Data Protection Privacy Policy of “BE GLOBAL” Ltd.

INTRODUCTION

1. This Privacy Policy provides a framework for understanding the personal data collected and processed by “BE GLOBAL” Ltd., as a Data Controller, as required by law, including the provisions of the General Data Protection Regulation (GDPR) of the European Union.
   
2. WHO WE ARE AND HOW TO CONTACT US
   We, “BE GLOBAL” Ltd., act as the Data Controller with respect to your personal data and process it in accordance with applicable laws. Our main activity is in the field of EMPLOYMENT. Due to the specific nature of our services, we have developed separate policies, published below on this page under the titles “Privacy Policy for Employment Mediation and Recruitment” and “Privacy Policy for Temporary Employment Workers/Employees.”
   Please familiarize yourself with these policies if you use our employment services.
   If you have any questions about any of our policies or your personal data, feel free to contact us.

    

Contact Details:
“BE GLOBAL” Ltd., Company ID: 205255786, registered office and address: Sofia, Mladost District, Mladost 4 Residential Complex, Business Park Sofia, Building 14, 3rd Floor.
You can reach us at the above address.
We have appointed a Data Protection Officer (DPO). Contact details:  [email protected]

It is important that the information we have about you is accurate and up-to-date. Please notify us of any changes or if you notice errors.

1. WHAT DATA WE PROCESS, FOR WHAT PURPOSE, AND ON WHAT BASIS
   We process personal data for specific purposes and on corresponding legal grounds, depending on your relationship with us

    

3.1 When You Are a Visitor or User of Our Website www.beglobal.bg

1. A) Automatically Collected Information:
   You can access the website without providing personal data. However, certain information is automatically processed, such as log files, cookies, and website analytics via Google Analytics.
2. B) Social Media Plugins or Buttons:
   We use social media plugins (e.g., Facebook, Twitter, LinkedIn) to enhance website functionality and promote our services. These buttons are links to third-party sites that may collect and process personal data according to their policies. We are not responsible for these practices, and we recommend reviewing their privacy policies.

B.1 Information on Google Analytics:
To improve our website, we use Google Analytics, a service by Google Inc., which uses cookies to analyze website usage. Information generated by these cookies is anonymized in the EU or EEA before being transmitted to Google servers in the USA. For more details, visit: Google Analytics Terms and Privacy Policy.

1. C) Links to Other Websites:
   Our website may contain links to third-party websites. Please review their privacy policies to understand how your data will be processed.
2. D) Personal Data You Provide:
   When using contact forms or other services on the website, we process the data you provide for the specific purpose you intend. Mandatory fields collect only the minimum necessary information.
3. E) Sensitive Data:
   We do not collect sensitive personal data, such as race, ethnicity, political views, health information, etc. Please avoid providing such data unnecessarily.
4. F) Combining Information:
   We may combine data collected via the website with information obtained from other channels (e.g., email, phone) or public sources, but only for the purposes previously communicated to you.

3.2. If You Visit Our Office

In this case, we will ask you to identify yourself and provide basic information about yourself (your name and the organization you work for or represent). We may also record the day and sometimes the specific time of your visit, as well as details about the people you met with. We will use this information based on our legitimate interest in controlling access to our office and ensuring security, as well as for internal reporting and monitoring of the activities of our employees with whom you meet.

3.3. If You Participate in Our Event (Conference, Presentation, Cocktail, Charity Action, etc.)

We will collect the necessary information for your registration and participation. Occasionally, we may ask for your preferences to make the event more enjoyable or useful for you. Some events may be recorded with cameras or photographed, and we may use relevant footage or images, as well as information about your participation, to promote the event in media, on our website, in presentations, or elsewhere. If this concerns you, you can notify us in advance that you do not wish us to publish information or images of you. We will also retain basic information about you to occasionally contact you and send information about similar future events. Additionally, we may request your feedback on how you evaluated the event. You always have the right to object to this use of your data, as described below in connection with your rights.

3.4 When You Participate in Promotional Campaigns

We process the data you provide for participation in campaigns, e.g., via social media.

3.5 When You Interact with Us on Social Media
If you have “liked” or “followed” our profile on a social network, according to the practices of the respective network, you will see messages, advertisements, or materials we publish on our page. If you send us an inquiry through the respective page or, for example, comment on one of our posts, we may use the functionalities of the same network to respond to you. If you have requested to be contacted through another means (e.g., by providing your phone number), we will comply with your preference, based on our legitimate interest in responding to your inquiry.

3.6. If You Participate in Our Training Programs
We will collect the necessary information to register you. We will process information regarding your participation, performance, and any examinations (if applicable).
We will also retain basic information about you to occasionally contact you and share information about similar training programs. We may ask for your feedback on how you evaluate the training. You always have the right to object to this use of your data, as described below in connection with your rights.

3.7. If You Are a Business Contact
This means that you represent an organization that is our partner, client, or supplier, or you are an employee of such an organization. To maintain our business relationship with the organization, we may need information about you, such as your name, phone number, email, Skype contact, business card, and information about your position within the organization.

We may also process:

• Written, electronic, or other correspondence with you.
  
• Data included in documentation related to our relationship with the organization, such as your signatures, statements, or behavior descriptions.
  
• Any other information necessary for maintaining business relations with the organization.

   

3.8. If You Are a Potential Business Contact
This means you represent an organization that could become our partner, client, or supplier, or you are an employee of such an organization. We may obtain your information from professional public registries, mutual business contacts who recommended you, or events and meetings where you shared your business card or contact information.
In such cases, we will assess the purpose and basis for using your contact data. We will consider the context and your reasonable expectations regarding how we use your personal data. If we determine a legitimate interest to contact you (e.g., to request a quote, propose a partnership, or offer a product/service), you always have the right to object to such use of your data, as described below regarding your rights.
In some cases, we may request your consent, which you can always refuse.

3.9. If You Apply for a Job with Us
This means you have expressed interest in becoming our employee by entering into an employment contract with us. This may occur in two scenarios:

1. When you apply for a specific position we have advertised and submit your CV and/or cover letter.
   
2. When you send your CV and/or cover letter unsolicited, to be contacted for a suitable vacancy.

    

To evaluate your application, we will review the information you provide. If we definitively determine that you are unsuitable, we will delete your personal data within one week of making this decision, but no later than two months after the application deadline for the position.

If you applied for a specific position but are not selected, and we wish to retain your information for future opportunities, we will contact you to seek your consent. If you apply without targeting a specific position, we will assume you are generally interested in our organization. Based on this, we may retain your information to offer job opportunities in the future, relying on our legitimate interest in recruiting interested candidates.

We will retain your information for the duration you specify or, if unspecified, for up to three years. During the recruitment process, we may also collect additional information, such as feedback from interviews, tests, and references. If we determine you are unsuitable, we will delete your data.

Please avoid providing unnecessary information not relevant to your job application.

3.10. Other Purposes for Processing Your Personal Data
In addition to the purposes described above, we may process your data for:

• Administration of our operations, including internal reporting and analysis—our legitimate interest.
  
• Prevention of fraud and other unlawful activities—our legitimate interest.
  
• Establishing and defending legal claims—our legitimate interest.
  
• Fulfillment of our contractual obligations, even when you are not a party to the contract—our legitimate interest.
  
• Evaluating and improving the efficiency of our services—our legitimate interest.
  
• Meeting our obligations under a contract you are party to.
  
• Complying with legal obligations, such as accounting or tax requirements.

   

3.11. Legal Basis for Processing Your Data
All processing is based on appropriate legal grounds, which may include:

• Your explicit consent: when required by applicable law, given freely, specifically, and informedly, expressing your willingness to allow processing for a specific purpose.
  
• Compliance with legal, pre-contractual, or contractual obligations: for example, ensuring salaries and taxes are processed correctly.
  
• Legitimate interest: when essential and necessary for the data controller, such as granting access to a website to provide services. We ensure that your interests, fundamental rights, and freedoms do not override these interests.
• Contractual necessity: for actions taken before or during the performance of a contract between us. We will process only the data necessary for this purpose.
  

 

CAN YOU REFUSE TO PROVIDE YOUR PERSONAL DATA?
You are required to provide us with your personal data if you have a contractual or legal obligation to do so. If you fail to provide such data upon request, we may not be able to enter into or perform a contract with you, or achieve certain other objectives. In any such case, we will inform you accordingly.

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
   We may need to share your personal data with the parties listed below:

4.1. Within our group of affiliated companies, where applicable – based on our legitimate interest to manage and account for our business activities.

4.2. Service providers processing personal data – such as hosting companies, IT service providers, system administrators, couriers, and mobile operators. Contracts with these providers ensure the security of your data.

4.3. Other data controllers providing relevant services – including banks, auditors, lawyers, professional consultants, insurers, and event organizers, when necessary to meet our legitimate interest in obtaining such services.
4.4. Public authorities requiring disclosure of processing activities.
4.5. Third parties involved in business transactions – to whom we sell, transfer, or merge parts of our business or assets, based on their legitimate interest in analyzing our business and completing the relevant transaction.

• 1. INTERNATIONAL DATA TRANSFERS
     

5.1. Your personal data is typically processed within the European Union (EU) or the European Economic Area (EEA) and only rarely transferred to other countries (“third countries”).
5.2. If data transfers to a third country are necessary, we ensure the required level of data protection before such transfer. This may be based on a decision by the European Commission regarding the adequacy of data protection in a third country. Alternatively, transfers may be based on EU Standard Contractual Clauses or, for recipients in the U.S., the EU-U.S. Data Privacy Framework. Additional information about such safeguards can be provided upon request.

6. INFORMATION SECURITY

We have implemented security measures to prevent accidental loss, unauthorized access, alteration, or disclosure of your personal data. Access to personal data is restricted to employees and partners with a specific business need.

7. DATA RETENTION PERIOD
   We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, tax, or reporting requirements.

• For tax purposes, we are required by law to retain key information (e.g., contact, identity, financial, and transaction data) for five years (plus the current year) after the relevant relationship ends.
  
• In other cases, we comply with statutory limitation periods for claims, based on our legitimate interest.
  
• We may anonymize personal data for research, statistical, or other purposes, allowing indefinite use without further notice to you.

   

8. YOUR RIGHTS

8.1. Under applicable law, you may exercise the following rights (as per Articles 15–22 of the GDPR):
8.1.1. Right of access – Request a copy of your personal data and verify its lawful processing.

8.1.2. Right of correction – Request corrections or updates to incomplete or inaccurate data.

8.1.3. Right of erasure – Request deletion of your data if there is no legitimate reason for its continued processing.

8.1.4. Right to object – Object to processing based on legitimate interest or direct marketing purposes, including profiling.

8.1.5. Right to restrict processing – Request a pause in data processing, for example, to verify data accuracy.

8.1.6. Right to data portability – Request the transfer of your data to another controller in a structured format.

8.1.7. Right to withdraw consent – If data processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

8.1.8. Right to opt out of automated decision-making – Request not to be subject to decisions based solely on automated processing if it significantly affects you.

8.2. Exercising your rights:
To exercise your rights or learn more about them, contact us via email at [email protected] or send a letter to our physical address provided in Section 3.

No fee is charged for accessing your data or exercising your rights unless the request is excessive, repetitive, or unfounded. We may require verification of your identity to protect your data from unauthorized access.

We aim to respond to all legitimate requests within one month, but delays may occur. In such cases, you will be informed.

1. Privacy Policy – Mediation for Employment and Recruitment Services
2. Introduction

This Policy explains how we collect and process your personal data in connection with our employment mediation, recruitment services, and related activities (referred to collectively as “services” or “our services”).

1.1. What are employment mediation services?

Employment mediation includes the provision of intermediary services, individually or collectively, such as:

• Informing and/or advising job seekers and employers;
  
• Psychological support for job seekers;
  
• Referral for adult education;
  
• Guidance and assistance in starting work, including relocation within the country or abroad.

   

This involves assisting job seekers and employers offering positions to facilitate the signing of employment contracts.

1.2. What is recruitment?

Recruitment is a service we provide to employers with whom we have contracts. It involves evaluating whether candidates meet the employer’s requirements for a specific position.

2. Your Responsibilities:

• Familiarize yourself with this Policy.
  
• If you are already a client, review the terms of our agreements related to personal data processing.
  
• Pay attention to additional information and conditions communicated at different stages of our interaction.
  
• By providing your data, you ensure its accuracy and that it pertains to you, not another person.

   

3. Who is responsible for processing your personal data?

3.1. Our Responsibility

Our services aim to connect you with employers seeking employees. When your data is shared with an employer through us, they also become responsible for your data as a Data Controller. You can contact the employer directly regarding your personal data, or reach out to us for assistance during the application process.

4. What data do we process, for what purpose, and on what basis?

4.1. Initial information for job applications

When you respond to a job advertisement we publish, you provide initial information, usually in the form of a CV, which includes:

• 
  Identifying details: Name, age.
  
• Contact information: Address, email, phone.
  
• Education and qualifications: Type, degree, specialization, duration.
  
• Language proficiency and skills: Language, level, computer skills, etc.
  
• Work experience: Past activities relevant to the position.
  
• Motivational information: Details from a cover letter, if required.

   

This information is used to pre-screen candidates for suitability based on the employer’s requirements. If you qualify, we may offer you a mediation agreement to connect you with the employer.

4.1.1. Next Steps

(a) If you are not suitable for a position or the position is closed, your data will not be shared with the employer. However, we may retain your data for up to 24 months to match you with similar positions, based on our legitimate interest to connect suitable candidates with employers.

If you object to this, you can request the deletion of your data at any time.

(b) If your profile matches the position, we will invite you for an interview or directly connect you with the employer. A mediation agreement will be required to proceed further.

4.2. Data submitted without applying for a specific position

In such cases, we will include your data in our database to look for positions matching your profile, based on our legitimate interest to provide mediation services.

4.3. Information received from third parties

If we receive your data from someone else, we will:
(a) Delete the data if it was shared by mistake.
(b) Contact you to confirm your interest in our services and offer a mediation agreement.

4.4. Providing our mediation services

We require a mediation agreement to provide our services, which entails processing your personal data in compliance with legal requirements.

4.5. Legitimate Interests

We may process your data for legitimate interests such as:

• Business development as a mediator.
  
• Administration and reporting of activities.
  
• Communication with you.
  
• Protection of our legal rights.

   

4.6. Legal Obligations

We may process your data to comply with legal obligations, such as accounting or employment promotion laws.

4.7. Your Profile

To provide personalized services, we may create a profile based on your qualifications and preferences, and share relevant information with employers.

4.8. Your Consent

In some cases, we process your data based on your explicit consent, such as for health-related data required for certain positions. You can withdraw your consent at any time.

4.9. Special Categories of Data

We generally avoid processing sensitive data (e.g., health or political beliefs) but may require it for specific services, with your explicit consent.

4.10. Obligation to Provide Data

Failure to provide required data may result in our inability to offer certain services or complete agreements.

4.11. Use of Data for Compatible Purposes

We only use your data for the purposes collected or for compatible purposes.

4.12. Use of Data Without Consent

We may process your data without consent if required or permitted by law.

4.13. Unsolicited Information

Please avoid sharing unnecessary or irrelevant data.

5. Marketing Communications

The legal basis for processing your personal data when we send you marketing messages is your consent or our legitimate interests (namely, to grow our business as an employment intermediary). These messages may include information about our seminars, events, training sessions, and more.
Before sharing your personal data with any third party for their marketing purposes, we will seek your consent.

5.1. How to Opt-Out of Our Marketing Communications

You can opt out of receiving marketing messages by following the unsubscribe links in any marketing message sent to you or by emailing us at [email protected] at any time.
If you opt out of receiving marketing messages, this opt-out does not apply to personal data provided for other legal grounds (e.g., in relation to a legal obligation or contractual agreement with us).

6. How We Collect Your Personal Data

We primarily obtain data directly from you. However, we may also receive data from other sources, such as your employer, if you have attended an interview or been hired through our services. In some cases, we may collect information about you from public sources or your online profiles (e.g., LinkedIn), provided that our legitimate interest (to accurately assess your suitability as a user of our intermediary services) does not override your interests, fundamental rights, and freedoms.

7. Sharing Your Personal Data with Others

7.1. Employers

To fulfill our intermediary agreement with you and the employer, we will share your data, including your profile details, with the employer offering the relevant position. This may be a position you have applied for or one deemed suitable for you if you are seeking employment through us generally.
Before sharing your personal data with an employer not explicitly identified at the time of your application for a specific position, we will provide you with identifying information about them unless you have explicitly authorized us in writing to share your data with all employers we deem appropriate.

7.2. Other Parties

Beyond potential employers, we may share your personal data with:

• 7.2.1. Within Our Group of Companies: If applicable, based on our legitimate interest in managing and reporting on our activities.
  
• 7.2.2. Service Providers (Data Processors): Such as hosting companies, IT service providers, system administrators, couriers, and mobile operators. We enter contracts with these providers to ensure the security of your data.
  
• 7.2.3. Other Data Controllers: Including banks, auditors, lawyers, consultants, insurers, and event organizers, when necessary to serve our legitimate interest in obtaining specific services.
  
• 7.2.4. Public Authorities: Such as the Employment Agency and Labor Inspectorate, as required by their regulatory authority over our employment intermediary activities.
  
• 7.2.5. Third Parties in Business Transactions: If we sell, transfer, or merge parts of our business or assets, your data may be shared to support the analysis or execution of such transactions.

   

8. International Data Transfers

Personal data is typically processed within the European Union or the European Economic Area, and we do not intend to transfer personal data to other countries (“third countries”).

8.1. Data Transfers to a “Third Country”

If we transfer your personal data to a third country, we ensure that an adequate level of data protection is guaranteed. This may be based on a European Commission decision regarding the adequacy of data protection in the third country. Alternatively, transfers may rely on EU Standard Contractual Clauses agreed with the recipient, or, for recipients in the USA, compliance with the EU-US Privacy Shield Program.
Additional information about safeguards to ensure adequate data protection can be provided upon request.

9. Data Security

We have implemented security measures to prevent accidental loss, unauthorized use, alteration, disclosure, or access to your personal data. Access is granted only to employees and partners who have a business need to know and who process your data under our instructions, maintaining its confidentiality.

10. Data Retention Period

We will retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including to meet legal, accounting, tax, or reporting requirements.
When determining the retention period, we consider the volume, nature, and sensitivity of the data, potential risks from unauthorized use or disclosure, processing purposes, and whether these can be achieved through other means, alongside legal requirements.
In some cases, we may anonymize your personal data for research or statistical purposes, in which case the information may be used indefinitely without further notice to you.

YOUR RIGHTS
11.1. Under certain circumstances, you have the following rights by law:

11.1.1. Request access to your personal data (commonly referred to as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and check that we are processing it lawfully.

11.1.2. Request correction of the personal data we hold about you. This enables you to correct and update any incomplete or inaccurate information we have about you.

11.1.3. Object to the processing of your personal data when we rely on our legitimate interest (or that of a third party) and there are grounds related to your particular situation. You also have the right to object to the processing of your personal data for direct marketing purposes, including profiling.

11.1.4. Request the deletion of your personal data. This means you can ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to request the deletion or removal of your personal data if you have exercised your right to object to processing.

11.1.5. Request the restriction of processing of your personal data. This allows you to pause the processing of your personal data, for example, if you want us to establish its accuracy or the reason for processing it.

11.1.6. Request the transfer of your personal data to another party (data portability).

11.1.7. Withdraw your consent. If we process personal data based on your consent or explicit consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of the processing carried out before the withdrawal.

11.2. Exercising Your Rights
If you wish to exercise any of the rights listed above or obtain more information about them, please email us at [email protected] or send a letter to our physical address specified in section 3.
There will be no charge for accessing your personal data (or for exercising any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive, or excessive, or we may refuse to comply with your request under these circumstances.

We may need specific information from you to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This security measure ensures that personal data is not disclosed to anyone who has no right to receive it. We may also contact you to request further information in relation to your request to speed up our response.

We aim to respond to all legitimate requests within one month. Occasionally, it may take us longer, in which case we will notify you.

12. YOUR RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
    If you are dissatisfied with any aspect of how we collect and use your data, you have the right to lodge a complaint with the relevant Supervisory Authority. The Commission for Personal Data Protection is the Supervisory Authority in the Republic of Bulgaria as defined by the Personal Data Protection Act:

Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., Information and Contact Center – Tel. 02/91-53-518.
Email: [email protected]
Website: www.cpdp.bg

We would appreciate it if you contact us first in case of a complaint so that we may assist you.

13. CHANGES TO THIS POLICY
    We reserve the right to modify and update this Policy. Such changes will be published on our website www.beglobal.bg If these changes are substantial, we will notify you additionally via email or another appropriate contact method.

III. Personal Data Protection Policy for Temporary Workers

DATA PROTECTION PRINCIPLES
We are committed to complying with personal data protection legislation, including the six principles of GDPR:

1. Process personal data lawfully, fairly, and transparently.
   
2. Collect personal data only for specified, explicit, and legitimate purposes, informing you of these purposes and not using the data for incompatible purposes unless legally justified.
   
3. Process personal data only to the extent necessary to achieve the informed purposes.
   
4. Keep your personal data accurate and up-to-date, with your cooperation.
   
5. Retain personal data only as long as necessary for the purposes communicated to you.
   
6. Ensure the security of your data.

    

RESPONSIBILITIES OF THE USER ENTERPRISE
As a company providing temporary work, we enter into an employment contract with you under which we assign you to work under the direction and control of a User Enterprise. In such cases, your personal data is processed by both us and the User Enterprise, which is also responsible for your data as a Data Controller. For any questions regarding data processing, you may contact us or the User Enterprise.

PERSONAL DATA WE PROCESS
“Personal data” refers to any information identifying an individual or related to an identifiable person. Anonymous information is not considered personal data. Certain “special categories” of sensitive personal data require a higher level of protection, such as your ethnic origin or trade union membership.

We collect, store, and use personal data about you in relation to your daily interaction with the User Enterprise. Such data includes:

• Name, title, address, phone numbers, and personal email addresses.
  
• Date of birth and personal identification number (or equivalent for foreign nationals).
  
• Gender.
  
• Marital status and dependent information (e.g., children).
  
• Emergency contact details.
  
• Bank account details, salary payment records, tax status information.
  
• Employment-related information such as start date, employment period, and termination details.
  
• Workplace location and job role details.
  
• Employment application details, including resumes, cover letters, and work permits.
  
• Education and qualification records.
  
• Participation in training, team-building, or work-related events.
  
• Job performance information.
  
• Disciplinary and grievance records.
  
• CCTV recordings and access control system data (if applicable).
  
• Garnishment of wages and related information.
  
• Photographs.
  
• Other work-related information provided by the User Enterprise.

   

We may also process the following special categories of personal data:

• Trade union membership.
  
• Health information, including medical records and certificates.
  
• Information on your criminal record.

   

HOW WE COLLECT PERSONAL DATA
We collect personal data about you during the recruitment process, for example, directly from you or from the end user company. We may sometimes collect additional information from professional websites, such as LinkedIn.
During the term of the contract, we receive personal data from: you, the end user company, and third parties, such as clients of the end user company with whom you are in contact.

HOW WE USE YOUR PERSONAL DATA
We will process your personal data only if we have a legal basis for doing so. Most often, we will use your personal data in the following circumstances:

1. When it is necessary to perform the temporary work contract entered into between us or another contract entered into between us.
   
2. When we need to comply with a legal obligation.
   
3. When necessary for our legitimate interests (or those of a third party – most often the end user company), in cases where your interests and fundamental rights do not override such interests.

    

We may also use your personal data in the following situations, although they are very rarely applicable in practice:

1. When it is necessary to protect your vital interests (or those of another person).
   
2. When necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

    

PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA
We will process your personal data for the following purposes:

• Determining the conditions under which you work.
  
• Verifying your right to work with us and at the end user company for the relevant position.
  
• Paying your due remuneration, benefits, withholding and paying social security contributions.
  
• Administering your temporary employment contract and other contracts entered into with you.
  
• Administering our relations with the end user company.
  
• Business management and planning, including accounting and auditing.
  
• Monitoring, managing, and setting requirements for performance and effectiveness (of employees and business processes).
  
• Making decisions regarding salary reviews.
  
• Assessing qualifications for a specific job or task.
  
• Collecting evidence for possible complaints or disciplinary procedures against you or other employees.
  
• Making decisions about your engagement and continuing employment relations.
  
• Taking measures to terminate our employment relations.
  
• Determining the need for education, training, and development.
  
• Protecting rights in court and out-of-court disputes affecting you or other employees, including in connection with workplace accidents.
  
• Assessing your fitness for work.
  
• Managing sick leave.
  
• Complying with health and safety obligations.
  
• Preventing fraud, theft, and other crimes.
  
• Preventing administrative violations.
  
• Ensuring network and information security, including preventing unauthorized access to our or the end user company’s computer and communication systems and preventing the spread of malicious software.

   

If you decide not to provide certain personal data we request, we may be unable to fulfill our obligations to you (for example, paying your remuneration or benefits) or you may hinder our ability to comply with legal obligations (for example, issuing and providing specific documents related to your employment).
We may sometimes use your personal data without your knowledge or consent when required or permitted by law.

HOW WE USE SENSITIVE DATA
“Special categories” of personal data require a higher level of protection than non-sensitive data. To process such sensitive data, we must have an additional legal basis/condition. We may process special categories of personal data under the following circumstances:

1. In limited cases, with your explicit written consent.
   
2. When necessary to comply with our legal obligations or to exercise rights related to labor legislation.
   
3. In other circumstances explicitly provided by GDPR, such as:

    

• When necessary for legal claims;
  
• When necessary to protect your vital interests (or those of another person) and you are unable to give your consent;
  
• When you have already made the information public.

   

We will use your sensitive personal data in the following ways:

• In relation to your leaves, which may be due to illness or family-related leave, in order to comply with labor and other laws.
  
• In relation to your physical or mental health or disability status, to ensure health and safety in the workplace and assess your fitness to work, to provide suitable adjustments to your work, such as in cases of reassignment, and to administer payments, benefits, and other matters related to illness-related absences.
  
• In relation to your union membership information, to ensure your protection status in case of dismissal and comply with other legal requirements.

   

CRIMINAL RECORDS
We may process data related to criminal convictions only when there is a legal basis for such processing.

AUTOMATED DECISION-MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are entitled to use automated decision-making under the following circumstances:

1. When we notify you of such a decision and give you a reasonable period to request a review.
   
2. When necessary to enter into or perform our contract with you, and appropriate measures are in place to protect your rights.
   
3. In limited circumstances, with your explicit written consent and appropriate measures to protect your rights.

    

If we make an automated decision based on sensitive personal data, we must have your explicit written consent or it must be in the public interest, and we must apply appropriate measures to protect your rights.
You will not be subject to decisions that significantly affect you based solely on automated decision-making unless we have a legal basis for doing so, in which case we will notify you.

DISCLOSURE OF YOUR DATA OUTSIDE OUR COMPANY
We exchange information about you mainly with the end user company where you work to fulfill our obligations/exercise our rights under our contract with you, our contract with the end user company, and under the law.
We may need to share your personal data with other third parties, including service providers, for example, because it is necessary to administer our employment relationship with you or when we have other legitimate interests in doing so. These could be accounting firms, lawyers, auditors, and other organizations that provide us with services.
We may also transfer your personal data to other entities within our group of companies (including owners), as part of our regular reporting activities to present the company, in the context of a business reorganization or group restructuring, or for system maintenance and data hosting.
We may share your personal data with other third parties, such as in the context of a potential sale or restructuring of the business. We may also need to share your personal data with government regulators or for other legal requirements.
These third parties are required to keep your personal data confidential and protected.

INTERNATIONAL DATA TRANSFERS
Your personal data is usually processed within the European Union (EU) or the European Economic Area (EEA).
If we transfer information to “third countries” (outside the EU and EEA), we ensure that the necessary level of data protection is in place before such transfer, either based on a European Commission decision on adequate data protection in a specific third country or through “Standard Contractual Clauses” agreed with the recipient, or if the recipients are in the U.S., based on compliance with the EU-U.S. Privacy Shield (Data Privacy Framework).
We are happy to provide further information about the appropriate and relevant safeguards for ensuring an adequate level of data protection upon request.

DATA SECURITY
We have implemented appropriate security measures to prevent accidental loss, unauthorized use or access to your personal information, alteration, or disclosure.
We have procedures in place to address any potential data security breaches and will notify you and any relevant supervisory authority when required by law.

DATA RETENTION
We will keep your personal information only as long as necessary to fulfill the purposes for which we collected it, including for legal, accounting, or reporting requirements.
For tax purposes, the law requires us to retain basic information (including contact details, identity, financial information, and transaction data) for five years (plus the current year).
The law requires us to retain payroll records for 50 years, starting from January 1st following the reporting period they relate to.
In many cases, we will adhere to statutory limitation periods under applicable law, for example, for filing certain claims, which is in our legitimate interest.
We consider the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process personal data, and whether we can achieve those purposes by other means when determining an appropriate retention period.
In all cases, we take steps to limit access to personal data at relevant stages, based on the current processing of the data and its intended purposes.
In some circumstances, we may anonymize your personal information so that it can no longer be linked to you, in which case we may use this information without further notice to you.
When our relationship with you ends, we will retain and securely dispose of your personal information in accordance with applicable laws and regulations.

RIGHTS OF ACCESS, CORRECTION, DELETION, RESTRICTION, AND PORTABILITY
It is important that the personal data we hold about you is accurate and up to date. In many cases, this is essential for you and your rights. Please inform us if your personal information changes.
Under certain circumstances, by law, you have the right to:

• Request access to your personal information (commonly referred to as a “data subject access request”). This allows you to receive a copy of the personal information we hold about you and check whether we are processing it lawfully.
  
• Request correction of your personal information that we hold. This allows you to correct and update any incomplete or inaccurate information we hold about you.
  
• Request deletion of your personal information. This allows you to ask us to erase or remove personal information when there

   

RIGHT TO WITHDRAW CONSENT

• In the few cases where you may have given your consent for the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us in the manner described above regarding your other rights. Once we receive notice that you have withdrawn your consent, we will no longer process your information for the purpose(s) for which you initially agreed, unless we apply another legal basis, which we will notify you about. The withdrawal of consent does not affect the lawfulness of the processing based on the consent before it was withdrawn.

   

• CHANGES TO THIS POLICY
  
• We have the right to modify and update this Policy. We will publish any such changes on our website www.beglobal.bg If these changes are significant, we will inform you further by email or another appropriate method of contact.
  
• YOUR CONTACT WITH US REGARDING YOUR PERSONAL DATA
  
• If you have any questions regarding this Policy and how we process your personal data, please contact us by email at [email protected]