Privacy policy

Your Data is processed by CIVITTA group companies (“we”, “us”, “our”, “CIVITTA”, “Company”). CIVITTA jointly manages your Data. Contact details of the CIVITTA offices can be found here.

Data collected by us are processed in accordance with the rules set out in the Data protection regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and local regulations issued on the basis of GDPR. We keep the Data confidential and secure it against unauthorized access by third parties in accordance with the rules set out in the legal acts mentioned above.

This Privacy Policy applies to all your Data collected by the Company, whether through CIVITTA website or by any other means. If your local legislation requires so, this Privacy Policy may be amended by local specifications.

CIVITTA website may contain links to the websites of our partner networks and/or affiliates. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

This Privacy Policy may occasionally be updated. Please refer to the latest version online.

Effective as of 30 October, 2023

When receiving an application in response to an open position or a spontaneous application at CIVITTA group companies (“we”, “us”, “our”, “CIVITTA”, “Company”) we process personal information about you (“Data”). It is done in order to evaluate the adequacy of your profile and skills with our human resources needs.

In this context, we protect your Data and privacy by taking all relevant measures in accordance with applicable legislation, including the EU Regulation 2016/679 – known as General Data Protection Regulation (GDPR).

This Privacy Policy describes how CIVITTA collects, processes and uses your Data, how we ensure its protection and which privacy rights are granted to you by law.

1. Data we collect from You 

We collect your Data in a variety of ways. Sometimes we collect Data automatically when you interact with our website, and sometimes we collect Data directly from you when you are filling the Application form on our website.

1.1. Data you provide to us directly

We collect and process your Data in order to ensure the effective management of our recruitment process. This Data is mostly provided by you when applying for a vacant position or when sending a request in this regard. 

When carrying out our recruitment procedures, we process several categories of Data. This Data is extracted from the documents provided to us by You, mainly your curriculum vitae (“CV”) and cover letter. Due to the freedom of format for these two documents, the categories of Data process may include but are not limited to: 

• General information (name, surname, home address, phone number, email, signature, marital status, nationality);
• Education (attended education institutions, examinations and evaluation information);
• Professional experience (past employers, contact and data of past job references);
• Specific skills: (IT skills, languages are spoken and proficiency);
• Video surveillance and access to our premises (video image/biometric data);
• Written evaluation test information (answers, total score);
• Publicly available information (information from social networks, newspapers, online published information).
  

1.2  Data we collect automatically

When you access our website, we may automatically collect the following Data:

• Device information (device model, information about the operating system and its version, unique device identifiers, enabled device accessibility features, mobile operator and network information, device storage information, version of your device system);
• Location information (IP address, time zone, information about your mobile provider);

Data about your use of the website (including, among others, frequency of use, areas and features of the Website that you access, visit or use, engagement with particular features).

To collect this and other information, we may use cookies and other tracking technologies. See more in our Cookie Policy.

We may request additional Data further along the hiring process, mainly in relation to the steps in the evaluation process (e.g. written tests, interviews).

Special categories of Data

Special categories of Data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

For evaluation purposes, CIVITTA uses sensitive categories of Data only for the purposes of ensuring equality of opportunities. However, as mentioned above, because of the free-format aspects of the application process, documents sent by You may contain certain categories of sensitive Data. The processing of such type of information is unnecessary and we advise applicants to limit the use of such categories of Data.

In other cases, we will process this type of Data only in limited cases, always within the framework of a solid legal basis, mainly to guarantee the security of our premises during written and oral evaluations (by collecting video-surveillance data).

2. How we use your Data

We will not collect and process your Data without letting you know. We process your Data based on one or more of the following legal bases:

1. Your consent. For example, on the website Application form when You give us your consent to process your Data.
2. Legitimate interest. We may process your Data in relation to our interests for the stated purpose, and this does not override yours. For example, to assess the adequacy of your profile and skills with our present human resources needs, to inform You about the status of your job application, to evaluate your capacities to perform the required tasks etc.
3. Legal obligation. We may be obliged to process some of your Data to comply with applicable laws and regulations.

The pursuit of legitimate interest will be the main legal basis used in relation to applicants. However, it can have a relatively broad interpretation. Therefore, to bring clarity on this aspect and to let you know what to expect, we consider our legitimate interest to be:

• Employment of qualified candidates;
• Projecting a positive external image for CIVITTA;
• Improvement of the quality of our services;
• Exchange of information between the different CIVITTA entities (intra-group transfers).

Moreover, we will also have a valid legal basis when we:

• require processing your Data to protect your or another person’s vital interests;
• need to carry out a task in the public interest or in the exercise of official authority vested in us.

We will only use your Data for the above-listed interests as long as they are not overridden by your interests and fundamental rights. In this regard, each time any of these legal bases will be used, we will make a balancing test between this interest and your rights and liberties, in order not to limit disproportionately the latest.

3. Principles of processing 

3.1. Data minimization and purpose limitation

We will not process your Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Data that is not needed for the mentioned purposes. For any new purpose of processing we will ask your separate consent. 

3.2. No sale of Data

We will not sell or rent your Data. We will not disclose your Data except as otherwise described in this Privacy Policy. We may share your Data between CIVITTA Group Companies (intra-group transfers) solely as described in this Privacy Policy. 

4. Storage, retention and erasure of Data

CIVITTA ensures that your Data is stored in a centralized and organized manner, namely in the relevant human resources internal information systems and in our administrative cloud accounts. Your Data may also be stored on secure corporate email accounts, as a result of intra-group data transfers. Moreover, we also store relevant documents (e.g. CVs, cover letter) in a paper-based form in adequate physical storage spaces.

We ensure its security by implementing a thorough access rights system, which ensures that only the authorized and relevant personnel can access it uniquely for lawful and clearly defined purposes.

Our retention periods are based on several well-defined criteria. Therefore, the data will be stored for as long as we are actively pursuing one of the purposes enumerated above and while we have a valid legal basis to do so.

After the expiration of the purposes, your Data will be stored solely for the purpose to respond to pending or potential litigations.

Uniquely with your consent, we can also store your Data in order to contact you if a similar vacant position is available.

5. International Data transfers

In the course of our activities, your Data may be transferred within our group of companies (CIVITTA intra-group transfers).

5.1. Intra-group transfers of Data

CIVITTA is composed of several legal entities, forming what is called a group of undertakings. With your consent, we can share your Data with other companies, part of this group of undertakings, in case your profile might respond to human resources needs from those entities.

CIVITTA develops a holistic approach in protecting the Data of applicants, therefore ensuring that you will benefit from the same guarantees and rights for the whole group.

5.2.Trans-border transfers outside the EEA

Due to the international structure and reach of our activities, part of our operations and clients can be situated outside the European Economic Area (EU member states + Iceland, Norway and Liechtenstein). Therefore, we may transfer your Data outside the EEA to countries without an adequacy decision from the European Commission.

To mitigate and ensure an EU-level of data protection, CIVITTA uses Standard contractual clauses approved by the European Commission for all our trans-border transfers, which constitute a GDPR-compliant adequate safeguard for such operations.

6. Your privacy rights

6.1. Access to your Data (including in portable form)

You have a right to request information about what Data we process about you, to access all your Data, and receive a copy of it. You can obtain information about how long we store your data and who receives data about you. Your right of access may, however, be restricted by legislation, protection of other persons’ privacy and considerations for our business and practices. Our know-how, business confidential data, as well as internal assessments and material may also as such be exempt from the right of insight.

If we use data based on your consent or as a result of an agreement, and the data processing is automated, You have a right to receive the copy of the Data You have provided in an electronic machine-readable format.

6.2. Correction and erasure of your Data

If you believe that your Data is inaccurate, you have a right to contact us and ask us to correct such Data.

You may ask us to erase your Data if you withdraw your consent to processing, if you believe such processing is unlawful.

6.3. Restriction of Processing

You have a right to request that the processing of your Data be restricted in some circumstances. For example, you have the right to request the restriction of your Data if you contest the accuracy of your Data and we need some time to verify its accuracy.

6.4. Right to object to the processing of your Data

You have the right to object against CIVITTA processing your Data when we invoke our legitimate interest for such an operation, when we carry out a task in the public interest or for direct marketing purposes by contacting the person you usually deal with at CIVITTA.

6.5. Automated individual decision-making

You also shall have the right to object to a decision based solely on automated processing, including profiling. In these situations, CIVITTA will guarantee suitable measures to safeguard your rights, mainly the right to human intervention when reviewing such cases.

You will be notified if any automated decision-making is performed in relation to your Data.

6.6. Withdrawal of consent

If we process of Data based on your consent, you can withdraw your consent to disclose Data at any given time. Please also note that we will continue to use your Data if we have to fulfill a legal or contractual obligation.

7. Accuracy and updating your Data

We will update your Data continuously during the period it is stored in our database. This is done for internal organization purposes and in order to permit better adequacy between our client’s needs and requests and your skills. In this regard, it is possible for you to update your data by notifying the Human Resources representative by [email protected].  

8. Updates to this Privacy Policy

We reserve the right to change this Policy from time to time by posting an updated version on our website. If substantial changes are made that may significantly influence your rights or increase your responsibilities, we will notify you by email. We may provide notice of changes in other circumstances as well. We encourage you to periodically review this page for the latest information on our privacy practices.

9. Complaints

If you are concerned about an alleged breach of privacy law or any other regulation by CIVITTA, you can contact the person you usually deal with at CIVITTA or by email – [email protected]. CIVITTA will investigate your complaint and give you information about how it will be handled.

Also you have a right to lodge a complaint with the relevant Data Protection Authority in your country. Please contact the person you usually deal with at CIVITTA or by email – [email protected], CIVITTA will guide you to what State data Protection Inspector you should lodge your complaint.

10. Contact us

You are always welcome to contact us as if you have questions about your privacy rights and how we collect and use Data by contacting the person you usually deal with at CIVITTA or by email – [email protected].

Please note that we may require proof of your identity and full details of your request before processing it. The data will only be used to verify your identity and will not be stored for longer than needed for this purpose.

We will reply in a reasonable delay, in accordance with the applicable regulations.

Effective as of 30 October, 2023

Along with your business collaboration with CIVITTA group companies (“we”, “us”, “our”, “CIVITTA”, “Company”) we process personal information about you as an external expert or a client (“Data”), depending on the essence of our business relationship.

The term “client” encompasses clients, represented by a natural person (individual entrepreneurs) and the employees and representatives of legal entities with whom we enter into business relations. The processing of Data takes place in order to establish and manage operations and obligations towards you as a software development company.

The term “external expert” encompasses natural persons, which collaborate with us directly for the purpose of business development or project delivery, or employees and representatives of legal entities with whom we enter into such kind of business relations.

We protect your Data and privacy by taking all relevant measures in accordance with applicable legislation, including the EU Regulation 2016/679 – known as General Data Protection Regulation (GDPR).

This privacy notice describes how CIVITTA uses your data, how we ensure its protection and which privacy rights are granted to you by law.

1. Data we collect from you

In certain situations, you may provide us with data (e.g. in the form  of databases) in order to deliver a service for You. Data categories and purposes can vary according to the information contained in these databases. Therefore, in these situations, CIVITTA will become a processor and will need specific instructions from you in order to process this data (e.g. in the form of a data processing agreement).

We collect Data about you in a variety of ways. Sometimes we collect Data automatically when you interact with our Website, and sometimes we collect the Data directly from you.

1.1. Data you provide us directly

We collect and process your Data in order to ensure our day-to-day business activity. This data is mostly provided by you when entering into a business relationship with us. The Data will be generated and requested further along our contractual or informal cooperation, always in relation to a specific and well-defined purpose.

The amount of Data will vary depending on the purpose of our cooperation with you, but in most cases will include the following categories:

• General information (name, surname, position, phone number, email, signature, company name and company information (which you represent); bank account number);
• Historical data of our cooperation (the history of requests, projects performed together and feedback; results of our cooperation (project documentation, proposals etc.);
• Social aspects and publications: (photo and contact information publication on our official website and social networks);
• Data collected resulting of video surveillance in our premises (video image, time and location in our premises);
• Data for tender applications (solely for external experts): (work experience, company name, project experience, education, languages). 

1.2. Data we collect automatically

When you access our website, we may automatically collect the following information:

• Device information (device model, information about the operating system and its version, unique device identifiers, enabled device accessibility features, mobile operator and network information, device storage information, version of your device system);
• Location information (IP address, time zone, information about your mobile provider);
• Data about your use of the Website, including, among others, frequency of use, areas and features of the Website that you access, visit or use, engagement with particular features.

To collect this and other information, we may use cookies and other tracking technologies. See more in our Cookie Policy.

Special categories of Data

Special categories of Data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

During your contractual relationship with CIVITTA, we will process this type of Data only in the cases mentioned below and always within the framework of a solid legal basis:

• to guarantee the security of our premises (video/biometric data); and
• when we have your consent to do so for specific purposes (photos at events and their publication).

In cases, you submit to us your information in the free format (e.g. CVs for application to tenders) certain categories of special categories of Data which are not required for the purpose of our cooperation might appear there. The processing of such type of information is unnecessary to our purposes and we advise you to limit the use of such categories of Data in these documents. Though if such data was provided willingly by you, we will treat it the same way as any other data categories, described in the current privacy notice.

2.  How we use your Data

We will not collect and process your Data without letting you know. We process your Data based on one or more of the following legal bases:

1. Your consent. For example, on the registration screen when you give us your consent to process your Data.
2. Legitimate interest. We may process your Data in relation to our interests for the stated purpose, and this does not override yours. 
3. Legal obligation. We may be obliged to process some of your Data to comply with applicable laws and regulations.
4. To fulfill our contractual obligations to you in order to provide services to you.

The legitimate interest can have a relatively broad interpretation as a legal basis. To bring clarity to this aspect, we consider our legitimate interest in relation to clients and external experts to be:

• Maintaining and update our pool of business contacts and external experts;
• Project a positive external image for CIVITTA;
• Improve the quality of our services;
• Exchange information between the different CIVITTA entities (intra-group transfers);
• Extension of our client base;
• Involve CIVITTA in new tender opportunities;
• Attract qualified external experts into the CIVITTA network and projects.

Moreover, we will also have a valid legal basis when we:

• require processing your data to protect your or another person’s vital interests;
• need to carry out a task in the public interest or in the exercise of official authority vested in us.

We will only use your Data for the above-listed interests as long as they are not overridden by your interests and fundamental rights. In this regard, each time this legal basis will be used, we will make a balancing test between this interest and your rights and liberties, in order not to limit disproportionately the latest.

Below please see the main purposes for which we will collect and process your Data.

If we collaborate with you as a client, we process your data in order to:

• formalize our relationship in agreements;
• understand and document your needs and requests;
• manage the service you requested from us, including by contacting you;
• receive payments for the service provided;
• create statistics related to the usage of our services;
• contact you for direct marketing purposes and propose cooperation opportunities;
• ensure the security of our working premises;
• respond to potential project-related requests after the end of our contractual relationship.

If we collaborate with you as an external expert or a consortium representative, we process your data in order to:

• maintain a database of experts;
• apply to tenders or projects where your expertise is relevant and perform the project;
• communicate to you about opportunities for collaboration;
• respond to contractors’ inquiries concerning your expertise;
• stay in contact in order to ensure continuity of our common projects;
• ensure the security of our working premises.

3. Principles of processing

3.1 Data minimization and purpose limitation

We will not process your Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Data that is not needed for the mentioned purposes. For any new purpose of processing we will ask your separate consent.

3.2. No sale of Data

We will not sell or rent your Data. We will not disclose your Data except as otherwise described in this Privacy Policy. We may share your Data between different CIVITTA entities (intra-group transfers) solely as described in this Privacy Policy.

4. Storage, retention and erasure of Data

CIVITTA ensures that your Data is stored in a centralized and organized manner, namely on our accounting systems administrative cloud-based account and in our internal management system. Your information may also be stored on secure corporate email accounts, as a result of intra-group data transfers. Moreover, we also store relevant documents (e.g. contracts, invoices) in paper-based form in adequate physical storage spaces.

We keep your Data only as long as we need it for the purposes described in this Privacy Policy. Our retention periods are based on criteria that include legally mandated retention periods, our intellectual property or ownership rights, contract requirements, operational directives or needs and for potential and pending litigation.

5. Security of your Data

To ensure the security of your Data in the course of our services, we implement the technical, legal and organizational means necessary to ensure a high level of protection of your Data. We implement and monitor a constantly thorough access rights system, which ensures that only the authorized and relevant personnel can access it uniquely for lawful and clearly defined purposes.

Moreover, non-disclosure agreements are signed with all the concerned employees, in order to maintain the confidentiality of the documents and information provided by You.

6. International Data Transfers

In the course of our activities, your Data may be transferred within our group of companies (CIVITTA intra-group transfers).

6.1. Intra-group transfers of Data

CIVITTA is composed of several legal entities, forming what is called a group of undertakings. In order to pursue our activity, Data exchanges may take place in order to:

• respond to your  – client or expert – requests and needs;
• apply for tenders offers in which are involved other offices and branches of CIVITTA; and
• share experience and statistical information with other branches;

CIVITTA develops a holistic approach in protecting the Data of its clients, therefore ensuring that you will benefit from the same guarantees and rights for the whole group.

6.2. Extra-group transfers of Data

In the context of its operations, CIVITTA may share your Data with entities outside our group of undertakings. This happens mainly with:

• contracting entities (private companies or public authorities), based on your explicit consent or when fulfilling contractual obligations (e.g. for applying to a tender);
• public authorities or law enforcement bodies, upon request and in order to fulfill a legal requirement;
• third parties, for specific service providing (e.g. accounting services).
  

6.3. Trans-border transfers outside the EEA

Due to the international structure and reach of our activities, part of our operations is situated outside the European Economic Area (EU member states + Iceland, Norway and Liechtenstein). Therefore, we may transfer your Data outside the EEA to countries without adequacy decisions from the European Commission.

To mitigate and ensure an EU-level of data protection, CIVITTA uses Standard contractual clauses approved by the European Commission for all our trans-border transfers, which constitute a GDPR-compliant adequate safeguard for such operations.

7. Your privacy rights

7.1. Access to your Data (including in portable form)

You have a right to request information about what Data we process about you, to access all your Data, and receive a copy of it. You can obtain information about how long we store your data and who receives data about you. Your right of access may, however, be restricted by legislation, protection of other persons’ privacy and considerations for our business and practices. Our know-how, business confidential data, as well as internal assessments and material may also as such be exempt from the right of insight.

If we use data based on your consent or as a result of an agreement, and the data processing is automated, you have a right to receive the copy of the data you have provided in an electronic machine-readable format.

7.2. Correction and erasure of your Data

If you believe that your Data is inaccurate, you have a right to contact us and ask us to correct such Data.

You may ask us to erase your Data if you withdraw your consent to processing, if you believe such processing is unlawful.

7.3. Restriction of Processing

You have a right to request that the processing of your Data be restricted in some circumstances. For example, you have the right to request the restriction of your Data if you contest the accuracy of your Data and we need some time to verify its accuracy.

7.4. Right to object to the processing of your Data

You have the right to object against CIVITTA processing your Data when we invoke our legitimate interest for such an operation when we carry out a task in the public interest or for direct marketing purposes by contacting the person you usually deal with at CIVITTA.

7.5. Automated individual decision-making

You also shall have the right to object to a decision based solely on automated processing, including profiling. In these situations, CIVITTA will guarantee suitable measures to safeguard your rights, mainly the right to human intervention when reviewing such cases.

You will be notified if any automated decision-making is performed in relation to your Data.

7.6. Withdrawal of consent

If we process Data based on your consent, you can withdraw your consent to disclose Data at any given time. Please also note that we will continue to use your Data if we have to fulfill a legal or contractual obligation.

8. Accuracy and updating your Data

We will update your Data continuously during the period it is stored in our database. This is done for internal organization purposes and in order to permit better adequacy between your needs and requests and the services we provide. In this regard, it is possible for you to update your data by notifying through an email to [email protected].

Effective as of 30 October, 2023

Along with your collaboration with CIVITTA group companies (“we”, “us”, “our”, “CIVITTA”, “Company”) , we process personal information about you (“Data”). We do it in order to establish and manage our work collaboration and to carry out our operations and obligations as a business management consulting company.

We protect your Data and privacy by taking all relevant measures in accordance with applicable legislation, including the EU Regulation 2016/679 – known as General Data Protection Regulation (GDPR).

This privacy notice describes how CIVITTA uses your Data, how we ensure its protection and which privacy rights are granted to you by law.

1. Data we collect from you

We collect Data about you in a variety of ways. Sometimes we collect Data automatically when you interact with our website, and sometimes we collect the Data directly from You.

1.1 Data you provide to us directly

We collect and process your Data in order to ensure our day-to-day business activity. This Data is mostly provided by You when entering into a contractual employment relationship with CIVITTA. The Data will be generated and requested further along the employment relationship, always in relation to a specific and well-defined purpose:

• General information (name, surname, home address, position, phone number, email, bank account, signature, personal identification number, social insurance number, marital status, the capacity to work (medical conclusion));
• Payroll administration and calculation of salaries and bonuses (working hours, salary rate, expenses, evaluation results, yearly salary, salary and bonuses amounts, number of children (childbirth certificates), maternity leave information, sick leave, vacation duration and days off);
• Training, development and evaluation (exams and evaluation information, evaluation results, personal development plan information, salary increase, career history);
• Employee benefits (driving license number and information, geo-localization data (itinerary, distance, usage of a taxi or rented cars), corporate phone number and information regarding your calls and data usage);
• Business trips and support for visa (passport information, picture, additional information required by embassies);
• Timebase account (obligatory data includes email, salary, position, project codes, number of worked hours, vacation, days off, sick leaves, picture, phone number. Upon your decision, you can also provide experience, skype identifier, certificates, languages are spoken, education);
• Video surveillance and access to premises (access card number, company name, entry and exit logs, video image);
• Social aspects and publications (photo and contact information); 
• Gmail and Google Drive usage (time of the last login, amount of storage space available. After termination of contract: access to Gmail and Google Drive information);
• Staffing and staffing for employees on hire (position, projects, occupation rate, vacation information, business trips information, information about experience and involvement in projects);
• Management of alumni network: name, surname, email, phone number, photo).
  

1.2. Data we collect automatically

When you access our website, we may automatically collect the following information:

• Device information (device model, information about the operating system and its version, unique device identifiers, enabled device accessibility features, mobile operator and network information, device storage information, version of your device system);
• Location information (IP address, time zone, information about your mobile provider);
• Data about your use of the website (including, among others, frequency of use, areas and features of the Website that you access, visit or use, engagement with particular features).

To collect this and other information, we may use cookies and other tracking technologies. See more in our Cookie Policy.

Special categories of Data

Special categories of Data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

During your contractual relationship with CIVITTA, we will process this type of Data only in limited cases, always within the framework of a solid legal basis:

• to sign the employment contract and to allocate social benefits (health data);
• to guarantee the security of our premises (video/biometric data); and
• when we have your consent to do so (photos at events and their publication).
  

2. How we use your Data

We will not collect and process your Data without letting you know. We process your Data based on one or more of the following legal bases:

1. Your consent. For example, on the registration screen when you give us your consent to process your Data.
2. Legitimate interest. We may process your Data in relation to our interests for the stated purpose, and this does not override yours. 
3. Legal obligation. We may be obliged to process some of your Data to comply with applicable laws and regulations.
4. To fulfill our contractual obligations with You.

The legitimate interest can have a relatively broad interpretation as a legal basis. To bring clarity on this aspect, we consider our legitimate interest in relation to clients and external experts to be:

• Extension of our client base;

• Formation and training of our employees;

• Employment of qualified candidates;

• Projecting a positive external image for CIVITTA;

• Improvement of the quality of our services;

• Exchange of information between different CIVITTA entities (intra-group transfers);

• Maintaining an up-to-date business contact network.

Moreover, we will also have a valid legal basis when we:

• require processing your data to protect your or another person’s vital interests;
• need to carry out a task in the public interest or in the exercise of official authority vested in us.

We will only use your data for the above interests as long as they are not overridden by your interests and fundamental rights. In this regard, each time this legal basis will be used, we will make a balancing test between this interest and your rights and liberties, in order not to limit disproportionately the latest.

Below see the main purposes for which we will collect and process your Data:

If you are a current employee, we process your Data in order to:

• enter into a legal contractual relationship with you;
• manage effectively our employment relations with you;
• engage in new business opportunities;
• respond to clients’ requests;
• ensure adequate training and professional development opportunities for you;
• evaluate your work performance;
• motivate and offer stimulating benefits to you;
• calculate and pay your salary and bonuses;
• create a dynamic presence on social networks and for advertising purposes;
• create work-related statistics;
• ensure the security of the working premises.

After the end of our employment relationship, we will process your Data in order to:

• stay in contact in order to ensure smooth continuity of our projects;
• propose cooperation opportunities;
• invite you to alumni reunions.

3.  Principles of processing

3.1. Data minimization and purpose limitation

We will not process your Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Data that is not needed for the mentioned purposes. For any new purpose of processing we will ask your separate consent.

3.2. No sale of Data

We will not sell or rent your Data. We will not disclose your Data except as otherwise described in this Privacy Policy. We may share your Data between different CIVITTA entities (intra-group transfers) solely as described in this Privacy Policy.

4. Storage, retention and erasure of Data

CIVITTA ensures that your Data is stored in a centralized and organized manner, namely in our accounting systems, corporate Google Drive account, the relevant human resources internal information systems and in the Timebase platform. Your information may also be stored on secure corporate email accounts, as a result of intra-group data transfers. Moreover, we also store relevant documents (e.g. contracts) in a paper-based form in adequate physical storage spaces.

We ensure its security by implementing a thorough access rights system, which ensures that only the authorized and relevant personnel can access it uniquely for lawful and clearly defined purposes.

Our retention periods are based on several well-defined criteria. Therefore, in a first instance, the data will be stored for as long as we are actively pursuing one of the purposes enumerated above and while we have a valid legal basis to do so. Moreover, Data will also be stored in order to comply with legally mandated retention periods, which are required by local legislation.

After the expiration of the purposes, your Data will be stored solely for the purpose to respond to pending or potential litigations.

5. International Data Transfers

In the course of our activities, your Data may be transferred to our inside our group of companies (CIVITTA intra-group transfers) but also shared with external partners (extra-group transfers).

5.1. Intra-group transfers of Data

CIVITTA is composed of several legal entities, forming what is called a group of undertakings. In order to pursue our activity, Data exchanges may take place in order to:

• respond to client’s requests and needs;
• cooperate with employees from other branches; and
• provide services by other entities of the group of undertakings.

CIVITTA develops a holistic approach in protecting the Data of applicants, therefore ensuring that you will benefit from the same guarantees and rights for the whole group.

5.2. Extra-group transfers of Data

In the context of its operations, CIVITTA may share your Data with entities outside our group of undertakings. This happens mainly with:

• clients, based on your explicit consent or when fulfilling contractual or legal obligations (e.g. for the execution of a contract/project or when applying for a tender);
• public authorities or law enforcement bodies, upon request and in order to fulfill a legal requirement (e.g. labor inspection, consulates);
• third parties providing services connected to pursuing our business purposes (e.g. telecommunication companies, hotels, travel agencies).

Besides transferring data outside its group, CIVITTA also may receive Data concerning yourself from third parties with whom we are in contractual relationships:

• from clients – feedback on your performance of your assigned tasks;
• from service providing companies – data on your use of certain services provided as employee benefits (taxi, car services and corporate mobile phone).

5.3. Trans-border transfers outside the EEA

Due to the international structure and reach of our activities, part of our operations and clients can be situated outside the European Economic Area (EU member states + Iceland, Norway and Liechtenstein). Therefore, we may transfer your Data outside the EEA to countries without an adequacy decision from the European Commission.

To mitigate and ensure an EU-level of data protection, CIVITTA uses Standard contractual clauses approved by the European Commission for all our trans-border transfers, which constitute a GDPR-compliant adequate safeguard for such operations.

6. Your privacy rights

6.1. Access to your Data (including in portable form)

You have a right to request information about what Data we process about you, to access all your Data, and receive a copy of it. You can obtain information about how long we store your Data and who receives Data about you. Your right of access may, however, be restricted by legislation, protection of other persons’ privacy and considerations for our business and practices. Our know-how, business confidential data, as well as internal assessments and material may also as such be exempt from the right of insight.

If we use data based on your consent or as a result of an agreement, and the Data processing is automated, you have a right to receive the copy of the Data you have provided in an electronic machine-readable format.

6.2. Correction and erasure of your Data

If you believe that your Data is inaccurate, you have a right to contact us and ask us to correct such Data.

You may ask us to erase your Data if you withdraw your consent to processing, if you believe such processing is unlawful.

6.3. Restriction of Processing

You have a right to request that the processing of your Data be restricted in some circumstances. For example, you have the right to request the restriction of your Data if you contest the accuracy of your Data and we need some time to verify its accuracy.

6.4. Right to object to the processing of your Data

You have the right to object against CIVITTA processing your Data when we invoke our legitimate interest for such an operation when we carry out a task in the public interest or for direct marketing purposes by contacting the person you usually deal with at CIVITTA.

6.5. Automated individual decision-making

You also shall have the right to object to a decision based solely on automated processing, including profiling. In these situations, CIVITTA will guarantee suitable measures to safeguard your rights, mainly the right to human intervention when reviewing such cases.

You will be notified if any automated decision-making is performed in relation to your Data.

6.6. Withdrawal of consent

If we process Data based on your consent, you can withdraw your consent to disclose Data at any given time. Please also note that we will continue to use your Data if we have to fulfill a legal or contractual obligation.

7. Accuracy and updating your Data

We will update your Data continuously during the period it is stored in our database. This is done for internal organization purposes and in order to permit better adequacy between our client’s needs and requests and your skills. In this regard, it is possible for you to update your data by notifying the person you usually deal with at CIVITTA.

Certain categories of Data related to your professional skills and contact information can directly be updated on the Timebase platform, in your personal account, at www.timebase.lt.

8. Updates to this Privacy Policy

We reserve the right to change this Policy from time to time by posting an updated version on our website. If substantial changes are made that may significantly influence your rights or increase your responsibilities, we will notify you by email. We may provide notice of changes in other circumstances as well. We encourage you to periodically review this page for the latest information on our privacy practices.

9. Complaints

If you are concerned about an alleged breach of privacy law or any other regulation by CIVITTA, you can contact the person you usually deal with at CIVITTA or by email – [email protected]. CIVITTA will investigate your complaint and give you information about how it will be handled.

Also you have a right to lodge a complaint with the relevant Data Protection Authority in your country. Please contact the person you usually deal with at CIVITTA or by email – [email protected], CIVITTA will guide you to what State data Protection Inspector you should lodge your complaint.

10. Contact us

You are always welcome to contact us if you have questions about your privacy rights and how we collect and use the Data by  contacting the person you usually deal with at CIVITTA or by email – [email protected].

Please note that we may require proof of your identity and full details of your request before processing it. The data will only be used to verify your identity and will not be stored for longer than needed for this purpose.

We will reply in a reasonable delay, in accordance with the applicable regulations.