Privacy Notice for candidates - Monese Ltd, Monese Ltd Eesti filiaal, any branch of Monese Ltd or whichever Monese company is recruiting ("Monese")
What is a privacy notice and what does it cover?
Monese is a "controller", which means we are responsible for deciding how we hold and use your personal information. We want to use this notice to explain what information we collect about you, how we will use it and why. This notice overrides anything conflicting previously stated and applies to personal information that Monese handles about people applying for jobs at Monese.
This privacy notice does not form part of any contract of employment or engagement, and we may update it at any time.
What information do we collect about you?
Monese collects personal data from you during the recruitment process. We also collect personal data about you from our partners (such as third party recruitment agencies (this may include details of your qualifications and experience) and providers who assist us with candidate screening (this may include details of special categories of personal data)).
Examples of personal data we may collect are:
identity and contact details (including basic personal details, identification data, and if allowed by law, diversity monitoring data);
details of your previous experience (including information relating to your previous roles and experience);
special categories of personal data (if allowed by law, for candidate screening).
We may also check publicly available sources such as LinkedIn or similar sites for information regarding your skills, experience or qualifications.
2. How do we use your personal data?
We may use your personal data for recruitment administration (including profiling) and to meet our legal/regulatory obligations.
We will only collect and use your data where there is a legal reason for doing so. The most common reasons are:
To meet legal / regulatory requirements; or
Where we have a legitimate interest in processing your personal data, for example ensure the effective functioning of our business, to carry out administrative functions or to protect our business
Who do we share your personal data with?
All the personal data we hold about you will be processed by our staff and where required, we share your personal data with other Monese companies, regulators, public authorities, and partners, for the purposes mentioned. This includes TeamTailor and please see below for more information about how TeamTailor uses your personal data.
Monese shares personal data with recipients in countries with different data protection laws where required by law or where we put in place contracts or other arrangements to ensure adequate protection of your personal data.
How long do we keep your personal data?
Monese will only retain your personal data following your application for a period of time, depending on the type of personal data, and why we hold it, for example to:
• maintain business records for analysis and/or audit purposes;
• comply with legal record retention requirements;
• comply with requests from regulators and authorities in connection with their duties;
• defend or bring any existing or potential legal claims; or
• deal with any complaints regarding your application.
The retention period is often linked to the time available to bring a legal claim. We will retain your personal data after this time if we are required to do so to comply with the law, if there are claims or complaints that will reasonably require your personal data to be retained, or for regulatory or technical reasons. If we retain your personal data, we will continue to take steps to protect your privacy.
6. What rights do you have in relation to the personal data we hold?
You have certain rights relating to your personal data:
The right to access personal data we hold about you
You may request access to all the personal data we hold about you. This is known as a ‘subject access request’.
The right to have your personal data erased from our systems
You may request that we delete some or all of the personal data that we hold about you. This may not always be possible, as we are required by law to keep some information.
If you believe that any of the personal data we hold about you is inaccurate, you have the right to have it updated (for example, you may wish to update your personal or contact details).
You may object to, or request that we restrict the processing of your personal data (for example, you may withdraw your consent for marketing at any time).
You may ask that we provide a copy of your personal data in a structured, commonly used and machine-readable format. You can request that we provide this to you directly, or that we transfer the data to a third party of your choosing.
Where we have used technology to make an automated decision, or to evaluate your suitability for a position, you have the right to challenge the decision directly.
To exercise any of these rights, simply submit a request by emailing email@example.com. We will aim to fulfil all requests within one calendar month.
This Privacy Notice governs the manner in which Teamtailor AB collects, uses, maintains and discloses information collected from users (each, a User) of the www.teamtailor.com website. This Privacy Notice applies to the Site and all products and services offered by Teamtailor AB.
Privacy Notice for recruitment using Teamtailor
The service for handling recruitments and simplifying the hiring process (the "Service") is powered by Teamtailor on behalf of monese ("Controller" “we” “us” etc.). It is important that the persons using the Service ("Users”) feel safe with, and are informed about, how we handle User's personal data in the recruitment process. We strive to maintain the highest possible standard regarding the protection of personal data. We process, manage, use, and protect User's Personal Data in accordance with this Privacy Notice ("Privacy Notice").
We are the controller in accordance with current privacy legislations. The Users’ personal data is processed with the purpose of managing and facilitating recruitment of employees to our business.
2. Collection of personal data
We are responsible for the processing of the personal data that the Users contribute to the Service, or for the personal data that we in other ways collects with regards to the Service.
When and how we collect personal data
We collect personal data about Users from Users when Users;
make an application through the Service or otherwise, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn; and
use the Service to connect with our staff, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn.
provides identifiable data in the chat (provided through the website that uses the Service) and such data is of relevance to the application procedure;
We collect data from third parties, such as Facebook, Linkedin and through other public sources. This is referred to as “Sourcing” and is manually performed by our employees or automatically in the Service.
In some cases, existing employees can make recommendations about potential applicants. Such employees will add personal data about such potential applicants. In the cases where this is made, the potential applicant is considered a User in the context of this Privacy Notice and will be informed about the processing.
The types of personal data collected and processed
The categories of personal data that can be collected through the Service can be used to identify natural persons from names, e-mails, pictures and videos, information from Facebook and LinkedIn-accounts, answers to questions asked through the recruiting, titles, education and other information that the User or others have provided through the Service. Only data that is relevant for the recruitment process is collected and processed.
Purpose and lawfulness of processing
The purpose of the collecting and processing of personal data is to manage recruiting. The lawfulness of the processing of personal data is our legitimate interest to simplify and facilitate recruitment.
Personal data that is processed with the purpose of aggregated analysis or market research is always made unidentifiable. Such personal data cannot be used to identify a certain User. Thus, such data is not considered personal data.
The consent of the data subject
The User consents to the processing of its personal data with the purpose of Controller’s handling recruiting. The User consents that personal data is collected through the Service, when Users;
make an application through the Service, adding personal data about themselves either personally or by using a third-party source as Facebook or LinkedIn, and that Controller may use external sourcing-tools to add additional information; and
when they use the Service to connect to Controller’s recruitment department, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn.
The User also consents to the Controller collecting publically available information about the User and compiles them for use in recruitment purposes.
The User consents to the personal data being collected in accordance with the above a) and b) will be processed according to the below sections Storage and transfer and How long the personal data will be processed.
The User has the right to withdraw his or her consent at any time, by contacting Controller using the contact details listed under 9. Using this right may however, mean that the User can not apply for a specific job or otherwise use the Service.
Storage and transfers
The personal data collected through the Service is stored and processed inside the EU/EEA, such third country that is considered by the European Commission to have an adequate level of protection, or processed by such suppliers that have entered into such binding agreements that fully complies with the lawfulness of third country transfers (as Privacy Shield) or to other supplies where the adequate safeguards are in order to protect the rights of the data subjects whose data is transferred. To obtain documentation regarding such adequate safeguards, contact us using the Contact details listed in 9.
How long the personal data will be processed
If a User does not object, in writing, to the processing of their personal data, the personal data will be stored and processed for twelve (12) months. Note that an applicant (User) may be interesting for future recruitment and for this purpose we may store Users’ Personal Data until they are no longer of value as potential recruitments. If you as a User wish not to have your Personal Data processed for this purpose (future recruitment) please contact us using the contact details in paragraph 9.
3. Users’ rights
Users have the right to request information about the personal data that is processed by us, by notifying in writing, us using the contact details below under paragraph 9 below. Users have the right to one (1) copy of the processed personal data which belongs to them without any charge. For further demanded copies, Controller has a right to charge a reasonable fee on the basis of the administrative costs for such demand.
Users have the right to, if necessary, rectification of inaccurate personal data concerning that User, via a written request, using the contact details in paragraph 9 below.
The User has the right to demand deletion or restriction of processing, and the right to object to processing based on legitimate interest under certain circumstances.
The User has the right to revoke any consent to processing that has been given by the User to Controller. Using this right may however, mean that the User can not apply for a specific job or otherwise use the Service.
The User has under certain circumstances a right to data portability, which means a right to get the personal data and transfer these to another controller as long as this does not negatively affect the rights and freedoms of others.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or telephone: 0303 123 1113.
We prioritize the personal integrity and therefore works actively so that the personal data of the Users are processed with utmost care. We take the measures that can be reasonably expected to the make sure that the personal data of Users and others are processed safely and in accordance to this Privacy Notice and the GDPR-regulation.
However, transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that Users also take responsibility to ensure that their data is protected. It is the responsibility of the User that their login information is kept secret.
5. Transfer of personal data to third party
We will not sell or otherwise transfer Users’ personal data to third parties.
We may transfer Users’ Personal Data to;
our contractors and sub-contractors, acting as our Processors and Sub-Processors in accordance with our instructions, for the provision of the Service;
authorities or legal advisors in case criminal or improper behaviour is suspected; and
authorities, legal advisors or other actors, if required by us according to law or authority’s injunction.
We will only transfer Users’ personal data to third parties that we have confidence in. We carefully choose partners to ensure that the User’s personal data is processed in accordance to current privacy legislations. We cooperate with the following categories of processors of personal data; Teamtailor, who supplies the Service, server and hosting companies, e-mail reference companies, video processing companies, information-sourcing companies, analytical service companies and other companies with regards to suppling the Service.
6. Aggregated data (non-identifiable personal data)
We may share aggregated data to third parties. The aggregated data has in such instances been compiled from information that has been collected through the Service and can, for example, consist of statistics of internet traffic or the geological location for the use of the Service. The aggregated data does not contain any information that can be used to identify individual persons and is thus not personal data.
We have the right to, at any time, make changes or additions to the Privacy Notice. The latest version of the Privacy Notice will always be available through the Service. A new version is considered communicated to the Users when the User has either received an email informing the User of the new version (using the e-mail stated by the User in connection to the use of the Service) or when the User is otherwise informed of the new Privacy Notice.
All questions, comments and requests regarding this Privacy Notice should be addressed to firstname.lastname@example.org