TERMS AND CONDITIONS ON THE PROTECTION OF PERSONAL DATA AND INFORMATION SOCIETY SERVICES

Personal Data Protection

1. Personal Data Operator

  • 1.1. By this document, the Public Association "National Congress of Ukrainians in Moldova" defines the purposes and means of processing personal data in the system of accounting for legal and natural persons seeking employment, acting as a personal data operator (hereinafter referred to as the "Operator").

2. Terms used in this document have the following meanings:

  • Consumer - any natural person acting for purposes not related to commercial activity;
  • Profiling - any form of automated processing of data of legal entities, which involves using data to evaluate certain characteristics of a legal entity, particularly for analyzing or predicting aspects related to its performance, financial condition, commercial preferences, interests, reliability, behavior, location, or movements, etc.;
  • Personal Data - any information related to an identified or identifiable natural person;
  • Special Categories of Personal Data - data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, social belonging, data concerning health or sexual life, as well as data related to criminal convictions, forced procedural measures, or penalties for offenses;
  • Data Subject - any natural person who can be identified directly or indirectly by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity;
  • Personal Data Processing - any operation or set of operations performed on personal data, with or without the use of automation, including collection, recording, organization, storage, retrieval, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or provision of access by any other means, grouping or combining, blocking, deletion, or destruction;
  • Personal Data Accounting System - any structured set of personal data, access to which is possible based on certain criteria and which can be centralized, decentralized, or distributed by functional or geographical features;
  • Operator - a natural or legal person of public or private law, including a public authority, any other institution, or organization that independently or jointly with others determines the purposes and means of processing personal data, clearly defined by current legislation;
  • Authorized Person by the Operator - a natural or legal person of public or private law, including a public authority and its territorial units, that processes personal data on behalf of or in the interest of the operator as instructed;
  • Third Party - a natural or legal person of public or private law, excluding the data subject, the operator, and persons authorized by the operator to process personal data;
  • Pseudonymization - processing personal data in such a way that personal data cannot be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person;
  • Responsible Authority - National Center for Personal Data Protection.

3. Rules for using the website www.dilo.md

  • 3.1. Any legal entity registered in the Republic of Moldova or having the right to operate in the territory of the Republic of Moldova can register on the website and fill out the questionnaire on behalf of themselves. These entities must be ready to employ refugees from Ukraine and third countries.
  • 3.2. The Operator's activities are aimed at providing services to individuals residing in the Republic of Moldova and who are refugees.
  • 3.3. All information posted on the website, including textual and visual content, is intended solely for personal use by individuals seeking employment and legal entities recruiting personnel, and is protected in accordance with national copyright and related rights legislation. Any copying or use of this information for purposes other than those specified above is illegal and punishable as provided by applicable law.

4. Authentication process in the system

  • 4.1. Registration in the system is carried out on the website www.dilo.md by entering the name of the responsible person, company name, email address, and a password that must contain at least eight characters, unrelated to the user's personal data, must not contain consecutive identical symbols, and must include digits and letters. A link will then be sent to the email address to complete the registration process.
  • 4.2. To successfully register in the system, all mandatory data must be provided. The password is confidential information and should not be disclosed to third parties.
  • 4.3. After filling out the questionnaire, the user must complete their profile. Fields marked with the symbol "*" are mandatory to fill in. After filling in all the fields, the data subject must confirm the accuracy of the information provided by checking the box in the specially designated field.
  • 4.4. After successfully completing all the above stages, the user is included in the list of clients (consumers) of the system for accounting (database) of persons seeking employment.

5. Categories of processed personal data

  • 5.1. The Operator collects and processes the following categories of personal data:some text
    • Mandatory Personal Data: includes surname, first name, date of birth, place of residence, country of origin, education, previous work experience, areas of interest, key skills, language proficiency (indicating native language and level of proficiency in Romanian/Russian), contact details;
    • Optional Personal Data: includes gender, marital status, the presence of children, email address, the presence or absence of work experience, recommendations from workers who previously held this position (indicating surname, first name, position, company, phone number), portfolio, information about professional training and retraining courses (indicating the name of the courses, their organizer, the city where the training took place, and the date of completion), proficiency in languages other than Romanian/Russian, readiness for business trips, possession of a driver's license and personal vehicle, Skype account, other information about the applicant, as well as other identification data of the data subject if a request for the inclusion of these data is received via appeal, request, complaint, or any other means in connection with the object of the services provided.
  • 5.2. The collection of special categories of personal data is prohibited when using this accounting system.

6. Purpose of personal data processing

  • 6.1. The purpose of collecting and processing personal data in the accounting system is:some text
    • a) Accounting for consumers/clients seeking employment or recruiting personnel;
    • b) Providing assistance to consumers/clients wishing to use the services provided through the website www.dilo.md;
    • c) Fulfilling other obligations arising from legal relations established with consumers/clients.
  • 6.2. The processing of personal data by the Operator is carried out exclusively for the purposes specified above.

7. Notification of cross-border transfer

  • 7.1. Personal data is stored on servers located in the territory of the Republic of Moldova, under strict monitoring and control of the Operator.

8. Legal grounds for personal data processing

  • 8.1. When collecting data directly from the client (during a personal or telephone interview/survey or data entry into the system by the user), separate consent is not required if:some text
    • a) It is necessary to take certain actions before concluding a contract, including creating a user profile on the website www.dilo.md, filling out and reviewing the consumer questionnaire, accepting an application;
    • b) It is necessary to perform a series of actions to fulfill the contract, including accounting for consumers, providing assistance to consumers/clients wishing to use the services provided through the website www.dilo.md, as well as other actions governed by civil law and arising from established legal relationships.
  • 8.2. In all cases where personal data processing is carried out without separate consent, the Operator or authorized persons must notify the data subjects of the purpose of data collection, the legal basis for data collection, the volume and categories of data collected, storage periods, the procedure for using them, as well as authorized persons and the rights they have.
  • 8.3. The Operator informs that personal data may also be provided in other cases clearly stipulated by law, for example, at the request of law enforcement or supervisory authorities, that is, under circumstances that the Operator cannot foresee but must consider the likelihood of occurring when collecting personal data. In such cases, the Operator must ensure that the principles of personal data protection are not violated when fulfilling this requirement and comply with this requirement only if there is an appropriate purpose and legal basis.

9. Recipients of personal data

  • 9.1. The Operator has the right to disclose personal data:some text
    • a) To persons authorized by them;
    • b) To the data subject or their legal representative;
    • c) To supervisory authorities (at their request);
    • d) To business partners.
  • 9.2. The transfer of personal data to other persons is prohibited.

10. Processing of personal data of job seekers when using e-commerce services

  • 10.1. In accordance with the provisions of the Regulation of the European Parliament and Council of the European Union 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as repealing Directive 95/46/EC (General Data Protection Regulation), and the provisions of the Law of the Republic of Moldova No. 133 of July 8, 2011, on the protection of personal data, the Public Association "National Congress of Ukrainians in Moldova" is obliged to process the personal data provided by clients with all security measures and solely for the purposes specified above.
  • 10.2. It is prohibited, on any grounds, to sell, exchange, transfer, or provide identification data of clients to any persons except companies recruiting personnel through the website www.dilo.md, including companies authorized by the Operator.
  • 10.3. Using e-commerce services automatically implies agreement to comply with the terms and conditions for personal data protection. The processing of personal data should be carried out only for the purposes mentioned above and in cases provided by the current tax legislation.
  • 10.4. The Public Association "National Congress of Ukrainians in Moldova" has the right to collect personal data during the validity of legal relations with consumers/beneficiaries of services provided through the website www.dilo.md. This period should not exceed 6 (six) years, during which the Operator must regularly update the data and check whether the beneficiary intends to continue the legal relationship.
  • 10.5. The storage period for personal data may be extended on legal grounds, for example, in the event of inspections by supervisory and/or control bodies in accordance with the provisions of the Administrative or Criminal Code or other regulatory legal acts.

11. Rights of data subjects

  • 11.1. The right to be informed implies the right of the subject to receive information about the identity of the Operator, the purpose of processing the collected data, the recipients or categories of recipients of personal data, the rights provided by the Law on Personal Data Protection, and the conditions for exercising these rights before the start of the collection and processing of personal data. The subject has the right to study the method of processing personal data on the official page of the company to which they send their resume or by individual request.
  • 11.2. The right to access personal data means the right of the subject to obtain from the Operator, upon request, information on whether data related to them have been processed, as well as information on the purposes of processing, the categories of data used, the recipients or categories of recipients to whom the data are disclosed, information on the principles of operation of the mechanism used in automated data processing, information on the legal consequences for the personal data subject resulting from data processing, as well as information on the procedure for exercising the right to intervene in relation to personal data.
  • 11.3. The right to intervene in relation to personal data implies the right to submit a request for the correction, updating, blocking, deletion, or depersonalization of personal data, the processing of which is contrary to the provisions of the Law on Personal Data Protection, particularly in connection with the incomplete or inaccurate nature of the data.
  • 11.4. The right to object means that the personal data subject has the right at any time to object on a justified and lawful basis related to their private situation against the processing of personal data related to them, except in cases where the law provides otherwise.
  • 11.5. The right not to be subjected to a private decision implies the right of the personal data subject to demand the complete or partial cancellation of any private decision that has legal consequences concerning their rights and freedoms and is based solely on automated processing of personal data aimed at assessing certain personal qualities, such as professional competence, reliability, behavior, etc.
  • 11.6. The right to access justice implies the right to apply to the National Center for Personal Data Protection or the court with a request for the protection and restoration of violated rights. Thus, in the event of any claims regarding our processing of personal data or if you are dissatisfied with how we fulfill our obligations, the personal data subject may file a complaint with the National Center for Personal Data Protection at the address: MD-2004, Republic of Moldova, Chisinau, 48 Sergei Lazo St.; by phone: +373-22-820801; by fax: +373-22-820807; by email: centru@datepersonale.md.
  • 11.7. To exercise any of the rights listed above, you need to send a written request to the email address: complaint@ncum.md. A response will be provided within 15 (fifteen) days from the date of receiving the application.
  • 11.8. You may also refuse to provide personal data to the Public Association "National Congress of Ukrainians in Moldova." However, refusal to provide personal data may result in the inability to provide services through the website www.dilo.md.

12. Cookies

  • 12.1. The Operator processes two types of cookies: session cookies and fixed cookies. Session cookies are temporary files that remain on the user's terminal until the session ends or the application (browser) is closed. Fixed cookies remain on the user's terminal for a period specified by the cookie's parameters or until the user manually deletes them.
  • 12.2. Cookies themselves do not require the use of additional information that allows the identification of unregistered users.
  • 12.3. After the session ends, session cookies are automatically deleted.

13. Restriction of access to the website

  • 13.1. Access to the website may be restricted in case of:some text
    • a) Violation by the personal data subject of the above rules and requirements;
    • b) Exercising the right to object;
    • c) Creation by the personal data subject of several user profiles with different identification data.

14. Applicable legal framework and jurisdiction

  • 14.1. Operations related to the processing of personal data in the system of accounting for persons seeking employment are carried out under the supervision of the Operator in the Republic of Moldova.
  • 14.2. Regardless of the legal address of the persons authorized by the Operator, they are obliged to process personal data in strict accordance with the provisions of the following national and international regulatory legal acts:some text
    • a) Convention No. 108 on the Protection of Individuals with regard to Automatic Processing of Personal Data (link);
    • b) General Data Protection Regulation No. 2016/679 (link);
    • c) Law of the Republic of Moldova No. 133 of July 8, 2011, on the Protection of Personal Data (link);
    • d) Law of the Republic of Moldova No. 284 of July 22, 2004, on Electronic Commerce (link);
    • e) Government Decision of the Republic of Moldova No. 1123 of December 14, 2010, on the Approval of Requirements for Ensuring the Security of Personal Data when Processing them in Information Systems of Personal Data (link);
    • f) Other documents regulating this field of activity.

Contact us

Write down anything what we can help you with.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.