Privacy Policy

CENTRIC TECHNOLOGIES LTD (the controller) attaches great importance to personal data protection
and collects and processes personal data only in compliance with the requirements of domestic
legislation and EU acquis. The objective of this Personal Data Protection Policy is to brief you as to how
we are processing your data and what types of personal data we would collect in regard to you, for
what purposes, terms and respectively what rights are you entitled to.

Personal data
The controller collects and processes personal data of the following categories of individuals, namely:
Job applicants, who have applied with us:
Applicants, for whom we provide social security and insurance or employment with any of our clients
/employers/;
Users of the website: https://centricsoft.io/
The website is using cookies for the sole purpose of statistical data.

Depending on the services, which you are using, we may collect and process the following
information:
• full name; • date of birth; • data on the education completed and any additional qualifications, incl.
language proficiency; • data on prior experience and employers; • data from work permits; • contact
telephone number; • electronic address (e-mail) • Letters and electronic mail that we receive from
you in the communication between us; • other data from usage of a contact form.

In the course of usage of our website we may collect and process: • user names and passwords; •
electronic addresses, data regarding the activity in the profile; • other information, voluntarily shared
by you.

We are not collecting sensitive personal data such as data on race, religion, sexual preference and / or
religious persuasion. If such information would be transmitted to us, it would not be stored.

Purpose of processing your data

The controller processes your data only for the purposes, for which it was collected and for no other
purpose. Those purposes are exclusively related to our core activities – recruitment, consulting,
analysis and career support. The purposes are also aligned with the normative requirements and in
compliance with the Ordinance on the terms and procedure for conducting job placement activities
etc. More specifically, those purposes are:
Entry into contracts with the controller;
Administration of the contracts;
Access to our employers’ data base;
Financial relations;
Processing of applications and requests;
Transmission of notices concerning job vacancies;
Management, assessment and improvement of our activities;
Provision of additional services, such as trainings, career consulting and career development services;
Evaluation of job applicants’ employability;
Ensuring of effective communication;
Ensuring of security.

Legal basis

In most cases we request your personal data and process it (alternatively) on the basis of execution
and performance of contract, in order to comply with legal requirements or for protecting our
legitimate interest. Of course, for some of the services you would be providing such information to us
yourself, electing and agreeing for it to be processed. Without such data we would not be in a position
to provide the respective services.

Processing of data, required for the execution and performance of contracts for performance of
contractual obligations under executed contracts for rendering training services; ensuring of
comprehensive servicing and administration;
Processing of data, required for fulfilment of our statutory obligations the Ordinance on the terms and
procedure for conducting job placement activities and other related normative acts.
Obligations to provide information to all state commissions and regulatory bodies; provision of
information to the court and the law enforcement bodies.
Processing of data on the basis of your consent transfer of data outside the EU; direct marketing.
Processing of data on the basis of our legitimate interest conduct of video surveillance at our
administration facilities;

Sharing your information

The controller uses the services of third parties for supporting certain contractual activities in order to
comply with statutory obligations. We are not disclosing your personal data to third parties before
making sure that all technical and organizational measures for the protection of this data had been
taken and aim to apply strict control over the achievement of this goal. We may provide data to
accounting firms, law offices, IT companies, which are maintaining our website etc.

The provision of personal data in some cases is mandatory, in order for us to comply with legal
requirements and in this connection we are providing information to the respective governmental
institutions.

The details being gathered by the forms in the website for contacting us or applying for a job are only
used internally and are not being shared with any 3rd party.

Security

The security of the data that you place in our charge is very important for us. That is why we are
protecting your data by applying all appropriate technical and organizational means available to us, in
order to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of
information.

The controller applies measures for protection of your personal data from accidental loss or from
unauthorized access, use, modification or circulation. Policies and procedures are in place, intended to
protect the information from loss, abuse and unauthorized disclosure. Apart from this we are taking
additional measures for information security, including access control, strict physical protection and
reliable practices for the collection, storage and processing of the information. Among the actions
taken are:

1. Physical, organizational and technical protection measures:
designation of controlled access areas; designation of the premises, where personal data is processed,
incl. those where our servers are located and restriction of access; determining the organization of
physical access; designation of the technical means used for physical access – in special rooms and
locking cabinets; setting up of a team for response in case of violations;

2. Personal protection: familiarisation of personnel with the specifics of personal data processing and
with the normative framework in the field of personal data protection, with this policy and others
relevant internal normative acts; confidentiality of information; training of the personnel;

3. Documentary protection: definition of the periods of storage; rules for circulation, procedures for
destruction, checking and control of processing. On the other hand, we are applying technical
measures such as encrypting, pseudonymisation and anonymisation of the personal data collected.

When will we erase your personal data?

We are storing the entire information, which we have collected in regard to you and will destroy it
under the established procedure within the legal time limits and in case there are none – within the
time limits, specified in our policy on limitation of storage.

Some of the time limits are:
– 5 years – concerning the applicants’ data under Article 41(2) of the Ordinance on the terms and
procedure for conducting job placement activities;
– up to 3 years – in cases of own recruitment as Employer pursuant to PDPA;
– 10 years under the Accountancy Act concerning the storage and processing of accounting data;
Transfer among states

The controller may transfer your data outside the EU to potential employers, but only subject to and
following your express written consent or in instances of derogation or contract performance.

Your rights in regard to personal data

You are entitled to request at any time the controller to provide you with information and access to the
personal data, collected and stored in regard to you. You may also require the controller to correct,
erase and update such personal data. The controller also ensures your right of objection and
restriction of the personal data processing, as well as your rights in instances of automated decision
making.

You may withdraw at any time your consent for the collection, storage and use of your personal data
vis-à-vis the controller. Such withdrawal however shall not affect the data, lawfully processed up to
the date of withdrawal. Some of your rights, such as deletion of data or objection against the
processing, may be restricted by applicable legislation. The applications for access to the information
of for correction shall be submitted in person or by an individual, expressly authorized by you, on the
basis of an express written power of attorney. An application may also be submitted electronically,
under the procedure of the Electronic Document and Electronic Signature Act.

We are advising you that under current legislation you are also entitled to lodge objections against the
manner, in which your data is being processed, to the supervisory body at 2 Prof. Tsvetan Lazarov
boulevard, city of Sofia 1592 or at www.cpdp.bg.

Changes to this Personal Data Protection Policy.

This procedure for personal information protection may be changed over time. Such changes shall
enter into effect forthwith after their announcement. By regularly consulting this site you will aware at
all times of the latest updates on what information we are collecting, how and for what purposes is the
controller using it and in what circumstances (if any) we would share it with other parties.
In case of questions or of claims in regard to data protection you may contact us in any of the
following ways:
Email: hello@centricsoft.io
Telephone: +359-88-693-6460