Candidate Privacy Notice for myPOS Technologies AD
MYPOS TECHNOLOGIES AD Contractor Privacy Notice
Effective as of November 17, 2022
Last update: November
I. MYPOS TECHNOLOGIES AD’ commitment to Privacy
MYPOS TECHNOLOGIES AD is committed to proceeding the personal information of its candidates and provide them with the appropriate safeguards, rights and freedoms, as defined in the applicable legislation, including but not limited to the GDPR and The Personal Data Protection Act 2002.
MYPOS TECHNOLOGIES AD is continuously improving its data processing practices, policies and procedures. Our Privacy Notice aims to provide you with as much transparency over the way we handle your data as possible.
The present Privacy Notice describes how we collect, use, process, and disclose your information, including personal information, as well as your rights as a data subject, in relation to your contract with MYPOS TECHNOLOGIES AD.
1.1. About us.
When this Notice mentions “MYPOS TECHNOLOGIES AD”, “we,” “us,” or “our,” it refers to Company, registered under Company Number 205050564, having seat and registered address in Varna, 9023, Mladost District, Business Park Varna B1. This company is responsible for your information under the present Privacy Notice.
1.2. Who is this Privacy Notice for?
The present document outlines the data processing activities which MYPOS TECHNOLOGIES AD carries out with respect to its candidates. The present Privacy Notice is not intended for employees or civil candidates, for which MYPOS TECHNOLOGIES AD has separate privacy notices. If you are unsure how or if this Privacy Notice applies to you, please contact your Human Resources representative at hr@mypos.com TECHNOLOGIES AD.com.
II. What data do we collect and process about you?
We collect and maintain different types of personal information about you in accordance with applicable law. Please be aware that any data that is collected under grounds such as legal obligations; or contractual requirement; or a requirement necessary to enter into a contract, is necessary to be processed by us in order to achieve these purposes and we would not be able to maintain adequate legal relationships with you in case you do not provide us with said data. Here is a breakdown of the types of data that we collect directly from you, the legal grounds for the processing and the general types of third-parties that we may share these types of data with.
| Type of personal data | Purpose of processing | Legal grounds under GDPR | What third-party processors can we use for this? |
|---|---|---|---|
| Your identification data (First Name, Surname, Last Name, Date of birth) | Steps in order to evaluate the conclusion of an employment or freelance contract | Contractual requirement | (Only insofar the particular type of identification data is needed for the particular purpose for which it is shared and limited only to that type of identification data) Cloud and hosting providers, recruitment agencies, third-party background check providers, tax or legal advisors. |
| Maintain adequate records of candidates | Legitimate interests in analyzing our candidates’ performance | ||
| Investigate and respond to claims against us | Exercise or defence of legal claims | ||
| Contact details | Steps in order to evaluate the conclusion of an employment or freelance contract | Contractual requirement | Cloud and hosting providers, recruitment agencies, management app providers. |
| Investigate and respond to claims against us | Exercise or defence of legal claims | ||
| Address | Steps in order to evaluate the conclusion of an employment or freelance contract | Contractual requirement | Cloud and hosting providers, tax or legal advisors. |
| Investigate and respond to claims against us | Exercise or defence of legal claims | ||
| Your resume or CV, cover letter, previous and/or relevant work experience or other experience, education, transcripts, or other related information | Hiring selection | Legitimate interests in finding the best possible candidates for employment | Cloud and hosting providers, recruitment agencies, legal advisors. |
| Maintain adequate records of candidates | Legitimate interests in analyzing our candidates’ performance | ||
| Steps in order to evaluate the conclusion of an employment or freelance contract | Contractual requirement | ||
| Investigate and respond to claims against us | Exercise or defence of legal claims | ||
| Information captured on security systems, including Closed Circuit Television (“CCTV”) and key card entry systems | Maintain a safe and secure workplace | Legitimate interests in maintaining a safe and secure workplace | Cloud and hosting providers, security providers, regulators/criminal investigation authorities, legal advisors. |
| (In some cases) Complying with relevant legislation | Legal obligation | ||
| Photograph, videos, physical limitations and special needs | Steps in order to evaluate the conclusion of an employment or freelance contract | Contractual requirement | Cloud and hosting providers, legal advisors |
| Voicemails, e-mails, correspondence, documents, and other similar | Steps in order to evaluate the conclusion of an employment or freelance contract | Contractual requirement | Cloud and hosting providers, mail or other communication service providers, network providers, IT management service providers, recruitment agencies, legal advisors. |
III. Specific data processing.
In any case, we may share any of your information for specific reasons, outlined below:
1. Sharing data other members of the MYPOS TECHNOLOGIES AD corporate family: We may share your Personal Data with members of the MYPOS TECHNOLOGIES AD corporate family or within our extended family of companies that are related by common ownership or control, so that we may provide the Services you have requested or authorized or to manage the risk, or to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements.
2. Aggregated Data. We may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, demographic profiling and other business purposes.
3. With our legal counsels for the purposes of protecting our legal rights. We may share any information which is necessary to protect our legal rights to legal counsels or similar parties.
4. Business Transfers. If any of the MYPOS TECHNOLOGIES AD holding companies or MYPOS TECHNOLOGIES AD itself is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your information in connection with such transaction or in contemplation of such transaction (e.g., due diligence). In this event, we will notify you before your personal information is transferred to a different legal person and/or becomes subject to a different Privacy Notice.
IV. Data Retention and Erasure.
We generally retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our regulatory obligations. Generally, we continue to keep your information in an identifiable way for a period of 6 (six) months after you have applied for any of our job applications or have otherwise, unless any specific laws oblige us to keep your personal information for a longer period. Please note that if you request the erasure of your personal information:
- We may retain some of your personal information as necessary for our legitimate interests or in case the information would be required in cases where we need to investigate and respond to claims against us.
- We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, MYPOS TECHNOLOGIES AD may keep some of your information for social security, employee protection and safety, tax, legal reporting and auditing obligations.
- Because we maintain our records in a manner protecting from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time, until these backups are destroyed.
V. Your rights.
You may exercise any of the rights described in this section before MYPOS TECHNOLOGIES AD by sending a written request to dpo@mypos.com. Please note that upon receipt of your e-mail we shall try our best to provide you with the requested information and resolve your request in reasonable time, subject to all obligations which we or the related companies have under the applicable laws.
5.1. Managing Your Information.
You have the right to obtain the following:
- confirmation of whether and where we are processing your personal data;
- information about the purposes of the processing;
- information about the categories of data being processed;
- information about the categories of recipients with whom the data may be shared;
- information about the period for which the data will be stored (or the criteria used to determine that period);
- information about the existence of the rights to erasure, to rectification, to restriction of processing and to object to processing;
- information about the existence of the right to complain to any Regulator;
- where the data was not collected from you, information as to the source of the data; and
- information about the existence of, and an explanation of the logic involved in, any automated processing.
- Additionally, you may request a copy of the personal data being processed.
5.2. Rectification of Inaccurate or Incomplete Information.
You have the right to ask us to correct inaccurate or incomplete personal information concerning you.
5.3. Data Access and Portability.
You have the right to:
- receive a copy of your personal data in a structured, commonly used, machine-readable format that supports re-use;
- transfer your personal data from one controller to another;
- store your personal data for further personal use on a private device; and
- have your personal data transmitted directly between controllers without hindrance.
In some jurisdictions, applicable law may entitle you to request copies of your personal information held by us.
5.4. Withdrawing Consent and Restriction of Processing.
Where you have provided your consent to the processing of your personal information by us you may withdraw your consent at any time by sending a communication to us specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
5.5. Objection to Processing.
In some jurisdictions, applicable law may entitle you to require us not to process your personal information for certain specific purposes in case you object, where such processing is based on legitimate interest. If you object to such processing we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defence of legal claims.
5.6. How do I complain?
You should in first place try to resolve the matter by sending an e-mail to dpo@mypos.com under this Privacy Notice. In case you wish to bring your complaint further, you may escalate it to the following authority:
Commission for personal data protection
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Email: kzld@cpdp.bg
VI. Operating globally.
To facilitate our global operations we may be required to transfer, store, and process your information within our family of companies or with service providers based in Europe, India, Asia Pacific and North and South America. Because personal data protection laws may differ in these countries, where we transfer store and process your personal information outside of the UK or EEA we have ensured that appropriate safeguards are in place to ensure an adequate level of data protection.
VII. International transfers.
7.1. Adequacy Decisions.
Where we disclose any of your collected personal information outside EEA, we shall comply with any relevant adequacy decision, where possible.
7.2. Other Means to Ensure an Adequate Level of Data Protection.
In case personal information is shared with corporate affiliates or third-party service providers outside the EEA in absence of an adequacy decision, we have - prior to sharing your information with such corporate affiliate or third-party service provider – established the necessary means to ensure an adequate level of data protection and a valid legal ground under the applicable data transfer rules. We will provide further information on the means to ensure an adequate level of data protection on request. This includes transfers from the EEA to the US.
Protection of personal data transferred from or to the United Kingdom of Great Britain and Northern Ireland:
MYPOS TECHNOLOGIES AD is a part of a global group of companies, with operations in the USA, UK and across EEA. Where we transfer any of your collected personal data from or to UK we shall comply with the Decision on the adequate protection of personal data by the United Kingdom - General Data Protection Regulation, dated 28 June 2021.
VIII.Security.
We take the responsibility to ensure that your personal information is secure. To prevent unauthorized access or disclosure of information we maintain physical, electronic and procedural safeguards that comply with applicable regulations to guard non-public personal information.
If you know or have reason to believe that any of your information has been lost, stolen, misappropriated, or otherwise compromised, please contact us following the instructions in the Contact section below.
IX. Changes to this Privacy Notice.
We reserve the right to modify this Privacy Notice at any time in accordance with this provision. If we make changes to this Privacy Notice, we will send you the revised Privacy Notice via email.
X. Contact.
If you have any questions or complaints about this Privacy Notice or our information handling practices, you send us an email at dpo@mypos.com.
