Acordo de Privacidade e RGPD

Privacy & GDPR Notice – Recruitment

Glintt Global S.A. is committed to ensuring the security and privacy of your personal data.

Accordingly, through this Privacy & GDPR Notice, we describe the privacy and security practices implemented by Glintt Global S.A. in the collection and processing of candidates’ personal data in the context of online and offline recruitment activities, including recruitment processes managed through the recruitment platform provided by Ashby.

This document is intended to ensure that candidates participating in Glintt Global S.A.’s selection and recruitment processes are provided with information on the processing of personal data concerning them, including how and why we collect their personal data, the purposes for which we use it, the legal bases for such processing, the applicable retention periods and the rights available to candidates, pursuant to and for the purposes of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter the “General Data Protection Regulation” or “GDPR”.

Data Controller

In accordance with Article 13(1)(a) of the GDPR, we inform you that the controller of your personal data is:

Corporate name: Glintt Global S.A.

NIPC: 503541320

Headquarters: Beloura Office Park, Building 10, Quinta da Beloura, 2710‑693 Sintra, Portugal

Data Protection Officer (DPO)

Glintt Global S.A. has appointed a Data Protection Officer (DPO).

The DPO is available to answer any questions or provide additional information regarding the processing of your personal data and the exercise of your rights under the GDPR.

Contact: privacidade@glinttglobal.com

Categories of Personal Data

In the context of recruitment processes, Glintt Global S.A. may process the following categories of personal data:

Identification data, such as name;

Contact details, such as email address, telephone number and address, where applicable;

Professional and academic information, such as CV, employment history, qualifications, education, skills, certifications and professional experience;

Recruitment-related information, such as interview notes, assessment results, evaluation feedback, availability, salary expectations and communications exchanged during the recruitment process;

Information concerning the source of the application, including referrals, recruitment platforms or publicly available professional sources, where applicable;

Any additional information voluntarily provided by the candidate during the recruitment process.

Glintt Global S.A. does not request or intentionally collect special categories of personal data within the meaning of Article 9 of the GDPR, such as health data, biometric data, racial or ethnic origin, political opinions, religious beliefs or trade union membership, within the recruitment process.

If such data is voluntarily included by the candidate in the CV or in other documents submitted during the recruitment process, it will not be used for recruitment decision-making and may be deleted or disregarded where technically and operationally possible, unless its processing is required by applicable law.

How We Collect Your Personal Data

Candidates’ personal data may be collected:

Directly from the candidate

When the candidate applies through the careers page, recruitment platform or other application channels;

When the candidate submits a CV, cover letter or other recruitment-related documents;

During interviews, assessments, communications or other interactions with the recruitment team.

Indirectly

Through publicly available professional sources, such as LinkedIn or other professional recruitment platforms;

Through referrals or recommendations, where applicable and permitted by law;

Through companies of the Glintt Global Group involved in the recruitment process, where applicable.

Where personal data is not obtained directly from the candidate, Glintt Global S.A. shall provide the information required under Article 14 of the GDPR within the applicable legal timeframe and, where applicable, at the time of first contact with the candidate.

Purpose of Processing

Pursuant to Article 13(1)(c) of the GDPR, the personal data collected in the context of the recruitment process will be processed for the following purposes:

Assessment and selection of candidates for open vacancies within the Glintt Global Group;

Management and conduct of the recruitment and selection process;

Screening and evaluation of applications;

Conducting interviews, assessments and communications with candidates;

Verification of the suitability of the candidate’s profile for the relevant role;

Making hiring decisions;

Compliance with legal obligations applicable to the recruitment process, namely the duty of non-discrimination;

Maintenance of a database of potential candidates for contact regarding future employment opportunities within companies of the Glintt Global Group or related companies, subject to the candidate’s consent;

Identification and initial contact with potential candidates through publicly available professional sources, where applicable;

Establishment, exercise or defence of legal claims, where necessary.

Legal Basis for Processing

Pursuant to Article 13(1)(c) of the GDPR, the processing of candidates’ personal data is based on the following legal bases:

Management of the recruitment and selection process, including the assessment of applications, interviews, communications with candidates and hiring decisions: processing is necessary to take steps prior to entering into an employment contract, at the request of the candidate, pursuant to Article 6(1)(b) of the GDPR;

Compliance with legal obligations applicable to recruitment processes, including obligations relating to equality, non-discrimination and record-keeping: compliance with a legal obligation, pursuant to Article 6(1)(c) of the GDPR;

Active sourcing and initial contact with potential candidates through publicly available professional sources: legitimate interests pursued by the controller, pursuant to Article 6(1)(f) of the GDPR;

Retention of candidates’ profiles for future employment opportunities, where applicable: consent of the data subject, pursuant to Article 6(1)(a) of the GDPR;

Establishment, exercise or defense of legal claims, where necessary: legitimate interests pursued by the controller, pursuant to Article 6(1)(f) of the GDPR.

Where processing is based on consent, the candidate may withdraw consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Legitimate Interests

The legitimate interest pursued by the controller consists of maintaining a database of potential candidates for the purpose of contacting them regarding current or future job opportunities within Glintt Global Group or related companies that may be considered suitable for their profile.

The candidates may object to this processing at any time. If they do so, they will no longer be considered for future opportunities and their data will be erased from the database. Candidates may, at any time, submit a new application.

To exercise this right, you may contact us by email at privacidade@glinttglobal.com.

Active Sourcing of Candidates

In addition to receiving unsolicited applications, Glintt Global S.A. may identify and proactively contact potential candidates through searches in publicly accessible sources available on the internet, namely professional social networks, such as LinkedIn, and other public employment platforms.

The processing of personal data collected through this means is based on the legitimate interests pursued by Glintt Global S.A. (Article 6(1)(f) of the GDPR), consisting of the identification of qualified candidates for its recruitment needs. Only data relevant for assessing the candidate’s professional suitability for the relevant vacancy will be processed, and no special categories of personal data (Article 9 of the GDPR) will be collected.

Pursuant to Article 14 of the GDPR, where Glintt Global S.A. contacts a candidate identified through this means, it will provide, at the time of first contact, all relevant information concerning the processing of their personal data, including the source of the data and the right to object.

The data subject may object to this process at any time without having to provide justification, by contacting the email address mentioned above. In such cases, the data will be erased, and the candidate will not be contacted in the future in the context of recruitment processes of the Glintt Global Group.

Recipients of Personal Data

Pursuant to Article 13(1)(e) of the GDPR, candidates’ personal data may be accessed or disclosed, where necessary and proportionate, to the following categories of recipients:

Internal stakeholders involved in the recruitment process, including recruitment teams, People/Human Resources teams, hiring managers and other employees involved in the assessment and selection of candidates;

Companies of the Glintt Group, where necessary for the management of recruitment processes and assessment of candidates across the organization, as identified in the Annex to this Notice;

Ashby, Inc., acting as processor, in its capacity as provider of the Applicant Tracking System used to manage recruitment processes, pursuant to a Data Processing Agreement entered with Glintt Global S.A.;

Other service providers supporting recruitment-related IT systems, hosting, security, maintenance or technical support, were strictly necessary and subject to appropriate contractual safeguards;

Public authorities, courts or other entities, where disclosure is required by applicable law or necessary for the establishment, exercise or defense of legal claims.

All processors are required to process personal data only on documented instructions from Glintt Global S.A. and to implement appropriate technical and organizational measures, in accordance with Article 28 of the GDPR.

Personal data will only be shared to the extent necessary for the pursuit of the purposes described in this Notice, and all recipients shall be required to ensure the confidentiality and security of the data.

Use of Ashby Platform and International Transfers

Glintt Global uses the Ashby platform, provided by Ashby, Inc., for the management of recruitment processes.

The use of the Ashby platform may involve the transfer of candidates’ personal data outside the European Economic Area, namely to the United States of America.

Where personal data is transferred to Ashby, Inc., such transfer may be carried out based on the EU-U.S. Data Privacy Framework, if Ashby, Inc. maintains a valid certification under such framework covering the relevant categories of personal data.

Where applicable, and in accordance with the contractual arrangements in place with Ashby, Inc., additional safeguards may also apply, including Standard Contractual Clauses approved by the European Commission and supplementary technical and organizational measures.

Glintt Global S.A. shall monitor, as appropriate, the validity of the transfer mechanism relied upon and the safeguards applicable to international transfers of candidates’ personal data.

Data Retention Period

Pursuant to Article 13(2)(a) of the GDPR, candidates’ personal data will be retained only for as long as necessary for the purposes for which it was collected.

The following retention periods shall apply:

Candidates not selected: personal data will be retained for the duration of the recruitment process and, where applicable, for up to twenty-four (24) months after the end of the recruitment process, where necessary for recruitment management, future opportunities subject to consent, or the establishment, exercise or defense of legal claims;

Talent pool / future opportunities: where the candidate provides consent to be considered for future opportunities, the relevant data may be retained for up to twenty-four (24) months, unless the candidate withdraws consent earlier;

Selected candidates: where a candidate is hired, the personal data necessary for the establishment and management of the employment relationship may be transferred to the employee file and will thereafter be processed in accordance with the applicable employee privacy notice and internal retention policies;

Legal compliance and non-discrimination obligations: certain recruitment records, such as vacancy notices, applications, assessment records, interview notes, classification results and selection or exclusion criteria, may be retained for five (5) years where necessary to demonstrate compliance with equality and non-discrimination obligations applicable to recruitment processes, including under Article 32 of the Portuguese Labor Code;

Legal claims: where necessary, personal data may be retained for the period required for the establishment, exercise or defense of legal claims.

At the end of the applicable retention period, personal data will be deleted, anonymized or otherwise securely destroyed, unless further retention is required or permitted by applicable law.

Data Subject Rights

Pursuant to Article 13(2)(b) and (c) of the GDPR, candidates have the following rights, within the limits provided by law:

Right of Access (article 15) – To obtain confirmation as to whether personal data concerning them is being processed and, where that is the case, access to such personal data.

Right to Rectification (article 16) – To request the rectification of inaccurate or incomplete personal data;

Right to Erasure (article 17) – To request the erasure of personal data, where applicable;

Right to Restriction of processing (article 18) – To request the restriction of the processing of their personal data in certain circumstances;

Right to Data Portability (article 20) – To receive personal data in a structured, commonly used and machine-readable format;

Right to Object (article 21) – To object to the processing of personal data based on legitimate interests;

Right to withdraw consent (article 7(3)) - To withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Exercise of Rights / Withdrawal of Consent

Requests must be adressed to Glintt Global S.A. via email:

📧 privacidade@glinttglobal.com

The controller shall respond to your request within a maximum period of one (1) month from receipt thereof. This period may be extended by a further two (2) months where necessary, considering the complexity and number of the requests, subject to prior notification to the data subject, pursuant to Article 12(3) of the GDPR.

The response is free of charge. However, where requests are manifestly unfounded or excessive, the controller reserves the right to charge a reasonable fee or refuse to act on the request, in accordance with Article 12(5) of the GDPR.

Supervisory Authorities

Pursuant to Article 13(2)(d) of the GDPR, candidates have the right to lodge a complaint with a supervisory authority, namely:

Portugal: National Data Protection Commission (CNPD): https://www\.cnpd\.pt/

Spain: Spanish Data Protection Agency (AEPD): https://www\.aepd\.es/

The exercise of this right is without prejudice to the possibility of seeking other judicial or administrative remedies.

Consequences of Not Providing Personal Data

We inform you that the provision of the requested personal data is necessary to participate in the recruitment process.

Failure to provide the required personal data will result in Glintt Global S.A. being unable to assess your application and to proceed with the recruitment process.

Automated Decision‑Making and Profiling

Pursuant to Article 13(2)(f) of the GDPR, we inform you that:

Automated decision-making: No decisions are made based solely on automated processing;

Profiling: No profiling is carried out, which produces legal effects concerning candidates or similarly significantly affects them.

Security Measures

Glintt Global S.A. adopts appropriate technical and organizational measures to protect candidates’ personal data against unauthorized access, accidental loss, destruction or alteration, in accordance with Article 32 of the GDPR.

Such measures may include, among others:

Restricted access controls to candidates’ personal data;

Access limited to employees and service providers with a need to know;

Secure systems used for the management of recruitment processes;

Transmission of data through encrypted channels, such as TLS/SSL;

Monitoring and audit practices, where applicable;

Periodic training of employees on data protection matters;

Procedures for responding to security incidents, including personal data breaches;

Contractual safeguards with service providers involved in recruitment processes.

Contact for Further Information

For any additional questions regarding the processing of your personal data in the context of the recruitment process, you may contact us through:

📧 privacidade@glinttglobal.com

Annex – Group Companies

Company	Tax ID	Headquarters
Glintt Global S.A.	503541320	Beloura Office Park, Building 10, Quinta da Beloura, 2710‑693 Sintra
Glintt Açores, S.A.	515016527	Praia Links – Incubadora de Negócios, Rua São Salvador 42, 9760‑541 Praia da Vitória
Glintt España, S.L.	B86283322	Calle Nuria 57‑1, 28034 Madrid
Glintt – Healthcare Solutions, S.A.	502479418	Rua Eng.º Ferreira Dias 728, 4100‑246 Porto
Glintt Inov, S.A.	509998895	Rua Eng.º Ferreira Dias 728, 4100‑246 Porto
HLTSYS - HEALTHYSYSTEMS, LDA	510552544	Rua Eng.º Ferreira Dias 728, 4100-246 PORTO
PROLÓGICA - SISTEMAS INFORMÁTICOS S.A.	501432507	Rua Eng.º Ferreira Dias 728, 4100-246 PORTO
GLINTT HEALTHCARE S.L	B06824080	Calle Nuria, 57 28034 Madrid
PULSO INFORMATICA SLU	B46318895	CALLE DE LA JUSTICIA, 4 5ºA 46004 VALENCIA
CONSOFT SAU	A30047955	PARTIDA MADRIGUERES NORD, 12 - APDO. CORREOS 310  3700 DENIA-ALICANTE
ALPES INFORMATICA SL	B20414207	Políg. 19, Zirkuitu Ibilbidea, Pabellón 27 20160 Lasarte-Oria Guipuzcoa
LOGINFAR SL	B61265237	CALLE LLUL, 240  08005 BARCELONA
FARMASOFT INFORMATICA Y SERVICIOS SL	B80980501	CALLE LOPEZ DE HOYOS 155 PLANTA 3 PUERTAS 6 Y 7 28002 MADRID
QWERTY INFORMATICA SLU	B46259305	CALLE ALVARO DE BAZTÁN, 10 BAJO  46010 VALENCIA
CONCEP, S.L	B26447649	CALLE MARÍA ZAMBRANO, 31 PLANTA 15  50018 ZARAGOZA
CONTROL DE SISTEMES I MICROINFORMATICA, SL	B58983693	CALLE LLANCA, 38   08015 BARCELONA