Privacy Notice

This Privacy Notice provides a framework for understanding the personal data collected by the Agency MANPOWER d.o.o. Sarajevo (hereinafter referred to as the: Data Controller), as required by the Law on Personal Data Protection in Bosnia and Herzegovina (“The Official Gazette of Bosnia and Herzegovina” number 49/2006, 76/2011 and 89/2011) (hereinafter referred to as the: Law), including the provisions of the EU General Data Protection Regulation (GDPR) in the area of its application.

Data Controller

Data Controller is the Agency MANPOWER d.o.o. Sarajevo, with a legal address in Sarajevo, 1 Fra Anđela Zvizdovića Street. Collected personal data shall be controlled and processed by the Data Controller.


This Privacy Notice applies to: (1) our job candidates and the recipients of our services (2) our associates, i.e. the persons that we engage or appoint to perform a task for some of our clients, or the persons to whom we provide the services of finding a new employment after they have been made redundant, or the services of finding a new employment, (3) the web location and application users at www.manpowergroup.ba, and (4) the representatives of our business partners, clients and suppliers.

The Privacy Notice describes the types of personal data or personal information that we collect, the way we use the information, how we process it and for which purpose, the way we protect the collected information, how long do we store it, whom we share it with, that is, to whom we pass it, to whom we transfer it and the rights that individuals may exercise in relation to the use of their personal data, such as the right to revoke the processing consent, legal consequences of revoking the consent, rights in the case of unauthorised processing, other rights. Also, we describe how you can contact us regarding our privacy protection actions, and how to exercise your rights. Our practices related to the privacy may differ from country to country of doing business, in order to reflect the local practices and legal requirements, and you can check the specific local conditions by visiting the local web pages.

Privacy Notice

Data that we collect and the collection method

We can collect your personal data in different ways, for example via our Websites that you visit and register to, as well as via social media channels; at our events; via phone; via job applications; in relation to recruitment; or in relation to our interactions with the clients and suppliers:

Besides, in case that you are an employment candidate, or you are applying for a position or creating an account in order to apply for a position, we may collect and process the following personal data types:

and if required by law, with your written consent regarding the:

Besides, we may collect the information that you provide to us about other persons, such as the information regarding the emergency contact persons.

Method and purpose of using the collected data

The Controller collects and uses the data collected for the following purposes (according to the Law):

Processing the above-mentioned data shall be conducted pursuant to the provisions of positive Law and grounds that can encompass a number of categories, as follows:

Besides the above mentioned activities, if you are a job candidate and applying for a position, or you are creating an account in order to apply for a position, as permitted by the provisions of the positive Law, we use the information described in this privacy notice, by processing it without your consent for the following purposes:

Also, we can use the information in other purposes, for which we provide a concrete notice, on the day or before the collection time.

Legitimate interest

The Data Controller may process personal data for certain legitimate business purposes, which include some of the following:

Whenever we process data for these purposes, we shall make sure that your rights are protected at high level and to take these rights into account. You have the right to oppose to such processing, to withdraw the consent for processing or subsequent data processing, and if you would like to do so please contact a person specified bellow. Also, bear in mind that if you exercise some of the previously mentioned rights, it may affect our ability to perform and provide services for your benefit, that you previously had given a written consent to, or allowed us to process data without the approval, pursuant to provisions of the positive Law.

How we process and protect personal data

We process the collected personal data also with automated devices, for the purposes mentioned above in the text, and during a specified period, which is in accordance with our internal policy of storing, in order to secure that the personal data is being kept no longer than necessary.

We apply the administrative, technical and physical protective measures, designed to protect the personal data that you provide, from an accidental, illegal or unauthorised destruction, loss, modification, access, disclosure or use. In order to provide an adequate security and confidentiality of personal data, we have applied the following safety measures:

How long we store the collected data

In our systems we store the collected personal data, in a way which enables the identification of data subject, no longer than necessary in terms of purpose which data is collected for, or is being further processed. Deadline for storing data is 10 years as of the date we stored them in our database.

This specific time period is defined taking into account the following:

Information that we transfer

We do not disclose the personal data collected about you, except as described in this Privacy Notice or in the specific notices provided regarding the certain activities. We may transfer your personal data to the suppliers who perform services on our behalf, based on our guidelines. We do not authorise these sellers to use or disclose the information, unless if necessary for providing services on our behalf or according to the legal requirements. We might also transfer your personal data (i) to our affiliates and subsidiaries; (ii) if you are a job applicant, to the clients who might offer an employment possibility, or are interested in establishing and employment relationship with a job candidate; and (iii) to the others that we cooperate with, such as the recruitment consultants and subcontractors, with the sole aim of finding a job for you.

Besides, we may disclose your personal data (i) if that is necessary pursuant to the law or legal proceeding; (ii) to the law enforcement authorities or other public officials based on a lawful request for disclosure; and (iii) when we consider that a disclosure is necessary or appropriate for the prevention of physical damage or financial loss, or has to do with an investigation of suspicious or actual fraudulent or unlawful activity. Also, we reserve the right to transfer your personal data in our possession in case that we are selling or transferring our entire business or property, or part thereof (as well as in case of restructuring, dissolution or liquidation) if permitted by law.

Data transfer

We may also transfer the personal data that we collect about you to the countries outside the country where the information was originally collected. Those countries cannot have the same personal data protection laws as the country where you have originally provided your personal data. When we transfer your data to the other countries, we shall protect such data as described in this Privacy Notice, and such transfers shall be in accordance with the positive law.

Countries where we can transfer the personal data collected about you may be:

When we transfer personal data from the European Union to the countries or international organisations located outside the European Union, such transfer is conducted based on the following:

With a prior notice from local state authority for personal data protection.

Your rights as a data subject

a) The right to be informed about a data collection: A person is entitled to be informed if the Controller conducts processing of its personal data and in what way such processing is done. A Data Controller informs a Data Subject before it starts to collect data, if the latter has not been previously informed about the following:

a) processing purpose,

b) a controller, receiving authority or third party to whom the data shall be available,

c) whether a delivery of data for processing constitutes a legal obligation,

d) about the consequences in case that a data subject refuses to do so,

e) in which cases a data subject is entitled to refuse to submit the personal data,

f) whether a personal data collection is on voluntary basis,

g) whether there is a right to access and right to rectify the data related to a data subject.

The right to know the source of personal data: If a controller has not acquired personal data from a data subject, it is obliged to inform the latter, without delay, who the third party that submitted personal data to a controller is.

The right to be informed about the processing purpose: A person is entitled to an information about the purpose of processing its data.

The right to be informed about the legal basis of processing: A person is entitled to know what the legal basis of processing its personal data is.

The right to be informed about a location where data is being stored: A person is entitled to know in which files and databases its personal data is being stored.

The right to be informed which persons are using the data: Personal data with the Controller is used only by the Controller’s authorised persons for processing, in order to accomplish the purpose of data collection, or some other legitimate interests.

b) The right to rectification, erasure and data blocking: The Controller shall, upon the data subject’s request, rectify, erase or block the data, for which is concluded that is being incorrect, or incorrectly cited or processed in another way, opposite to the law and regulations referring to the data processing. Upon the data subject’s request, the Controller shall inform the third party to whom data is being transferred, about rectifications.

c) The right to withdraw consent: The consent might be withdrawn in any moment, unless a data subject and data controller explicitly agree otherwise.

d) The right to restrict processing: A person is entitled to ask from the Data Controller a restriction in processing its data.

e) The right to data portability: A person who deals with data is entitled to request a data portability, meaning that a data subject is entitled to know the purpose, legal basis and to whom its data is being transferred.

f) The right not to be a subject to the automated individual decision making: A data subject is entitled not to be subject to a decision based solely on the automated processing, including profiling, if such profiling produces legal effects concerning the data subject or similarly significantly affects him or her.

g) The right to file a request for exercising rights: A data subject is entitled to file a request for exercising any of the previously mentioned rights, to the Data Controller, via its e-mail address from this privacy policy. If you need more information about the processing of your personal data, please check the How to contact us section.

Updating our Privacy Notice

This Privacy Notice (including any of its amendments) may be periodically updated in order to apply the changes in our privacy practices and the updates of the law.

How to contact us

If you have any questions or comments about this Privacy Notice, or if you would like to exercise your rights, click HERE