Privacy policy for general public

PREAMBLE

NATEK is a leading provider of IT Outsourcing and IT Consulting Services in Central and Eastern Europe. NATEK value the trust that our users place in by giving their personal data and therefore they will be used only in way described herein.

We do not intentionally attempt to solicit, collect or receive information from children under 16.

NATEK will take all reasonable steps to protect user’s personal data from misuse and keep it secure. This document sets out the policies and procedures that NATEK has put in place to comply with applicable data protection principles, mainly EU General Data Protection Regulation (EU) 2016/679 (“GDPR”).

You can enjoy and browse this website without giving us your personal data or providing your consent. There is a minimum personal data necessary in order to communicate with you and provide you with information about services NATEK provides and subscribe to our newsletters.

CONTROLLER

The controller of your personal data (hereinafter the “Controller”) is a legal entity, member of NATEK Group, with which you have concluded or are in process of concluding a contractual agreement.

If you are an employee or a subcontractor of NATEK client, supplier or advisor, the Controller is a legal entity, member of NATEK Group, with which your employer (or your client) has concluded or is in process of concluding a contract.

If you are not in a business relation with any of the legal entities members of NATEK Group or are not in process of entering into such relation, the Controller of your personal data is NATEK Bulgaria LLC with registered seat at Todor Aleksandrov Bld 18, 4th fl., 1303 Sofia, Bulgaria, company ID: 175121102.

PERSONAL DATA

In this policy, personal data means any information relating to an identified or identifiable natural person, an identifiable natural person is one who can be identified, directly or indirectly (together with other information that is reasonably likely to come into NATEK possession), in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or an email address or a telephone number.

PURPOSE OF PROCESSING PERSONAL DATA

We use personal data you provide to us, or we acquire from other sources for the purpose of providing our services and responding to your queries. In order to provide our services to you, it is essential that we are able to collect and use the information as described in this Policy.

If you do not provide personal data to us you will not be able to benefit from the services offered by NATEK.

We use collected information for following purposes:

  • Communications with you as our user and providing you information such as newsletters and career advisory. Based on NATEK legitimate interest, art.6 par.1f GDPR. In case we are contacted by you via our website or other way, we may process your name, contact details, geographic location and/or other information provided to us by you to enable us to answer any questions or queries and communicate with you.
  • Business Relations. Based on NATEK legitimate interest, art.6 par.1f GDPR. Shall you be a representative of our current or potential client, vendor, supplier or contractor we may process your full name, contact details, position, company you represent, activities in relation of sales or procurement process, data on the communication and internal notes to develop and maintain business relationship, to provide you with the status and details about our works and services and to organize approval, processing and signing of contracts, acts, invoices and other contractual documentation.
  • Marketing, promotion, public relation. Based on your consent, art.6 par.1a GDPR. Direct marketing and/or promotional efforts by or on behalf of NATEK group may include providing you with specific information that you have requested online or providing more general information about other NATEK offerings.  When we collect personal data for direct marketing or promotional purposes, we offer you appropriate choices regarding the use of your personal data.
  • Legal defence. Establishment, exercise or defence of legal claims, including archiving for evidence purposes, in exercise of the legitimate interests pursued of the Controller (Art. 6 (1)(f) GDPR). NATEK processes personal data of Suppliers and Supplier’s personnel for the purposes of evidencing actual performance, non-compliances and incidents as to document the Contract fulfilment in case of potential business and/or legal escalations and litigations.
  • Reporting. Generate internal reports and create aggregate and statistical data about the Contract performance. Based on NATEK legitimate interest, art.6 par.1f GDPR or based on your consent, art.6 par.1a GDPR.

On the basis of your personal data, the Controller shall not take automated decisions regarding you, including decisions resulting from profiling.

CATEGORIES OF PERSONAL DATA

We may collect, store and use following categories of personal data:

  • Basic personal data: name, e-mail address, telephone number, address, date of birth, national identification number, residence, profiles on social media;
  • Visual representation: photos, video recordings and other visual representations, public profiles on social media;
  • Personal data which you have shared with the Controller or other controller, or which has manifestly been made public by you;
  • Information about your computer, including IP address, browser type and version, operating system, the URLs of sites from you arrive on NATEK website, how you use our website and mobile applications to filter traffic, to report on statistics and to improve our services;
  • Any other information or personal data that you choose to reveal to us.

SOURCES OF DATA

We may collect personal data from:

  • You: all information you provide to us when you are submitting your CV, registering and creating an account to become NATEK candidate or user, applying for a job by filling in forms, subscribing to our email notifications and/or newsletters, performing personal, audio or video interviews / communication;
  • Other controllers: information you provide to other controllers, whether members of NATEK Group or our clients or suppliers which is shared with the Controller to the extend permitted by applicable laws or specific consents;
  • Referral: if someone referred you for the potential employment or cooperation;
  • Open sources, such as job boards, online search engines, address and phone registers, media archives, social media, business relationships, property recordings, etc.
  • Email & web-based communication: Information that is contained in any communication that you send to NATEK through an email or NATEK websites;

DISCLOSURE OF INFORMATION TO THIRD PARTIES

NATEK Group is group of companies operating in four countries of EEA (Poland, Slovakia, Czech Republic and Bulgaria). The Controller may share your personal data with other controllers - entities related to the Controller from the NATEK Group as reasonably necessary for the purposes stated in this Policy and for the legitimate interest of NATEK Group or based on your consent.

Information that is collected will be processed only in EEA and only for the purposes specified in this Policy. NATEK Group is committed to protect and respect the privacy of our users and strive to apply necessary safeguards to provide protection of the privacy and security of your personal data during the transfer and to use it only consistently in relationship with NATEK Group.

Your personal data may be disclosed to our advisors, legal councils, consultants, supervisory authorities or state administration to the extent that is required to do so by law, in relation to our contractual or legal obligations, an ongoing or prospective legal proceedings or in order to establish or defend our legal rights.

Your personnel data may be disclosed also to service providers Controller uses to procure services, such as accounting, consulting, marketing or IT system administration. These suppliers process personal data based on Controller’s request as processors of personal data and are bound with same protection of your personal data based on legal or contractual grounds as in NATEK Group.

The Controller may transfer your data to a third country (outside the European Economic Area) or to an international organisation. Such processing will be conducted on the basis of the Standard Contractual Clauses adopted by the European Commission, available at the website of the Official Journal of the European Union (https://eur-lex.europa.eu).

YOUR RIGHTS

You as user and natural person (data subject) have following rights which are provided by the European Union’s General Data Protection Regulation and legislation in local countries.

Right for Information. Natural person must be informed immediately about the processing and his or her rights when collecting data.

Right of Access. Natural person may request confirmation as to whether personal data concerning them is being processed. If this is the case, the controller must provide a copy of all personal data, including information on the purposes of processing, duration of storage, origin and transfer of data to a third country or to an international organisation. When you registered via our web site and you create your profile you may access, consult, modify or delete your personal data right in created profile or by contacting us on email address: DataProtectionOffice@natek.eu.

Right to Erasure (to be forgotten). Natural person have right to request that NATEK Group erase that their personal data, subject to certain exception. Natural person has right to withdraw consent on which processing is based. Organisations are required not to hold data for any longer than absolutely necessary, and not to change the use of the data from the purpose for which it was originally collected, while – at the same time – they must delete any data at the request of the data subject.

Right to Rectification. A data subject can obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Right to Restriction of Processing. Under certain circumstances, a data subject can obtain from the controller restriction of processing of his or her personal data.

Right to Data Portability. In the future, users will have the right to transfer data, which they have provided, to another application, for example, from one social network to another. The controller must provide this data in a “structured, commonly used and machine-readable format”. This should make it easier for users to change providers without losing data. However, it is not yet clear how this will be technically implemented.

Right to Object. Users have the right to object at any time to the processing of their personal data. You may also request that the NATEK Group cease using your data for direct marketing purposes.

Right to Consult. You have right to consult, modify or delete your personal data by contacting us on the email address as follows: DataProtectionOffice@natek.eu.

Right to lodge a complaint. You have right to lodge a complaint with the data protection authority if you have concerns about how NATEK Group processes your personal data.

Please ensure that you exercise your rights wisely and note that abuse of rights may entail your liability.

RETENTION OF PERSONAL DATA

We keep your personal information that we are processing in compliance with GDPR Art. 6 (1) a based on your given consent or Art 6(1) b if necessary for the performance of a contract or Art 6 (1) e or if processing necessary for the performance of a task carried out in the public interest or in exercise of official authority and for Art.6 par.(1)f legitimate interest for unlimited period of time (or until the consent is withdrawn), unless otherwise prescribed by applicable legal requirements and presuming that it is necessary for the purpose of processing.

Retention periods can vary significantly based on the type of information and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives and historical archiving.

If your consent is not provided to us onto data processing or it is withdrawn, we will store only minimum data about you (full name, contact details, our references and notes) for the statistics and reporting purposes or to the extent justified on another legal grounds such as our legitimate interests.

PERSONAL DATA AND WEBSITE SECURITY

We take appropriate steps such as various physical, electronic and managerial measures to safeguard and maintain the security of information and personal data collected, used or transferred via NATEK websites from loss, misuse, alteration or destruction.

We restrict access to your personal data in our database to these employees for whom it is necessary to know that information to provide services or benefits to you or perform their duties. Also, we train our employees about the importance of confidentiality and maintain the privacy and security of your information and general data protection.

If any personal data incident or leak occurs we are committed to do everything possible to eliminate it and to assess a level of risk connected with leak according to our Information Security Policy and Data Breach Policy. If it is found out that the leak may lead to physical, material or non-material damage for you we will contact you without any undue delay unless the law provides otherwise. All further steps will be taken in full cooperation with the local supervising authority.

Since the Internet is opened and unsecured system, please be aware that NATEK cannot be responsible for the security transmissions of the personal data over the Internet. You are responsible for keeping your username and password secret.

AMENDMENTS

This Privacy policy will be updated accordingly to any adopted change or update of procedures or policies related to personal data protection. We reserve the right to amend the Privacy Policy and terms of use at any time, for any reason, without notice to you, other than the posting of the amended documents at this website. Any changes will be posted on this page so that you are always aware of our policies.

QUESTIONS, CONCERN AND COMPLAINTS

If you have any questions regarding your personal information, or you have concerns or complaints regarding this topic, or you wish to update or correct your personal data, please feel free to contact us via email on DataProtectionOffice@natek.eu.

If you wish that we do not use the information you provided to us, please send us an email to: DataProtectionOffice@natek.eu.

COOKIES ON NATEK SITE

Cookies. Cookies are small files saved into your computer when you use a particular website, which has no memory with this technology being disabled. These pieces of information usually serve as a basis for the page maintenance in order to improve the user experience. Further, they assure that the site is functioning properly (e.g. an access to your NATEK account works smoothly). Remembering your language preferences, helping you fill out forms, learning you are logged in and subsequently adjusting the site accordingly are just some of the features cookies are essential for.

Types of cookies. Generally, there are two types of cookies webpages use – the session and the permanent type. The latter is saved directly into your device and for instance helps remember your login information or stops the page from logging you out after you close a tab or browser (it depends on your settings there as well). The other type is usually deleted after closing the window or browser and serves for the site to remember your movements, so that e.g. it gives you suggestions for terms you have already searched for during your visit.

Please note: Although most web browsers enable users to adjust the use of cookies, forbidding the webpage to use them may complicate your experience on the site. With your voluntary use of our webpage, it is assumed you are familiar with the cookie files being stored and give us your permission to use them for features such as those stated above.

THIRD PARTY WEBSITES

This website may include hyperlinks to and details of third party websites. We have no control over and we are not responsible for the privacy policies and practices of third parties. Upon linking to a third-party website, you shall inform yourself of the privacy and cookies policy of such third-party websites.

This privacy policy is effective as of 4th November 2022.