Privacy Policy

Recruitment and Selection

1. SCOPE

1 - This Privacy Policy (the "Policy") aims to comply with the right to information regarding the processing of personal data, whenever you interact with us in the context of recruitment and selection processes or send us your CV and related personal information through this platform.

2 - With this Policy, we also intend to inform you about how we ensure your privacy and protect your personal data.

3 - This duty of ours therefore constitutes a daily priority in conducting our business, and we comply with and apply the principles and legislation relating to the protection of personal data.

4 - For us to start, continue and conclude a recruitment and selection process, we need to process your personal data. This Policy is intended to provide information regarding this processing.

5 - If you have any questions about this Policy, please contact us using the contact details set out in point 4.
2. GENERAL PRINCIPLES

1 - As part of your relationship with us, we comply with certain guiding principles whenever you access our recruitment platform and provide personal data or interact in ways that allow us to collect such data, including through forms.

2 - This Policy is based on the following core principles, which we consider essential in our operations:

(i) Only duly authorised persons process personal data, and only the data that are strictly necessary for specific and legitimate purposes;

(ii) Secure personal data processing is a constant priority, which we review regularly in light of technological developments and supported by ongoing investment;

(iii) We know that personal data belong to the data subjects and are processed in accordance with the legal principles and standards in force, thus respecting and guaranteeing your rights;

(iv) We internally promote and disseminate good practices related to privacy, data protection and information security, which we review regularly as we believe that our improvement process is continuous, recognising that it is always possible to do more and better.
3. DEFINITIONS AND INFORMATION FOR DATA SUBJECTS

1 - We adopt the following definitions within the scope and for the purposes of our policy, without prejudice to others applicable:

(i) Personal Data - personal data are any information of any nature, regardless of its medium, including sound and images, relating to an identified or identifiable natural person, the data subject. An identifiable natural person is considered to be one who can be identified, directly or indirectly, in particular by reference to an identification number or the combination of elements specific to their physical, physiological, mental, economic, cultural or social identity;

(ii) Data Processing (or Processing) - any operation performed on personal data, whether or not by automated means, such as collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, amendment, communication, transfer, dissemination or extraction.

(iii) Consent - of the data subject means a freely given, specific, informed and unambiguous statement of will by which the data subject, in a statement or clear affirmative action, agrees to the processing of personal data relating to them;

(iv) Data Controller or Controller - the natural or legal person, governed by public or private law, which is responsible for decisions relating to the processing of personal data;

(v) Processor or Operator - a natural or legal person, governed by public or private law, which processes the personal data on behalf of the data controller or controller.
4. WHO IS THE DATA CONTROLLER / CONTROLLER

Nors Group, S.A. and Nors Moçambique, S.A. (hereinafter jointly referred to as "Nors") are the parties that determine the purposes and means of personal data processing. They are responsible for the decisions relating to such processing and are therefore considered to be the "data controller" or "controller".

The contact details of the controllers are:

  • Nors Group, S.A. (registered office) Rua Manuel Pinto de Azevedo, 711, 1°, 4100 Porto (telephone number) (+351) 226150320
  • Nors Moçambique, S.A. (registered office) Avenida da Namaacha, N4, Km 1.5 no. 8274 1740 Maputo (telephone number) (+258) 843128363

Contact details can also be found at: Contacts.
5. WHAT PERSONAL DATA DO WE PROCESS DURING RECRUITMENT AND SELECTION?

1 - Nors processes the following categories and types of personal data:

 (i) Identification data: Such as name, nationality, identification document, date of birth, TIN and social security number;

(ii) Contact details: Such as address, telephone/mobile number and email address;

(iii) Personal situation data (if applicable): Residence permit/work visa and data relating to the immigration process;

(iv) Professional data: Data related to professional experience, data contained in the CV, including job history, academic training, professional and academic certificates, professional references and letters of recommendation;

(v) Evaluation data: Data resulting results from evaluations conducted during recruitment and selections processes conducted by processors, including language tests, leadership assessments, reasoning tests, or simulations conducted internally by Nors' teams;

(vi) We shall also process, where necessary and applicable, licence data and driving licence data.

2 - Only if legally permitted and relevant to the job role, we may also process data relating to criminal convictions and offences (e.g. a copy of a criminal background check).

3 - If personal data are sent by means other than the recruitment platform, such as email, mail or personal delivery, they will be entered into the platform by persons authorised to process them, and the original media will be safely discarded.
6. PURPOSES OF PERSONAL DATA PROCESSING

As part of recruitment and selection, Nors processes personal data for the following purposes:

(i) Recruitment and selection for published opportunities;

(ii) Processing of spontaneous applications sent to us;

(iii) Processing of applications for internships and professional training;

(iv) Sending informative communications about career opportunities.
7. HOW LONG DO WE STORE PERSONAL DATA?

1 - Personal data is processed in strict compliance with applicable legislation and stored in specific databases created for this purpose.

2 - The period for which personal data are stored varies according to the purpose for which the personal information is processed. Thus:

(i) We keep records of recruitment and selection processes for a period of 5 (five) years, after which we safely delete them.

(ii) We keep personal data concerning spontaneous applications for 1 (one) year, after which we safely delete them.

(iii) After the purpose is fulfilled, personal information will be deleted. In the case of open vacancies, we ask for your consent and store your personal information for a period of 1 (one) year so that, if you are not selected for the role you applied for, we can consider you for a future vacancy. We guarantee your right to withdraw consent at any time.
8. LEGAL BASES FOR PROCESSING

1 - We process personal data within the recruitment and selection process in strict compliance with the principle of lawfulness.

2 - Depending on the circumstances, the processing of personal data may be carried out on the following legal grounds:

(i) Pre-contractual steps at the data subject's request, when applying for an open position;

(ii) Our legitimate interests, when we process your personal information as part of a spontaneous application for a potential future vacancy;

(iii) Your consent, where applicable; and

(iv) Compliance with legal obligations, where applicable.
9. DATA SHARING WITH PROCESSORS

1 - To achieve the purposes mentioned in the previous paragraphs, Nors may share personal data, in certain recruitment and selection processes, with processors contracted for these identified purposes (processors or operators), such as consulting, professional training, building or access control administrators, companies that maintain information systems and IT platforms, as well as companies that carry out psychometric tests, language tests, leadership assessments and reasoning tests, as provided for in the contracts signed with such entities.

2 - If we use processors or operators to process personal data on our behalf, which implies access by these entities to such data, we take appropriate measures, contractually stipulated, to ensure that these operators provide sufficient and appropriate guarantees for the implementation of technical and organisational measures and that they will act only in accordance with our documented instructions, that they will process the data only for the intended purposes and that they will delete or return them after the provision of the service, and comply with other legal obligations.

3 - Nors undertakes to adopt appropriate technical and organisational measures to ensure the security of personal data processing, ensuring the confidentiality, integrity and availability of such data.
10. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

1 - We guarantee, through internal organisational measures that we implement and periodically review, the exercise of your rights as a data subject.

 2- Your rights as the data subject:

(i) Right of Access - you have the right to request from us, among other things, information regarding whether or not personal data concerning you are processed, what personal data we process, for what purposes and the recipients or categories of recipients to whom they are communicated. The right of access also includes communication to the data subject of the specific data subject to processing, as well as any available information on the origin of such data;

(ii) Right to Rectification, Update and Deletion - you have the right to rectify, update or delete personal data that are incomplete, inaccurate, out of date or used in a way that is incompatible with the stated purpose, which concern you, without prejudice to being able to make any changes you wish to your profile or delete your profile directly on the platform;

(iii) Right to object - you have the right to object, when there are compelling and legitimate reasons relating to your particular situation, to the processing of your personal information. Please note that the processing of your personal data is essential for the purposes of the recruitment and selection process and the subsequent conclusion of the employment contract. If you object to the processing of your personal data, we shall cease processing, but this will prevent the continuation of the recruitment and selection process;

(iv) Right to withdraw the consent provided. It should be noted that, if you withdraw your consent, the lawfulness of the processing carried out prior to such withdrawal, based on the consent given beforehand, is not compromised.

3 - To exercise these rights, please consult point 4 of this Privacy Policy.
11. WHAT SECURITY MEASURES HAVE WE IMPLEMENTED CONCERNING YOUR PERSONAL DATA?

1 - We have adopted appropriate technical and organisational measures to ensure a level of security appropriate to the risks, which are reviewed and improved regularly, designed to ensure the security and protection of personal data in terms of its availability, authenticity, integrity and confidentiality, as well as to prevent its loss, misuse, alteration, processing or unauthorised access, and any other form of unlawful processing.

2 - Our commitment to the security of personal data is ongoing. This commitment involves a set of measures aimed at safeguarding and mitigating the risk of data breaches, depending on the risk, context and purposes, among which the following are particularly noteworthy:

(i) Pseudonymisation and encryption of personal data;

(ii) The ability to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services;

(iii) The ability to promptly restore availability of and access to personal data in the event of physical or technical incidents;

(iv) A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures to ensure security of processing.

3 - The level of security we have implemented takes into account the risks presented by the processing, considering in particular the risks of destruction, loss, accidental or unlawful alteration, disclosure or unauthorised access of personal data transferred, stored or subject to any other type of processing;
12. PERSONAL DATA OF CHILDREN

We do not collect personal data concerning children from our recruitment platform.
13. LINKS TO OTHER WEBSITES

1 - Our recruitment platform may contain links to other websites.

2 - Nors is not responsible for the content or privacy policies of those external sites, including any websites they link to or refer to.

3 - In order to be properly informed, we recommend that you read the privacy policies of any other website linked to our recruitment platform.
14. USE OF COOKIES

1 - Our recruitment platform uses cookies, also known as connection logs.

2 - To learn more about cookies, in particular which cookies we use on our recruitment platform, their function, duration and whether they are accessible by third parties, among other relevant information, including how you can manage them in your internet browser, please consult our Cookies Policy.
15. EMPLOYEE TRAINING

1 - We believe that the human factor is essential for effective compliance with the rules on personal data protection.

2 - For this reason, we provide initial and follow-up training to all our employees, ensuring that everyone across the group is aware of the applicable rules and best practices for protecting the personal information you provide to us.
16. CONTACT

1 - Nors monitors and ensures the necessary compliance with the internal policies and legal rules applicable to personal data protection.

2 - If you have any doubts or questions about how we collect and process personal data, please contact Nors at dpo@nors.com.
17. REVIEW OF OUR PRIVACY POLICY

We reserve our right to amend the content of this Privacy Policy without prior notice, and any amendments made shall form an integral part thereof.
18. VERSIONS OF OUR POLICY

Version 1    |     September 2021

Version 2    |     June 2025