Privacy Policy

MISTRAL on its web site in some cases may collect and process information of customers interested in our services, potential employees interested in potential career opportunities with us, or other third parties (vendors/suppliers, current employees, other third parties) which are hereunder refered to as ‘users’.

Our priority is to protect your privacy and we ask you to read this information carefully!

MISTRAL as the owner of the internet presentation www.mistral.ba adheres to all applicable regulations in order to protect the privacy of its users.

All users of our website and recipients of our service news that have any questions about data privacy can send mail inquries to dpo@mistral.ba

By accepting this Website Privacy Statement, the user confirms that he has read, understood, and agrees with processing of personal data according to the rules outlined below.

If a user refuses to agree with, or fails to comply with the rules outlined below – they are entitled to choose so under their own right and not access or use www.mistral.ba

1. Types of personnal data collected and processed via mistral website

When accessing the Website www.mistral.ba, the users can provide (and give consent to processing of) the following types of personnal data:

• Contact information such as first and last name, address, e-mail address (via pre-defined form) for inquiries to MISTRAL and/or subscription to newsletters and product/service offerings.
• Curriculum Vitae (CV’s), references, details of your qualifications, skills, experience and employment history, information about your current level of education, as well as benefit entitlements, photographs, and similar information provided for the purpose of applying for Careers or Jobs at MISTRAL (any other information that potential employees choose to share with us – such as social media profiles, personal preferences, hobbies, social preferences, etc.).

We do not request or require any sensitive personal information of potential employees/customers or any other user such as religion, race, health, sexual orientation, political affiliation etc. Such information, if provided by the user may be processed by Our Company only for the purpose of statistical analysis or to the extent the law requires the monitoring equality of opportunity and diversity (if applicable).

Apart from listed data, for security and similar purposes we automatically collect certain data from your computer (which may include an IP address, date and time of accessing the site, hardware and operating system information, etc. via usage of cookies – which is described in related cookie policy.

2. Purpose for collection and processing of personal data

MISTRAL collects and processes personal data of users of www.mistral.ba website for the purposes of:

• Conducting a secure authentication of users accessing the website,
• Communicating with the user, and responding to user inquiries,
• Sending notifications, newsletters, and other types of marketing matieral for improving the quality and efficiency of our services.
• Collection of Curriculum Vitae (CV) of individuals expressing interest for MISTRAL Career and Job opportunities,
• Assesment and evaluation of potential employee during recruitment procedure.

The website www.mistral.ba is not designed to collect data on children. Juveniles under 18 years of age may not use the website www.mistral.ba without consent of their parents or guardians. MISTRAL is therefore not responsible for violation of this policy by users.

The website www.mistral.ba is not designed to collect other types of sensitive personal data (under definition of applicable data protection laws) such as: political affiliations, religious beliefs and affiliations, medical records, family information, sexual preferences, etc. MISTRAL is therefore not responsible for users potentially entering such data on the website.

3.Legal basis for processing personnal data – consent

Providing personal data listed in sections above is at the user’s discretion. A user can choose not to provide mandatory data for the specific activity that requires them, while understanding that such decision will disallow them to engage in the activity in question (since requested data is mandatory for performance of particular activities).

Consequently, Users/data subjects applying for product, service, or company information or employment opportunities by entering their data on www.mistral.ba (either by provided fields or by providing such data in form of personal CV’s or other documentation) and accepting this Policy give consent to MISTRAL for processing of their personnal data provided, in accordance with internal data protection policy of MISTRAL- which may include sharing or storage of user personal data with third parties (for example, storing potential employee CV’s on software solutions hosted by third parties).

The consent for processing of personnal data provided via Website can be withdrawn at any time by sending request to MISTRAL Data Protection Officer (DPO) at dpo@mistral.ba under the condition that the user has provided MISTRAL with identification data on natural person withdrawing the consent (in order for data subject to be found).

If condition above is not met (if MISTRAL cannot verify the identity of the person sending the request) MISTRAL is not obliged to meet the request until proper information is provided.

4.What are company rights ?

The Company has the right to:

• Collect personal data on users (potential employees (applicants/data subjects), vendors or customers)
• Process personal data gathered with your consent. Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Transfer your personal data.

5.Data retention period (for personal data)

MISTRAL stores only such personal data of website user which is provided by the user via provided fields (for contact information) or other available website functions (for CV’s of potential employees, etc.).

Such personal data is retained for the time period which is defined internal Policy on management and protection of personnal data – which is from the time of data entry on the website until no longer required for internal processing by MISTRAL.

Our Company generally shall retain potential employees (i.e. Applicant Data) for the period required to serve the applicable Business Purpose, to the extent reasonably necessary to comply with an applicable legal requirement or as advisable in light of an applicable statute of limitations. Hence, your personal data provided with respect to MISTRAL Career and Job opportunities, will be retained permanently given our constant need for new employees.

As described in Deletion of Data (Right-to-be-forgotten) below – the user has the right to request from MISTRAL deletion of their data under the conditions provided below – in which case data will no longer be retained.

6.How we secure your personal data ?

We have taken adequate safeguards to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, and against all other forms of unlawful processing (including, but not limited to unnecessary collection) or further processing.

7. Your rights as data subject

You have the right to request access or an overview of your personal data, and under certain conditions, rectification and/or erasure of personal data. In addition, you may also have the right of restriction of processing concerning your personal data, the right to object to processing as well as the right to data portability.

The company will enable appropriate conditions and measures to act on your request of the data subject for exercising his or her rights, listed as follows:

a. ACCESS TO YOUR PERSONAL DATA

Access to your personal data within our company

The employees involved in the relevant recruitment procedure or customer support may have access to your personal data, be it only to the extent necessary to fulfil their respective tasks. These employees are for example our recruiters, HP employees and the relevant manager.  Your personal data may be accessed by other relevant departments within Our Company such as Operations, Sales and Account management to the extent necessary to fulfil their respective tasks.

In some cases, your personal data may be transferred to a country that does not provide an adequate level of protection of personal data. However, Our Company has taken measures to ensure that your personal data is adequately protected as Binding Corporate Rules where applicable.

 Access to your personal data by third parties

The following third parties may have access to your personal data where relevant for the provisioning of their products or services to Our Company (for example, IT Suppliers).

When third parties are given access to your personal data, Our Company will take the required contractual, technical and organizational measures to ensure that your personal data are only processed to the extent that such processing is necessary. The third parties will only process your personal data in accordance with applicable law.

If personal data is transferred to a third party in a country that does not provide an adequate level of protection of personal data, we will take measures to ensure that your personal data is adequately protected, such as entering into EU Standard Contractual Clauses with these recipients.

In other cases, your personal data will not be supplied to third parties, except when required by law

b. ACCURACY AND COMPLETENESS OF PERSONNAL DATA

The User can at any time request MISTRAL to perform a correction, update or expansion (amendment) of user’s personal data stored via this Website by sending an e-mail to dpo@mistral.ba

Upon receipt of the request, the data will be corrected, updated or ammended within thirty days, and the user will be informed about such action on the e-mail address from which the request originated, under the condition that the user has provided MISTRAL with:

1. a) identification data on natural person requesting the update (in order for data subject to be found),
2. b) the types of data records provided to MISTRAL which the user desires to be updated;

If conditions above are not met (if MISTRAL cannot verify the identity of the person sending the request or the types of data that need to be updated) MISTRAL is not obliged to meet the request until proper information is provided.

MISTRAL is not responsible for independently (on its own) updating user personnal data, unless required by applicable local legislation (Labor Law, for example).

c. DELETING PERSONAL DATA (RIGHT-TO-BE-FORGOTTEN)

At any time, the User has the right to request the deletion of personal data by MISTRAL.

The user can do so by sending an e-mail to dpo@mistral.ba. Upon receipt of the request, the data will be deleted within thirty days, and the user will be informed about deletion of personal data on the e-mail address from which the request originated, under the condition that the user has provided MISTRAL with identification data on natural person requesting the deletion (in order for data subject to be found).

If condition above is not met (if MISTRAL cannot verify the identity of the person sending the request) MISTRAL is not obliged to meet the request until proper information is provided.

d. RIGHT TO RESTRICTION OF PROCESSING

The data subject shall have the right to request the restriction of processing from the Company, under the appropriate circumstances as noted in the relevant regulation.

e. RIGHT TO DATA PORTABILITY

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the company, in a structured, commonly used and machine-readable format without further restrictions.

f. RIGHT TO OBJECTION

If, despite all the protection measures taken, a user feels that they have grounds for complaint, please contact dpo@mistral.ba

g. RIGHT OF WITHDRAWAL

Once given, you may always withdraw your consent. Please keep in mind that withdrawal does not have a retrospective effect and the withdrawal of your consent is only possible in case you first have given your consent.

8. Changing privacy policy

Website Privacy Policy terms and conditions can be modified by MISTRAL at any time by publishing the revised text of the Website Privacy Policy at www.mistral.ba

Changing the privacy policy and the terms of use of your personal information will take effect immediately upon its publication on www.mistral.ba