RANDSTAD Romania (Registered office: Dacia, 153-155, Bucharest, company registration number: RO17549799, hereinafter: “Randstad”) pays special attention to the fact that persons subscribing to the newsletter service are on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 hereinafter referred to as the “Regulation”), Act CXII of 2011 on the Right to Self-Determination of Information and Freedom of Information. in accordance with the provisions of this Act and other applicable legislation.

The terms used in this data management information are to be interpreted in accordance with the terms defined in the interpretative provisions of the GDPR.

The purpose of this Privacy Notice (the “Notice” or “Privacy Notice”) is to provide Randstad with information about the data management practices used to process their personal information to those who subscribe to its newsletter. Randstad - respecting this Prospectus and its contents - natural persons or persons using the Services in any way. recognizes the personal rights and self-determination of those who subscribe to the newsletter as binding on them.

The person subscribing to the newsletter uses the Service of the Data Controller on his / her own behalf. Otherwise, the subscriber is responsible for ensuring that the information provided for third parties is respected. has lawfully obtained the consent of the subscriber to the processing of personal data made available. The resp. the subscriber is responsible for the content shared, the authenticity, adequacy and accuracy of the personal data. Randstad accepts no liability for any deficiencies in the information provided and for the consequences of incorrect data, for which Randstad expressly excludes its liability.

The subscriber has the right to withdraw his or her consent to the data processing in part or in full by written notification to Randstad, or to request the deletion of his data. recruitment@randstad.ro via email address.

1. DATA DEFINITION AND CONTACT DETAILS

Name: Randstad Romania

Headquarters: bd Dacia, 153-155, 6th floor Bucharest

Company registration number: RO17549799

Phone number: +4021 336 5253

E-mail address: recruiting@randstad.ro

Website address: https://www.randstad.ro

Data protection officer of the data controller: Alexandra Toma

Contact details of the data controller: recruiting@randstad.ro

Hereinafter referred to as "Randstad" or "Data Controller"

2. SCOPE OF DATA PROCESSED, LEGAL BASIS, PURPOSE AND DURATION OF DATA PROCESSING

Legal basis for data management

The legal basis for the processing is the voluntary and explicit prior informed consent of the subscribers to the newsletter pursuant to Article 6 (1) (a) of the Regulation. By subscribing to the newsletter, the subscriber confirms that he / she has read and read this Privacy Policy in its entirety, accepts the provisions contained therein and agrees that Randstad voluntarily and informedly consents to the personal data provided voluntarily to Randstad. For the purposes set out in this Prospectus, manage it within the framework of the Regulation and this Data Management Prospectus.

Data management time

The Data Controller retains the personal data of the subscribers during the subscription period. Subscribers may unsubscribe from the newsletter at any time to withdraw their consent to data management. As a result of unsubscribing from the newsletter, the Data Controller will delete the personal data of the data subject no later than [72 hours] after the relevant request / unsubscription.

3. DATA PROCESSING

Randstad uses data processors to perform certain technical (IT) operations on personal data. The data processors are:

●    Google Inc., headquartered at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA - business: correspondence, hosting

●    Amazon (headquarters: 410 Terry Avenue North Seattle, Washington 98109-5210 USA) - activity: server and hosting provider

●    Traffit sro, (established in Gdynia, Aleja Zwycięstwa 96/98, Poland) - activity: database management

4. DATA ACCESS AND DATA SECURITY MEASURES, DATA TRANSMISSION

4.1. access to data, data transmission

Personal data can be accessed by Randstad employees who need it to perform their duties. The personal data of subscribers to the newsletter will not be passed on to third parties.

4.2. Data security measures

The controller shall take all necessary measures to ensure the security of the data, ensuring an adequate level of protection, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage. The data controller shall ensure the security of the data with appropriate technical and organizational measures.

The data controller selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data:

●    accessible to those entitled to it (availability);

●    authenticity and authentication are ensured (authenticity of data management);

●    its invariability can be justified (data integrity);

●    be protected against unauthorized access (data confidentiality).

It is retained by the data controller during data management

●    confidentiality: protects information so that only those who have access to it can access it;

●    integrity: protects the accuracy and completeness of information and the method of processing;

●    availability: ensures that when an authorized user needs it, they can actually access the information they want and have the tools to do so.

5. RIGHTS OF THE CANDIDATE

The subscriber of the newsletter may request information in writing from Randstad via the contact details provided in point 1 in order to inform:

●    what personal information

●    on what legal basis,

●    for what data management purpose,

●    from what source

●    how long do you treat

●    Data controller to whom, when, under what legislation, which personal data was granted access or to whom he / she transferred his / her personal data.

The data controller shall provide the information in a widely used electronic format to the subscriber of the newsletter, unless the subscriber of the newsletter requests it in writing on paper. Randstad does not provide oral information by telephone.

Randstad will provide a copy of your personal data (in person at customer service) free of charge for the first time to the newsletter subscriber. Randstad may charge a reasonable fee based on administrative costs for additional copies requested by the data controller. If the subscriber to the newsletter requests an electronic copy, Randstad will provide the information to the subscriber by e-mail in a widely used electronic format.

Following the information, the subscriber of the newsletter may, if he / she does not agree with the data processing, the correctness of the processed data, request the correction, supplementation, deletion, restriction of processing, protest against the processing of such personal data, or may initiate the procedure set out in point 7.

5.1. The right to correct and supplement processed personal data

At the written request of the subscriber of the newsletter, the Data Controller shall correct the inaccurate personal data indicated in writing or in person by the subscriber of the newsletter without undue delay, or supplement the incomplete data with the content indicated by the subscriber of the newsletter. The data controller shall inform all recipients with whom the personal data has been communicated of the correction or addition, unless this proves impossible or requires a disproportionate effort. The subscriber of the newsletter will be informed of the details of these recipients if he so requests in writing.

5.2. Right to data management restriction

You can request the Data Controller to restrict the processing of your data by submitting a written request to the newsletter if

●    the subscriber of the newsletter disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to check the accuracy of the personal data,

●    the data processing is illegal and the subscriber of the newsletter opposes the deletion of the data and instead requests a restriction on their use,

●    The data controller no longer needs the personal data for data management purposes, but the subscriber to the newsletter requests it in order to submit, validate or protect legal claims.

Restricted personal data of subscribers to a newsletter, other than storage, may be processed during that period only with the consent of the subscriber, or for the submission, enforcement or protection of legal claims or the protection of the rights of another natural or legal person. The data controller shall inform the subscriber of the newsletter, at whose request he / she has restricted the data management, of the lifting of the data management restriction in advance.

5.3. Right of cancellation (forgetting)

At the request of the subscriber of the newsletter, the Data Controller shall delete the personal data of the subscriber of the newsletter without undue delay if one of the following reasons exists: i) the personal data are no longer needed for the purpose for which they were collected or otherwise processed by the Data Controller; (ii) the subscriber to the newsletter withdraws his or her consent on which the data processing is based - unsubscribes from the newsletter and there is no other legal basis for the data processing; iii) personal data is unlawfully processed by the Data Controller.

The subscriber of the newsletter may not exercise the right to delete or forget if the data processing is necessary for i) the exercise of the right to freedom of expression and information; (ii) on grounds of public interest in the field of public health; (iii) for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where the exercise of the right of erasure would make such processing impossible or seriously jeopardize; or (iv) to bring, assert or defend legal claims.

5.4. Right to data portability

The subscriber of the newsletter has the right to request that he / she receive the information provided to him / her in a machine-readable form. If technically feasible, you can request that the data be transferred to another data controller. In all cases, the right is limited to the data provided by the subscriber to the newsletter, there is no possibility of portability of other data. (eg statistics, etc.)

The subscriber of the newsletter has the personal data concerning him / her, which can be found in his / her Data Management System:

●    in an articulated, widely used, machine-readable format,

●    entitled to transfer to another data controller,

●    you can request the data to be transferred directly to another data controller - if this is technically feasible in Randstad's system.

Randstad will only fulfill your request for data portability upon written request by email or post. In order to comply with the request, it is necessary for Randstad to make sure that the person subscribing to the newsletter who is entitled to it actually wishes to exercise this right. Under this right, the subscriber to the newsletter can request the portability of the data he himself provided to Randstad. The exercise of this right does not automatically lead to the deletion of the data from Randstad's systems, so the subscriber to the newsletter will continue to be registered in Randstad's systems after exercising this right, unless you also request the deletion of your data.

5.5. Enforcement of the rights of the deceased Candidate by another

Within five years of the death of the subscriber to the newsletter, the deceased's lifelong rights, such as the right of access, rectification, erasure, limitation of data processing and data portability authorized person is entitled to enforce. If more than one such statement has been made by the deceased Randstad, the person named in the statement made at a later date may exercise these rights.

If the deceased has not made such a declaration, the rights of the deceased in life and specified in the previous paragraph may be asserted by a close relative of the deceased within five years after the death of the deceased (in case of several close relatives, a close relative entitled to exercise this right first).

A close relative of the Civil Code. 8: 1. § (1) 1) the spouse, the relative in the ascending line, the adopted child, the stepfather and the foster child, the adoptive parent, the stepfather and foster parent and the brother. The deceased's close relative must prove:

●    the fact and time of the death of the deceased concerned by a death certificate or a court order, and

●    proves his own identity and, if necessary, his status as a close relative by an authentic instrument.

The person enforcing the rights of the deceased is enforced during the enforcement of these rights, in particular against Randstad and before the National Data Protection and Freedom of Information Authority or in court. and under the Regulation, - have the rights and obligations of the deceased in life.

Upon written request, the data controller shall inform the close relative of the action taken, unless expressly prohibited by this in the deceased's statement.

5.6. Deadline for fulfilling the request

Data controller without undue delay, but in any case in accordance with 5.1-5.5. It shall inform the subscriber of the newsletter of the action taken within one month of receiving any request under point. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months, but in this case Randstad shall inform the newsletter within one month of receiving the request and indicate that it may lodge a complaint. to the supervisory authority and may exercise its right of judicial review.

If your request to the newsletter is clearly unfounded or excessive (especially in view of its repetitive nature), the Data Controller may charge a reasonable fee for fulfilling the request or refuse to act on the request. It is the responsibility of the Data Controller to prove this.

If the request has been submitted electronically by the subscriber to the newsletter, the information shall be provided electronically by the Data Controller, unless otherwise requested by the subscriber to the newsletter.

The Data Controller shall inform all recipients to whom he or she has communicated personal data of any rectification, erasure or restriction on the processing of personal data, unless this proves impossible or requires a disproportionate effort. At the request of the newsletter, Randstad will inform these recipients.

5.7. Compensation and damages

Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Regulation is entitled to compensation from Randstad or the data controller for the damage suffered. The data controller is only liable for damages caused by the data processing if it has not complied with the legal obligations specifically imposed on the data processors or if it has disregarded or acted contrary to Randstad's lawful instructions. The Data Controller or the data processor shall be released from liability if it proves that it is not liable in any way for the event that caused the damage.

6. ENFORCEMENT POSSIBILITIES

You can exercise your rights to subscribe to the newsletter by e-mail or by written request sent by post.

You will not be able to enforce your rights to subscribe to the newsletter if Randstad proves that you are not in a position to identify the subscriber to the newsletter. If your request to the newsletter is clearly unfounded or excessive (especially in view of its repetitive nature), the Data Controller may charge a reasonable fee for complying with the request or refuse to take action. It is up to Randstad to prove this. If Randstad has any doubts as to the identity of the natural person submitting the application, it may request additional information necessary to confirm the identity of the applicant.

Subscribing to the newsletter on the basis of Info.tv., the Decree and the Civil Code (Act V of 2013)

the. You can contact the National Data Protection and Freedom of Information Authority

 

b. You can assert your rights in court. The lawsuit - at the option of the Candidate - can also be initiated before the court of the place of residence

7. DEALING WITH PRIVACY INCIDENTS

A privacy incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal information that is transmitted, stored, or otherwise handled. Randstad maintains a record of monitoring the measures taken in connection with the data protection incident, informing the supervisory authority and informing the subscriber of the newsletter, which includes the scope of personal data involved in the incident, the number and number of persons involved, the date, circumstances, effects and measures taken. In the event of an incident involving data controllers, unless there is a risk to the rights and freedoms of natural persons, without undue delay,

8. OTHER PROVISIONS

The Data Controller reserves the right to unilaterally amend this Data Management Information with prior notice via the website www.randstad.hu, especially, but not exclusively, in the event of a change in legislation. The changes will take effect on the date specified in the notice against the subscriber of the newsletter, unless the subscriber objects to the changes.

If any person has provided the data of a third party in order to use Randstad's service, in the course of which he has caused damage in any way, the Data Controller is entitled to enforce compensation against the given person.

The effective date of this Privacy Notice is September 8, 2020.