In order to accomplish the objectives of our HR activity – selection and recruitment internal company process and to fulfil our legal obligations to the GDPR Regulation for the administration and control of the recruitment activities, we collect, store and process personal data of the candidates and we ensure:
- usage of your personal data for selection purposes only.
- maintaining your personal data confidential, up-to-date and available by applying technical solutions, organizational measures and internal control procedures.
- transparent procedures for managing your personal data so you can easily and effectively exercise your rights under the GDPR Regulation.
- a Lead Consult Recruiter that will provide you with the most appropriate job offers, managing interviews, and full assistance for managing your personal data.
- DPO who will ensure and protect your rights, as well as carry out communication related to any GDPR Regulation questions.
Our commitment is not only to provide professional services and full assistance for your professional accomplishment in the recruitment process, but also the security of your personal data in full compliance with Regulation (EC) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred only to as the GDPR Regulation – but we also implemented the Information Security Management System according to the international standard ISO 27001:2013.
For more detailed information, please thoroughly familiarize yourself with the full text of our Policy on management and confidentiality of personal data, while we also remain available for further information and advice.
POLICY ON MANAGEMENT AND CONFIDENTIALITY OF PERSONAL DATA
We, Lead Consult OOD, collect and process personal data in a lawful, conscientious, and transparent manner, respecting the principle of privacy and non-interference in the personal life of citizens. Our Policy on confidentiality of personal data binds us by the commitment to process your personal data only in case:
- Based on legitimate interest– these grounds apply when you submit your CV on one of our job offers, but your competences do not fully match with the employer’s specified requirements. In this case your CV is entered into our database for a period of 6 months, so that we can offer you suitable positions.
Your e-mail becomes the identifier of your personal Candidate file, with which you can perform all legitimate actions related to the GDPR Regulation.
When we contact you regarding with the job offer appropriate for your profile and preferences, your file will be processed according to point 1.
- Based on explicit agreement– these grounds apply for all candidates who are present in our database in relation to point 1 after the expiration of the aforementioned processing period. These grounds are also valid for candidates who have been entered into our database prior to 25.05.2018. We will contact you in order to receive your explicit agreement or refusal for future processing of your private data for the purposes of selection and recruitment process.
If we receive your agreement, your e-mail will become the identifier of your personal Candidate file, with which you can perform all legitimate actions related to the GDPR Regulation.
This Policy on management and confidentiality of personal data fully complies with the requirements of the General Data Protection Regulation – Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and on the repealing Directive 95/46 / EC (General Data Protection Regulation), Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), the Personal Data Protection Act, the Electronic communications Act and the Ordinance on terms and conditions for performing employment mediation activities and shall apply to:
(1) the persons who apply for a job with us;
(3) applicants who are provided by our recruiting partners to process our clients’ positions;
(4) users of the websites https://leadconsult.eu, as well as those who have applied for jobs through the platforms of our partners: dev.bg, jobs.bg, zaplata.bg, rabota.bg, LinkedIn and Facebook company profile, etc.;
This Policy describes the types of personal data we collect, the purpose and the manner we use them and the individuals with whom we share it, as well as the rights and options available to individuals concerning the use of their data. We also describe the steps we take to protect the confidentiality of data and the ways you can contact us about our confidentiality practices and the exercise of your rights.
Data we collect
We collect personal data about you in various ways, such as through our site, our recruiting partners, public information platforms for jobseekers (e.g.: dev.bg, jobs.bg, zaplata.bg, etc.), social network channels (e.g., Facebook and LinkedIn, etc.), at events, by phone or e-mail, job applications and personal selection, and in the course of our relationship with customers and suppliers. We may collect the following types of personal data:
- contact details (names, e-mail address and phone number);
- date of birth;
- nationality and status of work permits;
- other information included in your CV, information you provide about your career development preferences and other information about your recruitment qualifications:
- previous job, employers and education data;
- business, technical and language skills and other job-related skills;
- information provided through references,
- information from interviews, tests, face-to-face and remote communication carried out in relation to the selection procedure
- other data you may provide to us, such as through the email feature on our site.
We are obliged not only to refrain from using your personal data for purposes other than the purpose of selection and recruitment process but also from transferring your data to the Lead Consult Managers who cannot demonstrate compliance with the GDPR. In addition, we make sure to manage your personal data by transparent and accessible procedures, to protect technically and to the maximum degree the data and preserve its integrity, availability, and confidentiality.
Attention: We recommend that you do not include data relating to racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties or organizations, associations with religious, philosophical, political or trade-union purposes in your CV; as well as information related to the health and sexual life of the individual. These are “sensitive data” that is not relevant to the subject of selection and recruitment process. We warn that it is risky and for the purposes of recruitment one does not have to provide essential data from identity documents such as personal ID number, passport/ID card number, validity terms and the like.
Data collected by automated means
Lead Consult’s website collects a series of generic data and information when a data object or an automated system call the website. These generic data and information are stored in the log files on the server.
The data collected can be:
(1) the types and versions of the browser used,
(2) the operating system used by the access system,
(3) the website from which our website was accessed (the so-called Referents),
(4) the date and hour of access to the website,
(5) the Internet Protocol (IP) address,
(6) the ISP of the access system, and
(7) any other similar data and information that may be used in case of attacks on our information technology systems.
When using this general data and information, Lead Consult does not make any judgments regarding the data subject.
Rather, this information is needed to:
(1) correctly prepare the content on our website,
(2) optimize the content of our website as well as its advertising,
(3) ensure the long-term viability of our information technologies and web technologies, and
(4) provide law enforcement authorities with the necessary information for prosecution in case of a cyber-attack.
Therefore, Lead Consult analyses the collected data and information anonymously by statistical tools in order to increase the data protection and data security of our enterprise and to ensure an optimal level of protection of the personal data we process. Anonymous log file data on the server is stored separately from any personal data provided by the data subject.
Purposes and ways of using the information we collect
We use the information described above to perform the following activities:
- selection and recruitment
- sending vacancy notices;
- protection against, identification of and prevention of fraud and other illegal activities, claims and other obligations, and
- compliance and enforcement of applicable legal requirements, sectoral standards and contractual obligations and of our rules.
In addition to the above activities, if you are a job candidate and apply for a particular position, we use the data described in these confidentiality rules in order to:
- Make opportunities and job offers available to you;
- Analyze data such as:
- review of our database of job applicants,
- assessing individual performance and opportunities, including assessment of work-related skills,
- identification of missing skills,
- use of information to compare individuals and potential openings; and
- analysis of data channels (trends in selection and recruitment practices).
We may also use the information in other ways, of which we will provide a special notification at the time of or prior to collection.
We use Google Analytics, a web analytics service provided by Google Inc. to evaluate the use of our site and services, compile activity reports, and provide other services related to the use of the Internet. The Google Privacy Statement can be viewed at http://www.google.com/intl/None/policies/privacy/
By using our sites, you agree for your data to be processed by Google in the manner and for the purposes outlined above. If you choose, you can opt out of your Google Display Advertising processing and/or personalize your ads by using Google Ads Settings at: http://www.google.com/settings/ads. For more information about Google Analytics, please visit https://www.google.com/analytics/.
Data storage and Data updating
We will store your personal data in accordance with Bulgarian law and our legitimate business interests, legal obligations, or the emergence, exercise or protection of our rights.
We are committed to updating your data by contacting you in order to provide you with the best career opportunities.
In case you have provided personal data for the purposes of selection and recruitment, based on explicit agreement, you can withdraw your agreement at any point of time and we will securely delete your data.
Data that we share
We do not disclose the personal data we collect from you except as described in this Policy. We share your personal data with our Hiring Managers who may offer suitable job opportunities or want to offer work to our job applicants.
All data processors are carefully screened and checked for compliance with GDPR requirements. Agreements on confidentiality and non-dissemination of information have been concluded with them.
In addition, we may disclose information about you:
- if we are so obliged by virtue of law or judicial procedure,
- to law enforcement bodies and civil servants on the basis of a lawful request for disclosure, and
- in cases where we believe this is necessary in order to prevent personal injury or financial loss or in connection with the investigation of alleged or actual fraudulent or illegal activity.
Your rights and choices available
We provide you with certain choices regarding the personal data we collect from you and the way we communicate with you. In order to update your preferences, to request that we remove your data from the periodic communication list, to exercise your rights, or to make a request, contact the Recruitment Specialist by email address
You may request access to the personal data we maintain in regard to you or require us to correct, amend, erase or block the data by contacting the Recruitment Specialist by email address Deletion of personal data upon your request is possible insofar as there would be no statutory storage obligations.
You may withdraw any consent that you have given us, or may appeal the processing of your personal data at any time on a legal basis, and we will then follow your valid preferences.
Information about the actions we take in connection with any requests you have received will be provided at no charge within 30 calendar days as of receipt of your request.
How we protect personal data
We have implemented and maintain an Information Security Management System in accordance with the requirements of international standard ISO 27001:2013.
We have appointed an Information Security and Data Protection Officer, who has the necessary competencies.
We maintain and apply administrative, technical and physical safeguards for information security and protection of any personal data that you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
The employees, who have access to personal data, are trained to work with sensitive information and are obliged to treat the information as confidential.
We have conducted an impact assessment on data protection and we have envisaged data protection at the design stage of the company’s products and processes, as well as a periodic risk assessment with a view to continuously improving the Policy on management and confidentiality of personal data.
We cooperate with the Personal Data Protection Commission, both in the identification of risks and control mechanisms, and at any request by the supervisory authority in the performance of its duties.
In the event of a personal data security breach, the Data Security Officer will notify the Personal Data Protection Commission within 72 hours of learning of the breach pursuant to Article 33 of Regulation (EU) 2016/679. In the event of a high risk for your rights and freedoms, you will also be duly informed by a message at the contact email address that you have indicated of the nature of the violation and of the measures to mitigate the adverse effects.
Updates to the Policy on confidentiality
This Policy on management and confidentiality of personal data may be periodically updated to reflect changes in our personal data confidentiality practices. In case of substantial changes, we will notify you with by a clearly visible message at our site, indicating the date of the last update in the beginning of the Policy.