Data Protection Policy

1. Introduction

BRIGHT ID’S, is committed to respecting your privacy and to complying with applicable data protection and privacy laws and regulations. Data Privacy Policy (“Policy”) informs you about how BRIGHT ID’S processes information it collects about you during BRIGHT ID’S ’s recruitment activities. It sets out what kind of Personal Data BRIGHT ID’S may collect about you and from other sources, how BRIGHT ID’S processes your Personal Data during its recruitment activities, and what rights you have in relation to such data. “Personal Data” means information relating to you or another identifiable individual. We may provide you additional privacy information to this Policy via supplements and other notices. If there is a difference between such notices and this Policy, the notices should be considered first. Our products, services and websites may contain links to other companies’ websites and services that have privacy policies of their own. BRIGHT ID’S is not responsible for the privacy practices of others and we recommend you read their privacy notices.

2. What Personal Data does BRIGHT ID’S collect?

BRIGHT ID’S  collects Personal Data directly from you as well as from other available sources to the extent relevant and permitted by applicable local law. BRIGHT ID’S  endeavours only to collect Personal Data that are necessary for the purpose(s) for which they are collected and to retain such data for no longer than necessary for such purpose(s). Subject to applicable local law and practice, the categories of Personal Data that are typically collected and processed in the recruitment context are:

  • Information you provide: When you create an account in our recruitment management system or otherwise interact with BRIGHT ID’S (either directly or through an agency or other third party), you may be asked to provide BRIGHT ID’S  with your information, such as
    • your name, street address, telephone number and email address and other contact details;
    • your competences, skills, experience and education, e.g. your CV or resume, previous employments, educational details and qualifications, third party references;
    • your preferences, e.g. preferred country of employment, areas of interest as well as your preferred ways to be contacted by BRIGHT ID’S; as well as
    • your user identity, e.g. user names and other such information used in connection with authenticating you.
  • BRIGHT ID’S does not use cookies.
  • Depending on the location of the position, you may be offered the opportunity to provide diversity data such as race, gender, and veteran status. Provision of this diversity data is optional, and no employment decision will be made on the basis of this data.
  • Other information, such as information found from public sources as well as information related to credit or background checks, depending on the position you are applying for, and where necessary for the recruitment activities.

3. What will BRIGHT ID’S do with your Personal Data?

BRIGHT ID’S  will collect, use, store and otherwise process your Personal Data for the purposes of BRIGHT ID’S ’s recruitment or resourcing activities. Additionally, your Personal Data may be processed for other purposes you have consented to, or in cases where  another legal basis applies or where  we are legally allowed to do so. Whenever necessary and subject to statutory record-keeping requirements, BRIGHT ID’S  will delete and/or anonymize Personal Data that are no longer needed. If there  has not been any recent activity on your profile, we may delete your profile after a reasonable time in compliance with applicable laws. Otherwise we will maintain your profile as long as you retain it actively in our systems for you to be able to apply for available positions which may become available to you from time-to-time. BRIGHT ID’S  will process your Personal Data for the following purposes:

  • Communicating with you, in context of recruitment activities, such as:
    • To obtain additional information when necessary;
    • To inform you of available vacancies;
    • To provide you with information relating to your application and to fulfill your requests.
  • Managing recruitment and resourcing activities, including activities related to organizational planning. In the course of recruitment activities, we may use your information:
    • To set up and conduct interviews and assessments;
    • To evaluate, select and hire applicants;
    • To conduct background and credit checks and assessments as required or permitted by applicable local law;
    • To contact third party references provided by you to evaluate your previous performances;
    • Or as otherwise necessary in context of recruitment activities.
  • Development of services:
    • We may use your Personal Data to develop and improve our recruitment processes, websites and other related services. When feasible, we use aggregated anonymous information in context of the development activities.
  • If you are hired, for populating your employee file and various systems and tools used in connection with employment at BRIGHT ID’S .  Upon hire, your Personal Data will be subject to the BRIGHT ID’S Employment Privacy Policy in lieu of this Policy.
  • Legal and regulatory compliance, including obtaining and releasing Personal Data as required by law, judicial organizations or practice in order to comply with legal obligations imposed on us.

BRIGHT ID’S  processes your Personal Data pursuant to several legal bases, depending on the type of data and purpose of the processing. Under most circumstances, BRIGHT ID’S ’s processing of your Personal Data in the recruitment context is based on your request in the anticipation of entering into an employment agreement with BRIGHT ID’S . BRIGHT ID’S  will also process this information when required to comply with legal obligations to which it is subject, such as governmental reporting obligations. In some circumstances, BRIGHT ID’S  will process your Personal Data pursuant to its own legitimate interests in operating its business, including conducting the above described activities for internal administrative purposes and ensuring network and information security. A different legal basis may be provided at the point when  Personal Data is collected.

4. How is Sensitive Information treated?

BRIGHT ID’S aims to limit the collection of Sensitive Information and shall only collect Sensitive Information if there is a legal justification for processing it, or if it is collected and processed with your express consent. BRIGHT ID’S recognises the additional need to protect Sensitive Information. All Sensitive Information is processed in strict compliance with applicable local law and only by a restricted number of individuals who have a clear and justified need to know such information. Sensitive Information may be processed when necessary to enable BRIGHT ID’S  to exercise its legal rights or perform its legal obligations in the field of employment law or related fields of law. Examples of such obligations include ensuring the health and safety of BRIGHT ID’S ’s employees through the provision of a safe working environment or when the processing is carried out by a doctor or similar health professional bound by a duty of confidentiality to you and is necessary for medical purposes.

5. Who has access to your data?

It is BRIGHT ID’S ’s responsibility to implement appropriate access control measures to ensure that your Personal Data is only accessed by persons having a clear need to know such information. The extent to which your Personal Data are made accessible will depend upon the nature of the data concerned. Prior to hire, your Personal Data is not made widely available. Some Personal Data, such as your resume, job history, and other information relevant to assessing your fitness for the position to which you have applied, are made available as needed to the BRIGHT ID’S team you are seeking to join, others within BRIGHT ID’S with a stake in the applied for role, and appropriate members of BRIGHT ID’S  Human Resources Department. Except as needed to assess your qualifications for the role, access to most of your Personal Data is restricted to certain experts (e.g. Human Resources, IT or Legal) to the extent necessary to perform their work tasks.

6. Transfer of your Personal Data

BRIGHT ID’S will not sell, lease, rent or otherwise disclose your Personal Data except as provided in this section:

  • Consent: BRIGHT ID’S may share your Personal Data if you have given your consent for BRIGHT ID’S to do so.
  • BRIGHT ID’S and authorized third parties: BRIGHT ID’S may share your Personal Data with authorized third parties who process Personal Data for BRIGHT ID’S  for the purposes described in this Policy or otherwise provide recruitment related services to BRIGHT ID’S . In such cases BRIGHT ID’S  will ensure that there is a genuine need to transfer your Personal Data and that measures are in place to safeguard the processing of your Personal Data through authorized third parties.

Authorised third parties include, for example, recruitment agencies, professional advisors, external legal counsel, consumer credit reporting agencies, recruiting systems providers, providers of assessments and other third party suppliers. Authorised third parties may technically have access to your Personal Data in the course of providing their services but will be contractually restricted (or subject to a professional or statutory duty of confidentiality) from processing your Personal Data for other purposes. BRIGHT ID’S also requires them to act consistently with this Policy and to use appropriate security measures to protect your Personal Data.

  • International transfers of Personal Data: BRIGHT ID’S is a European company that has business processes, and clients that cross national borders. This means that your Personal Data may be transferred across international borders to countries other than the one where you are applying to as an applicant. Such other countries do not always have equivalent laws providing specific protection for or rights in relation to Personal Data or they have different rules on privacy and data protection. BRIGHT ID’S takes steps to ensure that there is a legal basis for such a transfer and that adequate protection for your Personal Data is provided as required by applicable law. Such steps include, for example, the use of standard contractual clauses approved by the European Commission or relevant authorities and the requirement to use appropriate technical and organisational security measures to protect your Personal Data. You may contact the BRIGHT ID’S Privacy Office at office@brightids.ro to obtain additional information about the safeguards taken by BRIGHT ID’S  in connection with these transfers. A copy of the unchangeable Standard Contractual Clauses can be accessed on the webpage of the European Commission.
  • Mandatory disclosures: BRIGHT ID’S may be required by or under mandatory law to disclose your Personal Data to certain authorities or other third parties, for example, to government agencies responsible for the employment activities, statistical information or to the police or other law enforcement agencies, for example in context of conducting a background check.
  • Mergers and acquisitions: When BRIGHT ID’S takes steps to sell, buy, merge or otherwise reorganize its businesses in certain countries, this may involve disclosing Personal Data to prospective or actual purchasers and their advisers. In such circumstances, BRIGHT ID’S will take all reasonable steps to ensure that appropriate measures to protect Personal Data are taken by such prospective or actual purchasers and their advisors.
  • Other: BRIGHT ID’S may disclose your personal data if it is necessary to protect your vital interests. BRIGHT ID’S may also disclose and otherwise process your Personal Data in accordance with applicable law to defend BRIGHT IDs’s legitimate interests, for example, in legal proceedings.

7. What steps are taken to safeguard Personal Data?

Privacy and security are key considerations for BRIGHT ID’S. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments. We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our data bases containing Personal Data to authorised persons having a justified need to access such information.

8. Data quality

We take reasonable steps to keep the Personal Data we possess accurate and to delete incorrect or unnecessary Personal Data. We encourage you to access your Personal Data through your account from time to time to ensure that it is up to date. To the extent permitted or required by applicable local law or subject to your consent, we may use public sources in order to verify that Personal Data we hold is correct.

9. How long we keep your data

We often work with people multiple times over the course of their career, so we may retain a basic history of our interactions with you indefinitely unless you request otherwise (see below). Where we have successfully placed a job-seeker in a client organization, we keep a record of this for the purposes of statutory accounting and any future contractual issues.

10. Your rights

With respect to the processing of your Personal Data, you will always have the rights as provided by applicable local law. In addition, this Policy provides you with the following rights:

  • Right to access: You are entitled to be informed of what Personal Data BRIGHT ID’S holds about you, the purposes for which they are being processed and categories of recipients to whom they are being or may be disclosed. There may be certain categories of information prescribed by applicable local law that BRIGHT ID’S may lawfully withhold. If BRIGHT ID’S declines to provide access to any of the Personal Data you request, you will be provided with the reasons for such a decision.
  • Right to request correction and deletion: Subject to applicable local law, you may be entitled to request BRIGHT ID’S to rectify, delete or block (as appropriate) your Personal Data that is incorrect, incomplete or unnecessary.
  • Right to data portability: Subject to applicable local law, you may be entitled to receive a copy of certain Personal Data in a commonly used machine-readable format.
  • Right to object: You may object to BRIGHT ID’S ’s processing of your Personal Data on compelling, legitimate grounds relating to your circumstances. Despite your objections, BRIGHT ID’S may be required or permitted by law to process your Personal Data.
  • Right to restriction of processing: You have the right to require BRIGHT ID’S to restrict its processing of your Personal Data (1) during verification of whether your right to object applies; (2) if you contest the accuracy of the Personal Data, for the period enabling BRIGHT ID’S  to verify the accuracy of the Personal Data; (3) if BRIGHT ID’S ’s processing is unlawful; and (4) BRIGHT ID’S  no longer needs your Personal Data for the purposes of the processing, but you wish BRIGHT ID’S  to retain the data for the establishment, exercise, or defense of legal claims. During the restricted processing period, BRIGHT ID’S will only process the Personal Data for storage purposes, with your consent, for the establishment, defense or exercise of legal claims, or other purposes permitted by law.
  • Remedies in case of a violation: You are entitled to all rights and remedies provided by local applicable law.  Generally, you should seek redress in respect of a violation of this Policy from the BRIGHT ID’S company which originally collected the relevant Personal Data.
  • Right to withdraw consent: When the data processing is based on your consent, you may withdraw that consent at any time. Withdrawal of that consent will not affect the lawfulness of processing based on that consent prior to its withdrawal.
  • Right to lodge a complaint with a supervisory authority: If you are located in a European Union member state or within the European Economic Area, you have the right to lodge a complaint about BRIGHT ID’S ’s data collection and processing actions with the supervisory authority concerned.

There will be no adverse consequences in you exercising your rights as mentioned above. You are encouraged to use available BRIGHT ID’S recruitment tools to access, view and edit your profile. You may be able to delete the entire profile directly from the available tools or you may be required to request such deletion of your profile by contacting your available recruitment support. In case you revoke your consent or object to certain processing activities or delete your profile completely, BRIGHT ID’S may be unable to continue the recruitment process with you.

11. Whom to contact?

BRIGHT ID’S is the controller of your Personal Data. If you have any queries about your Personal Data, contact primarily the relevant recruiting personnel through provided contacts or channels. Note that you may access and manage much of your Personal Data online by using the available profile management tools. If you want to exercise your rights as described in the previous section of this Policy you may make a request in writing through provided contacts or channels. BRIGHT ID’S may need to identify you and to ask for additional information to be able to fulfill your request. BRIGHT ID’S will fulfill your request within the timeframes required by applicable local law or, in the absence of such timeframes, within a reasonable time. BRIGHT ID’S has appointed Daniel Varzaru as its Data Protection Officer. You may also contact BRIGHT ID’S’s Data Protection Officer if you have any queries concerning Privacy matters. Such queries and concerns may be made or reported in writing to the below address: BRIGHT ID’S Privacy Office 132 Mihai Bravu Street, Building D22, Entrance A, Apartment 4, 021336, Bucharest, District 2 Romania office@brightids.ro

12. Changes to this Policy

BRIGHT ID’S may from time to time change this Policy or change, modify or withdraw access to this site at any time with or without notice. However, if this Policy is changed in a material, adverse way, BRIGHT ID’S will post a notice advising of such change at the beginning of this Policy and on this site’s home page for 30 days. We recommend that you re-visit this Policy from time to time to learn of any such changes to this Policy.


“Sensitive Information” means special categories of Personal Data as defined under applicable laws that may be processed only when there is a legal justification (e.g. authorised by law in the field of employment) or with the individual’s consent. Such special categories include but are not limited to Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, or data which concerns their health or sex life or sexual orientation.