This website is operated by Sofia Superstar EOOD ("We", "us" or "Company”) that provides this Privacy Policy ("Policy") to give you a better understanding of our practices regarding the collection, use, transfer, storage and other processing of personal data we collect about website visitors, candidates and job applicants ("You", "you "), the reason why we collect such data, the manner in which we process this data, the entities with whom we share the said personal data, your rights in relation to the collection, processing and sharing of such data and any other pertinent matter relating to privacy and security of your personal data. We understand that your privacy is important to you and that you care about how your personal data is used and shared. We respect and value the privacy of everyone who visits our website or otherwise interacts with us and will only collect and use personal data in ways that are described in this Policy.
Please read this Privacy Policy carefully and ensure that you understand it. Note that this notice does not form part of any contract of employment or other contract to provide services.
Specifically, this Policy describes the following:
We are committed to ensure that the personal data we use, collect, process about you will be:
• Used lawfully, fairly and in a transparent manner;
• Collected for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with such purposes;
• Adequate, relevant and limited to what is necessary in relation to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for those purposes;
• Kept securely.
• This Privacy Policy applies to the processing of your personal data by us in the context of: The processing of your personal data in connection to our communication with you;
• The processing of any of your queries;
• The assessment of your job applications, recruitment and candidacy;
• The process of onboarding you as a Company employee;
• The Company's compliance with legal requirements we are subject to as an employer;
• Any other relationship with you that is not covered by a separate privacy policy.
The paragraphs below outline the categories of personal data which we process, including the following:
Personal Information - This type of data may include your full name, email address, telephone/mobile number, postal address, the company you represent and your title, date of birth, government identification numbers (such as social insurance numbers, tax payer ID's and driver's license, citizenship/residency), personal status (marital status), photos. We obtain this data from you when you contact us, either by submitting your CV, using the contact form on the website or by other means.
Employment and qualifications data - This type of data may include your full name, your employment history, your education and qualifications, your age and gender, diploma, letter of termination from previous employer original rental agreement or any title of ownership, tax clearance, and any other data pertinent to your evaluation as a prospective employee, recruitment agencies' reports, letters offering and accepting employment, emergency contact information, interview notes and recommendation checks. We obtain this data from you when you contact us, either by submitting your CV, using the contact form on the website or by other means (i.e., past employers, social media platforms such as LinkedIn or recruitment and screening agencies). We may also obtain such data from third parties (references you provide) and open sources. In those circumstances, the Company will take reasonable steps to ensure that those third parties have represented to us that they have the right to disclose the personal data to us.
Website activity and technical data - This type of data may include your activity on the website, the pages you visit, the links you click on, and other similar activities, traffic data, GeoIP location, information from your browser, computer or mobile device when you access or use our website, device and network information.
Other information you provide to us - This includes any other data you choose to share with us.
Sensitive Personal Data – this could include any medical history, health or sickness records you provide us with, information about criminal convictions and offences and any other information required by law to be provided by you in order to complete your employment process.
Our processing of your personal information may involve special categories of personal data for the provisions and improvement of our Service (as defined under Article 9 of the GDPR). We will only process such information, as well as disclose it to competent authorities (law enforcement bodies), where it is strictly necessary and required for the following purposes (to the extent permissible by applicable law): (i) prevention or detection of an unlawful act; (ii) prevention of dishonesty, malpractice or other seriously improper conduct, provided that obtaining your consent may prejudice those purposes; (iii) managing the recruitment process and job application, in particular when applying for an employment authorization for foreign nationals.
We do not perform any automated decision making or profiling using your personal data.
The Company uses and otherwise processes personal data to the extent necessary or appropriate for the following purposes:
If there are circumstances where the Company considers it needs to process personal data for a purposes that is not compatible with the purposes above, we will provide you with an updated notification regarding such new purpose (or seek your express consent if necessary).
We monitor visitor activities in our offices and property, such by installing CCTV surveillance cameras, monitoring and recording access to various premises. Should you visit our offices, we will accordingly process your personal data in the form of CCTV surveillance recordings and access logs.
This monitoring is carried out for the following purposes which constitute our legitimate interest (Art. 6.1(f) GDPR) for processing the relevant personal data:
• To detect, investigate, and prevent crime, such as theft, fraud or illegal use of software or the intellectual property of the Company or a third party;
• To prevent the unauthorized or unlawful disclosure of confidential business information, for example, trade secrets;
• To comply with obligations to prevent discrimination or sexual harassment under applicable laws, and prevent or reduce company exposure to liability for the unlawful acts of employees, particularly in relation to racist or sexist communications in the workplace;
• To maintain productivity and ensure the quality of products and services, and avoid damage to the company’s reputation and goodwill;
• To comply with laws and regulations, e.g., workplace safety, labor, tax and other requirements;
• To ensure the integrity of information systems and compliance with company security and data protection policies.
As a data subject, you have the following rights under the applicable data protection laws, which this Policy and our use of personal data have been designed to uphold. Please contact us at dpo@sofiastars.com for more information, or to exercise these rights.
• You have the right to be informed about our processing and use of your personal data and the right to access your personal data we process;
• You have the right of rectification if any of your personal data we process is inaccurate or incomplete;
• You have the right to be forgotten – i.e. the right to ask us to delete your personal data we process;
• You have the right to restrict the processing of your personal data, and the right to object to us using your personal data for particular purposes, e.g. for marketing purposes;
• You have the right to data portability (obtaining a copy of your personal data to re-use with another service or organization). We will provide such copy free of charge unless the request is manifestly unfounded or excessive, where in such case a reasonable fee for administration costs may be charged;
• You have the right to lodge a complaint with the relevant Data Protection Supervisory Authority should you feel that any of your rights have been impinged by us. Without limiting this right, we kindly ask you to attempt to resolve any issues you may have with us directly, prior to lodging a complaint;
• You have certain rights with respect to automated decision making and profiling. You have the right to obtain human intervention in the process of automated decision making, to express your point of view and to contest the decision.
Kindly note that the above rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse your request. In addition, in certain instances, your personal data may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
In addition, note that you are responsible to update the Company if there are any changes or inaccuracies in your personal data.
Personal data processed by us is protected using industry standard security processes and systems. We store your personal data within the European Union, on encrypted hard drives and/or with certified data centers. Both our storage environment and those of the data centers we employ are compliant with the “ISO/IEC 27001 - Information security management” standard. We use secured https protocol for communication between the website and your browser. Our secure servers protect all information using advanced firewall technology. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. Despite the best practices we employ, no party can warrant absolute security of your Internet connection. Any data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done with your personal data before such personal data reaches us.
We do not process your personal data for any longer than is necessary for the purposes of processing for which it was first collected, except as otherwise permitted or required by applicable law or regulatory requirements. Your personal data will be retained for as long as we have a relationship with you (for example, evaluating employment opportunity or answering your queries) and up to one (1) year thereafter. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. With regard to your personal data used to provide you with information on our offers, industry events and other news and products of ours and of our affiliates that may be of interest, such data will be processed until you indicate that you no longer wish to receive such information from us.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We may share your personal data with competent authorities having jurisdiction over us. Such disclosures will only be made when permitted or required pursuant to applicable data protection laws and/or other legislation applicable to us.
We may share your personal data with other companies in our corporate group – our parent companies, subsidiaries, and sister companies. These companies, as our processors, will process your personal data on our behalf on the grounds and for the purposes listed in this Policy. We may share your personal data with other selected third parties, including:
• Third party service providers: IT and related services’ providers and their sub-processors, such as service providers contracted to store your personal data, human resource information system or human resource management system, enterprise resource planning and record management tools, payroll providers (upon successful admission as a company employee);
• Affiliated companies and business partners;
• Recruitment agencies: for the purpose of recruitment and assessing your fitness for a specific role
• Business transactions: we may share your personal data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Policy.
• Governmental authorities and regulatory bodies: to meet local statutory requirements e.g. tax authorities, regulatory registration bodies, etc., such as with governmental agencies and authorities and regulators, social organizations, courts and other tribunals, to the extent permitted or required by applicable law.
• External advisors: our lawyers, advisors, auditors, consultants who we may engage from time to time to advise on any matter which requires them to gain access to personal data.
These third party service providers have access to personal data as needed to perform their functions, but they are not permitted to use it for other purposes. To ensure your personal data is secured, the Company exercises appropriate due diligence in the selection of such service providers and enters into contractual obligation requiring such service providers to maintain adequate technical and organizational security measures to safeguard the personal data, and process the personal data only as instructed by the Company (as applicable).
Since the Company operates globally, it may be required to transfer your personal data to service providers, authorities and affiliates in jurisdictions that are outside of the European Economic Area. The data protection and other laws of these countries may not be as comprehensive as those of the European Union. In these instances and where applicable, the Company is taking ongoing measures to ensure that such service providers and affiliates have implemented appropriate safeguards to protect the security of personal data. This includes standard contractual clauses that have been approved by the European Commission or in conducting of the transfer subject to an EU Commission adequacy decision. Your personal data will never be shared with third parties for their own marketing purposes (unless you give your explicit consent thereto).
If you have any questions about this Policy, please contact our Data Protection Officer (DPO), by email at dpo@sofiastars.com or by post at Sofia Superstar EOOD: 57, Cherni vrah, Blvd, Energy Tower, fl. 3, Lozenets District, 1407, city of Sofia, Bulgaria. Please ensure that your query is clear, particularly if it is a request for information about the data we process.
We may change this Privacy Policy from time to time. Please note that changes will be immediately posted on the website and will be deemed to have been accepted on your first use of the website following the alterations in the Privacy Policy. We recommend that you check this page regularly to remain up to date with any changes, and where appropriate, we will also notify you by e-mail.
.svg){kind=logo}
.svg)