ALMA CAREER ESTONIA OÜ
GENERAL TERMS AND CONDITIONS
1. GENERAL
1.1. These general terms and conditions of the contract for services (“General Terms and Conditions”) are part of the contract for services between the Client and Alma Career Estonia OÜ (“Contractor”) and govern the conclusion, performance and termination of the contract.
1.2. In addition to the General Terms and Conditions, the Parties shall comply with the special terms and conditions, if any, agreed in writing between the Client and the Contractor, the Contractor’s price list, if any, and the Contractor’s offers approved by the Client. In the event of a conflict between the general and special terms and conditions and the offers, the Parties shall first refer to the approved offer and then to the special terms and conditions.
1.3. The subject matter of the Contract is the provision by the Contractor to the Client of a recruitment service on the terms and conditions set out in the Contractor’s offer.
2. RIGHTS AND OBLIGATIONS OF CLIENT
2.1. The Client undertakes to comply with the laws of the Republic of Estonia and other legal acts, as well as the requirements arising from the General Data Protection Regulation, when filling in the profile description questionnaire and defining the selection criteria.
2.2. The Client shall be fully liable for the completeness, accuracy and correctness of the information provided to the Contractor. The Contractor shall not be liable for any defects in the service resulting from misleading, incomplete or incorrect information provided by the Client.
2.3. The Client undertakes to assess the candidates and to inform the Contractor of their decision on the candidates presented, including those with whom the Client wishes to proceed in the selection process, within 5 (five) business days of the submission of the CVs. If the Client is unable to provide feedback within the prescribed term, the Client shall notify the Contractor in writing within 3 (three) business days, indicating the deadline by which the feedback will be sent. The time limit for the Client’s feedback must not exceed the term of the contract for services as set out in the offer.
2.4. The Client shall communicate to the Contractor the suitable times for interviews with the final candidates within 3 (three) business days. If the Client is unable to communicate the suitable times for interviews within the time limit, the Client shall inform the Contractor thereof without delay in a format that can be reproduced in writing.
2.5. The Client undertakes to inform the Contractor without delay of the conclusion of an employment contract with a candidate.
2.6. The Client is aware that the Contractor cannot guarantee that candidates with the required qualities, as specified in the profile descriptions completed by the Client, will be found in the recruitment project. The aim of the service provided by the Contractor is to increase the likelihood of finding suitable candidates for the vacancy. For the sake of clarity, the Client agrees to pay the Contractor the start-up and submission fees or the pre-selection fee set out in the offer, even if no suitable candidate is found. The advance paid by the Client is non-refundable if a suitable candidate is not found.
2.7. The Client undertakes to comply with the conditions for data processing set out in Annex 1 and the good practice of recruitment services described in Annex 2 to the General Terms and Conditions.
2.8. The Client undertakes not to make any job offers to the Contractor’s employees during the term of this contract and for a period of six months after the end of this contract. If the Client makes a job offer to an employee of the Contractor and the latter takes up employment with the Client, the Contractor is entitled to claim from the Client a penalty equal to one year’s salary of the employee who received the job offer. The Contractor will calculate the one year’s salary of the employee who has been offered a job by the Client based on the employee’s salary for the 12 (twelve) months preceding the job offer. This clause does not apply if the Contractor’s employee themselves applies for a job with the Client.
2.9. In the event of late payment of the service fee, the Client agrees to pay to the Contractor interest on arrears at a rate of 0.05%.
3. RIGHTS AND OBLIGATIONS OF THE CONTRACTOR
3.1. The Contractor agrees to carry out the procedures specified in the offer in order to find suitable candidates for the post described by the Client. The Contractor does not guarantee that a suitable candidate will be found.
3.2. The Contractor will invoice the Client in accordance with the provisions of the offer within 1 (one) business day after signing the offer.
3.3. The Contractor shall enter an advertisement for the vacancy within 2 (two) business days after agreeing on the advertisement with the Client.
3.4. The Contractor agrees to assess the candidates solely on the basis of the criteria set out in the job profile questionnaire.
3.5. The Contractor agrees to guarantee the uninterrupted functionality of the website and the availability of the information posted thereon for 24 (twenty-four) hours a day. Short interruptions of no more than two hours will not be considered as an interruption of the website. If the Contractor foresees that the use of the website will be interrupted for more than one business day during the active period of the recruitment project, the Contractor shall immediately inform the Client thereof.
3.6. In the event that the Contractor is unable to carry out the service under the agreed conditions, the Contractor undertakes to inform the Client thereof without delay in a format that can be reproduced in writing.
3.7. In the event that the service includes a guarantee and the selected candidate proves to be unsuitable for the vacant post during the probationary period (the employment contract is terminated at the initiative of the Client or the employee, except on the basis of section 91 of the Employment Contracts Act), the Contractor undertakes to carry out a one-off one-month new service for the same vacant post free of charge. This clause will not apply to the candidate selected in a second search.
3.8. The Contractor undertakes to comply with the conditions for data processing set out in Annex 1 and the good practice of recruitment described in Annex 2 to the General Terms and Conditions.
3.9. The Contractor has the right to terminate the service if the Client fails to comply with the obligations laid down in the General Terms and Conditions, fails to comply with what has been agreed in the offer or is late in paying the fee.
4. MISCELLANEOUS
4.1. The Contractor has the right to modify these General Terms and Conditions at any time by notifying the Client in a format that can be reproduced in writing. The modifications will not affect the execution of offers agreed before the modification was communicated.
4.2. This contract is governed by Estonian law. Any disputes that the Parties fail to settle by negotiation will be referred to the Harju County Court as a court of first instance.
ANNEX 1 TO GENERAL TERMS AND CONDITIONS
DATA PROCESSING
1. BACKGROUND AND OBJECTIVE
1.1. The Client and the Contractor act as two independent controllers within the meaning of the GDPR in the performance of the contract. The Parties shall implement the requirements and obligations laid down in the GDPR and ensure the exercise of data subjects’ rights independently of each other.
1.2. If the Client gives the Contractor sufficiently detailed instructions on a specific document containing personal data or on an extract of personal data for the purposes of the performance of the contract, the Contractor shall become a processor and shall process the personal data in accordance with this Annex. For example, the Contractor is considered to be a processor if the Client instructs the Contractor to select from among the documents received from candidates those containing personal data (qualification certificates and diplomas, test results, driving licences, etc.).
1.3. This data processing agreement (Annex 1) complements the contract in cases where the Contractor is considered to be the processor, and Annex 1 defines the rights and obligations of the controller and the processor with regard to the processing of personal data in accordance with the GDPR.
1.4. In the course of the performance of the contract, the processor shall process the following personal data on behalf of the controller.
1.4.1. Categories of personal data: information published by registered and non-registered job-seekers and data available on the website www.cv.ee managed by the processor: first name and surname, personal identification number, address, e-mail address, telephone number, photograph, previous work experience and positions, certificates, awards, qualifications and other data published by the data subject on the website www.cv.ee;
1.4.2. Categories of data subjects: job-seekers registered and not registered on the website www.cv.ee managed by the processor;
1.4.3. Categories of processing: the legitimate interests of the Parties in the performance of their contractual obligations.
2. DEFINITIONS
2.1. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
2.2. Law means the legislation in force in the Republic of Estonia and the legislation in force adopted by the institutions of the European Union (including the General Data Protection Regulation) regulating the protection of personal data.
3. OBLIGATIONS OF PROCESSOR
3.1. The Parties agree in this Annex 1 that the processor shall:
3.1.1. take appropriate technical and organisational measures relating to data security and intrusion into systems, taking into account their novelty, the cost of their implementation and the nature, scope, context and purposes of the processing, as well as the likelihood and severity of the risk to the rights and freedoms of natural persons, and ensure a level of security commensurate with the potential risk, and ensure:
3.1.1.1. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the systems and services that process personal data;
3.1.1.2. the ability to restore in due course the availability of and access to personal data in the event of a physical or technical incident;
3.1.1.3. regular testing and evaluation of the effectiveness of the technical and organisational measures to ensure the security of data processing;
3.1.2. process personal data only on behalf of the controller, on the basis of the contract and the documented instructions given by the controller and in accordance with the Law and this Annex 1, to the extent set out in the contract or its annexes;
3.1.3. not disclose or communicate personal data to third countries or outside of the European Union and the European Economic Area, unless such disclosure and communication is in compliance with the prior written consent of the Controller or the Law;
3.1.4. ensure that persons, including employees, authorised to process personal data have accepted the obligation of confidentiality or are legally bound to maintain confidentiality;
3.1.5. put in place all security measures in accordance with the Law, including those set out in Article 32 of the GDPR;
3.1.6. assist the controller in complying with the relevant technical and organisational measures in exercising the rights of data subjects under the Law, including Chapter III of the GDPR;
3.1.7. assist the controller in fulfilling their obligations under the law, including Articles 32 to 36 of the GDPR;
3.1.8. delete all personal data and copies thereof at the end of the provision of services related to the processing of personal data, unless the obligation to retain the data or the right to further process the data arises from the Law applicable to the processor in the Republic of Estonia or the EU;
3.1.9. make available to the controller all the information necessary to demonstrate compliance with the obligations set out in this Annex and in the Law and to assist the controller or another auditor authorised by the controller in carrying out audits, including checks;
3.1.10. inform the controller immediately, but no later than within 24 hours, if the processor becomes aware of a personal data breach and subsequently provide the controller with the necessary information;
3.1.11. inform the controller immediately if, in the opinion of the processor, an instruction given by the controller or the auditor appointed by the controller, which is communicated pursuant to clause 3.1.9, is contrary to the Law;
3.1.12. inform the controller immediately if, in the opinion of the processor, an instruction given under clause 3.1.2 infringes any Law.
3.2. The processor may involve other processors (sub-processors) not mentioned in clause 3.3 of Annex 1, subject to the written consent of the controller. In such cases, the processor shall inform the controller of the identity of the sub-processors, providing their legal name, country of establishment and the scope of the service. After signing this Annex, the processor shall inform the controller of any changes relating to sub-processors. If the processor engages another sub-processor, the processor shall:
3.2.1. use only processors who implement appropriate technical and organisational measures to ensure compliance with legal requirements and to protect the rights of the data subject; and
3.2.2. oblige such a processor, by entering into a contract, to comply with the obligations agreed on in this Annex 1.
The processor acknowledges that the processor is liable for the acts and omissions of any sub-processor involved under this clause if the sub-processor breaches any Law.
3.3. The Parties agree that, at the time of signing the contract, the processor has engaged the following sub-processors:
3.3.1. Cloud/hosting service provider (the entire CV-Online website and database data are hosted on Telia servers): Telia Eesti AS, registry code 10234957; provides hosting services. The entire CV-Online website and all database data are hosted on Telia servers.
3.3.2. Software development partner: Proekspert AS, Sõpruse puiestee 157, 13417 Tallinn, Estonia.
3.3.3. E-mail service provider: Sendinblue SAS, 55 rue d’Amsterdam, 75008 Paris, France.
3.3.4. Automatic Talent System partner: Recruitee B.V., Keizersgracht 313 Amsterdam, Noord-Holland 1016EE Netherlands.
3.4. The processor is aware that, in accordance with Article 28(10) of the GDPR, a processor becomes a controller within the meaning of the Law if the processor goes beyond the limits of the authorisation set out in this Annex and the contract and processes personal data for third purposes.
4. RIGHTS AND OBLIGATIONS OF CONTROLLER
4.1. The controller processes personal data in accordance with the Law and good data processing practices. The controller may provide the processor with documented guidelines on the processing of personal data that are binding on the processor.
4.2. The controller defines the purposes, means and scope of the processing of personal data, ensures that the data are processed on lawful bases, including where the data are processed by a processor, and in accordance with the Law, and complies with the legal requirements of the data subject and other obligations of the controller laid down in the Law.
4.3. Taking into account the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and demonstrate that the processing of personal data is carried out in accordance with the Law and other data protection standards. These measures will be reviewed and updated as necessary.
4.4. Taking into account the latest scientific and technological developments, the cost of implementation and the nature, scope, context and purposes of the processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons posed by the processing, the controller, upon selecting the means of processing and during processing of personal data, shall implement appropriate technical and organisational measures (pseudonymisation, data minimisation, etc.) for ensuring the effective implementation of data protection principles and the integration of necessary safeguards into personal data processing so as to meet the requirements of the Law and protect the rights of data subjects.
4.5. The controller shall take appropriate technical and organisational measures to ensure that, by default, only as much personal data as is necessary for the purposes of each specific processing operation are processed. This obligation refers to the amount of personal data collected, the scope of processing, the retention period and the availability of the data. In particular, such measures ensure that personal data are not made available to third parties by default without the consent of the owner. The controller is responsible for obtaining the data subject’s consent in accordance with the requirements of the GDPR.
5. DEFINITION OF PERSONAL DATA TO BE PROCESSED
5.1. The processor is entitled to process personal data under the contract until the expiry of the contract for the purposes set out in the contract and its annexes and to the extent of these purposes. Unless the purposes of the processing are specified in the contract or its annexes, the processor may only use the personal data for the purposes of contacting the candidate and deciding whether to enter into pre-contractual negotiations with the controller.
5.2. The processor processes personal data for the purposes of providing the controller with the services specified in the contract and its annexes. If the processor processes the personal data of job-seekers for a purpose other than that set out in clause 5.1, the processor no longer does so on the basis of the contract and will therefore be the controller within the meaning of the Law for any other activities carried out by the processor during the recruitment process.
5.3. The processing operations carried out by the processor mainly concern categories of personal data that are not considered special categories under the GDPR. However, the Parties acknowledge that registered job-seekers may have included in their CVs special categories of personal data, such as data concerning immigration, race, ethnic origin, religious or political beliefs, physical or mental health, including information relating to disability, etc. In such cases, the Parties are aware that they will process special categories of personal data for the purposes of the contract and personal data that the data subject has intentionally made public (Article 9(2)(e) of the GDPR). The Parties undertake to comply with the obligation to inform data subjects as laid down in the GDPR.
6. NOTICES
6.1. Notice of a dispute, claim or controversy relating to an annex to the contract or the breach, termination or validity of an annex shall be deemed given if made in writing and delivered to the addressee by registered mail, courier or e-mail to the address set forth below or at such other address as the receiving Party may have specified in writing. The Parties may change their contact persons by notifying the other Party thereof in writing.
7. VALIDITY AND TERMINATION
7.1. Termination of the contract will not relieve the processor of the obligation to comply with the processor’s obligations under the Law. The processor undertakes to assist the controller in complying with their obligations under the Law after the termination of the contract.
ANNEX 2 TO THE GENERAL TERMS AND CONDITIONS
GOOD PRACTICE
GOOD PRACTICE DOCUMENT FOR RECRUITMENT AND SELECTION PROCESS
The team at Alma Career Estonia OÜ values, recognises and supports a professionally managed recruitment and selection process. Good recruitment practice is about principles that create a positive application experience for the candidate.
1. Employer background
Recruitment and selection is a two-way process in which both the employer and the candidate are actively involved. Candidates also usually do background research on the employer, seeking information about the company online, asking for feedback from acquaintances or directly from the employer.
• It is good practice to ensure that information is available. It is important for the candidate to have clear answers to the following questions:
What does the organisation do?
How well is the company doing?
Who works there?
What are the working values and principles of the organisation?
• Professionalism is also demonstrated by a carefully planned career page.
• It is important that the employer inform the recruitment company of the existence of any negative communication that can be easily found online. In this case, the recruitment partner (CV.ee) must be prepared to explain to the candidate where the information comes from, whether it is true and what has been done about it.
2. Job offer
To make the job offer understandable and attractive to the candidate, it is important to include a strong value proposition, expectations and clear guidance on how to move forward.
• It is also good practice to disclose the remuneration for the job, which makes the offer more attractive.
• It is good practice to include promotional material about the company in the form of text, images or video in the company profile on the job portal and to ensure that the job offer includes a contact person to answer any further questions.
• When recruiting for leadership roles, it is important to be able to explain where the company plans to go in the coming years, what the expectations are for the new person in terms of achieving their strategic goals and what opportunities there are for the person to grow and develop within the organisation.
3. Communication
• It is good practice to provide feedback to the candidates no later than five days after the closing date of the selection processes.
An employer’s reputation and attractiveness depends on personal experience, and if a candidate feels unappreciated, they are likely to share their experience with others, withdraw their application or decline the job offer.
• It is good practice to meet the deadlines you have set.
If the job offer states the closing date of the competition or the period within which the candidates will be contacted, this must be respected or any delay in the process must be communicated immediately.
• If there are unexpected schedule changes in the recruitment and selection process (e.g. going on holiday or sick leave), the recruitment partner (CV.ee) must be informed without delay, as the candidates are on hold in the selection process and need clarity as soon as possible.
• Transparency and integrity are important keywords in communication.
CV.ee recruiters have seen over the years that it is important to disclose salary in order to achieve the best recruitment results. This is particularly important in recruitment projects where a targeted search is carried out, i.e. candidates are personally invited to apply.
4. Feedback
• The average application process takes six to eight weeks, which means a long wait for the candidate. To keep the candidates interested in the recruitment and selection process, it is important to provide continuous feedback on even the smallest steps. This can be an automated message about the progress of the selection process or about when an update can be expected from the recruiter.
• It is good practice to give feedback to all candidates during the selection process. To facilitate this, it is important to carefully plan the timeline and the objectives of the steps in the selection process. The clearer the competences, skills, attitudes and values are defined, the easier it is to give feedback and explain to candidates why they were or were not selected.
• Ongoing feedback from the Client is also important for the recruitment partner (CV.ee) who is in direct contact with the candidates, both to manage the expectations of the candidates realistically and to avoid keeping the candidates on hold for an unreasonably long time.
5. Interview
• Interviewing a candidate is one of the most effective stages of the selection process. It is good practice to let candidates know the times of personal or group interviews well in advance, so that they can plan their time.
• It is also good practice to let candidates know the goals of each stage of the selection process and how they can prepare for it.
• It builds trust between the candidate and the recruiting company if the candidate is informed in advance of who will be interviewing them.
• If other people attend the interview in addition to the main recruiter, be sure to agree on the roles of the interviewers and the questions to be asked. Each stage of the selection process has a specific objective – to find out whether the person is suitable for the position.
• In the case of full selection, it is strongly recommended that a representative of the Client is present at the interviews. This gives the Client the opportunity to learn more about the candidates and the selection process and to discuss the selection with the recruiter.
6. Team introduction
The final stage of the application process is the introduction of the new employee to the team. This is an opportunity for the employer to deliver on the promises made to the candidate during the selection process.
• It is good practice to draw up a strategic plan for team introduction, with specific, meaningful actions for the next 30–60 days. It is common to draw up a management report for the successful candidate based on the personality test, which provides clear recommendations and guidance on how to manage and support the person on a day-to-day basis.
