INFORMATION ON THE USE OF PERSONAL DATA

ARTICLE 13 OF THE 2016/679 (EU) REGULATION (“GDPR”)

 

CONTROLLER

·       Wyser EOOD, registration number UIC 130257069, fiscal identification number BG130257069, in the person of its legal representative (“Wyser”)

·       Tack & TMI Bulgaria EOOD, registration number UIC 131065310, fiscal identification number BG131065310, in the person of its legal representative (“Tack & TMI”)

·       GI Group EOOD, registration number UIC 131049402, fiscal identification number BG131049402, in the person of its legal representative (“Gi Group”)

·       GI Group Outsourcing EOOD, registration number UIC 205946686, in the person of its legal representative (“Gi Group Outsourcing”)

 

All acting as Gi Group companies (“Companies” or “Joint Controllers”)

Same contact address: Sofia, 84 Aleksandar Stamboliyski blvd., fl.6;

Same phone: +359 2 952 36 90 Same e-mail address: bg.privacy@gigroup.com

DATA PROTECTION OFFICER

Piazza IV Novembre 5, 20124 Milan for the attention of the “Data Protection Officer”

e-mail address: dpo@gigroup.com

WHY ARE YOUR PERSONAL DATA PROCESSED AND

WHAT IS THE CONDITION THAT MAKES THE PROCESSING LAWFUL?

FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?

1. Regular candidate notification communications

Sending regular communications notifying candidates in administration or for direct information with automated contact procedures (e-mail, sms).

The legal basis that legitimates the use is consent. The provision of the consent to use the data for the above purposes is completely optional.

Until consent is withdrawn

2. Marketing by the Companies

Sending informative and promotional communications for the services offered by the Companies (temporary work, search and selection) to complete studies and statistical and/or market research or for events organized by the companies, all with traditional contact procedures (letter post, operator calls) and with automated contact procedures (e-mail, sms, mms, instant messaging systems),

The legal basis that legitimates the use is consent. The provision of the consent to use the data for the above purposes is completely optional.

3. Marketing by other Gi Group companies

Sending informative and promotional communications for the services offered by the other companies of the Group – located in the EU and outside – (in particular HR consultancy and training, HR administration outsourcing, relocation support, search and selection of personnel, executive search, field marketing), or to complete studies and statistical and/or market research, or for events organized by the companies all with traditional contact procedures (letter post, operator calls) and with automated contract procedures (e-mail, sms, mms, instant messaging systems).            

The legal basis that legitimates the use is consent. The provision of the consent to use the data for the above purposes is completely optional.

Upon expiry of the retention periods indicated above, the personal data will be destroyed, erased or rendered anonymous in accordance with cancellation and backup procedures.

 

 

 

RECIPIENTS OF THE DATA

Personal data may only be processed by employees of the Companies departments authorised to process such data, as they are responsible for pursuing the above-mentioned purposes. These employees have received adequate operating instructions in this respect. Personal data may be communicated by the Companies for the pursuit of the purposes set out in point 3 above to the companies of the Group abroad.

Personal data may also be processed by external bodies, expressly appointed as data Processors, which provide the Companies with:

•         consultancy services;

•         customer database management and maintenance services

•         filing services;

•         services to enable communications to be posted;

•         market research services.

The list of data recipients is constantly updated and can be found easily and free of charge by sending a written communication to the Controller or an e-mail to bg.privacy@gigroup.com

 

 

DATA SUBJECTS RIGHTS

Data subjects can ask the Joint Controllers for access to his/her personal data, its deletion, the correction of incorrect data and the addition to incomplete data as well as the limitation of the use in the cases set out in article 18 of the GDPR.

Data subjects are also entitled, if the conditions for exercising the right of portability as referred to in article 20 of the GDPR are in place, to receive the data provided to the Joint Controllers in a structured format in common use that can be read by automatic devices, as well as if technically feasible to transmit it to other controllers without hindrance.

These rights may be exercised by writing by post, to the address indicated above, or by e-mail to the following e-mail address: bg.privacy@gigroup.com When the request is submitted by electronic means, the information will be provided in an electronic format in common use.

At any time, you may submit a complaint to the Data Protection Authority, as well as pursue recourse to other means of protection provided for by the applicable laws. 

 

RIGHT TO OBJECT TO DIRECT MARKETING PURPOSES

Data subjects have the right to object at any time to the use of the personal data that they consider to be used for direct marketing purposes, by writing by post to the address indicated above and/or by e-mail to the following e-mail address: bg.privacy@gigroup.com and/or by clicking on the appropriate links contained in the communications that will be sent to them.

 

WITHDRAWAL OF THE CONSENT

Data subjects have the right to withdraw the consent at any time by writing by post to the address indicated above and/or by e-mail to the following e-mail address bg.privacy@gigroup.com and/or by clicking on the appropriate links contained in the communications that will be sent to them.

Withdrawal of the consent does not prejudice the legality of the use based on the consent that you provided before the withdrawal.

 

JOINT CONTROLLERSHIP AGREEMENT

The Companies have stipulated a joint-controllership agreement, pursuant to Article 26 of the GDPR, by which they have determined their respective responsibilities in particular as regards the joint determination of:

·       the purposes and means of the processing of Personal Data;

·       the procedures for providing timely feedback to data subjects’ requests to exercise their rights, as described in the “data subjects’ rights” section of this notice;

·       appropriate security measures for the processing of Personal Data and the procedures for the management of data breaches;

·       the content of this notice.