Introduction

This Job Applicants Privacy Policy (“Privacy Policy”) explains what types of personal information we may collect about our candidates, as well as how it may be used.

In this Privacy Policy the terms “we”, “us” and “our” refers to iCard AD with seat and registered address in the Republic of Bulgaria, Sofia city, 76 James Bourchier blvd, and its affiliates and subsidiaries.

 

1.    WHO ARE WE?

iCard AD (or the “Data Controller”) is a joint stock company , with seat and registered address at Sofia city, Lozenets district, Lozenets residential area, 76 James Bourchier blvd, under Company Number 175325806, represented by Yavor Petrov. iCard AD is responsible for your information under this Privacy Policy.

If you are unsure how or if this Privacy Policy applies to you, please contact your Human Resources representative or our Data Protection Officer at dpo@icard.com .

 

2.    WHAT PERSONAL INFORMATION DO WE COLLECT?

We collect and maintain different types of personal information about you in accordance with applicable law. There are three general categories of information that we collect:

  • Information That We Collect in Order To Perform Our Legal Obligations and for the adequate execution of our contracts with you

We ask for and collect from you the following personal information when you:

– apply for job postings and other similar publicly available offers that we may post from time to time

  • This information is necessary for us to comply with our regulatory obligations and for the adequacy of the job application and candidate assessment processes. Without it, we may not be able to effectively carry out the intended purpose of our mutual engagement.
  • Names, Date of Birth, Unique citizenship number, permanent address, other data contained in any official document, that we may be required to collect from you in compliance with the applicable law.
  • Your resume or CV, cover letter, previous and/or relevant work experience or other experience, education, transcripts, or other information you provide to us in support of an application and/or the application and recruitment process.
  • In case you are not a Bulgarian citizen – residency and work permit status, for the purposes of complying with the applicable law.
  • Date of hire/contracting, date(s) of promotions(s), work history, technical skills, educational background, professional certifications and registrations, language capabilities, training records, letters of offer and acceptance of employment and other similar information about your qualifications, for the purposes of the adequate administration of our contract with you, as well as in order to comply with applicable laws.
  • Records of, entitlement and requests, salary history and expectations, performance appraisals, letters of appreciation and commendation, and disciplinary and grievance procedures (including monitoring compliance with and enforcing our policies), for the purposes of the adequate execution of our contract with you and complying with applicable labour legislation.
  • Information required for us to comply with laws, the requests and directions of law enforcement authorities or court orders (e.g., child support, debt payment information, requests from national revenue agencies).

 

  • Information That We Collect with Your Consent

You may choose to provide us with additional personal information in order to improve your job applicant experience. This additional information will be processed based on your revocable consent.

 

  • Information We Collect from You During the Course of Our Employer – Employee Relationship

During the course of our relationship, we may collect information, including personal information, about you. This information is necessary given our legitimate interest in ensuring the security of our business activities and the security of our other employees, our interest in enforcing our legal claims and improving our employee experience.

  • Telephone number, Emergency contacts, Personal E-mail, Residential Address, other information that facilitates the communication between us for the legitimate interests of sending you important communication or for your family’s or our other employees’ health and safety.
  • Information from interviews and phone-screenings you may have had, if any for the legitimate interest of making informed HR decisions.
  • Information captured on security systems, including Closed Circuit Television (“CCTV”) and key card entry systems for the legitimate interest of monitoring the security of our premises.
  • Photograph, videos, physical limitations and special needs for the legitimate interests of providing our employees with access badges and special accommodations if required.
  • Voicemails, e-mails, correspondence, documents, and other work product and communications created, stored or transmitted using our networks, applications, devices, computers or communications equipment, for the legitimate interests of maintaining an archive of our communication with you and address any outstanding issues, tasks and similar.
  • Information relating to any previous applications you may have made to iCard AD and/or any previous employment history with iCard AD., for the legitimate interests of our HR management
  • References and interview notes for the legitimate interests of maintaining proper HR folders of our employees.

 

3.    HOW DO WE COLLECT YOUR DATA?

Generally, we collect personal information directly from you in circumstances where you provide personal information (during the recruitment process, for example). However, in some instances, the personal information we collect has been inferred about you based on other information you provide us, through your interactions with us, or from third parties. When we collect your personal information from third parties it is either because you have given us express consent to do so, your consent was implied by your actions (e.g., your use of a third-party employee service made available to you by us), because you provided explicit or implicit consent to the third party to provide the personal information to us or because it is our legal obligation to obtain this information from competent authorities or other third parties. Where permitted or required by applicable law or regulatory requirements, we may collect personal information about you without your knowledge or consent.

We reserve the right to monitor the use of our premises, equipment, devices, computers, network, applications, software, and similar assets and resources. In the event such monitoring occurs, it may result in the collection of personal information about you. This monitoring may include the use of CCTV cameras in and around our premises.

 

4.    HOW DO WE USE THE PERSONAL INFORMATION WE COLLECT?

iCard AD may use your personal information in order:

  • To manage all aspects of the job application process, including, but not limited to the establishment of employment relationships. Examples of activities related to this include: determining eligibility for initial employment, including the verification of references and qualifications;
  • Where requested by you, assisting you with obtaining an immigration visa or work permit where required
  • For use in video conferencing.
  • To protect the safety and security of our workforce, guests, property, and assets (including controlling and facilitating access to and monitoring activity on and in our premises and activity using our computers, devices, networks, communications and other assets and resources).
  • To investigate and respond to claims against us.
  • To maintain emergency contact and other similar details.
  • To comply with applicable laws (e.g. health and safety, employment laws, tax laws), including judicial or administrative orders regarding individual employees (e.g., garnishments, other similar orders).
  • Carry out other purposes as part of our business activities when reasonably required by us.

 

5.    WITH WHOM DO WE SHARE PERSONAL DATA?

With other members of the iCard AD Corporate family: We may share your Personal Data with members of the iCard AD Corporate family Group of companies or within our corporate family of companies that are related by common ownership or control, so that we may adequately comply with our obligations to you or with the applicable law, or to manage the risk, or to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements and to help us manage our legitimate needs.

 

With third-party service providers: We may share personal information with third party service providers which provide us with important HR-related services at our decision and our behalf.

 

These third-party service providers may for example be:

  • Providing legal, tax, accounting or other professional services, which we may procure to comply with the applicable law or to protect or defend our rights or property
  • Like most international businesses, we have centralized certain aspects of our business operations, including for example, financial and human resources administration. This may result in the transfer of personal information from one country to another and amongst our various subsidiaries and affiliates. At the moment our HR services are managed by the Group HR – Intercapital Holding.
  • We may store some of the information we collect about you in cloud or other kind of data storages which are provided by third parties.
  • We may use third-party software and online platforms in order to manage our relations with you, which may result in your personal information being disclosed to the software providers.

 

With other third parties for our legitimate interest or as permitted or required by law: We may share information about you with other parties for our legitimate interest or as permitted or required by law, including:

  • Where required by law, by order or requirement of a court, administrative agency, or government tribunal, which includes in response to a lawful request by public authorities, including to meet national security or law enforcement requirements or in response to legal process or in case we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property.,
  • Where necessary to protect the rights, privacy, safety, or property of an identifiable person or group or to detect, prevent or otherwise address fraud, security or technical issues, or to protect against harm to the rights, property or safety of iCard users, applicants, candidates, employees or the public or as otherwise required by law.

 

6.    YOUR RIGHTS

You may exercise any of the rights described in this section before iCard AD by sending an email to dpo@icard.com . Please note that we may ask you to verify your identity before taking further action on your request.

Managing Your Information.

 

  • You have the right to obtain the following:
  • confirmation of whether, and where we are processing your personal data;
  • information about the purposes of the processing;
  • information about the categories of data being processed;
  • information about the categories of recipients with whom the data may be shared;
  • information about the period for which the data will be stored (or the criteria used to determine that period);
  • information about the existence of the rights to erasure, to rectification, to restriction of processing and to object to processing;
  • information about the existence of the right to complain to any Regulator;
  • where the data was not collected from you, information as to the source of the data; and
  • information about the existence of, and an explanation of the logic involved in, any automated processing.

Additionally, you may request a copy of the personal data being processed.

 

  • Rectification of Inaccurate or Incomplete Information.

You have the right to ask us to correct inaccurate or incomplete personal information concerning you.

 

  • Data Access and Portability.

You have the right to:

  • receive a copy of your personal data in a structured, commonly used, machine-readable format that supports re-use;
  • transfer your personal data from one controller to another;
  • store your personal data for further personal use on a private device; and
  • have your personal data transmitted directly between controllers without hindrance.

The Applicable law may entitle you to request copies of your personal information held by us.

 

  • Data Retention and Erasure.

We generally retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our regulatory obligations. As a general rule, we shall keep all information about you for a period of 6 months, unless we are otherwise obligated to keep said information for a longer or shorter period. You have a right to ask to erase your personal information. Please note that if you request the erasure of your personal information:

  • We may retain some of your personal information as necessary for our legitimate business interests, such as managing and enforcing our legal rights and claims.
  • We may retain and use your personal information to the extent necessary to comply with our legal obligations..
  • Because we maintain our archives to protect from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.
  • Withdrawal Of Consent

Where you have provided your consent to the processing of your personal information by us you may withdraw your consent at any time by sending a communication to us specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing and pending the verification whether our legitimate grounds override your own.

 

  • Objection To Processing.

In some jurisdictions, applicable law may entitle you to require us not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defence of legal claims.

Where your personal information is processed for any marketing purposes, you may, at any time ask us to cease processing your data for these direct marketing purposes by sending an e-mail to the addresses shown below.

 

LODGING COMPLAINTS

 

You have the right to lodge complaints about the data processing activities carried out by us before the competent data protection authorities:

 

Commission for Personal Data Protection

Address: Republic of Bulgaria, Sofia 1592  

2 Prof. Tsvetan Lazarov Blvd.

kzld@cpdp.bg

 

7.    OPERATING GLOBALLY

To facilitate our global operations we may transfer, store, and process your information within our family of companies or with service providers based in Europe. Laws in these countries may differ from the laws applicable to your Country of Residence. For example, information collected within the EEA may be transferred, stored, and processed outside of the EEA for the purposes described in this Privacy Policy. Where we transfer store, and process your personal information outside of the EEA we have ensured that appropriate safeguards are in place to ensure an adequate level of data protection.

 

8.    INTERNATIONAL TRANSFERS

Where we disclose any of your collected personal information outside EEA to USA, we shall comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework and any other adequacy decision.

In case personal information is shared with corporate affiliates or third-party service providers outside the EEA in absence of an adequacy decision, we have – prior to sharing your information with such corporate affiliate or third-party service provider – established the necessary means to ensure an adequate level of data protection. We will provide further information on the means to ensure an adequate level of data protection on request.

 

9.    CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to this Privacy Policy, we will make the revised Privacy Policy available to you through any means of communication. If you disagree with the revised Privacy Policy, you may inform us through the contact details contained hereinabove. If you do not contact us before the date the revised Privacy Policy becomes effective, you will be subject to the revised Privacy Policy.

 

10.  CONTACT US

If you have any questions or complaints about this Privacy Policy or our information handling practices, you may email us or contact us utilizing the contact details described hereinabove.