Our Privacy Policy

Last updated: 09 October 2019

EE Counsellor Limited is committed to protecting our clients’ and candidates’ privacy and handling our clients’ and candidates’ personal data in an open and transparent manner. The personal data that we collect and process depends on the service requested and agreed in each case.

In this privacy policy statement, we explain what information we collect about our clients and candidates, the way we use this information and who we give that information to. It also sets out our clients’ and candidates’ rights in relation to the information collected and processed.

EE Counsellor Limited (hereinafter referred to as the “company”) is a company registered in Cyprus and having its registered office located at 75 Athalassas Avenue, CY-2012, Strovolos, Cyprus.

This Privacy Policy is directed to natural persons (hereinafter referred to as our “clients”) who are either past, current or potential clients or candidates, or are authorized representatives/agents of past, current or potential clients or candidates, or are beneficial owners in legal entities who are past, current or potential clients or candidates.

We collect and process different types of personal data which we receive from our clients in person or via their online submission in the context of our business relationship.

We may also collect and process personal data which we lawfully obtain not only from our clients and their representatives but also from other third parties e.g. other service providers or online tools such as LinkedIn.

ZOHO Recruit (hereinafter referred to as our “online recruitment platform”) provides us with the facility to maintain the data of the candidates. The candidate uploads the CV on the online recruitment platform, and provides us with his/her consent to process the data according to our privacy policy.

We may receive your personal data from a third party who recommends you as a candidate for a specific job opening or for our business more generally. In this case, we will contact you via email and ask you to upload your CV in our online recruitment platform and provide us with you consent.

The personal data which we may collect includes:
Name, address, contact details (telephone, email), identification data (such as passport, driver’s license or ID), birth date, place of birth (city and country), marital status, employment status (employed/self-employed), curriculum vitae, authentication data (e.g. signature).

We collect and process some or all of the following types of information from you:

• Information that you provide when you apply for a position / role. This includes information provided through our online recruitment platform, via email, in person at interviews and/or by any other method. The company, processes personal details such as name, email address, address, date of birth, qualifications, experience, information relating to your employment history, skills and experience that you provide to the company.
• Record of correspondence - if you contact the company.
• Record of your progress through any hiring process that we may conduct.
• Details of your visits to the company’s online recruitment platform including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to the company’s website and the resources that you access.

Lawful basis for processing

We rely on legitimate interest as the lawful basis on which the company collects and uses personal data. Our legitimate interests are the recruitment of staff for Client’s business and vice versa.

Where you apply for a job opening through any functionality, we rely on your consent, which is freely given by you during the application process.

We use information held about you in the following ways:

• To consider your application in respect of a role for which you have applied.
• To consider your application in respect of other roles.
• To communicate with you in respect of the recruitment process.
• To enhance any information that we receive from you with information obtained from third party data providers.
• To find appropriate candidates to fill client job openings.

In order to proceed with a business relationship our clients must provide their personal data to us which are necessary for the required commencement and execution of a business relationship. Failure to provide us with personal data prevents us from commencing or continuing a business relationship with the clients.

We process our clients’ personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:

For compliance with a legal obligation

We are obligated under the Data Protection Legislation, to which we are subject to, to collect and process the personal data of our clients for due diligence purposes.

There are also various supervisory authorities whose laws and regulations we are subject to e.g. the Cyprus Ministry of Labour which impose on us obligations and requirements to collect and process personal data for due diligence purposes.

From the specific consent of the client

When the client has provided specific consent for processing (other than for the reason set out hereinabove) then the lawfulness of such processing is based on that consent. The client has the right to revoke consent at any time. However, any processing of personal data prior to the receipt of the revocation will not be affected.

For the purposes of safeguarding legitimate interests

We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use our clients’ information.

In the course of the performance of our business relationship our clients’ personal data may be provided to various departments within our Company.

Furthermore, the following third parties may also be the recipients of the personal data under the certain circumstances such as supervisory and other regulatory and public authorities, whereby a statutory obligation exists.

We will keep our clients’ personal data for as long as we have a legitimate interest.

Once our business relationship has ended, we will hold your personal data on our systems for the longest of the following periods: (i) any retention period that is required by law or professional standards; (ii) as directed by our own internal retention policies or practices, the length of which may vary depending on the nature of the information that is held.

Our clients have the following rights in terms of the personal data we hold about them:

• To receive access to their personal data.
• To request correction of the personal data.
• To request erasure of their personal information. Where there is a good reason for the personal information to be kept, we may refuse the erasure of the personal data. Good reasons can include legal/statutory reasons for non-erasure, legitimate interests for non-erasure.
• To object to processing of their personal data. If our clients lodge an objection, we will no longer process their personal data unless we can demonstrate compelling legitimate grounds for the processing which override their interests, rights and freedoms.
• To request the restriction of processing of their personal data.
• To request to receive a copy of their personal data.
• To withdraw the consent given to us with regard to the processing of their personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked.

To exercise any of the above rights, or for any questions or complaints about our use of personal data, please contact our Data Protection Officer at [email protected].

Complaints may also be submitted the Office of the Commissioner for Personal Data Protection. More information can be found at http://www.dataprotection.gov.cy