1. Home
  2. /
  3. Privacy Policy and Cookies

Privacy Policy and Cookies

Privacy and Cookie policy

The protection of personal data is important to "ASSESS" EOOD (ASSESS/ the Company). In this regard, and in accordance with the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation), we present to you general information about us and the processing of personal data by us in the various relationships in which we participate.

Contact details

"ASSESS" EOOD, UIC: 201439372, is registered in the Commercial Register and the register of non-profit legal entities and is a data controller within the meaning of the General Data Protection Regulation. The Company’s address is Sofia, Lozenets district, 47 Cherni Vrah Blvd., 2nd floor, office 17.

You can contact us by phone at +359 882 65 84 81 and by email at office@assess.bg.

Contact details for the data protection officer

For questions related to the processing of personal data by ASSESS, you can contact our Data Protection Officer Nevena Temelkova ("AMATAS" AD, UIC: 204235460) by email at DPO@amatas.eu and by phone at +359 87 9580 777.

Rights of data subjects

Data subjects have the following rights regarding the processing of their personal data:

You can exercise your rights under the General Data Protection Regulation by submitting a written application electronically to the following email address: DPO@amatas.eu or by submitting a written application to ASSESS in person or by mail at the address: Sofia, Lozenets district, 47 Cherni Vrah Blvd., 2nd floor, office 17.

Reliable technical and organizational measures for data protection are applied when processing data by ASSESS.

You can find information about the processing of personal data by us in the various relationships we participate in through the following links.

Processing of personal data in the provision of services

As a commercial company, ASSESS provides its clients with psychological consultation services, including organizational, criminal, and sports psychology, polygraph examinations, psychological analyses, and training. Personal data is processed in these activities.

The services are most often performed on behalf of clients who require the corresponding data processing. From the perspective of the applicable data processing and protection regulations, in different scenarios, ASSESS may act as a data controller or a data processor within the meaning of the General Data Protection Regulation (GDPR).

Depending on the specific service, ASSESS may process the following personal data or categories of personal data in relation to the above-mentioned activities: identification data, signature, address, contact details – phone number and email address, information about health and psychological condition at a given moment, other relevant information shared by data subjects, video data during video recording, voice data in connection with audio recording, age, gender, marital status, education, employment, criminal background, position, job application position, family environment data shared by subjects, appearance, behavior, psychological assessment, personal characteristics, physiological parameters, such as current heart activity, current skin electrical resistance, other psychological parameters, etc. During a given examination, the results are subsequently presented in analog or digital format and used as one of the indicators for assessing certain aspects, such as the truthfulness of the information communicated with the examined person during the polygraph examination.

The source of data about the person is most often the person themselves or the service provider (for data about the position being applied for and full names). In every case of data collection, the subject is informed about what data is being collected, e.g., by filling out forms, etc.

For requesting online services, such as enrolling in training, the data specified in the corresponding registration form is collected.

It is possible that during the provision of services, the relevant individuals may be subject to profiling for the purpose of performing the respective assessments and analyses. Such profiling will be carried out in compliance with established methodologies for conducting the respective tests and analyses. In all cases, ASSESS will not make automated decisions based on profiling, nor any other decisions based solely on automated processing.

The data may be processed for the following purposes, determined by the data controller in cases where ASSESS acts as a data processor, or by ASSESS when it acts as a data controller:

When acting as a data processor, ASSESS processes data for specific purposes determined by the data controller. When providing services directly to the individual, the grounds that apply or may apply to the processing of personal data include the performance of contracts concluded with the respective individual or taking steps at the request of that individual before the conclusion of contracts (Article 6, paragraph 1, letter "b" of the General Data Protection Regulation). Data may also be processed to comply with ASSESS's legal obligations, such as issuing an invoice (Article 6, paragraph 1, letter "c" of the General Data Protection Regulation), legitimate interests of ASSESS, such as improving the quality of the provided services (Article 6, paragraph 1, letter "f" of the General Data Protection Regulation), the individual's consent (Article 6, paragraph 1, letter "a" and Article 9, paragraph 2, letter "a" of the General Data Protection Regulation), for example, when conducting research.

In processing personal data, ASSESS strictly adheres to the General Data Protection Regulation and other applicable legislation.

To achieve the purposes outlined in this notice, ASSESS may provide, in accordance with the provisions of applicable legislation, personal data of individuals to the following categories of persons: its employees, according to the "need to know" principle, to competent state authorities in cases provided by law. Beyond these cases, as a data processor, ASSESS provides data in the form of results from conducted studies to the respective data controller (client for whom the study is conducted), where applicable.

ASSESS does not intend to provide data to countries or legal entities outside the European Economic Area, nor to international organizations. In the case of such provision, the requirements of applicable legislation will be followed.

The data is stored for the following periods/terms, calculated according to the following criteria:

In all cases, data is processed for a limited period of time, in accordance with the purposes and legal regulations. 

In the event of a refusal to provide certain personal data, ASSESS may be unable to perform the relevant activities and objectives for which the data is required. In all cases, the consequences of not providing the data will be duly explained to the relevant persons. Personal data, for which there is no explicit legal obligation to store, are deleted after the achievement of the purposes for which they were collected. 

Regarding those personal data that ASSESS processes based on the consent of the individual, the latter should know that they have the right to withdraw their consent at any time, free of charge and without consequences for them. The withdrawal of consent does not affect the lawfulness of the processing based on consent given before its withdrawal

Processing of personal data in connection with relations with counterparties

ASSESS is a legal entity and employer. In carrying out its activities, fulfilling its legal obligations, and for its needs, the Company mainly cooperates with other legal entities (companies providing services to ASSESS, banks, and other financial institutions, suppliers), which in these relationships are represented by individuals, for whom personal data is processed. The personal data of such persons are processed for the following purposes:

The legal grounds for data processing are compliance with legal obligations applicable to the Company and the legitimate interest of the administrator related to the performance of its activities as a legal entity and employer, including for receiving services that support its activities. The grounds arise from the current legislation, for example, the Obligations and Contracts Act, the Commercial Act, the Tax-Insurance Procedure Code, the Accounting Act, the Anti-Money Laundering Measures Act, the Anti-Terrorism Financing Act, the Electronic Communications Act, the Consumer Protection Act, and other laws and applicable subordinate normative acts. 

ASSESS processes personal data of representatives of counterparties according to the specific case and necessity. The data that may be processed include identification data according to the case, correspondence address, telephone number, email address, other contact data, place of work, and employer data, representation data. The information that such persons share in communication with us (at meetings, exchange of letters and emails, telephone conversation, chat, sending short text messages, emails, and others), which may contain personal data, is possible to be processed if it relates to the relationships between the parties. The data will be collected from our counterparties or the individuals themselves. If necessary, public sources can be used, for example, the counterparty’s website, the Commercial Register, and the register of non-profit legal entities, etc. In case personal data is required from the data subjects and they do not provide it voluntarily, other legal means and methods for obtaining this data may be used, including contact with counterparties. In each specific case, individuals are informed of the consequences if they do not provide data. 

The data is processed by employees of the Company who have undertaken obligations to maintain the confidentiality of the information that has become known to them in the performance of their official duties and who have received this information specifically in connection with the duties they perform in the Company. In compliance with the current legislation and in the cases provided by law, data may be provided to competent administrative and judicial authorities and institutions. Data may also be provided to personal data processors and their subcontractors (providing services necessary for the activities of ASSESS), with whom contracts have been concluded, which provide for the respective protection of personal data. Data may be provided to operators providing postal services, in connection with these services, to banks, credit bureaus, and debt collection agencies, etc., with the provision to third parties being carried out after an assessment in each specific case regarding the necessity of their provision and compliance with regulatory requirements.

ASSESS will not provide personal data to representatives of its counterparties to countries or organizations outside the European Economic Area. It is possible for data to be processed outside the European Economic Area when using communication platforms, provided that the requirements of the regulation are met and transparency is ensured. In case there is a future need for other operations involving the transfer of personal data processed by the Company to third countries or international organizations, the provisions of the General Data Protection Regulation will be followed, including any subsequent transfer of personal data from the third country or international organization to another third country or organization. Personal data of natural persons – representatives of legal entities – counterparties, will be processed by ASSESS for a period no longer than necessary to achieve the respective purpose for which the data were collected or until the expiration of the legal period. 

ASSESS does not pwerform profiling to the representatives of its counterparties and does not make automated decisions that have legal consequences for these individuals.”

Processing of personal data of job applicants

ASSESS is an employer. In this regard, the Company processes personal data of job applicants. 

During staff selection procedures, ASSESS receives personal data of job applicants directly from them, through job application platforms, or through recruitment agencies. In the latter two cases, before the data is received by ASSESS, it is processed by the respective platform/recruitment agency, without ASSESS being involved in this processing. It is also possible to process public information in the candidate’s LinkedIn professional network profile. 

The following categories of personal data are processed during staff selection: identification data, data on acquired educational degrees and additional qualifications, data on acquired work experience, telephone number and email address for contact, data from conducted skill and integrity tests for some job positions, and video surveillance recordings during some such tests or during on-site interviews in premises where video surveillance is conducted. The personal data of the candidates are processed on the basis of Article 6, paragraph 1, point “b” of the General Data Protection Regulation – for taking steps at the request of the candidate before concluding a contract (pre-contractual relations between the candidate and the company), Article 6, paragraph 1, point “e” of the General Data Protection Regulation – the legitimate interest of ASSESS in selecting employees who meet the requirements for the position being applied for, and on the basis of Article 6, paragraph 1, point “c” of the General Data Protection Regulation – for compliance with legal obligations applicable to the company, as provided for in labor legislation, for example, in the Labor Code. The processing is carried out for the following purposes: selection of suitable candidates for vacant positions at ASSESS, as well as for the preparation of documents for the appointment of approved candidates. 

In the first stage of the selection procedure, the company processes the personal data of job applicants indicated in the resumes (CVs), as well as any data in the LinkedIn profile of the employee and in forms filled out on the company’s website, if applicable, sent to ASSESS by the candidates. Data indicated in cover letters, if such are sent by the candidates, are also processed.

ASSESS has not established a special CV form and does not restrict candidates to such a format. A CV can be submitted in a format chosen by the candidate, provided it includes information in accordance with the requirements for the vacant position announced by the company. Using standard European CV formats, candidates may provide the following personal data: full name, address, contact information (phone number, fax, email), nationality, date of birth, employment history, education, qualifications and training, information on personal, social, organizational, technical, and other competencies. A current photo should be attached to CVs according to standard templates. Candidates may also include additional information at their discretion. The data in the submitted CV will be processed in full when reviewing the application.

When submitting an application through the ASSESS platform on the company’s website, the data provided there is processed.

Data in CVs sent by candidates or submitted online are processed by company employees involved in recruitment or by data processors on behalf of and for ASSESS, as well as by individuals in managerial positions within the company, such as the head of the department where the vacancy exists. Candidate data may also be disclosed to public authorities if there is a legal basis for doing so.

After reviewing the received CVs, ASSESS contacts the candidates who have passed the first stage of the selection process and invites them to participate in the second stage – the interview. This second stage includes a discussion regarding the information provided in the first stage and aims to further analyze the candidate's potential to perform the position they applied for, as well as their alignment with the set criteria. The interviews are conducted by a team of company employees who have the competence to assess the candidate’s ability to perform the position, as well as by the department where the vacancy exists. For some positions related to access to sensitive information about the company and its clients, additional tests may be applied, such as tests for skills and orientation, integrity, and others, depending on the position applied for. It is possible for interviews to be conducted both before and after the relevant tests.

If job candidates do not provide ASSESS with information at any stage of the selection process that allows the evaluation of their suitability, they may not be invited to the next stage. It is also possible that candidates may formally meet the requirements but not be invited to continue in the selection process if other candidates are deemed more suitable for the specific position.

After completing the second stage of the selection process, the company contacts the relevant individuals to inform them whether they have been approved to start work at ASSESS. Approved candidates are asked for additional data required for concluding the employment contract, in accordance with labor legislation requirements and the specifics of the position applied for.

Personal data of job candidates at ASSESS is not provided to states or legal entities outside the European Economic Area, nor to international organizations.

ASSESS does not perform automated decision-making. Some profiling may occur during certain stages of the selection process based on the information previously provided by the candidate, but the decision on compliance with the employer’s requirements for the vacant position is always made after a detailed analysis of all data and by people, not machines, taking into account all relevant factors.

The personal data of job candidates is retained by ASSESS until the expiration of the following periods:

Processing of personal data when using the company's website

This notice contains information about the processing of personal data when using this website. "Usage information" refers to data about online activity that does not by itself identify an individual, such as browser type, operating system, most viewed and visited pages and links on the website, entry and exit points, number of form completions, time spent on the page, most popular keywords used outside the site to drive traffic to the website, information collected through cookies, and other device events, such as system activity. Personal data and usage data may be linked. Different types of usage data may also be combined, and once linked, may lead to identifying a particular person. Additionally, some usage data may be considered personal data under applicable legislation.

ASSESS collects the information you provide to us, as well as data from the use of the website and the services offered through it. The information we collect and how we process it depends on how you use and access the website. Some data is collected automatically through the use of cookies and other similar data collection tools, which data subjects have control over.

ASSESS has implemented a special mechanism for cookie management by website users.

ASSESS collects personal information and usage data when a user submits a request for certain services, contacts us, otherwise provides their personal information, or uses other services. We collect the information and content you send to us when you enter data into contact forms on our website, request additional information about a particular service, and when we engage in other types of communication.

Information We May Collect Through Automated Technologies

While you browse and use our website, we may use automated technologies to collect data to process certain information about equipment, searches, and trends, including:

We may also use these technologies to collect information about your online activities across third-party websites or other online services.

The information we collect automatically helps us improve our website and provide better and more personalized service.

All information you provide to ASSESS is stored with the application of reliable protective measures.

Technologies We Use for Automatic Data Collection

The technologies we use for automatic data collection may include:

1. "Cookies" (Browser Cookies)

A cookie is a small text file or packet of information stored on your device's hard drive (computer, mobile device, tablet) when you visit a web page. Subsequently, the website server may retrieve or read the content of the cookie. Cookies help users efficiently use web pages and enable certain functionalities on these pages (such as remembering user preferences like language, settings, font, etc.). Allowing all cookies is not absolutely necessary for the website to function but may contribute to better usage. You can change your cookie settings or refuse to accept cookies in your browser, except for those necessary for the site's operation, by activating the appropriate setting in your browser.

On this website, cookies may fall into the following categories: 

1.1. Strictly Necessary Cookies – Essential for using the site and providing requested services. These cookies enable the site to function, supporting basic functions like navigation between pages and access to secure parts of the site. The site cannot operate properly without these cookies. These cookies are enabled by default due to their specific nature. 

1.2. Functionality Cookies – Allow the site to remember information that changes how the site behaves or looks, such as your preferred language or the region you are in. 

1.3. Statistical Cookies – Help site owners learn how visitors interact with sites by collecting and reporting anonymous information. 

1.4. Marketing Cookies – Used to track visitors between different sites. Their purpose is to display advertisements that are relevant to the individual user and may be of interest to them, making them more valuable to advertisers and third parties. 

1.6. Changing Cookie Settings

Most web browsers by default allow cookies to be placed on the end device. Browsers provide options for controlling the cookies used through the browser’s settings. More information about cookies can be found at www.aboutcookies.org or www.allaboutcookies.org. You can also use the cookie management options for your browser (Google Chrome, Microsoft Edge, Mozilla Firefox, Microsoft Internet Explorer, Opera, Apple Safari, etc.). Information can also be found on the websites of other entities that use cookie information, such as Google.

2. Flash Cookies

Many websites use Adobe Flash Player to deliver video and content to their users in the form of infographics. Adobe uses its own cookies that cannot be managed through your browser settings. These are used by Flash Player for the same purposes as other cookies, i.e., to store preferences or track users. Flash cookies operate differently from cookies in your web browser. You can control how much information is stored in such cookies but cannot choose what type of information is stored. Some functions on our website may work with such locally stored objects (Flash cookies) to collect and store information about your preferences and navigation to, from, and on our website. More information on controlling such cookies can be obtained from Adobe.

3. Web Beacons

Pages on our website and our emails may contain small electronic files known as web beacons (also called clear gifs, pixel tags, and single-pixel gifs), which allow the company, for example, to count users who have visited those pages or opened an email, as well as for other statistical data related to the website (e.g., recording the popularity of certain website content and checking the integrity of the system and server).

We do not automatically collect personal information through the above methods, but we may, if necessary, link this information with personal information about you that we collect from other sources or that you provide to us.

4. Third-Party Cookies and Other Tracking Technologies

On our website, as described above in the cookie description, some content or applications, including advertisements, are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies on their own or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information collected may be linked to your personal data or may include information about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based ads or other targeted content.

We do not control these third-party tracking technologies or how they may be used. If you have questions about advertising or other targeted content, you should contact the responsible provider directly.

5. How We Use Your Information

We use the personal information we collect to operate, improve, and personalize our website and services, including providing customer service, personalizing our marketing, and detecting, preventing, and mitigating fraudulent or illegal activities. We may use your personal information as follows:

6. Legal Grounds for Processing Personal Data

The grounds for processing personal data that we apply are those provided in Regulation (EU) 2016/679 (the General Data Protection Regulation), namely:

7. Disclosure of Information

We may disclose aggregated information about our users and information that does not identify anyone, without restrictions.

We may disclose personal information that we collect or you provide, as described in the privacy notice, to:

We use cookies on our website. By continuing you accept these cookies. Find out more about cookies