Privacy Policy of NTT DATA Romania Careers Website

Effective Date: 25th January, 2022

1. INTENDED USE

We will collect, process and use the personal data you provide online only for the purposes communicated to you. Your personal data will not be passed on to third parties without your express consent. The collection of personal data and its transmission to state institutions and authorities entitled to receive information will only take place within the framework of the relevant laws or if we are obliged to do so by a court decision. Our employees and the service companies commissioned by us are obliged by us to maintain secrecy and to comply with all relevant data protection regulations.

2. PURPOSE OF PROCESSING YOUR DATA

In general, we use the personal data you provide to answer your inquiries or provide you with access to specific information or offers, process your job application, or comply with legal obligations required by law. It may be necessary for us, or a service company commissioned by us, to use this personal data to inform you about product offers or to conduct online surveys in order to enhance and personalize your website experience. Of course, we will respect your wishes if you do not wish to provide us with your personal data to support our customer relationship (especially for direct marketing or market research purposes). We will neither sell your personal data to third parties nor market it in any other way. For further information on the use of your personal data for job application, please read the privacy policy on the careers website.

3. DATA THAT IS COLLECTED WHEN YOU VISIT OUR INTERNET PAGES

When you use our Internet pages, information is automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in log files. The following information is recorded without your intervention and stored until it is automatically deleted:

  • the address of the page of our website that you have called up;
  • the address of the website that you visited immediately before (the so-called "referrer")
  • IP address of your terminal device;
  • date and time of your call;
  • transfer status (file transferred, file not found, etc.),
  • properties of your end device, especially the operating system, the browser used and the window size of your browser;
  • registration data: We will collect and process the personal data you provide to us when creating an account.
  • data that you have voluntarily shared with the Company: We might collect your personal data (such as name surname, email, organization and phone number) if you submit a request through the contact form made available to you via Website.

We use these log files to detect, eliminate or prevent possible disturbances or attacks on our website. At the latest after 24 hours the data stored in the log files will be deleted or made anonymous. The legal basis for this is Art. 6 para. 1 f) of GDPR (balancing of interests, based on our legitimate interest in ensuring the technical functionality of our website).

Furthermore, we use various analytical services when you visit our website. If the opportunity for the input of personal or business data (email addresses, name, and addresses) is given, this is provided voluntarily. Your data will be treated with confidentially and will only be used to process your enquiry, it will not be passed to third parties. The legal basis for this is Art. 6 para. 1 a) of GDPR in conjunction with your consent given when you send the contact form. You can revoke this consent at any time. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. There is no link to the above-mentioned access data in log files. After the enquiry has been processed by us, the data will first be stored in case of additional questions. Deletion of the data can be requested at any time, otherwise the data will be deleted after the matter has been completely settled. The statutory retention period of six years for commercial and business correspondence remains unaffected in each case, Art. 6 para. 1 c) of GDPR.

In addition we use your personal data to comply with legal obligations (for example for safety incident reporting obligations, manage your request to exercise rights) or order from competent Authority. The legal basis of the processing is the need to fulfil a legal obligation.

4. SAFETY AND PERSONAL DATA RECIPIENTS

We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all persons involved in data processing are obliged to comply with the laws relevant to data protection and to handle personal data confidentially. If personal data is collected and processed, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.

Your personal data may also be shared with some companies of our group for the performance of IT services and logistic support, in their role of data processors. Where strictly necessary your personal data may also be disclosed to independent data controllers, such as the competent authority. In case of extraordinary corporate transaction (e.g. transfer or lease company, merger, etc.) the data may be transferred or given to third parties purchasers/tenants or assignees. The list of the recipients of the processing is available by writing to our contact address in the section “Contact for questions” below.

5. SOCIAL MEDIA CHANNELS

On our website you will find links to social networks. You can recognize these links by the logos of the respective providers. Clicking on the links will redirect you to the corresponding social media sites.

Before calling up the corresponding links, no personal information is transmitted to the respective providers. The call of the linked page is also the basis for data processing by the respective provider for their own purposes. When linking to the website of a third party provider, they should always inform you of their data protection conditions. We may also collect your personal data as you interact with the social network pages used by us. Some information is provided to us directly by you when you decide to share, via your profile, images published on our social medial pages, comment on our posts and/or show your appreciation for one of our products or services or events, by pressing the specific button, as well as when you decide to send a message to us using the private chat feature or other channels made available on the various social network.

Please be aware that obtaining your personal data can depend on the settings that you choose for a particular social network provider and the content that you decide to make public. This information may include your name, surname, some contact details and the image linked to your profile. Therefore please note that some of your information can be seen by us once you decide to follow our social network profile/page. In this regard, we kindly require you to read the privacy policy for the respective social network provider and check the relevant privacy settings.

6. COOKIES AND SIMILAR TECHNOLOGIES

6.1. Essential cookies and website functions

These cookies and technologies are necessary for the functioning of the website and cannot be deactivated in our systems. You can set your browser to block these cookies or to notify you about these cookies. However, some areas of the website will then not function. The absolutely necessary cookies have a storage period of up to one year.

6.1.1. Consent management

Among the technologies that are strictly necessary is a tool used to manage your eventual consent to website features and/or analysis services on our website, the "Privacy Preference Center".

The cookies used in connection with this tool have a storage period of up to 1 year.

6.1.2. Google reCAPTCHA

"Captchas" are a security function of our website, which determines whether a person or a computer makes a certain input. We use the service "reCAPTCHA" from the provider of the Google fonts is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google").

When you visit a page with input options, we transmit information about your access to the reCAPTCHA service. This service checks in particular on the basis of the following information whether you are a human being or a computer:

• The IP address of your terminal device

• Referrer (address of the PAYBACK website on which the captcha is used)

• Information about the browser you use (e.g. browser type and version, screen resolution, language, installed plugins, time and date)

• If you are registered with Google and logged in, your Google account

• Your surfing behaviour on websites

• Your input behaviour (e.g. your mouse movements on the reCAPTCHA surfaces)

• If necessary, your answers to small tasks where you have to identify pictures.

The cookies used in connection with this tool have a storage period of up to 6 months.

For more information, please see Google's privacy policy and the terms of use for Google services.

6.1.3. Google Fonts

For a fast, data-saving and optically improved presentation of various texts on this website, we use Google Fonts (https://fonts.google.com/). The provider of Google Fonts is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google").

The fonts are loaded directly from your web browser into a local cache on your end device in order to be able to use them for display on our and possibly other websites. If your web browser does not support Google Fonts or access to Google Fonts is denied, your browser will attempt to display the text in a default font.

Google's privacy policy explains how Google uses and processes data https://policies.google.com/privacy?hl=en-GB

Further information about Google Fonts is available at: https://developers.google.com/fonts/faq

6.1.4. Data transmission to the USA

Google operates its servers for Google reCAPTCHA and Google Fonts in the USA, i.e. in a third country outside the EU. The services of Google transmit your data to these servers. Currently there is no EU Commission decision that the USA generally offers an adequate level of protection. However, Google has already declared that it will rely on Standard Contractual Clauses (or the so-called “SCCs”) to ensure compliance with rules regarding data transfers to the US. Additional to the SCCs, the company has to provide additional guarantees by adhering and following the continuous guidance offered by the European Data Protection Board.

6.1.5. Legal basis

The legal basis for the processing of your data in connection with these absolutely necessary cookies is Art 6 Paragraph 1 f) of GDPR (balancing of interests, based on our legitimate interest in the technically smooth provision of our website and the services offered via it).

6.2. Website functions

By integrating these online services and cookies, the website is able to provide extended functionality and personalised content, e.g. the integration of videos or easier "sharing" in social media. If you do not allow this, some or all of our services may not function properly.

6.2.1. ShareThis

To facilitate the sharing of website content in social media, we use ShareThis. ShareThis is operated by ShareThis Inc, 4005 Miranda Ave, Suite 100, Palo Alto, CA 94304, USA ("ShareThis").
Provided that you have consented to the integration of ShareThis; ShareThis will be informed that your browser has called up the corresponding page of our Internet presence and will save a cookie on your end device for future identification of your browser. ShareThis uses the data to create user profiles, which serve as a basis for interest-related advertising to visitors of Internet pages with ShareThis plug-ins. ShareThis processes the resulting data on its own responsibility.

The cookies used in connection with ShareThis have a storage period of up to 9 months.

Further information on the handling of user data can be found in the ShareThis privacy policy at https://sharethis.com/privacy/

6.2.2. Data transmission to the USA

The services required for these website functions transmit data about your use of this website to the USA. Currently there is no EU Commission decision that the USA offers an adequate level of data protection. There are also no other appropriate guarantees, enforceable rights or effective remedies to protect your data in the USA. Therefore, there is a risk that the US Service providers will not provide data will the same level of protection as it receives within the European Union. The activation of the services and the associated transfer of your data to the USA will only take place on the basis of your expressly declared consent. Please keep in mind that some of the service providers will rely on Standard Contractual Clauses (or the so-called “SCCs”) to ensure compliance with rules regarding data transfers to the US. Additional to the SCCs, the service providers will have to provide additional guarantees by adhering and following the continuous guidance offered by the European Data Protection Board.

6.2.3. Legal basis

The legal basis for the processing of your data in connection with these website functions is your consent (Art. 6 para. 1 a) of GDPR). You can revoke this consent at any time in the cookie settings. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

6.3. Marketing purposes

These services and cookies are used by our advertising partners to profile your interests and show you relevant ads on other websites. Your browser transmits information about your use of our website to servers of these companies in the USA, where it is further processed in accordance with the privacy policy of the respective recipient. The recipients process the data on their own responsibility. If you do not allow these services and cookies, you will experience less targeted advertising.

The providers of these online services use in particular the following data for the marketing purposes mentioned:

• the address of the page of our website you are visiting;

• the address of the website that you visited immediately before (the so-called "referrer") IP address of your terminal device;

• information about your location derived from the IP address;

• date and time of your call;

• transfer status (file transferred, file not found, etc.), properties of your end device, especially the operating system, the browser used and the window size of your browser;

The respective service providers may combine this information with other data that you have provided to them or that they have collected as part of your use of other services.

6.3.1. Google Analytics and Google Tag Manager

For marketing purposes we use the products "Google Analytics" and "Google Tag Manager" of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
The purpose of these tracking services is to analyse the usage behaviour of visitors to our website. Based on these analytics, we can place additional targeted advertisements in Google's advertising network to reach potential customers and/or employees for our company. Google processes some of the data collected in this process on our behalf as well as for their own purposes.
The cookies used in this context have a storage period of up to 2 years. As far as Google saves the collected data within the scope of order processing, the storage period of these data is limited to a maximum of 14 months. If Google stores the data on its own responsibility, the storage period may be longer.

For more information about the purpose and scope of data collection and the further processing and use of data by Google, as well as your options for settings to protect your privacy, please see Google's privacy policy at: https://policies.google.com/privacy

6.3.2. LinkedIn Analytics and LinkedIn Ads

For marketing purposes, we use the LinkedIn Analytics and LinkedIn Ads products of the LinkedIn social network, LinkedIn, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn").

The purpose of these tracking services is to analyse the usage behaviour of visitors to our website. Based on these analytics, we can place targeted advertisements in LinkedIn's advertising network to reach potential customers and/or employees for our company. LinkedIn processes the data collected in this process for its own purposes.

The cookies used in this context have a storage period of up to 2 years.

For more information about the purpose and extent of data collection and LinkedIn's further processing and use of the data, as well as your privacy preferences, please refer to LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy

6.3.3. Data transmission to the USA

The services required for these marketing purposes transmit data about your use of this website to the USA. Currently there is no EU Commission decision that the USA offers an adequate level of data protection. There are also no other appropriate guarantees, enforceable rights or effective remedies to protect your data in the USA. Therefore, there is a risk that the US Service providers will not provide data will the same level of protection  as it receives within the  European Union. . The activation of the services and the associated transfer of your data to the USA will only take place on the basis of your expressly declared consent. Please keep in mind that some of the service providers will rely on Standard Contractual Clauses (or the so-called “SCCs”) to ensure compliance with rules regarding data transfers to the US. Additional to the SCCs, the service providers will have to provide additional guarantees by adhering and following the continuous guidance offered by the European Data Protection Board.

6.3.4. Legal basis

The legal basis for the processing of your data in connection with these marketing purposes is your consent (Art. 6 para. 1 a) of GDPR). You can revoke this consent at any time in the cookie settings. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

7. RIGHT TO OBJECT

If you think it is justified by a good reason, in certain circumstances you have the right to object to the processing of your Personal data, if the legal requirements are met. To declare your objection, you can contact us by e-mail at: data.protection@nttdata.ro

8. YOUR OTHER RIGHTS

On request, we will inform you whether and, if so, which data about you have been stored. If the legal requirements are met, you have the right to correct, restrict the processing or delete this data and to access to your personal data or ask for a copy.

You also have the right to receive the data concerning you that you have provided us with in a structured, common and machine-readable format. You may transmit this data or have it transmitted to other entities. You also have the right to withdraw consent, when given, at any time and without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal.

You also have a right of appeal to a supervisory authority for data protection responsible for where you live, work or where an alleged infringement has occurred.  We inform you that request of deletion of data are subject to current legal requirements to retain documents imposed on us by laws and regulations, if applicable. You can exercise your rights at any time sending an email to address mentioned above.

9. CHANGES TO THIS POLICY

We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments. In these cases, we will also adapt our data protection information accordingly. Therefore, please note the current version of our data protection declaration. We will communicate any changes to you, where we are required to do so.

DATA CONTROLLER, DATA PROTECTION OFFICER, CONTACT FOR QUESTIONS, SUGGESTIONS OR COMPLAINTS

The Data Protection Officer is Nimród Mike.

NTT DATA Romania S.A.,

19-21 Constanta Street,

Cluj – Napoca, Cluj, Romania

E-mail: data.protection@nttdata.com

Website: www.nttdata.ro

In the event of a complaint, which NTT DATA Romania cannot resolve, you can submit your complaint to the following address:

The National Supervisory Authority For Personal Data Processing (ANSPDCP)

28-30 G-ral Gheorghe Magheru Bld.

District 1, post code 010336

Bucharest, Romania,

E-mail: anspdcp@dataprotection.ro

Website: www.dataprotection.ro

If you have any questions about this privacy policy, please contact us. In addition, you can send us information, deletion and correction requests and suggestions by e-mail at: data.protection@nttdata.com or letter.