Privacy Policy

What personal data we collect and why we collect it

  1. BACKGROUND INFORMATION

 

In compliance with the GDPR and other applicable legislation in the field of personal data protection, Heads d.o.o. ensures the protection of your privacy and protects your personal data.

 

This Privacy Policy (hereinafter referred to as the “Policy”) contains all the relevant information related to the collection, processing and retention of your personal data. 

 

This Policy is used for all your personal data collected and retained by the controller Heads d.o.o., Verovškova ulica 55, SI-1000 Ljubljana (hereinafter referred to as “Heads”, “us” and the “controller”).

 

As the controller, Heads is responsible for a legal and transparent processing and retention of your personal data.

 

If you have any questions related to the use of this Policy or the exercise of your rights arising from this Policy, please contact us through any of the channels mentioned below:

 

 

  1. USE OF THE POLICY

 

This Policy applies to:

  • the users of our website at www.headstalent.com;
  • enquiries about our services over the phone, by email or through online forms;
  • the use of social platforms through plugins proposed by Heads on its website;
  • the recipients of adapted communication;
  • the recipients of general and adapted marketing communication;
  • the participants in the events organised by Heads;
  • all individuals who use our services directly in Heads branches;
  • the users who log into the candidates database;
  • the users who apply for a job vacancy on the website, by email or over the phone;
  • the service requesters.

 

  1. BASIC CONCEPTS

 

Below, you will find the basic concepts used in this Policy.

 

Personal data means any information relating to an identified or identifiable natural person (such as first name, surname, e-mail address, phone number or identifiers specific to the physical, physiological, genetic, economic, mental, cultural or social identity of the subject, etc.).

 

Controller means a legal person which determines the purposes and means of processing of your personal data.

 

Processor means a natural or legal person which processes personal data on behalf of the controller.

 

Processing means the collection, storage, access and all other forms of use of personal data.

 

EEA means the European Economic Area which encompasses all Member States of the European Union, Iceland, Norway and Liechtenstein.

 

 

  1. PROCESSING AND COLLECTION OF PERSONAL DATA

 

We will only process your personal data on the basis of predefined purposes detailed in section 6 of this Policy. Processing will be carried out in a limited scope, meaning that we will only collect the data necessary to achieve the specified purposes.

 

  1. Obligation to communicate personal data

 

Communication of personal data is a voluntary process which is mainly based on the provided consent, unless such personal data processing is required by law.

 

If you communicate personal data to us on the basis of a contract, said personal data is communicated on a voluntary basis. However, if you do not communicate the personal data we need in order to conclude or execute the contract, we cannot guarantee that we will conclude or execute the contract.

 

If you wish to know more about the legal bases for personal data processing, read section 5 of this Policy.

 

If you do not wish to share certain personal data with us, it is possible we will not be able to provide you with certain services (if you do not send us information about your education, we will not be able to send you personalised employment offers).

 

  1. Personal data collection

 

We will obtain your personal data if you communicate them to us, i.e. directly from you (e.g. through your use of our website or if you order our services, subscribe to our newsletter or receive our employment advertisements, send us an enquiry by e-mail, over the phone or in writing to our address, or if you communicate your personal data to us in any other way).

 

We will also obtain your personal data through publicly available data records (such as the records of the Agency of the Republic of Slovenia for Public Legal Records and Related Services – AJPES).

 

We will also obtain your personal data pursuant to the use of cookies on our website. You can read more on the use of cookies in section 10 of this Policy.

 

  1. Personal data categories

 

In accordance with the legal basis and the predefined purposes, Heads collects different categories of personal data defined hereunder:

 

  • Identification data (first name and surname, legal form, business name, name of the representative, current account number, ID for VAT, company registration number, activity code),
  • Contact data (address, phone number, email address)
  • Sensitive personal data (national origin, union membership, data found in criminal and other records, psychological testing data, etc.)
  • Communication data (date, time, and contents of the communication)
  • Employmentrelated data (company, place of employment, job position, previous experiences)
  • Education data (level of education, programme orientation)
  • Data on the profile of the subject (working field, area of work, foreign language skills, mobility, knowledge of information technology, information on other additional knowledge and qualifications)
  • Business statistics of the buyer (information on material and financial turnover, information on bids, contracts and employment politics)
  • Data on the use of our website (date and time of your visit, the content you have accessed, the links you have clicked on, etc.)
  • Information about your computer (IP address, type of device, browser type)
  • Data from publicly available records (e.g. AJPES).

 

  1. LEGAL BASIS FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA

 

We will process your personal data if we have a suitable legal basis to do so. Pursuant to the applicable legislation in the field of personal data, the following legal bases are available to us:

  • Processing on the basis of a contract We process your personal data if such processing is necessary for the conclusion and execution of the contract.
  • Processing on the basis of a provided consent We process your personal data if we obtain your explicit consent to do so. If our processing takes place on the basis of your consent, we will previously provide you with all information you need to make your decision. You can withdraw your consent at any time.
  • Processing on the basis of a legitimate interest We can also process your personal data on the basis of a legitimate interest. If you wish to find out when your personal data will be processed on the basis of a legitimate interest, please refer to section 6 of this Policy. In the event of such processing, you have the right to object (to find out more about this right, see section 14 of this Policy).
  • Processing on the basis of a law We will process your personal data whenever the binding legislation requires us to do so (tax legislation requires us to save the issued invoices). We will process this personal data pursuant to the legislative requirements.

 

  1. PURPOSES OF PERSONAL DATA PROCESSING
     

We will only process your personal data for predefined, specified and legal purposes. Heads will not process your personal data in any manner not compatible with these purposes.

 

The purposes for which we use your personal data are detailed in the list below; your personal data may be used for one or more purposes. In the event of a previously undefined need for further personal data processing, we will previously inform you of it and will request your consent when necessary.

 

List of purposes of personal data processing:

 

  1. Adapted communication (with you) in terms of providing our services through text messages, phone calls and e-mail messages. This includes notifying individuals about job vacancies that correspond to their educational background, place of residence, etc. The use of certain personal data helps us to adapt our communication with you in order to make it as interesting and useful for you as possible. Based on certain personal data, we assign subjects to groups, which means that each of the groups we create receives adapted notifications from us. When assigning subjects to groups, we also monitor the activity of each individual and perform basic segmentation. The aforementioned data are processed based on your consent.
  2. Marketing communication We process the aforementioned data based on your consent.
  3. We perform adapted marketing communication based on the performance of basic segmentation. We process the aforementioned data based on your consent.
  4. Finding and choosing personnel We publish a job vacancy based on the instructions and requirements provided by the contracting entity. We send information about potential and/or chosen eligible candidates (based on the description of the job position, the eligibility conditions, etc.). In doing so, we can also perform the entire process of personnel selection pursuant to the requirements and specifications of the contracting entity. Said data are processed based on your consent.
  5. Enabling subjects to log into jobseeker databases – we use these data in order to be able to perform the selection process and create a profile of the subject, based on which the subject is then invited to take the job vacancy. We retain the aforementioned data based on your consent.
  6. Enabling subjects to apply for an open job position and executing suitable activities related to the needs of the open job position (including forwarding of data to the employer and conducting the potential employment procedure) We retain these data for 2 years after the job vacancy has been filled.
  7. Communicating about enquiries, complaints or other general issues, regardless of whether said communication takes place by e-mail, by mail or by phone. We communicate with you based on our statutory interest of guaranteeing efficient communication and facilitating efficient business operations.
  8. Concluding contracts and fulfilling obligations arising from the concluded contract We collect and process said data on the basis of a contractual relationship.
  9. Performing statistical analyses of the use of the website We process your personal data in order to prepare statistical analyses of our website which makes it possible for us to optimise it. We carry out said analyses on the basis of our statutory interest in guaranteeing a user-friendly and efficient website. The processing takes place through our contractual processor which obtains statistics through cookies (you can read more about cookies in section 10 of this Policy). The data collected are processed in an aggregated and anonymised format making it impossible to identify the subject. Such data enable us to constantly improve and adapt our website in order for it to meet the needs and interests of its users.
  10. Transmitting personal data to third parties We transmit your personal data to third parties if such transmission is necessary to achieve the processing purpose. If you wish to know more about personal data transmission, read section 11 of this Policy. We will only transmit your data if such transmission can be justified by our statutory interest of guaranteeing a safe and legal operation as well as complying with our statutory obligations (such as tax obligations which can include the transmission of your personal data to tax organs).
  11. Exercising legal claims, safeguarding our rights and resolving disputes We process the aforementioned data based on the statutory provisions.
  12. Statutory obligations We collect your data in order to comply with our statutory obligations, e.g. retaining invoices for tax legislation purposes. We will only process your data in the scope necessary for the compliance with the statutory obligations.

 

 

  1. PERSONAL DATA RETENTION PERIOD

 

We will collect, process and retain your personal data pursuant to the applicable legislation in the field of personal data protection.

 

Personal data retention is limited (in time) to:

  1. the absolutely necessary period needed to achieve the purpose for which the data are being processed;
  2. the statutory period (the tax legislation, for example, provides a retention period of invoices which extends to 10 years from the date of issue of the invoice);
  3. the period necessary to execute the contract, which also includes the deadlines for exercising any claims on the basis of a concluded contract (e.g. 5 years from the compliance with contractual obligations).
  4. The personal data obtained on the basis of your consent will be kept indefinitely or until you withdraw said consent (to find out more on how to withdraw your consent, read section 14 of this Policy). If we achieve the purpose for which we have collected the data, we will delete the data collected on the basis of your consent before you withdraw it.

 

In accordance with the corresponding purposes, we will retain your personal data for the following time period:

 

The purpose for which the personal data are collected

Retention period

Adapted communication in terms of providing our services through text messages, phone calls and e-mail messages

Until consent is revoked

Marketing communication

Until consent is revoked

Adapted marketing communication

Until consent is revoked

Finding and choosing personnel

Throughout the term of the contract and 5 years after its termination

Enabling database entry

Until consent is revoked

Enabling subjects to apply for a job vacancy

Until the end of the vacancy notice and 2 years after the end

Communicating about enquiries, complaints or other general issues

6 months from the first correspondence

Concluding contracts and fulfilling obligations arising from the concluded contract

Throughout the term of the contract and 5 years after its termination

Performing statistical analyses of the use of the website

Within the deadlines set out in section 10 of this Policy detailing individual cookies

Exercising legal claims, safeguarding rights and resolving disputes

Pursuant to the deadlines set out in the applicable legislation

Statutory obligations

Pursuant to the deadlines set out in the applicable legislation

 

Once the retention period is over (e.g. because the purpose for which the data were collected has been achieved because the statutory period has ended, etc.), we will erase, destroy or anonymise the personal data in a way which makes it impossible to reconstruct said personal data.

 

If you need any additional information related to the storage period of your personal data, please contact us using any of the contact details defined at the beginning of this Privacy Policy.

 

 

  1. PERSONAL DATA SECURITY AND PROTECTION MEASURES

 

At all times, Heads makes sure that your personal data is safe and suitably protected from illegal and unauthorised use. For this purpose, we have adopted several organisational and technical measures used to protect your personal data.

 

We carry out the following measures for personal data protection:

  • educating our employees on the legal personal data processing and protection;
  • carrying out employee control and performing regular checks of the work of each individual employee;
  • carefully monitoring our contractual processors;
  • providing limited access to personal data (passwords, limited number of employees with authorisations, etc.);
  • performing backup of electronically stored personal data;
  • controlling and suitably responding to any safety incident, and actively preventing damage to personal data and individuals;
  • adopting suitable internal rules and protocols with instructions on personal data protection;
  • regularly maintaining and updating computer equipment.

 

In the event of a breach of personal data security, we will immediately inform the Information Commissioner representing the competent supervisory authority in the field of personal data protection in Slovenia. To find out more about the Information Commissioner and their tasks and authorisations, please refer to the website.

 

In the event of a suspected criminal offence, Heads will also notify the competent police station and the Public Prosecutor’s Office of any breaches.

 

Should the breach of personal data security be susceptible to provoke a high degree of risk when it comes to the rights and freedoms of subjects, we will immediately inform said subjects of such breach.

 

  1. WEBSITE PLUGINS AND SOCIAL NETWORK ACCESS

 

Through our website, you can access the following plugins used by Heads for its operations:

  • LinkedIn

The aforementioned social networking site provides its services pursuant to its Terms and Conditions of Use and the Privacy Policy used for the collection and retention of the data of its users.

 

The Privacy Policies are available via the following links:

 

 

Heads shall bear no responsibility in relation to the use of the social networking sites that you can access through its website. If you have any questions or wish to exercise your rights, please contact each individual social networking site.

 

  1. COOKIES

If you visit our website, information in the form of cookies can be stored to your website.

 

A cookie is a file which saves the settings of the websites you visit. Webpages save cookies on individual user devices you use to access the Internet, with the purpose of recognising individual devices and settings you have used during your access. Cookies enable websites to recognise whether the user has already visited a certain website; in terms of advanced applications, they can be used to suitably adapt certain settings. The storage of cookies is controlled completely by the browser used by the user, who can limit or disable the storage of cookies.

 

Cookies are important since they provide user-friendly web services; the most important e-commerce functions could not have been possible without cookies. The use of cookies makes the interaction between a web visitor and a website faster and simpler. With the help of cookies, a website “remembers” the preferences and experiences of a certain user, and turns website browsing into a more efficient, pleasant experience.

 

Types of cookies

  1. Permanent cookies Permanent cookies enable the use of components necessary for the correct functioning of a website. Without these cookies, the services you wish to use on this website (such as login, purchase process, etc.) would not have functioned correctly.
  2. Temporary cookies These types of cookies collect information on how the users behave on the website, in order to ameliorate the experience provided by the website (e.g. what parts of the website they visit most often). These cookies do not collect information through which it would be possible to identify the user.
  3. Functional cookies These cookies allow for a website to remember some of your settings and choices (such as username, password, language, region, etc.) and provide advanced, personalised functions. Such cookies can make it possible to follow your actions on the website.
  4. Third-party cookies These cookies are most often used by advertising companies and social networks (third parties) in order to show you targeted ads, limit repeated ads or measure the efficiency of their advertising campaigns. Such cookies can make it possible to follow your actions on the Internet.

 

List of cookies used by Heads

 

Name

Purpose of the cookie

Duration

1P_JAR

Statistics and conversions Source: Google Analytics

1 month

_ga

Page views statistics Source: Google Analytics

1 year

_gat_gtag

Identification for monitoring visits Source: Google Analytics

2 years

_gid

Page views statistics Source: Google Analytics

1 day

NID

This cookie includes a unique ID used by Google to save your settings Source: Google

2 years

__cfduid

Cloudflare cookie for detecting malicious visitors and minimising legitimate users blocking

30 days

 

one_assessment_sentry

Internal tracking

5 years

 

oa_sourcing

Job ad visit tracking

5 years

 

one_assessment

Session tracking

Session duration

 

         

 

Managing or deleting cookies If you wish to change the way cookies are used in your browser, including blocking or deleting them, you can do so by way of the settings in your browser. For the purpose of managing cookies, most browsers will offer you the possibility of accepting or refusing all cookies, only accepting a certain type of cookies or warn you that a website wishes to save a cookie. You can also simply delete the cookies saved by your browser. If you change or delete the browser file containing cookies, or if you change or upgrade your browser or your device, you will maybe have to disable cookies again. The procedure for managing and deleting cookies is different for each browser. If you need any help in doing so, you can check the user help pages of your browser. You can also disable Google Analytics tracking on the following link.

 

Disabling cookies

Most web browsers automatically accept cookies. You can turn off cookies in your browser settings at any time. For more information on cookie settings in individual browsers please refer to the following links:

 

  1. TRANSMITTING PERSONAL DATA TO THIRD PARTIES

 

In order to meet the purposes defined in section 6 of this Policy, we can transmit your personal data to third parties defined hereinafter.

 

Every third party we share your personal data with may only process said data for the purposes for which they have been collected, while implementing all the necessary measures guaranteeing secure personal data processing.

 

We will transmit your personal data to:

  1. Contracting entities (i.e. employers).
  2. Partner companies in the framework of affiliated companies. The companies within Heads Adriatic affiliated companies have a suitable joint controllership agreement in place for personal data collection and processing. You can read an excerpt on said joint controllership agreement here. To find out more about partnership companies in the business group of associated companies, read section 13 of this Policy.
  3. Partner companies in the framework of affiliated companies in the region – in order to establish personnel databases.
  4. External contractual processors who are helping us provide certain services. These are mainly accounting firms, law firms, providers of software maintenance and servicing, website provider, etc.
  5. Where this is required by law. This is mainly the case in the event of tax, inspection and other procedures.

 

  1. TRANSFERRING DATA OUTSIDE OF THE EEA

 

Your data may be transferred and processed in one or more countries within and outside of the European Economic Area (EEA). The list of the countries we operate in as the business group of associated companies is available in section 13 of this Policy.

 

Outside of the EEA, we will send your data to countries which have been deemed by the European Commission as providing you with a suitable level of protection, or to countries where the business group of associated companies has implemented suitable protection measures guaranteeing the privacy of your data.

 

With every transfer outside of the EEA, we will implement additional measures in order to guarantee the safety of your personal data. These measures mainly consist of agreements with third parties on the establishment of binding rules in the field of personal data protection, verifying whether said third party has a personal data protection mechanism in place, and concluding suitable contractual obligations governing the field of personal data protection.

 

 

  1. PARTNER GROUPS WITHIN THE BUSINESS GROUP 

 

The following companies are connected to the Heads Adriatic business group:

 

Heads Adriatic d.o.o.

Verovškova ulica 55

SI-1000 Ljubljana

 

Heads d.o.o.

Verovškova ulica 55

SI-1000 Ljubljana

 

Heads Adriatic d.o.o

Đorđa Stanojevića 12

RS-11070 Novi Beograd

hereinafter referred to as “Heads Adriatic or Heads Talen Solutions Serbia”

 

Heads Talent d.o.o.

Josipa Marohnića 1/1

HR-10000 Zagreb

hereinafter referred to as “Heads Talent Solutions Croatia”

 

Workforce d.o.o.

Vidovdanska 8

BIH-78000 Banja Luka

Executive Search Consulting

Dositej Obradovik 1-8

MK – 1000 Skopje

 

 

 

 

 

 

List of the countries we operate in as a business group of associated companies:

  • Slovenia
  • Croatia
  • Bosnia and Herzegovina
  • Serbia
  • North Macedonia

 

  1. RIGHTS OF SUBJECTS

 

When it comes to personal data processing, the following rights are available to you pursuant to the applicable legislation:

  • Access to personal data: you can require Heads to provide you with information on whether they are processing your personal data; if that is the case, you can request access to personal data and information on their processing (which personal data we process, and where they come from).
  • Personal data rectification: you can require Heads to rectify or complete any incomplete or incorrect personal data we process about you.
  • Personal data processing restriction: you can require Heads to limit the processing of your personal data (e.g. when the process of checking the accuracy or completeness of your personal data is taking place).
  • Erasure of personal data: you can require Heads to erase your personal data (we cannot erase the personal data we retain due to legal requirements or on the basis of a contractual relationship).
  • Personal data extract: you can require Heads to communicate you your personal data that you have submitted to us in a structured, commonly used and machinereadable format.
  • Withdrawal of consent: at any time, you have the right to withdraw the consent related to the use of your personal data we collect and process on the basis of your consent. You can withdraw your consent through any of the methods described in this Policy. Withdrawal of your consent will not have any negative consequences. It is possible, however, that Heads will no longer be able to provide you with certain services if you withdraw your consent.
  • Objection to the processing of personal data: you have the right to object to the processing of your personal data and to the transfer of your personal data to third parties when the processing is taking place for the purpose of indirect marketing. In addition, you can also object the processing if your personal data is being used for the purposes of indirect marketing by using adapted or individuallytailored offers (“profiling”). You can lodge an objection through any of the methods described in this Policy. 
  • Right to data portability: you have the right to request an extract of the personal data you have submitted to us. We will communicate you the data in a structured, commonly used and machinereadable format. You are entitled to forward said data to another controller of your choice. If this is technically feasible, you can request your personal data to be transferred directly to another controller.

 

You can exercise all of these rights through any of the communication channels detailed in section 1 of this Policy. All of these contacts are also available to you if you need any additional information regarding your rights.

 

You have the right to lodge a complaint with the Information Commissioner which is a competent supervisory authority for the protection of personal data.

 

We kindly ask you to communicate us any change in your personal data as soon as possible by sending us an e-mail at data-protection-officer@headsadriatic.com. We will make sure your personal data is corrected or completed as soon as possible.

 

Heads reserves the right to request certain personal data from you in the event of the exercise of any right detailed in this section (such as first name, surname, e-mail address) for the needs of identifying an individual. 

 

 

 

  1. CONCLUSION

 

Heads can amend this Policy at any time. You will be previously notified of any changes. The newest version of this Policy will always be published at https://www.headstalent.com/. If you continue using our website or other services forming the subject matter of this policy, you are agreeing with the new version of the Policy.