Home|Privacy Policy
Last updated on 02.12.2024
Please read this Privacy Policy (hereinafter referred to as the “Policy”) carefully as it contains important information regarding how, when, and why North Star Support Group SRL collects, uses, and stores your personal data, with whom it may share it, as well as to inform you about your rights as a data subject and the measures taken to protect your personal data, in connection with North Star Support Group SRL’s processing over its website, and services.
Accessing and/or using North Star Support Group SRL website, and services by any person imposes the obligation to comply with the provisions set forth in the Terms and Conditions.
The website https://nssg.global/gdpr/ (hereinafter referred to as the “Website”) is owned and managed by North Star Support Group SRL, a company incorporated by Romanian laws, headquartered at 26, Grigore Alexandrescu Street, Bucharest, Romania.
This Policy regarding the processing of personal data only applies to the processing activities performed by North Star Support Group SRL and shall be complemented with the Terms and Conditions https://nssg.global/terms-and-conditions/ and the Cookie Policy https://nssg.global/cookie-policy/ .
The Website may contain information about or links to other websites that are outside North Star Support Group SRL custody and/or control. Carefully read and review the privacy policies of each of those websites when you browse on them to get an understanding of how your personal data is being used and shared by those third-party websites.
The terms used within this Policy have the same meanings as those mentioned in Terms and Conditions, unless otherwise mentioned in this Policy.
In general, the personal data we process is collected directly from you, as a data subject. However, there may be situations where your personal data is collected indirectly from social media, from the website of the company you represent, from your employer as a contact person, from a third party who recommended you or from various public platforms (for example ad platforms).
When we, as the Controller, do not receive the personal data directly from you, we will inform you within the legal term about our processing of your personal data.
If you provide us with personal data belonging to other individuals (for example, colleagues), you have the responsibility to inform them about how we process their personal data for the purposes mentioned below, as well as regarding their rights related to the processed personal data. You are also responsible to ensure that you rely on the appropriate legitimate ground for collecting and sharing the personal data, such as obtaining the consent of the individuals concerned, when this consent is required by the law for processing of their personal data, such as collection, use, storage and transfer.
Our Website and Services are not directed at children. We do not knowingly or intentionally collect personal data from children who have not reached the level of maturity in their country and who are not able to assume obligations in accordance with the applicable legislation.
If you are the holder of parental responsibility of a child who has not reached the level of maturity in the country of residence and you believe your child has provided us with personal data, please contact us to request the erasure of their personal data and we will act upon your request in accordance with the legal requirements.
Depending on the acquired service, we may also collect special categories of personal data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health, or personal data relating to criminal convictions and offences or related security measures) but only if this is strictly necessary to protect your vital interests where you are physically or legally incapable of giving consent, or for the provision of health care or treatment, or based on your consent.
We do not collect nor is our intention to collect personal data revealing trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning a natural person’s sex life or sexual orientation, , excepting the situations expressively regulated by the law.
Below you will find information about the purposes for which we process your personal data, the categories of personal data we collect for those purposes, the legal grounds on which we carry out the processing activities and the periods of time we store the personal data in relation to the purposes of the processing.
Where the lawful basis for the processing is the data subject’s consent, you may withdraw your consent at any time without constraint and without affecting the lawfulness of the processing prior to its withdrawal.
Depending on the nature of our relationship or interaction, we will process your personal data for the following purposes.
Personal data categories: first name, last name, e-mail address, company name, position/role
Legal basis: processing of personal data is performed based on your consent or considering our legitimate interests when we have a business or commercial reason to contact you.
Retention period: personal data will be processed until you withdraw your consent or object to the processing, after which personal data will be deleted where there is no other legal ground for the processing. You can withdraw your consent or object to the processing at any time, by clicking Unsubscribe/Opt-out at the bottom of any of our emails, without affecting the legality of the processing based on the consent or our legitimate interests before withdrawal or objection.
Personal data categories: first name, last name, e-mail address, company name, position/role, and any other personal data that you choose to include in your request.
Legal basis: processing of personal data is performed based on our legitimate interest to communicate with you and provide our support in solving your requests that arise from using/accessing our services, and to maintain and promote your satisfaction in relation to our services.
Retention period: personal data is stored for as long as we have an existing contractual relationship in place with you or with your company and subsequently for a period of 3 (three) years after its termination. If we don’t have a contractual relationship yet, but you choose to contact us, we will store your personal data for a period of 6 (six) months after which it will be deleted.
Personal data categories: first name, last name, e-mail address, image (if the case) company, position/role, phone number, signature, representation powers.
Legal basis: processing of personal data is necessary for the performance of the services agreement concluded with you or based on our legitimate interest to conclude and execute the services agreement with the company that you represent, depending on the case.
Retention period: personal data is stored for as long as we have an existing contractual relationship in place, and subsequently for a period of 3 (three) years after its termination (or until you withdraw your consent for processing your image, whichever comes first). At the end of the storage period, personal data will be deleted.
Personal data categories: first name, last name, e-mail address, phone number, information on the candidate’s professional/work experience (former employers, current employer, seniority in the current position), information regarding studies, diplomas, certifications, profile on a professional social network (e.g. LinkedIn) and any other personal data included in the application documents.
Legal basis: processing of personal data is performed in order to take steps at your request prior to entering into a contract.
Retention period: personal data is stored for the duration of the recruitment and selection process and subsequently for a period of 6 (six) months to manage possible complaints. At the end of the storage period, personal data will be deleted.
Personal data categories: first name, last name, e-mail address, phone number, date of reporting, object of reporting, signature (if applicable), voice (recorded) (if applicable), manner of resolution, as well as any other personal data included in the reporting.
Legal basis: processing of personal data is performed based on our legal obligation under the legislation on the protection of whistleblowers in the public interest to ensure and maintain internal reporting channels on breaches of law, corroborated with our legitimate interest to ensure that violations of applicable laws or regulations, including violations of our Code of Conduct are dealt with properly and in a timely manner in order to protect the company, employees, customers etc. from the effect of the illicit facts, corroborated with your consent for recording the conversation (if the report is made using a telephone line or other voice messaging system) and disclosure of your identity and of any other information that would allow the direct or indirect identification.
Retention period: personal data is stored for a period of 5 (five) years from the reporting date. At the end of the storage period, personal data will be deleted.
Personal data categories: your image.
Legal basis: processing of personal data is performed based on our legal obligation under the legislation on the security of objectives, goods, values, and protection of persons, corroborated with our legitimate interest to ensure the protection and security of our personnel and assets, as well as the protection of the life and integrity of individuals, through real-time monitoring and access to images if there are suspicions of having committed an offence.
Retention period: personal data is stored for a period of 30 (thirty) days. At the end of the storage period, personal data will be deleted.
Personal data categories: first name, last name, identity document series and number, destination, time of arrival and departure, date.
Legal basis: processing of personal data is performed based on our legal obligation under the legislation on the security of objectives, goods, values, and protection of persons.
Retention period: personal data is stored for a period of 2 (two) years from the end of the calendar year during which the register of access of persons to our premises was completed. At the end of the storage period, personal data will be deleted.
Personal data categories: first name, last name, company name, position/role, email address, phone number, representation powers, and any other personal data necessary to fulfill the purpose.
Legal basis: processing of personal data is performed based on our legitimate interest to defend our rights or interests, or to sustain our claims resulting from the execution of the agreement with you or with the company that you represent.
Retention period: personal data is stored in accordance with the regulations on the protection of personal data, as long as they are required by law or are necessary to fulfill the purpose.
Personal data categories: first name, last name, company name, position/role, email address, phone number, representation powers, and any other personal data necessary to fulfill the purpose.
Legal basis: processing of personal data is performed based on our legal obligations under the applicable legislation.
Retention period: Personal data is stored for a period of 3 years from the date of the response provided to the public authority’s request. At the end of the storage period, personal data will be deleted.
Our website uses cookies, plug-ins and other online identifiers (collectively referred to as “cookies”) in order to ensure functional browsing or to provide a better browsing experience, to perform statistical analysis regarding accessed information, or to provide you with custom content and advertising appropriate to your preferences and interests.
Detailed information regarding the cookies we use may be found in our Cookie Policy.
We do not make decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
We may transfer your personal data, to the extent that this is necessary to the following categories of recipients: companies from the same group, service partners, subcontractors, payment providers, archiving companies, IT service providers, software or hardware vendors, market research companies, marketing companies, public authorities, court or arbitral tribunals, as well as competent authorities to investigate criminal offenses.
Personal data may be disclosed or transferred to the categories of recipients mentioned above in order to provide our Services at the highest quality level, ensure the intervention of specialists by outsourcing parts of our business or to provide access to services and benefits according to our business partnerships, or to ensure compliance with the specific legal obligations to which we are subject according to the activity carried out.
In the event that personal data is transferred to third countries we will apply the technical and organizational measures required by law and we will inform you about the transfer in accordance with the legal requirements.
The security of your personal data is important to us. Therefore, we maintain a variety of appropriate technical and organizational measures to protect your personal data from loss, misuse, and unauthorized access or disclosure. We limit access to personal data to employees or contractors who we believe reasonably need to retrieve that information to provide our Services. Considering the current state of technology, we have implemented reasonable physical, technical and procedural safeguards designed to protect your personal data, such as limiting access, encrypting, anonymizing, or storing it on secure media.
It is very important that you, as a data subject, know the risks and take the measures to protect your personal data, for example by checking the sources of information, avoiding access to suspicious or unknown links, regularly changing passwords and using appropriate anti-virus and anti-malware solutions.
The law grants data subjects enforceable and effective rights concerning their personal data which can be exercised under particular conditions.
You have the following rights regarding your personal date:
Except for the right to contact the Supervisory Authority, which you can exercise using the contact details indicated above, you can exercise your legal rights by contacting our Data Protection Officer by e-mail at dataprotection@nssg.global.
We will respond to your requests without undue delay and in any case within one month of receiving the request. This period may be extended by two months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receiving your request, stating the reasons for the delay.
In the event that we do not take action on your request, we will inform you, without undue delay and no later than one month after the receipt of your request, of the reasons for not taking action. In such a case, you have the possibility to lodge a complaint with the competent Supervisory Authority or to take a legal action.
This Policy is subject to periodic reviews and updates to ensure that it always corresponds to reality, and it is in line with the applicable legal requirements. For this reason, please regularly consult this Policy to keep up to date with any changes. Any major changes to this Policy will be notified accordingly.
If you have any questions or concerns regarding the processing of your personal data, this Policy or how it applies, or you wish to exercise any of your rights, you can contact our Data Protection Officer as follows: