Brainspotting Privacy Policy
Who are we?
We are Brainspotting – the first recruitment agency in Romania specialized in IT&C recruitment, www.brainspotting.ro.
The operator of the Brainspotting website, Brainspotting SRL, registered in Romania, with Company Registration Number RO 14217477 and having its registered office address at 6 Pitar Mos Street, 6th Floor, Bucharest (“We”, “Us”, “Brainspotting”) is committed to protecting your personal data.
Who does it apply to?
This Privacy Policy applies to the personal data of all our Website Users (logged-in or unregistered), Customers and Suppliers.
Website Users are defined as any and all individuals who access Brainspotting, either while they are logged into or not logged into their accounts.
Customers are defined as our customers, clients, and others to whom Brainspotting provides services in the course of its business.
What personal data processing do we perform?
Type of personal data
1. Personal details (name, address, email, phone, birthdate), Photos
Processing Scope: User / candidate admin, Online services
Legal basis: Contract implementation (Terms and conditions)
Storage period: 10 years
Potential data transfer: Clients, Sendgrid / Mailchimp
2. Personal details (name, address, email, phone, birthdate), Photos
Processing Scope: Direct marketing
Legal basis: Operator legitimate interest (marketing)
Storage period: 10 years
Potential data transfer: Clients, Sendgrid / Mailchimp
3. Data regarding the behavior, preferences and performance
Processing Scope: User / candidate admin, Online services
Legal basis: Contract implementation (Terms and conditions)
Storage period: 10 years
Potential data transfer: Clients
4. Data regarding the behavior, preferences and performance
Processing Scope: Direct marketing
Legal basis: Operator legitimate interest (marketing)
Storage period: 10 years
Potential data transfer: Clients
5. IP addresses
Processing Scope: User / candidate admin
Legal basis: Contract implementation (Terms and conditions)
Storage period: 1 year
Potential data transfer: n/a
6. Location data
Processing Scope: User / candidate admin
Legal basis: Contract implementation (Terms and conditions)
Storage period: 1 year
Potential data transfer: Sendgrid / Mailchimp
How do we collect information from you?
Depending on your role in our relationship with us, we collect information from you directly or from other sources.
1. Information we collect directly
# We collect and process some or all of the following types of information from you:
# Information that you provide in our email exchanges, or by requesting further information or support.
# If you contact Us, we may keep a record of that correspondence.
# If you download any material from our site.
# We may also ask you to complete surveys that We use for research purposes, although you are under no obligation to respond to them.
# Details of all actions that you carry out through the Website and of the provision of services to you.
# Details of your visits to the Website including, but not limited to, traffic data, IP, weblogs and other communication data, the site and/or the person that referred you to our site and the resources that you access.
When you register to use our Services you will be required to provide your full name and e-mail address and/or your place of work on the subdomain of the company that you work for or wish to apply to. We will inform you whether you are required to provide information to us at the point of collecting information from you.
2. Information we collect from other sources
We also obtain personal data from other sources, such as:
# Information in your CV or professional profile, which you made public on job sites or LinkedIn
# names and contact details of individual contacts from public sources, such as social networks, company websites and other online sources.
Where do we store your personal data?
The data that We collect from you and process as a result of your use of the Services may be transferred to clients for which we provide recruitment and selection services (with your consent) or to a destination outside the European Economic Area (“EEA”) as a result of our collaboration with third-party email marketing providers. By submitting your personal data, you agree to this transfer, storing or processing.
In particular, your data may be accessible to SendGrid. A Data Processor Agreement has been signed between Brainspotting SRL and each of its data processors. These Data Processor Agreements that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.
If you would like further information please contact Us (see ‘Contact’ below). We will not otherwise transfer your personal data outside of the EU or to any organization (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
RESPONSIBILITY
As grounded in GDPR, we take responsibility for:
# In respect of the personal data of business contacts and prospects of Brainspotting, the Data Controller is Brainspotting SRL;
# In respect of the personal data of candidates who apply for, or who are Customer of Brainspotting contacts in respect of, a Job (as the term is described in Brainspotting’s Terms) (“Candidates”) Brainspotting shall process personal information as a data processor on behalf of its Customers, who use Our Services to assist with their recruitment processes. Where you apply for a role with one of Brainspotting’s Customers, our Customer’s privacy policy, rather than this Privacy Policy, will apply to our processing of your personal information.
In other words, if you visit our website or come into contact with us having registered an account on Brainspotting or through email correspondence, in your capacity as prospective Candidate or Customer or Recommender or Supplier, we bear full responsibility for your personal data.
Your rights
Under the General Data Protection Regulation, you have a number of important rights free of charge.
1. Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
2. Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for profiling your suitability for certain roles), or consent to market to you, you may withdraw your consent at any time.
3. Data Subject Access Requests (DSAR): You have the right to ask us to confirm what information we hold about you at any time, and you may ask for the information to be modified, updated or deleted.
4. Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will Delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimize the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
5. Right of data portability: receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit that data to a third party in certain situations
6. Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority.
If your interests or requirements change, you can unsubscribe from part or all of our marketing content (for example job role emails or Brainspotting newsletters) by clicking the unsubscribe link in the email.
If you would like to exercise any of these rights, please:
# contact us using our Contact details below
# let Us have enough information to identify you,
# let Us have proof of your identity and email address.
# let Us know the information to which your request relates.
How can you lodge a complaint?
We hope that We can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Romania is Autoritatea Na?ional? de Supraveghere a Prelucr?rii Datelor cu Caracter Personal who may be contacted at http://www.dataprotection.ro/?page=contact&lang=ro
Changes to our privacy policy
We reserve the right to modify this Privacy Policy at any time. Any changes we may make to our Policy in the future will be notified and made available to you using the Website. Your continued use of the Services and the Website shall be deemed your acceptance of the varied Privacy Policy.
IP Addresses and cookies
We may collect information about your computer, including, where available, your IP address, operating system and browser type, for system administration, customer support and to collect aggregate information for internal reporting purposes.
In addition, our Website uses cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of the Website, which helps us to provide you with a good experience when you browse our Website and also allows us to improve the Website.
The cookies we use are “analytical” cookies. Some of the common uses for our cookies are as follows:
# to recognize and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our Website works, for example by ensuring that users are finding what they are looking for easily.
# to identify and authenticate a user across different pages of our Website, within our own Website, in a session or across different sessions. This is so that the user does not need to provide a password on every page the user visits; and
# to be able to retrieve a user’s previously stored data, for example, information that the user previously submitted to the Website, so as to facilitate reuse of this information by the user.
How can you contact us?
All questions, comments and requests regarding this Privacy Policy should be addressed to dpo@brainspotting.ro
Updated: 01.08.2018