Effective Date: May 15, 2020
Introduction and scope of privacy notice
This Recruitment Privacy Notice explains the type of information we process, why we are processing it and how that processing may affect you.
What do we mean by “personal data” and “processing”?
“Personal data” is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.
“Processing” means doing anything with the data. For example, it includes collecting it, holding it, disclosing it or deleting it.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by EU privacy law to be “sensitive personal data”.
Your personal data
We process your personal data for the purposes of fulfilling our recruitment practices. Some of the personal data that we process about you comes from you. For example, you tell us your contact details. Other personal data about you is generated from references and third party companies such as recruitment agencies. Your personal data will be seen internally by managers, administrators and HR.
How long do we keep your personal data?
If you are successful in your application your data will be kept on your personnel file. If you are unsuccessful, your data will not be kept any longer than necessary for the purpose for which we collected it. Irrelevant data such as CCTV images may be deleted after a short period.
Transfers of personal data outside the EEA
We are headquartered in the United States and we have another office in India. Therefore, we may transfer your personal data outside the EEA to members of our group. We may also transfer it to processors in other countries. We will ensure that the transfer is lawful and that there are appropriate security arrangements.
We have entered into agreements ensuring appropriate and suitable safeguards with our group members and third party service providers. If you wish to see details of these safeguards, please email firstname.lastname@example.org.
In processing your data we, and in some cases our group companies, may act as a data controller.
If you have any questions relating to our processing of your personal data, please contact us at email@example.com.
Legal grounds for processing personal data
What are the grounds for processing?
Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts more than one ground applies. Two of those grounds can be summarised as Legal Obligation and Legitimate Interests. We outline what those terms mean below:
|Term||Ground for processing||Explanation|
|Legal obligation||Processing necessary to comply with our legal obligations||Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination.|
|Legitimate Interests||Processing necessary for our or a third party’s legitimate interests||We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data.
Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.
Processing sensitive personal data
If we process sensitive personal data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one of the grounds for processing sensitive personal data applies, including (for example) that the processing is for equality and diversity purposes to the extent permitted by law.
Further information on the data we process and our purposes
Examples of the data and the grounds on which we process data are in the table below. The examples in the table cannot, of course, be exhaustive.
|Purpose||Examples of personal data that may be processed||Grounds for processing|
|Recruitment||Information concerning your application and our assessment of it, the fact of your application and our record of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to work. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements.||Legal obligation
|Contacting you or others on your behalf||Your address and phone number, emergency contact information and information on your next of kin||Legitimate interests|
|Security||CCTV images||Legal obligation
|Monitoring of diversity and equal opportunities||Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age||Legitimate interests|
Who gets to see your data?
Your personal data may be disclosed to managers, HR and administrators for employment, administrative and management purposes as mentioned in this Notice. We may also disclose this to other members of our group.
Access to your personal data and other rights
We try to be as open as we reasonably can about personal data that we process. If you would like specific information, just ask us.
You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information on it, including a description and copy of the personal data and an explanation of why we are processing it.
- If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
- As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted. You may also have the right to be given your data in a machine readable format for transmitting to another data controller though this right is unlikely to be relevant to you the context of our recruitment processes.
- We are unlikely to rely on consent as a ground for processing. However, if we do, you may withdraw consent at any time — though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.
If you have complaints relating to our processing of your personal data, please contact firstname.lastname@example.org.
You may also raise complaints with the statutory regulator in your jurisdiction.
The relevant statutory regulators are:
|In the Netherlands||The Autoriteit Persoonsgegevens: https://autoriteitpersoonsgegevens.nl