Recruitment Privacy Policy
4PSA pays a great attention to your privacy and such privacy is very important to us. 4PSA protects your personal information processed during our recruitment process and created this Privacy Policy ("Recruitment Privacy Policy") in order to demonstrate its firm commitment to privacy.
This Recruitment Privacy Policy describes what kind of Personal Data (as defined below) you need to provide when applying for a job opening on 4PSA Website (as defined below) or what kind of information we collect and process about you during our recruitment process.
This Recruitment Privacy Policy also describes how and the purpose for which 4PSA, as data controller within the meaning of the EU General Data Protection Regulation no. 2016/679 (the "GDPR") collects and processes your Personal Data.
The purpose of this Recruitment Privacy Policy is to establish the principles underlying the processing of personal data that you transmit to us or which we obtain about you. This Recruitment Privacy Policy also explains your rights and choices about how we use your Personal Data, how you can object to certain use of your Personal Data and how you can access and request us to update certain information about you.
1. Who we are
4PSA is the data controller responsible for the processing of your personal data as described in this Recruitment Privacy Policy – referred to as "4PSA", "we" or "us".
In this Privacy Policy, 4PSA means Rack-Soft S.R.L., a Romanian company with its principal place of business at 20-22 Bilciuresti Street, 2nd floor, Sector 1, Bucharest, 014012 Romania.
For the purpose of this Privacy Policy, Rack-Soft, Inc., a US based company with its principal place of business at 4250 Lancaster Pike, Suite 120, Wilmington, DE 19805 is a data processor of 4PSA, responsible for the hosting and administration of the 4PSA Website (as defined below) through which Personal Data of the applicants in the recruitment process are collected by 4PSA.
"Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"
4PSA Website" means
www.4PSA.com and
www.hubgets.com.
2. Contact us
If you have any questions about our Recruitment Privacy Policy or regarding any aspect related to your Personal Data collected and/or processed by 4PSA, please send us a notice, request, demand, consent and other communication in writing, either by registered letter or by e-mail, to the following contact information:
Rack-Soft SRL
20-22 Bilciuresti Str., 2nd floor, Sector 1, Bucharest, 014012 Romania,
phone: +40213130165
e-mail: hr@4psa.com and hr@hubgets.com
3. Collection of Your Personal Information. Types of Personal Data that we process
When you apply for an open position on the 4PSA Website or on the platforms we use to market our job openings, when you e-mail us your resume or when we search the right candidate for an open position, 4PSA collects and processes your Personal Data. Personal Data collected by 4PSA is described below in this Recruitment Privacy Policy.
We may collect and process your Personal Data in the following cases:
3.1 Direct application - 4PSA collects and processes your Personal Data when:
(i) you apply on our 4PSA Website; or
(ii) you e-mail us your resume at hr@4psa.com, jobs@4psa.com, hr@hubgets.com, jobs@hubgets.com; or
(iii) you apply on a job opening that we post on LinkedIn or any other platform that we use to market our job openings.
When you apply on the 4PSA Website, we collect and process the following Personal Data about you: your first name, your last name, your e-mail address, your phone number and your interest in the 4PSA job opening, including any Personal Data that you choose to provide us when answering to the question: "Why do you want to join 4PSA?"
When you e-mail us your resume, we collect and process all your Personal Data that are included in such resume and such data usually include your first name, your last name, your e-mail and phone number, your address, history of your job experience, studies and hobbies, as well as any personal data that you decide to include in your resume.
When you apply directly on any social network or platform that we use to market our job openings, we collect and process the following Personal Data about you: first name, your last name, your e-mail and/or your phone number, your expertise, your job history, your resume and any Personal Data included in such resume.
The legal basis for processing in this case is your consent, which you will expressly give when accessing the 4PSA Website or when you apply for a job opening.
3.2. In our hunting process when we search for candidates, we collect and process Personal Data about you from several sourcing platforms, where candidates post their interest in a job or where candidates make their profile public or accessible to third parties. We collect and process your name, your job history, your experience, your profile picture, as well as any other data included in your resume or associated with your profile when we search for candidates who match our profile. If we decide to include you among the selected candidates, we will access and process your Personal Data regarding your profile and included in your resume (such as name, contact details, your current job title and job history, your experience, as well as any other data included in your resume details).
The legal basis for processing in this case is 4PSA legitimate interest for carrying out the recruitment process and filling the job openings, in order to enable us to unfold our activity.
3.3 In our testing and selection of candidates process - if we decide, further to your direct application or further to our hunting process, that you are suitable for one of our job openings, we will invite you to pass through our recruiting process, which will involve:
(i) taking an online technical test or a practical test (graphic design/marketing, content writing, product management) in a third-party provider platform, such as CodeSignal or any other skill testing platform notified to you by 4PSA – in such a case, we collect and process the following Personal Data about you: your name, your phone number, your e-mail, the scoring and results of your tests, as well as any Personal Data you voluntary decide to associate with your account in the third-party platform. The Personal Data you fill in in the third-party platform will be processed in accordance with the Privacy Policy of that platform;
(ii) having the HR interview, the technical interview(s) and the interview with 4PSA CEO - in such a case, in addition to the Personal Data mentioned in paragraph (i) above, we collect and process the Personal Data that you disclose us in these interviews and the results of such interviews;
(iii) taking the personality test - in such a case, we collect and process information regarding your type of personality traits.
The legal basis for processing in this case is 4PSA legitimate interest for carrying out the recruitment process and filling the job openings, in order to enable us to unfold our activity and to confirm the appropriate candidates, except for the Personal Data resulted from your personality test taken by 4SPA or through a third party provider, which will be processed based on your consent that will be expressly required when taking the test.
3.4 When you access and use the 4PSA Website - in such a case, we do not collect any Personal Data, except for your IP address. In this situation, 4PSA will collect only the following metadata that results from your usage: referral page, date and time of access, data volume transmitted, status of transmission, type of web browser, operating system and interface, language and version of browser software.
Your IP address will be used to enable your access to our 4PSA Website.
The metadata, including the IP address, will be used to improve the quality and services of our 4PSA Website by analysing the usage behaviour of our users.
The legal basis for processing in this case is your consent, which will be specifically requested to you when accessing the 4PSA Website.
4. Use of Personal Data - The Purposes of the Processing
4PSA collects your Personal Data for recruiting purposes, in order to find the right candidate for a job opening or in order to assess whether you are matching our job openings when you apply for such.
All the Personal Data that we collect in relation to our recruitment process and in accordance with this Recruitment Privacy Policy will be exclusively used for such recruitment purposes unless you are otherwise informed and/or your consent is being asked.
5. Legal Basis for Processing
We collect and process your Personal Data only where we have legal basis for such processing in accordance with the GDPR. The legal basis that 4PSA relies on when processing your Personal Data depends on the type of the processing, namely:
The processing is necessary for the purposes of a
legitimate interests pursued by us or by a third-party - we rely on this legal basis when processing your Personal Data for the purpose of carrying out our recruitment process and filling the job openings, in order to enable us to carry out our activity;
You have given
your consent to the processing of your Personal Data for one or more specific purposes - we rely on this legal basis when we require you to take the technical and/or personality test mentioned at Section 3.3. paragraph (iii);
The processing is necessary
prior to entering a contract - we rely on this legal basis when we collect and process your Personal Data required for entering into an employment contract with you, if we decide, further to the recruiting process, that you are fit for a certain job opening.
If the legal basis for the processing is your consent, you have the right to withdraw at any time your consent to the processing, without this affecting the lawfulness of previous processing under your consent, until the date of your withdrawal.
6. Sharing and Disclosure of your Personal Data with Recipients other than the Company
4PSA will not share your Personal Data with third-parties without your permission, other than for the limited exceptions listed in this Recruitment Privacy Policy. Personal Data will only be used for the purposes stated herein.
4PSA may share your Personal Data in the following situations:
To 4PSA third-party contractors and intra-group companies, who act as data processors of 4PSA, including to Rack-Soft, Inc., provided that they will be bound at least by 4PSA's obligations under this Recruitment Privacy Policy and based on a data controller - data processor agreement executed with such (Standard Contractual Clauses). These 4PSA third-party contractors may include, but are not limited to, our data processors employed to process your Personal Data on our behalf and based on our instructions, infrastructure providers, website hosting companies, software providers, providers of skills and technical abilities testing platform, and other third-parties contractors acting on our behalf or providing services for 4PSA, under contractual provisions and strict confidentiality obligations.
We request those external service providers to implement and apply security safeguards, as well as appropriate technical and organizational measures to ensure the privacy and security of your Personal Data. In addition, any service provider that would process your Personal Data as data processors of 4PSA, would act based on a contract executed with 4PSA that complies with the provisions of the GDPR, the UK The Data Protection Act and/or the Swiss Federal Data Protection Act (revFADP), as applicable and such service provider would be EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and/or Swiss-U.S. DPF certified or would be bound by the data controller – data processor or data – controller – data controller agreements executed between the parties, which comply with the GDPR requirements (Standard Contractual Clauses).
To comply with applicable law, regulations or a legal request, such as when necessary to protect the life, safety, rights, or property of the public, of any person, or of 4PSA, or to prevent, detect or otherwise address fraud, security or technical issues.
4PSA may transfer - in compliance with applicable data protection law - Personal Data in response to lawful requests by public authorities such as
law enforcement agencies, governmental authorities, legal counsels, or external consultants, including to meet national security or law enforcement requirements. In case 4PSA receives a request to disclose your Personal Data to a law enforcement officer or to other third-party, to the extent permitted by law, 4PSA will provide you with a prior notice as and if allowed.
7. Period of Processing Your Personal Data
Your Personal Data will be stored and processed only for the time necessary to fulfil the purposes for which the data was collected.
If you will be declared eligible to execute an employment contract with 4PSA, 4PSA will store and process your Personal Data to the extent necessary to conclude the contract with you, until the employment contract is concluded.
If an employment contract is executed with you, 4PSA will continue to process only such Personal Data that are required in relation with and for the execution and performance of your employment contract, and for the entire duration of your employment contract, as well as after its termination, for the period provided by law. The processing in such case will be necessary for the performance of the contract to which you are or were a party.
If you will not be selected during the recruitment process to become an employee of 4PSA, your Personal Data collected and processed by 4PSA in the context of the recruitment process will be stored by 4PSA for a period of two (2) years as of the date they have been collected, in view of a future potential recruitment. After such period, your Personal Data will be deleted. Personal Data that have been provided by you to a third-party provider during the recruitment process will be subject to the Privacy Policy of that third-party provider.
If we determine that a candidate is unlikely to be qualified for future roles or is no longer relevant, we will immediately delete his/her Personal Data.
8. Your rights in relation to Your Personal Data
You have the following rights with respect to your Personal Data, in accordance with the GDPR:
(i) to request access to your Personal Data, to obtain confirmation as to whether or not your Personal Data is being processed by 4PSA and to obtain a copy of your Personal Data that is being processed. 4PSA provides you with means to ensure that Your Personal Data is correct and up-to-date. You can access your Personal Data by contacting us using the details provided in Section 2 of this Recruitment Privacy Policy "Contacts us";
(ii) to request rectification of your Personal Data;
(iii) to request erasure of your Personal Data: (a) if your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) if you withdraw your consent for processing, if this was the legal base for processing and where there is no other legal ground for the processing; (c) if you object to the processing and there are no overriding legitimate grounds for the processing, or if you object to a processing for marketing purposes or profiling; (d) if your Personal Data have been unlawfully processed; and/or (e) if your Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which 4PSA is subject.
(iv) to request restriction of processing of your Personal Data, if you contest the accuracy of your Personal Data, for the period enabling us to verify the accuracy of your Personal Data, if the processing is unlawful and you oppose to the erasure of your Personal Data and requests the restriction of its use instead, if 4PSA no longer needs your Personal Data, but such are required by you for the establishment, exercise or defense of legal claims, or if you objected to processing pending the verification whether the legitimate grounds of 4PSA override your legitimate rights;
(v) to request data portability to another data controller, if you have provided your Personal Data in a structured, commonly used and machine-readable format and this has been processed by 4PSA based on your consent or based on a contract executed with you;
(vi) to object to the processing of your Personal Data (including objection to profiling) if 4PSA processes your Personal Data based on legitimate interest;
(vii) to object to being subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you, or similarly significantly affects you and;
(viii) the right to lodge a complaint with a supervisory authority.
If you have declared your consent regarding certain collecting, processing and use of your Personal Data, you can revoke this consent at any time with future effect.
Your request to exercise your rights above may be limited in certain situations generated by the fact that, for example, your request would reveal information about another person, or in case you ask us to delete information which we have a legitimate interest for keeping and further processing.
To exercise your rights stated above, please contact us using the contact details, as stated under Section 2 "Contact us" of this Recruitment Privacy Policy.
9. Security of Your Personal Data
4PSA takes security very seriously and has implemented security measures to protect your Personal Data. We have implemented the technical and organizational measures required by GDPR to ensure the security of your Personal Data. These measures include technical and procedural steps to protect your Personal Data from misuse, unauthorized access or disclosure, loss, alteration, or destruction.
4PSA stores your Personal Data in computer servers with limited access that are located in controlled facilities which may be accessed with individual access card only. The PC of the employees having access to Personal Data are locked with passwords. The 4PSA employees having access to your Personal Data are bound by strict confidentiality obligations and have been duly trained to act in accordance with the GDPR.
10. International Transfer of Personal Data
The Personal Data that we collect or receive about you during our recruitment process may be transferred to and processed by recipients which are located inside or outside the European Economic Area ("EEA").
4PSA Website is hosted in U.S., therefore, your Personal Data submitted via the 4PSA Website are transferred to U.S. Our data processors are EU-U.S. Data Privacy Framework ("DPF") certified and apply the DPF principles.
4PSA may transfer Your Personal Data only to countries which provide an adequate level of data protection from a European data protection law perspective, as determined on the basis of an adequacy decision issued by the Commission. These countries are listed
here.
Other recipients might be located in other countries which were not recognized as offering an adequate level of protection from a European data protection law perspective, but in such a case 4PSA will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection the transfer is made based on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved code of conducts together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient.
With respect to Personal Information transferred from the EU, UK, or Switzerland to the U.S., please note the following:
4PSA complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. 4PSA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. 4PSA has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit
this website.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, 4PSA commits to resolve DPF Principles-related complaints about our collection and use of Your Personal Information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact 4PSA at:
Rack-Soft, Inc. 4250 Lancaster Pike, Suite 120, Wilmington, DE 19805In
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, 4PSA commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. The Federal Trade Commission has jurisdiction over 4PSA's compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Under certain conditions, you may have the the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Please see Annex I to the DPF Principles for additional information
here.
The DPF Principles also describe our obligations with respect to Personal Information that we transfer to third parties as described elsewhere in this Policy. We remain responsible and liable as provided in the DPF Principles if the third party processes the Personal Information in a manner that is not consistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.
11. Use of Cookies
When You visit the 4PSA Website, a cookie is placed on your machine (if You accept cookies) or is read if you have visited the 4PSA Website previously. While we do not offer an opt-out on the site for cookies, browsers provide you with information and control over cookies.
For more information about cookies used by 4PSA Website, please see our Privacy Policy available
here.
