Customers privacy notice

INFORMATION ON THE PROCESSING OF PERSONAL DATA – ART. 13 OF REGULATION (EU) 2016/679 (‘GDPR’)

 

WHO IS THE DATA CONTROLLER?

  • Wyser EOOD, registration number UIC 130257069, fiscal identification number BG130257069, in the person of its legal representative (“Wyser”)
  • Tack & TMI Bulgaria EOOD, registration number UIC 131065310, fiscal identification number BG131065310, in the person of its legal representative (“Tack & TMI”)
  • GI Group EOOD, registration number UIC 131049402, fiscal identification number BG131049402, in the person of its legal representative (“Gi Group”)
  • GI Group Outsourcing EOOD, registration number UIC 205946686, in the person of its legal representative (“Gi Group Outsourcing”)

 

All acting as Gi Group companies (“Companies” or “Joint Controllers”)

Same contact address: Sofia, 84 Aleksandar Stamboliyski blvd., fl.6

Same phone: +359 2 952 36 90 Same e-mail address: bg.privacy@gigroup.com

 

HOW CAN YOU CONTACT THE DATA PROTECTION OFFICER (‘DPO’)?

Piazza IV Novembre 5, 20124 Milan, to the attention of the ‘Data Protection Officer’

e-mail: dpo@gigroup.com

 

WHY ARE YOUR PERSONAL DATA PROCESSED AND WHAT IS THE CONDITION THAT MAKES THE PROCESSING LAWFUL?

  1. Response to request for information

The processing of personal data is carried out to process requests for information on the services offered by Companies. Wyser may provide the contact details or forward them directly to the related Group company for the purpose of a suitable and timely reply by the same.

Pursuant to art. 6(1)(B) of the GDPR, the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  1. Regular candidate notification communications

The processing of personal data is carried out to send periodic communications to report candidates in administration or for direct insertion.

The legal basis that legitimizes the processing is consent. It is understood that the consent to the processing of data for this purpose is purely optional

  1. Marketing by the Companies

The processing of personal data is carried out to send information and promotional communications relating to the services offered by the Companies (temporary work, search and selection) to complete studies and statistical and/or market research or for events organized by the companies, using both traditional and automated contact methods (e.g. e-mail, sms, phone calls, etc.).

The legal basis that legitimizes the processing is consent. It is understood that the consent to the processing of data for this purpose is purely optional.

  1. Marketing by other Gi Group companies

The processing of personal data is carried out to receive information and promotional communications from other companies of the Group – also located outside the European Economic Area – relating to the services offered by the same companies, or for carrying out of studies and statistical and/or market research, using both traditional and automated contact methods (e.g. E-mail, sms, phone calls, etc.).

The legal basis that legitimizes the processing is consent. It is understood that the consent to the processing of data for this purpose is purely optional.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

  1. Response to request for information

The data will be stored for the time necessary to process requests for information.

  1. Regular candidate notification communications

The data will be processed until the consent is withdrawn.

  1. Marketing by the Companies

The data will be processed until the consent is withdrawn.

  1. Marketing by other Gi Group companies

The data will be processed until the consent is withdrawn.

Once the retention terms indicated above have elapsed, the personal data will be erased or rendered anonymous, compatibly with the technical cancellation and backup procedures.

 

ARE YOU OBLIGED TO PROVIDE THE PERSONAL DATA?

The provision of personal data highlighted with an asterisk in the form is mandatory: the refusal to provide such personal data does not allow Wyser to process requests for information.

 

WHO ARE THE RECIPIENTS OF THE PERSONAL DATA?

Personal data will be processed exclusively by employees of the Companies functions authorized to process data for the aforementioned purposes, who have been expressly authorized to the processing and who have received adequate operating instructions.

Personal data may be disclosed to the following categories of subjects that act as controllers:

  • Group companies abroad, even outside the European Economic Area, if the request for information concerns services offered by other Group companies.

Personal data may also be processed, on behalf of the Companies, by persons designated as Data Processors. These subjects are included in the following categories:

  • Site management and maintenance services;
  • Customer database management and maintenance services;
  • Archiving services;
  • Communications mailing services;
  • Market research services.

The list of data recipients can be obtained by sending a written communication to the Data Controller or an e-mail to bg.privacy@gigroup.com

 

DO WE TRANSFER DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)?

The data can be transferred abroad to countries not belonging to the EEA, and in particular to:

  • Argentina, Switzerland and the United Kingdom, whose data protection level has been deemed adequate by the European Commission pursuant to art. 45 of the GDPR
  • Brazil, China, Colombia, Hong Kong, India, Montenegro, Russia, Serbia, Turkey, upon signing the Standard Contractual Clauses adopted / approved by the European Commission pursuant to art. 46, 2, c) and d) of the GDPR

Adequacy decisions can be consulted at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

A copy of the standard contractual clauses signed by Gi Group can be obtained by sending an e-mail to bg.privacy@gigroup.com

 

WHAT ARE THE DATA SUBJECTS RIGHTS?

Data subjects can ask the Joint Controllers for access to their personal data, their correction or cancellation, the integration of incomplete data, the limitation of processing in the cases provided for by art. 18 GDPR, as well as the opposition to processing in case of data processed for direct marketing purposes or legitimate interests.