Privacy Policy

Last updated: March 9, 2026

This Privacy Policy explains how personal data is collected, used, and protected through this application portal, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Belgian Data Protection Act of 30 July 2018.

1. Data Controller and Data Processor

The CEFTA Secretariat acts as the Data Controller for the processing of personal data within the context of this recruitment process.

Generations RPO SRL acts as Data Processor and processes personal data solely on behalf of and under the instructions of the CEFTA Secretariat.

Generations RPO SRL

BCE 1034.384.442

Chaussée de Waterloo 412/F, 1050 Ixelles, Belgium

For any privacy-related inquiries regarding this recruitment process, you may contact: [email protected]

2. Personal Data We Collect

When you submit an application through this portal, we collect the following categories of personal data:

Identity data: First name, surname, date of signature
Contact data: Email address, phone number, postal address
Professional data: Employment history, academic qualifications, language skills, years of experience
Application-specific data: Responses to competency and experience questions, motivation statement, availability
Technical data: IP address, submission timestamp, browser user agent

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

Recruitment and selection: To evaluate your application and assess your suitability for the advertised position. Legal basis: legitimate interest and pre-contractual measures (Art. 6(1)(b) GDPR).
Communication: To contact shortlisted candidates regarding the selection process. Legal basis: consent (Art. 6(1)(a) GDPR).
Legal compliance: To comply with applicable employment and anti-discrimination laws. Legal basis: legal obligation (Art. 6(1)(c) GDPR).

4. Data Retention

Personal data collected in the context of this recruitment process, including data relating to unsuccessful candidates, will be retained for as long as necessary in order to comply with retention obligations applicable to the CEFTA Secretariat under agreements with the European Commission. This involves that your data will be retained until 2034, after which it will be securely deleted unless longer retention is required by law.

You may request early deletion at any time by contacting us (see Section 6).

5. Data Sharing

Your personal data may be shared with:

The CEFTA Secretariat as Data Controller, for the purpose of evaluating your candidacy
Selection committee members involved in reviewing applications for this specific position
Technical service providers who host and maintain this application portal, bound by data processing agreements in accordance with GDPR Art. 28

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Data is processed within the European Economic Area (EEA). In the event that any processing takes place outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V (e.g., Standard Contractual Clauses or an adequacy decision).

6. Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15): Request a copy of the data we hold about you
Right to rectification (Art. 16): Request correction of inaccurate data
Right to erasure (Art. 17): Request deletion of your data (“right to be forgotten”)
Right to restriction (Art. 18): Request that we limit processing of your data
Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
Right to object (Art. 21): Object to processing based on legitimate interest
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Belgian Data Protection Authority:

Autorité de protection des données (APD)

Rue de la Presse 35, 1000 Brussels

www.autoriteprotectiondonnees.be

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Access to application data is restricted to authorised personnel involved in the selection process.

8. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on applicants. All application reviews involve human assessment.

9. Cookies

This portal uses only technically necessary session cookies to operate the application form. No tracking, analytics, or advertising cookies are used.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to applicants whose data is actively being processed. The date at the top of this page indicates when it was last revised.

← Back to application