The first point of contact for privacy aspects at our organisation is the Data Protection Officer, who can be contacted via email: email@example.com or via phone: +385 1 481 6175.
Personal data to be processed
Q processes personal data of:
Data collected by applying for an open job position or by sending an open application:
- Personal Information: name and surname, address, email, phone number
- Professional Data: Cover Letter and CV/Resume
- Name and surname, email and/or phone number
- Email address, “cookies” – our site uses technical cookies (mandatory cookies, cannot be excluded) that are necessary for the functioning of the Internet site
(more information can be found here)
We process and store personal data for a limited time as follows: for website visitors: 26 months, for job candidates – 2 years, for clients – 5 years, and for newsletter subscriptions – 4 years.
Goals of and basis for processing
Depending on collected data, we process the personal data in order:
- to comply with a legal obligation
- to be able to implement and perform our services
- to give you the information needed
- for marketing purposes or messages about our services via newsletter
- to enable us to be practical and efficient using cookies
- to process a job application
All gathering of personal data is based on either:
- consent of the person sharing the data
- the execution of a contract to which the data subject is party
- compliance with a legal obligation
- the legitimate interest of Q or a third party
- the vital interest of the data subject or another person, or the public interest
We will not use the data for any purpose nor on any basis other than those listed above. If we need to process personal data for reasons other than those mentioned above, we will explicitly ask for your permission.
We also collect your information that you make available to us when you cooperate with us, or use our services, which are necessary for the execution of the contract), and we process them for the duration of our contractual relationship.
This includes data necessary for the delivery of contracted services, and the issuance of invoices, data proving the authority to enter into a contract, and data collected during communication with us (e.g. contact information).
Provision to third parties
In the context of the quality of our services, we can make use of the services of third parties which consist of our contractors and suppliers. In regard to data protection they have the role of processors or subprocessors, who process the personal data on the basis of our exact order. If these third parties have access to the personal data or they themselves record and/or otherwise process, we conclude a DPA with those third parties. This means, among other things, that these third parties may only process your personal data for the aforementioned purposes.
In connection with the processing activities described in this Policy, your data may be transferred to and/or processed in countries outside of the EU and the European Economic Area (“EEA”). The US and other countries may have data protection laws that differ from the laws of your country. In these cases, we provide appropriate safeguards to protect your personal data pursuant to Article 45 and 46 of the GDPR. These safeguards include compliance with the European Commission’s standard contractual clauses for transfers of personal data and reliance on the appropriate legal framework.
We have taken appropriate organisational and technical measures for the protection of the personal data, insofar as these can reasonably be required of us, taking into account the interest to be protected, the state of the technology and the costs of the relevant security measures:
- our employees and any third parties who necessarily have access to the personal data are obliged to confidentiality
- our employees have received a correct and complete instruction on the handling of personal data
- our employees are sufficiently familiar with the responsibilities and obligations according to the GDPR
- we do not tolerate situations that can bring Q into violation of laws and regulations
If there is a data leak incident regarding the personal data concerned, we will notify you no later than 72h after we notice the data breach or have been informed about this by our subprocessors.
The security of the processing of your personal data is confirmed by the ISO / IEC 27001 and ISO 9001 standards that we have implemented in Q ltd.
Automated decision making
Q does not conduct any decision making process without human intervention, so-called automated decision making, that could have a significant impact on you.
You have the right:
- to access and right to be informed
- to rectification and right to erasure
- to restriction of processing personal data and right to object
- to data transfer
- not to be subject to a decision based solely on automated processing
These rights can be exercised by contacting our Data Protection Officer, via email or phone number stated below.
If this does not lead to a satisfactory outcome, then there is always the right to file a complaint with the Personal Data Protection Agency (in Croatia: AZOP); the supervisory authority in the area of privacy or any other supervisory authority in his/her habitual residence, place of work or place of the alleged infringement of the data subjects rights. If you have questions about how we handle personal data, please let us know and feel free to reach directly to our Data Protection Officer via email: firstname.lastname@example.org or via phone: +385 1 481 6175.