I – Privacy Commitment
Protection of the personal data you entrust to us is a priority for us.
We undertake to only collect, store, process, share or delete personal data of applicants for advertised employment opportunities, with transparency and that such personal data is essential to provide the best services. We inform you how we use your personal data and for what purposes, with the assurance that we collect, share and store the data following the best practices in the field of security and personal data protection.
When personal data are collected, stored, processed, shared or deleted by third parties or associates, we require the same level of privacy and security.
Our purpose is for you to feel confident that your data is safe with us, as we will always be committed to protecting both your privacy and your personal data.
II – Who is responsible for processing your personal data?
NU BOYANA PORTUGAL, LDA., legal entity number 514 630 612, with headquarters at Avenida 31 de Janeiro, n.º 288, civil parish of São Victor, city of Braga (4715-052), is responsible for the processing of your personal data in accordance with the General Data Protection Regulation in force in the countries where they operate.
III – What personal data can be collected?
NU BOYANA PORTUGAL, LDA. may collect the following categories of personal data:
- Identification data and contacts, for example: names, numbers and expiration dates of civil, fiscal or bank identification documents (and their respective images), payment details, addresses (correspondence, residence and tax), telephone contact, e-mail address, Skype ID, LinkedIn profile, photograph, signature, date of birth, sex, nationality, place of birth, parent’s names, marital status, matrimonial regime, spouse identification, household composition and political office position;
- Data concerning the professional situation, for example: job title, professional status, name of the employer, type of contract, remuneration and qualifications.
Any additional data which is deemed to be a legitimate right and interest, may also be collected.
IV – Why do we collect your personal data and for what purposes?
The personal data of the job applicants are used exclusively in the recruitment and selection process of future employees of NU BOYANA PORTUGAL, LDA. However, job applicants may willingly make their personal data available for other purposes, such as receiving information about new job opportunities.
V – How long will your personal data be stored?
The personal data collected are processed in strict compliance with the applicable legislation and are stored in databases designed for this end.
The personal data will be kept for the purposes identified in the previous point and up to 12 (twelve) months after the conclusion of the recruitment and selection process – unless the right to object, the right to erasure or the right to withdraw consent is exercised within the bounds set by law.
VI – Whom we share your personal data with?
NU BOYANA PORTUGAL, LDA. may rely on third parties who have access to personal data of the job applicants.
These third parties – subcontractors – may have access to personal data in accordance to the guidelines outlined by NU BOYANA PORTUGAL, LDA. These subcontractors (third parties) are essentially partners and service providers, which include IT service providers, archive storage personnel and back office support.
These companies shall ensure that such subcontracting parties provide sufficient guarantees for the implementation of appropriate technical and organisational measures so that the processing of data complies with the requirements of applicable law and ensures the safety and protection of the rights of data under the terms of the subcontracting agreement concluded with the subcontracting parties.
NU BOYANA PORTUGAL, LDA. may also share personal data of job applicants to third parties, in instances when such data communications are necessary or appropriate (i) under the applicable law, (ii) in compliance with legal/court orders obligations, (iii) to respond to requests made by public or governmental authorities, or (iv) when you have given us your consent.
VII – What are the rights of the data subject?
Under the terms of the applicable law, data subjects are given the following rights relating to their personal data:
- Right of access: the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information.
- Right of rectification: the data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him or her. The data subject shall have the right to have incomplete personal data completed.
- Right to erase: the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her. This right shall not apply to the extent that processing is necessary for compliance with a legal obligation.
- Right to restriction of processing: the data subject shall have the right to obtain from the controller restriction of processing of his/her personal data, including the right to request a full restriction on processing or limit the processing of data to certain categories or purposes.
- Right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
- Right of opposition: the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, as such in cases of where personal data are processed for direct marketing purposes;
- Automated individual decision-making, including profiling: the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
The data subject shall have the right to withdraw his or her consent at any time, by means of any of the rights outlined above or in instances where the consent was given through an online form, the consent may be withdrawn by the same means. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
To exercise your rights of data protection or whenever you have any question about the processing of your personal data, please contact us in any of the following ways:
NU BOYANA PORTUGAL, LDA.
– Postal Address: Avenida 31 de Janeiro, n. º 288, parish of São Victor, city of Braga (4715-052).
– E-mail address: [email protected]
– the National Commission Data Protection (NCDP) – Address: São Bento, 148 – 3º, 1200-821 Lisbon – Telephone: +351213928400 – Fax: +351213976832 – E-mail: [email protected]
VIII – How are personal data protected?
NU BOYANA PORTUGAL, LDA. is committed to ensuring the confidentiality, protection and security of applicants’ personal data by implementing appropriate technical and organisational measures to protect their data against any form of undue or unlawful processing and against any accidental loss or destruction of such data.
To that end, this company operates using systems designed to ensure the security of personal data processed, creating and updating procedures to prevent unauthorized access, accidental loss and/or destruction of personal data, by committing themselves to complying with the relevant legislation to the protection of personal data of applicants and to process such data only for the purposes for which it was collected and to ensure that such data is processed with appropriate levels of security and confidentiality.
Among others, we highlight the following measures:
- Restricted access to personal data only by those who need them for the purposes we have outlined above;
- Storage and sharing of personal data in a safe way;
- Protection of information systems to prevent unauthorized access to your personal data;
- Implementation of mechanisms that ensure the safeguarding of the integrity and quality of your personal data;
- Permanent monitoring of information systems in order to avoid, detect and prevent the misuse of your personal data;
- Extra equipment for the storage, processing and sharing of personal data, in order to avoid downtime and unreachable data.