6(1)(f)) GDPR), conduct a LIA (Legitimate Interests Assessment) test and may process your personal data after the LIA test shows that our legitimate interests and / or third parties do not override your fundamental rights and freedoms.
9.4 In cases of legitimate interest processing, your consent is not required. In these cases, you have the right to object at any time.
9.5 Your consent is a voluntary, informed and specific expression of a will by which, by means of a statement or clear affirmative action, you give unambiguous consent to the processing of your personal data for a specific purpose If you have given us consent to process personal data for certain purposes (e.g. transfer intra-group data, marketing, etc.) The legality of such processing is based on your consent. Any consent may be withdrawn at any time. This also applies to the withdrawal of statements and consent given to us prior to the entry into force of the GDPR, i.e. before 25 May 2018.
9.6 Please note that withdrawal will only have an effect for future processing. Likewise, the granting or denying of your consent does not affect the performance of the contract, nor does the termination of any contractual relationship result in or terminate the license you have granted us.
10. YOUR RIGHTS
10.1 In the event that you choose to exercise one or more of your rights below, the Company has the right to verify your identity, all for the purpose of protecting your personal information. We will respond to your request as soon as possible and within one month at the latest of a duly received request.
10.2 You exercise your rights for free. However, if you (frequently, for example, if less than 6 months have passed since your request) or excessively (for example, request all your personal information in writing), request access to or transfer of your personal information, we have the right to ask you to pay our costs before conducting such an action.
10.3 You may exercise your rights by (1) submitting your request to firstname.lastname@example.org, (2) in subject of the message put „Data Subject request“, (3) in the body of the message explain what right you want to exercise and (4) provide us with identifiable information (your name and date of birth or OIB). Upon receipt of the message, we will send you a confirmation of the correct receipt of your request. You can also send your request by mail to SMART GROUP RECRUITMENT doo, Heinzelova 70, 10 000 Zagreb.
10.4 Access to your Personal Information. You have the right to ask us to confirm whether we are processing your personal information as well as access to your personal information that we process. Furthermore, European provisions and directives give you access to the following information:
- the purpose of processing personal data;
- the type of personal information requested;
- the recipient or type of recipients to whom personal data are shared, especially recipients from third countries or international organizations.
10.5 Right to object. You have the right to object on a legitimate basis against the processing of your personal information.
10.6 Resist profiling. You have the right to oppose profiling if the conditions are met.
10.7 Correction of incorrect personal information. You have the right to request the correction of your incorrect personal information, as well as the right to supplement your personal information.
10.8 Transferability of Personal Information. You have the right to download and request the transfer of your personal information that we process based on your consent.
10.9 Objection against the processing or treatment of your personal information. You have the right to object to the processing of your personal information as well as to our general handling of your personal information.
10.10 Right to Restrict Personal Data Processing. You have the right to ask us to restrict the processing of personal information in cases where the following applies:
- You have challenged the accuracy of personal information, which allows us to verify the accuracy of personal information.
- the processing of personal data is illegal and you oppose the deletion of personal data and instead seek a restriction on the use of said personal data.
- We no longer need personal data to process, but you do need us to establish, implement or defend legal claims.
- You objected to the processing of personal data pursuant to Article 21, paragraph 1 of the GDPR.
10.11 Right of withdrawal. You have the right to withdraw your consent to the processing of personal information (if you gave it to us for the purpose of submitting our newsletter), as well as to request that your personal data that we processed based on your consent be permanently deleted. The withdrawal of the privilege does not affect the processing performed on the basis of the privilege prior to its withdrawal.
10.12 Right to complain to the Data Protection Agency. At any time, you have the right to file a complaint with the competent personal data protection authority - the Data Protection Agency, regarding the processing and protection of your personal data.
Issuer: SMART GROUP RECRUITMENT d.o.o.
Posted: on 18.02.2020.