Angola Privacy Policy

Privacy Policy

Recruitment and Selection

1. SCOPE

1 - This Privacy Policy (the "Policy") aims to comply with the right to information regarding the processing of personal data, whenever you interact with us or send us your CV and related personal information through this platform.

2 - With this Policy, we also intend to inform you about how we ensure your privacy and protect your personal data.

3 - This duty of ours therefore constitutes a daily priority in conducting our business, and we comply with and enforce all laws relating to the protection of personal data.

4 - For us to start, continue and conclude a recruitment and selection process, we need to process your personal data. This Policy is intended to provide the legally required information.

5 - If you have any questions about this Policy, please contact us using the contact details set out in point 14.

2. GENERAL PRINCIPLES

1 - As part of your relationship with us, we comply with certain guiding principles whenever you access our recruitment platform and provide personal data or interact in ways that allow us to collect such data, including through forms and cookies.

2 - This Policy is based on the following core principles, which we consider essential in our operations:

(i) Only duly authorised persons process personal data, and only the data that are strictly necessary for specific and legitimate purposes;

(ii) Secure personal data processing is a constant priority, which we review regularly in light of technological developments and supported by ongoing investment;

(iii) We know that personal data belong to the data subjects and are processed in accordance with the legislation in force, thus respecting and guaranteeing your rights;

(iv) We internally promote and disseminate good practices related to privacy, data protection and information security, which we review regularly as we believe that our improvement process is continuous, recognising that it is always possible to do more and better.

3. DEFINITIONS AND INFORMATION FOR DATA SUBJECTS

1 - We adopt the following definitions within the scope and for the purposes of our policy, without prejudice to others applicable:

(i) Personal Data - personal data are any information relating to an identified or identifiable natural person. An identifiable natural person is considered to be one who can be identified, directly or indirectly, in particular by reference to an identification number or the combination of elements specific to their physical, physiological, mental, economic, cultural or social identity.

(ii) Processing - an operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means or otherwise, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, blocking or destruction.

(iii) Consent of the data subject - means any freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to them. The collection or processing of your data without proper consent may constitute a breach of the applicable legislation, subject to the legal consequences set out therein.

(iv) Data Controller - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing;

(v) Processor - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing.

4. WHO IS THE DATA CONTROLLER

Nors Group, S.A. and its subsidiaries are the entities that determine the purposes and means of personal data processing. Each of these entities is considered a data controller. Their contact details can be found at www.nors.com

5. WHAT PERSONAL DATA DO WE PROCESS DURING RECRUITMENT AND SELECTION?

1 - Nors Group, S.A. and its subsidiaries process the following categories and types of personal data:

(i) Identification data: Such as name, nationality, identification document number, date of birth, TIN and social security number;

(ii) Contact details: Such as address, telephone/mobile number and email address;

(iii) Personal status data (if applicable): residence permit number/work permit and data on the migration process;

(iv) Professional data: Data related to professional experience, data contained in the CV, including job history, academic training, professional and academic certificates, professional references and letters of recommendation;

(v) Geographic data

(vi) Assessment data: Data resulting results from evaluations conducted by processors, including language tests, leadership assessments, reasoning tests, or simulations conducted internally by Nors' teams;

(vii) Other data: we shall also process, where necessary and applicable, licence data and driving licence data.

2 - Only if legally permitted and relevant to the job role, we may also process data relating to criminal convictions and offences (e.g. a copy of a criminal record certificate).

3. If personal data are sent by means other than the recruitment platform, such as email, mail or personal delivery, they will be entered into the platform by persons authorised to process them, and the original media will be safely discarded.

6. PURPOSES OF PERSONAL DATA PROCESSING

In the context of recruitment and selection, Nors Group, S.A. and its subsidiaries process personal data for the following purposes:

(i) Recruitment and selection for published opportunities;

(ii) Processing of spontaneous applications sent to us;

(iii) Processing of applications for internships and professional training;

(iv) Sending informative communications about career opportunities.

7. HOW LONG DO WE STORE PERSONAL DATA?

1 - Personal data is processed in strict compliance with applicable legislation and stored in specific databases created for this purpose.

2 - The period for which personal data are stored varies according to the purpose for which the personal information is processed. Thus:

(i) We keep records of the recruitment and selection processes for a period of 5 (five) years, after which we safely delete them.

(ii) We keep personal data concerning spontaneous applications for 1 (one) year, after which we safely delete them.

(iii) After the purpose is fulfilled, personal information will be deleted. In the case of open vacancies, we ask for your consent and store your personal information for a period of 1 (one) year so that, if you are not selected for the role you applied for, we can consider you for a future vacancy. We guarantee your right to object at any time.

8. LEGAL BASIS FOR PROCESSING

1 - We process personal data within the recruitment and selection process in strict compliance with the principles of lawfulness and good faith.

2 - Depending on the circumstances, the processing of personal data may be carried out on the following legal grounds:

(i) Pre-contractual steps at the data subject's request, when applying for an open position;

(ii) Our legitimate interests, when we process your personal information as part of a spontaneous application for a potential future vacancy;

(iii) Your consent, where applicable; and

(iv) Compliance with legal obligations to which the Controller is subject, where applicable.

9. DATA SHARING WITH PROCESSORS

1 - To achieve the purposes mentioned in the previous paragraphs, Nors Group S.A. and its subsidiaries may share personal data, in certain recruitment and selection processes, with processors contracted for these identified purposes, such as consulting, professional training, building or access control administrators, companies that maintain information systems and IT platforms, as well as companies that carry out psychometric tests, language tests, leadership assessments and reasoning tests, as provided for in the contracts signed with such entities.

2 - If we use Processors to process personal data on our behalf, which implies access by these entities to such data, we shall take appropriate measures, contractually stipulated, to ensure that these Processors provide sufficient and appropriate guarantees for the implementation of technical and organisational measures and that they will act only in accordance with our documented instructions, that they will process the data only for the intended purposes and that they will delete or return them after the provision of the service, among other legal obligations.

3 - Nors Group S.A. and its subsidiaries undertake to adopt appropriate technical and organisational measures to ensure the security of personal data processing, ensuring the confidentiality, integrity and availability of such data, as required by the applicable legislation concerning personal data protection.

10. INTERNATIONAL TRANSFERS

If the processing of personal data involves international data transfer, we shall strictly comply with the applicable legal provisions.

11. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

1 - We guarantee, through internal organisational measures that we implement and periodically review, the exercise of your rights as a data subject, within the legal deadlines and in compliance with our legal obligations.

2- Your rights as the data subject:

(i) Right of access - you have the right to ask us, in particular, for information about whether your personal data are being processed, what personal data we process and for what purposes and the recipients or categories of recipients to whom the data are communicated. If you wish, you may ask us to provide a copy of the personal data under processing. The provision of additional copies may be subject to the payment of a reasonable fee to cover administrative costs. If the request is electronic, and unless you request otherwise, we shall provide the information in a common electronic format;

(ii) Right to rectification - you are entitled, without undue delay, to have us rectify any inaccurate personal data concerning you, update any outdated information, and to complete any incomplete data, without prejudice to being able to make any changes you wish to your profile;

(iii) Right to erasure - in certain circumstances, you may request that your personal data be erased from our records, without undue delay, whenever any of the legally established reasons arise, without prejudice to being able to delete your profile directly on the platform;

(iv) Right to object - you have the right to object, for compelling and legitimate reasons relating to your particular situation, to the processing of your personal information. Please note that the processing of your personal data is essential for the purposes of the recruitment and selection process and the subsequent conclusion of the employment contract. If you object to the processing of your personal data, we shall cease processing, but this will prevent the continuation of the recruitment and selection process;

(v) Right to lodge a complaint with a supervisory authority responsible for monitoring and promoting compliance with the rules on the processing of personal data and for ensuring the protection of the fundamental rights of data subjects;

(viii) Right to claim compensation and liability - if you have suffered pecuniary or non-pecuniary damage due to the misuse of personal data, you have the right to claim compensation for the damage suffered;

(ix) Right not to be subject to automated decision-making - you have the right not to be subject to any decision taken exclusively on the basis of automated data processing, including profiling, which affects your legal situation or which significantly affects you in a similar way;

3 - To exercise any of these rights, please refer to section 14 of this Privacy Policy.

4 - After sending us an email or other means where you express your wish to exercise one or more of the rights indicated, we will act accordingly and within 30 (thirty) days you will receive a duly substantiated communication from us.

5 - The period referred to in the preceding paragraph may be extended to 60 (sixty) days, due to the high number or complexity of requests.

12. WHAT SECURITY MEASURES HAVE WE IMPLEMENTED CONCERNING YOUR PERSONAL DATA?

1- We have adopted appropriate technical and organisational measures to ensure a level of security appropriate to the risks, which are reviewed and improved regularly, designed to ensure the security and protection of personal data in terms of its availability, authenticity, integrity and confidentiality, as well as to prevent its loss, misuse, alteration, processing or unauthorised access, and any other form of unlawful processing.

2 - Our commitment to the security of personal data is ongoing. This commitment involves a set of measures aimed at safeguarding and mitigating the risk of data breaches, depending on the risk, context and purposes, among which the following are particularly noteworthy:

(i) Pseudonymisation and encryption of personal data;

(ii) The ability to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services;

(iii) The ability to promptly restore availability of and access to personal data in the event of physical or technical incidents;

(iv) A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures to ensure security of processing.

3 - The level of security we have implemented takes into account the risks presented by the processing, considering in particular the risks of destruction, loss, accidental or unlawful alteration, disclosure or unauthorised access of personal data transferred, stored or subject to any other type of processing;

13. DATA PROTECTION OFFICER

1 - Nors Group S.A. and its subsidiaries have appointed a Data Protection Officer (DPO), who is responsible for monitoring and ensuring compliance with internal policies and applicable legal rules on the protection of personal data.

2 - If you have any doubts or questions about how we collect and process personal data, please contact us at dpo@nors.com.

14. PERSONAL DATA OF CHILDREN

We do not collect personal data on children from our recruitment platform, except for minor candidates (between 14 and 17 years old) who have been authorised by their legal representatives to work or, in their absence, by the Job Centre or a reputable institution.

15. LINKS TO OTHER WEBSITES

1 - Our recruitment platform may contain links to other websites.

2 - Nors Group, S.A. and its subsidiaries are not responsible for the content or privacy policies of those external sites, including any websites they link to or refer to.

3 - In order to be properly informed, we recommend that you read the privacy policies of any other website linked to our recruitment platform.

16. WHAT WILL WE DO IF A PERSONAL DATA BREACH OCCURS?

1 - If a personal data breach occurs, i.e. a security breach which accidentally or unlawfully causes the destruction, loss, alteration, unavailability, unauthorised disclosure or access to personal data transferred, stored or subject to any other type of processing, we shall comply with the provisions of the data protection legislation in force and provide appropriate information.

2 - If the personal data breach is likely to entail a significant risk to your rights and freedoms, we shall inform you in clear and plain language and without undue delay that the personal data breach occurred, and provide the relevant legally required information, including:

(i) a description of the nature of the personal data breach, including the type of data breached;

(ii) a description of the likely consequences of the personal data breach; and

(iii) a description of the measures taken or proposed by the Controller to remedy the personal data breach, including, where appropriate, measures to mitigate any negative effects.

3 - If we are unable to provide all this information at once, we shall provide it to you in stages, without undue delay.

17. USE OF COOKIES

1 - Our recruitment platform uses cookies, also known as connection logs.

2 - To learn more about cookies, in particular which cookies we use on our recruitment platform, their function, duration and whether they are accessible by third parties, among other relevant information, including how you can manage them in your internet browser, please consult our Cookies Policy.

18. EMPLOYEE TRAINING

1 - We believe that the human factor is essential for effective compliance with the rules on personal data protection.

2 - For this reason, we provide initial and follow-up training to all our employees, ensuring that everyone across the group is aware of the applicable rules and best practices for protecting the personal information you provide to us.

19. REVIEW OF OUR PRIVACY POLICY

We reserve our right to amend the content of this Privacy Policy without prior notice, and any amendments made shall form an integral part thereof.

20. VERSIONS OF OUR POLICY

Version 1 | September 2021

Version 2 | July 2025

Provider	Description	Enabled
_ga	Cookie set by Google Analytics. This cookie is used to distinguish unique users for statistical analysis.
_gat	Cookie set by Google Analytics. This cookie is used to limit the request rate, helping to improve the performance of the site.