Privacy of Personal Candidate Data
Privacy of Personal Candidate Data
Personal data controller: UAB “Nordcurrent Group”
To contact us, send email to: firstname.lastname@example.org
What your data do we process and why (for what purpose)?
- Purpose: selection of an employee or assessment of your candidacy.
Basis of lawful processing:
- Your consent* given when providing personal data;
- Data controller’s legitimate interest (employment, optimization of time costs and financial resources foremployee search and recruitment).
- – please be aware that you can withdraw your consent at any time by contacting us by email:
Categories of personal data being processed:
- general information on the candidate: candidate’s name, surname, date of birth, place of residence orresidential address, email and/or phone number, information on the candidate’s occupational experience(workplace, work period, position, responsibilities and/or accomplishments), information on the candidate’s education (educational institution, period, acquired education and/or qualification), information on refresher courses (attended trainings and received certificates), information on language skills, computer knowledge and other competences, other information that you provide in your CV, photo, a covering letter or any otherdocuments related to job application;
- recommendations, previous employers’ feedback: a person undersigning a letter of recommendation or aletter of reference, his or her contact details, content of the letter of recommendation/reference/feedback;
- candidate’s evaluation information: summary of the job interview with the candidate, insights and opinions of aperson/persons carrying out the selection, candidate’s testing
Data retention period: 1 month after the end of the selection. End of the selection shall mean the end of the trial period.
Data provision is optional; however, you will lose the opportunity to get employed, if you refuse to provide your details.
- Purpose: signing and effective implementation of contracts, communication with the outside
Basis of lawful processing: data controller’s legitimate interest to conclude and effectively implement contracts, tocommunicate with the outside world while performing the data controller’s activities.
Categories of personal data being processed: name, surname, email, position, phone number, workplace and/or other details obtained when signing and implementing contracts or when communicating while carrying out ordinary datacontroller’s activities.
Data retention period: 10 years after the date of expiry of the contract, if personal data is specified in the contract, inother cases the period of storage depends on the need to preserve emails.
Data provision is not obligatory but if you refuse to provide your details, cooperation may be aggravated or wouldbecome impossible altogether.
- Purpose: protect confidential data, prevent potential illegal activities, interrupt illegal activities, reduce the extent ofpossible damage, protect material interests, and ensure business
Basis of lawful processing: data controller’s legitimate interest to protect confidential data, prevent illegal activities, avoiddamage, and ensure business continuity.
Data retention period: 3 months after the verification of digital communication and collection of information.
Categories of personal data being processed: personal data found in emails, such as name, surname, position, workplace,email, phone number, content of correspondence.
Cases in which emails may be read not only by the addressee but also by any other person:
- when a reasoned suspicion about illegal activities exists;
- when it is objectively necessary to take over the work and tasks carried out by a specific employee to ensurebusiness
Data provision is optional.
Longer data processing (retention) period
The data retention period may be longer than specifically identified in this Policy only when:
- a reasonable suspicion concerning illegal activities into which an investigation is carried out exists;
- your data is required for an appropriate resolution of a dispute or complaint;
- other grounds established in legislation
In any case, we can retain your given consent and evidence of such consent for a longer period, if necessary, so that we coulddefend ourselves against any claims or lawsuits filed against us.
What sources do we use to collect your personal data?
Generally, we receive your personal data directly from you — when you respond to our job advertisement and/or submit your CV,a candidate form and/or other documents in relation to job application (curriculum vitae, covering letter, etc.).
We can also obtain information on your candidacy, your CV and/or any other documents related to job application from entities which provide employee search, selection and/or intermediation services to us, for example, the Lithuanian Employment Service,employment agencies, job search websites, specialized career-related social network (e.g., Linkedin).
We also may get certain information about you from the third parties, e.g., persons who recommend you, your existing orprevious employers. However, we will collect such information only if you give us your consent to address the specified employer and/or any other person and to get a recommendation about you.
Emails written to us by you or your responses to letters sent to you.
In what cases and to which third parties do we disclose your personal data?
We may pass over your personal data to be processed by third parties who help us organize staff selection or that provideservices related to selection, candidate evaluation and internal administration to us. These may be staff selection and/orevaluation service providers, suppliers of database software, database administration service providers, providers of data center, hosting and cloud computing services, etc. In every single case, we provide a data processor with as much data as it is required to fulfil a certain task or to provide specific services. Data processors we rely on can process your personal data only according to our instructions and cannot use it for any other purposes or to transfer it to any other persons without our authorization. Besides, they must ensure your data security in accordance with the applicable laws and written agreements concluded with us.
If you take part in a selection to take a managing position, we may provide your data and your candidacy to our parentcompanies which, pursuant to the procedures followed in our company group, participate in the processes of evaluation and/orcareer decision adoption with respect to candidates applying for management positions.
Your data may also be provided to competent governmental or law enforcement bodies, e.g., police, law enforcement institutions or supervisory authorities, however, only at their request and only when this is demanded on the basis of the applicable laws or in cases specified in legislation and in accordance with the procedure established in laws in order to ensure our rights, to guarantee our customers and employees’ security, to safeguard our resources, to file, submit and defend legal claims.
We may disclose/transfer your information to a third party in case of the Company reorganization, corporate separation, sale, transfer or lease of business or its part, also contribution of business as a material contribution to another legal entity or incase of bankruptcy.
The rights you are entitled to:
Right of access to your personal data we process: you have the right to get our confirmation as to whether or not we process your personal data, also the right to access your personal data being processed by us and information on the purposes of data processing, on categories of data being processed, on data recipient categories, data processing period, and sources of data.
Right to rectification: in the event where the data provided to us in your application papers has changed or you think that information on you that we process is inaccurate or wrong, you have the right to request that we change, adjust or rectify suchinformation.
Right to withdraw consent: you have the right to withdraw you consent at any time and to request that any further personal dataprocessing, which is carried out based on your consent, be discontinued.
Right to lodge a complaint: if you think that we process your personal data in breach of the requirements set forth in data protection laws, we always recommend that you contact us directly first. Should you not be satisfied with our way of problem resolution or if, in your opinion, we refuse to take necessary action as requested by you, you will have the right to lodge a complaint with a supervisory authority which is the State Data Protection Inspectorate in the Republic of Lithuania (L. Sapiegosg. 17, Vilnius; tel. (8 5) 271 2804, 279 1445; email: ada@ada.It).
Right to erasure (“right to be forgotten”): under the circumstances listed in the data processing legislation (when personal data is processed unlawfully, when the basis for data processing is no longer existing, etc.), you have the right to request that weerase your personal data.
Right to restriction of processing: under the circumstances listed in the data processing legislation (when personal data is processed unlawfully, when you contest the accuracy of data, when you object to data processing on the basis of our legitimateinterest, etc.), you also have the right to restrict the processing of your personal data.
Right to data portability: Data that we process by automated means (if any), you have the right to transmit the data to another data controller. We will provide the data concerned in a machine-readable format which may be used in our systems; at your request and where we have technical capacity, we will transmit the data directly to another data controller specified by you.
Request examination procedure
As soon as we receive your request to provide data or to allow you to exercise your other rights, we will have to identify you. For this purpose, we may ask you to present your identity document. When your identity is proven, we undertake to provide you with information on the actions we took according to your request immediately but no later than within 30 days from the date yourrequest was received.
When your request is submitted by electronic means, we will also respond to you by electronic means, except for the caseswhere this is impossible (e.g., due to extremely big scope of information) or if you request that we respond in any other way.
We use various technology and processes intended for ensuring security to protect your personal information from illegal access, use or disclosure. Yet, security of information transmission via internet or using mobile connection cannot always be guaranteed;any transmission of information to us by the said means is carried out at your own risk.
Cookies, signals and similar technologies
We use the term “cookies” to describe cookies and similar technologies, e.g. pixel tags, web beacons, and clear GIFs.
- cookies allow us to recognize you as a user so that we do not have to collect repetitive information in the future;
- cookies allow us to recognize all unique users surfing the website at a time and thus help us ensure smooth andquick operation of the website;
- cookies enable us to analyze the collected information on the surfing of unique users and thus help us adapt theoperation of the website according to your
Cookies used in our websites may be categorized as follows:
- strictly necessary cookies are essential to allow our respective website to perform its main functions. These cookies allow you to surf the website and use the desired functions, e.g., give access to secure parts of the We could notprovide services which enable the operation of the website without these cookies;
- performance cookies collect anonymous information on how visitors use the website. By providing details on the visited areas, the time spent on the website and on any problems, e.g. error messages, these cookies help us understand thevisitors’ behavior on the This information helps us improve the operation of the website;
- functional cookies improve your experience on the website. E.g., these cookies may remember information, such asyour user
- by administering websites and diagnosing server troubles, we can use computer IP addresses of users. IP addressis a unique code which identifies a computer in networks. It may be used to identify the user and collect variousdemographic This is usually done by most internet server administrators;
- by using cookies we collect data on visits to our
How to control and delete cookies
Nevertheless, you should remember that some services are designed in such a way that they are available only if cookies areused; therefore, if you turn off the cookies, you will not be able to use the respective services of part of them.