Terms

NORDIC RECRUITMENT & CONSULTING EOOD is a company registered as a recruitment agency under the procedure of Art. 5, item 1 of the Ordinance. Our activities consist of providing recruitment and selection of skilled employees to private-sector employers, as well as consulting services in terms of market research and skills evaluation. Our recruitment and selection activities are based upon Recruitment License No 2022 issued on 01.04.2016 with unlimited validity.

In order to accomplish the objectives of our main activity – selection and career counselling and to fulfil our legal obligations to the Employment Agency for the administration and control of employment mediation activities, we collect, store and process personal data of the candidates and we ensure:

• Usage of your personal data for selection and career counselling purposes only;
• Maintaining your personal data confidential, up-to-date and available by applying technical soluions, organizational measures and internal control procedures;
• Transparent procedures for managing your personal data so you can easily and effectively exercise your rights under the GDPR Regulation;

Our commitment is not only to provide professional services and full assistance for your professional fulfilment, but also the security of your personal data in full compliance with Regulation (EC) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred only to as the GDPR Regulation – but we also implemented the Information Security Management System according to the international standard ISO 27001:2013.

For more detailed information, please familiarize yourself with the full text of our Policy on management and confidentiality of personal data, while we also remain available for further information and advice. 13.06.2018

We, NORDIC RECRUITMENT & CONSULTING EOOD, collect and process personal data in a lawful, conscientious and transparent manner, respecting the principle of privacy and non-interference in the personal life of citizens. Our Policy on confidentiality of personal data binds us by the commitment to process your personal data only in case:

Based on contractual relations – these grounds apply when we contact you in relation to your received application, regarding any of our job selection offers, which you have applied to. In order to collaborate with you and potential employers, we need to enter into a General Terms of Contract for Mediator Services, which is our legal obligation towards the Labour Agency. This obligation is a requirement, in order for us to have a Mediator Services License, related to Job Selection. The aforementioned contract will be registered by us on the Labour Agency’s information platform and stored together with your CV for a period of 5 years, according to the regulation requirements (for more information refer to Article 41, paragraph 2 of the Regulation of the conditions and order for carrying out mediator services related to job selection).

Based on legitimate interest – these grounds apply when you submit your CV on one of our job offers, but your competences do not fully match with the employer’s specified requirements. In this case your CV is entered into our database for a period of maximum of 3 years, so that we can offer you suitable positions.

Based on explicit agreement – these grounds apply for all candidates who are present in our database in relation to points 1 and 2, after the expiration of the aforementioned processing period. These grounds are also valid for candidates who have been entered into our database prior to 25.05.2018. We will contact you in order to receive your explicit agreement or refusal for future processing of your private data for the purposes of selection and career counselling.

This Policy on management and confidentiality of personal data fully complies with the requirements of the General Data Protection Regulation – Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and on the repealing Directive 95/46 / EC (General Data Protection Regulation), Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), the Personal Data Protection Act, the Electronic communications Act and the Ordinance on terms and conditions for performing employment mediation activities and shall apply to:

This Policy describes the types of personal data we collect, the purpose and the manner we use them and the individuals with whom we share it, as well as the rights and options available to individuals concerning the use of their data. We also describe the steps we take to protect the confidentiality of data and the ways you can contact us about our confidentiality practices and the exercise of your rights.

1. Data we collect We collect personal data about you in various ways, such as through our site, our recruiting partners, public information platforms for jobseekers, social network channels (e.g., Facebook and LinkedIn, etc.), at events, by phone or e-mail, job applications and personal selection, and in the course of our relationship with customers and suppliers. We may collect the following types of personal data:

• contact details (names, e-mail address and phone number); date of birth; Gender; nationality and status of work permits;
• other information included in your CV, information you provide about your career development preferences and other information about your recruitment qualifications: previous job, employers and education data; Job-related skills (such as language skills);
• information provided through references; information from interviews, tests, face-to-face and remote communication carried out in relation to the selection procedure; other data you may provide to us, such as through the “Contact Us” feature on our site.
• We are obliged not only to refrain from using your personal data for purposes other than the purpose of selection and career counselling but also from transferring your data to Employers who cannot demonstrate compliance with the GDPR. In addition, we make sure to manage your personal data by transparent and accessible procedures, to protect technically and to the maximum degree the data and preserve its integrity, availability and confidentiality.

2. Data collected by automated means NORDIC RECRUITMENT & CONSULTING’s website collects a series of generic data and information when a data object or an automated system call the website. These generic data and information are stored in the log files on the server. The data collected can be (1) the types and versions of the browser used, (2) the operating system used by the access system, (3) the website from which our website was accessed (the so-called Referents), (4) (5) the date and hour of access to the website, (6) the Internet Protocol (IP) address, (7) the ISP of the access system, and (8) any other similar data and information that may be used in case of attacks on our information technology systems. When using this general data and information, NORDIC RECRUITMENT & CONSULTING does not make any judgments regarding the data subject. Rather, this information is needed to: (1) prepare correctly the content on our website, (2) optimize the content of our website as well as its advertising, (3) ensure the long-term viability of our information technologies and web technologies, and (4) provide law enforcement authorities with the necessary information for prosecution in case of a cyber-attack. Therefore, NORDIC RECRUITMENT & CONSULTING stores anonymous log file data on the server separately from any personal data provided by the data subject.

3. Purposes and ways of using the information we collect We use the information described above to perform the following activities:

• Providing solutions for supply of staff and for connecting people and employers;
• Sending vacancy notices;
• Management, evaluation and improvement of our activity;
• Protection against, identification of and prevention of fraud and other illegal activities, claims and other obligations, and
• Compliance and enforcement of applicable legal requirements, sectoral standards and contractual obligations and of our rules.
In addition to the above activities, if you are a job candidate and apply for a particular position, we use the data described in these confidentiality rules in order to:
• Make opportunities and job offers available to you;
• Provide you with additional services such as training, career counselling and career development services;
• Evaluate your employability and your respective qualifications for specific positions and
• Analyse data such as (1) review of our database of job applicants, (2) assessing individual performance and opportunities, including assessment of work-related skills, (3) identification of missing skills, (4) use of information to compare individuals and potential openings; and (5) analysis of data channels (trends in selection and recruitment practices). We may also use the information in other ways, of which we will provide a special notification at the time of or prior to collection.

We use Google Analytics, a web analytics service provided by Google Inc. to evaluate the use of our site and services, compile activity reports, and provide other services related to the use of the Internet. The Google Privacy Statement can be viewed at http://www.google.com/intl/None/policies/privacy/
By using our sites, you agree for your data to be processed by Google in the manner and for the purposes outlined above. If you choose, you can opt out of your Google Display Advertising processing and/or personalize your ads by using Google Ads Settings at: http://www.google.com/settings/ads. For more information about Google Analytics, please visit https://www.google.com/analytics/.

4. Data storage and Data updating We will store your personal data in accordance with Bulgarian law and our legitimate business interests, legal obligations, or the emergence, exercise or protection of our rights.
We are committed to updating your data by contacting you in order to provide you with the best career opportunities.
Important: In case you have provided personal data for the purposes of selection and career counselling, based on explicit agreement, you can withdraw your agreement at any point of time and we will securely delete your data.

5. Data that we share

• We do not disclose the personal data we collect from you except as described in this Policy. We share your personal data with clients who may offer suitable job opportunities or want to offer work to our job applicants.
• With the goal of providing effective advertising of the positions we are recruiting for, we engage from time to time third party service providers – processors. Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of NORDIC RECRUITMENT & CONSULTING.
The processors are carefully selected according to their capacity for personal data protection and processing in compliance with applicable data protection legislation. These include job boards and other platforms of similar nature. None of our processors has the right to use your personal information beyond what is necessary to assist us in making our work possible. When we cooperate with third parties and they process your personal data on our behalf, we make sure your personal data is being handled with the same integrity and security as we do.
• In addition, we may disclose information about you, (1) if we are so obliged by virtue of law or judicial procedure, (2) to law enforcement bodies and civil servants on the basis of a lawful request for disclosure, and (3) in connection with the investigation of alleged or actual fraudulent or illegal activity.

6. Your rights and choices available If you wish to access, delete or correct your personal information please, address your requests and complaints to: Sofia, Bulgaria, 99 Knyaz Boris I Str., 3rd floor or mikko.saarinen@nordicconsulting.org. You may withdraw any consent that you have given us, or may appeal the processing of your personal data at any time on a legal basis, and we will then follow your valid preferences. Information about the actions we take in connection with any requests you have received will be provided at no charge within 30 calendar days as of receipt of your request. If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority of Bulgaria, which is the Commission for personal data protection. More information can be found at: www.cpdp.bg You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).

7. Data Transfer We transfer the personal data we collect from you only within the European Economic Area (EEA) or Switzerland and will comply with the applicable legal requirements to provide appropriate protection in the transmission of personal data to recipients in countries outside the EEA territory and Switzerland.

8. How we protect personal data We have implemented and maintain an Information Security Management System in accordance with the requirements of international standard ISO 27001:2013.
We maintain and apply administrative, technical and physical safeguards for information security and protection of any personal data that you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
The employees, who have access to personal data, are trained to work with sensitive information and are obliged to treat the information as confidential. We cooperate with the Personal Data Protection Commission, both in the identification of risks and control mechanisms, and at any request by the supervisory authority in the performance of its duties.
In the event of a personal data security breach, we will notify the Personal Data Protection Commission within 72 hours of learning of the breach pursuant to Article 33 of Regulation (EU) 2016/679. In the event of a high risk for your rights and freedoms, you will also be duly informed by a message at the contact email address that you have indicated of the nature of the violation and of the measures to mitigate the adverse effects.

9. Updates to the Policy on confidentiality This Policy on management and confidentiality of personal data may be periodically updated to reflect changes in our personal data confidentiality practices. In case of substantial changes, we will notify you with by a clearly visible message at our site, indicating the date of the last update in the beginning of the Policy.