This Job Applicants Privacy Policy (“Privacy Policy”) explains what types of personal information we may collect about our candidates, as well as how it may be used.
In this Privacy Policy the terms “we”, “us” and “our” refers to iCard AD with seat and registered address in the Republic of Bulgaria, Varna city, Business Park Varna B1, and its affiliates and subsidiaries.
iCard AD (or the “Data Controller”) is a joint stock company , with seat and registered address at Business Park Varna B1, Varna city, 9009, Republic of Bulgaria, under Company Number 175325806, represented by Yavor Petrov. iCard AD is responsible for your information under this Privacy Policy.
If you are unsure how or if this Privacy Policy applies to you, please contact your Human Resources representative or our Data Protection Officer at dpo@icard.com .
We collect and maintain different types of personal information about you in accordance with applicable law. There are three general categories of information that we collect:
We ask for and collect from you the following personal information when you:
– apply for job postings and other similar publicly available offers that we may post from time to time
You may choose to provide us with additional personal information in order to improve your job applicant experience. This additional information will be processed based on your revocable consent.
During the course of our relationship, we may collect information, including personal information, about you. This information is necessary given our legitimate interest in ensuring the security of our business activities and the security of our other employees, our interest in enforcing our legal claims and improving our employee experience.
Generally, we collect personal information directly from you in circumstances where you provide personal information (during the recruitment process, for example). However, in some instances, the personal information we collect has been inferred about you based on other information you provide us, through your interactions with us, or from third parties. When we collect your personal information from third parties it is either because you have given us express consent to do so, your consent was implied by your actions (e.g., your use of a third-party employee service made available to you by us), because you provided explicit or implicit consent to the third party to provide the personal information to us or because it is our legal obligation to obtain this information from competent authorities or other third parties. Where permitted or required by applicable law or regulatory requirements, we may collect personal information about you without your knowledge or consent.
We reserve the right to monitor the use of our premises, equipment, devices, computers, network, applications, software, and similar assets and resources. In the event such monitoring occurs, it may result in the collection of personal information about you. This monitoring may include the use of CCTV cameras in and around our premises.
iCard AD may use your personal information in order:
With other members of the iCard AD Corporate family: We may share your Personal Data with members of the iCard AD Corporate family Group of companies or within our corporate family of companies that are related by common ownership or control, so that we may adequately comply with our obligations to you or with the applicable law, or to manage the risk, or to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements and to help us manage our legitimate needs.
With third-party service providers: We may share personal information with third party service providers which provide us with important HR-related services at our decision and our behalf.
These third-party service providers may for example be:
With other third parties for our legitimate interest or as permitted or required by law: We may share information about you with other parties for our legitimate interest or as permitted or required by law, including:
You may exercise any of the rights described in this section before iCard AD by sending an email to dpo@icard.com . Please note that we may ask you to verify your identity before taking further action on your request.
Managing Your Information.
Additionally, you may request a copy of the personal data being processed.
You have the right to ask us to correct inaccurate or incomplete personal information concerning you.
You have the right to:
The Applicable law may entitle you to request copies of your personal information held by us.
We generally retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our regulatory obligations. As a general rule, we shall keep all information about you for a period of 6 months, unless we are otherwise obligated to keep said information for a longer or shorter period. You have a right to ask to erase your personal information. Please note that if you request the erasure of your personal information:
Where you have provided your consent to the processing of your personal information by us you may withdraw your consent at any time by sending a communication to us specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing and pending the verification whether our legitimate grounds override your own.
In some jurisdictions, applicable law may entitle you to require us not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defence of legal claims.
Where your personal information is processed for any marketing purposes, you may, at any time ask us to cease processing your data for these direct marketing purposes by sending an e-mail to the addresses shown below.
LODGING COMPLAINTS
You have the right to lodge complaints about the data processing activities carried out by us before the competent data protection authorities:
Commission for Personal Data Protection
Address: Republic of Bulgaria, Sofia 1592
2 Prof. Tsvetan Lazarov Blvd.
To facilitate our global operations we may transfer, store, and process your information within our family of companies or with service providers based in Europe. Laws in these countries may differ from the laws applicable to your Country of Residence. For example, information collected within the EEA may be transferred, stored, and processed outside of the EEA for the purposes described in this Privacy Policy. Where we transfer store, and process your personal information outside of the EEA we have ensured that appropriate safeguards are in place to ensure an adequate level of data protection.
Where we disclose any of your collected personal information outside EEA to USA, we shall comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework and any other adequacy decision.
In case personal information is shared with corporate affiliates or third-party service providers outside the EEA in absence of an adequacy decision, we have – prior to sharing your information with such corporate affiliate or third-party service provider – established the necessary means to ensure an adequate level of data protection. We will provide further information on the means to ensure an adequate level of data protection on request.
We reserve the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to this Privacy Policy, we will make the revised Privacy Policy available to you through any means of communication. If you disagree with the revised Privacy Policy, you may inform us through the contact details contained hereinabove. If you do not contact us before the date the revised Privacy Policy becomes effective, you will be subject to the revised Privacy Policy.
If you have any questions or complaints about this Privacy Policy or our information handling practices, you may email us or contact us utilizing the contact details described hereinabove.