Privacy Policy

Version 1.0
Last modified: 23 June 2023

This website is operated by Sofia Superstar EOOD ("We", "us" or "Company”) that provides this Privacy Policy ("Policy") to give you a better understanding of our practices regarding the collection, use, transfer, storage and other processing of personal data we collect about website visitors, candidates and job applicants ("You", "you "), the reason why we collect such data, the manner in which we process this data, the entities with whom we share the said personal data, your rights in relation to the collection, processing and sharing of such data and any other pertinent matter relating to privacy and security of your personal data. We understand that your privacy is important to you and that you care about how your personal data is used and shared. We respect and value the privacy of everyone who visits our website or otherwise interacts with us and will only collect and use personal data in ways that are described in this Policy.

Please read this Privacy Policy carefully and ensure that you understand it. Note that this notice does not form part of any contract of employment or other contract to provide services.

Specifically, this Policy describes the following:

Data Protection Principles

We are committed to ensure that the personal data we use, collect, process about you will be:
• Used lawfully, fairly and in a transparent manner;
• Collected for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with such purposes;
• Adequate, relevant and limited to what is necessary in relation to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for those purposes;
• Kept securely.

What Does This Policy Cover?

• This Privacy Policy applies to the processing of your personal data by us in the context of: The processing of your personal data in connection to our communication with you;
• The processing of any of your queries;
• The assessment of your job applications, recruitment and candidacy;
• The process of onboarding you as a Company employee;
• The Company's compliance with legal requirements we are subject to as an employer;
• Any other relationship with you that is not covered by a separate privacy policy.

Categories of Personal Data

The paragraphs below outline the categories of personal data which we process, including the following:

Personal Information - This type of data may include your full name, email address, telephone/mobile number, postal address, the company you represent and your title, date of birth, government identification numbers (such as social insurance numbers, tax payer ID's and driver's license, citizenship/residency), personal status (marital status), photos. We obtain this data from you when you contact us, either by submitting your CV, using the contact form on the website or by other means.

Employment and qualifications data - This type of data may include your full name, your employment history, your education and qualifications, your age and gender, diploma, letter of termination from previous employer original rental agreement or any title of ownership, tax clearance, and any other data pertinent to your evaluation as a prospective employee, recruitment agencies' reports, letters offering and accepting employment, emergency contact information, interview notes and recommendation checks. We obtain this data from you when you contact us, either by submitting your CV, using the contact form on the website or by other means (i.e., past employers, social media platforms such as LinkedIn or recruitment and screening agencies). We may also obtain such data from third parties (references you provide) and open sources. In those circumstances, the Company will take reasonable steps to ensure that those third parties have represented to us that they have the right to disclose the personal data to us.

Website activity and technical data - This type of data may include your activity on the website, the pages you visit, the links you click on, and other similar activities, traffic data, GeoIP location, information from your browser, computer or mobile device when you access or use our website, device and network information.

Other information you provide to us - This includes any other data you choose to share with us.

Sensitive Personal Data
– this could include any medical history, health or sickness records you provide us with, information about criminal convictions and offences and any other information required by law to be provided by you in order to complete your employment process.

Our processing of your personal information may involve special categories of personal data for the provisions and improvement of our Service (as defined under Article 9 of the GDPR). We will only process such information, as well as disclose it to competent authorities (law enforcement bodies), where it is strictly necessary and required for the following purposes (to the extent permissible by applicable law): (i) prevention or detection of an unlawful act; (ii) prevention of dishonesty, malpractice or other seriously improper conduct, provided that obtaining your consent may prejudice those purposes; (iii) managing the recruitment process and job application, in particular when applying for an employment authorization for foreign nationals.

We do not perform any automated decision making or profiling using your personal data.

Purposes of processing of Personal Data

The Company uses and otherwise processes personal data to the extent necessary or appropriate for the following purposes:

Legal basis
Managing the recruitment process and job applications.
The legal bases for processing personal data in this context are your consent ((Art. 6.1(a) GDPR for example, when you explicitly agree to provide personal data by accepting our Policy), compliance with our legal obligations (Art. 6.1(c) GDPR) and our legitimate interests (Art. 6.1(f) GDPR). Our legitimate interests in this case are recruitment and succession planning, organisation and distribution of work, management forecasting and maintaining a well-managed and orderly workforce and business.
Answering your queries and  providing information that might interest you
The legal base for processing this data is our legitimate interest (Art. 6.1(f) GDPR). Our legitimate interest in this case is developing our business by keeping you updated regarding the latest developments and opportunities, responding to your questions and other communication.
Establishing and  maintaining business relationship with you or the entity you represent.
The legal base for processing this data is our legitimate interest (Art. 6.1(f) GDPR). Our legitimate interest in this case is developing our business by establishing and maintaining business relationship with qualified partners.
Security reasons, including ensuring the security of company-held information, company's systems, detecting fraudulent or illegal behavior, etc.
The legal bases for processing this data are our legal obligation (Art. 6.1(c) GDPR) and legitimate interests (Art. 6.1(f) GDPR). Our legitimate interests in this case are protection of Company's property and that belonging to third parties, enforcing our policies and keeping the safety of our services, employees and end-users.
Complying with applicable laws, including labour and employment laws and judicial or administrative orders regarding individual candidates.
The legal base for processing this data is the performance of our legal obligations (Art. 6.1(c) GDPR).
Evaluating the outreach and performance of our website.
The legal base for processing this data is our legitimate interest (Art. 6.1(f) GDPR). Our legitimate interest in this case is developing our website and ensuring its stability.
Conducting legal disputes - If the Company receives a notice of legal proceedings for actions taken by a candidate in the context of any dispute, claim, suit, demand or legal proceedings, if any, between you and the Company.
The legal base for processing this data is the performance of our legal obligations (Art. 6.1(c) GDPR) and our legitimate interests (Art. 6.1(f) GDPR). Our legitimate interests in this case are to establish and defend our legal claims.
Conducting due diligence of the Company's activities (in particular, recruitment and employment activities) in the event of a third party contemplating the purchase or investment in the Company;
The legal base for processing this data is our legitimate interest (Art. 6.1(f) GDPR). Our legitimate interest in this case is to enable future investments, mergers and acquisitions.
Workplace monitoring: CCTV surveillance recordings and access logs
The legal base for processing this data is our legitimate interest (Art. 6.1(f) GDPR), as described in section 5 below.

If there are circumstances where the Company considers it needs to process personal data for a purposes that is not compatible with the purposes above, we will provide you with an updated notification regarding such new purpose (or seek your express consent if necessary).

Workplace Monitoring

We monitor visitor activities in our offices and property, such by installing CCTV surveillance cameras, monitoring and recording access to various premises. Should you visit our offices, we will accordingly process your personal data in the form of CCTV surveillance recordings and access logs.

This monitoring is carried out for the following purposes which constitute our legitimate interest (Art. 6.1(f) GDPR) for processing the relevant personal data:

• To detect, investigate, and prevent crime, such as theft, fraud or illegal use of software or the intellectual property of the Company or a third party;
• To prevent the unauthorized or unlawful disclosure of confidential business information, for example, trade secrets;
• To comply with obligations to prevent discrimination or sexual harassment under applicable laws, and prevent or reduce company exposure to liability for the unlawful acts of employees, particularly in relation to racist or sexist communications in the workplace;
• To maintain productivity and ensure the quality of products and services, and avoid damage to the company’s reputation and goodwill;
• To comply with laws and regulations, e.g., workplace safety, labor, tax and other requirements;
• To ensure the integrity of information systems and compliance with company security and data protection policies.

Your Rights

As a data subject, you have the following rights under the applicable data protection laws, which this Policy and our use of personal data have been designed to uphold. Please contact us at for more information, or to exercise these rights.

• You have the right to be informed about our processing and use of your personal data and the right to access your personal data we process;
• You have the right of rectification if any of your personal data we process is inaccurate or incomplete;
• You have the right to be forgotten – i.e. the right to ask us to delete your personal data we process;
• You have the right to restrict the processing of your personal data, and the right to object to us using your personal data for particular purposes, e.g. for marketing purposes;
• You have the right to data portability (obtaining a copy of your personal data to re-use with another service or organization). We will provide such copy free of charge unless the request is manifestly unfounded or excessive, where in such case a reasonable fee for administration costs may be charged;
• You have the right to lodge a complaint with the relevant Data Protection Supervisory Authority should you feel that any of your rights have been impinged by us. Without limiting this right, we kindly ask you to attempt to resolve any issues you may have with us directly, prior to lodging a complaint;
• You have certain rights with respect to automated decision making and profiling. You have the right to obtain human intervention in the process of automated decision making, to express your point of view and to contest the decision.

Kindly note that the above rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse your request. In addition, in certain instances, your personal data may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.

In addition, note that you are responsible to update the Company if there are any changes or inaccuracies in your personal data.

Personal Data Storage, Security and Retention

Personal data processed by us is protected using industry standard security processes and systems. We store your personal data within the European Union, on encrypted hard drives and/or with certified data centers. Both our storage environment and those of the data centers we employ are compliant with the “ISO/IEC 27001 - Information security management” standard. We use secured https protocol for communication between the website and your browser. Our secure servers protect all information using advanced firewall technology. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. Despite the best practices we employ, no party can warrant absolute security of your Internet connection. Any data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done with your personal data before such personal data reaches us.

We do not process your personal data for any longer than is necessary for the purposes of processing for which it was first collected, except as otherwise permitted or required by applicable law or regulatory requirements. Your personal data will be retained for as long as we have a relationship with you (for example, evaluating employment opportunity or answering your queries) and up to one (1) year thereafter. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. With regard to your personal data used to provide you with information on our offers, industry events and other news and products of ours and of our affiliates that may be of interest, such data will be processed until you indicate that you no longer wish to receive such information from us.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Sharing your Personal Data

We may share your personal data with competent authorities having jurisdiction over us. Such disclosures will only be made when permitted or required pursuant to applicable data protection laws and/or other legislation applicable to us.

We may share your personal data with other companies in our corporate group – our parent companies, subsidiaries, and sister companies. These companies, as our processors, will process your personal data on our behalf on the grounds and for the purposes listed in this Policy. We may share your personal data with other selected third parties, including:

Third party service providers: IT and related services’ providers and their sub-processors, such as service providers contracted to store your personal data, human resource information system or human resource management system, enterprise resource planning and record management tools, payroll providers (upon successful admission as a company employee);
Affiliated companies and business partners;
Recruitment agencies: for the purpose of recruitment and assessing your fitness for a specific role
Business transactions: we may share your personal data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Policy.
Governmental authorities and regulatory bodies: to meet local statutory requirements e.g. tax authorities, regulatory registration bodies, etc., such as with governmental agencies and authorities and regulators, social organizations, courts and other tribunals, to the extent permitted or required by applicable law.
External advisors: our lawyers, advisors, auditors, consultants who we may engage from time to time to advise on any matter which requires them to gain access to personal data.

These third party service providers have access to personal data as needed to perform their functions, but they are not permitted to use it for other purposes. To ensure your personal data is secured, the Company exercises appropriate due diligence in the selection of such service providers and enters into contractual obligation requiring such service providers to maintain adequate technical and organizational security measures to safeguard the personal data, and process the personal data only as instructed by the Company (as applicable).  

Since the Company operates globally, it may be required to transfer your personal data to service providers, authorities and affiliates in jurisdictions that are outside of the European Economic Area. The data protection and other laws of these countries may not be as comprehensive as those of the European Union. In these instances and where applicable, the Company is taking ongoing measures to ensure that such service providers and affiliates have implemented appropriate safeguards to protect the security of personal data. This includes standard contractual clauses that have been approved by the European Commission or in conducting of the transfer subject to an EU Commission adequacy decision.  Your personal data will never be shared with third parties for their own marketing purposes (unless you give your explicit consent thereto).

Contacting Us

If you have any questions about this Policy, please contact our Data Protection Officer (DPO), by email at or by post at Sofia Superstar EOOD:  57, Cherni vrah, Blvd, Energy Tower, fl. 3, Lozenets District, 1407, city of Sofia, Bulgaria. Please ensure that your query is clear, particularly if it is a request for information about the data we process.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time. Please note that changes will be immediately posted on the website and will be deemed to have been accepted on your first use of the website following the alterations in the Privacy Policy. We recommend that you check this page regularly to remain up to date with any changes, and where appropriate, we will also notify you by e-mail.

Contact Us
Send us your CV or Portfolio, even if you can’t find a suitable role. Maybe we are waiting for you right now, who knows.
Let's apply
Additional attachments
Upload failed. Max size for files is 10 MB.
/ 250
KYC Officer
Sales agent with Arabic
Italian VIP Quality Assurance Manager
German VIP Quality Assurance Manager
Greek Sales Agent
German Sales Agent
German VIP Team Leader
VIP Team Leader
Head of VIP
VIP Manager with Greek
VIP Manager with Czech
Slovenia VIP Account Manager
Swedish VIP Account manager
Hungary VIP Account Manager
Portuguese VIP Account Manager
VIP Manager with English
PSP Tech Account Manager
Payments Data Analyst
Customer Support Night Shift Team Lead - office-based
AML & RG Officer
Team Lead of the CS team - office-based
Customer Support Quality Assurance Manager - office-based
Customer Support Trainer - office-based
Senior Product Designer
Senior HTML/Markup Developer
Middle Product Designer
Senior Front-End Developer (Angular 15)
Team Lead Back-end development
Product Owner
French Customer Support Agent
Romanian Customer Support Agent
Italian Customer Support Agent
Hungarian Customer Support Agent
Swedish Customer Support Agent
VIP Manager with French
VIP Manager with German
VIP Manager with Italian
Risk Manager
Middle Manual QA
Senior Node.js Developer
Greek Customer Support Agent
Norwegian Customer Support Agent
Finnish Customer Support Agent
Danish Customer Support Agent
Arabic Customer Support Agent
German Customer Support Agent
Czech/Slovakian Customer Support Agent
Your application has been successfully sent
Our managers will contact you shortly
Oops! Something went wrong while submitting the form.