Cloud Sales Assistant

Baltic Amadeus Rules for processing candidate personal data UAB "BALTIC AMADEUS" RULES ON THE PROCESSING OF PERSONAL DATA OF PARTICIPANTS IN PERSONNEL SELECTION 1. GENERAL PROVISIONS 1.1. Rules on the Processing of Personal Data of Participants in Personnel Selection (hereinafter referred to as the Rules) establish how UAB BALTIC AMADEUS (hereinafter referred to as the Company) processes the personal data of participants in personnel selection (hereinafter referred to as Candidates). 1.2. The Rules are prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the Regulation), the Law on Personal Data Protection of the Republic of Lithuania and other legal acts regulating the protection and processing of personal data. 1.3. These Rules are intended for Candidates to familiarize themselves with how their personal data is processed by the Company during and after the personnel selection process. They also establish requirements that must be followed by the employees of the Company's Human Resources Unit and People Development Managers responsible for organizing and conducting personnel selections. 1.4. These Rules are published on the Company's website and in the Company's job advertisements. 2. PROCESSING OF CANDIDATE PERSONAL DATA DURING PERSONNEL SELECTION 2.1. Candidates submitting their CV and/or other personal data to the Company for participation in the personnel selection process are provided with the information specified in Articles 13 and 14 of the Regulation regarding the processing of their personal data. This is done by including a link to these Rules and the Company's Privacy Policy in job advertisements. 2.2. If a Candidate is recommended by a friend who is already an employee of the Company, the recommending employee, in accordance with the Company's approved recommendation rules, before providing information to the Company must inform the proposed Candidate that the Candidate's personal data (name, surname, phone number, email address, recommended position, additional information such as a link to a LinkedIn profile, information about work experience, etc.) will be submitted to the Company and processed in accordance with these Rules and the Candidate's consent to being recommended must be obtained. 2.3. In conducting employee recruitment, the Company utilizes a personnel recruitment platform (hereinafter referred to as the System) managed by external service providers (data processors engaged by the Company). Candidates can submit their personal data in the System when applying for positions advertised by the Company or when receiving an invitation from the Company via email or a LinkedIn message. Before providing their personal data in the System, Candidates must familiarize themselves with the Privacy Policy and terms of use of the service provider managing the System. 2.4. The Company processes the personal data of Candidates on the basis of consent, expressed when the Candidate sends his/her CV and/or other data to the Company by email, LinkedIn message, when participating in a selection process conducted by a personnel search agency, or when the Candidate agrees to be recommended by a friend or submits data in the System. 2.5. The Company must have and maintain evidence that the Candidates have been informed about the processing of their personal data. 3. DATA PROCESSING OF CANDIDATES AFTER THE CONCLUSION OF THE PERSONNEL SELECTION 3.1. For those Candidates who participated in the Company's publicly announced personnel selection for a specific position but were not selected for employment, CVs, and/or other data may be stored for a period of 3 years after the end of the personnel selection if the Candidates have agreed to it. The possibility to consent to the processing of personal data after the end of the personnel selection is provided by informing the Candidate via email, LinkedIn message, or by providing a consent form via System. 3.2. If the Candidate has not given consent for data storage after the end of personnel selection process, his/her data is either destroyed (including data in paper form, email inbox, or other information storage media) or anonymized in a way that makes it impossible to identify the Candidate's identity, excluding a case defined in section 3.6. 3.3. The end of the personnel selection is considered to be the date of concluding an employment contract with the selected Candidate for a specific position or the end of the selected Candidate's probationary period (if specified). The personal data of Candidates who have not given consent for further storage is destroyed or anonymized until the end of the personnel selection. 3.4. Personal data of those Candidates who submitted their CV and/or other data without participating in the Company's publicly announced personnel selection for a specific position but intending for the Company to contact them in the future if a job opportunity arises, may be stored for a period of 3 years if the Candidates have agreed to it. The possibility to consent to the storage of personal data is provided by responding to the Candidate's request via email or LinkedIn message, providing a link to the Company's website where these Rules and Privacy Policy are published, or by providing a consent form via System. 3.5. The Candidate can withdraw the given consent for the storage of personal data at any time by notifying the Company in writing (via e-mail, LinkedIn message). 3.6. Based on legitimate interest as the legal basis for data processing and for the purpose of communication traceability, the Company has the right to retain and process the Candidate's personal data for 1 year after the end of the personnel selection in individual cases (e.g., if Candidates for the specific position are selected by the recruitment agency and the agency is entitled for compensation if the Company hires such Candidate within the defined period). 4. CATEGORIES OF PROCESSED DATA, PROCESSING PURPOSES, AND DATA SOURCES 4.1. The Company processes only those personal data of Candidates that are related to the Candidate's qualifications, professional abilities, and job-related characteristics, except as specified by law. Information about the Candidate's personal life, if not related to qualifications, professional abilities, and job-related characteristics, is not collected. 4.2. The Company processes the following personal data of Candidates: 4.2.1. Name, surname, email address, phone number, desired job position, information about education and work experience, qualifications, CV, content of the motivational letter, comments provided by the Candidate, other information submitted by the Candidate, e.g., links to social media accounts, Candidate profiles and examples of work on the internet, etc.; 4.2.2. Recommendations, feedback from previous employers, contact persons personal data, their contacts, and the content of the feedback are identified; 4.2.3. Candidate evaluation information, i.e., insights and opinions of the person(s) conducting the selection, results of Candidate testing, answers to questions, task solutions, etc. 4.3. The Company does not process special categories of personal data (sensitive data) or data about criminal convictions of Candidates, except when such data is necessary to verify whether a person meets the legal requirements applicable for the specific position or work, and except in other cases provided by legislation. 4.4. Special (sensitive) personal data, which cannot be processed without the legal basis specified in the applicable law, includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership in trade unions, as well as genetic data, biometric data for the purpose of uniquely identifying a person, health data, or data about a person's sexual life and sexual orientation. 4.5. The Company may check the Candidate's profile on the professional social network LinkedIn and the information published there. To ensure the Candidate's privacy and objectivity of evaluation during the personnel selection, the Company does not proactively check data on the Candidate's Facebook, Twitter, and other personal social media accounts unless the Candidates provide links to their profiles in specific social networks. 4.6. The personal data of Candidates defined in point 4.2 of the Rules can be processed by the Company for the following purposes: to identify the Candidate, communicate with the Candidate through communication channels, assess the Candidate's qualifications, experience and suitability for a specific job position. 4.7. The Company receives Candidates' personal data, such as CVs, Candidate questionnaires, and/or other application documents (motivational letters, etc.), directly from Candidates through the following channels: e-mail and/or LinkedIn messages, through the System. 4.8. The Company may also obtain information about the Candidate, including their CV and/or other application documents, from the System, as well as from entities providing job search, recruitment, and/or intermediary services, such as recruitment agencies, online job search portals, specialized career social networks and recommendations. 4.9. The Company may collect Candidates' personal data related to qualifications, professional abilities, and job-related characteristics from the Candidate's current employer, having obtained the Candidate's consent beforehand. Consent may be obtained via e-mail, LinkedIn message, or any other method allowing for the preservation of evidence of consent. 4.10. The Company has the right to collect Candidates' personal data related to qualifications, professional abilities, and job-related characteristics from the Candidate's previous employers without the Candidate's consent, only by informing the Candidate about this source of information. 5. DISCLOSURE OF CANDIDATE DATA TO THE THIRD PARTIES 5.1. The Company may disclose the Candidate's data to third parties (for example, the Company's clients in whose projects the potential Candidates might be involved) only after informing the Candidate in advance. 5.2. Following the requirements of data protection laws, the Company enters into data processing or transfer agreements with all third parties that the Company may utilize to conduct personnel selections and to which access to Candidates' personal data may be granted (e.g., managers of personnel management platforms, recruitment agencies, etc.). This includes signing standard terms for the processing of personal data or applying other measures specified in Chapter V of the Regulation if personal data are to be transferred to data recipients or processors in third countries outside the European Economic Area. 5.3. Data processing agreements are also concluded with any other service providers who would have access to Candidates' personal data, such as IT or server service providers, system administrators and other assisting service providers managing personal data according to the Company's instructions. 5.4. Candidate personal data may also be disclosed to competent authorities or law enforcement agencies (e.g., law enforcement institutions or supervisory authorities) but only upon their legal request justified by applicable laws, or in cases provided by laws and following the procedures required to ensure the rights of the Company, the security of clients, employees, and resources, or to assert legal claims and defend legitimate interests of the Company. 6. FINAL PROVISIONS 6.1. The Rules are reviewed and, if necessary, updated in accordance with changes in data protection laws or their implementation practices, as well as changes in the Company's data processing practices, but no less frequently than once a year. 6.2. These Rules and their amendments are approved by the order of the Chief Executive Officer of the Company. 6.3. All employees of the Company's Human Resources Unit and People Development Managers are formally familiarized with these Rules in writing. 6.4. For any questions related to the processing of Candidates' personal data, it is recommended to contact the Company in writing at the email address dpo@ba.lt.

I have read and accept Baltic Amadeus Rules for processing candidate personal data.

TRAFFIT Privacy Policy Declaration Traffit sp. z o.o. with headquarters in Gdynia (the Company) provides services consisting in providing access to an IT system for storing and processing personal data for the purposes of recruiting candidates by entities that express interest in such a service and by the candidates themselves (TRAFFIT System ). The Companys Privacy Policy contains information on how information about is collected, processed and used entities that use the TRAFFIT System access service (the Service Recipient), TRAFFIT System users on behalf of the Service Recipient (System Users) and persons whose data is processed by the Company as the administrator or the processing entity entrusted with their processing, ( Candidates ). The company strives to protect the privacy of persons whose data is processed using the TRAFFIT System. The Company ensures also that it strives to comply with the applicable law provisions especially those, which protect the privacy of the Service recipients, System Users and Candidates. The Companys goal is also to properly inform Service Recipients, System Users and Candidates about the matters related to the processing of personal data, especially regarding the content of new provisions on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (GDPR) and the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018.1000 as amended). For this reason, in this document, the Company informs about the legal basis for the processing of personal data, the methods of collecting and using it, as well as the rights of data subjects related to it. General Provisions The TRAFFIT system is used to conduct recruitment processes, so its main feature is the use of personal data or other data (including CV files and other) that are entered by System Users or Candidates. Please read the Privacy Policy thoroughly before using the TRAFFIT System and before sharing and entering data. If the Service Recipient or System User does not agree to the rules for the processing of personal data by the TRAFFIT System or the collection of their data or does not intend to entrust the processing of personal data of Candidates in such a way as indicated in this Policy, please refrain from using the TRAFFIT System. Each Service Recipient and System User and the Candidate using the System shall accept the principles specified herein. Accurate company details and contact details> Traffit limited liability company in Gdynia Al. Zwycięstwa 96/98. 81-455 Gdynia KRS: 0000500186 NIP (Tax Identification Number): 5862288562 REGON: 222042972 In case of any doubts regarding the processing of personal data or violation of privacy, please contact the data protection officer at the email address: help@traffit.com What is personal data and what does processing mean? Personal data shall be understood as all information about an identified or identifiable natural person. The processing of personal data is basically any activity on personal data, regardless of whether it is performed in an automated manner or not, e.g. collecting, storing, recording, organizing, modifying, viewing, using, sharing, limiting, deleting or destroying. The Company processes personal data for various purposes, and depending on the purpose, different collection methods, legal grounds for processing, use, disclosure and storage periods may apply. Types of data collected In the course of its activity, the Company processes the data of Service Recipients and contact persons of Service Recipients, Users of the TRAFFIT System and Candidates. Data of Service Recipients and System Users For the purpose of providing services related to the use of the TRAFFIT System, the Company processes the necessary data of Service Recipients, System Users and other contact persons indicated by the Service Recipient enabling contact by the Company (name, surname, position, email address, telephone) and documenting cooperation in accordance with applicable tax law. The Company is the controller of the data of Service Recipients, System Users and contact persons, to the extent referred to in the previous sentence. The data of Service Recipients, System Users or other contact persons on behalf of the Service Recipient is entered by them in the process of setting up and later use of the account. The data is processed on the basis of art. 6 it. 1 let. b) (processing is necessary to perform the contract to which the party is the data subject or to take action at the request of the data subject before the conclusion of the contract) and let. f) (processing is necessary for purposes resulting from legitimate interests pursued by the administrator or by a third party) of the GDPR Regulation. Whenever the Company processes personal data based on the legitimate interest of the data controller, it analyzes and balances the potential impact on the data subject (positive and negative) and the rights of that person under the provisions on the protection of personal data. The company does not process personal data on the basis of a legitimate interest if it comes to the conclusion that the impact on the data subject would outweigh its interests (then it may process personal data if, for example, it has the appropriate consent or is required or permitted by law) ). Data of other persons remaining in the Service Recipients organization The TRAFFIT System allows Users of the System to enter personal data (name, surname, position, email address, telephone number and other, indicated by the Service Provider) of persons involved in recruitment processes who are not persons contacting the Company. The data of such people is processed by the Service Recipient for internal needs, and the Company has only been entrusted with such data processing as part of providing the TRAFFIT System. The administrator of the data of the Service Recipients employees entered by him for the purposes of using the TRAFFIT System is the Service Recipient who has a valid contract for entrusting the processing of personal data concluded with the Company. Data of Candidates Candidates data is processed by the Company in two ways. The TRAFFIT system is used in particular for the collection and processing of data of Candidates by the Service Recipients for the purposes of conducting recruitment processes by a given Service Recipient. With its help, System Users gain systematic and largely automated access to this data. The candidates data is entered by System Users, downloaded by them from social networks or from connected System Users email boxes. It should be remembered that the Service Recipient is the sole administrator of the candidates personal data, its processing by the Company takes place only to the extent entrusted by the Service Recipient, and the TRAFFIT System is only an application that improves the storage and processing of data by the Service Recipient and the System Users acting on its behalf. Service providers are responsible for the fact that there is a basis for processing personal data. In the scope of data from CVs of Candidates automatically downloaded by the TRAFFIT System from emails sent to e-mail boxes connected by the System User, the Company shall examine whether the Candidates have consented to the processing of their personal data by the Service Recipient for the purposes of recruitment. The TRAFFIT system is an open system that allows any personal data to be entered by Service Recipients who are administrators of the personal data entered. Notwithstanding the above, the Company: requires the Service Recipients to process personal data in accordance with applicable law and checks whether personal data that violates applicable law is being processed. Notwithstanding the above, the Company has introduced the functionality of the TRAFFIT System consisting in the possibility for the Candidates themselves to enter their personal data into the system. In this case, the Company is the administrator of personal data entered by the Candidate, and the processing of this data, including its disclosure to interested employers, is based on the consent given. The Candidates consent is voluntary and may be withdrawn at any time. Entities familiarizing themselves with the data of the Candidates stored in this part of the TRAFFIT System are to inform about the need to inform the Candidates about any further processing. Use of data from the TRAFFIT System entered by the Customers The Company guarantees that the data of the Service Recipient, System Users and Candidate data entered by the System Users in the TRAFFIT System remains the sole property of the given Service Recipient and its data set, and will not be used by the Company for any purpose with the exceptions indicated below. The only exception is the need to document the cooperation of the Company with the Service Recipient in accordance with the applicable tax law and contact by the Company with the Service Recipient and System Users or other contact persons indicated by the Service Recipient in order to provide services of using the TRAFFIT System by the Company or to propose the extension of the scope of these services. The second exception is the use of data sets after their full anonymization and removal of any references to Service Recipients, only for statistical purposes related to work on improving the TRAFFIT System carried out by the Company. Subject to the rights of the data subjects resulting from legal provisions, the Service Recipient remains the sole controller of all data entered by it and the System Users acting on its behalf into the TRAFFIT System. Use of data from the TRAFFIT System entered by the Customers Data entered into the TRAFFIT System by the Candidates themselves into the part of the system intended for them is stored, systematized in order to facilitate their search and made available to interested employers looking for suitable employees. The company (except for the deletion of data) does not carry out other operations on this personal data. The company guarantees that the candidates have agreed to share their personal data with employers and provides the opportunity to withdraw their consent at any time. Employers who collect the data made available by the Candidates in the TRAFFIT System become their administrators and are responsible for their further lawful processing. Use of Google User data in TRAFFIT System The way Traffit accesses, uses, stores or shares Google user data. TRAFFIT use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Google usage of data is limited to the following functionalities: 1. A customer can integrate users emails thanks to GMAIL REST API. Traffit does not save password, but it uses integration token for synchronization. 2. While Gmail boxes integration a user needs to choose folders for synchronization. Traffit saves chosen folders and emails in our database. 3. A user can send emails with attachments. 4. A user can set backward synchronization by giving the number of days from which emails need to be integrated. 5. Only a user who added an integrated inbox has access to it. 6. A user can browse and look for the content in the synchronized folders. 7. A user can remove the integrated boxes and folders from Traffit (our database) at any time. 8. The system checks every 8 minutes if there are new mails in the integrated folders. If so, new emails are synchronized and visible in Traffit. 9. All of the above functionalities require the use of the following scope: gmail.readonly, gmail.send. Voluntary provision and processing of data Each time the System User has the opportunity to decide what data he/she wants to enter into the TRAFFIT System, taking into account the functionality of the system. The Company is not responsible for the content, legality and truthfulness of data entered into the TRAFFIT System by System Users and Candidates or data downloaded from the System Users e-mail boxes in accordance with the Service Recipients decision. Access logs In order to continually improve the provision of services, the Company collects information on the use of the TRAFFIT System by its Users and their IP addresses based on access log analysis. We use this information in diagnosing server-related problems, analyzing possible security breaches, and managing a website. Based on the information obtained in the above manner, in specific cases, aggregate general statistical summaries may be prepared solely for the Companys own needs. These statements do not contain any data enabling identification of a given user of the TRAFFIT System. Rights of Data Subjects In connection with the processing of personal data, the Company enables the implementation of the following rights of data subjects: a) the right to access the data content: the data subject has the right to obtain information whether his personal data is processed, and if so, he has the right to obtain the following information: purpose of processing; categories of personal data processed; information on recipients or categories of recipients to whom his data has been or will be disclosed, in particular recipients in third countries; the planned period of storage of personal data or criteria for determining this period; rights granted under the GDPR Regulation in connection with the processing of personal data, including the right to lodge a complaint with a supervisory authority; about the source of personal data; on automated decision making in this profiling; on safeguards used in connection with the transfer of personal data to third countries. In addition, you have the right to obtain a copy of personal data that the Company processes. b) the right to rectify data: the data subject has the right to request the rectification of personal data if it is incorrect or to supplement it if it is incomplete. c) the right to delete their data (right to be forgotten): the subject of personal data may request their removal. The right to delete data is available if: the data is no longer necessary to achieve the purposes for which they was collected, the entity withdrew consent to the extent that the processing of data was based on consent, the data subject has objected to the processing of personal data, personal data is processed unlawfully. The request to delete personal data does not apply to the extent that further processing is necessary to determine, pursue or defend claims, including in particular: name and surname, e-mail address and correspondence address. d) the right to limit data processing: the subject of personal data has the right to request the restriction of the processing of personal data, in the following cases: when it questions the correctness of personal data the restriction of the processing of personal data will take place for a period allowing checking their correctness, when the processing is unlawful, and at the same time opposes the deletion of data, instead demanding a restriction of their processing, when the data is no longer needed to achieve the purposes for which they was collected and processed, but the personal data subject needs it to assert, determine or defend their claims, when the subject of personal data has objected to the processing of data the restriction of data processing will occur until it is determined whether the grounds of objection outweigh the legal grounds for further processing of personal data. e) the right to object to the processing of personal data: the data subject has the right to object to the processing of his personal data at any time. f) data transfer rights: to the extent that data is processed on the basis of consent or an ongoing contract, the data subject has the right to obtain personal data concerning him for the purpose of transferring to another entity or to have the Company transfer this data directly to another entity (if it is technically possible). g) the right to lodge a complaint to the supervisory body: the subject of personal data has the right to complain to the supervisory body (the President of the Office for Personal Data Protection). h) the right to withdraw the consent given to the processing of personal data to which the consent related: the subject of personal data has the right to withdraw the consent given to the processing of personal data at any time. Withdrawal of the consent will not affect the lawfulness of processing before its withdrawal. The Company will inform the Service Recipients who entrusted the processing of such data about the request to rectify, delete or limit the processing of the entitys personal data. The request will be considered without undue delay, however it may depend on the actions of the Service Recipient the administrator of this data. If the above rights are exercised, the Candidate may not be able to participate in the recruitment processes conducted by the Customers. Information security, limited use The Company makes every effort to ensure the security of the information regarding System Users and Candidates in the TRAFFIT System. Any data entered by Users of the TRAFFIT System may be used by the Company only after their anonymization and only for the purpose of the Companys internal work on improving the TRAFFIT System in the scope related to the handling of this type of data. Data entered by Users of the TRAFFIT System is not transferred by the Company to other entities in any way. The exceptions are only: (a) the transfer of this data to other entities obliged to maintain confidentiality for the purpose indicated in the previous paragraph (development of the TRAFFIT System in the scope related to the handling of such data), (b) the transfer of this data to authorized bodies on the basis of mandatory provisions rights, or (c) transfer of data as part of a business combination or acquisition of the entire enterprise of the Company. Otherwise, the transfer of data is not allowed. Data entered independently by the Candidates may be made available to potential employers having access to the TRAFFIT System in accordance with the consents granted by these Candidates. Access to personal data in the TRAFFIT System is restricted to persons from the Companys staff for whom it is necessary to provide the service and only to the extent required by the tasks entrusted to them. This access takes place only in the following cases: (a) to provide technical support to the System User with his consent, (b) for the purpose of ensuring data security (e.g. in the case of considering security breaches), (c) to fulfill the obligations arising from mandatory provisions of law, or (d) to use aggregated and anonymized data for internal purposes of the Company. The company makes efforts to minimize the number of people who participate in the processing of personal data and to ensure full confidentiality of this data. Change of Privacy Policy The Company reserves the right to change the Privacy Policy in whole or in part. The new wording of the Policy has been effective since its publication on the Companys website. The current wording of the Privacy Policy applies from April 1, 2020.