Privacy Policy

Preliminary

GLOBAL HR SOLUTIONS (GHRS) LIMITED is committed to protecting your personal data and your privacy. The personal data we collect depends on the service requested and agreed in each case by Global HR Solutions (GHRS) Limited and/or its Affiliates and/or related companies (collectively referred to as “GHRS” or “we” or “us” or “our” in this privacy policy). For all purposes of this Privacy Policy, Affiliate means any entity directly or indirectly, through one or more intermediaries, controlled by or under common control with GHRS or by each other.

This privacy policy explains how we collect, use, and processes your personal data, how we comply with our legal obligations to you and informs you about your privacy rights under the Processing of Personal Data (Protection of individuals) Law 125 (I)/2018) as amended from time to time and the EU General Data Protection Regulation (“GDPR”) 2016/679. 

This privacy policy is directed to:

  • the candidates/job applicants
  • to natural persons who have a contractual relationship with GHRS.

 

Who we are 

GLOBAL HR SOLUTIONS (GHRS) LIMITED is a company duly registered in the Republic of Cyprus under registration number HE 414482 having its registered office and head office at 340 Agiou Andreou, Vashiotis Ag. Andreou Business Center, 2nd floor, 3035, Limassol, Cyprus.

We have appointed a DPO who is responsible for overseeing questions in relation to privacy issues. Any questions about this privacy policy or any requests to exercise your legal rights shall be address to the DPO using the below details:

Email address: dpo@globalhrs.net

Postal address: 340 Agiou Andreou, Vashiotis Ag. Andreou Business Center, 2nd floor, 3035, Limassol, Cyprus.

 

Collection and Use of Your Personal Data

Personal data means any information relating to you that identifies you or could reasonably be used to identify you, and that is recorded in any form.

If you are a candidate/job applicant, we may collect the following personal data:

  1. Identity data such as first name, maiden name, last name, ID number, passport number, title, date of birth (city and country) and gender. We may collect the same identity data of your dependents (for subsequent travel arrangements in case your job application will be successful).
  2. Children’s data: We understand the importance of protecting children’s privacy. We may collect personal data in relation to children, only if we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under the law solely for relocation purposes in case your job application is successful.
  3. Contact data such as residential or business address, email address and telephone numbers.
  4. Additionally, we may collect marital status, IP address, insurance information, family member information, nationality, credit reference agency data, residence, or work permit in case of nonEU nationals, employment position, educational background, employment history, tax information (e.g., tax identification number, tax residency)

If you are a person having a contractual relationship with us, if you are a prospective client or a non-client counterparty, we may collect the following personal data:

  • Identity Data such as first name, maiden name, last name, ID number, passport number, username or similar identifier, marital status, title, date of birth (city and country) and gender.
  • Contact Data such as residential or business address, email address and telephone numbers.
  • Marketing and Communications Data like your preferences in receiving marketing from us.
  • Other data: we may collect banking details, marital status, employed/self-employed, if you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data (e.g., signature), IP addresses, financial account information such as bank details, insurance information, family member information, nationality, residence or work permit in case of nonEU nationals, employment position, educational background, employment history.

We may also obtain personal data arising from the performance of our contractual obligations, tax information (e.g., defense tax, tax residency, tax identification number), financial info (as expected annual credit/debit turnover, nature of transactions, source of income, source of assets).

 

Collection of personal data

We collect and process different types of personal data, which we receive from you directly or from our contractors in person or via their representative in the context of the contractual relationship we have with you.

To the extent permitted by the law and for the fulfillment of our contractual or potential contractual relationship, we may collect and process personal data which has been lawfully obtained from third parties e.g., public authorities or companies that introduce you to us and/or from publicly available sources (e.g., the Department of Registrar of Companies and Official Receiver, commercial registers, the press, media, and the internet).

 

Background Checks

Before making a final decision to recruit you or to enter into a contractual relationship with you, we may collect and process information relating to your criminal record in order to satisfy ourselves that there is nothing in your criminal convictions history which will prevent us from hiring you or entering into a contractual relationship with you. We seek to ensure that our information, collection and processing is always proportionate.

 

Purposes of Processing Your Personal Data

In holding and processing your personal information, we comply with the EU GDPR and the local legislation (the Processing of Personal Data (Protection of Individuals) Law 138 (I)/2001)) as these may be amended from time to time. 

We will use your personal data for one or more of the following reasons:

  • To conduct the recruitment process. In accordance with applicable law, your personal data may be retained and used to process your application for other open positions within GHRS which may be suitable, unless you object to such processing in which case they will be deleted.
  • To perform the contract we are about to enter into or have entered into with you.
  • For our legitimate interests.
  • To comply with a legal or regulatory obligation.
  • Where disclosure is necessary for a competent authority.
  • You have provided your consent. Please be informed that you have the right to revoke your consent at any time.

 

Transfer of Your Personal Data and Personal Data Recipients

In the course of the performance of our contractual and statutory obligations, your personal data may be provided to different departments within GHRS and/or to third parties providing services to us. If it is necessary to share your personal data with a third-party service provider so we may perform our services and/or legal obligations, we enter into a contractual agreement with such third party to ensure that they comply with the data protection law and GDPR and they observe confidentiality.  We require all third-party service providers to respect the security of your personal data and to treat it in accordance with the law. We only permit our third-party providers to use your personal data for specified purposes and in accordance with our instructions and we only provide the necessary information they need to perform their specific services.

Your personal data may be transferred to countries outside the European Economic Area if this is necessary for the performance of our contractual relationship or if such transfer is required by the law. To protect your personal data, we implement at least one of the following safeguards:

  • We may enter into specific contracts as provided by the European Commission (such as the Standard Contractual Clauses or Data Processing Agreement).
  • We may transfer personal data to countries for which the European Commission has judged by its decisions (Adequacy Decisions) that transfer to these countries is safe because they ensure an equivalent level of personal data protection. Countries to which the transfer of personal data is assimilated to intra-EU transmission of personal data can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-dataprotection/adequacy-decisions_el

Recipients of personal data may be, for example: third party/ies service provider/s, income tax authorities, auditors and accountants, legal consultants and external legal consultants, service providers, suppliers, agents, business partners, financial and business advisors, file storage companies, archiving and/or records management companies, cloud storage companies, delivery couriers, IT companies who support our website and other business systems and so on.

 

Security for Your Personal Data

GHRS uses appropriate administrative, technical, personnel, and physical measures to protect your personal data. Authorised personnel and third parties service providers may have limited access to your personal data and they will only process your data according to our instructions.

We also have a data breach procedure in place and we commit to notify you and the competent authority of any breach or any suspected personal data breach where we are obliged by the law to do so.

 

Data Retention 

We will retain your personal data for as long as necessary, to fulfil the purposes we collected it for, and to comply with a regulatory or statutory obligation.

The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the services to you.
  • Whether there is a legal obligation to which we are subject.
  • Whether retention is advisable considering our legal position (such as litigation or regulatory investigations).

You have the right to request deletion of your data. You can request us to erase your personal data (known as the ‘right to be forgotten’) where its process is of no further use or interest.

 

Your Legal Rights

You have the right to:

  • request access to your personal data
  • request correction of your personal data
  • request erasure of your personal data
  • Object to processing of your persona; data
  • Request restriction of your personal data
  • Request transfer of your personal data
  • Request withdrawal of the consent that you gave us

If you would like to exercise any of your rights, please contact our DPO by sending an e-mail to: dpo@globalhrs.net and submit the relevant request.

You also have the right to lodge a complaint at any time to Cyprus supervisory authority, the Office of the Commissioner for Personal Data.

https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_gr/page1i_gr?opend ocument

We would appreciate the chance to deal with your concerns and address your queries before you approach the supervisory authority.

 

Changes to the privacy policy 

This version was last updated on 30.05.2023. This Privacy Policy may be amended from time to time. We do, however, encourage you to review this statement periodically to be always informed about how we are processing and protecting your personal information.