GDPR policy



GDPR Privacy Policy

ASTREA RECRUITMENT EOOD is a company registered as a recruitment agency under the procedure of Art. 5, item 1 of the Ordinance on the terms and procedure for performing employment mediation activities, holding registration certificate №: 1809 / 26.11.2014, issued by the Employment Agency.

Our mission is to connect businesses and job seekers to provide the best opportunities and meet the interests of our clients.

In order to accomplish the objectives of our main activity - selection and career counselling and to fulfil our legal obligations to the Employment Agency for the administration and control of employment mediation activities, we collect, store and process personal data of the candidates and we ensure:

usage of your personal data for selection and career counselling purposes only;
maintaining your personal data confidential, up-to-date and available by applying technical solutions, organisational measures and internal control procedures;
transparent procedures for managing your personal data so you can easily and effectively exercise your rights under the GDPR Regulation;
a personal Career Advisor that will provide you with the most appropriate job offers, advice on interviews with Employers, and full assistance for managing your personal data.
DPO who will ensure and protect your rights, as well as carry out communication related to any GDPR Regulation questions.

Our commitment is not only to provide professional services and full assistance for your professional accomplishment, but also the security of your personal data in full compliance with Regulation (EC) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to only as the GDPR Regulation - but we also implemented the Information Security Management System according to the international standard ISO 27001:2013.

For more detailed information, please thoroughly familiarize yourself with the full text of our Policy on management and confidentiality of personal data, while we also remain available for further information and advice.

06.06.2018

POLICY

ON MANAGEMENT AND CONFIDENTIALITY OF PERSONAL DATA

We, ASTREA RECRUITMENT EOOD, collect and process personal data in a lawful, conscientious and transparent manner, respecting the principle of privacy and non-interference in the personal life of citizens. Our Policy on confidentiality of personal data binds us by the commitment to process your personal data only in case:

Based on contractual relations - these grounds apply when we contact you in relation to your accepted application, regarding any of our job selection offers, which you have applied to. In order to cooperate with you and potential employers, we need to enter into a General Terms of Contract for Mediator Services, which is our legal obligation towards the Labour Agency (LA). This obligation is a requirement, in order for us to have a Mediator Services License, related to Job Selection. The aforementioned contract will be registered by us on the LA's information platform and stored together with your CV for a period of 5 years, according to the regulation requirements (for more information refer to Article 41, paragraph 2 of the Regulation of the conditions and order for carrying out mediator services related to job selection).

The Contract's number is the same as your Candidate file, which can be used to perform all legitimate actions related to the GDPR Regulation.

Based on legitimate interest - these grounds apply when you submit your CV on one of our job offers, but your competences do not fully match with the employer's specified requirements. In this case your CV is entered into our database for a period of 3 years, so that we can offer you suitable positions.

Your e-mail becomes the identifier of your personal Candidate file, with which you can perform all legitimate actions related to the GDPR Regulation.

When we contact you regarding with the job offer appropriate for your profile and preferences, your file will be processed according to point 1.

Based on explicit agreement - these grounds apply for all candidates who are present in our database in relation to points 1 and 2, after the expiration of the aforementioned processing period. These grounds are also valid for candidates who have been entered into our database prior to 25.05.2018. We will contact you in order to receive your explicit agreement or refusal for future processing of your private data for the purposes of selection and career counselling.

If we receive your agreement, your e-mail will become the identifier of your personal Candidate file, with which you can perform all legitimate actions related to the GDPR Regulation.

This Policy on management and confidentiality of personal data fully complies with the requirements of the General Data Protection Regulation - Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and on the repealing Directive 95/46/EC (General Data Protection Regulation), Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), the Personal Data Protection Act, the Electronic communications Act and the Ordinance on terms and conditions for performing employment mediation activities and shall apply to:

(1) the persons who apply for a job with us;

(2) the applicants we provide or refer to one of our clients;

(3) applicants who are provided by our recruiting partners to process our clients' positions;

(4) users of the websites https://astrea.bg and http://astrea-bg.com , as well as those who have applied for jobs through the platforms of our partners: jobs.bg, zaplata.bg, rabota.bg, etc.;

This Policy describes the types of personal data we collect, the purpose and the manner we use them and the individuals with whom we share it, as well as the rights and options available to individuals concerning the use of their data. We also describe the steps we take to protect the confidentiality of data and the ways you can contact us about our confidentiality practices and the exercise of your rights.
Data we collect

We collect personal data about you in various ways, such as through our site, our recruiting partners, public information platforms for jobseekers (e.g.: jobs.bg, zaplata.bg, etc.), social network channels (e.g., Facebook and LinkedIn, etc.), at events, by phone or e-mail, job applications and personal selection, and in the course of our relationship with customers and suppliers. We may collect the following types of personal data:

contact details (names, e-mail address and phone number);
date of birth;
sex;
nationality and status of work permits;
other information included in your CV, information you provide about your career development preferences and other information about your recruitment qualifications:
previous job, employers and education data;
language skills and other job-related skills;
information provided through references,
information from interviews, tests, face-to-face and remote communication carried out in relation to the selection procedure
other data you may provide to us, such as through the "Contact Us" feature on our site.

We are obliged not only to refrain from using your personal data for purposes other than the purpose of selection and career counselling but also from transferring your data to Employers who cannot demonstrate compliance with the GDPR. In addition, we make sure to manage your personal data by transparent and accessible procedures, to protect technically and to the maximum degree the data and preserve its integrity, availability and confidentiality.

Furthermore, we will provide you with a personal Career Advisor, which is a prerequisite both for high-quality career guidance services that are tailored to your requirements, as well as for competent application assistance and information on suitable openings in the future. The same Personal Advisor will assist you in updating your data as necessary or manage it in accordance with the rights granted by GDPR.

Attention: We recommend that you do not include data relating to racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties or organizations, associations with religious, philosophical, political or trade-union purposes in your CV; as well as information related to the health and sexual life of the individual. These is "sensitive data" that is not relevant to the subject of selection and is not required for employers and the Employment Agency. We warn that it is risky and for the purposes of our service one does not have to provide essential data from identity documents such as personal ID number, passport/ID card number, validity terms and the like.
Data collected by automated means

ASTREA RECRUITMENT's website collects a series of generic data and information when a data object or an automated system call the website. These generic data and information are stored in the log files on the server. The data collected can be (1) the types and versions of the browser used, (2) the operating system used by the access system, (3) the website from which our website was accessed (the so-called Referents), (4) (5) the date and hour of access to the website, (6) the Internet Protocol (IP) address, (7) the ISP of the access system, and (8) any other similar data and information that may be used in case of attacks on our information technology systems. When using this general data and information, ASTREA RECRUITMENT does not make any judgments regarding the data subject. Rather, this information is needed to: (1) prepare correctly the content on our website, (2) optimize the content of our website as well as its advertising, (3) ensure the long-term viability of our information technologies and web technologies, and (4) provide law enforcement authorities with the necessary information for prosecution in case of a cyber-attack. Therefore, ASTREA RECRUITMENT analyses the collected data and information anonymously by statistical tools in order to increase the data protection and data security of our enterprise and to ensure an optimal level of protection of the personal data we process. Anonymous log file data on the server is stored separately from any personal data provided by the data subject.
Purposes and ways of using the information we collect

We use the information described above to perform the following activities:

providing solutions for supply of staff and for connecting people and employers;
sending vacancy notices;
management, evaluation and improvement of our activity;
protection against, identification of and prevention of fraud and other illegal activities, claims and other obligations, and
compliance and enforcement of applicable legal requirements, sectoral standards and contractual obligations and of our rules.

In addition to the above activities, if you are a job candidate and apply for a particular position, we use the data described in these confidentiality rules in order to:

Make opportunities and job offers available to you;
Provide you with additional services such as training, career counselling and career development services;
Evaluate your employability and your respective qualifications for specific positions and
Analyse data such as (i) review of our database of job applicants, (ii) assessing individual performance and opportunities, including assessment of work-related skills, (iii) identification of missing skills, (iv) use of information to compare individuals and potential openings; and (v) analysis of data channels (trends in selection and recruitment practices).

We may also use the information in other ways, of which we will provide a special notification at the time of or prior to collection.

We use Google Analytics, a web analytics service provided by Google Inc. The Google Privacy Statement can be viewed at http://www.google.com/intl/None/policies/privacy/

By using our sites, you consent for your data to be processed by Google in the manner and for the purposes outlined above. If you choose, you can opt out of your Google Display Advertising processing and/or personalize your ads by using Google Ads Settings at: http://www.google.com/settings/ads. For more information about Google Analytics, please visit https://www.google.com/analytics/.
Data storage and Data updating

We will store your personal data in accordance with Bulgarian law and our legitimate business interests, legal obligations, or the emergence, exercise or protection of our rights.

We are committed to updating your data by contacting you in order to provide you with the best career opportunities.

In case you have provided personal data for the purposes of selection and career counselling, based on explicit agreement, you can withdraw your agreement at any point of time and we will securely delete your data.
Data that we share

We do not disclose the personal data we collect from you except as described in this Policy. We share your personal data with clients who may offer suitable job opportunities or want to offer work to our job applicants.

We may share your personal data with companies, which are acting as our subcontractors for the purposes of performing our duties as a recruitment agency: IT providers whose servers are located in Europe, applying the standard contractual terms of the European Commission - for the purpose of developing and technically maintaining our systems; for auditors and consultants, in order to verify our compliance with external and internal standards and requirements. All data processors are carefully screened and checked for compliance with GDPR requirements. Agreements on confidentiality and non-dissemination of information have been concluded with them.

In addition, we may disclose information about you, (i) if we are so obliged by virtue of law or judicial procedure, (ii) to law enforcement bodies and civil servants on the basis of a lawful request for disclosure, and (iii) in cases where we believe this is necessary in order to prevent personal injury or financial loss or in connection with the investigation of alleged or actual fraudulent or illegal activity.

We also reserve the right to transfer personal data concerning you in case of sale or transfer of our business or property or part thereof (including in the event of restructuring, termination and liquidation).
Your rights and choices available

We provide you with certain choices regarding the personal data we collect from you and the way we communicate with you. In order to update your preferences, to request that we remove your data from the periodic communication list, to exercise your rights, or to make a request, contact your personal Career Advisor or as indicated in the "Contact Us" section of this Policy.

You may request access to the personal data we maintain in regard to you or require us to correct, amend, erase or block the data by contacting your personal Career Advisor or as directed in the "Contact Us" section of this Policy. Deletion of personal data upon your request is possible insofar as there would be no statutory storage obligations.

You may withdraw any consent that you have given us, or may appeal the processing of your personal data at any time on a legal basis, and we will then follow your valid preferences.

Information about the actions we take in connection with any requests you have received will be provided at no charge within 30 calendar days as of receipt of your request.

You are entitled to lodge a complaint about the processing of your personal data by ASTREA RECRUITMENT to the Personal Data Protection Commission at: kzld@cpdp.bg.
Data Transfer

We transfer the personal data we collect from you only within the European Economic Area (EEA) or Switzerland and will comply with the applicable legal requirements to provide appropriate protection in the transmission of personal data to recipients in countries outside the EEA territory and Switzerland.
How we protect personal data

We have implemented and maintain an Information Security Management System in accordance with the requirements of international standard ISO 27001:2013.

We have appointed an Information Security and Data Protection Officer, who has the necessary competencies.

We maintain and apply administrative, technical and physical safeguards for information security and protection of any personal data that you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

The employees, who have access to personal data, are trained to work with sensitive information and are obliged to treat the information as confidential.

We have conducted an impact assessment on data protection and we have envisaged data protection at the design stage of the company's products and processes, as well as a periodic risk assessment with a view to continuously improving the Policy on management and confidentiality of personal data.

We cooperate with the Personal Data Protection Commission, both in the identification of risks and control mechanisms, and at any request by the supervisory authority in the performance of its duties.

In the event of a personal data security breach, the Data Security Officer will notify the Personal Data Protection Commission within 72 hours of learning of the breach pursuant to Article 33 of Regulation (EU) 2016/679. In the event of a high risk for your rights and freedoms, you will also be duly informed by a message at the contact email address that you have indicated of the nature of the violation and of the measures to mitigate the adverse effects.
Updates to the Policy on confidentiality

This Policy on management and confidentiality of personal data may be periodically updated to reflect changes in our personal data confidentiality practices. In case of substantial changes, we will notify you with by a clearly visible message at our site, indicating the date of the last update in the beginning of the Policy.
Contact Us

Silvia Mineva

dpo@astrea-bg.com