BSG INTERNATIONAL SRL PRIVACY POLICY STATEMENT

image

WHAT THIS PRIVACY POLICY COVERS

Privacy of the personal data subject is our priority. We know how important information about personal data processing is. This Privacy Policy shall describe how and why we process certain personal data, actions we take, rights of the personal data subject and ways to exercise them.

This Privacy Policy shall be applied in economical, operational and managerial activity of the Company, cover the employees of the Company, the range of subjects whose personal data is processed by the Company, visitors of office premises of BSG International SRL, our website, social media accounts and other platforms through which the Company may interact with all interested parties.

PERSONAL DATA THAT WE PROCESS

BSG International SRL may process personal data obtained in the manner prescribed by the GDPR for the purpose of fulfilling the contractual obligations between BSG International SRL and our Clients due to contractual obligations with our Clients (Clients shall be considered as Data Controllers within the meaning of the GDPR).

We may process the personal data for the purposes listed below:

Personal data is information that relates to an identified or identifiable individual. We may process the personal data, including:

  • full name and title
  • date of birth, marriage and divorce
  • contact information
  • emergency contact
  • passport, visa (consular documents), information about citizenship
  • recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)
  • facial image or footage
  • device identifiers such as IP addresses and MAC addresses

HOW WE USE PERSONAL INFORMATION

The purposes for which we may process personal data include:

  • identification of the person and ensuring that communication regarding the employment process with a potential employer is accurate and duly related to the personal data controller
  • determining compliance with labor laws and wage rates, as well as ensuring proper performance of work tasks and duties in relation to a potential employer
  • the ability to contact a specific person with employment-related issues (e.g., to arrange an interview)
  • obtaining information and evidence of compliance with the terms and conditions governing the right to work, the right to stay in a particular country and the status required for employment in a particular country, as well as confirming the person’s legal capacity
  • contacting the specified person in case of emergency
  • making the information provided available to the HR team and the potential manager to find and offer a job position that matches the applicant’s skills, interests and abilities, as well as providing information about previous positions and experience.
  • managing attendance
  • to prevent fraud

We do not process personal data related to personal, “sensitive” information, disclosing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data making it possible to accurately identify a person, health data or data on sexual life or sexual orientation.

Please note that interviews, reference verification, and review of information on an individual’s social media accounts may be a part of process for consideration of application from our Client.

PERSONAL DATA PROCESSING PRINCIPLES

We guarantee that personal data will be:

  1.  processed in a lawful, fair and transparent manner with respect to the data subject in question (“lawfulness, fairness and transparency”);
  2.  collected for specific, explicit and legitimate purposes, without further processing in a manner inappropriate for those purposes; further processing for archiving purposes of public or scientific interest or for historical or statistical research purposes shall not be deemed incompatible with the initial purposes (“purpose limitation”) as defined in paragraph (1) of Article 89 of the GDPR;
  3. processed appropriately, adequately and to the extent necessary for the purposes for which it is processed (“data minimization”);
  4. adequate and, if necessary, up-to-date; all reasonable measures must be taken to ensure that personal data that is inaccurate and relates to the purposes for which it is processed is immediately deleted or corrected (“accuracy”);
  5. stored in a form that makes it possible to identify the data subjects to the extent necessary for the purposes for which the personal data is processed; personal data may be stored for a longer period of time, provided that personal data are processed exclusively for archiving purposes in the public interest or for scientific, historical or statistical research purposes, in accordance with paragraph (1) of Article 89(2) of the GDPR, provided that the relevant technical and organizational measures are implemented in accordance with this Regulation in order to protect rights and freedoms of data subjects (“limitation of archival life”);
  6. processed in a manner that ensures adequate security of personal data, including protection against unauthorized and unlawful processing, as well as against accidental loss, destruction or damage, using appropriate technical and organizational measures (“integrity and confidentiality”).
  7. only use secure, encrypted methods of transfer to send data within the BSG International SRL and to partners working on our IT platform.

The legal basis for the processing is:

  • Personal data subject’s explicit consent, according to Article 6(1), let. A) of the GDPR. We inform you that your consent can be freely withdraw at any time by sending an e-mail to: DPO@bsg-eu.com and your Personal Data will be immediately deleted or anonymized
  • Processing is necessary for the purposes of our legitimate interests, namely to ensure that the security of our buildings and their contents are maintained at all times
  • preventing or detecting unlawful acts

PERSONAL DATA TRANSFERS

Usually, BSG International SRL does not transfer or disclose personal data to other companies, organizations or individuals in any country in the EU and the European Economic Area (including countries that have not joined the GDPR). However, in some cases, it is possible to disclose personal data to other individuals or legal entities in compliance with applicable laws and while always making reasonable efforts to ensure that they have taken appropriate protection and security measures. If a third party is engaged as a processor of personal data, BSG International SRL will ensure that it enters into a written agreement with the Company under which it undertakes, among other obligations under the personal data protection law, to (i) process personal data only in accordance with written instructions previously provided by the Company and (ii) effectively implement measures aimed at protecting the confidentiality and ensuring the security of personal data.

It should be noted that it is not possible to provide accurate information about the exact identification of all possible recipients of personal data, as it was not addressed in advance for each category of data subjects, however, depending on the nature of the data subject’s interaction with the Company, we may provide information to the following recipients:

  1. public authorities in any field, institutions that are competent in controlling activities or assets in Romania or abroad – at their request or at the initiative of BSG International SRL, in accordance with applicable law;
  2.  accountants, auditors, attorneys and other third-party professional advisors from Romania and abroad;
  3.  individuals or legal entities acting as authorized representatives of BSG International SRL in various fields (e.g. payment services, archiving or document destruction services, etc.) in Romania or abroad;
  4.  any relevant individual, agency, authority or court in Romania or any other country – within the scope required to determine, exercise or defend the rights of BSG International SRL;
  5.  relevant purchaser or potential purchaser in Romania or in any other country in the event of the sale or transfer of all or part of the shares, assets of BSG International SRL or the business (including in the event of reorganization, dissolution or winding-up of BSG International SRL) and its advisors.

Data received by BSG International SRL will not be transferred outside the European Economic Area (EEA) and to the countries that have not been recognized by the European Commission as the ones that provide with equivalent level of data protection under the GDPR, personal data will not be processed outside the EEA and the countries that have not been recognized by the European Commission as the ones that provide with equivalent level of data protection under the GDPR, without prior assurance that any entity receiving such data, providing with protection agrees to and complies with the restrictions imposed by the GDPR (or any other similar regulation or agreement that may be approved from time to time by the European Commission).

TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY (cross-border transmission)

We do not transfer any personal data to the countries outside the European Economic Area or to the countries that have not been recognized by the European Commission as the ones that provide with equivalent level of data protection under the GDPR without prior consent and adherence to Chapter V of the GDPR, as well as the implementation of appropriate safeguards. Any such transfer is carried out in compliance with the data protection standards established by the FADP and the GDPR. Should we undertake such a transfer, we will inform the data subject and take all necessary measures to ensure a secure transfer.

THE WAY WE PROTECT PERSONAL DATA

We use a set of organizational and technical measures to protect personal data.

Thus, BSG International SRL:

  1.  ensures the protection of premises, equipment and system software;
  2.  prevents unauthorized access to personal data during their processing, in particular during transmission via telecommunication networks;
  3. ensures effective methods for blocking, destroying, deleting or anonymizing personal data.

When it comes to critical areas, we periodically assess the impact of personal data protection, taking into account the risks associated with processing, in particular due to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed.

According to the GDPR, the Processor shall also use methods of pseudonymization, anonymization, and coding when collecting personal data. Technical and organizational measures to ensure safe processing are regularly tested, analyzed and assessed.

PERIOD DURING WHICH WE KEEP YOUR DATA

BSG International SRL will process personal data for as long as necessary to achieve the purposes of processing specified above, taking into account the date of delivery to the Client of the results of the actions to which the data processing was related. If you are a Client or a relevant data subject, and there is a long-term regular legal relations, we will process your data during the entire period of contractual relationships and beyond, if necessary, in accordance with the legal obligations imposed on BSG International SRL (e.g., storage of documents containing personal data or documents for which a certain retention period is set by law).

If you withdraw your consent to data processing, BSG International SRL will cease processing your personal data, but this shall not apply to data processed by BSG International SRL on the basis of the consent you provided before withdrawal.

WHAT ABOUT THE RIGHTS OF THE PERSONAL DATA SUBJECT?

According to the GDPR, BSG International ensure the exercise of the following rights:

  • RIGHT TO ACCESS – Personal data subjects shall be entitled to know what personal data we process and why. That is why we communicate information about our data processing activities in advance through this Privacy Policy and are ready to provide advice and information regarding aspects of application of the GDPR.
  • RIGHT TO RECTIFICATION – We always rectify/delete incorrect information upon a reasonable request of an authorized person.
  • RIGHT TO BE DELETED / BE FORGOTTEN We will delete personal data from our records permanently upon a reasonable request of an authorized person or withdrawal of consent to the use of personal data.
  • RIGHT TO RESTRICT DATA PROCESSING – We may restrict our data processing activities in certain cases upon a reasonable request of an authorized person. This means that we will continue to store the information, but we will suspend any other processing.
  • RIGHT TO DATA PORTABILITY – In certain cases, the data subject shall be entitled to ask us to send him/her the processed personal data in electronic form.
  • RIGHT TO OBJECT – Personal data subjects shall be entitled to object to the processing of their personal data in whole or in part, even if we have a legitimate legal basis for its processing. This can be done when we process information on the basis of our legitimate interest and personal data subject believes that his or her personal interest prevails over ours.
  • RIGHT TO WITHDRAW CONSENT – While processing personal data, a personal data subject shall be entitled to withdraw his/her consent at any time.
  • RIGHT TO APPEAL TO THE FEDERAL DATA AND INFORMATION PROTECTION COMMISSIONER – If the data subject has a complaint regarding the way we use certain data or the way we respond to privacy-related questions of the data subject, he or she may file a complaint with the National Supervisory Authority for Personal Data Processing (Autoritatea National de Supraveghere a Prelucrarii Datelor cu Caracter Personal, abbreviated as ANSPDCP). http://www.dataprotection.ro/

INFORMATION ABOUT THE PROCESSOR AND
THE PERSON RESPONSIBLE FOR DATA PROTECTION:

If you have any questions about the processing of personal data in general, the way we process specific personal data, or about this Privacy Policy, please contact us:

Data Protection Officer

BSG International SRL, Suceava, Prof. Leca Morariu, nr. 6, bl. D Prim, sc. A, et. 3, ap. 8, jud. Suceava

E-mail: dpo@bsg-eu.com

CAN WE UPDATE OUR PRIVACY POLICY?

We can update our Privacy Policy from time to time.

Data protection laws are regularly updated, the National Supervisory Authority for Personal Data Processing (Autoritatea National de Supraveghere a Prelucrarii Datelor cu Caracter Personal, abbreviated as ANSPDCP) regularly publishes its recommendations and guidelines, so we may change our technology or our business model.