Cyber Nets Technologies is committed to ensuring that your privacy is always protected .
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Cyber Nest Technologies SRL.
For the purposes of GDPR the data controller is Cyber Nest Technologies SRL, registered at Trade Register under no. J35/801/2008, with VAT Code RO 23426626, Share address: 19 Claude Debussy Street, First Floor, Timisoara, Romania and Office Address: 69 Torontalului Street, Vox Building, 10th Floor, 300633, Timisoara, Romania, legal represented by Capitan Mihaela Patricia as Administrator;
1.Who we are and what we do?
Cyber Nest Technologies SRL is a technical company dedicated for IT and Telecom services, our scope of work including but not limited to the following categories:
Recruitment Process Outsourcing
Candidate Sourcing & Screening
2.Access to information
GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with GDPR. A subject access request should be submitted to consent to cyber-nest.com.
A Romanian version of GDPR notification regarding the process of your resume will be sent to you, via E-mail, in order to be informed.
For the specific activity Cyber Nest Technologies will require consent for and record your response on our system as per GDPR guidelines. You have the right to withdraw your consent to this particular processing at any time.
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to accept or prevent such processing by checking certain boxes on the forms we use to collect your data or by informing us verbally. You can also exercise the right at any time by contacting us at consent [at] cyber-nest.com
GDPR provides you with the following rights to:
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party in certain formats, if practicable.
Make a complaint to a supervisory body which in the EU can be contacted through this link: www.itgovernance.eu
8.Collection of general data information
The data protection declaration of the Cyber Nest Technologies is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
- a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
- c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
- e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
9.Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
10.Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
- Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, if it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
- Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.