1. GENERAL INFORMATION
The current notification is designed to inform you about the processing of your personal data and your rights relating to such processing in accordance with the General Data Protection Regulations (“GDPR”) and local legislation in force. Hereby you are explained how the processing of your personal data by BARKLAV takes place and where we ensure these are processed in a responsible manner.
b) The Controller and the Processor BARKLAV, in accordance with the legislation in force, is both Controller or Processor. You can find below information about BARKLAV’s contact details. Also below, you can find the contact details of BARKLAV’s Data Protection Officer, whom you can contact for questions or requests about processing your data. BARKLAV, and its partners take very seriously the security of your data. Compliance with the legislation on personal data protection and good practice in the field, as well as ensuring a climate of transparency, security and trust is a priority for which the employees, partners, suppliers, and BARKLAV’s management firmly declare their support.
c) Data Protection Officer
You can contact the Data Protection Officer at any time using the following contact details:
BARKLAV SRL – 251-253 Mamaia Blvd., 2nd floor, 900559, Constanta, Romania,
dpo@BARKLAV.ro phone: +40 374 407 956
2. PERSONAL DATA PROCESSED BY BARKLAV
The personal data processed by BARKLAV is obtained directly from you and is of the following types:
a) Personal data: last name; first name; gender; date of birth; age; citizenship; video recordings; personal identification number (CNP); information in your identity papers (date of issue, expiration date, place of birth, etc.).
b) Sensitive data: medical data, information about your family members and kinship relations, criminal records (where required by embassies), professional profile (references, employer assessments).
c) Contact details: address of domicile / residence; mobile / landline phone number; fax number; Email address.
d) Banking data: bank account or bank card number / IBAN code; last name and first name of the bank account holder (may be different from yourself). e) Professional data: employment history, positions and roles held, completed studies, certificates and professional certificates.
3. COLLECTION OF PERSONAL DATA
The source of your personal data is yourself! BARKLAV does not collect personal data except through the employment / application forms that each candidate fills in and submits electronically via e-mail; these are either BARKLAV standard forms or a candidate’s chosen format.
4. LEGAL BASIS OF PERSONAL DATA PROCESSING
The legal basis for collecting and processing your personal data is:
– your consent
– the employment / application form (legitimate interest of the controller / processor)
– the employment contract you are part of
– a legal obligation to communicate, upon request, to public authorities
– the legitimate interest of BARKLAV in solving any disputes that may arise from the employment contract
5. PURPOSE OF PERSONAL DATA PROCESSING
The purposes for processing your personal data are:
– to register in the potential candidates pool for a contract of employment through BARKLAV
– for interviewing and testing in view of potential employment
– for pre-employment medical check-up
– for checking of professional background with previous employers
– for employment purposes
– for financial management of an employment contract (payroll, taxes, etc)
– for travel arrangements, including obtaining visas (and criminal records where required)
– for professional training sessions
– for a marketing campaign in which you are informed of any job offers
– to fulfil a legal obligation of communication, upon request, to public authorities
– to formulate requests and defenses before public authorities and other entities that settle
– to conduct surveys, debriefings and ask questions to you in order to get your opinion
– for video surveillance at BARKLAV headquarters
6. DISCLOSURE OF PERSONAL DATA
BARKLAV does not disclose your personal data to other companies or organizations except in business-specific situations.
Unfortunately, it is not possible at this point to provide accurate information about the exact identity of all possible recipients of your data because they cannot be pre-established for each potential candidate but you can find the categories of such recipients below:
– your potential employers
– service providers directly / indirectly involved in the employment contract (insurers, travel agents, transport companies, medical clinics, embassies, training centres, international state authorities)
– public authorities in any area at their request or at the initiative of BARKLAV in accordance with the applicable law (eg international maritime administrations)
– accountants, auditors, lawyers and other external professional consultants of BARKLAV, from Romania or abroad; they will be bound by a law or by the contract concluded with BARKLAV to keep the confidentiality of your data
– natural or legal persons acting as authorized persons for BARKLAV in various areas anywhere in the world who will be required to comply with the requirements of the law that protects your rights they provide certain services to BARKLAV (for example: agents)
– any person, agency or relevant court in Romania or any other State – to the extent necessary to establish, exercise or defend a right of BARKLAV in court.
7. THE TRANSFER OF PERSONAL DATA TO A COUNTRY OUTSIDE THE EUROPEAN ECONOMIC AREA
BARKLAV will transfer your personal data to potential employers or companies outside of the European Economic Area. For such transfers, BARKLAV will ensure that the country in question is included in the European Commission’s Decision of Adequacy or, failing that, will sign Standard Contract Clauses to ensure that the transfer of personal data is regulated by the same level of security and strictness as transfers within the European Community.
8. STORING PERSONAL DATA
The length of time for storing your personal data is:
– 1 year from the date of receiving your application, if an employment contract was not executed
– 10 years from the date of termination of the last employment contract
After the expiration of these periods, all your personal data will be deleted.
To store your data, BARKLAV uses cloud servers of specialized companies (i.e. Microsoft Azure) with a high degree of security.
9. SECURITY OF PERSONAL DATA
BARKLAV implemented the following measures to ensure the security of personal data:
– by adopting and reviewing policies dedicated to data processing
– by minimizing the amount of processed personal data
– by restricting access to personal data
– by specific technical measures to secure access to personal data
– by ensuring the accuracy of personal data
– by training the staff on how data is processed and the related risks
– by deleting or anonymizing the data so that the person to whom it relates can no longer be identified
– by control of providers by introducing contractual clauses on the protection of personal data
10. YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
Right of access to data. You have the right to access your data or copies thereof; you also have the right to obtain information about the nature, processing and disclosure of these data.
Right to data rectification. You have the right to get the inaccuracies of your data rectified.
Right to deletion of data (“the right to be forgotten”). You have the right to remove your data from BARKLAV.
The right to restrict data processing. You have the right to restrict the processing of your data by BARKLAV.
The right to object. You have the right to object to the processing of your data by BARKLAV or on behalf of BARKLAV.
The right to data portability. You have the right to obtain the transfer of your data to another controller.
Right to withdrawal of consent. In cases where your data is processed under your consent, you have the right to withdraw your consent; you can do this at any time, at least as easy as you first granted consent; withdrawing consent will not affect the lawfulness of processing your data that was made prior to withdrawal. You can withdraw your consent by sending an email to firstname.lastname@example.org.
The right to lodge a complaint with the supervisory authority. You have the right to file a complaint with the Supervising Authority for Personal Data Processing regarding irregularities in the processing of your data by BARKLAV or on behalf of BARKLAV. This can be done directly on the www.dataprotection.ro site at the “Complaints and Grievances” section or using the contact details.
For the exercise of these rights, as well as for any further questions regarding this notice or in connection with the use of personal data by BARKLAV, please contact us by choosing any of the communication modalities described in Chapter 1 under “Data Protection Officer”.
11. IN CASE YOU WILL NOT PROVIDE YOUR PERSONAL DATA
You are not required to provide the personal data mentioned in this notification. In this respect, if you choose not to provide this data, BARKLAV will not be able to provide you with its services.
12. EXISTENCE OF AUTOMATIC PROCESSES
Barklav has no automatic data processing processes in place, and all personal data processing is done manually by BARKLAV staff.
The Supervising Authority for Personal Data Processing: an independent public authority which, according to the law, has powers related to supervising the personal data protection legislation. In Romania, this authority is the National Supervising Authority for Personal Data Processing (ANSPDCP).
Special categories of personal data (sensitive data): personal data revealing racial or ethnic origin, political opinions, religious confession or philosophical beliefs or trade union membership; genetic data; biometric data to uniquely identify an individual; data on the health, sex or sexual orientation of a natural person; data on the history of possible criminal convictions of a person; performance data and workplace assessments
Consent of the data subject: any manifestation of the free, specific, informed, and unambiguous will of the data subject by which he or she accepts, through an unequivocal statement or action, that the personal data concerning him or her is processed.
Personal data: any information about an identified or identifiable individual. A natural person is identifiable if it can be identified, directly or indirectly, in particular by reference to an identification element, for example: name, identification number, location data, online identifier, one or more elements, specific to the physiological, genetic, psychological, economic, cultural or social identity of that person. For example, in the notion of personal data, the following are included: first and last name; address of domicile or residence; Email Address; phone number; Personal Identification Number (CNP) medical data (sensitive data). The categories of personal data about you that we process are listed above.
Consignee: The natural or legal person, public authority, agency or other body to whom personally identifiable information is disclosed regardless of whether or not it is a third party.
Breach of personal data security: a security breach that accidentally or unlawfully leads to the unauthorized destruction, loss, amendment or disclosure of personal data transmitted, stored or otherwise processed or to unauthorized access thereto.
Controller: a natural or legal person who decides why (for what purpose) and how (by what means) personal data is processed. According to the law, the responsibility for complying with the legislation on personal data rests primarily with the controller.
Third party: a natural or legal person, a public authority, an agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to transfer personal data
Partners / providers: legal entities with which BARKLAV has signed a collaboration agreement. Processor: any natural or legal person who processes personal data on behalf of the controller other than the controller’s employees. Processing of personal data: any operation or set of operations performed on personal data, with or without the use of automated means; for example: collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing, disseminating or making available in any other way alignment or combination, restriction, deletion or destruction of those personal data. These are just examples. Practically, processing means any operation on personal data, whether by automatic or manual means.