Recruitment Privacy

Ensynia: Recruitment Privacy Policy

 

  1. INTRODUCTION

1.1 We pro­tect the data pri­vacy rights of all can­did­ates at all stages dur­ing our recruit­ment pro­cess, who have applied to work with us (wheth­er as an employ­ee, or con­tract­or)

1.2 This policy applies where we act as a data con­trol­ler of the per­son­al data of can­did­ates involved in our recruit­ment pro­cess. It explains how we will use and keep your per­son­al data dur­ing our recruit­ment pro­cess.

1.3 We will ask you to give your con­sent for the use of your per­son­al data for our recruit­ment pro­cesses, in line with the terms of this policy and the Gen­er­al Data Pro­tec­tion Reg­u­la­tion ((EU) 2016/​679) (“GDPR”).

1.4 In this policy, “we”, “us” and “our” refer to Ensynia Ltd.

  1. DATA PROTECTION PRINCIPLES

2.1 We will fol­low data pro­tec­tion law and prin­ciples, which means that your data will be:

(a) Pro­cessed in a secure and trans­par­ent way.

(b) Col­lec­ted for spe­cif­ic, expli­cit and legit­im­ate pur­poses stated in this policy and not used in any oth­er way.

(c) Rel­ev­ant to what is neces­sary for those pur­poses.

(d) Accur­ate and, where neces­sary, kept up to date.

(e) Kept for no longer than is neces­sary for the above pur­poses.

  1. USE OF PERSONAL DATA

3.1 In this sec­tion we set out:

(a) the gen­er­al cat­egor­ies of per­son­al data that we col­lect, store and use for the recruit­ment pro­cess.

(b) the source and spe­cif­ic cat­egor­ies of per­son­al data that we did not get from you (referred to as indir­ect data) and where we have stored it.

(c) the pur­poses for which we may pro­cess per­son­al data.

(d) the leg­al basis of the pro­cessing.

3.2 The per­son­al data pro­cessed for recruit­ment pur­poses may include:

  • your full name
  • con­tact details such as tele­phone num­ber, email address and home address
  • date of birth
  • gender
  • data derived from social and pro­fes­sion­al pro­files
  • edu­ca­tion­al his­tory
  • pre­vi­ous work exper­i­ence
  • visa spon­sor­ship require­ments
  • ref­er­ences and the con­tact details of those ref­er­ences
  • inform­a­tion that you provide us dur­ing an inter­view or in per­form­ance of a tech test or inter­view assign­ment
  • all oth­er com­mon data that is likely to be on a candidate’s Cur­riculum Vitae and cov­er let­ter

3.3 Per­son­al data col­lec­ted either dir­ectly or indir­ectly will be stored and pro­cessed in our Applic­ant Track­ing Sys­tem

3.4 Per­son­al data obtained indir­ectly from you is from either a pub­lic pro­file or from a Ensynia Ltd. employ­ee who is refer­ring you for a pos­i­tion with us.

3.5 We col­lect and use your per­son­al data:

  • for recruit­ment pur­poses to assess your suit­ab­il­ity for a vacant role that matches your skills and exper­i­ence
  • to com­mu­nic­ate with you about the recruit­ment pro­cess
  • to decide wheth­er to enter into a con­tract of employ­ment with you
  • to fol­low leg­al or reg­u­lat­ory require­ments

3.6 We will ask for your con­sent to pro­cess your per­son­al data so we can fill a pos­i­tion that is cur­rently vacant or vacant in the future.

3.7 If you decline to provide per­son­al data which is neces­sary for us to con­sider your applic­a­tion, we may be unable to pro­cess your applic­a­tion.

3.8 In addi­tion to the spe­cif­ic pur­poses for which we may pro­cess your per­son­al data set out in Sec­tion 3, we may also pro­cess any of your per­son­al data where such pro­cessing is neces­sary for com­pli­ance with a leg­al oblig­a­tion to which we are sub­ject, or to pro­tect your vital interests or the vital interests of anoth­er per­son.

3.9 Please do not sup­ply any oth­er person’s per­son­al data to us, unless we request that you do.

3.10 You will not be sub­ject to decisions that will have a sig­ni­fic­ant impact on you based on auto­mated decision-mak­ing.

  1. SHARING OF YOUR PERSONAL DATA

4.1 We do not dis­close your per­son­al data out­side of Ensynia dur­ing the recruit­ment pro­cess unless we have your con­sent.

4.2 Third-party ser­vice pro­viders are required to take appro­pri­ate secur­ity meas­ures to pro­tect your per­son­al data in line with our policies. We only allow them to pro­cess your per­son­al data for spe­cified pur­poses and under our instruc­tion.

4.3 We may dis­close your per­son­al data where such dis­clos­ure is to fol­low a leg­al oblig­a­tion which applies to us or to pro­tect your interests or the interests of anoth­er per­son.

4.4 We may dis­close your per­son­al data where such dis­clos­ure is neces­sary to estab­lish or exer­cise leg­al claims.

  1. TRANSFERRING PERSONAL DATA TO OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

5.1 We may have offices and affil­i­ate part­ners in United States of Amer­ica, Canada and New Zea­l­and, so we may have to trans­fer your data inter­na­tion­ally. The European Com­mis­sion has made an “adequacy decision” on the data pro­tec­tion laws of each of these coun­tries. Trans­fers to each of these coun­tries will be pro­tec­ted by appro­pri­ate safe­guards.

  1. DATA SECURITY

6.1 Your per­son­al data can­not be altered or dis­closed in an unau­thor­ised way. We lim­it access to your per­son­al inform­a­tion to those employ­ees, agents, con­tract­ors and oth­er third parties who have a busi­ness need-to-know. For more inform­a­tion con­tact privacy@​ensynia.​net.

6.2 Pro­ced­ures are in place to deal with any data secur­ity breach and we will noti­fy you and any applic­able reg­u­lat­or if a data breach has occurred.

  1. RETAINING AND DELETING PERSONAL DATA

7.1 We will keep your per­son­al data for a max­im­um peri­od of 24 months to show that our recruit­ment pro­cess was not dis­crim­in­at­ive against any can­did­ates on pro­hib­ited grounds.

7.2 Can­did­ates who have been indir­ectly sourced through a pub­licly access­ible plat­form will be noti­fied that their per­son­al data is in our pos­ses­sion and is being pro­cessed for recruit­ment pur­poses.

7.3 Dur­ing the 24 month peri­od, you will be able to exer­cise your right to eras­ure and right to with­draw con­sent at any time.

7.4 At the end of the 24 month peri­od, we will delete your per­son­al data.

7.5 If you are unsuc­cess­ful for the role you applied for, we may noti­fy you that you have been unsuc­cess­ful but we will still keep your data in case a suit­able role comes up in the future. If you do not wish us to keep your data please con­tact privacy@​ensynia.​net

  1. AMENDMENTS

8.1 We may update this policy from time to time by pub­lish­ing a new ver­sion on our web­site.

8.2 You should check this page occa­sion­ally to ensure you are happy with any changes to this policy.

8.3 We will noti­fy you of changes to this policy by email.

  1. YOUR RIGHTS

9.1 In this Sec­tion 9, we have sum­mar­ized the rights that you have under data pro­tec­tion law. This is a brief sum­mary and you should still read the rel­ev­ant laws for a full explan­a­tion of these rights.

9.2 Your prin­cip­al rights under data pro­tec­tion law are:

9.2.1 the right to be informed and the right of access

You have the right to con­firm­a­tion on wheth­er we hold or pro­cess your per­son­al data and, where we do, access to that per­son­al data, togeth­er with extra inform­a­tion. That extra inform­a­tion includes details of the pur­poses of the pro­cessing, the cat­egor­ies of per­son­al data con­cerned and the recip­i­ents of the per­son­al data.

9.2.2 the right to rec­ti­fic­a­tion

You have the right to have any inac­cur­ate per­son­al data about you cor­rec­ted and updated.

9.2.3 the right to eras­ure

You have the right to have your per­son­al data deleted from our sys­tems without undue delay. We will delete your per­son­al data in the fol­low­ing cir­cum­stances:

  • the per­son­al data is no longer neces­sary in rela­tion to the pur­pose .
  • you with­draw con­sent to have your per­son­al data pro­cessed.
  • you object to the pro­cessing under cer­tain rules of applic­able data pro­tec­tion law.
  • the per­son­al data is unlaw­fully pro­cessed.

Exclu­sions to the right of eras­ure include where pro­cessing is neces­sary, for example: for exer­cising the right of free­dom of expres­sion and inform­a­tion; for com­pli­ance with a leg­al oblig­a­tion; or to establish/​exercise leg­al claims.

9.2.4 the right to restrict pro­cessing

You have the right to request that your per­son­al data is no longer pro­cessed. This is due to the inac­curacies of the per­son­al data or the reas­on for pro­cessing.

9.2.5 the right to data port­ab­il­ity

You have the right to request that your per­son­al data be trans­ferred by us to anoth­er party of your choice.

9.2.6 the right to object

If we have mis­used your per­son­al data, you have the right to make a com­plaint with a super­vis­ory author­ity respons­ible for data pro­tec­tion.

9.2.7 rights in rela­tion to auto­mated decision mak­ing and pro­fil­ing.

You will not be sub­ject to decisions that will have a sig­ni­fic­ant impact on you based on auto­mated decision-mak­ing.

9.3 Where the leg­al basis for our pro­cessing of your per­son­al inform­a­tion is con­sent, you have the right to with­draw that con­sent at any time. With­draw­al will not affect the law­ful­ness of pro­cessing before the with­draw­al.

9.4 You may exer­cise any of your rights by writ­ten notice to us or by any of the meth­ods spe­cified in Sec­tion 9.

  1. RECRUITMENT EVENTS AND MEETUPS

10.1 If you are an organ­iser, founder or speak­er for a meetup organ­isa­tion we may request the fol­low­ing per­son­al data from you to host your event:

  • Full name;
  • Con­tact details (email address and mobile num­ber);
  • Meetup group or organ­isa­tion you rep­res­ent; and
  • Cur­rent pos­i­tion and pro­fes­sion­al back­ground

10.2 Per­son­al data col­lec­ted from you, will be stored in our email sys­tem and may be shared among employ­ees with­in Ensynia to advert­ise the event.

10.3 Once the event has taken place we will delete your per­son­al data imme­di­ately unless you agree for us to keep your data for a max­im­um peri­od of 3 months to host events with you in the future.

10.3.1 Your per­son­al data is stored in our email sys­tem for a max­im­um peri­od of 3 months from the date in which you con­sent to us retain­ing your data.

10.4 For secur­ity reas­ons we will request a list of the con­firmed attendees which may include their full name and email address.

  • This per­son­al data will be stored in our email sys­tem and shared among the People Team so we can check who has atten­ded the event
  • The attendees per­son­al data will be imme­di­ately deleted after the event.
  1. CONTACT US

11.1 We are registered in Eng­land under regis­tra­tion num­ber 09544009, and our registered office is at 86–90 Paul Street, Lon­don EC2A 4NE.

11.2 Our prin­cip­al place of busi­ness is at 86–90 Paul Street, Lon­don EC2A 4NE

11.3 If you have any ques­tions about this pri­vacy notice or how we handle your per­son­al inform­a­tion, you can con­tact us with atten­tion to the Data Pro­tec­tion Officer:

(a) by post to the postal address giv­en above;

(b) using our web­site con­tact form;

(c) by tele­phone, on 0208 050 9818; or

(d) by email, using privacy@​ensynia.​net.