1. Consulco Policy Statement

At Consulco («we», «us», «our») the protection of your personal data is a top priority. Keeping your data secure and private is part of our philosophy to apply the highest professional standards within our company. These values are the cornerstone of our corporate culture and for this purpose it is our commitment to process your personal data as follows:

  • Fairly and lawfully;
  • In an appropriate manner;
  • For limited purposes and not longer than necessary;
  • For the purpose required and not in an excessive way;
  • Keep them up-to-date and accurate;
  • Processed in line with your individual rights and in accordance with applicable Law;
  • In a secure way avoiding unauthorised or unlawful processing;
  • Protected against breach, accidental loss, destruction or damage by using appropriate technical and organisational measures;
  • Not transferred to third parties or organisations without adequate protection;

This privacy notice is directed to you because you are applying for work with us (whether as an employee or an associate). It describes how we process your personal data during and after your job application, in accordance with the EU Regulation 2016/679 for the protection of natural persons with regard to the processing of personal data and on the free movement of such data («GDPR»), and related Cyprus Laws.

It is important that you read this privacy notice, together with any other notice which might be communicated to you, so that you are fully aware of how and why we are using such information.

We will work closely with you and third parties, where appropriate, to ensure that all statutory requirements and our policies dealing with personal data protection in the human resources context, strike an effective balance between the legitimate interests of our company and its member companies as an employer and our potential employees.

We have established effective policies to protect your personal data while allowing us to utilise all processes at issue to make our business more efficient.

2. Identity and contact details of the Data Controller and Data Protection Officer

(a) Data Controller

Consulco Limited, a Cyprus private limited liability company, having registration number HE58332, is the «Data Controller» pursuant to the GDPR, and related Cyprus Laws, and determines how your personal data is kept and processed.

The main establishment and the central administration of the Data Controller is situated at 73 Metochiou Street, 2407, Engomi, Nicosia, Republic of Cyprus.

(b) Data Protection Officer («DPO»)

We have designated a Data Protection Officer («DPO»), who is responsible to monitor compliance with this notice as well as the applicable Laws and liaise with the Cyprus Supervisory Authority, namely the Office of the Commissioner for Personal Data Protection.

The DPO may be contacted directly with regards to all matters concerning this notice and the processing of your personal data including the enforcement of all applicable and available rights.

Official requests may be made by post at 73 Metochiou Street, 2407, Engomi, Nicosia, Republic of Cyprus, or electronically at dpo@consulco.com.

3. The kind of information we hold about you

In connection with your application for work with us, we will collect, store, use and overall process the following categories of personal data about you:

  • The information you have provided on our application form, including name, title, address, telephone number, personal e-mail address, date of birth, gender, employment history, qualifications and professional accreditations, including related certificates and/or diplomas;
  • The information you have provided to us in you curriculum vitae («CV»), the covering letter and the reference letters;
  • Any information you provide to us during an interview;
  • Any other information which might be statutory required to be requested, depending on the nature of the job description.

Taking into consideration the nature of the applied job, when required by law or with your express consent we might request and collect special categories of personal data. Pursuant to the definition given by the GDPR, these data may include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data, data concerning health, sex life or sexual orientation and criminal records.

We collect personal information about you through the application process, either directly from you, from named referees, upon your express consent and authorisation, or where applicable from a recruitment agency.

4. How we will use your personal information

The purposes for which our company will process your personal data include but are not limited to:

  • Assess your skills, qualifications, and suitability for the applied job;
  • Carry out background and reference checks, where applicable;
  • Communicate with you about the recruitment process and initiate any interview proceedings;
  • Keep records related to our recruitment process;
  • Comply with legal or regulatory obligations, where applicable.

(Some of the above grounds for processing overlap and there may be several grounds which justify our use of your personal data).

We will also need to process your personal data to decide whether to enter into a contract of employment with you or any other agreement.

Having received your personal information and/or your CV and/or any other related documents, we will then process that information to decide whether your meet the basic requirements to be shortlisted for the role. If we believe that you do, we will decide whether your application is strong enough to invite you for an interview. Contacting you for an interview does not mean that our company has decided to make you an offer or that your application was successful. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to make you an offer or not. We reserve the right to request additional information and/or references and/or supporting documents and for this purpose we will ask for your express consent and authorisation to do so.

The basis for collecting your personal data would be your express written consent (where applicable), our mutual rights and obligations in the field of employment and social security, any potential contractual rights and obligations for the performance of such an agreement, our legal obligation to comply with the rules and regulations under the relevant applicable laws and our company’s legitimate interest in promoting an effective working environment and delivering our professional services.

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of claimed qualifications or work history and/or other related information), or if fraud is detected, then we will not be able to process your application successfully.

We reserve the right to make backup data files and hold secure multiple copies of personal data (including any electronic copies), in order to protect our company’s interests in the event of data loss.

Should there be a need to further process your personal data, for a purpose other than that for which they were initially collected, you will be informed accordingly.

5. Recipients and Users of personal data

We will only use your personal data for legitimate purposes and for the purposes mentioned above. Your data may be processed through our secure computer network systems and accessed only by the following respective users within our company:

  • Staff employed in the Human Resources Department;
  • Members of the Management;
  • Any specified and contracted third party processor, acting under written and express authorisation on behalf of our company, used to process internal corporate personal data, providing secure processing facilities and data access.

When we are statutory obliged to do so or pursuant to a Court Order, your personal data may be also processed by any Governmental and/or other official authority and/or any other third party.

6. Third party processing

Data processing may be carried out on behalf of us by third party data processors, pursuant to written and express authorisation for specific purposes contained in the relevant authorisation. We have taken all necessary steps, including the implementation of appropriate legal, technical and organisational measures, to ensure that the data processing meets all applicable statutory requirements, thus safeguarding your rights.

7. Automated decision making including profiling

You will not be subject to decisions that will produce legal effects or have a significant impact on you, based solely on automated decision – making.

8. Data Retention policy

Subject to your express and positive consent, the personal data provided to us during the submission of your application shall be retained by our company for future job openings or potential cooperation opportunities until you instruct us otherwise, by withdrawing your consent or object to the further processing.

Should we not receive your consent as indicated above, your personal data will be deleted / destroyed 12 (twelve) months after the submission date, as per our company’s data retention policy.

9. Security

Here at Consulco, security of your personal data is taken very seriously. For both hard and electronic copy processing we have data management systems which are periodically updated in accordance with technological development and a framework of multilevel security policies to hold data confidential and secure. Security measures have also been taken to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Moreover, we have procedures to deal with suspected data security breaches or threats and should a breach ever materialise, you will be notified accordingly, along with the supervisory authority, if we are required to do so.

More information on our security framework is available upon request.

10. Your rights in connection with personal data

You enjoy a number of rights relating to the processing of your data. Any personal data related requests shall be processed within reasonable time and in any case within 1 (one) month from the signed written request. This period of time may be extended under certain circumstances by further 2 (two) months.

You will not have to bare any cost to exercise any of your rights. We may though charge a reasonable fee should your requests be clearly unfounded or excessive, due to their repetitive character, or refuse to comply with such request.

We may request specific information to assist us confirm your identity and ensure your capacity to enforce your rights. This is part of our security measures to certify that personal information is not disclosed to any person who has no right to receive it.

Save for any statutory provisions to the contrary, the rights available to you by law are the following:

(a) Right of Access

You have the right to enquire and obtain information from us, as to whether or not your personal data is being processed, including information on the purposes and legal standing of the processing, the categories of data, the recipients or group of recipients and where possible, the envisaged period for which the personal data will be stored.

Where applicable, you may also enquire in respect of any transfer of personal data to a third country or international organisation as well as to obtain more information about our existing security measures / safeguards governing such transfer.

(b) Rectification / Amendment

We aim in having up-to-date personal data kept in our records. Any inaccurate or incomplete personal data may be updated or rectified pursuant to a formal request.

(c) Right of erasure («right to be forgotten»)

Save for any limitations provided by express legal or regulatory provisions, including our policies for data retention, you have the right to request your personal data to be erased from our database, should any of the following occur:

  • The personal data is no longer necessary in relation to the purposes for which it was initially collected;
  • There is an objection to the further processing;
  • The personal data has been unlawfully processed;
  • The personal data should be erased in compliance with a legal obligation;

(d) Restriction of data processing

Provided that no statutory exceptions apply, should any of the following apply, you have the right to request from us to restrict the further processing of your personal data:

  • There is a dispute as to the accuracy of the personal data;
  • The processing is unlawful, and the erasure right was not requested;
  • The personal data will be used to establish, exercise or defend of legal claims;

(e) Right of portability

You have the right to receive your personal data in a structured, commonly used and a machine-readable form. In addition, and where it is technically feasible, you have the right to request the personal data to be transmitted directly from one data controller to another; thus, from one organisation to another.

Subject to any statutory requirement, the right of portability will not extend to personal data which is inferred or derived by us, such as activity registry, performance appraisals or other results of algorithmic analysis.

(f) Withdraw consent

Where the personal data processing is based exclusively on consent, you have the right to request from us to withdraw such consent at any given time. Nevertheless, such withdrawal, will not affect the lawfulness of any data processing based on that ground prior to your withdrawal.

Upon receiving you request, we will no longer process your information for the purposes you originally agreed to, unless another legal basis exists, or for the establishment, exercise or defence of legal claims.

11. Changes to the Privacy Notice

We keep our privacy notice under regular review and we reserve the right to update this privacy notice at any time.

12. Complaints

Complaints relating to the processing of any personal data may be communicated directly to the DPO, either by post at 73 Metochiou Street, 2407, Engomi, Nicosia, Republic of Cyprus or electronically at dpo@consulco.com.

Complaints may also be lodged before the the Office of the Commissioner for Personal Data Protection, by post at 1 Iasonos Str. 1082, Nicosia, Republic of Cyprus.