Privacy Policy

1. Introduction

This Privacy Policy explains how Olinio (“we”, “us”, “our”, or “Olinio”) processes personal data of individuals who visit our website at https://olinio.com.cy, use our services, or interact with us in any capacity. This policy informs you about your privacy rights and how data protection law protects you.

This Privacy Policy applies to natural persons who are current or potential customers of Olinio, website visitors, newsletter subscribers, job candidates, or anyone who provides personal data to us through any means.

We comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and any applicable local data protection laws.

Effective Date: 16.09.2025
Last Updated: 16.09.2025

2. Who We Are

Olinio is a leading recruitment company specialising in comprehensive talent acquisition solutions for businesses. We provide recruitment services, talent acquisition strategy, executive search, and workforce planning services to help companies find and hire the best candidates for their organisations.

Contact Information:

• Company Name: Olinio
• Website: https://olinio.com.cy
• Email: [email protected]
• Data Protection Officer Email: [email protected]

For all privacy-related inquiries, including requests to exercise your legal rights, please contact our Data Protection Officer at [email protected].

3. The Types of Personal Data We Collect and Process

We may collect, use, store, and transfer the following categories of personal data:

3.1 Contact Information

• First and last names
• Business names and job titles
• Email addresses
• Phone numbers
• Postal addresses
• Company information

3.2 Technical and Usage Data

• IP addresses
• Browser type and version
• Device information
• Operating system
• Pages visited on our website
• Time and date of visits
• Referring websites
• Cookies and similar tracking technologies

3.3 Service-Related Information

• Information provided during recruitment consultations
• Job requirements and specifications
• Hiring needs and preferences
• Support ticket details
• Service preferences
• Communication history

3.4 Candidate Personal Data

• CV/Resume information
• Educational background
• Work experience
• Skills and qualifications
• References and recommendations
• Interview notes and assessments
• Salary expectations
• Availability and notice periods

3.5 Financial Information

• Payment details
• Billing addresses
• Transaction records
• Invoice information
• Fee structures and commission details

3.6 Marketing and Communication Data

• Marketing preferences
• Newsletter subscriptions
• Communication preferences
• Event attendance records
• Professional networking interactions

3.7 Special Categories of Data

In the course of recruitment services, we may process special categories of personal data, including:

• Health information (where relevant to job requirements)
• Information about criminal convictions (for background checks)
• Diversity and inclusion data (with explicit consent)

Such processing occurs only with explicit consent, legal requirement, or substantial public interest, and appropriate safeguards are implemented.

4. How, Why, and on What Legal Basis We Collect and Process Personal Data

4.1 How We Collect Data

Direct Collection:

• When you contact us through our website, email, or phone
• When you submit job applications or CVs
• When you request recruitment services
• When you subscribe to our newsletter
• When you engage our services
• When you attend our events or webinars
• During recruitment interviews and assessments

Automated Collection:

• Through website analytics and cookies
• During video interviews and assessments (with permission)
• Through applicant tracking systems

Third-Party Sources:

• Professional networking platforms (LinkedIn, etc.)
• Business partners and referrals
• Public business directories
• Professional references
• Background check providers

4.2 Why We Process Your Data

We process personal data for the following legitimate business purposes:

Recruitment Services:

• To provide recruitment and talent acquisition services
• To match candidates with suitable job opportunities
• To conduct interviews and assessments
• To manage client and candidate relationships
• To process background checks and references

Business Administration:

• To respond to inquiries and communications
• To manage contracts and agreements
• To conduct business analysis and improvement
• To maintain accurate business records
• To process payments and billing

Marketing and Communication:

• To send service updates and newsletters (with consent)
• To inform you about relevant job opportunities
• To conduct market research and surveys
• To maintain professional networks

Legal and Security:

• To comply with legal obligations
• To protect our business interests and rights
• To prevent fraud and ensure security
• To resolve disputes and enforce agreements

4.3 Legal Basis for Processing

We process your personal data under the following lawful bases:

Contract Performance: When processing is necessary for performing our contract with you or taking steps at your request before entering into a contract.

Legitimate Interests: For our legitimate business interests, including:

• Providing and improving our recruitment services
• Direct marketing to existing clients
• Network and information security
• Business development and administration
• Maintaining candidate databases for future opportunities

Legal Obligation: When we must process data to comply with legal requirements, including employment law and background check requirements.

Consent: For special categories of data, direct marketing to non-clients, diversity data, and certain cookies (where required).

Substantial Public Interest: For processing related to employment, social security, and social protection requirements.

5. Sharing and Disclosure of Personal Data

We may share your personal data with:

5.1 Service Providers

• Cloud hosting providers
• Payment processors
• Background check providers
• Assessment and testing platforms
• Professional advisors (lawyers, accountants)
• Email marketing and communication platforms

5.2 Business Partners

• Client companies seeking candidates
• Partner recruitment agencies
• Subcontractors providing services on our behalf
• Professional networks and associations

5.3 Candidates and Employers

• Sharing candidate profiles with prospective employers (with consent)
• Providing employer information to candidates
• Reference checks and verifications

5.4 Legal Requirements

• Regulatory authorities and government bodies
• Law enforcement agencies
• Courts and legal proceedings
• Immigration and work permit authorities

5.5 Business Transfers

In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the acquiring entity.

All third parties are contractually obligated to protect your data and use it only for specified purposes in accordance with our instructions and applicable data protection laws.

6. International Transfers of Personal Data

Some of our service providers and clients are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate data protection as determined by the European Commission
• Standard Contractual Clauses: Using EU-approved standard contractual clauses
• Certification Schemes: Ensuring providers have appropriate certifications
• Your Explicit Consent: When you have specifically agreed to the transfer

For more information about our international transfer safeguards, contact our Data Protection Officer.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

Client Service Data: For the duration of our business relationship, plus 7 years for financial records

Candidate Data: Up to 2 years for unsuccessful candidates (unless consent given for longer retention), up to 7 years for placed candidates

Website Data: Up to 2 years for analytics purposes

Marketing Data: Until you unsubscribe or withdraw consent

Legal Requirements: As required by applicable employment laws and regulations

We regularly review our data retention practices and securely delete or anonymise data when no longer needed.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and updates
• Employee training on data protection
• Secure candidate database management
• Incident response procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. However, we will notify the Cyprus Commissioner for Personal Data Protection and affected individuals within the timelines required by GDPR.

Cyprus Commissioner for Personal Data Protection: Website: https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument Address: Kypranoros 15, Nicosia 1061, Cyprus

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right of Access

Request a copy of the personal data we hold about you

9.2 Right to Rectification

Request correction of inaccurate or incomplete data

9.3 Right to Erasure (“Right to be Forgotten”)

Request deletion of your personal data in certain circumstances

9.4 Right to Restrict Processing

Request a limitation of processing in certain situations

9.5 Right to Data Portability

Request the transfer of your data to another organisation

9.6 Right to Object

Object to processing based on legitimate interests or for direct marketing

9.7 Rights Related to Automated Decision-Making

Rights regarding automated decision-making and profiling in recruitment processes

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond within one month of receiving your request.

10. Consent and Withdrawal

Where we rely on your consent for processing, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To withdraw consent for marketing communications, use the unsubscribe link in our emails or contact [email protected].

11. Cookies and Website Technologies

We use cookies and similar technologies to:

• Ensure website functionality
• Analyse website usage
• Remember your preferences
• Provide personalised content
• Track job application sources
• Improve candidate experience

You can control cookie settings through your browser preferences. For detailed information about our cookie usage, please see our Cookie Policy.

12. Children’s Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.

13. Marketing Communications

We may send you marketing communications if:

• You have consented to receive them
• You are an existing client, and the communications relate to similar services
• We have a legitimate interest in marketing to you
• You are a candidate and we have job opportunities that match your profile

You can opt out of marketing communications at any time by:

• Using unsubscribe links in emails
• Contacting [email protected]
• Updating your preferences in your account

14. Data Protection Officer

We have appointed a Data Protection Officer responsible for overseeing data protection compliance. Contact our DPO for:

• Privacy-related questions
• Exercising your rights
• Data protection complaints
• General data protection inquiries

DPO Contact: [email protected]

15. Complaints and Supervisory Authority

If you believe we have not handled your personal data properly, you can:

1. Contact our Data Protection Officer at [email protected]
2. Lodge a complaint with the Cyprus Commissioner for Personal Data Protection
3. Contact your local supervisory authority if you’re in another EU country

Cyprus Commissioner for Personal Data Protection: Website: https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument Address: Kypranoros 15, Nicosia 1061, Cyprus

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our business practices
• Legal or regulatory requirements
• Improvements in our data protection practices

We will notify you of significant changes through:

• Email notifications
• Website announcements
• Updated effective dates

17. Contact Information

For any questions about this Privacy Policy or our data practices:

Olinio
Email: [email protected]
Website: https://olinio.com.cy

Data Protection Officer
Email: [email protected]

This Privacy Policy was last updated on 16.09.2025 and is effective as of 16.09.2025.