Personal data processing outside the territory of Bulgaria in the sense of privacy policy upon staff recruitment

As a rule Yettel aims not to send the personal data of the persons referred and the applicants outside the territory of the European Union (EU) and the European Economic Area (EEA). In certain cases, however, certain data need to be sent to persons outside EU/EEA (e.g. in order to provide the service of maintenance of an information system of Yettel, which cannot be carried out without access to personal data) subject to the requirements of the applicable legislation and the provisions described in this Personal Data Policy.

In case that personal data regarding a person referred and/or an applicants need to be sent by Yettel to a country outside EU or EEA this will be done by abiding by this Confidentiality Policy and if any of the following conditions is present:
• Where there is a decision of the PDPC or the European Commission according to which the respective country ensures an adequate level of personal data protection;
• Where an agreement has been signed with the organization to which personal data are being sent and such agreement contains the standard clauses regarding data protection approved by the European Commission by Commission Decision No 2010/87/EU ( https://www.cpdp.bg/userfiles/file/Transfers/BCR_Commission_decision_2010-87_Bg.pdf );
• Where the data transfer is needed in order that a commitment to the respective person referred or applicant be fulfilled;
•Where a data transfer to an organization in the USA needs to be made, the transfer shall be made as far as the respective organization participates in the Privacy Shield adopted by decision of the European Commission on 26 July 2016 ( https://ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection_en )