We are the controller in accordance with current privacy legislations. The Users’ personal data is processed with the purpose of managing and facilitating recruitment of employees to our business.
2. Collection of personal data
We are responsible for the processing of the personal data that the Users contributes to the Service, or for the personal data that we in other ways collects with regards to the Service.
When and how we collect personal data
We collect personal data about Users from Users when Users;
- make an application through the Service or otherwise, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn; and
- use the Service to connect with our staff, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn.
- provides identifiable data in the chat (provided through the website that uses the Service) and such data is of relevance to the application procedure;
We collect data from third parties, such as Facebook, Linkedin and through other public sources. This is referred to as “Sourcing” and be manually performed by our employees or automatically in the Service.
The types of personal data collected and processed
The categories of personal data that can be collected through the Service can be used to identify natural persons from names, e-mails, pictures and videos, information from Facebook and LinkedIn-accounts, answers to questions asked through the recruiting, titles, education and other information that the User or others have provided through the Service. Only data that is relevant for the recruitment process is collected and processed.
Purpose and lawfulness of processing
The purpose of the collecting and processing of personal data is to manage recruiting. The lawfulness of the processing of personal data is our legitimate interest to simplify and facilitate recruitment.
Personal data that is processed with the purpose of aggregated analysis or market research is always made unidentifiable. Such personal data cannot be used to identify a certain User. Thus, such data is not considered personal data.
The consent of the data subject
The User consents to the processing of its personal data with the purpose of Controller’s handling recruiting. The User consents that personal data is collected through the Service, when Users;
- make an application through the Service, adding personal data about themselves either personally or by using a third-party source as Facebook or LinkedIn, and that Controller may use external sourcing-tools to add additional information; and
- when they use the Service to connect to Controller’s recruitment department, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn.
The User also consents to the Controller collecting publically available information about the User and compiles them for use in recruitment purposes.
The User consents to the personal data being collected in accordance with the above a) and b) will be processed according to the below sections Storage and transfer and How long the personal data will be processed.
The User has the right to withdraw his or her consent at any time, by contacting Controller using the contact details listed under 10. Using this right may however, mean that the User can not apply for a specific job or otherwise use the Service.
Storage and transfers
The personal data collected through the Service is stored and processed inside the EU/EEA, such third country that is considered by the European Commission to have an adequate level of protection, or processed by such suppliers that have entered into such binding agreements that fully complies with the lawfulness of third country transfers (as Privacy Shield) or to other supplies where the adequate safeguards are in order to protect the rights of the data subjects whose data is transferred. To obtain documentation regarding such adequate safeguards, contact us using the Contact details listed in 10.
How long the personal data will be processed
If a User does not object, in writing, to the processing of their personal data, the personal data will be stored and processed by us as long as we deem it necessary with regards to the purposes stated above. Note that an applicant (User) may be interesting for future recruitment and for this purpose we may store Users’ Personal Data until they are no longer of value as potential recruitments. If you as a User wish not to have your Personal Data processed for this purpose (future recruitment) please contact us using the contact details in paragraph 10.
3. Users’ rights
Users have the right to request information about the personal data that is processed by us, by notifying in writing, us using the contact details below under paragraph 10 below. Users have the right to one (1) copy of the processed personal data which belongs to them without any charge. For further demanded copies, Controller has a right to charge a reasonable fee on the basis of the administrative costs for such demand.
Users have the right to, if necessary, rectification of inaccurate personal data concerning that User, via a written request, using the contact details in paragraph 10 below.
The User has the right to demand deletion or restriction of processing, and the right to object to processing based on legitimate interest under certain circumstances.
The User has the right to revoke any consent to processing that has been given by the User to Controller. Using this right may however, mean that the User can not apply for a specific job or otherwise use the Service.
The User has under certain circumstances a right to data portability, which means a right to get the personal data and transfer these to another controller as long as this does not negatively affect the rights and freedoms of others.
User has the right to lodge a complaint to the supervisory authority regarding the processing of personal data relating to him or her, if the User considers that the processing of personal data infringes the legal framework of privacy law.
However, transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that Users also take responsibility to ensure that their data is protected. It is the responsibility of the User that their login information is kept secret.
5. Transfer of personal data to third party
We will not sell or otherwise transfer Users’ personal data to third parties.
We may transfer Users’ Personal Data to;
- our contractors and sub-contractors, acting as our Processors and Sub-Processors in accordance with our instructions, for the provision of the Service;
- authorities or legal advisors in case criminal or improper behaviour is suspected; and
- authorities, legal advisors or other actors, if required by us according to law or authority’s injunction.
We will only transfer Users’ personal data to third parties that we have confidence in. We carefully choose partners to ensure that the User’s personal data is processed in accordance to current privacy legislations. We cooperate with the following categories of processors of personal data; Teamtailor, who supplies the Service, server and hosting companies, e-mail reference companies, video processing companies, information-sourcing companies, analytical service companies and other companies with regards to suppling the Service.
6. Aggregated data (non-identifiable personal data)
We may share aggregated data to third parties. The aggregated data has in such instances been compiled from information that has been collected through the Service and can, for example, consist of statistics of internet traffic or the geological location for the use of the Service. The aggregated data does not contain any information that can be used to identify individual persons and is thus not personal data.
For questions, further information about our handling of personal data or for contact with us in other matters, please use the below stated contact details; TriOptima firstname.lastname@example.org
NEX Recruitment Privacy Notice
WHAT IS THE PURPOSE OF THIS DOCUMENT?
NEX Group Plc and its group companies are committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about individuals who apply, or are referred, for employment or engagement with us ("Candidates"). If you accept employment with or are otherwise engaged by NEX we will, of course, need to collect more information about you and make other uses of your information, and this will be explained to you during the onboarding process.
With respect to the personal data of its Candidates, NEX Employing entities are “data controllers”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
This notice applies to Candidates. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time. Where certain provisions of this privacy notice are not permissible under applicable data protection laws, this privacy notice will be deemed to be amended in line with such applicable laws in those jurisdictions.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
DATA PROTECTION PRINCIPLES
We will comply with data protection law applicable to your personal data. EU data protection law, the General Data Protection Regulation (GDPR) in particular says that the personal information we hold about Candidates covered by the GDPR must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for legitimate purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Adequate, relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified.
There are “special categories” of more sensitive personal data which require a higher level of protection.
We may, where required and when permitted in accordance with applicable law and group policy collect, store, and use the categories of personal information about you as set out in Schedule A appended to this notice.
We may, where required and when permitted in accordance with applicable law and group policy, also collect, store and use the following “special categories” of more sensitive personal information:
- Information about your race or ethnicity, religious beliefs;
- Information about your health, including any medical condition and/or disability, health and sickness records;
- biometric data (e.g. fingerprints in locations that require this for criminal records check purposes); and
- Information about criminal convictions and offences.
HOW IS YOUR PERSONAL INFORMATION AND SENSITIVE PERSONAL INFORMATION COLLECTED?
We collect personal information about Candidates through the application and recruitment process, either directly from Candidates (for example, in forms that you are asked to complete and in interviews including the assessment process which may require the completion of tests and presentations), or sometimes indirectly from an employment and/or recruitment agencies, higher education institutions, apprenticeship organisations, background check provider or online professional portals such as LinkedIn or online share dealing portals. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies or government agencies. We also operate an employee referral programme whereby our employees can refer individuals for roles.
HOW WE WILL USE INFORMATION ABOUT YOU
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
Where we need to comply with a legal obligation;
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
Where we need to protect your interests (or someone else’s interests);
Where it is needed in the public interest.
Situations in which we will use your personal information
In some cases, we may need to process your personal information to enable us to comply with legal obligations. For example, we are required to check your entitlement to work in the country in which we are seeking to employ you and to comply with health and safety laws.
In other cases, we may use your personal information to pursue legitimate interests of our own or those of third parties (provided your interests and fundamental rights do not override those interests). The purposes include to manage the recruitment process and assess you for employment or other engagement, to monitor and improve our recruitment processes and for related purposes (including equality of opportunity monitoring), to ensure the security of our business and for purposes relating to legal claims made by or against us. The situations in which we will process your personal information are set out in Schedule B.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
What happens if my application is unsuccessful?
If you are unsuccessful in your application, we may also retain your Candidate information and use it to assess your suitability for future positions and roles within the organisation, with your consent where required by applicable law.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to pursue our legitimate interest of assessing you as a Candidate, or we may be prevented from complying with our legal obligations (such as assessing your right to work).
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
HOW WE USE SENSITIVE PERSONAL INFORMATION
”Special categories” of sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent;
- Where the processing is necessary for us to comply with our employment, social security and social protection legal obligations, for example so we can make reasonable adjustments for Candidates with ill health;
- Where it is needed in the public interest, such as for equal opportunities monitoring;
- Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
Our obligations as a recruiting employer
Where required and only when permitted in accordance with applicable laws and group policy, we may use your sensitive personal information in the following ways:
We may use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, and to provide appropriate adjustments during the application process;
We may use information about your race or national or ethnic origin, religious beliefs to ensure meaningful equal opportunity monitoring and reporting.
Do we need your consent?
For Candidates in the EU, we do not need your consent if we use special categories of your personal information in accordance with the purposes listed in section 6.1 above. In limited circumstances, we may approach you for your written consent to allow us to process certain sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
For Candidates in countries outside the EU, we may request your consent to use your sensitive data where required in accordance with local applicable laws.
INFORMATION ABOUT CRIMINAL CONVICTIONS
Subject to applicable law, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.
Subject to applicable law, we will use information about criminal convictions and offences because we have a legitimate interest during the recruitment process in assessing whether to employ or engage you.
We are allowed to use your personal information in this way because processing is necessary for the purpose of complying with a regulatory requirement which involves us taking steps to establish if you have committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct. For these purposes, a regulatory requirement includes an obligation imposed on us by law or regulation or because we consider there is a requirement forming part of generally accepted principles of good practice in the financial services industry.
PERSONAL INFORMATION ABOUT YOUR DEPENDANTS
Subject to applicable law, we may collect personal information about your dependants to comply with our legal obligations under immigration law.
We may share personal information about your dependants in accordance with section 10 of this Privacy Notice, or with immigration authorities where we are legally required to do so.
All personal information about your dependents will be processed by us in accordance with the principles in this Privacy Notice and applicable law.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes
We may have to share your data with third parties, including third-party service providers and other entities in the group.
We require third parties to respect the security of your data and to treat it in accordance with the law (please see section 10.7 below for further details).
For Candidates in the EU, we may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information (please see section 10.10 below for further details).
For Candidates outside the EU, we may transfer your personal information outside the country of your location where permitted by applicable law and regulation.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
Which third-party service providers process my personal information?
“Third parties” includes third-party service providers (including contractors and designated agents) and other entities within our group.
The following relevant activities are carried out by third-party service providers: recruitment/head-hunting services, IT services including Global HR Systems, communication and monitoring tools, employee assessment and coaching services, hotel and temporary accommodation provision, relocation and travel agent services, pre-employment screening; IT infrastructure services and banking services.
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to implement appropriate technical and organisational measures to ensure that the processing of your personal information meets the requirements of applicable data protection laws and our policies and your rights are protected. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes, in accordance with our instructions and subject to obligations of confidentiality.
When might you share my personal information with other entities or personnel in the group?
We will share your personal information internally with relevant individuals involved in the hiring process of the role for which you are applying as a Candidate, including members of the HR and recruitment teams and also Facilities and IT staff if access to the data is necessary for performance of their roles. The different administrative, management and business functions provided by NEX Group are undertaken by different legal entities and personnel located in many of our offices globally. It is in these circumstances which different entities and personnel in the group will be provided with your personal information.
What about other third parties?
We may also need to share your personal information with a competent authority or to otherwise comply with the law. In each case we will ensure that appropriate safeguards are in place to protect your personal data.
Transferring information outside the country of your location
We may transfer the personal information we collect about you to the countries listed in Schedule D in order to pursue our legitimate interest of assessing you as a candidate.
To ensure that the personal information of data subjects covered by EU data protection law receives an adequate level of protection we have put in place standard contractual clauses adopted by the European Commission to ensure that it is treated in a way that is consistent with and which respects the EU and UK laws on data protection.
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, directors, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for?
We will generally retain information about you throughout the recruitment process. Subject to applicable law, some information will be retained after the process ends, either because you are employed or otherwise engaged by us or, if your application is withdrawn or unsuccessful, because we retain information in case you apply to work for us again (or a suitable position within the NEX group becomes available) or a recruitment-related dispute arises between us. Subject to applicable law, we will delete or restrict/discontinue the processing of personal data when it is no longer needed after the recruitment process ends, in accordance with their own policies and in accordance with applicable law.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep NEX informed if your personal information changes during the application/ recruitment process via your local Recruitment team contact or via email@example.com.
Your rights in connection with personal information
If you are a data subject within the meaning of EU data protection law you may have the right to make the requests set out in Schedule C. Any such requests should be sent in writing to GDPRHRqueries@NEX.com.
Subject to applicable law, you will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You have the right to make a complaint at any time to your applicable supervisory authority for data protection issues.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy notice, please contact GDPRHRqueries@NEX.com
- The kind of information we hold about you
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
- Date of birth;
- Marital status;
- Next of kin and emergency contact information;
- National Insurance number and/or equivalent government issued identification numbers;
- Citizenship, residency, domicile and immigration status information;
- Bank account details and tax status information;
- Proposed start date;
- Vehicle registration;
- Recruitment information (including information in a CV or cover letter or as part of the application process, including previous job history);
- Pre-employment / engagement screening results including, education, employment, credit, directorships and drug screening results, where applicable;
- Right to work documentation, including passport copy;
- Prior/or current employment / engagement records (including job titles and duties, work history, notice period, work location, working hours, training records, skills and professional memberships);
- CCTV footage and other information obtained through electronic means such as swipe card records;
- Your signature
- Pro-booked annual leave/vacation dates; and
- Results of assessments including tests and presentations completed during the recruitment process.
- Situations in which we will use your personal information
- Deciding about your recruitment or appointment;
- Determining the terms on which you may work for us;
- Checking you are legally entitled to work in the country in which we are seeking to employ / engage you;
- Making decisions about salary and compensation;
- Assessing and verifying your qualifications;
- Assessing and verifying your experience;
- Reimbursing any expenses;
- Planning for your start date and induction into NEX and planning for coverage during any period of pre-booked holiday;
- Planning and making travel arrangements;
- Dealing with legal disputes involving you;
- Complying with health and safety obligations;
- Complying with our employment law and other regulatory obligations;
- To prevent fraud; and;
- Conducting data analytics studies to review and better understand application and recruitment trends.
- Rights to request access, correction, erasure, and restriction applicable to data subjects covered by EU data protection law
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Schedule D
Countries where we may share your personal information (NEX locations)
- Hong Kong
- United Kingdom
- United States of America