Privacy Policy l Terms & Conditions of Use

Data Controller

The Data Controller is Positive Sphere Consulting, with its registered office at R. dos Bombeiros 36, 4740-291 Esposende.

The personal data collected will be processed and handled by the Data Controller.

This privacy policy applies to (1) our job applicants and recipients of our employment services, (2) our associates, individuals we place with one of our clients or individuals to whom we provide outplacement or transition services, (3) users of the websites and applications listed here (the 'Sites'), and (4) representatives of our business partners, clients, and suppliers. This privacy policy does not apply to our headquarters and country staff, who are individuals employed by Positive Sphere Consulting and who work directly for Positive Sphere Consulting and not directly with a Positive Sphere Consulting client.

This privacy policy describes the types of personal data or personal information we collect, how we use the information, how we process and protect the information we collect, for how long we store it, with whom we share it, to whom we transfer it, and the rights that individuals can exercise regarding the use of their personal data. We also describe how you can contact us regarding our privacy policies and exercise your rights. Our privacy policies may vary in the countries in which we operate to reflect local policies and legal requirements.

Information We Collect

We may collect personal data about you in various ways, such as through our sites and social networks; at our events; by phone and fax; through job applications; in connection with in-person recruitment; or in connection with our interactions with clients and suppliers. We may collect a selection of personal data depending on the nature of the relationship, including (as permitted by local law):

• contact information (such as name, postal address, email address, and phone number);
• username and password when you register on our Sites;
• information you provide about friends or other people you would like us to contact. (The Data Controller assumes that the other person has given their prior consent for such communication); and
• other information you may provide us, for example, through surveys, or through the 'Contact Us' feature on our Sites.

In addition, if you are an employee, temporary worker, or job applicant, if you apply for a job or create an account to apply for a job, we may collect the following types of personal data (as permitted by Law):

• employment and education history;
• languages spoken and other job-related skills;
• Social Security number, national identifier, or other identification number;
• date of birth;
• gender;
• bank account information;
• citizenship and work visa information;
• social benefit information;
• tax information;
• information provided by references; and
• information contained in your resume or CV, information provided about your career interests, and other information about your qualifications for employment.
• and when required by law, explicit consent provided by you:
• disabilities and health information;
• drug test results, criminal records, and other background checks.

In addition, we may collect information you provide about other people, such as information related to emergency contacts.

How We Use the Information We Collect

The Data Controller collects and uses the collected data for the following purposes (as permitted by local law):

• a) provide employment solutions and connect people to jobs;
• b) create and manage online accounts;
• c) process payments;
• d) manage our relationships with clients and suppliers;
• e) when permitted by law and in accordance with the Data Controller's Cookie and Advertising Policy (included herein), send promotional materials, alerts regarding open positions, and other communications;
• f) when permitted by law, communicate and manage participation in special events, promotions, programs, offers, surveys, contests, and market research;
• g) respond to individuals' questions and complaints;
• h) operate, evaluate, and improve our business (including developing, enhancing, analyzing, and improving our services; managing our communications; performing data analytics; and performing accounting, auditing, and other internal functions);
• i) protect against, identify, and seek to prevent fraud and other illegal activities, claims, and other liabilities; and
• j) comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations, and our policies.

All processing will be carried out on the basis of adequate legal grounds, which may fall into several categories, including:

• a) consent or explicit consent from the data subject, when required by applicable law;
• b) to ensure compliance with a legal or contractual requirement, or a requirement necessary to enter into a contract [e.g., processing your personal data to ensure your wages and taxes are paid].
• c) being essential and necessary for the legitimate interest of the Data Controller [e.g., allowing the user to access the site to receive the offered services].

In addition to the activities listed above, if you are an associate or job applicant and you apply for a position or create an account to apply for a position, as permitted by local laws, we will use the information described in this privacy policy for the following purposes:

• e) To provide you with employment and work opportunities;
• f) to provide you with HR services, including benefits program administration, payroll, performance management, and disciplinary actions;
• g) to provide you with additional services, such as training, career counseling, and career transition services;
• h) to assess your suitability as a job candidate and your qualifications for positions; and
• i) to perform data analytics, such as (i) analyzing our base of job candidates and associates; (ii) assessing individual performance and capabilities, including scoring of job-related skills; (iii) identifying skills gaps; (iv) using information to match individuals with potential opportunities, and (v) analyzing pipeline data (trends regarding hiring practices).

We may also use the information in other ways for which we will provide specific notice before or at the time of collection.

Legitimate Interest

The Data Controller may process personal data for certain legitimate business purposes, which include some of the following:

• when processing enables us to enhance, modify, personalize, or otherwise improve our services/communications for the benefit of our clients, candidates, and associates;
• to identify and prevent fraud;
• to enhance the security of our network and information systems;
• to better understand how people interact with our websites;
• for direct marketing purposes;
• to provide you with postal communications which we think will be of interest to you;
• to determine the effectiveness of promotional campaigns and advertising.

Whenever we process data for these purposes, we will ensure that we respect your rights and take these rights into account. You have the right to object to such processing, and if you wish to do so, please email us at geral@positivesphere.pt. Please note that if you exercise your right to object, this may affect our ability to carry out and provide services to you for your benefit.

How We Process and Protect Personal Information

We process the personal data we collect, also by automated means, for the purposes defined above and for a specific period, in compliance with our internal retention policy, to ensure that personal data is not kept longer than necessary.

We maintain administrative, technical, and physical safeguards designed to protect the personal data you provide against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. To ensure the security and confidentiality of personal data, we apply the following security measures:

• Encryption of data in transit;
• Strong user authentication control;
• Strong network infrastructure;
• Network monitoring solutions;

How Long We Keep the Data We Collect

We store the personal data we collect in our systems in a way that allows the identification of data subjects for no longer than is necessary in light of the purposes for which the data was collected, or for which that data is further processed.

We determine this specific period considering:

• The need to keep the collected personal data stored to provide the services contracted with the user;
• To safeguard a legitimate interest of the Data Controller as described in the purposes;
• The existence of specific legal obligations that make the processing necessary for the period of time determined by Law;

Information We Share

We do not disclose personal data we collect about you, except as described in this privacy policy or in separate policies provided in connection with specific activities.

We may share personal data with vendors who perform services on our behalf based on our instructions. We do not authorize such vendors to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. We may also share your personal data (i) with our subsidiaries and affiliates; (ii) if you are a job applicant, with clients who may have job opportunities available or an interest in hiring our candidates; and (iii) with other people we work with, such as consultants and subcontractors, to find you a job.

Furthermore, we may disclose personal data about you (i) if we are required to do so by law or legal process; (ii) to law enforcement authorities or other government officials based on a lawful disclosure request; and (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We also reserve the right to transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).

Data Transfers

We may also transfer the personal data we collect about you to countries other than the country where the information was originally collected. Such countries may not have the same data protection laws as the country in which you initially provided the personal data. When we transfer your information to other countries, we will protect that data as described in this privacy policy and such transfers will comply with applicable law.

The countries to which we may transfer the personal data we collect about you may be located:

• Within the European Union
• Outside the European Union

When we transfer personal data from the European Union to countries or international organizations based outside the European Union, the transfer is based on:-

An adequacy decision by the European Commission;

In the absence of an adequacy decision, other legally permitted grounds: (a) a legally binding and enforceable instrument between public authorities or bodies; (b) binding corporate rules; (c) standard data protection clauses (formerly called model clauses) adopted by the Commission, etc.

Your Rights as a Data Subject

As a data subject, you can exercise, in accordance with Articles 15 to 22 of the GDPR, the following specific rights:

• Right of access: The data subject has the right to access their personal data to verify that their personal data is processed in accordance with the law.
• Right to rectification: The data subject has the right to request the rectification of any inaccurate or incomplete data about them, to protect the accuracy of such information and adapt it to the data processing.
• Right to erasure: The data subject has the right to request that the Data Controller erase information about them and no longer process that data.
• Right to restriction of processing: A data subject has the right to request that the Data Controller restrict the processing of their data.
• Right to data portability: The data subject has the right to request data portability, which means that the data subject can receive the originally provided personal data in a structured and commonly used format, or may request the transfer of the data to another Data Controller.
• Right to object: The data subject who provides personal data to a Data Controller has the right to object, at any time, to the processing of data on several grounds set out in the GDPR without needing to justify their decision.
• Right not to be subject to automated individual decision-making: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, if it produces a legal effect concerning the data subject or similarly significantly affects them.
• Right to lodge a complaint with a supervisory authority: Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of their habitual residence, place of work, or place of the alleged infringement, if the data subject considers that the processing of personal data relating to them infringes the GDPR.

Whenever the processing is based on consent, as provided for in art. 7 of the General Data Protection Regulation, the data subject can withdraw their consent at any time.

If you need more information about the processing of your personal data, please email us at geral@positivesphere.pt.

Updates to Our Privacy Policy

This Privacy Policy (including any addenda) may be updated periodically to reflect changes in our privacy practices and legal requirements. If significant changes occur, we will notify you by posting a prominent notice on our Sites, indicating at the top of each Policy the date of the last update.

How to Contact Us

If you have questions or comments about this privacy policy, or if you would like to exercise your rights, please contact us through our Data Protection Officer, whose contact details are:

MONICA SANTOS – POSITIVE SPHERE CONSULTING
MONICA SANTOS – POSITIVE SPHERE CONSULTING<br />R. dos Bombeiros 36, 4740-291 Esposende
geral@positivesphere.pt