Legal

Privacy Policy

This Privacy Policy explains how Recruitment.bg collects, uses, stores and protects your personal data when you visit our website, apply for a role, or use our recruitment and staffing services. We are committed to processing your data lawfully, fairly and transparently in accordance with the EU General Data Protection Regulation (GDPR) and the Bulgarian Personal Data Protection Act.

Last updated[TO BE FILLED: date of publication]
01

1. Who we are (Data Controller)

Recruitment.bg is operated by [TO BE FILLED: full registered company name] EOOD, a single-member limited liability company registered in the Commercial Register of the Bulgarian Registry Agency. We act as the controller of the personal data described in this Policy.

  • Legal name: [TO BE FILLED: full registered company name] EOOD
  • UIC (ЕИК): [TO BE FILLED: UIC number]
  • Registered office: [TO BE FILLED: registered office address]
  • Represented by: Veselin Raykov, Manager
  • Employment Agency licence: No. [TO BE FILLED: licence number] dated [TO BE FILLED: licence date]
  • Website: https://recruitment.bg

How to contact us about your data

  • Email: veselin.raykov@recruitment.bg
  • Data protection enquiries: [TO BE FILLED: data protection / privacy email]
  • Phone: [TO BE FILLED: phone number]
  • Postal address for requests: [TO BE FILLED: postal address]
  • Data Protection Officer (if appointed): [TO BE FILLED: DPO name and contact, or remove if no DPO]
02

2. Definitions

  • Personal data — any information relating to an identified or identifiable individual.
  • Processing — any operation performed on personal data, such as collection, storage, use, disclosure or deletion.
  • Controller — the party that determines the purposes and means of processing; in this Policy, that is us.
  • Processor — a third party that processes personal data on our behalf and under our instructions.
  • Data subject — the individual to whom the personal data relates (you).
  • GDPR — Regulation (EU) 2016/679.
03

3. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

Candidates and job seekers

  • Identity and contact details: full name, email address, phone number, and where provided, postal address.
  • Professional information: CV/resume, education and qualifications, language skills, employment history and previous employers, references, certificates, and career preferences.
  • Eligibility information: nationality and work permit details, where relevant to a role.
  • Application metadata: the role applied for, source platform, dates and correspondence exchanged with us.

Clients, partners and website visitors

  • Business contact details of representatives of employer-clients and partners.
  • Information you submit through our contact or enquiry forms.
  • Technical and usage data: IP address, device and browser type, and information collected via cookies and analytics (see Section 9).

Workers placed under temporary-employment arrangements

Where we act as a temporary-employment provider and you become our employee for assignment to a user undertaking, we additionally process the data required to administer the employment relationship, which may include: personal identification number (ЕГН) or equivalent, date of birth, bank account details, medical fitness certificate, and a criminal record certificate where this is required by law for the specific role. [TO BE FILLED: confirm or adjust the exact categories your temporary-employment operations require.]

We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health, or sexual orientation). Please do not include such information in your CV or application unless specifically and lawfully requested.

04

4. How we collect your data

We collect personal data through the following channels:

  • Directly from you — via our website forms, by email or phone, or in the course of interviews and conversations.
  • Job and professional platforms — including dev.bg, jobs.bg, LinkedIn, and [TO BE FILLED: any other platforms you source from, e.g. zaplata.bg, rabota.bg], as well as CVs you submit or make available to us.
  • Referrals — when a partner or business contact recommends you for a role.
  • Publicly available sources — such as professional networking profiles and public registers, where relevant to recruitment.
  • Automatically — through cookies and analytics technologies when you use our website (see Section 9).
05

5. Why we process your data

  • To provide recruitment and mediation services — assessing suitability, matching candidates to roles, and presenting candidates to clients.
  • To administer temporary-employment assignments where applicable.
  • To communicate with you about applications, opportunities and requests.
  • To comply with our legal and regulatory obligations, including reporting duties to the Employment Agency.
  • To manage accounting, invoicing and financial records.
  • To operate, secure and improve our website, including analytics.
  • To send you job alerts or marketing communications where you have agreed to receive them (see Section 10).
07

7. Temporary employment

We are registered to provide temporary employment, meaning we may employ you and assign you to work for a user undertaking (client). In this capacity we process the additional employment data described in Section 3 to fulfil our duties as your employer and to meet statutory obligations under the Bulgarian Labour Code and related legislation.

[TO BE FILLED: describe any specifics of your temporary-employment operations, e.g. which user undertakings or sectors, or remove this paragraph if not yet applicable.]

08

8. Automated decision-making and AI

We do not use automated decision-making or profiling that produces legal or similarly significant effects, and we do not use AI-powered voice agents or automated scoring to evaluate candidates. Decisions about your application are made by our recruiters.

09

9. Cookies and analytics

Our website uses cookies and similar technologies, including Google Analytics, to understand how visitors use the site and to improve its performance and content. Analytics data is generally collected on the basis of your consent, which you can manage through our cookie banner.

Google Analytics is provided by Google. For details of how Google processes data, see Google's privacy policy. You can find more information in our Cookie Policy: [TO BE FILLED: link to Cookie Policy, e.g. https://recruitment.bg/cookies].

10

10. Direct marketing

Where you have given your consent, we may send you newsletters, job alerts and other marketing communications relevant to you. You can opt out at any time using the unsubscribe link in any message, or by contacting us. Withdrawing consent does not affect processing carried out before the withdrawal.

11

11. Who we share your data with

We do not sell your personal data. We may share it, to the minimum extent necessary, with:

  • Employer-clients — where we present you as a candidate, we share the relevant parts of your profile so they can assess your suitability.
  • User undertakings — where you are assigned under a temporary-employment arrangement.
  • Service providers (processors) — such as IT, hosting, email, analytics, accounting and legal providers, who act on our instructions under appropriate data-processing agreements.
  • Public authorities — where we are legally required to disclose data, or to protect our rights, prevent fraud, or in connection with a corporate transaction.
12

12. International data transfers

Some of our service providers may process data outside the European Economic Area (EEA). [TO BE FILLED: list the providers/tools that transfer data outside the EEA, e.g. Google Analytics, email or hosting providers, or state that no such transfers take place.] Where transfers occur, we ensure an adequate level of protection through an adequacy decision or appropriate safeguards such as the European Commission's Standard Contractual Clauses.

13

13. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are:

  • Candidate data: [TO BE FILLED: default — up to 3 years from your last interaction with us, or longer where you have consented]. Confirm with legal.
  • Temporary-employment and payroll records: retained for the statutory periods (up to 50 years for payroll records, in line with social-security and accounting requirements).
  • Accounting and tax records: up to 10 years, as required by Bulgarian law.
  • Marketing data: until you withdraw your consent.
  • Website and analytics data: [TO BE FILLED: retention period for analytics, e.g. as configured in Google Analytics].

When a retention period expires and there is no legal basis to continue processing, we securely delete or anonymise your data.

14

14. How we protect your data

We apply appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include access controls, encryption where appropriate, secure storage, staff confidentiality obligations and ongoing training. No transmission over the internet can be guaranteed as fully secure, but we work continuously to safeguard your information.

15

15. Your rights

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access — to obtain confirmation of, and a copy of, the data we hold about you.
  • Right to rectification — to have inaccurate or incomplete data corrected.
  • Right to erasure — to request deletion of your data (the 'right to be forgotten'), subject to legal exceptions.
  • Right to restriction — to limit how we process your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, machine-readable format and transfer it to another controller.
  • Right to object — to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent — at any time, where processing is based on consent.
  • Right to lodge a complaint — with the supervisory authority (see Section 16).

To exercise any of these rights, contact us using the details in Section 1. We will respond within the timeframes required by law.

16

16. Supervisory authority

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the Bulgarian supervisory authority:

  • Commission for Personal Data Protection (CPDP)
  • Address: 2 Prof. Tsvetan Lazarov Blvd, Sofia 1592, Bulgaria
  • Phone: +359 2 915 3580
  • Email: kzld@cpdp.bg
  • Website: www.cpdp.bg
17

17. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The 'last updated' date at the top of this page will indicate when the latest revision took effect. We encourage you to review this page periodically.

Questions about how we handle your data, or want to exercise your rights? Get in touch and we will respond as soon as possible.