Social Engineering

RECRUITING PRIVACY NOTICE

Novalite respects your right to know how we handle personal data

We compiled this Privacy Notice with the objective to clarify the manner in which we collect and process Your personal data. We recommend that you carefully read this Notification so as to familiarize yourself with the processing of Your personal data. If you have any further questions, please contact us via the following e-mail address: administration@novalite.rs

CONTENT

1. Who is the processor of personal data?
2. Does this Privacy Notice refer to You?
3. What personal data do we process?
4. For what purposes does NovaLite process your personal data and what is the legal basis for processing?
5. Who has access to your personal data?
6. How long do we store your personal data?
7. What measures do we undertake to protect your personal data?
8. What can you request when it comes to your personal data?
9. What if I have some other questions?

1. WHO IS THE PROCESSOR OF PERSONAL DATA?

The processor of personal data is the company:
Legal entity: NovaLite LLC Novi Sad, entered into Business Register at the Business Registers Agency;
Address: Futoška 89, 21000 Novi Sad; Reg. file no.: 20711132
Legal representatives: Nikola Petkov, Director and Igor Trusina, Director;
E-mail: administration@novalite.rs
Telephone: +381 (0)21 66 16 432

2. DOES THIS PRIVACY NOTICE REFER TO YOU?

This Privacy Notice refers to You if you have decided to apply for a job in the company NovaLite in any of the following manners: applications via NovaLite website, applications via various online platforms for employment (Infostud, Helloworld, Joberty etc.), applications via social networks (Linkedin, Facebook etc.), applications through an official e-mail address of NovaLite, applications at job fairs (Konteh etc.)

3. WHAT PERSONAL DATA DO WE PROCESS?

Your personal data that we collect include:

• Contact personal data: name, surname, place of residence, e-mail, telephone number;
• Personal data such as gender, date of birth, age, nationality if you have listed them in your job application;
• Information on previous work experience and potential letters of recommendation from previous employers;
• Information regarding education, training and professional specialization. This includes your level of qualifications and education, results of assessments at courses or trainings you may have attended, as well as the acquired certificates and diplomas;
• Documents (e.g. curriculum vitae – CV, letters of recommendation, certificates, diplomas), if the candidate submits them in an application;
• Other information you provide to us in the application form itself, or later, during interviews or testing in the candidate selection process, including printed candidate biographies (CVs), interview notes, and the results of candidate tests performed. The tests include testing of knowledge of registered candidates for a specific job position that is being filled.

We will sometimes process certain personal data that are considered sensitive in nature, for reasons strictly related to the proper fulfilment of obligations we may have as your potential employer, for security reasons and to the extent required by applicable law. We will process the following sensitive personal data: 1) data on your health condition, if it is about inclusion, namely engagement of persons with special needs; 2) criminal convictions or misdemeanours, only if it is prescribed by internal acts for certain positions you have applied for, in order to eliminate risks and ensure a safe working environment, all in the context of pre-employment checks in the candidate selection process.

We need to collect the above-mentioned personal data in order to fulfil our obligation for the purpose of considering concluding an employment agreement with you, or because it is prescribed by legal regulations.

4. FOR WHAT PURPOSES DOES NOVALITE PROCESS YOUR PERSONAL DATA AND WHAT IS THE LEGAL BASIS FOR PROCESSING?

We will process Your personal data for the following purposes:

• For the needs of candidate selection process – when applying for a certain job, you provide us with certain data, which we process in order to select the proper candidate for the appropriate position in the process. Your data are processed, in particular, during the process of managing the applications of candidates in preparation for employment in NovaLite;
• Risk and observing of regulations – a need may occur for us to process your data in accordance with the law or court decision during a dispute settlement or investigations into unlawful actions, complaints or legal procedure or in case we suspect that improper action has taken place that requires additional investigation. We undertake the above-mentioned activities taking into consideration that we have legally liable interest or in order for us to comply with legal obligations.

NovaLite processes your personal data in accordance with the national data protection laws (Personal Data Protection Act) and any other applicable national regulations.

The starting legal grounds for the above-mentioned purposes include the law (e.g. in order to undertake steps at a subject′s request – in this case the applicant – before concluding an agreement), approval (e.g. personal data submitted by the applicant at his/her own initiative and on voluntary basis) as well as legitimate interest (e.g. for HR assessments – controlling, analytic reporting).

5. WHO HAS ACCESS TO YOUR PERSONAL DATA?

The data can be accessed only by persons involved in the application process and candidates selection process, such as: HR managers, HR associates, participants in interviews, colleagues from the field of expertise for which the position is made available, directors, founders (owners) of NovaLite and system administrator. The above-mentioned persons have access to your personal data in the company NovaLite, and in the sense of application that you have submitted to the Company. The data on your application can be revealed to other parties with your consent (potential or current clients of the company NovaLite, accounting agency etc.) if you are considered suitable for a certain position within the NovaLite, we will inform you about via an e-mail address.

Your personal data may be disclosed to other data users only if it is a pre-requisite for an application, if we or a third party have a legitimate interest for this disclosure, or if you have given your consent. You can find details of the legal basis in the section of this Notice entitled “Purpose of Processing and Legal Basis”. Also, potential and current customers of NovaLite can be defined as third parties.

We may disclose your personal data to subcontractors, service providers or groups outside the European Economic Area (EEA) only if the EU Commission has confirmed that the third country concerned has the appropriate level of data privacy or if there are other appropriate data privacy guarantees.

At your request, we shall submit a list of recipients in third countries and a copy of specifically agreed regulations so as to secure an adequate level of data privacy.

6. HOW LONG DO WE STORE YOUR PERSONAL DATA?

We store your personal data for 3 years. The criteria for determining the time during which we store these data include: the duration of calls for applications announced for certain vacancies and the real need of the company to hire certain professional profiles even after the end of these vacancies. By accepting the provisions of this Notice, you accept the stated period of storage and processing of your data. After the expiration of the call for which you have applied, you can request the deletion of your personal data at any time.

7. WHAT MEASURES DO WE UNDERTAKE TO PROTECT YOUR PERSONAL DATA?

NovaLite undertakes all necessary technical and organisational measures in order for us to secure an adequate level of protection and protect your personal data particularly from unwanted or unlawful erasure, manipulation, loss, modification or disclosure or access to unauthorized third parties. We constantly improve our safety measures and maintain them in accordance with the latest technological and technical standards.

8. WHAT CAN YOU REQUEST WHEN IT COMES TO YOUR PERSONAL DATA?

You can request an access, correction, erasure or limitation of personal data you have previously submitted. At the same time you can file a complaint against our processing of your personal data, or, you are entitled to withdraw your consent when we carry out processing based on the consent. You can ask for an electronic copy of your personal data for the purpose of transferring to another company (data transferability). We shall clarify each of the above-mentioned requests below. In each of these cases we urge you to send us a message via e-mail at the following e-mail address adminsitration@novalite.rs if you wish to exercise some of your rights, or if you have any additional questions regarding data protection. We shall answer your request in accordance with the applicable law.

RIGHT OF ACCESS

You have the right to access your personal data that we store about you and to have an insight into what type of data we collect and for what purposes.

RIGHT OF CORRECTION OR ERASURE

We undertake adequate measures so as to guarantee that the information stored about you are correct and complete. However, if you do not believe that is the case, you may ask for information to be updated or revised.

In some cases, you have the right to request for your personal data to be erased, such as, for example, when there is no longer an original need to store your personal data that we collected or when you withdraw your consent. However, it has to be in compliance with other circumstances. For example, we may not be able to respond to your request due to certain legal or statutory obligations.

RESTRICTION OF PROCESSING

In some cases, you have the right to request for temporary cessation of personal data processing such as, for example, when you consider that the personal data we store on you are incorrect or when you believe that there is no longer a need for us to store them anymore.

DATA TRANSFERABILITY

In some cases, you have the right to request a transfer of your personal data that you submitted, whether the end recipient is you or a third entity of your choosing.

COMPLAINT

You have the right to submit a complaint against processing we perform based on our legitimate interest. Unless there is an explicit legal basis for data processing, we will stop processing personal data based on the complaint you have filed. However, please keep in mind that we may not be able to provide certain services or benefits if we are unable to process necessary personal data for these purposes.

WITHDRAWAL OF CONSENT (REVOCATION OF THE CONSENT)

We may, in certain cases, ask you for a consent to the processing of your personal data. In that case, you have the right to withdraw your consent at any time with the effect for the future. This will not affect the legality of our processing of your data prior to withdrawal of the consent.

9. WHAT IF I HAVE SOME OTHER QUESTIONS?

If you wish to contact NovaLite regarding the processing of your personal data, we urge you to send a message to the following e-mail address: administration@novalite.rs. The other option you have at your disposal is to forward the complaint to the data protection authority in your country or region, or in case of a claim that there has been a violation of the applicable data protection law, namely the Commissioner for Personal Data Protection. The Commissioner for Information of Public Importance and Personal Data Protection is the competent authority in the Republic of Serbia (Bulevar kralja Aleksandra 15, 11 000 Belgrade, Serbia, e-mail:office@poverenik.rs, Telephone: +381 11 3408 900, Fax: +381 11 3343 379).

NovaLite LLC Novi Sad, May 21st, 2020

OBAVEŠTENJE O PRIVATNOSTI

Novalite poštuje vaše pravo da znate kako obrađujemo lične podatke

NovaLite je sačinilo ovo Obaveštenje o privatnosti s ciljem da objasnimo na koji način prikupljamo i koristimo Vaše podatke o ličnosti. Preporučujemo da pažljivo pročitate ovo Obaveštenje kako biste se upoznali sa obradom Vaših ličnih podataka. Ukoliko imate bilo kakva pitanja nakon što ste ovo Obaveštenje pročitali, molimo Vas da nas kontaktirate putem sledeće e-mail adrese: administration@novalite.rs

SADRŽAJ

1. Ko je rukovalac podataka o ličnosti?
2. Da li se ovo Obaveštenje o privatnosti odnosi na Vas?
3. Koje podatke o ličnosti obrađujemo?
4. U koje svrhe NovaLite obrađuje vaše lične podatke i koji je pravni osnov obrade?
5. Ko ima pristup vašim ličnim podacima?
6. Koliko dugo čuvamo vaše lične podatke?
7. Koje mere preduzimamo da zaštitimo vaše lične podatke?
8. Kakve zahteve možete da uložite kada su u pitanju vaši lični podaci?
9. Šta ukoliko imam neka druga pitanja?

1. KO JE RUKOVALAC PODACIMA O LIČNOSTI?

Rukovalac podacima o ličnosti je privredno društvo:
Pravno lice: NovaLite doo Novi Sad, upisano u Registar privrednih društava kod Agencije za privredne registre;
Adresa: Futoška 89, 21000 Novi Sad; Matični broj: 20711132
Zakonski zastupnici: Nikola Petkov, direktor i Igor Trusina, direktor;
E-mail: administration@novalite.rs
Telefon: 021/66-16-432

2. DA LI SE OVO OBAVEŠTENJE O PRIVATNOSTI ODNOSI NA VAS?

Ovo Obaveštenje se odnosi na Vas ukoliko ste odlučili da se prijavite za posao u kompaniji NovaLite doo i to na bilo koji od navedenih načina: prijave putem NovaLite website-a, prijave putem raznih online platformi za zapošljavanje (Infostud, Helloworld, Joberty i sl.), prijave putem društvenih mreža (linkedin, facebook i sl.), prijave putem zvanične email adrese NovaLite-a, prijave na sajmovima za zapošljavanje (Konteh i sl.)

3. KOJE PODATKE O LIČNOSTI OBRAĐUJEMO?

Vaši lični podaci koje prikupljamo su:

• lični podaci za kontakt: ime, prezime, adresa prebivališta, elektronska pošta, broj telefona;
• lični podaci kao što su pol, datum rođenja, godine života, nacionalnost, ukoliko ste ih naveli u prijavi za posao;
• informacije o prethodnom radnom iskustvu i eventualne preporuke prethodnih poslodavaca;
• informacije u vezi sa obrazovanjem, obukom i stručnim usavršavanjem. Tu spadaju vaša stručna sprema i obrazovanje, rezultati procena na kursevima ili obukama koje ste eventualno pohađali, kao i stečeni sertifikati i diplome;
• dokumenti (npr. radna biografija – CV, pisma preporuke, sertifikati, diplome), ukoliko ih kandidat dostavi u prijavi;
• druge informacije koje nam dostavite u samoj formi prijave, ili kasnije, tokom intervuja ili testiranja u postupku selekcije kandidata, uključujući i štamapane biografije kandidata (CV), beleške sa intervjua, kao i rezultate urađenih testova kandidata. Pod testovima se podrazumeva provera znanja prijavljenih kandidata za odredjenu radnu poziciju koja se popunjava.

Mi ćemo ponekad vršiti obradu određenih podataka o ličnosti za koje se smatra da su osetljive prirode, iz razloga koji se strogo odnose na pravilno izvršavanje obaveza koje možemo imati kao vaš potencijalni poslodavac, iz razloga bezbednosti i u meri u kojoj to propisuje važeći zakon. Vršićemo obradu sledećih osetljivih podataka o ličnosti: 1) podaci o vašem zdravstvenom stanju, ukoliko se radi o inkluziji, odnosno angažovanju lica sa posebnim potrebama; 2) krivične presude ili prekršaji, samo ukoliko je to propisano internim aktima za određene pozicije na koje ste se prijavili, radi otklanjanja rizika i obezbeđivanja sigurnog radnog okruženja, sve u konktekstu provere pre zapošljavanja u procesu selekcije kandidata.

Lične podatke opisane u prethodnom stavu je potrebno da prikupimo da bismo ispunili svoju obavezu radi razmatranja zaključenja ugovora o radu sa vama, ili zato što to nalažu zakonski propisi.

4. U KOJE SVRHE NOVALITE OBRAĐUJE VAŠE LIČNE PODATKE I KOJI JE PRAVNI OSNOV OBRADE?

Obradu Vaših ličnih podataka ćemo vršiti za sledeće svrhe:

• za potrebe procesa selekcije kadidata – prilikom prijavljivanja za određeno radno mesto Vi nam dostavljate određene podatke, koje obrađujemo kako bismo u tom procesu odabrali pravog kandidata za odgovarajuću poziju. Vaši podaci se obrađuju, posebno, tokom procesa upravljanja prijavama kandidata u pripremi za radni odnos u NovaLite;
• rizik i poštovanje propisa – može se ukazati potreba da obrađujemo vaše lične podatke da bismo postupili u skladu sa zakonom ili odlukom suda i to u procesu rešavanja sporova i istraga neispravnog postupanja, žalbi ili zakonskih postupaka ili ako sumnjamo da je došlo do neispravnog postupanja koje zahteva dodatno ispitivanje. Navedene aktivnosti preduzimamo imajući u vidu da za to imamo zakonski opravdan interes, ili da bismo ispunili zakonske obaveze.

NovaLite vrši obradu Vaših ličnih podataka u skladu sa, nacionalnim zakonima o zaštiti podataka o ličnosti (Zakon o zaštiti podataka o ličnosti) i sa bilo kojim drugim važećim nacionalnim propisima.

Kao polazna pravna osnova za prethodno navedene svrhe je zakon (npr, da bi se preduzeli koraci na zahtev subjekta – u ovom slučaju kandidata – pre sklapanja ugovora), saglasnost (npr. podaci o sebi koje kandidat dostavi samoinicijativno i dobrovoljno) i legitimni interes (npr za HR procene – kontrolisanje, analitičko izveštavanje).

5. KO IMA PRISTUP VAŠIM LIČNIM PODACIMA?

Pristup podacima imaju samo ona lica koja su uključena u proces prijave i selekcije kandidata: HR menadžeri, HR saradnici, učesnici u intervjuima, kolege iz domena stručnosti za koju se poziciju zapošljava, direktori, osnivači (vlasnici) NovaLite, sistem administrator. Ova lica imaju pristup Vašim ličnim podacima u privrednom društvu Novalite, a u smislu prijave koju ste dostavili Društvu. Pored toga, podaci o Vašoj prijavi, uz vaš pristanak, mogu biti otkriveni drugim stranama (potencijalnim ili tekućim klijentima kompanije NovaLite, knjigovodstvenoj agenciji i dr.) ako se smatraju pogodnim za određenu poziciju unutar NovaLite o čemu ćete biti obavešteni putem, e-mail adrese.

Vaši lični podaci mogu biti otkriveni drugim korisnicima podataka samo ako je to potrebno za prijavu, ako mi ili treća strana, imamo legitiman interes za ovo otkrivanje, ili ako ste dali svoju saglasnost. Možete pronaći detalje pravnog osnova u odeljku ovog Obaveštenja pod nazivom “Svrha obrade i pravni osnov”. Takođe, potencijalni i tekući klijenti Novalite mogu biti definisana kao treća lica.

Vaše lične podatke možemo objaviti podizvođačima, pružaocima usluga ili grupama koje se nalaze izvan Evropskog ekonomskog područja (EEA) samo ako je Komisija EU potvrdila da dotična treća zemlja ima odgovarajući nivo privatnosti podataka ili ako postoje druge odgovarajuće garancije privatnosti podataka.

Na vaš zahtev, dostavićemo vam spisak primalaca u trećim zemljama i kopiju konkretno dogovorenih propisa kako bismo osigurali odgovarajući nivo privatnosti podataka.

6. KOLIKO DUGO ČUVAMO VAŠE LIČNE PODATKE?

Vaše lične podatke čuvamo 3 godine. Kriterijumi za određivanje vremena tokom koga čuvamo ove podatke su: trajanje konkursa raspisanih za određene radne pozicije i realna potreba kompanije za zapošljavanjem određenih radnih profila i nakon završetka tih konkursa. Prihvatanjem odredbi ovog obaveštenja Vi prihvatete i navedeni rok čuvanja i obrade vaših podataka. Nakon isteka konkursa za koji ste se prijavili možete u svakom trenutku tražiti brisanje vaših ličnih podataka.

7. KOJE MERE PREDUZIMAMO DA ZAŠTITIMO VAŠE LIČNE PODATKE?

Novalite preduzima sve neophodne tehničke i organizacione mere kako bismo osigurali odgovarajući nivo bezbednosti i zaštitili Vaše lične podatke naročito od rizika od neželjenog ili nezakonitog uništenja, manipulacija, gubitka, promene ili otkrivanja ili pristup neovlašćenim trećim licima. Neprestano unapređujemo naše sigurnosne mere i održavamo ih u skladu sa poslednjim tehnološkim i tehničkim standardima.

8. KAKVE ZAHTEVE MOŽETE DA ULOŽITE KADA SU U PITANJU VAŠI LIČNI PODACI?

Možete da tražite pristup, ispravku, brisanje ili ograničavanje ličnih podataka koje ste nam prethodno dostavili. Takođe možete uložiti prigovor na naše obradu Vaših ličnih podataka, ili, kada vršimo obradu ličnih podataka na osnovu saglasnosti, da povučete svoju saglasnost. Pored toga, možete zahtevati da primite elektronski primerak svojih ličnih podataka za potrebe prenosa drugom društvu (prenosivost podataka). U nastavku dajemo objašnjenje za svaki od ovih zahteva. U svakom od ovih slučajeva vas molimo da pošaljete poruku elektronskom poštom na sledeću e-mail adresu: adminsitration@novalite.rs ako želite da iskoristite neko od svojih prava, ili ukoliko imate dodatna pitanja u vezi sa zaštitom podataka o ličnosti. Na Vaš zahtev ćemo odgovoriti u skladu sa važećim zakonom.

PRAVO PRISTUPA

Imate pravo da zahtevate pristup svojim ličnim podacima koje čuvamo o Vama i da saznate detalje o tome koje podatke prikupljamo i za koje ih svrhe koristimo.

PRAVO NA ISPRAVKU ILI BRISANJE

Mi preduzimamo primerene mere da obezbedimo da informacije koje o vama čuvamo budu tačne i kompletne. Međutim, ako ne verujete da je tako, možete da zatražite da se one ažuriraju ili izmene.

U nekim slučajevima, imate pravo da tražite da se Vaši lični podaci izbrišu, kao na primer, kada ne postoji više prvobitna potreba da se čuvaju vaši lični podaci koje smo prikupili ili kada povlačite svoju saglasnost. Međutim, to se mora uskladiti sa drugim činiocima. Na primer, možda nećemo moći da ispunimo vaš zahtev zbog određenih zakonskih ili regulatornih obaveza.

OGRANIČAVANJE VRŠENJA OBRADE

U nekim slučajevima, imate pravo da tražite da se privremeno prekine sa korišćenjem vaših ličnih podataka, na primer, kada smatrate da su vaši lični podaci koje čuvamo netačni ili kada mislite da više nije potrebno da ih čuvamo.

PRENOSIVOST PODATAKA

U nekim slučajevima, imate pravo da tražite da izvršimo prenos vaših ličnih podataka koje ste nam dostavili, bilo vama bilo trećem licu po vašem izboru.

PRIGOVOR

Imate pravo da uložite prigovor na obradu koju vršimo po osnovu našeg zakonskog interesa. Osim ako za obradu podataka postoji izričit zakonski osnov, mi ćemo prestati sa obradom ličnih podataka na osnovu prigovora koji ste uložili. Međutim, molimo vas da imate u vidu da možda nećemo biti u mogućnosti da pružimo određene usluge ili pogodnosti ako ne budemo mogli da za te svrhe vršimo obradu neophodnih ličnih podataka.

POVLAČENJE SAGLASNOSTI (OPOZIV PRISTANKA)

Može se dogoditi da u određenim slučajevima od vas tražimo saglasnost za obradu vaših ličnih podataka. U tom slučaju, imate pravo da u bilo kom trenutku povučete svoju saglasnost sa efektom za budućnost. Ovo neće uticati na zakonitost naše obrade Vaših podataka pre povlačenja saglasnosti.

9. ŠTA UKOLIKO IMAM NEKA DRUGA PITANJA?

Ukoliko želite da kontaktirate Novalite u vezi sa obradom Vaših ličnih podataka, molimo vas da pošaljete poruku na sledeću e-mail adresu: administration@novalite.rs. Druga mogućnost na koju imate pravo je da pritužbu prosledite organu zaduženom za zaštitu podataka u svojoj zemlji ili regionu, ili u slučaju tvrdnje da je došlo do kršenja važećeg zakona o zaštiti podataka, odnosno Povereniku za zaštitu podataka o ličnosti. U Republici Srbiji nadležan organ je: Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti, Bulevar kralja Aleksandra 15, 11 000 Beograd, Srbija, e-mail:office@poverenik.rs, telefon: +381 11 3408 900, Faks: +381 11 3343 379.

NovaLite doo Novi Sad, 21.5.2020.

Social Engineering – Examples, Prevention, and Risk Management

Introduction to cyber security attacks

Social Engineering Life Cycle

Investigation

Hook

Play

Exit

Examples of Social Engineering Attacks

Prevention and Risk Management

There are a few guidelines to minimize the probability of becoming a social engineering victim:

Tamara Petrović

Introduction to cyber security attacks