Privacy Policy

PRIVACY POLICY

1. OVERVIEW

Regulation no. 2016/679 on the protection of individuals regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter- GDPR or Regulation) was adopted by the European Parliament and the Council of the European Union on 27 April 2016 and its provisions are directly applicable as of 25 May 2018. This Regulation expressly repeals Directive 95/46/EC, thus also replacing the provisions of Law 677/2001 (now repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all natural persons in the European Union. From a substantive point of view, the Regulation applies to all controllers who process personal data. The Regulation does not apply to the processing of personal data relating to legal persons, and in particular to undertakings having legal personality, including the name and type of the legal person, as well as their contact details.

Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or disclosure to third parties in any other way, alignment or combining, restriction, erasure or destruction.

2. Identity of Data Controller

With regard to Article 4 (7) of the Regulation, which defines the notion of “controller” as the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data, the controller processing personal data through this website is PRO IDEAL JOBS SRL, headquartered in Cluj-Napoca, Bld. 21 Decembrie 1989, Nr. 57, Ap. 3, Cluj County, Romania, tax registration number (CUI) RO38436849, registered at the Trade Register under number J12/6278/2017, duly represented by Szekely Strat Roxana Andreea as Executive Director, and with the following contact details: email address office@proidealjobs.com and phone no. (+40) 264 704 991.

3. Collection of Personal data

The collected personal data
The operator of this website collects, stores and processes the following personal data of / relating to you or the minor you represent:

  • Name, surname
  • Address/country of domicile and/or residence
  • Contact details (e.g., e-mail, telephone)
  • IP
  • Visual images or sequences (CV photo);
  • Data collected through the Job Application platform (your CV);
  • Data regarding certifications, university and/or professional qualifications, language/computer/specialization competence certificates, place of work, position, seniority.

Taking into considerationthat the Regulation prohibits, in particular “the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership and the processing of genetic data, biometric data for the unique identification of a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation” (as per Article 9(1)), the situations in which the processing of such data is permitted are established as follows:
a. when there is an explicit consent provided by the data subject;
b. the processing is necessary for the purposes of carrying out obligations and exercising specific rights of the controller or the data subject in the field of employment and social security and social protection;
c. the processing is necessary to protect the vital interests of the data subject or of another natural person, where the data subject is physically or legally incapable of giving consent;
d. the processing is carried out in the course of their legitimate activities with appropriate safeguards by a foundation, an association or any other non-profit organisation, of a political, philosophical, religious or union nature, provided that the processing relates only to members or former members of that organisation or to persons with whom it has regular contacts in connection with its purposes, and that the personal data are not disclosed to third parties without the consent of the data subjects;
e. the processing relates to personal data which are manifestly made public by the data subject;
f. the processing is necessary for the establishment, exercise or defense of legal claims or whenever the courts act in their judicial role;
g. the processing is necessary for reasons of substantial public interest on the basis of EU or national law, which is proportionate to the objective pursued, respects the essence of the right to data protection and provides for appropriate and specific measures to protect the fundamental rights and interests of the data subject;
h. the processing is necessary for the purposes of preventive or occupational medicine, the assessment of the employee’s ability to work, the establishment of a medical diagnosis, the provision of medical or social care or medical treatment or the management of health or social care systems and services, pursuant to EU or national law or pursuant to a contract concluded with a health professional and subject to compliance with the conditions and safeguards laid down in the Regulation;
i. the processing is necessary for reasons of public interest in the field of public health, such as protection against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and medicinal products or medical devices, on the basis of EU or national law providing for appropriate and specific measures to protect the rights and freedoms of the data subject, in particular professional secrecy; or
j. the processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, proportionate to the aim pursued, respecting the essence of the right to data protection and providing for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject.

4. Consent Obtainment

General

For the processing of personal data to be lawful, the GDPR requires it to be carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfilment of a legal obligation, or on the basis of the data subject’s prior valid consent. In the latter case, the controller is required to be able to demonstrate that the data subject has given his or her consent to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions laid down in the GDPR.

Consent must be given through an unequivocal statement or action which constitutes a freely expressed, specific, informed and clear expression of the data subject’s consent to the processing of his or her personal data. Where the data subject’s consent is given in the context of a statement, in electronic or written form, which also relates to other matters, the request for consent must be clearly distinguishable from other matters and may even be done by ticking a check box.

Cookies

Cookies are used on this site. They do not harm your computer and do not contain viruses, but they do contribute to an easier, more efficient and safer use of the site. They are small text files that are stored on your computer and saved by the browser you are using.

Many of the cookies used are called “session cookies”, which are automatically deleted after visiting this site. Others remain in the memory of your computer until you delete them, making it possible to recognise your browser on a subsequent visit.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be set to automatically to accept cookies under certain conditions or to always reject cookies, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to enable electronic communications or to provide certain functions you want to use are stored in accordance with the provisions of Article 6 (1) (f) of the GDPR, under which processing is lawful only if and to the extent that it is necessary for legitimate interests pursued by the controller or a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies in order to ensure technical, error-free optimisation. Other cookies (such as, for example, those used to analyse your browsing behaviour) are also stored and are described in the Policy.

Server log files

The provider of this site automatically collects and stores information that your browser automatically sends to us via log files. These are:

  • Browser type and version
  • Operating system used
  • The URL of the page that originally generated the request to display the current page or object (Referrer URL)
  • Host name of the accessing computer
  • Time data about the server access
  • IP address

The legal basis for processing such data is Article 6 (1) (b) GDPR, which allows the processing of data when it is necessary for the performance of a contract to which the data subject is a contracting party or in order to take steps, at the request of the data subject, prior to entering into a contract

Contact form

If you send us questions via the contact form, we will collect the data you enter in the form, including the contact details you provide, in order to respond to your current and subsequent questions. We do not transmit this information without your permission. Therefore, we will only process any data you enter in the contact form with your consent, [as per Art. 6 (1) (a) GDPR]. You can revoke your consent at any time, an informal e-mail to this effect is enough. Data processed prior to receiving your request may be processed lawfully.

We will keep the data you provide on the contact form until:

  • you request deletion of the data;
  • you revoke your consent to them being stored, or if
  • the purpose for storing them is no longer valid.

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.

Contact by e-mail or phone

If you contact us by e-mail or telephone, your request, including any personal data you provide us with, will be stored and processed by us for the purpose of dealing with your request, based on your consent.
We will therefore process all data you provide under the following legal provisions in the GDPR, respectively:

  • only with your consent – in accordance with the provisions of Article 6 (1) (a) of GDPR;
  • for the performance of a contract or at the pre-contractual stage – in accordance with the provisions of Art. 6 (1) (b) GDPR;
  • for the fulfilment of the purpose and legitimate interest pursued by us, i.e. the efficient processing of requests submitted by you – in accordance with the provisions of Art. 6 (1) (f) GDPR.

We will keep the data you provide in this way until:

  • you request deletion of the data;
  • you revoke your consent to them being stored, or if
  • the purpose for storing them is no longer valid, in all cases except for mandatory data retention periods.

Registering on this website

You can register on this website to access additional features and services offered by our company. In this regard, the data you submit will be used and processed for the purpose of using the respective service or function for which we provide you with a user (parent/student) account registration. The mandatory data requested at registration must be fully provided by you, otherwise the registration operation cannot be completed.

In order to inform you about important modifications, such as changes in the scope of our website or technical changes, we will use the e-mail address you specified at the time of registration.

The processing of personal data, provided within the registration procedure, and specifically for this purpose is only done with your consent and in compliance with the provisions of Art. 6 (1) (a) of GDPR. You may revoke your consent at any time, an informal e-mail to this effect being enough. We will continue to store the data collected during registration for as long as you remain registered on this website, but the mandatory storage periods remain valid and compliance will be ensured.

Facebook Authentication

If you do not want to register directly on this site, you can log in via Facebook (Connect).
This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
To log in using Facebook, click on “Login with Facebook” or “Connect with Facebook” and you will be automatically redirected to the Facebook platform, where you will be asked for your user details and password, and you will then log in to this website with your Facebook profile. In this regard, we will have access to all data stored on Facebook, for example (but not limited to):

  • Name;
  • Profile picture;
  • Email address;
  • Facebook ID;
  • Friends network;
  • Facebook Likes;
  • Date of birth;
  • Gender/Sex;
  • Country;
  • Language;

This data will be used to create and customize your account on this website.
For more information, you can access Facebook’s Terms and Conditions, as well as the Privacy Policy, available at https://www.facebook.com/privacy and https://www.facebook.com/legal/terms.

Considering the ruling of July 16, 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU-US Privacy Shield is not adequate.

Therefore, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of standard contractual clauses for transfers of data from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of standard contractual clauses for transfers of data from EU data controllers to data processors established outside the EU or the EEA.
For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

Facebook uses Standard Contractual Clauses as adequate guarantees for data protection, in accordance with the level of protection guaranteed by GDPR.
For more details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum.

The purpose of processing collected data

Some of the data collected on this site are used for:

  • Providing services that we offer for your benefit (for example, for recruitment and selection, workforce placement, ensuring support services, etc.).
  • Optimal functioning and optimization of this site (statistical and analytical) – We constantly strive to provide you with the best experience on our site, which is why we may collect and use certain information about your level of satisfaction during your navigation on this site, we may invite you to complete suggestion questionnaires or similar ones.
  • Online advertising and promotion activities. You can request at any time, through the means described in this document, to stop processing your personal data for marketing purposes, and we will comply with your request as soon as possible.
  • Periodic information of users – We want to keep you up to date with our job offers. In this regard, we can send you any type of message containing general and thematic information, information regarding offers, as well as other commercial communications such as market research and opinion polls. For communications of this type, we have obtained your prior consent. You can change your mind and withdraw your consent at any time.
  • For the defense of our legitimate interests. There may be situations where we will use or transmit information to protect our rights and commercial activity. These may include: measures to protect the website and the user of our site against cyber-attacks; measures to prevent and detect fraud attempts, including transmitting information to competent public authorities; measures to manage other types of risks.

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based on both the consent of the data subject and the reasons for compliant execution of contracts or the realization of the legitimate interests of the controller (except where the fundamental interests or rights and freedoms of the data subject prevail, requiring the protection of personal data, especially when the data subject is a child).

To fulfill the purposes mentioned above, Pro Ideal Jobs may transfer the personal data of the candidate/client to collaborators, authorized persons, service providers, as well as to authorities/institutions/public entities that may claim access to them (ISU, Police, Courts, Prosecutors’ Offices, City Hall, Local Council, County Council, Ministries, etc.).

User Rights

Your rights regarding personal data and the means to exercise them are: Right of information, Right of access, Right to rectification, Right to erasure of data, Right to restriction of processing, Right to data portability, Right to object, Right not to be subject to a decision based solely on automated processing, Right to lodge a complaint and to apply to the courts, Right to withdraw consent.

  • Right to information – you can request information on the activities of processing of your personal data, on the identity of the controller and its representative or on the recipients of your data;
  • Right of access – you can obtain confirmation from the controller whether or not personal data relating to you are being processed and, if so, access to that data and to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations ; where possible, the period for which the personal data are expected to be stored or, if this is not possible, the criteria used to determine this period; the right to request the controller to rectify or erase the personal data or to restrict the processing of the personal data or the right to object to the processing, etc.
  • Right to rectification – you can rectify inaccurate personal data or supplement them;
  • Right to data erasure – you can obtain erasure of data if the processing was unlawful or in other cases specified by law;
  • Right to restriction of processing – you can request restriction of processing if you dispute the accuracy of the data, and in other cases provided for by law;
  • Right to data portability – you can receive, under certain conditions, the personal data you have provided to us in a machine-readable format or request that the data be transferred to another controller.
  • Right to object – you can object in particular to data processing based on the legitimate interest of the controller.
  • Right not to be subject to a decision based solely on automated processing – you can request and obtain human intervention with regard to such processing or express your own point of view on such processing.
  • Right to file a complaint and to apply to the courts – you can file a complaint against the way personal data is processed with the National Supervisory Authority for Personal Data Processing and/or apply to the courts for the enforcement of your rights.
    Right to withdraw consent – in cases where the processing is based on your consent, you can withdraw it at any time. Withdrawal of consent will only be effective for the future, the processing carried out prior to withdrawal will remain valid.

5. Data Controller’s Obligations

Hosting

Personal data recorded on this website (https://proidealjobs.ro/) and on our blog (https://proidealjobs.ro/blog/) is stored on ………….. servers.
The processing of the data provided and stored complies with the following legal provisions:

  • Article 6 (1) (a) of GDPR – data processing by ……………. is carried out on the basis of your consent, obtained after correct and complete information;
  • Article 6 (1) (b) of GDPR – data processing by ………….. takes place for the purpose of fulfilling contractual obligations;
  • Article 6 (1) (f) of GDPR – data processing by …………….. is carried out for the purpose of the legitimate interests pursued by the controller.
    Regardless of the purpose for which the processing of personal data takes place, the principles of lawfulness, fairness and transparency are observed, as well as the principle that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
    For more information on the processing of personal data by …………., please visit …………

Data encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential information. You can recognise this by the lock icon that appears in your browser bar and by changing your browser address from http:// to https://.
Once this type of encryption is activated, the data transmitted or transferred will not be visible to third parties.

According to the GDPR, if the breach of personal data security is likely to result in a high risk to your rights and freedoms, the operator of this website will inform you, without undue delay, of this breach, unless the additional provisions of the same Regulation become applicable (Article 34(3)).

Data Protection Officer

To exercise the rights detailed in this Policy, you can address a written, dated and signed request to the following contact details of the Data Protection Officer:

  • Phone: 0742564960
  • Email: gdpr@proidealjobs.ro
  • Mailing address: Mun. Cluj-Napoca, Str. Andrei Mureșanu, Nr. 31, 400071 Jud. Cluj

Records of processing activities

According to the Regulation, the data controller or the person authorized by the data controller should keep records of processing activities under their responsibility for a reasonable period of time. These records will include the following information:

  • Name and contact details of the data controller;
  • Purposes of the processing;
  • Description of the categories of data subjects and personal data categories;
  • Categories of recipients to whom personal data have been or will be disclosed;
  • If applicable/possible:
  • Transfers of personal data;
  • Expected time limits for erasing different categories of data;
  • General description of technical and organizational security measures.

The obligation mentioned above does not apply to an enterprise or organization with fewer than 250 employees, unless the processing they carry out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offenses.

Appropriate technical and organisational measures

Taking into consideration the level of actual technology, the context and purposes of the processing, and the risks to the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing are processed.

Notification to the supervisory authority in the event of a personal data breach

According to Article 33 (1) of the GDPR, if a personal data security breach occurs, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, if possible, no later than 72 hours after we become aware of it, unless it is unlikely to result in a risk to the rights and freedoms of natural persons.

Informing the data subject about the personal data breach

With regard to the provisions of Article 34 of the GDPR, if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform the data subject without undue delay about the breach, unless:

  • appropriate technical and organisational safeguards have been implemented and applied to the personal data affected by the personal data breach, in particular measures ensuring that the personal data becomes unintelligible to any person who is not authorised to access it, such as encryption;
  • subsequent measures have been taken ensuring that the high risk to the rights and freedoms of data subjects referred to above is no longer likely to materialise;
  • would require a disproportionate effort. In this case, public information or a similar measure is taken whereby the data subjects are informed in an equally effective way.

6. Social Media – plug-ins on https://proidealjobs.ro/

Facebook Plugins (Like & Share Button)

This service uses social plugins (“plugins”) managed by the facebook.com social network. Plugins can be identified by a Facebook logo (a white “f” on a blue plate or a “thumbs up” sign) or are labelled by adding the phrase “Facebook Social Plugin”. The list and layout of Facebook plugins can be seen here: https://developers.facebook.com/docs/plugins/. As long as you use the Like extension, you will be able to “like” the Facebook page of our website without having to leave it. To the extent that you use the Share extension, you will share our site or certain content within it on your personal Facebook page without having to leave the site.
Through the plugin, Facebook receives the information that you access on our site. If you are logged in and on Facebook at the same time, Facebook can attribute the actions performed on the page to your account and therefore to you personally. When you interact with the plugins, for example by clicking on the Like button or by sharing certain content on the site, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, there is still a possibility that the social network obtains and stores your IP address.
By clicking on one of these buttons, you agree to the use of this plugin and therefore to the transfer of personal data to Facebook. We have no control over the nature and purpose of this transmitted data and its further processing.
If you do not want Facebook to associate your visit to this site with your Facebook account information, you have the option of not logging in.
In view of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.
The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
Facebook uses Standard Contractual Clauses as adequate data protection safeguards in line with the level of protection guaranteed by the GDPR.
For more details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum, regarding the purpose and extent of data collection, further processing and use of data by Facebook, as well as permissions and privacy settings.

LinkedIn plugin

This website uses social plugins (“plugins”) managed by the LinkedIn social network. The provider is LinkedIn Ireland Unlimited Company, based at Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Through the plugin, LinkedIn is informed about your activity on our website, and if you are logged in and on the social network at the same time, LinkedIn can attribute the actions taken on the page to your account and therefore to you personally. Even if you are not a LinkedIn member, there is still a possibility that it may obtain and store your IP address through the plugin. Also, when you interact with plugins, the corresponding information is transferred directly from your browser to LinkedIn and stored there.
If you are a LinkedIn member and do not want it to collect your data via the plugin and link it to data already stored on LinkedIn, you should log out of the social network before visiting the site.
By clicking on one of the plugin buttons, you can express your consent to their use and therefore to the transfer of personal data to LinkedIn. We have no control over the nature and purpose of the data transmitted and its further processing. Regarding the purpose and extent of data collection, further processing and use of data by LinkedIn, as well as permissions and settings to protect user privacy, you can consult LinkedIn’s privacy policies at: https://www.linkedin.com/legal/privacy-policy.
In view of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.
The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
LinkedIn uses Standard Contractual Clauses as adequate data protection safeguards in line with the level of protection guaranteed by the GDPR. For more details, please visit https://www.linkedin.com/legal/l/dpa.

Instagram plugin

This website uses social plugins (“plugins”) operated by the Instagram social network, features provided by Instagram Inc. located at 1601 Willow Road, Menlo Park, CA 94025, USA. Plugins can be identified by an Instagram logo or are labelled by adding the phrase “Instagram Social Plugin”.
Through the plugin, Instagram is informed about your actions on our page. If you are also logged in to your personal account on the social network at the same time, it can attribute the actions taken on the page to your Instagram account and, by default, to you personally. When you access the plugins, the corresponding information is transferred from your browser to the social network and stored there. Even if you are not a member of Instagram, there is still a possibility that it may obtain and store your IP address.
By clicking on one of these buttons, you agree to the use of this plugin and therefore to the transfer of personal data to Instagram. We have no control over the nature and purpose of this transmitted data and its further processing. Regarding the purpose and extent of data collection, further processing and use of data by Instagram, as well as permissions and settings to protect user privacy, you can refer to Instagram’s privacy policies at: https://help.instagram.com/5195221_25107875.
If you are a member of Instagram and do not want Instagram to collect your data through the plugin and link it to data already stored on Instagram, you should log out of the social network before visiting this site.
In view of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.
The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
Instagram uses Standard Contractual Clauses as adequate data protection safeguards in line with the level of protection guaranteed by the GDPR.
For more details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum.

TikTok Plugin

This website uses certain TikTok plugins, which are operated by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland), for residents of Switzerland and the European Economic Area.
When you visit this site using TikTok, your browser establishes a direct connection with TikTok servers. We have no influence over the volume of data accessed and transmitted through this plugin.

The data is stored and analyzed based on Art. 6 (1) (f) of the GDPR. If there is a declaration of consent, the data will be processed exclusively on the basis of Art. 6 (1) (a), which can be revoked at any time.
In light of the judgment of July 16, 2020 (in Case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection provided by the EU-US Privacy Shield is not adequate. Therefore, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) should be based on the Standard Contractual Clauses (SCC) of the European Commission.
TikTok declares that for the limited transfer of data to entities in the corporate group outside the European Economic Area (Canada, UK, Israel, Japan, South Korea), it relies on the adequacy decisions of the European Commission. In the absence of such decisions, limited remote access is granted based on SCC, as is the case with entities located in Brazil, China, Malaysia, the Philippines, Singapore, and the United States.
More information can be found in the privacy policy, available here: https://www.tiktok.com/legal/page/eea/privacy-policy/en.

Newsletter

In order to receive a newsletter, a valid e-mail address must be provided, along with specific information identifying the owner of that address. Your consent is also required for the newsletter to be sent and we therefore inform you that any further personal data will only be collected and stored with your consent. The data thus collected is processed only for the purpose of sending the newsletter and will not be passed on to third parties.

Therefore, we will process any data you enter in the contact form only with your consent, in accordance with the provisions of Article 6 (1) (a) of the GDPR.

Plugins & Tools

Google Web Fonts

This site uses Google Web Fonts to ensure consistent use of fonts on this site. When you access a page on this website, your browser will load the web fonts necessary for displaying text and fonts correctly as a result of establishing a connection with Google servers.

The use of Google Web Fonts is based on Art. 6 (1) (f) of the GDPR, as there is a legitimate interest in presenting the font uniformly on this website. If there is express consent in this regard, the data will be processed exclusively on the basis of Art. 6 (1) (a) of the GDPR.

For more information on how Google Web Fonts handles user data, please see the Privacy Policy available at: https://policies.google.com/privacy?hl=en

More details on GDPR compliance through the use of Google Web Fonts can be found in the Google Statement of November 18, 2022.

Google Maps

This website uses Google Maps, a mapping and location service, through an API. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, United States of America.

To ensure data protection on our website, you will find that Google Maps is disabled when you first visit our website. A direct connection to Google’s servers will not be established until Google Maps is activated autonomously, with your consent in accordance with Article 6(1)(a) of the GDPR. This will prevent data from being transferred to Google during your first visit to our website. After you activate the service, Google Maps will store your IP address. Typically, it is subsequently transferred to a Google server in the United States, where it is stored. The provider of this website has no control over this data transfer once Google Maps has been activated.

In light of the judgment of 16 July 2020 (pronounced in Case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU – US Privacy Shield is not adequate. Therefore, the transfer of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from data controllers in the EU to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from controllers in the EU to processors established outside the EU or EEA. For more information on these Clauses, we recommend that you visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

Google Maps uses Standard Contractual Clauses as adequate safeguards for data protection, in accordance with the level of protection guaranteed by the GDPR. For more information, please refer to Google’s Data Privacy Statement at the following address: https://policies.google.com/privacy.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereafter referred to as “reCAPTCHA”) on our website. The provider is Google Inc., headquartered at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to determine whether the data entered on our website (e.g., information entered in a contact form) is provided by a human user or an automated program. To determine this, reCAPTCHA analyzes visitor behavior on the site based on a variety of parameters. This analysis is triggered automatically as soon as the site visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time spent by the site visitor on the site, or cursor movements initiated by the user). The data tracked during these analyses is sent to Google. The reCAPTCHA analyses run entirely in the background. Site visitors are not warned that an analysis is taking place. The data is processed on the basis of Art. 6 para. 1 lit. f) GDPR. The operators of the website have a legitimate interest in protecting the web content of the operator against abusive use by automated industrial espionage systems and against SPAM.

In view of the judgment of 16 July 2020 (pronounced in Case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU-US Privacy Shield does not have an adequate character.

Therefore, the transfer of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from data controllers in the EU to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from data controllers in the EU to processors established outside the EU or EEA. For more information on these clauses, we recommend that you visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Google reCatpcha uses Standard Contractual Clauses as an adequate guarantee of data protection, in accordance with the level of protection guaranteed by the GDPR. For more information, please see Google’s Privacy Policy available here: https://policies.google.com/privacy and here https://policies.google.com/terms?hl=en.

Recruit CRM

We use Recruit CRM in our recruitment and workforce placement activity. The provider is Workforce Cloud Tech, Inc., based at 28 Mohawk Avenue, Norwood, NJ 07648. The purpose of Recruit CRM is to help recruitment companies grow with the help of technology, built to allow any developer or team to personalize and make the most of the entered information. Access is provided to candidate, company, contact, and job data. The data is processed based on art. 6 para. 1 lit. f) GDPR. The operators of Recruit CRM store and process data, including personal information, in the United States and the European Economic Area (“EEA”) and, possibly, in other countries, through third parties they use to operate and manage the services offered.

In light of the decision of July 16, 2020 (in the case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection provided by the EU-US Privacy Shield is not adequate.
Therefore, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) is based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for the transfer of data from data controllers in the EU to data controllers established outside the EU or the EEA. It has also issued a set of contractual clauses for the transfer of data from data controllers in the EU to processors established outside the EU or the EEA. For more information on these Clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
Google reCaptcha uses Standard Contractual Clauses as an adequate guarantee of data protection, in accordance with the level of protection guaranteed by GDPR. For more information, please consult the Privacy Policy, available here: https://recruitcrm.io/legal/privacy.

Online CHAT

Through WhatsApp, we ensure efficient communication with our customers. For those who reside in a country within the European Economic Area (which includes the European Union) and any other country or territory included (collectively referred to as the “European Region”), WhatsApp is operated by WhatsApp Ireland Limited, headquartered at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

In accordance with WhatsApp’s policy, which can be consulted and analyzed here: https://www.whatsapp.com/legal/#privacy-policy, WhatsApp Ltd. being part of Meta Companies, collects and processes personal data with respect to the applicable principles of security and confidentiality at the European (especially GDPR) or international level through this service.

The following is processed through WhatsApp:

  • data provided directly by users (such as information related to the user account – phone number, profile name, photo – user connections. Regarding transmitted messages, they are not stored on WhatsApp servers, except for those that could not be sent (for example, for an offline user) and which are stored for a period of 30 days before being deleted.
  • data collected automatically (user status information “last seen status”, user preferences stored through cookies, IP address, browser-related information, some transaction and payment-related information – for terms and conditions regarding payments, we recommend consulting https://www.whatsapp.com/legal/?eea=0#payments-in).

The legal basis for processing personal data through WhatsApp is represented by Art. 6 let. f) of the Regulation, based on our legitimate interest in the legality of processing.

In view of the judgment of July 16, 2020 (pronounced in Case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU-US Privacy Shield does not have adequate character.

Therefore, the transfer of personal data to the United States and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for transfers of data from data controllers in the EU to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for transfers of data from controllers in the EU to processors established outside the EU or EEA. For more information on these Clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

WhatsApp uses Standard Contractual Clauses as adequate guarantees for data protection, in accordance with the level of protection guaranteed by the GDPR, according to the information available here https://www.whatsapp.com/legal/#privacy-policy-our-global-operations.

Advertising and Analysis

Google Analytics

This website uses the web analytics service Google Analytics. The provider of this service is Google Inc. based in the United States of America, 1600 Amphitheatre Parkway, Mountain View, CA 94043.

Google Analytics uses so-called cookies. Cookies are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States, where it is stored.
The storage of Google Analytics cookies and the use of this analysis tool is based on Art. 6 (1) (f) GDPR. The operator of this website has a legitimate interest in analysing user patterns in order to optimise both the services offered online and the operator’s advertising activities.

In the light of the judgement of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.
The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro

The transmission of data to the United States of America is based on the European Commission’s Standard Contractual Clauses (SCC).

IP anonymisation

On this site we have enabled the IP anonymisation function. As a result, your IP address will be abbreviated by Google in the Member States of the European Union or in other countries that have ratified the European Economic Area Convention before being transmitted to the United States. The full IP will be transmitted to one of Google’s servers in the United States and will be abbreviated there only in exceptional cases. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of this website, compiling reports on website activity for website operators and providing other services to website operators in connection with website activity. The IP address transmitted together with Google Analytics from your browser will not be merged with other data owned by Google.

Demographic parameters provided by Google Analytics

This website uses the “demographic metrics” function provided by Google Analytics, which generates reports that provide information on the age, gender and interests of visitors to the website. The sources of this information are interest-based advertising generated by Google as well as visitor data obtained from third party service providers. This data cannot be allocated to a specific individual. You have the option to disable this feature at any time by making relevant changes to the advertising settings in your account. Google or you can generally prohibit the recording of your data by Google Analytics.

Archiving period

User or incident level data stored by Google related to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising IDs) will be anonymised or deleted after a maximum of 14 months. For details, please click on the following link:
https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.

Other Advertising and Analysis Services

Google Analytics Remarketing

Our site uses Google Analytics Remarketing features in combination with Google AdWords and Google DoubleClick features, which work across all devices. The provider of these solutions is Google Inc., based in the United States of America, 1600 Amphitheater Parkway, Mountain View, CA 94043.
This feature enables the connection of advertising target groups generated with Google Analytics Remarketing with Google AdWords and Google DoubleClick features, which work on all devices.
This makes it possible to display personalized interest-based advertising messages based on past usage and browsing patterns on a device (e.g., mobile) in a manner tailored to both you and any of your devices (e.g., tablet or PC).
If you have given your consent, Google will link the progress of your web browser and app to your account. Google for this purpose. Therefore, the same personalised advertising messages may be displayed on each device you sign into with your Google account.
To support this feature, Google Analytics records the logged-in IDs of users temporarily logged into Google Analytics data to define and compile target groups for ads to be displayed across devices.
You have the option to create permanent objections to remarketing/targeting on all devices by disabling personalized advertising in your Google account. To do so, follow this link: https://www.google.com/settings/ads/onweb/.
Consolidating data stored in your Google account will only take place on the basis of your consent which you can give to Google and also revoke (Article 6 (1) (a) GDPR).
Data recording processes that are not consolidated in your Google account (e.g. because you do not have a Google account or you have objected to the consolidation of data) are done on the basis of Art. 6 (1) (f) of GDPR. The legitimate interest lies in the fact that the website operator has a legitimate interest in the anonymous analysis of the website visitor for advertising purposes.

In view of the judgement of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.
The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro
Transmission of data to the United States of America is based on Standard Contractual Clauses (SCC) of the European Commission.
For more information and relevant data protection regulations, please see the Google Data privacy Policies at: https://policies.google.com/technologies/ads?hl=en.

Google Ads and Google Conversion Tracking

This site uses Google Ads. Ads is an online promotional program of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

In connection with Google Ads, we use a tool called Conversion Tracking. If you click on an ad served by Google, a cookie will be placed for conversion tracking purposes. Cookies are tiny text files that the web browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this site and the cookie has not yet expired, Google will be able to recognize that the user has clicked on an ad and has been linked to this page.
Another cookie is assigned to each Google Ads client. These cookies cannot be tracked through the Ads client websites. The information obtained through conversion cookies is used to generate conversion statistics for Ads clients who have opted to use conversion tracking. Users receive the total number of users who clicked on their ads and were connected to a page equipped with a conversion tracking tag. However, they do not receive any information that allows them to personally identify these users. If you do not wish to be involved, you have the option to object to this use by easily disabling Google’s conversion tracking cookie through your web browser under your user settings. If you do so, you will not be included in the Conversion Tracking statistics.
The storage of Conversion cookies and the use of this tracking tool is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user patterns for the purpose of optimizing the operator’s web offers and advertising.
In view of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.
The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro
The transmission of data to the United States of America is based on the European Commission’s Standard Contractual Clauses (SCC).
For more detailed information about Google Ads and Google Conversion Tracking, see Google’s Data Privacy Policies at: https://policies.google.com/privacy?hl=en.
You can configure your browser to notify you at any time when cookies are placed and you can allow cookies only in certain cases or disallow cookies in certain or all cases and you can also enable automatic deletion of cookies after you close your browser. If you disable cookies, the functions of this website may be limited.

Facebook Pixel

To measure conversion rates, our website uses the Facebook Visitor Activity Pixel, operated by Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
This tool allows us to track page visitors after they have logged into the website after clicking on a Facebook ad. This makes it possible to analyse the effectiveness of Facebook ads for statistical and market research purposes and to optimise future advertising campaigns.
For the operators of this website, the data collected is anonymous. We are not in a position to draw any conclusions about the identity of users. However, Facebook archives the information and processes it so that it is possible to log in to the profile and Facebook is able to use the data for its own promotional purposes in accordance with the Facebook Data Use Policy. This allows Facebook to display ads both on Facebook pages and outside Facebook. The operators of this site have no control over the use of this data.
The use of Facebook Pixel is based on Art. 6 (1) (f) GDPR. The operator of the site has a legitimate interest in effective advertising campaigns that include social media.
In the light of the judgment of 16 July 2020 (Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection offered by the EU-US Privacy Shield is not adequate.
The transmission of personal data to the US and other countries outside the European Economic Area (EEA) is therefore based on the European Commission’s Standard Contractual Clauses (SCC). The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for data transfers from EU data controllers to processors established outside the EU or the EEA. For more information on these clauses, we recommend that you visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.

Transmission of data to the United States is based on the European Commission’s Standard Contractual Clauses (SCC). In Facebook’s data privacy policies, you will find additional information about protecting privacy at: https://www.facebook.com/about/privacy/.
You also have the option to disable the “Custom Audiences” remarketing feature in the Ad Settings section under
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
To do this, you must first log in to Facebook.
If you do not have a Facebook account, you can disable user-based advertising through Facebook on the Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/ro/optiunile-mele.

Conclusion

This policy on the processing of personal data has been drawn up in accordance with the provisions of Regulation No 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend consulting the Policy on a regular basis for accurate and up-to-date information regarding the processing of personal data.

For more details on this GDPR Policy, as well as for exercising any of the rights stipulated above, you can send a written notice/email to the contact details provided herein.

Last update on: 03.03.2022