This website uses cookies to ensure you get the best experience.

Bold.One and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, that is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content

CANDIDATES PRIVACY POLICY

Bold One UAB (company code: 307149124, registered address: Vilnius, Lvivo str. 21A, LT-09313) (Data Controller, we, us) hereby informs you in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), as well as the Law on the Protection of Personal Data.

Under this Candidates privacy policy (Privacy Policy), Bold One UAB acts as the data controller of your personal information.

For any inquiries related to the processing of personal data, please contact us using the details below:

Address: Gedimino ave. 20, Vilnius

Email: compliance@bold.one

For the purposes of this Privacy Policy, the term “Personal Data” (Personal Data) means any information or set of information that enables us to identify you, either directly or indirectly, including but not limited details such as your name, contact information, online identifiers, CV content, qualifications, employment history, or similar professional or location-related data and etc.

Personal Data receive and process

Data Controller may receive and process your Personal Data from these sources:

when you visit our career pages or branded recruitment websites;

when you submit a job or internship application directly or through third-party platforms;

when you communicate with us regarding employment opportunities;

when you are recommended to us or identified via professional publicity available profiles and networks (for example, LinkedIn, CVbankas);

recruitment or headhunting agencies;

official employment authorities or similar bodies.

otherwise take part in our hiring or candidate selection activities.

By providing your Personal Data to us, you are responsible for ensuring the information you provide is accurate and up to date.

What data we collect
We handle only the information required for legitimate recruitment-related activities. Examples include:

Purpose of processing of Personal Data

Personal Data processed

Legal basis for processing Personal Data

Personal Data recipients

assessing job or internship applications

contact details, CV information, education, employment history, application documents, and any information you voluntarily provide

steps taken before entering into a contract (Article 6 part 1 (b) of the GDPR)

recruitment platform providers such as Teamtailor (which may operate outside the EEA).

searching for potential candidates

publicly available professional details (e.g., LinkedIn profiles, career history, contact information).

legitimate interest in contacting suitable candidates (Article 6 part 1 (f) of the GDPR)

recruitment platform providers.

referral programs

candidate name, contact details, professional background, and referrer information

legitimate interest in evaluating recommended candidates (Article 6 part 1 (f) of the GDPR)

recruitment systems.

arranging interviews

name, contact details, availability, scheduling information, and technical details for remote meetings.

legitimate interest in administering recruitment processes (Article 6 part 1 (f) of the GDPR)

recruitment tools and meeting platforms (such as Google Workspace).

evaluating suitability

qualifications, references, interview notes, assessments, and relevant professional experience.

legitimate interest in selecting appropriate candidates and ensuring compliance (Article 6 part 1 (f) of the GDPR)

recruitment systems and, when relevant, referees or former employers.

storing candidate CV for future opportunities

CV details, contact information, experience, preferences, and recruitment-related records

consent to such processing (Article 6 part 1(a) of the GDPR).

recruitment system providers

preparing employment contracts

identity and contact information, job-related details, compensation data, and onboarding documents

actions necessary prior to concluding an employment agreement. (Article 6 part 1 (b) of the GDPR).

HR and employment administration systems

replying to candidate inquiries

name, contact details, message content, and internal notes

consent to such processing (Article 6 part 1(a) of the GDPR).

communication or customer-support platforms

Transfer of Personal Data outside the EEA

Your Personal Data may be transferred to countries outside the European Economic Area (EEA). We will only do this under strict conditions:

Data is shared exclusively with our reliable service providers who support the delivery of our services to you.

We enter into written agreements with these providers that impose obligations to protect your Personal Data in line with legal requirements (including, where applicable, Standard Contractual Clauses).

The transfer may occur only to countries that the European Commission has recognized as providing an adequate level of data protection.

In cases where no adequacy decision applies, we will only transfer your Personal Data abroad if you have expressly consented to such transfer.

Data retention

We keep Personal Data only for as long as necessary for recruitment purposes, legal compliance, or agreed storage in our talent pool. Once the relevant period ends, the data is securely deleted.

Typical retention periods:

sourced or referred candidates — 3 months;

direct applicants — 2 year;

Before deletion, candidates may be asked whether they wish their information to remain in the talent pool. If consent is given, storage may be extended for another specified period. If no response is received, the data is kept briefly and then permanently erased.
You may request deletion or withdraw consent at any time.

Use of Personal Data and principles that we follow

We collect and process only such Personal Data as is necessary to achieve the purposes for which it is obtained. Personal Data that is not relevant to our business activities is neither collected nor retained.

When processing your Personal Data, we ensure that:

all processing activities comply with applicable legal requirements, including GDPR;

Personal Data is processed in a lawful, fair, and transparent manner;

Personal Data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes, unless permitted by applicable law;

reasonable steps are taken to ensure that inaccurate or incomplete Personal Data is promptly corrected, supplemented, restricted, or erased, taking into account the purposes of processing;

Personal Data is retained in a form that allows identification of the data subject only for as long as necessary to fulfill the purposes of processing;

We normally avoid collecting special categories of data (such as health or religious information) unless legally required or necessary for a specific legitimate purpose, for instance workplace adjustments;

Personal Data is not disclosed to third parties or made publicly available, except in cases expressly set out in this Privacy Policy or required by applicable legislation;

appropriate technical and organizational measures are implemented to ensure an adequate level of Personal Data security, including protection against unauthorized or unlawful processing, as well as against accidental loss, destruction, or damage.

No automated decision-making producing legal or similarly significant effects is carried out.

As a data subject, you have the following rights in relation to your Personal Data:

The right to be informed about the processing of your Personal Data (right to be informed);

The right to access your Personal Data and to know how they are processed (right of access);

The right to request rectification of inaccurate Personal Data or completion of incomplete Personal Data, taking into account the purposes of the processing (right to rectification);

The right to request the erasure of your Personal Data or to request the cessation of processing of your Personal Data (other than storage) (right to erasure and the right to be forgotten);

The right to request restriction of the processing of your Personal Data in the presence of one of the lawful grounds (right to restriction);

The right to data portability (right to data portability). This right shall be exercised only if the conditions for its implementation exist and if appropriate technical measures are in place to ensure that transferring the requested Personal Data to another person does not create a risk of security breach;

The right to object to the processing of your Personal Data where we process the Personal Data on the basis of our or a third party’s legitimate interest, including profiling. If you object, we may continue processing your Personal Data only if we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

We may refuse to comply with the above rights, except for the right to object to the processing of Personal Data where the Personal Data are processed on the basis of your consent, where the applicable GDPR provisions allow us to refuse your request, or where, as provided by law, it is necessary to ensure prevention, investigation and detection of crimes, breaches of official or professional ethics, as well as the protection of the rights and freedoms of the data subject, ourselves and other persons.

Where your Personal Data are processed on the basis of consent, you may withdraw such consent at any time. We shall immediately, within a reasonable period of time, cease the processing of your Personal Data. Withdrawal of consent does not automatically require us to erase your Personal Data or to provide you with information about the Personal Data we process; therefore, if you wish us to perform such actions, you must make a separate request.

Any request or instruction related to the processing of Personal Data may be submitted to us in writing by one of the following means: delivered in person to the address: Gedimino ave. 20, Vilnius, or by e-mail to: compliance@bold.one. When submitting such a request, in order to better understand its content, we may ask you to complete the necessary forms and/or other information that will help us verify your identity.

Upon receipt of your request or instruction regarding the processing of Personal Data, we shall provide a response and perform the actions specified in the request no later than within 1 month from the date of receipt. If necessary, this period may be extended by an additional 2 months, taking into account the complexity and number of requests. In such case, we shall inform you about the extension within 1 month from the date of receipt of the request.

If your Personal Data are erased at your request, we will retain only those copies of information that are necessary to protect our and other persons’ legitimate interests, to comply with obligations imposed by state or local authorities and institutions, to resolve disputes, to detect disruptions, or to comply with any agreements you have concluded with us.

If you wish to submit a complaint regarding our processing of your Personal Data, please send it to us in writing, providing as much detail as possible. You may use the contact information provided at the end of this Privacy Policy. We will cooperate with you and aim to address your concerns promptly.

If you believe that your rights under the GDPR have been violated, you have the right to file a complaint with the supervisory authority, the State Data Protection Inspectorate. We encourage you to contact us first so that we can attempt to resolve any issues quickly and amicably.

Final provisions

We reserve the right to modify this Privacy Policy unilaterally. We may notify you of any changes via email or other customary communication channels. Any amendments or updates will become effective from the date specified in the revised Privacy Policy, unless a different effective date is explicitly stated.

If you continue to use the Web after the Privacy Policy has been updated, you will be deemed to have accepted the revised terms.

Any disputes arising from the interpretation or implementation of this Privacy Policy shall first be attempted to be resolved through negotiations. If no agreement can be reached, disputes shall be settled in accordance with the laws of the Republic of Lithuania.

Already working at Bold.One?

Let’s recruit together and find your next colleague.

@bold.one
Career site by Teamtailor