GDPR Compliance Policy

GDPR Compliance Policy for Brain Source SRL

1. Introduction
 
Brain Source SRL (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR) and Romanian data protection laws. This policy outlines our approach to data protection and sets out the principles we adhere to when processing personal data.
 
2. Scope
 
This policy applies to all personal data processed by Brain Source SRL, including data related to job candidates, clients, employees, suppliers, and any other individuals whose data we handle.
 
3. Data Protection Principles
 
We adhere to the following data protection principles as required by the GDPR:
 
•Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
•Purpose Limitation: We collect data for specified, explicit, and legitimate purposes and do not process it further in ways incompatible with those purposes.
•Data Minimization: We collect only the data that is adequate, relevant, and limited to what is necessary.
•Accuracy: We keep personal data accurate and, where necessary, up to date.
•Storage Limitation: We retain personal data only for as long as necessary for the purposes for which it is processed.
•Integrity and Confidentiality: We process personal data securely to prevent unauthorized or unlawful processing, accidental loss, destruction, or damage.
•Accountability: We are responsible for complying with these principles and can demonstrate our compliance.
 
4. Legal Basis for Processing
 
We process personal data based on one or more of the following legal grounds:
 
•Consent: The data subject has given clear consent for processing their personal data for specific purposes.
•Contractual Necessity: Processing is necessary for the performance of a contract with the data subject or to take steps at their request before entering into a contract.
•Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
•Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by the data subject’s interests or fundamental rights and freedoms.
 
5. Types of Personal Data Collected
 
We may collect the following categories of personal data:
 
•Identification Information: Name, date of birth, gender, nationality, identification numbers.
•Contact Information: Address, email address, telephone numbers.
•Professional Information: CVs, employment history, education, qualifications, certifications, skills, references, and interview notes.
•Sensitive Personal Data: We may process special categories of data (e.g., health information, criminal records) only when necessary and with explicit consent or as permitted by law.
•Website Usage Data: IP addresses, browser type, access times, and pages viewed.
 
6. Collection Methods
 
We collect personal data through:
 
•Direct Interactions: When individuals submit their CVs, complete forms, or communicate with us via email, phone, or in person.
•Third Parties: From references, background check providers, educational institutions, professional networks, and publicly available sources like LinkedIn.
•Automated Technologies: Via our website using cookies and similar technologies.
 
7. Use of Personal Data
 
We use personal data for the following purposes:
 
•Recruitment Services: To match candidates with job opportunities and facilitate the recruitment process.
•Client Relationship Management: To provide services to our clients and maintain business relationships.
•Compliance: To comply with legal and regulatory obligations.
•Communication: To respond to inquiries, provide updates, and send relevant information.
•Marketing (if applicable): To send newsletters or promotional materials, with the data subject’s consent.
 
8. Data Sharing and Disclosure
 
We may share personal data with:
 
•Clients/Potential Employers: To present candidates for job opportunities.
•Service Providers: Third-party vendors who provide services on our behalf, under contractual obligations to protect data.
•Legal and Regulatory Authorities: When required by law or to protect our rights.
•Other Third Parties: With consent from the data subject or when legally permitted.
 
9. International Data Transfers
 
If we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
 
•Adequacy Decisions: Transferring to countries deemed to have adequate data protection laws by the European Commission.
•Standard Contractual Clauses: Implementing contractual clauses approved by the European Commission.
•Binding Corporate Rules: Adhering to internal policies approved by data protection authorities.
 
10. Data Security
 
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:
 
•Access Controls: Restricting access to personal data to authorized personnel only.
•Encryption: Using encryption technologies where appropriate.
•Physical Security: Securing our premises and IT infrastructure.
•Regular Testing: Periodically testing and evaluating the effectiveness of our security measures.
 
11. Data Retention
 
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Retention periods may vary depending on:
 
•Legal Obligations: Statutory requirements for retaining certain types of data.
•Contractual Obligations: Agreements with clients or data subjects.
•Legitimate Interests: Business needs balanced against the rights and freedoms of data subjects.
 
12. Data Subject Rights
 
Under the GDPR, data subjects have the following rights:
 
•Right to Access: Obtain confirmation whether we process their personal data and access to that data.
•Right to Rectification: Request correction of inaccurate or incomplete personal data.
•Right to Erasure (“Right to be Forgotten”): Request deletion of personal data under certain conditions.
•Right to Restrict Processing: Request limiting the processing of personal data under certain circumstances.
•Right to Data Portability: Receive personal data in a structured, commonly used format and transmit it to another controller.
•Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
•Right to Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
•Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect them.
 
To exercise these rights, data subjects can contact us at:
 
•Email: [Insert Contact Email]
•Address: [Insert Company Address]
••Phone: [Insert Contact Phone Number]
 
We will respond to requests in accordance with GDPR timeframes and requirements.
 
13. Data Breach Notification
 
In the event of a personal data breach, we will:
 
•Assess the Risk: Evaluate the likelihood and severity of the risk to data subjects’ rights and freedoms.
•Notify Authorities: Report the breach to the relevant supervisory authority (e.g., the Romanian National Supervisory Authority for Personal Data Processing) within 72 hours, unless the breach is unlikely to result in a risk.
•Inform Data Subjects: Communicate the breach to affected individuals without undue delay when it is likely to result in a high risk to their rights and freedoms.
•Document the Breach: Maintain records of the breach, its effects, and remedial actions taken.
 
14. Data Protection Officer (DPO)
 
Considering the nature of our data processing activities, we have appointed a Data Protection Officer:
 
•Email: office@brainsource.io
•Address: 6 Neajlov Str, Apt. 6, Satu Mare, Co. Satu Mare, Romania
•Phone: +40757846904
 
If a DPO is not appointed, please designate a contact person responsible for data protection matters.
 
15. Employee Responsibilities
 
All employees and contractors of Brain Source SRL are required to:
 
•Understand and Comply: Familiarize themselves with this policy and comply with its terms.
•Protect Data: Handle personal data appropriately and securely.
•Report Breaches: Immediately report any suspected data breaches or security incidents to management.
 
16. Training and Awareness
 
We provide regular training to employees to ensure they understand their responsibilities under the GDPR and this policy.
 
17. Policy Updates
 
We may update this GDPR Compliance Policy from time to time. Changes will be posted on our website and communicated internally. We encourage you to review this policy periodically.
 
18. Complaints and Enforcement
 
Data subjects who believe their rights under the GDPR have been violated may lodge a complaint with the supervisory authority:
 
•Romanian National Supervisory Authority for Personal Data Processing
•Website: www.dataprotection.ro
•Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania
 
Alternatively, they may seek judicial remedy.
 
19. Contact Us
 
For questions or concerns about this GDPR Compliance Policy or our data protection practices, please contact:
 
•Email: office@brainsource.io
•Address: 6 Neajlov Str, Apt. 6, Satu Mare, Co. Satu Mare, Romania
•Phone: +40757846904

Contact Us

Have a question or need more information? Just drop us a line!

Let's Build Your Dream Team

Whether you are looking for skilled professionals or aiming to fill key positions, Brainsource is your reliable partner in recruitment.

Email address

Send us a message