Notice on the processing of personal data

M Plus Group – Recruitment

 (job applicants)

 11th December 2023

Contents

1. General

2. Processing of personal data

3. Who has access to your personal data?

4. Profiling and automated decision-making

5. Is my personal data transferred to third

    Countries?

6. How do we protect your personal data?

7. Retention period of your personal dana

8. Your rights

1. General

• This Notice on the processing of personal data (“Notice“) applies to personal data processed by MERITUS ULAGANJA d.d., Ulica grada Vukovara 23, PIN: 62230095889, Zagreb, Croatia, and any of its subsidiaries or affiliates located worldwide and part of M Plus Group (jointly referred to as “M Plus”, “we”, or “us”), regarding your employment application to M Plus. Depending on your location and the job for which you are applying, a different M Plus entity holds the position of the data controller, and is responsible for the processing of your data. 
• 
  

• This Notice is published on the date indicated above.
• 
  
• The contact data of M Plus entities which may act as data controllers is provided below:

• M Plus Croatia d.o.o. - dpo-mplus@dlaw.hr   or by post at the address of the company's headquarters Ulica Vjekoslava Heinzela 62A, 10000 Zagreb, Croatia with the indication "PERSONAL DATA PROTECTION".

• MERITUS ULAGANJA d.d. - dpo-mplus@dlaw.hr  or by post at the address of the company's headquarters Ulica grada Vukovara 23, 10000 Zagreb with the indication "PERSONAL DATA PROTECTION".
• 
  
• M Plus Smart Hub Romania SRL - dpo-mplus@dlaw.hr   or by post at the address of the company's headquarters Splaiul Independenţei nr. 319, Sectorul 6, Cladire ob. 403A, Scara 1, Etaj 2 Dreapta, Bucuresti, Romania with the indication "PERSONAL DATA PROTECTION".
•  
• M+ Slovakia, s.r.o. - dpo-mplus@dlaw.hr  or by post at the address of the company's headquarters Palisády 29A, Bratislava, Slovakia with the indication "PERSONAL DATA PROTECTION".
•  
• Linea Directa d.o.o. (Mplus Slovenia) – contact@linea-directa.eu  or by post at the address Linea Directa d.o.o., Branch office Koper, Pristaniška ulica 4, SI-6000 Koper
•  
• CDE, nove tehnologije d.o.o. (Mplus Slovenia)- info@mplusgroup.si  or by post at the addres CDE, nove tehnologije d.o.o., Šmartinska cesta 52, SI-1000 Ljubljana

•    In addition to the above, list, some of M Plus entities have their own privacy policy. If you are interested in information on the processing of personal data by them, please refer to the below links:
• 
  
• M Plus Serbia d.o.o. - https://mplusgroup.talentlyft.com/mplus-serbia-career-page/privacy
• 
  

• M+ BH d.o.o. - https://mplusgroup.talentlyft.com/mplus-bih-career-page/privacy
•  
• M Plus BL d.o.o - https://m-plus.talentlyft.com/mplus-bl/privacy
• 
  
• Invitel GmbH (Mplus Germany) and affiliated companies - https://invitel-unternehmensgruppe.softgarden.io/de/data-security?0

• CMC Iletisim ve Cagri Merkezi Hizmetleri A.S. (Mplus Türkiye) - https://mplusgroup.eu/sites/default/files/legal-documents/internet-sitesi-genel-aydinlatma-metni_0.pdf

Processing of personal data

• What types of personal data do we

           process?

•  
  •    For the avoidance of doubt, personal data means any data relating to a natural person on the basis of which an individual can be directly or indirectly identified. Direct identification means that it is clear from the data itself to which individual it refers. Indirect identification means that it is possible to identify an individual based on more data available to us.

•  

   

  •   Data relating to legal persons are not personal data. Therefore, this Notice is intended exclusively for natural persons we can identify based on the information available to us.
  • We process the personal data that you have given to us, or that we have collected for the purpose of employment with us, more precisely, the following data (the specific set of data depends on the method of application):

 2.1.3.1. Your basic information

              Name, surname, style (form of

              address), date and place of birth;

 2.1.3.2. Your contact information

                Residence and domicile (street and house

                number, place, postal code), mobile

                and/or telephone number;

E-mail, URL profile on social media;

• Additional information relevant to the employment relationship
• 
  

Education information (including name of educational institution, name of diploma, time of education, knowledge of foreign languages, using the computer, and driver's license)

Information on previous work experience (including names/company names of previous employers and duration of employment)

Information on previous projects (including project name, project URL, project description and project duration)

• Other information

Photograph

• For what purpose do we process your personal data?
•  
• In order to carry out the recruitment procedure, i.e. the assessment and selection of candidates. In that case, the basis for the processing of your personal data is our legitimate interest based on your application for employment;
• 
  
• If you have given us your consent to keep your data in our records and we contact you for other jobs, then at the time when we will be looking for potential candidates for a new job. In that case, the basis for the processing of your personal data is your consent;

• To fulfil our legal duties as a data controller (e.g. to reply to your request under the data protection legislation).

Who has access to your personal data?

•   We consider your personal data to be a business secret and as such we protect them in accordance with applicable laws and best practice.
• 
  
  •   Third parties access and process your personal data only in the situations described below:

• 
  

  • third party service providers who provide us with services and products necessary for our recruitment process and employment, that act as data processors. This includes providers:
• 
  
  • who process your personal data exclusively for our needs, in accordance with our instructions;
  • who process personal data in accordance with their legal powers or rules of the profession.

• 
  

  • Competent authorities who process personal data in accordance with their legal powers.

• 
  

  
  

  
  

  Profiling and automated decision-making

  
  

  
  

  •   We do not carry out automated decision-making based on your personal data or create profiles of data subjects.

• 
  

  
  

  Are my personal data transferred to third countries?

  
  

  •    Your personal data are only exceptionally transferred to third countries (outside the EU/EEA), when they are processed by our affiliates or other processors in those countries.
• 
  
  •    We ensure that any transfers of your personal data are in compliance with the applicable data protection laws, and that we have appropriate safeguards to ensure the protection of your data. For example, we enter into agreements with our affiliates or other processors that incorporate the standard contractual clauses approved by the European Commission (available at the website of the European Commission).

•  

   

  How do we protect your personal data?

   

  •   The protection of your personal data is very important to us. Some of the protection measures we implement are the following:
• 
  
  • Implementing database pseudonymization whenever possible;

• 
  

  
  

  • Minimization in the handling of personal data (in a particular process we only handle the necessary set of data);

• 
  

  
  

  • Confidentiality in the handling of personal data that we require both internally and externally;

• 
  

  
  

  • The application of modern methods of protection and control of access to data resources containing personal data;

• 
  

  
  

  • Continuous monitoring of all resources used to process personal data.

•  

   

  Retention period of your personal data

  
  

  •    For personal data for which there is a statutory retention period (for example in accordance with accounting regulations), we retain your personal data during that mandatory period. We delete them after the expiration of the mandatory period, in an additional period of one year.

• 
  

  •    For personal data for which there is no legally defined mandatory retention period, we proceed as follows:

• 
  

  • We store personal data that we process on the basis of your consent for the duration of the consent and delete it after the expiration of the consent. In the case of withdrawal of consent, we delete them as soon as possible;
  • Personal data that we process based on our legitimate interest, we store as long as our legitimate interest exists - we delete them within a period of one year from the termination of our legitimate interest. In case of a job application, if you have not been selected for the job and have not given a consent for a future processing, your application and related data will be deleted after the end of recruitment process.
• 
  

Your rights

•    In the event that you choose to exercise one or more of your rights listed below, we have the right to verify your identity, all for the purpose of protecting your personal information.
• 
  
•    You exercise your rights without cost. However, if you frequently (for example, less than 6 months have passed since your last request) or excessively (for example, requesting all your personal information in writing) request access to or transfer of your personal information, we have the right to ask you to bear our costs before carrying out such an action.

•    You exercise your rights by sending your request to the appropriate email address stated in article 1.3 and stating "Data Subject's Request" as the subject of the message or by filling out the data subject form available here. In the message itself, you should indicate which right you want to exercise or what the subject of your request is. Upon receipt of the message, we will send you an acknowledgment of the receipt of your request. If you have applied for a position through mplusgroup.talentlyft.com, you can exercise some of the below-described rights by yourself by accessing the Candidate Portal.

• Access to your personal data:
•      You have the right to ask us to confirm whether we process your personal data, as well as access your personal data that we process.

• Correction of incorrect personal data:
•      You have the right to request the correction of your inaccurate personal data, as well as the right to supplement your personal data.
• 
  
• Restriction of personal data processing
•      If you dispute the accuracy of your personal data or in other situations provided for in the General Data Protection Regulation, you have the right to ask us to limit the processing of your personal data until such a situation is resolved.
• 
  
• Deletion of personal data
•      If you withdraw your consent to the processing of your personal data or when the legal basis for the processing of your personal data ceases or in other cases provided by the General Data Protection Regulation, you have the right to ask us to delete your personal data.

• Portability of personal data
•      You have the right to take and request the transfer of your personal data.
• 
  
• Objection to the processing or handling

           of your personal data:

•      You have the right to object to the processing of your personal data as well as to our way of handling your personal data in general.

• The right to withdraw consent
•      You have the right to withdraw your consent for further processing of personal data at any time. The withdrawal of consent does not affect processing performed on the basis of consent prior to its withdrawal.

• The right to complain to your national

           data protection authority

•      At any time, you have the right to complain to the competent authority for personal data protection in your country, regarding the processing and protection of your personal data. A list of the EU national data protection authorities is available on the following link.