Home|Privacy Notice for Recruitment and Selection Process
Last updated on 04.23.2025
North Star Support Group SRL having its headquarters at 26 Grigore Alexandrescu Street, Bucharest, Romania, as Controller (hereinafter referred to as „we”, „us”, „Controller”), is processing your personal data collected in the recruitment and selection process.
The purpose of this Privacy Notice is to detail how the Controller processes your personal data, with whom we may share it, how we protect it, your rights and how you may contact us. Hereinafter “the data subject” and “the candidate” refer to you.
In general, the personal data we process is collected directly from you as part of the application and/or through other channels such as direct contact with us through our website, via telephone, via email, etc. However, there may be situations where your personal data is collected indirectly from third parties, such as recruitment platforms and providers when you upload or disclose documents containing personal data to platforms or service providers, former partners, clients, or a third party who recommended you.
Below you will find information about the purposes for which we process your personal data, the categories of personal data we collect for those purposes, the legal grounds on which we carry out the processing activities and the periods of time we store the personal data in relation to the purposes of the processing for the process of recruitment and selection. For details regarding how we process personal data for other purposes, please check our Privacy Policy available on our website at https://nssg.global/privacy-policy/.
We will highlight the personal data categories that we need, and you may choose to submit additional information about yourself or not. Your refusal to provide the requested personal data may lead to the impossibility for you to participate in the recruitment process that we organize.
There may be situations when you provide us with personal data belonging to other individuals (e.g., family members, spouse, partner, etc.). Information on the personal data processing activities related to these individuals can be found in the table below and you should communicate it to the concerned individuals. When consent is legally required for disclosing this personal data to us, you are responsible for requesting the consent of these people before disclosing their data to us.
| # | Purpose | Personal data categories | Legal basis | Storage period |
|---|---|---|---|---|
| 1 | Collecting and reviewing application documents (e.g. CVs, intention letters) to identify the most qualified candidate for the vacancy, based on the skills and qualifications outlined in the application documents. | First name, last name, e-mail address, telephone number, residence address, country of residence, information on the candidate’s professional/work experience (former employers, current employer, seniority in current or specific roles), information regarding studies, diplomas, certifications, profile on a professional social network (e.g. LinkedIn) and other data included in the application documents. | Take steps at the request of the data subject prior to entering into a contract. | Personal data is stored for the duration of the recruitment and selection process and subsequently for a period of 6 months to manage possible complaints. |
| 2 | Conducting the recruitment and selection interview(s) to assess the candidate’s aptitudes and professional skills as part of the recruitment process. | First name, last name, address, country of residence, information on the candidate’s professional/work experience (former employers, current employer, seniority in current or specific roles), information regarding education, degrees, certifications, salary expectations, recruiter’s assessment of the candidate’s interview responses. | Take steps at the request of the data subject prior to entering into a contract. | Personal data is stored for the duration of the recruitment and selection process and subsequently for a period of 6 months to manage possible complaints. |
| 3 | If applicable, obtaining and reviewing references from former employers, superiors, colleagues, etc. to assess the validity of previous experience, qualifications and skills mentioned in the application documents. | First name, last name, e-mail address, telephone number, previous positions held, former employers, information on education, certifications, length of service, evaluation of former employer and other data provided by the person contacted. | The legitimate interest of the Controller in exercising its rights under the applicable law. | Personal data is stored for the duration of the recruitment and selection process and subsequently for a period of 6 months to manage possible complaints. |
| 4 | If applicable, drafting and submitting the financial offer. | First name, last name, e-mail address, telephone number, position, department, company address, number of days of leave due, work schedule, gross monthly salary/payment, duration of probationary period, duration of contract, date of commencement of activity, benefits, responsibilities of the offered position, signature. | Take steps at the request of the data subject prior to entering into a contract. | Personal data is stored: if the offer is accepted, for the duration of the contract. if the offer is not accepted, for the duration of the recruitment and selection process and subsequently for a period of 6 months to manage possible complaints. |
| 5 | If applicable, ensuring the protection and security of persons and goods through video surveillance equipment. | Video footage, time of arrival and time of departure, date, car registration number (if applicable) – such data may be collected in the event of interviews being held in person at the Controller’s premises. | The legitimate interest of the Controller to ensure the security and safety of persons and goods, or, as appropriate, the fulfillment of the legal obligations of the Controller under the specific legislation. | Personal data is stored for a period of 30 days. |
| 6 | If applicable, ensuring the protection and security of persons and goods by maintaining an access register to the Controller premises. | First name, last name, ID number, destination, time of arrival and time of departure, date (if applicable) – such data may be collected in the event of interviews being held in person at the Operator’s premises. | The legitimate interest of the Controller to ensure the security and safety of persons and goods, or, as appropriate, the fulfillment of the legal obligations of the Controller under the specific legislation. | Personal data is stored for a period of 2 (two) years from the end of the calendar year during which the access register to Controller’s premises was filled. |
| 7 | Contacting candidates for future vacancies. | First name, last name, e-mail address, telephone number, information on professional/work experience (former employers), information on education, degrees, certifications, profile on a professional social network (e.g., LinkedIn), and any other data included in the application documents. | Your freely given consent. | Personal data is stored for a period of 1 (one) year from the date of completion of the recruitment process in which the data was collected, or from the date of submission of candidate’s application, or until the candidate’s consent is withdrawn, whichever comes first. |
Personal data processed through electronic communication will be retained for 5 years, in accordance with our electronic communication retention period. At the end of the retention period, personal data will be erased.
In addition to the purposes mentioned in the table above, when applicable, we will also process your personal data for the purpose of fulfilling our legal obligations under the laws governing our activity, including those regarding equal opportunities and non-discrimination, ensuring physical and IT security and protecting whistleblowers in the public interest. In these situations, the categories of processed data and the data storage periods are determined according to the applicable legal provisions.
Your data may also be processed, based on the legitimate interest, for the purpose of exercising or defending a right or legitimate interest in a judicial, administrative or similar procedure, in which the Controller is involved or to respond to requests from public authorities, courts and tribunals or criminal investigation and prosecution bodies, based on and within the legal obligations the Controller is subject to. The categories of processed data and the storage periods are determined on a case-by-case basis, depending on the applicable legal procedures and provisions.
At the end of the retention periods specified above, personal data will be deleted or anonymized, as applicable to the specific situation.
Your personal data will not be processed in order to generate decisions based solely on automatic processing that would produce legal effects on you or affect you to a significant extent, within the meaning of applicable law.
We may disclose your personal data, to the extent this may be necessary, to the following categories of recipients: companies from the same group, software/hardware hosting or maintenance service providers, IT service providers, security service providers, archiving service providers, subcontractors, public authorities, courts or arbitration tribunals, law firms and criminal investigation authorities.
If personal data is transferred to third countries, we will apply the technical and organizational measures and adequate guarantees for the protection of personal data, as required by law and we will inform you about the transfer in accordance with the legal requirements.
The security of your personal data is important to us. Therefore, we maintain a variety of appropriate technical and organizational measures to protect your personal data from loss, misuse, and unauthorized access or disclosure. We limit access to personal data to employees or contractors who we believe reasonably need to retrieve that information for the recruitment and selection process. Considering the current state of technology, we have implemented reasonable physical, technical, and procedural safeguards designed to protect your personal data, such as limiting access, encrypting, anonymizing, or storing it on secure media.
It is very important that you, as a data subject, know the risks and take the measures to protect your personal data, for example by checking the sources of information, avoiding access to suspicious or unknown links, regularly changing passwords, and using appropriate anti-virus and anti-malware solutions.
The law grants data subjects enforceable and effective rights concerning their personal data which can be exercised under particular conditions provided by law.
You have the following rights regarding your personal date:
Except for the right to contact the Supervisory Authority, which you can exercise using the contact details indicated above, you can exercise your legal rights by contacting our Data Protection Officer by e-mail at dataprotection@nssg.global.
We will respond to your requests without undue delay and in any case within one month of receiving the request. This period may be extended by two months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receiving your request, stating the reasons for the delay.
In the event that we do not take action on your request, we will inform you, without undue delay and no later than one month after the receipt of your request, of the reasons for not taking action. In such a case, you have the possibility to lodge a complaint with the competent Supervisory Authority or to take legal action.
This Privacy Notice is subject to periodic reviews and updates to ensure that it always corresponds to reality, and it is in line with the applicable legal requirements. For this reason, please regularly consult this Privacy Notice to keep up to date with any changes. Any major changes to this Privacy Notice will be notified accordingly.
If you have any questions or requests regarding the processing of your personal data, this Privacy Notice or you wish to exercise any of your rights, you can contact our Data Protection Officer by e-mail at dataprotection@nssg.global. In order to ensure that we do not disclose information to individuals that do not have the right to access such information, we will verify your identity before processing your requests.