1. BACKGROUND INFORMATION

 

In compliance with the GDPR and other applicable legislation in the field of personal data protection, Heads d.o.o. ensures the protection of your privacy and protects your personal data.

 

This Privacy Policy (hereinafter referred to as the “Policy”) contains all the relevant information related to the collection, processing and retention of your personal data. 

 

This Policy is used for all your personal data collected and retained by the controller Heads d.o.o., Verovškova ulica 55, SI-1000 Ljubljana (hereinafter referred to as “Heads”, “us” and the “controller”).

 

As the controller, Heads is responsible for a legal and transparent processing and retention of your personal data.

 

If you have any questions related to the use of this Policy or the exercise of your rights arising from this Policy, please contact us through any of the channels mentioned below:

 

• Heads d.o.o., Verovškova ulica 55, SI1000 Ljubljana
• tel.: +386 1 600 3538
• e-mail: data-protection-officer@headsadriatic.com.

 

1. USE OF THE POLICY

 

This Policy applies to:

• the users of our website at www.headstalent.com;
• enquiries about our services over the phone, by email or through online forms;
• the use of social platforms through plugins proposed by Heads on its website;
• the recipients of adapted communication;
• the recipients of general and adapted marketing communication;
• the participants in the events organised by Heads;
• all individuals who use our services directly in Heads branches;
• the users who log into the candidates database;
• the users who apply for a job vacancy on the website, by email or over the phone;
• the service requesters.

 

1. BASIC CONCEPTS

 

Below, you will find the basic concepts used in this Policy.

 

Personal data means any information relating to an identified or identifiable natural person (such as first name, surname, e-mail address, phone number or identifiers specific to the physical, physiological, genetic, economic, mental, cultural or social identity of the subject, etc.).

 

Controller means a legal person which determines the purposes and means of processing of your personal data.

 

Processor means a natural or legal person which processes personal data on behalf of the controller.

 

Processing means the collection, storage, access and all other forms of use of personal data.

 

EEA means the European Economic Area which encompasses all Member States of the European Union, Iceland, Norway and Liechtenstein.

 

 

1. PROCESSING AND COLLECTION OF PERSONAL DATA

 

We will only process your personal data on the basis of predefined purposes detailed in section 6 of this Policy. Processing will be carried out in a limited scope, meaning that we will only collect the data necessary to achieve the specified purposes.

 

1. Obligation to communicate personal data

 

Communication of personal data is a voluntary process which is mainly based on the provided consent, unless such personal data processing is required by law.

 

If you communicate personal data to us on the basis of a contract, said personal data is communicated on a voluntary basis. However, if you do not communicate the personal data we need in order to conclude or execute the contract, we cannot guarantee that we will conclude or execute the contract.

 

If you wish to know more about the legal bases for personal data processing, read section 5 of this Policy.

 

If you do not wish to share certain personal data with us, it is possible we will not be able to provide you with certain services (if you do not send us information about your education, we will not be able to send you personalised employment offers).

 

1. Personal data collection

 

We will obtain your personal data if you communicate them to us, i.e. directly from you (e.g. through your use of our website or if you order our services, subscribe to our newsletter or receive our employment advertisements, send us an enquiry by e-mail, over the phone or in writing to our address, or if you communicate your personal data to us in any other way).

 

We will also obtain your personal data through publicly available data records (such as the records of the Agency of the Republic of Slovenia for Public Legal Records and Related Services – AJPES).

 

We will also obtain your personal data pursuant to the use of cookies on our website. You can read more on the use of cookies in section 10 of this Policy.

 

1. Personal data categories

 

In accordance with the legal basis and the predefined purposes, Heads collects different categories of personal data defined hereunder:

 

• Identification data (first name and surname, legal form, business name, name of the representative, current account number, ID for VAT, company registration number, activity code),
• Contact data (address, phone number, email address)
• Sensitive personal data (national origin, union membership, data found in criminal and other records, psychological testing data, etc.)
• Communication data (date, time, and contents of the communication)
• Employmentrelated data (company, place of employment, job position, previous experiences)
• Education data (level of education, programme orientation)
• Data on the profile of the subject (working field, area of work, foreign language skills, mobility, knowledge of information technology, information on other additional knowledge and qualifications)
• Business statistics of the buyer (information on material and financial turnover, information on bids, contracts and employment politics)
• Data on the use of our website (date and time of your visit, the content you have accessed, the links you have clicked on, etc.)
• Information about your computer (IP address, type of device, browser type)
• Data from publicly available records (e.g. AJPES).

 

1. LEGAL BASIS FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA

 

We will process your personal data if we have a suitable legal basis to do so. Pursuant to the applicable legislation in the field of personal data, the following legal bases are available to us:

• Processing on the basis of a contract We process your personal data if such processing is necessary for the conclusion and execution of the contract.
• Processing on the basis of a provided consent We process your personal data if we obtain your explicit consent to do so. If our processing takes place on the basis of your consent, we will previously provide you with all information you need to make your decision. You can withdraw your consent at any time.
• Processing on the basis of a legitimate interest We can also process your personal data on the basis of a legitimate interest. If you wish to find out when your personal data will be processed on the basis of a legitimate interest, please refer to section 6 of this Policy. In the event of such processing, you have the right to object (to find out more about this right, see section 14 of this Policy).
• Processing on the basis of a law We will process your personal data whenever the binding legislation requires us to do so (tax legislation requires us to save the issued invoices). We will process this personal data pursuant to the legislative requirements.

 

1. PURPOSES OF PERSONAL DATA PROCESSING 

We will only process your personal data for predefined, specified and legal purposes. Heads will not process your personal data in any manner not compatible with these purposes.

 

The purposes for which we use your personal data are detailed in the list below; your personal data may be used for one or more purposes. In the event of a previously undefined need for further personal data processing, we will previously inform you of it and will request your consent when necessary.

 

List of purposes of personal data processing:

 

1. Adapted communication (with you) in terms of providing our services through text messages, phone calls and e-mail messages. This includes notifying individuals about job vacancies that correspond to their educational background, place of residence, etc. The use of certain personal data helps us to adapt our communication with you in order to make it as interesting and useful for you as possible. Based on certain personal data, we assign subjects to groups, which means that each of the groups we create receives adapted notifications from us. When assigning subjects to groups, we also monitor the activity of each individual and perform basic segmentation. The aforementioned data are processed based on your consent.
2. Marketing communication We process the aforementioned data based on your consent.
3. We perform adapted marketing communication based on the performance of basic segmentation. We process the aforementioned data based on your consent.
4. Finding and choosing personnel We publish a job vacancy based on the instructions and requirements provided by the contracting entity. We send information about potential and/or chosen eligible candidates (based on the description of the job position, the eligibility conditions, etc.). In doing so, we can also perform the entire process of personnel selection pursuant to the requirements and specifications of the contracting entity. Said data are processed based on your consent.
5. Enabling subjects to log into jobseeker databases – we use these data in order to be able to perform the selection process and create a profile of the subject, based on which the subject is then invited to take the job vacancy. We retain the aforementioned data based on your consent.
6. Enabling subjects to apply for an open job position and executing suitable activities related to the needs of the open job position (including forwarding of data to the employer and conducting the potential employment procedure) We retain these data for 2 years after the job vacancy has been filled.
7. Communicating about enquiries, complaints or other general issues, regardless of whether said communication takes place by e-mail, by mail or by phone. We communicate with you based on our statutory interest of guaranteeing efficient communication and facilitating efficient business operations.
8. Concluding contracts and fulfilling obligations arising from the concluded contract We collect and process said data on the basis of a contractual relationship.
9. Performing statistical analyses of the use of the website We process your personal data in order to prepare statistical analyses of our website which makes it possible for us to optimise it. We carry out said analyses on the basis of our statutory interest in guaranteeing a user-friendly and efficient website. The processing takes place through our contractual processor which obtains statistics through cookies (you can read more about cookies in section 10 of this Policy). The data collected are processed in an aggregated and anonymised format making it impossible to identify the subject. Such data enable us to constantly improve and adapt our website in order for it to meet the needs and interests of its users.
10. Transmitting personal data to third parties We transmit your personal data to third parties if such transmission is necessary to achieve the processing purpose. If you wish to know more about personal data transmission, read section 11 of this Policy. We will only transmit your data if such transmission can be justified by our statutory interest of guaranteeing a safe and legal operation as well as complying with our statutory obligations (such as tax obligations which can include the transmission of your personal data to tax organs).
11. Exercising legal claims, safeguarding our rights and resolving disputes We process the aforementioned data based on the statutory provisions.
12. Statutory obligations We collect your data in order to comply with our statutory obligations, e.g. retaining invoices for tax legislation purposes. We will only process your data in the scope necessary for the compliance with the statutory obligations.

 

 

1. PERSONAL DATA RETENTION PERIOD

 

We will collect, process and retain your personal data pursuant to the applicable legislation in the field of personal data protection.

 

Personal data retention is limited (in time) to:

1. the absolutely necessary period needed to achieve the purpose for which the data are being processed;
2. the statutory period (the tax legislation, for example, provides a retention period of invoices which extends to 10 years from the date of issue of the invoice);
3. the period necessary to execute the contract, which also includes the deadlines for exercising any claims on the basis of a concluded contract (e.g. 5 years from the compliance with contractual obligations).
4. The personal data obtained on the basis of your consent will be kept indefinitely or until you withdraw said consent (to find out more on how to withdraw your consent, read section 14 of this Policy). If we achieve the purpose for which we have collected the data, we will delete the data collected on the basis of your consent before you withdraw it.

 

In accordance with the corresponding purposes, we will retain your personal data for the following time period:

 

The purpose for which the personal data are collected	Retention period
Adapted communication in terms of providing our services through text messages, phone calls and e-mail messages	Until consent is revoked
Marketing communication	Until consent is revoked
Adapted marketing communication	Until consent is revoked
Finding and choosing personnel	Throughout the term of the contract and 5 years after its termination
Enabling database entry	Until consent is revoked
Enabling subjects to apply for a job vacancy	Until the end of the vacancy notice and 2 years after the end
Communicating about enquiries, complaints or other general issues	6 months from the first correspondence
Concluding contracts and fulfilling obligations arising from the concluded contract	Throughout the term of the contract and 5 years after its termination
Performing statistical analyses of the use of the website	Within the deadlines set out in section 10 of this Policy detailing individual cookies
Exercising legal claims, safeguarding rights and resolving disputes	Pursuant to the deadlines set out in the applicable legislation
Statutory obligations	Pursuant to the deadlines set out in the applicable legislation

 

Once the retention period is over (e.g. because the purpose for which the data were collected has been achieved because the statutory period has ended, etc.), we will erase, destroy or anonymise the personal data in a way which makes it impossible to reconstruct said personal data.

 

If you need any additional information related to the storage period of your personal data, please contact us using any of the contact details defined at the beginning of this Privacy Policy.

 

 

1. PERSONAL DATA SECURITY AND PROTECTION MEASURES

 

At all times, Heads makes sure that your personal data is safe and suitably protected from illegal and unauthorised use. For this purpose, we have adopted several organisational and technical measures used to protect your personal data.

 

We carry out the following measures for personal data protection:

• educating our employees on the legal personal data processing and protection;
• carrying out employee control and performing regular checks of the work of each individual employee;
• carefully monitoring our contractual processors;
• providing limited access to personal data (passwords, limited number of employees with authorisations, etc.);
• performing backup of electronically stored personal data;
• controlling and suitably responding to any safety incident, and actively preventing damage to personal data and individuals;
• adopting suitable internal rules and protocols with instructions on personal data protection;
• regularly maintaining and updating computer equipment.

 

In the event of a breach of personal data security, we will immediately inform the Information Commissioner representing the competent supervisory authority in the field of personal data protection in Slovenia. To find out more about the Information Commissioner and their tasks and authorisations, please refer to the website.

 

In the event of a suspected criminal offence, Heads will also notify the competent police station and the Public Prosecutor’s Office of any breaches.

 

Should the breach of personal data security be susceptible to provoke a high degree of risk when it comes to the rights and freedoms of subjects, we will immediately inform said subjects of such breach.

 

1. WEBSITE PLUGINS AND SOCIAL NETWORK ACCESS

 

Through our website, you can access the following plugins used by Heads for its operations:

• LinkedIn

The aforementioned social networking site provides its services pursuant to its Terms and Conditions of Use and the Privacy Policy used for the collection and retention of the data of its users.

 

The Privacy Policies are available via the following links:

 

• LinkedIn: https://www.linkedin.com/legal/privacypolicy

 

Heads shall bear no responsibility in relation to the use of the social networking sites that you can access through its website. If you have any questions or wish to exercise your rights, please contact each individual social networking site.

 

1. COOKIES

If you visit our website, information in the form of cookies can be stored to your website.

 

A cookie is a file which saves the settings of the websites you visit. Webpages save cookies on individual user devices you use to access the Internet, with the purpose of recognising individual devices and settings you have used during your access. Cookies enable websites to recognise whether the user has already visited a certain website; in terms of advanced applications, they can be used to suitably adapt certain settings. The storage of cookies is controlled completely by the browser used by the user, who can limit or disable the storage of cookies.

 

Cookies are important since they provide user-friendly web services; the most important e-commerce functions could not have been possible without cookies. The use of cookies makes the interaction between a web visitor and a website faster and simpler. With the help of cookies, a website “remembers” the preferences and experiences of a certain user, and turns website browsing into a more efficient, pleasant experience.

 

Types of cookies

1. Permanent cookies Permanent cookies enable the use of components necessary for the correct functioning of a website. Without these cookies, the services you wish to use on this website (such as login, purchase process, etc.) would not have functioned correctly.
2. Temporary cookies These types of cookies collect information on how the users behave on the website, in order to ameliorate the experience provided by the website (e.g. what parts of the website they visit most often). These cookies do not collect information through which it would be possible to identify the user.
3. Functional cookies These cookies allow for a website to remember some of your settings and choices (such as username, password, language, region, etc.) and provide advanced, personalised functions. Such cookies can make it possible to follow your actions on the website.
4. Third-party cookies These cookies are most often used by advertising companies and social networks (third parties) in order to show you targeted ads, limit repeated ads or measure the efficiency of their advertising campaigns. Such cookies can make it possible to follow your actions on the Internet.

 

List of cookies used by Heads