Inefficient processes, slow delivery, and delivered products that never get used are common frustrations for businesses and IT enterprises. Finding the optimal path to get you from reality to vision is not easy. We are that software delivery partner.
Other information (date and place of birth; current location, photo, language skills, etc.).
We use your Identification Data to identify you, to maintain our HRM systems and HR records, to conduct employment verification and to facilitate our relationship with you, to administer payroll (or other financial transactions), and other employment obligations provided by law, as well as for other processing purposes described in this Policy.
Contact Data:
Full name;
Registered address;
Postal address;
Phone number;
Email address;
Social media address;
Usernames.
We use your Contact Data to communicate with you via respective means of communication about matters on employment or contractual relationship.
Biographical Data:
CV;
Social media (job boards) profiles;
Education information;
Professional credentials (licenses, certificates, etc.);
Personal traits (hard and soft skills, goals, etc.).;
Other information contained in the CV, motivation letter, or other sources provided by a candidate.
We use your Biographical Data to evaluate your personal and professional traits in the employment or contractor engagement context for a particular job position, to make hiring decisions, to help us facilitate your professional growth and development and to ensure successful job performance, etc.
Device Data:
System logs;
Access control devices records;
Internet-related data (IP address, metadata, etc.)
We can use Device Data whether using an Olsys’s or personal device for security management, including, but not limited to, system administration, incident detection, risk mitigation, and other related purposes.
Employment Data:
Work history information;
Time sheets and attendance records;
Sick leave records;
Insurance records;
Health and safety for accidents or injuries at work records;
Payroll records;
Maternity/paternity leaves records;
Performance reviews records;
Background check records;
Bonuses and disciplinary records;
Internal investigations and security breaches records.
We use your Employment Data to manage the employment relationships and fulfill obligations provided by law (e.g., administration of payroll, benefits, insurance, scheduling work time and absence, managing the workplace, monitoring premises, responding to inquiries, providing information and assistance, performance of security purposes, compliance and accountability programs, professional development programs, for archival and recordkeeping purposes, etc.).
We may collect relevant information about potential candidates, such as their children’s age, referral candidates or companies, etc.
We don’t collect Personal Data from children under 16 unless a child under 16 is the only emergency contact an individual could provide us with.
We don’t collect any sensitive data about candidates. Sensitive data is categorized as any data revealing your racial/ethnic origins; political opinions; religious beliefs; membership of a trade union; sexuality; physical or mental health conditions (Art. 9 GDPR). Nonetheless, we may collect some types of sensitive data, particularly health data about our employees only when processing sick leave records, health, and safety for accidents or injuries at work records, etc.
We don’t use Personal Data for our own marketing activities, namely, we don’t use Personal Data for marketing purposes after the termination of the contractual relationship or send any kind of advertising messages to our current or former employees and individual contractors.
We may use Google Analytics to help us better understand how individuals use our website. You may install the Google Analytics Opt-Out Browser by clicking here to prevent Google Analytics from using your information for analytics. To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page.
What are the legal bases for data processing?
GDPR provides an exclusive list of lawful bases allowing us to process personal data. During the personal data processing, we rely only on four of them, namely:
Performance of a contract: to enter into an employment contract with you or take steps at your request prior to entering into an employment contract with you. Although the submission of Personal Data for the entry into a contract is voluntary, without the necessary Personal Data we won’t be able to meet our contractual obligations as your employer.
Consent: we may occasionally ask you to give consent so we can use your Personal Data for one or more purposes, e.g., for the retention of your Personal Data for future recruitment offerings. Whenever the legal basis for the processing of your Personal Data is consent, we will inform you in advance. Processing your personal data on the basis of consent is always voluntary and without any negative consequences for you. So where the processing of your Personal Data is based on consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent, we will stop processing your Personal Data for that purpose unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of consent won’t impact any of our processing up to that point.
Compliance with a legal obligation: please, keep in mind that you are obliged to provide us with your Personal Data that we process on the basis of legal obligation. If you do not provide Personal Data that we absolutely need to collect and process as an employer, we cannot perform our legal obligations.
Legitimate interest: we may process your Personal Data on the basis of our legitimate interests, for example:
to make background checks in order to provide a healthy and safe working environment, prevent fraud, etc.;
to provide data transfers between our partner companies for prevention of fraud and internal administrative purposes, such as processing of employee Personal Data;
professional learning and development administration;
to analyze the performance of employees;
to process family members’ data in the context of HR records – next of kin, emergency contact, benefits and insurance, etc.
How long do we keep your Personal Data?
As a Data Controller, we are committed to the data minimization principle, hence we collect, keep, and process only Personal Data we need to fulfill the purposes defined in this Policy.
Your Personal Data is kept in records available to you in the HR department of Olsys LTD. We store and process your Personal Data until we do not need it for any of the purposes defined in this Policy unless a longer retention period is required or permitted by law, including for the purpose of satisfying any legal, accounting, or reporting requirements, or any other lawful purposes (usually, for tax administration and financial statements, or if we have an ongoing legal proceeding where the employee is part of).
In the case of most employee and independent contractor data, it is retained for the duration of your employment or contractual relationship with Olsys LTD and for a particular period of time established under applicable laws and regulations with regard to the storage of such data after that relationship terminates.
When we collect and process your Personal data on the basis of your consent, we will keep your Personal Data during a period specified in the consent or until the withdrawal of the consent. If the purpose for which we have processed the data is fulfilled, we will delete your data even if you do not withdraw the consent.
When we collect and process your Personal data on the basis of a contract, the time period for the retention of data is the entire period of the validity of the contract, including warranty or any other time periods arising from the concluded contract, unless we have a legal obligation for further storage of such data.
What rights do potential candidates and employees have?
You may exercise the following rights under the GDPR by submitting your request at [email protected]:
right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data;
right to erasure (“to be forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws;
right to restriction of processing means that you may ask us to restrict processing where: your personal data is not correct or outdated; the processing is unlawful;
right to object to the processing means that you may raise objections on grounds relating to your particular situation;
right to data portability means that you may ask us to transfer a copy of your personal data to another organization or to you;
right to withdraw the consent when your personal data processed on a basis of your consent;
right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data.
In case of any questions regarding data protection that we cannot answer, you can contact the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities via the link.
Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
Where did we get your Personal Data, and to whom may we disclose it?
We may get your Personal data from the following sources:
Directly from you. We collect your Personal Data directly from you when you communicate with us via relevant means of communication.
Your browser. When you browse our website, your computer interacts with a server that provides it with all the resources requested by automatically saving each operation in a specific file that identifies your computer by its IP address. Your browser automatically transmits certain standard data to us: in addition to your IP address, this includes the type of browser you use, its features, your operating system, identification of third-party sites (Facebook, Twitter, LinkedIn, etc.) from which you may have logged in as well as the dates and times of access to our sites. We cannot identify you by name using these data or your IP address.
Job boards and our partners in the recruitment process. While looking for a candidate, we may publish job positions on job boards, engage recruiters or recruitment agencies who look for potential candidates to take job positions on their own initiative, and offer relevant ones to us according to our request.
Your contacts who recommended you for a position. We may either obtain your personal data through the recommendation left by our current or past employee or service provider, or we may contact a person whose recommendations you’ve provided with your CV to confirm them.
If you are a representative of our current/potential client, vendor, or partner, we may process your full name, contact details, position, company you represent, activities in relation to the sales process, data on our communications with you, content and results of such communications, our internal notes about you, publicly available professional information about you.
We may share your Personal Data with our affiliates to operate our HR processes and some service providers (contractors) that process Personal Data on our behalf. Such access is limited to the purposes for which Personal Data were collected. All third parties to whom we may share your Personal Data are bound to comply with the applicable laws as well as the provisions of this Policy. By submitting your Personal Data, you agree to this transfer, storing and processing.
Where and only to the limit necessary, we may disclose your Personal Data:
To our related companies and/or affiliates.
To our contractors providing us different services.
To any state authorities, courts, or public administration bodies when required by law (e.g., Tax Authorities, Social Security Services, etc.).
Do we transfer your Personal Data outside of the European Economic Area?
Yes, we may transfer your Personal Data to countries outside the EU and EEA (the USA, Ukraine, etc.) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.
We only transfer your personal data to third parties within the requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where our contractor has an appropriate data processing agreement in place, we may adjoin such a data processing agreement. If so, we may regulate the transfer of Personal Data to such a contractor by means of this data processing agreement.
For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.
We disclose your personal data to countries outside the EU and the EEA in compliance with our internal international transfer procedure in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.
We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA, e.g., prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.
How do we protect your Personal Data?
Your Personal Data is securely stored and processed using technical and organizational measures, which are regularly reviewed to ensure they are state of the art and remain up to date.
Organizational measures include access control to Personal Data. At Olsys LTD, your Personal Data may be handled by our HR Department, payroll, and managers. In all cases, access to your data is strictly restricted to those who are authorized to process personal data.
Technical measures include application security (multi-factor authentication is mandatory for all employees to sign in critical systems) and work device protection (all the working devices are protected by password and have malware protection software installed as well as the RMM tool, which allows wiping the whole information in case of device loss. Disk encryption is mandatory for all devices which are used with critical and secure data). We also make regular backups to prevent data loss which are properly protected.
Olsys LTD enters into respective contracts defining the protection of personal data to ensure that your Personal Data remains safe and secure in every transfer.
If a Personal Data breach occurs, we will immediately inform you and/or competent supervisory authority about the violation where required to do so as prescribed by data protection legislation.
Do we use profiling or Automated Decision Making?
We don’t use any software, artificial intelligence or any other technologies which are able to make automated decisions that have legal or other serious effects (e.g., reject a CV if it does not have keywords, etc.).
Changes
We reserve the right to periodically change this Policy to the actual situation and legislation regarding the protection of personal data. For this reason, we ask that you check the current version before submitting any personal data, so you will be familiar with any changes or updates.
In case of material changes, we will make all reasonable efforts to inform you in advance.
Contact us
If you have any questions or comments regarding this Privacy Policy, please send an email to [email protected] with the subject line “Privacy Policy Request”.
Types of Personal Data
Purposes for collecting Personal Data
Identification Data:
Full name;
Gender;
Passport (ID) number;
Tax or social security number;
Other government-issued identifiers;
Payment details (bank account, mother’s name);
Company ID number;
Other information (date and place of birth; current location, photo, language skills, etc.).
We use your Identification Data to identify you, to maintain our HRM systems and HR records, to conduct employment verification and to facilitate our relationship with you, to administer payroll (or other financial transactions), and other employment obligations provided by law, as well as for other processing purposes described in this Policy.
Contact Data:
Full name;
Registered address;
Postal address;
Phone number;
Email address;
Social media address;
Usernames.
We use your Contact Data to communicate with you via respective means of communication about matters on employment or contractual relationship.
Biographical Data:
CV;
Social media (job boards) profiles;
Education information;
Professional credentials (licenses, certificates, etc.);
Personal traits (hard and soft skills, goals, etc.).;
Other information contained in the CV, motivation letter, or other sources provided by a candidate.
We use your Biographical Data to evaluate your personal and professional traits in the employment or contractor engagement context for a particular job position, to make hiring decisions, to help us facilitate your professional growth and development and to ensure successful job performance, etc.
Device Data:
System logs;
Access control devices records;
Internet-related data (IP address, metadata, etc.)
We can use Device Data whether using an Olsys’s or personal device for security management, including, but not limited to, system administration, incident detection, risk mitigation, and other related purposes.
Employment Data:
Work history information;
Time sheets and attendance records;
Sick leave records;
Insurance records;
Health and safety for accidents or injuries at work records;
Payroll records;
Maternity/paternity leaves records;
Performance reviews records;
Background check records;
Bonuses and disciplinary records;
Internal investigations and security breaches records.
We use your Employment Data to manage the employment relationships and fulfill obligations provided by law (e.g., administration of payroll, benefits, insurance, scheduling work time and absence, managing the workplace, monitoring premises, responding to inquiries, providing information and assistance, performance of security purposes, compliance and accountability programs, professional development programs, for archival and recordkeeping purposes, etc.).
We may collect relevant information about potential candidates, such as their children’s age, referral candidates or companies, etc.
We don’t collect Personal Data from children under 16 unless a child under 16 is the only emergency contact an individual could provide us with.
We don’t collect any sensitive data about candidates. Sensitive data is categorized as any data revealing your racial/ethnic origins; political opinions; religious beliefs; membership of a trade union; sexuality; physical or mental health conditions (Art. 9 GDPR). Nonetheless, we may collect some types of sensitive data, particularly health data about our employees only when processing sick leave records, health, and safety for accidents or injuries at work records, etc.
We don’t use Personal Data for our own marketing activities, namely, we don’t use Personal Data for marketing purposes after the termination of the contractual relationship or send any kind of advertising messages to our current or former employees and individual contractors.
We may use Google Analytics to help us better understand how individuals use our website. You may install the Google Analytics Opt-Out Browser by clicking here to prevent Google Analytics from using your information for analytics. To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page.
What are the legal bases for data processing?
GDPR provides an exclusive list of lawful bases allowing us to process personal data. During the personal data processing, we rely only on four of them, namely:
Performance of a contract: to enter into an employment contract with you or take steps at your request prior to entering into an employment contract with you. Although the submission of Personal Data for the entry into a contract is voluntary, without the necessary Personal Data we won’t be able to meet our contractual obligations as your employer.
Consent: we may occasionally ask you to give consent so we can use your Personal Data for one or more purposes, e.g., for the retention of your Personal Data for future recruitment offerings. Whenever the legal basis for the processing of your Personal Data is consent, we will inform you in advance. Processing your personal data on the basis of consent is always voluntary and without any negative consequences for you. So where the processing of your Personal Data is based on consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent, we will stop processing your Personal Data for that purpose unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of consent won’t impact any of our processing up to that point.
Compliance with a legal obligation: please, keep in mind that you are obliged to provide us with your Personal Data that we process on the basis of legal obligation. If you do not provide Personal Data that we absolutely need to collect and process as an employer, we cannot perform our legal obligations.
Legitimate interest: we may process your Personal Data on the basis of our legitimate interests, for example:
to make background checks in order to provide a healthy and safe working environment, prevent fraud, etc.;
to provide data transfers between our partner companies for prevention of fraud and internal administrative purposes, such as processing of employee Personal Data;
professional learning and development administration;
to analyze the performance of employees;
to process family members’ data in the context of HR records – next of kin, emergency contact, benefits and insurance, etc.
How long do we keep your Personal Data?
As a Data Controller, we are committed to the data minimization principle, hence we collect, keep, and process only Personal Data we need to fulfill the purposes defined in this Policy.
Your Personal Data is kept in records available to you in the HR department of Olsys LTD. We store and process your Personal Data until we do not need it for any of the purposes defined in this Policy unless a longer retention period is required or permitted by law, including for the purpose of satisfying any legal, accounting, or reporting requirements, or any other lawful purposes (usually, for tax administration and financial statements, or if we have an ongoing legal proceeding where the employee is part of).
In the case of most employee and independent contractor data, it is retained for the duration of your employment or contractual relationship with Olsys LTD and for a particular period of time established under applicable laws and regulations with regard to the storage of such data after that relationship terminates.
When we collect and process your Personal data on the basis of your consent, we will keep your Personal Data during a period specified in the consent or until the withdrawal of the consent. If the purpose for which we have processed the data is fulfilled, we will delete your data even if you do not withdraw the consent.
When we collect and process your Personal data on the basis of a contract, the time period for the retention of data is the entire period of the validity of the contract, including warranty or any other time periods arising from the concluded contract, unless we have a legal obligation for further storage of such data.
What rights do potential candidates and employees have?
You may exercise the following rights under the GDPR by submitting your request at [email protected]:
right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data;
right to erasure (“to be forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws;
right to restriction of processing means that you may ask us to restrict processing where: your personal data is not correct or outdated; the processing is unlawful;
right to object to the processing means that you may raise objections on grounds relating to your particular situation;
right to data portability means that you may ask us to transfer a copy of your personal data to another organization or to you;
right to withdraw the consent when your personal data processed on a basis of your consent;
right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data.
In case of any questions regarding data protection that we cannot answer, you can contact the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities via the link.
Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
Where did we get your Personal Data, and to whom may we disclose it?
We may get your Personal data from the following sources:
Directly from you. We collect your Personal Data directly from you when you communicate with us via relevant means of communication.
Your browser. When you browse our website, your computer interacts with a server that provides it with all the resources requested by automatically saving each operation in a specific file that identifies your computer by its IP address. Your browser automatically transmits certain standard data to us: in addition to your IP address, this includes the type of browser you use, its features, your operating system, identification of third-party sites (Facebook, Twitter, LinkedIn, etc.) from which you may have logged in as well as the dates and times of access to our sites. We cannot identify you by name using these data or your IP address.
Job boards and our partners in the recruitment process. While looking for a candidate, we may publish job positions on job boards, engage recruiters or recruitment agencies who look for potential candidates to take job positions on their own initiative, and offer relevant ones to us according to our request.
Your contacts who recommended you for a position. We may either obtain your personal data through the recommendation left by our current or past employee or service provider, or we may contact a person whose recommendations you’ve provided with your CV to confirm them.
If you are a representative of our current/potential client, vendor, or partner, we may process your full name, contact details, position, company you represent, activities in relation to the sales process, data on our communications with you, content and results of such communications, our internal notes about you, publicly available professional information about you.
We may share your Personal Data with our affiliates to operate our HR processes and some service providers (contractors) that process Personal Data on our behalf. Such access is limited to the purposes for which Personal Data were collected. All third parties to whom we may share your Personal Data are bound to comply with the applicable laws as well as the provisions of this Policy. By submitting your Personal Data, you agree to this transfer, storing and processing.
Where and only to the limit necessary, we may disclose your Personal Data:
To our related companies and/or affiliates.
To our contractors providing us different services.
To any state authorities, courts, or public administration bodies when required by law (e.g., Tax Authorities, Social Security Services, etc.).
Do we transfer your Personal Data outside of the European Economic Area?
Yes, we may transfer your Personal Data to countries outside the EU and EEA (the USA, Ukraine, etc.) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.
We only transfer your personal data to third parties within the requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where our contractor has an appropriate data processing agreement in place, we may adjoin such a data processing agreement. If so, we may regulate the transfer of Personal Data to such a contractor by means of this data processing agreement.
For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.
We disclose your personal data to countries outside the EU and the EEA in compliance with our internal international transfer procedure in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.
We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA, e.g., prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.
How do we protect your Personal Data?
Your Personal Data is securely stored and processed using technical and organizational measures, which are regularly reviewed to ensure they are state of the art and remain up to date.
Organizational measures include access control to Personal Data. At Olsys LTD, your Personal Data may be handled by our HR Department, payroll, and managers. In all cases, access to your data is strictly restricted to those who are authorized to process personal data.
Technical measures include application security (multi-factor authentication is mandatory for all employees to sign in critical systems) and work device protection (all the working devices are protected by password and have malware protection software installed as well as the RMM tool, which allows wiping the whole information in case of device loss. Disk encryption is mandatory for all devices which are used with critical and secure data). We also make regular backups to prevent data loss which are properly protected.
Olsys LTD enters into respective contracts defining the protection of personal data to ensure that your Personal Data remains safe and secure in every transfer.
If a Personal Data breach occurs, we will immediately inform you and/or competent supervisory authority about the violation where required to do so as prescribed by data protection legislation.
Do we use profiling or Automated Decision Making?
We don’t use any software, artificial intelligence or any other technologies which are able to make automated decisions that have legal or other serious effects (e.g., reject a CV if it does not have keywords, etc.).
Changes
We reserve the right to periodically change this Policy to the actual situation and legislation regarding the protection of personal data. For this reason, we ask that you check the current version before submitting any personal data, so you will be familiar with any changes or updates.
In case of material changes, we will make all reasonable efforts to inform you in advance.
Contact us
If you have any questions or comments regarding this Privacy Policy, please send an email to [email protected] with the subject line “Privacy Policy Request”.
Last updated: May 15, 2023
Olsys LTD and its related companies and/or affiliates (the “Company”, “we”, “us” or “our”) respect your right to privacy and maintain the highest level of personal data protection. In carrying out activities, we are committed to acting according to the applicable laws and regulations that define personal data protection.
We prepared this HR Privacy Policy (“Policy”) to provide you with information about the purposes for which your Personal Data will be acquired and how it will be used, what your rights are in relation to the processing of Personal Data we keep about you and how you can exercise them.
This Policy applies to:
candidates (and potential candidates) who apply for any job position published by Olsys LTD on job boards, social media, or any other source or provide their personal data via emails, messengers, video and voice calls, or other means of communication in the context of the candidate selection;
non-selected candidates who have consented to the retention of their Personal Data for future recruitment purposes;
current and former employees and independent contractors (service providers) of Olsys LTD.
What data do we collect and why?
For the purpose of this Policy, “Personal Data” means any personal data within the meaning of GDPR related to natural persons who are current and former employees or independent contractors, potential candidates, job applicants, and other individuals as appropriate in the context of an employment or contractual work relationship or candidate selection.
As part of human resources procedures, we may process the following types of Personal Data, either submitted as part of an online application and/or directly obtained from you via job boards, e-mails, personal messages from a public page on social networks, video and voice calls, messengers, networking or personal meetings, or any other sources, as well as data obtained as part of the employment or contractual relationship:
Types of Personal Data
Purposes for collecting Personal Data
Identification Data:
Full name;
Gender;
Passport (ID) number;
Tax or social security number;
Other government-issued identifiers;
Payment details (bank account, mother’s name);
Company ID number;
Other information (date and place of birth; current location, photo, language skills, etc.).
We use your Identification Data to identify you, to maintain our HRM systems and HR records, to conduct employment verification and to facilitate our relationship with you, to administer payroll (or other financial transactions), and other employment obligations provided by law, as well as for other processing purposes described in this Policy.
Contact Data:
Full name;
Registered address;
Postal address;
Phone number;
Email address;
Social media address;
Usernames.
We use your Contact Data to communicate with you via respective means of communication about matters on employment or contractual relationship.
Biographical Data:
CV;
Social media (job boards) profiles;
Education information;
Professional credentials (licenses, certificates, etc.);
Personal traits (hard and soft skills, goals, etc.).;
Other information contained in the CV, motivation letter, or other sources provided by a candidate.
We use your Biographical Data to evaluate your personal and professional traits in the employment or contractor engagement context for a particular job position, to make hiring decisions, to help us facilitate your professional growth and development and to ensure successful job performance, etc.
Device Data:
System logs;
Access control devices records;
Internet-related data (IP address, metadata, etc.)
We can use Device Data whether using an Olsys’s or personal device for security management, including, but not limited to, system administration, incident detection, risk mitigation, and other related purposes.
Employment Data:
Work history information;
Time sheets and attendance records;
Sick leave records;
Insurance records;
Health and safety for accidents or injuries at work records;
Payroll records;
Maternity/paternity leaves records;
Performance reviews records;
Background check records;
Bonuses and disciplinary records;
Internal investigations and security breaches records.
We use your Employment Data to manage the employment relationships and fulfill obligations provided by law (e.g., administration of payroll, benefits, insurance, scheduling work time and absence, managing the workplace, monitoring premises, responding to inquiries, providing information and assistance, performance of security purposes, compliance and accountability programs, professional development programs, for archival and recordkeeping purposes, etc.).
We may collect relevant information about potential candidates, such as their children’s age, referral candidates or companies, etc.
We don’t collect Personal Data from children under 16 unless a child under 16 is the only emergency contact an individual could provide us with.
We don’t collect any sensitive data about candidates. Sensitive data is categorized as any data revealing your racial/ethnic origins; political opinions; religious beliefs; membership of a trade union; sexuality; physical or mental health conditions (Art. 9 GDPR). Nonetheless, we may collect some types of sensitive data, particularly health data about our employees only when processing sick leave records, health, and safety for accidents or injuries at work records, etc.
We don’t use Personal Data for our own marketing activities, namely, we don’t use Personal Data for marketing purposes after the termination of the contractual relationship or send any kind of advertising messages to our current or former employees and individual contractors.
We may use Google Analytics to help us better understand how individuals use our website. You may install the Google Analytics Opt-Out Browser by clicking here to prevent Google Analytics from using your information for analytics. To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page.
What are the legal bases for data processing?
GDPR provides an exclusive list of lawful bases allowing us to process personal data. During the personal data processing, we rely only on four of them, namely:
Performance of a contract: to enter into an employment contract with you or take steps at your request prior to entering into an employment contract with you. Although the submission of Personal Data for the entry into a contract is voluntary, without the necessary Personal Data we won’t be able to meet our contractual obligations as your employer.
Consent: we may occasionally ask you to give consent so we can use your Personal Data for one or more purposes, e.g., for the retention of your Personal Data for future recruitment offerings. Whenever the legal basis for the processing of your Personal Data is consent, we will inform you in advance. Processing your personal data on the basis of consent is always voluntary and without any negative consequences for you. So where the processing of your Personal Data is based on consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent, we will stop processing your Personal Data for that purpose unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of consent won’t impact any of our processing up to that point.
Compliance with a legal obligation: please, keep in mind that you are obliged to provide us with your Personal Data that we process on the basis of legal obligation. If you do not provide Personal Data that we absolutely need to collect and process as an employer, we cannot perform our legal obligations.
Legitimate interest: we may process your Personal Data on the basis of our legitimate interests, for example:
to make background checks in order to provide a healthy and safe working environment, prevent fraud, etc.;
to provide data transfers between our partner companies for prevention of fraud and internal administrative purposes, such as processing of employee Personal Data;
professional learning and development administration;
to analyze the performance of employees;
to process family members’ data in the context of HR records – next of kin, emergency contact, benefits and insurance, etc.
How long do we keep your Personal Data?
As a Data Controller, we are committed to the data minimization principle, hence we collect, keep, and process only Personal Data we need to fulfill the purposes defined in this Policy.
Your Personal Data is kept in records available to you in the HR department of Olsys LTD. We store and process your Personal Data until we do not need it for any of the purposes defined in this Policy unless a longer retention period is required or permitted by law, including for the purpose of satisfying any legal, accounting, or reporting requirements, or any other lawful purposes (usually, for tax administration and financial statements, or if we have an ongoing legal proceeding where the employee is part of).
In the case of most employee and independent contractor data, it is retained for the duration of your employment or contractual relationship with Olsys LTD and for a particular period of time established under applicable laws and regulations with regard to the storage of such data after that relationship terminates.
When we collect and process your Personal data on the basis of your consent, we will keep your Personal Data during a period specified in the consent or until the withdrawal of the consent. If the purpose for which we have processed the data is fulfilled, we will delete your data even if you do not withdraw the consent.
When we collect and process your Personal data on the basis of a contract, the time period for the retention of data is the entire period of the validity of the contract, including warranty or any other time periods arising from the concluded contract, unless we have a legal obligation for further storage of such data.
What rights do potential candidates and employees have?
You may exercise the following rights under the GDPR by submitting your request at [email protected]:
right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data;
right to erasure (“to be forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws;
right to restriction of processing means that you may ask us to restrict processing where: your personal data is not correct or outdated; the processing is unlawful;
right to object to the processing means that you may raise objections on grounds relating to your particular situation;
right to data portability means that you may ask us to transfer a copy of your personal data to another organization or to you;
right to withdraw the consent when your personal data processed on a basis of your consent;
right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data.
In case of any questions regarding data protection that we cannot answer, you can contact the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities via the link.
Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
Where did we get your Personal Data, and to whom may we disclose it?
We may get your Personal data from the following sources:
Directly from you. We collect your Personal Data directly from you when you communicate with us via relevant means of communication.
Your browser. When you browse our website, your computer interacts with a server that provides it with all the resources requested by automatically saving each operation in a specific file that identifies your computer by its IP address. Your browser automatically transmits certain standard data to us: in addition to your IP address, this includes the type of browser you use, its features, your operating system, identification of third-party sites (Facebook, Twitter, LinkedIn, etc.) from which you may have logged in as well as the dates and times of access to our sites. We cannot identify you by name using these data or your IP address.
Job boards and our partners in the recruitment process. While looking for a candidate, we may publish job positions on job boards, engage recruiters or recruitment agencies who look for potential candidates to take job positions on their own initiative, and offer relevant ones to us according to our request.
Your contacts who recommended you for a position. We may either obtain your personal data through the recommendation left by our current or past employee or service provider, or we may contact a person whose recommendations you’ve provided with your CV to confirm them.
If you are a representative of our current/potential client, vendor, or partner, we may process your full name, contact details, position, company you represent, activities in relation to the sales process, data on our communications with you, content and results of such communications, our internal notes about you, publicly available professional information about you.
We may share your Personal Data with our affiliates to operate our HR processes and some service providers (contractors) that process Personal Data on our behalf. Such access is limited to the purposes for which Personal Data were collected. All third parties to whom we may share your Personal Data are bound to comply with the applicable laws as well as the provisions of this Policy. By submitting your Personal Data, you agree to this transfer, storing and processing.
Where and only to the limit necessary, we may disclose your Personal Data:
To our related companies and/or affiliates.
To our contractors providing us different services.
To any state authorities, courts, or public administration bodies when required by law (e.g., Tax Authorities, Social Security Services, etc.).
Do we transfer your Personal Data outside of the European Economic Area?
Yes, we may transfer your Personal Data to countries outside the EU and EEA (the USA, Ukraine, etc.) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.
We only transfer your personal data to third parties within the requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where our contractor has an appropriate data processing agreement in place, we may adjoin such a data processing agreement. If so, we may regulate the transfer of Personal Data to such a contractor by means of this data processing agreement.
For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.
We disclose your personal data to countries outside the EU and the EEA in compliance with our internal international transfer procedure in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.
We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA, e.g., prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.
How do we protect your Personal Data?
Your Personal Data is securely stored and processed using technical and organizational measures, which are regularly reviewed to ensure they are state of the art and remain up to date.
Organizational measures include access control to Personal Data. At Olsys LTD, your Personal Data may be handled by our HR Department, payroll, and managers. In all cases, access to your data is strictly restricted to those who are authorized to process personal data.
Technical measures include application security (multi-factor authentication is mandatory for all employees to sign in critical systems) and work device protection (all the working devices are protected by password and have malware protection software installed as well as the RMM tool, which allows wiping the whole information in case of device loss. Disk encryption is mandatory for all devices which are used with critical and secure data). We also make regular backups to prevent data loss which are properly protected.
Olsys LTD enters into respective contracts defining the protection of personal data to ensure that your Personal Data remains safe and secure in every transfer.
If a Personal Data breach occurs, we will immediately inform you and/or competent supervisory authority about the violation where required to do so as prescribed by data protection legislation.
Do we use profiling or Automated Decision Making?
We don’t use any software, artificial intelligence or any other technologies which are able to make automated decisions that have legal or other serious effects (e.g., reject a CV if it does not have keywords, etc.).
Changes
We reserve the right to periodically change this Policy to the actual situation and legislation regarding the protection of personal data. For this reason, we ask that you check the current version before submitting any personal data, so you will be familiar with any changes or updates.
In case of material changes, we will make all reasonable efforts to inform you in advance.
Contact us
If you have any questions or comments regarding this Privacy Policy, please send an email to [email protected] with the subject line “Privacy Policy Request”.
