Candidate Privacy Policy

Under the pro­vi­sions of the General Data Pro­tection Reg­u­lation (GDPR), we present below our Can­didate Privacy Policy regarding the pro­cessing of your per­sonal data. The purpose of this doc­ument is to make you aware of how we collect data, the purpose of their use, how to control access to them, but also other important issues. Our Policy also con­tains aspects regarding your rights, which you can exercise according to the law as a data subject. This policy is pri­marily aimed at can­di­dates who are inter­ested in vacancies in Heaven Solu­tions.

I. How Heaven Solu­tions 2005 SRL process your per­sonal data

The col­lection of your per­sonal data in the recruitment process is done directly when you are inter­ested in a job available at Heaven Solu­tions 2005 SRL and send us your CV. We may also obtain other infor­mation about you during inter­views or through CV and referral checks (including public or third-party sources) under legal require­ments.

II. The purpose of col­lecting and pro­cessing your per­sonal data

Heaven Solution 2005 SRL will process your per­sonal data only for the main purpose of the recruitment and selection process, with the fol­lowing addi­tions:

  • The recruitment and selection process includes: com­mu­ni­cation with the can­didate, ver­i­fi­cation and/or eval­u­ation of the candidate’s CV and ref­er­ences, inter­views, and assess­ments;
  • If your appli­cation is accepted and we will start the hiring process (accepted can­di­dates), the data will be used in the onboarding process within Heaven Solu­tions 2005 SRL;
  • If your appli­cation is rejected and we do not con­tinue the recruitment process at that time (unac­cepted can­di­dates), then we will keep your resume for a limited period to inform you of other job oppor­tu­nities, existing within Heaven Solu­tions 2005 SRL. At the same time, we will keep this data to exercise our right of defense in case of legal actions or com­plaints against us. You can always object to this and inform us (see Chapter VII. Your rights)

III. Cat­e­gories of per­sonal data process by Heaven Solu­tions 2005 SRL

Heaven Solu­tions 2005 SRL col­lects and processes the fol­lowing cat­e­gories of per­sonal data, present both in the CV and as a result of the recruitment and selection process (eg interview):

  • Iden­ti­fi­cation and contact details: name, surname, phone, address, email
  • Dif­ferent per­sonal data con­tained in CV, pro­vided by you, such as birth­place, nation­ality, gender, etc.
  • Data related to pro­fes­sional life: pre­vious jobs, employers, desired jobs, career prospects, desired salary, and other ben­efits, etc.
  • Data related to studies, qual­i­fi­ca­tions, expe­ri­ences, ref­er­ences
  • Data related to the eval­u­ation of can­di­dates (including interview notes, screening, pre­vious data held, as appro­priate)
  • Data about the cor­rectness of CV and ref­er­ences pro­vided by you, under applicable law

The pro­cessing of per­sonal data is carried out on the legal basis of the legit­imate interest of Heaven Solu­tions 2005 SRL, ensuring that our actions do not prevail over your rights and freedoms, your consent (where applicable), and/or per­for­mance of the con­tract (relating to actions ) pro­cessing carried out before the con­clusion of the employment con­tract).

IV. Retention of your per­sonal data

In accor­dance with internal policies and applicable law, Heaven Solu­tions 2005 SRL will keep your per­sonal data for a limited time (maximum 5 years) to contact you for other future oppor­tu­nities. At the end of this period, your data will be deleted. The only exception to the deletion of per­sonal data is the iden­ti­fi­cation of another legal basis for data pro­cessing and pur­poses com­patible with the original ones. During this period, if you do not want Heaven Solu­tions 2005 SRL to keep your data in the database, please inform us by email at careers@heavensolutions.com, and Heaven Solu­tions 2005 SRL will delete your per­sonal data.

V. Dis­closure of per­sonal data to third parties

Heaven Solu­tions 2005 SRL will ensure that the security of per­sonal data is main­tained (access being con­trolled and min­i­mized) regardless of who the third parties are and where they are located and that the transfer of per­sonal data, including outside the EU / EEA, if nec­essary, is per­formed taking into account the applicable leg­is­lation in force (eg ade­quacy deci­sions, standard con­tractual clauses approved by the European Com­mission, Privacy Shield).

VI. Per­sonal data security

Heaven Solu­tions 2005 SRL is respon­sible for the pro­tection of your per­sonal data. Thus, Heaven Solu­tions 2005 SRL con­stantly ensures that all IT systems, as well as all the tech­nical and orga­ni­za­tional mea­sures we implement, are in accor­dance with a well-estab­lished infor­mation security system. At the same time, only autho­rized per­sonnel (who signed a con­fi­den­tiality com­mitment) has access to your per­sonal data.

VII. Your rights regarding the use of your per­sonal data

Given the current leg­is­lation, you have certain rights that you can exercise to ensure that your data is used properly:

  • The right to be informed about how we use your data (this policy is an example in this regard)
  • The right to have access to the data that Heaven Solu­tions 2005 SRL holds about you. Thus, you can ask us for infor­mation about the per­sonal data we hold about you (see Chapter X Contact details).
  • Right to rectify per­sonal data — please contact us if you notice that the data recorded is incorrect or is not up to date
  • The right to delete (the right to be for­gotten) per­sonal data con­cerning you
  • The right to object to the pro­cessing of per­sonal data;
  • The right to withdraw your consent to the pro­cessing of per­sonal data is valid when you have pre­vi­ously given such consent. With­drawal of consent will not affect the law­fulness of data pro­cessing based on consent given before with­drawal (GDPR, Article 7)
  • The right to data porta­bility
  • The right to not be subject to auto­mated deci­sions and pro­filing. In this regard, we inform you that Heaven Solu­tions 2005 srl does not carry out auto­mated decision-making processes that target your per­sonal data
  • The right to go to court or to file a com­plaint at the National Authority for the Super­vision of Per­sonal Data Pro­cessing, if you find that one of your rights has been vio­lated (in this regard, you can download a standard form from the website www.dataprotection.ro)

VIII. Changes to this Can­didate Privacy Policy

Heaven Solu­tions 2005 SRL reserves the right to modify this Can­didate Privacy Policy whenever nec­essary and under leg­islative changes and business needs. In this regard, to be up to date with all the infor­mation regarding the pro­cessing of your per­sonal data, it is rec­om­mended to peri­od­i­cally consult this doc­ument, dis­played on our website.

IX. Contact data

For any requests you may have regarding the exercise of the rights men­tioned above and to address any other ques­tions regarding the pro­cessing of per­sonal data by Heaven Solu­tions 2005 SRL , please contact us:

Heaven Solu­tions 2005 SRL
Street Vasile Pogor, nr. 6 Iași, 700110 Romania
E-mail: careers@heavensolutions.com

Glossary of terms used:

*Per­sonal data is any infor­mation that refers to an iden­tified or iden­ti­fiable natural person. There are also per­sonal data, the dif­ferent infor­mation that can lead to the iden­ti­fi­cation of a certain person. Per­sonal data that has been anonymized, encrypted or pseu­do­nymized, but can be used to re-identify a person remains per­sonal data and is covered by the RGPD.

*Pro­cessing means any oper­ation or series of oper­a­tions per­formed on per­sonal data or per­sonal data sets, with or without the use of auto­mated means, such as col­lecting, recording, orga­nizing, struc­turing, storing, adapting or mod­i­fying, extracting, con­sulting, using, dis­closing by trans­mission, dis­sem­i­nation or making available in any other way, alignment or com­bi­nation, restriction, deletion or destruction.

*Consent means a free, specific, informed, and unam­biguous expression of the data subject’s consent by which he or she unequiv­o­cally accepts that per­sonal data con­cerning him or her are being processed.

*GDPR stands for EU Reg­u­lation no. 679/2016 applicable from 25 May 2018 throughout the EU and in any other state in the world where per­sonal data of EU cit­izens are used.

Last updated: March 2021