Privacy Notice

1. Data Controller

The controller responsible for the processing of your personal data (the “Controller”) is a legal entity established under the laws of the Republic of Cyprus. Further details regarding the identity and contact information of the Controller may be provided upon request or during the application or onboarding process.

2. Purpose of Collection

  1. When you submit your personal data in response to a vacancy published on this website, the data is processed in accordance with Article 6(1)(b) of the GDPR for the purpose of assessing your suitability for the position and making necessary arrangements prior to entering into an agreement with you.
  2. If no agreement is concluded, data may continue to be processed in accordance with Article 6(1)(f) GDPR for the legitimate interests described under the “Data Retention” section below.

 

3. Legal Basis for Processing

Processing of personal data is based on:

  • Article 6(1)(b) GDPR – performance or initiation of a contract.
  • Article 6(1)(f) GDPR – legitimate interests, where applicable.

4. Categories of Data Processed

The personal data processed may include, but is not limited to:

  • Identification and contact information (e.g., name, email, phone number, social media/messaging handles, location).
  • Demographic and legal work eligibility (e.g., date of birth, nationality, residency/work permit status, passport information).
  • Educational and professional background (e.g., resume, certificates, cover letter, references).
  • Employment history (e.g., job titles, employers, durations).
  • Skills, qualifications, and other materials relevant to the vacancy.

5. Data Recipients

Your data may be accessed by designated personnel and contractors engaged in the recruitment or assessment process. These individuals are bound by confidentiality obligations and required to adhere to data protection policies and the applicable legal framework.

6. Data Retention Period

  1. For data processed under Article 6(1)(b) GDPR:
    • If no agreement is reached, data will be retained for up to three (3) months from submission or until rejection is communicated.
    • If an agreement is concluded, data will be retained until the agreement expires or is terminated.
  2. For data processed under Article 6(1)(f) GDPR:
    • Data may be retained for up to three (3) years from the date of rejection or termination of the agreement, as applicable.

7. Data Retention Justification

  1. Data may be retained for:
    • Consideration for future roles, unless you instruct otherwise.
    • Exercising or defending legal claims related to the recruitment process or any agreement entered into.
  2. Complete deletion may not be feasible under clause 7(1)(b), where data is necessary for legal defense or compliance.
  3. If deletion is requested due to unwillingness to be contacted regarding future roles, access will be restricted to personnel reasonably required to retain data for legal purposes only.

8. Data Storage Location

  1. Personal data is stored at the business establishment of the Controller.
  2. Additional secure storage may be provided through third-party hosting or cloud services within the European Union. Access is governed by both technical safeguards and internal data protection policies.

9. Your Rights

Subject to the limitations set out in clause 7(3), you have the right to:

  • Request rectification or erasure of your data;
  • Object to data processing;
  • Lodge a complaint with the competent supervisory authority.

10. Supervisory Authority Contact

Office of the Commissioner for Personal Data Protection
Address: Kyprianou 15, 1061 Nicosia, Cyprus
Postal: P.O. Box 23378, 1682 Nicosia
Phone: +357 22818456
Fax: +357 22304565
Email: [email protected]

Back to homepage →