GDPR Policy: Lets Do Ltd. is a company registered as a recruitment agency under the procedure of Art. 5, item 1 of the Ordinance on the terms and procedure for performing intermediary activity on employment with certificate of registration № 2543 / 15.06.2018, issued by the Employment Agency.
In order to achieve the objectives of our main activity - informing and / or consulting jobseekers and employers and in order to fulfill our obligation to the Employment Agency to administer and control the mediation activities for employment, we collect, store and we process personal data of candidates. We use your personal information solely for the purposes of selection; we maintain the security of your personal data by ensuring constant internal and technical control and we guarantee your rights that the General Data Protection Regulation provides to you.
All rules and procedures concerning the processing of your personal data are in accordance with the General Data Protection Regulation (GDPR) 2016/679, the Personal Data Protection Act, the Employment Act and the secondary legislation such as the Ordinance on Conditions and the order for carrying out intermediary activity on recruitment and others.
23rd of May 2018
FOR THE MANAGEMENT AND PROVISION OF THE CONFIDENTIALITY OF PERSONAL DATA
At LETS DO Ltd. we collect and process personal data in a lawful, conscientious and transparent manner, respecting the principle of privacy and non-interference in the privacy of the citizens.
We will process your personal data only when:
1.(a) you have given us consent to the processing of personal data for one or more specific purposes;
(b)processing is necessary for the performance of the employment agency contract to which you are a party;
(c) processing is necessary to comply with a legal obligation that applies to the controller and relates to our main subject matter of recruitment and counseling.
(1) the persons who apply to work with us;
(2) the candidates we provide or assign to one of our clients;
(3) users of the https://zoomonpeople.com website as well as those who have applied for work through jobsite platforms;
This Policy describes the types of personal data we collect, the purpose and the way we use them, and the individuals we share with them, as well as the rights and options available to individuals about the use of their data.
We also describe the steps we take to protect data privacy and the way you can contact us about our privacy practices and exercise your rights.
The legal basis for processing the above-mentioned personal data is related to the subject of our main activity - informing and consulting the jobseekers and, on the other hand, is our legal obligation to conclude the Intermediary Contract for employment with the candidates, which we should register in the Agency's information platform. In addition, in relation to the same obligations, we should keep the data and the CV of the candidates for 5 years (for more information, see Article 41 (2) of the Ordinance on the Terms and Procedure for Mediation Recruitment) .
We will keep your personal data for a period of 5 years in accordance with Bulgarian law and as long as it is necessary to satisfy our legitimate business interests, legal obligations, or the emergence, exercise or protection of our rights. We are committed to updating your data through a contact with you to provide you with the best career opportunities.
You may withdraw consent to the use of your personal data for the purposes of selection and will be erased in a secure manner.
We do not disclose the personal data we collect for you except as described in this Policy. We share your personal data with clients who can offer suitable job opportunities or want to offer work to our job candidates.
In addition, we may disclose information about you, (i) if we are liable by law or judicial procedure, (ii) law enforcement and civil servants on the basis of a lawful request for disclosure, and (iii) in cases where we believe this is necessary in order to prevent personal injury or financial loss or in connection with the investigation of alleged or actual fraudulent or illegal activity.
We also reserve the right to transfer personal data to you in the sale or transfer of our business or property or part thereof (including in the event of restructuring, termination and liquidation).
You may request access to the personal data we support for you or require us to correct, alter, erase or block the data by contacting your Personal Career Advisor or as directed in the "Contact Us" section of this Policy. Deletion of personal data at your request is possible insofar as there are no statutory storage obligations.
You may withdraw any consent that you have given us, or may appeal the processing of your personal data at any time on a legal basis, and we will then apply your preferences in force.
Information about the actions we take in connection with any requests you have received will be provided free of charge within 30 calendar days of receipt of your request. You have the right to complain about the processing of your personal data by Lets Do Ltd. to the Commission for personal data protection at email: firstname.lastname@example.org.
We maintain and apply administrative, technical and physical safeguards for information security and protection of personal data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Employees who have access to personal data are trained to work with sensitive information are required to treat the information as confidential.
We cooperate with the Commission on the protection of personal data, both in the identification of risks and control mechanisms, and at any request by the supervisory authority in the performance of its duties.
In the event of a personal data breach, we will notify the Data Protection Commission within 72 hours of learning of breach, pursuant to Article 33 of Regulation (EC) 2016/679. In the event of a high risk of your rights and freedoms, you will also be duly informed by a message of the email that you have indicated for a link to the nature of the violation and measures to mitigate the adverse effects.