WHO ARE WE?
The websites at www.scalefocus.com, https://inside.scalefocus.com, https://careers.scalefocus.com and https://sap.scalefocus.com (the ‘Websites”) are owned and maintained by SCALE FOCUS AD a joint stock company, having its business seat and registered address at 90 Tsarigradsko shose blvd., Capital Fort, building A, fl.24, Mladost District, Sofia 1784, Bulgaria, registered in the Commercial register of the Registry Agency under UIC 20199698. SCALE FOCUS AD acts as the data controller for the processing of your personal data collected on the Websites.
When using the term “personal information” or “Personal Information” we refer to information relating to you, which can be used to personally identify you (either directly or indirectly), such as your name, e-mail address, company name, address, phone number, CVs, resumes and other information about yourself or your business. Personal Information can also include information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.
INFORMATION ABOUT CHILDREN
The Websites are not intended for or targeted at children under 16 years old, and we do not knowingly or intentionally collect or maintain information about children under 16 years old. If you believe that we have collected information about a child under 16 years old, please contact us at firstname.lastname@example.org, so that we may delete the information. In addition, we kindly ask any child under the age of 16 not to submit any personal information to us or use the Websites.
WHY AND HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION
Types of personal information we collect
The types of information that we may collect from you, depending on how you use our Websites or contact us, include:
- your name;
- your family name;
- your email address;
- your company details;
- your CV, motivation letter or additional supporting documentation (portfolio, projects description, related pictures, etc.). you elect to provide, where you apply for a role at our company on our Websites or via email, events, social media sites or other sites; and
- any other information that you choose to provide to us when filling out a contact form on our Websites or when attending our events or by contacting us via e-mail or via any of the social media sites like Facebook, Twitter, Messenger, LinkedIn.
How do we collect information and how we use your Personal Information
Visitors to our Websites
When entering one of our Websites, we will collect information necessary for the operation of the Websites and for us to comply with security and legal requirements in relation to operating our Websites. We also collect information about your activities during your visit such as date and time of visits, the pages viewed, time spent at our Websites, and the websites visited just before our own, as well as your IP address and your browser so that we can better address your queries and to collect statistics to help us improve your browsing experience in the future.
Information from the “Contact Form” section of our Websites
We may collect your Personal Information, which you choose to provide when you fill in contact forms on our Websites, including your name and e-mail. We may use this Personal Information to respond to your queries, and/or provide the services and/or information that you have requested.
Information from requests via e-mail
When you contact us via e-mail in connection with a request such as request for information, to order a product or service, to provide you with support, to offer us a proposal or to participate in an event, we collect information necessary to respond to your request and to be able to contact you. For instance, we collect your name and contact information and details about your request. We may use this Personal Information to respond to your queries, and/or provide the services and/or information that you have requested.
We use Transport Layer Security (TLS) to encrypt and protect web and email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
When you register for an event we may collect additional information (online or offline) in relation to the event organization, and during an event, such as participation in sessions and survey results. Events may be recorded and group photos taken. We reserve the right to use photos for promotional use, unless you explicitly inform us that you don‘t want photos of you to be used for such purposes or request them to be removed. When you provide us with your business contact information (such as by handing over a business card) we may use this to communicate with you for business purposes only.
You can choose to receive information by email or telephone about our products and services or our open job positions (openings) by opting in through the instruments of the Website. You can always opt-out from receiving personalized communication for products and services by sending an e-mail to email@example.com and copy to firstname.lastname@example.org and for job openings to email@example.com and copy to firstname.lastname@example.org.
If you choose to subscribe to our blog(s) to receive notifications for new articles (newsletters), we will collect and use Personal Information that you provide during the subscription process to send you notifications for new articles and articles` content by email.
Your consent to the use of your Personal Information for these purposes is optional. If you decide not to subscribe to our blog to receive newsletters, we will not send you any blog communications, but your use of our Websites will remain otherwise unaffected.
You are entitled to opt-out from receipt of blog communications at any time. You can do so by using the “unsubscribe” option included in all e-mails. When you unsubscribe we will keep a record of this, and once your request has been processed, you will stop receiving emails for new articles. You can still use our Websites once you have unsubscribed.
In connection with a job application or inquiry, whether advertised on our Websites or otherwise (on LinkedIn, www.jobs.bg, our Facebook page etc.), you may provide us with Personal Information about yourself, including your name, family name, e-mail, CV, motivation letter or additional supporting documentation (portfolio, projects description, related pictures, etc.) you elect to provide, where you apply for a role at our company on our Websites or via email, social media sites or other sites as well as any other information that you choose to provide to us when filling out a contact form on our Websites or when attending our events or by contacting us via e-mail or via any of the social media sites like Facebook, Twitter, Messenger, LinkedIn or any other site. We may use this information throughout our departments in order to address your inquiry or consider you for employment purposes. All of the information you provide during the process will only be used for the purpose of recruiting for the relevant currently vacant position that you have applied for and shall be kept for a period of no more than 6 months. If you have explicitly consented – your information will be also used for the purpose of recruiting of personnel for future vacant positions for a period of 2 years, which positions according to us are appropriate for you in view of your education, professional qualification and experience. If we enter into an employment relation with you, the submitted information will be stored for the purpose of processing the employment relationship in compliance with legal requirements. We may also use the information you provide during the recruitment process to fulfil other legal or regulatory requirements, if necessary. In addition you may elect for the purposes of the recruitment, to voluntarily provide in your CV Personal Information with a volume greater than the statutory minimum for the conclusion of an employment contract and in such case please be informed that the provision of data beyond than statutory minimum is not mandatory and that the non-provision of these data on your behalf has no negative impact on the selection process. Since you provide your Personal Information voluntarily on the grounds of a consent, you have the right to withdraw your consent at any time by sending an email to: email@example.com and copy to firstname.lastname@example.org. (please see below in section YOUR RIGHTS AS A DATA SUBJECT more information about your rights as a data subject). We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We may also obtain information about job applicants from other sources, to the extent permitted by applicable law, such as through your contact with us, including your interactions with us, or from third parties such as employment agencies and other websites on the Internet. For example, you may choose to provide us with access to certain personal data stored by third parties such as social media sites like LinkedIn. By authorizing us to have access to this information, you agree we may collect, store and use this information in accordance with this Policy.
People who contact us via social media
We may also collect information posted by you on social media sites if have opted to connect to or otherwise link us with social media accounts including Facebook and Twitter or if you send us a private or direct message via social media. It will not be shared with any other organisations.
Our Business Purposes
We may also use your Personal Information for our business purposes such as:
- record keeping, statistical analysis, internal reporting and research purposes;
- to ensure network and information security;
- to notify you about changes to our services;
- to investigate any complaint you make;
- to provide evidence in any dispute or anticipated dispute between you and us;
- to customise various aspects of our Websites to improve your experience;
- to host, maintain and otherwise support the operation of our Websites;
- for the detection and prevention of fraud and other criminal offences and for for risk management purposes;
- for business and disaster recovery (e.g. to create back-ups);
- for document retention/storage;
- for database management;
- to protect our rights, property, and/or safety, our personnel and others; and
- to ensure the quality of the services we provide to our users.
Use of third party services and Cookies
We collect the information relating to your use of our Websites through the use of various technologies.
When someone visits one of our Websites we use our own as well as third party services and technologies to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the Websites. This information is only processed in a way which does not identify anyone.
Our Websites utilizes a standard technology called ‘cookies’ and server logs to collect information about how our Website is used and to remember your preferences. Information gathered through cookies and server logs may include the date and time of visits, the pages viewed, time spent at our Websites, and the websites visited just before our own, as well as your IP address and browser.
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to our Websites or browse from one page to another.
We use a third party service to help maintain the security and performance of our Websites. To deliver this service it processes the IP addresses of visitors to our Websites.
In addition, we may use your Personal Information for further specific purposes made clear at the point of collection on particular pages of our Websites.
If you choose not to provide Personal Information requested by us, we may not be able to provide you with the information and/or services you have requested or otherwise fulfil the purpose(s) for which we have asked for the Personal Information. Aside from this, your visit to our Websites will remain unaffected.
Legal basis for collection and use of Personal Information
We process your Personal Information in relation to your subscription to our blog, your use of the contact forms in our Websites and in cases for recruitment purposes, where we have your consent to do so. In other cases, we process your personal information where we need to do so:
- to comply with our legal and regulatory obligations;
- for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms in:
- responding to your queries;
- providing services and/or information to you; and
- our internal business purposes, as set out in section 2.8 above.
If you would like to find out more about the legal basis on which we process your Personal Information for a particular purpose you can contact us at email@example.com.
RETENTION OF PERSONAL INFORMATION
It is our policy to retain your Personal Information for the length of time required for the specific purpose or purposes for which it was collected. However, we may be obliged to store some Personal Information for a longer time, taking into account factors including:
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- (potential) disputes and
- guidelines issued by relevant data protection authorities.
We have strict data retention periods determined in our Internal rules for personal data protection. If you would like to find out how long we keep your Personal Information for a particular purpose you can contact us at firstname.lastname@example.org.
HOW AND WHEN DO WE SHARE INFORMATION WITH THIRD PARTIES?
Some services that we provide require the involvement of third parties. We have carefully selected these third parties and taken steps to ensure that your Personal Information is adequately protected. Details about how we share Personal Information with third parties is set out below:
Our Websites use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics works using cookies.
Google Analytics cookies collect your IP address. We use the information collected by Google Analytics cookies to find out about how visitors use our Websites.
The IP address sent by your browser in connection with Google Analytics will not be combined by Google, with other data.
If you so choose, you can opt out by turning off cookies in the preferences settings in your browser, or by downloading and installing the Google Analytics Opt-out Browser Add-on from http://tools.google.com/dlpage/gaoptout. However, please note that you may not then be able to make full use of all the Websites’ functions.
When we would like to use your Personal Information for a new purpose, we will let you know about this first.
We also share your Personal Information with our third party service providers based in the European Economic Area (“EEA”) who we engage to provide support services in relation to our Websites for the purposes of: hosting and maintaining our Websites; providing data storage; assisting us with database management, and in order to assist us with related tasks or processes.
We may also share your Personal Information with any other third party if we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or to protect the rights, property and/or safety of SCALE FOCUS Group, our personnel or others; or with any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a search warrant or court order or acting in accordance with an applicable law or regulation.
Our Websites provide sharing buttons that you can click on in order to share content from our Websites on social media channels, e.g., Facebook. We do not use these buttons to share your Personal Information with social media providers. When you click on a sharing button the relevant social media provider will gather Personal Information directly from you. Please read the privacy notice of any social media provider with which you intend to share content before clicking on the corresponding sharing button.
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by us on the Websites. In this event, you will be notified via email and/or a prominent notice on our Websites, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.
YOUR RIGHTS AS A DATA SUBJECT
The following section explains your rights.
|Rights||What does this mean?|
|1.The right to be informed
This is so you are aware and can check that we are using your information in accordance with data protection law.
We can refuse to provide information where to do so may reveal Personal Information about another person or would otherwise negatively impact another person’s rights.
|3. The right to rectification||You can ask us to take reasonable measures to correct your Personal Information if it is inaccurate or incomplete. E.g. if we have the wrong name or address for you.|
|4. The right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Information where there’s no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g. where have legal obligation to keep your Personal Informaton or we need to use your Personal Information in defence of a legal claim.|
|5. The right to restrict processing||You have rights to ‘block’ or suppress further use of your Personal Information when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your Personal Information, but may not use it further. We keep lists of people who have asked for further use of their Personal Information to be ‘blocked’ to make sure the restriction is respected in future.|
|6. The right to data portability||You have rights to obtain and reuse certain Personal Information for your own purposes across different organisations.|
|7. The right to object||You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us or by a third party. We will be allowed to continue to process your Personal Information if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or we need this for the establishment, exercise or defence of legal claims.|
|8. The right to complain to a data protection authority||You have the right to complain to a data protection authority about our collection and use of your Personal Information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.)Contact details of the Bulgarian data protection authority (CPDP) are available at https://www.cpdp.bg/en/index.php?p=pages&aid=6 and are as follows:
5. for complaints via the CPDP’s website – using the electronic form provided at https://www.cpdp.bg/en/index.php?p=pages&aid=6.
Our Websites are hosted on servers in the EEA. We have adopted and implemented a security standard ISO 27001. Information storage is on secure computers in a locked and certified information centre and information is encrypted wherever possible. We undergo periodic system testing and reviews of our security policies and procedures to ensure that our systems are secure and protected. We use extensive and sophisticated secure technology to protect your data and transmissions between you and us. Transmission between browsers and our web server is implemented using Secure Sockets Layer (SSL) technology. Although we have taken these reasonable and appropriate measures to ensure that your Personal Information is delivered and disclosed only in accordance with your instructions, as the transmission of information via the Internet is not completely secure we cannot and do not guarantee the security of your information transmitted to our Websites and we cannot and do not guarantee that the Personal Information you provide will not be intercepted by others and decrypted.
If you no longer wish to receive newsletter e-mails from us, please follow the unsubscribe instructions included in each email.
If you wish to request further information or exercise any of the above rights, or if you are unhappy with how we have handled your Personal Information, contact us here: email@example.com. Please provide as much information as possible to help us identify the information you are requesting, the action you are wanting us to take and why you believe this action should be taken.
If you are not satisfied with our response to your complaint or believe our processing of your Personal Information does not comply with data protection law, you can make a complaint to the relevant EU data protection authority where you are located. The contact details for each EU data protection authority can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm Contact details of the Bulgarian data protection authority (CPDP) are available at https://www.cpdp.bg/en/index.php?p=pages&aid=6 and are as follows:
- for complaints in person – at the CPDP’s Registry at: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592 (see the location of CPDP).
- for complaints by post to: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Commission for Personal Data Protection.
- for complaints by fax: +3592/91-53-525.
- for complaints by e-mail to the CPDP’s e-mail address (firstname.lastname@example.org). In this case, your complaint should be submitted in the form of a signed electronic document with an electronic signature (not scanned!).
- for complaints via the CPDP’s website – using the electronic form provided at https://www.cpdp.bg/en/index.php?p=pages&aid=6.