Controller SIA Mitigate, Unified Reg. No. 50103381201, legal address: Gustava Zemgala gatve 74A, Riga, LV-1039, Latvia, e-mail: datuapstrade@mitigate.dev , tel. 25770055, hereinafter referred to as “the Company”.

1. Data processing purposes

1. 1.1. Identification of the potential employee;
2. 1.2. General management of candidate, potential employees and and Company relations – i.e. assessment of expectations and needs, suitability assessment, verification of educational documents, knowledge and skills testing;
3. 1.3. Expressing, evaluating, verifying the non-compete condition for the Company's customers and partners, in exceptional cases, identifying the specific needs;
4. 1.4. Conclusion of an employment contract, obtaining the necessary information.

The company is entitled to process the data for the purposes indicated above, as well as for other purposes if it has a legal basis.

2. Legal basis for data processing

1. 2.1. The processing is necessary for the conclusion or execution of the contract or for the taking of actions prior to the conclusion of the contract. General Data Protection Regulation, hereinafter referred to as “GDPR”, Article 6, paragraph 1, ( b ) app. Labour law and other legislation in force for labour rights, wages and tax calculations;
2. 2.2. Legitimate interests of the Company to ensure the Company's interests, which are based on compliance with existing legislation in the field of personnel selection, in the amount necessary and sufficient for this purpose. In addition, the processing of personal data to inform about news in the field in which the Company operates, about new development opportunities, including direct personnel selection (headhunting), as a result of which the Company can individually address various persons to inform about the interest in starting negotiations on possible cooperation. However, the Company respects the wishes of the data subject and provides the opportunity to opt out of receiving the aforementioned information. GDPR Article 6, paragraph 1, point ( f );
3. 2.3. Enforcement of legal obligations. The company is entitled to process personal data in order to comply with the requirements of regulatory enactments, as well as to provide answers to lawful requests from the State and local government, as well as within the framework of contractual relations with the customers/partners of the Company (non-compete for employees). GDPR Article 6, paragraph 1, point ( c );
4. 2.4. Consent of the data subject. The data subject gives consent to the collection and processing of personal data for specific purposes. Consent is his free will and his own decision, which may be given at any time, thereby allowing the Company to process personal data for the purposes specified. The data subject has the right to withdraw his prior consent at any time through the designated communication channels with the Company. The reported changes will take effect within three working days. Withdrawal of consent does not affect the legality of processing based on consent before its withdrawal. GDPR Article 6, paragraph 1, point ( a );
5. 2.5. Protection of vital interests. The company is entitled to process personal data in order to protect the vital interests of the Customer, the Co-operation Parter or another natural person, e.g. if the processing is necessary for humanitarian purposes, for the monitoring of natural disasters and human causes, in particular, epidemics and their spread or in emergency humanitarian situations (terrorist acts, technogenic disaster situations, etc.). GDPR Article 6, paragraph 1, point ( d );
6. 2.6. Performance of official duties or public interest. The Company has the right to process data to perform a task carried out in the public interest or in the exercise of official authority lawfully assigned to the Company. GDPR Article 6, paragraph 1, point ( e ).

A detailed legal basis for the processing of personal data is included in regulatory enactments.

3. How the Company obtains the data of a natural person (yours)

1. 3.1. The data subject (you) submit its own data to the Company, including by filling in an appropriate form on the company's home page, sending his CV, sending or executing the test task, submitting contact data within the framework of staff recruitment activities;
2. 3.2. The company receives personal data from its partners;
3. 3.3. The company receives personal data from third parties advising you to one of the positions in the Company;
4. 3.4. The public records your data in the public area (social networks, home page of your workplace, etc.);
5. 3.5. You visit our website;
6. 3.6. You participate in our organised recruitment, recruitment or promotion or training activities in which you can be photographed, filmed;
7. 3.7. You take part in our surveys, contests, etc.;
8. 3.8. You participate in business forums, business networking, your contacts are on social networks created for the exchange of contacts, such as Linkedin, etc.

In cases where the Company has obtained data from its Partners or third parties (other controllers), we inform you of where we have obtained your data. In this case, any responsibility for informing you first shall be borne by the controller concerned.

4. Recipients of personal data

Personnel management, department directors, company management, authorised by the Company.

5. What your data is processed by the Company

1. The company shall process the data that you submitted to us and, depending on the nature of the data processing, the following personal data may be processed by the Company:
   • personal identification details - name, surname, personal identity number/ID, date of birth;
   • personal contact details - address, telephone number, e-mail address;
   • personal workplace data - place of employment, position, previous place of employment;
   • activities carried out on websites or social profiles of the public - IP address, activities carried out, date and time;
   • data published by the person on social networks (including (GIT);
   • survey and contest data - the name, date, date of the survey or contest, the date of reply, the questions/tasks of the survey and the answers provided;
   • photographs, videos from events, date, location of the photograph;
2. Exceptionally, the Company may process specific categories of data (health data) to establish that the potential candidate can perform the planned work.

6. Storage period

Personal data submitted as part of the recruitment will only be processed for as long as it is necessary for the purpose of processing, i.e. the full version of the application submitted (excluding special category data) 4 months from the date of delivery, but not less than the end date of the assessment process for the candidate concerned.

The short version of the data — given name, surname, vacancy to which the application was made, application date – to one year from the date of dispatch.

The storage period may be extended on the basis of contracts concluded (employment contract, cooperation agreement), the legitimate interests of the company or the applicable laws and regulations.

7. Processing area

Normally, personal data are processed in the European Union/European Economic Area (EU/EEA) but may, in some cases, be transferred and processed in countries outside the EU/EEA.

In cases where your data may be transferred outside the European Union, we will inform you of this possibility and take action in accordance with existing European Union guidelines and our privacy policy.

8. More detailed information

1. 8.1. Detailed information on how the Company handles your personal data can be found on our website at www.mitigate.dev under Privacy Policy;

2. 8.2. The data subject may contact the public on any matter, withdrawal of consent, requests for information, use of data subjects' rights and complaints concerning the processing of personal data by email: datuapstrade@mitigate.dev.

Approved on 17 May 2023.
The next review shall take place by no later than 16 May 2024.