Privacy and Cookie Policy

Data Privacy Policy

Flashnet takes your privacy extremely serious and respects your rights to personal data protection and privacy. Our Privacy Policy concerns the personal data we collect through our website or other electronic environments (social media, email) as well as those we collect in live interactions (meetings, trade fairs, telephone, interviews or other interactions), also including personal data we might receive through our contractual partners (ex. recruitment agencies).

Please read this Privacy Notice carefully to understand how we handle your personal information. If you don’t agree with our privacy policy, please don’t use our website or don’t send us any of your personal data.

For any questions, requests or suggestions concerning your personal data, the way it is processed or the purpose of processing, please contact us at dataprotection@flashnet.ro

1. Who we are

Flashnet is a Romanian based company, with its headquarters in Brasov.

The fact that we process your personal data collected through our website https://www.flashnet.ro/ (hereinafter “website”, “our website” or similar), as well as through other electronic means of communication (social media, email etc.) or outside the electronic environment, makes us a data controller, in accordance with the terms and definitions set by the (EU) Regulation no. 679/2016 (also known as the “GDPR”), approved by the European Parliament on the 27^th of April 2016.

2. Definitions

According to GDPR, the below terms and definitions have the following meaning:

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular or by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Data subject: a natural person whose personal data are processed;
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Controller: any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
Processor: any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Consent: means any freely given, specific unambiguous statement or clear affirmative action of the data subject’s intent, by which he or she, signifies its agreement to processing of their personal data.

3. Personal data collected, ways of processing, legal ground and retention period – brief description

Ways in which we collect personal data:

Provided by you – we collect personal data that you provide to us by completing contact forms on our social media pages and on our website, by sending them in e-mail to our corporate e-mail addresses, by discussing with us by phone or by filling any other physical (paper based) forms, papers containing your name, e-mail address, phone number, physical address or any other personal data that you choose to share with us;
Observed by us – we collect personal data directly via our web presence using cookies, regarding your IP (Internet Protocol) address, geographic location, and all other personal data you chose to make publicly available via your social media profile you are using in order to establish contact with us;

What categories of personal data we are processing and for what purposes?

Data obtained from your interaction with our website`s technologies (ex. cookies): IP (Internet Protocol) address, functional cookies, tracking cookies for Google and Facebook, data regarding the device you use to access our website. We process this information to assure the functionality of our website and determine the level of its efficiency, to analyze web traffic and to promote our services in the online environment.
Contact information: name, email address and phone number provided are processed by us in order to establish communication and commercial relation with you based on your intent.
Data obtained from the content of the messages you send us: we process these data in order to be able to answer to your enquiries and also be able to provide you with accurate information.
Data included in your CV (curriculum vitae, resume): name, e-mail address, phone number and other contact information, marital status, age, gender, professional performance and educational path followed are processed by us for the purpose of evaluating your fitness within our job requirements and for having the possibility of getting in contact with you.

What are the legal grounds of our personal data processing?

All personal data processing activities carried out by Flashnet described in this privacy policy have legal grounds in the EU Regulation no. 679/2016 (GDPR).

Data processed based on your consent: we process certain personal data such as profiling data and cookies for online advertising and email addresses for direct marketing purposes;

Data processed based on our legitimate interests: we process certain personal data such as (functional cookies, contact information you provide to us, the content of the messages you send us, data from CV’s we receive) based on our legitimate interests to continuously develop the quality of the services we provide, respond to inquiries we receive and communicate with people interested in our services, sell our products/services and recruit new employees.

What is the retention period of collected personal data?

In order to respect the principle of “storage limitation” set by GDPR, we only store personal data for the periods of time necessary for us to fulfill the purposes for which we collected and processed the personal data and also to respect all the legal obligations we have in this respect.

Do we transfer personal data to 3^rd parties?

We may transfer certain personal data to third parties having contractual relation with us, based on that contractual relation and only for the purpose of fulfilling that contractual relation.

We can send personal data to certain categories of third parties in the European Economic Area we have contractual relations with in order to pursue our legitimate interests described in this privacy policy.

We take the necessary steps to verify that our partners handle personal data according to GDPR requirements and implement the necessary technical and organisational measures to protect your personal data.

Third parties we may send personal data to:

Web hosting provider
Marketing services provider
HR services provider

4. Detailed description of the scenarios of our personal data collection:

HR and recruitment:

How we can enter in possession of your personal data?

By opting to send us a CV/resume in order to show your interest in working with us, you provide us some of your personal data together with your personal skills and your educational and professional background.

The personal data we collect from you is the ones that are provided to us by you in the following ways:

Resume provided through our website, recruitment platforms, direct email to one of our registered e-mail addresses or brought directly to our headquarters;

Data you provide during the interviews or tests held during the recruitment process;

What type of personal data we are processing and in what purpose?

Contact information: such as family name, first name, e-mail address, phone number, address;

History of studies and work experience;

Personal skills and qualifications;

Other personal information: such as age, date of birth, marital and family status, date and place of birth, or any other information you consider relevant for the application and that you decide to share with us;

We process your personal data in our legitimate interest in the process of recruiting new employees and we are keeping them after the recruiting process ended only if we have your consent of doing so. Your personal data processing is limited to the process on recruiting new employees.

Why we need your personal data to be disclosed and what happens if you refuse to do so?

Your personal data is requested in order to be able to evaluate your professional fitness to the vacant positions in our company and to the company culture as well as to establish a professional communication with you on the grounds of your application. Not providing the minimum and essential information requested makes the process impossible to be completed and your application will be disregarded.

What is the retention period of collected personal data?

In the case of accepted candidates: data will be kept for the entire duration of the employment contract and even afterwards if legally required, for the period set for in the relevant legislation.

In the case of unfitted candidates: data will be kept until the recruitment period ends. If considered, based on the consent of the candidate, provided information can be kept for another year for eventual future opportunities.

Do we transfer personal data to 3rd parties?

We reserve the right to share information with our HR consultants or HR outsourcing companies. Also, the online platforms we use in the recruitment and communication process might have access to the data you provide (social media networks through which you contact us, Google, Bestjobs, Ejobs, etc.). We do not transmit this data to other third parties or other countries without your consent.

What are the security measures we implemented for avoiding security incidents?

To reduce the risk of security incidents regarding collected personal data, a series of security measures have been implemented:

Limiting access of unauthorized persons to our premises by implementing an access control system;

Complying with all the physical security requirements set by the legislation;

Securing electronic access through: secure servers, password policies, IT security softwares, firewall;

Continuous training of our employees regarding data protection and data privacy obligations and limiting their access to personal data with relevance of their job requirement compliance;

Security measures implemented by third parties are assured by contractual obligations;

Are your personal data used in automatic profiling process?

Your personal data provided for HR and recruiting purpose are not used to make decisions following an automatic profiling process.

Visiting our website:

How we can enter in possession of your personal data?

By accessing our website you allow the technologies which contribute to the normal functioning of our website to collect certain personal data of yours; These information make part of the category of data directly observed by us.

What type of personal data we are processing and in what purpose?

Data from your interaction with the website (IP, geographic location data, cookies, data about the type of device used to access the website).

We process these data on the grounds of our legitimate interest in analyzing the audience and improving our website’s structure and content, to improve the relevance of the information we provide and to protect ourselves from cyber attacks and fraud.

We also process analytics and advertising cookies based on consent.

The summary of all types of data processing is:

continuous improvement of our services,
ensuring the website’s functionality and optimization
investigation and resolution of potential fraud or security incidents
market analysis and promoting our services online

Why we need your personal data to be disclosed and what happens if you refuse to do so?

Data which enables the proper functioning of our website:

Providing these data is mandatory because it allows access to and use of our website. If you did not provide this data, you could not properly access or use the website.

Data for website optimization, analytics and advertising:

Providing these data is not mandatory, you can decide whether you want to give your consent in order to process them. In the case you choose not to give us your consent, you will not be able to receive advertising messages from us and we will not be able to analyze the way in which you interact with our website.

To give or retract consent please use the “cookie settings" button on the bottom-right.

What is the retention period of collected personal data?

We do not store cookies. Cookies are stored on your own browser and you can delete them at any time.

The only data we have access for a longer period of time (38 months) is the data Google Analytics provides us about how the visitors which have given consent for analytics cookies have interacted with our website.

Do we transfer personal data to 3rd parties?

The following third parties will be able to access these data: our web hosting provider, Google, Facebook.

The servers on which this data is stored are located within the European Union or are part of Privacy Shield, guaranteeing the handling of personal data according to GDPR standards.