1.1 We protect the data privacy rights of all candidates at all stages during our recruitment process, who have applied to work with us (whether as an employee, or contractor)
1.2 This policy applies where we act as a data controller of the personal data of candidates involved in our recruitment process. It explains how we will use and keep your personal data during our recruitment process.
1.3 We will ask you to give your consent for the use of your personal data for our recruitment processes, in line with the terms of this policy and the General Data Protection Regulation ((EU) 2016/679) (“GDPR”).
1.4 In this policy, “we”, “us” and “our” refer to Ensynia Ltd.
- DATA PROTECTION PRINCIPLES
2.1 We will follow data protection law and principles, which means that your data will be:
(a) Processed in a secure and transparent way.
(b) Collected for specific, explicit and legitimate purposes stated in this policy and not used in any other way.
(c) Relevant to what is necessary for those purposes.
(d) Accurate and, where necessary, kept up to date.
(e) Kept for no longer than is necessary for the above purposes.
- USE OF PERSONAL DATA
3.1 In this section we set out:
(a) the general categories of personal data that we collect, store and use for the recruitment process.
(b) the source and specific categories of personal data that we did not get from you (referred to as indirect data) and where we have stored it.
(c) the purposes for which we may process personal data.
(d) the legal basis of the processing.
3.2 The personal data processed for recruitment purposes may include:
- your full name
- contact details such as telephone number, email address and home address
- date of birth
- data derived from social and professional profiles
- educational history
- previous work experience
- visa sponsorship requirements
- references and the contact details of those references
- information that you provide us during an interview or in performance of a tech test or interview assignment
- all other common data that is likely to be on a candidate’s Curriculum Vitae and cover letter
3.3 Personal data collected either directly or indirectly will be stored and processed in our Applicant Tracking System
3.4 Personal data obtained indirectly from you is from either a public profile or from a Ensynia Ltd. employee who is referring you for a position with us.
3.5 We collect and use your personal data:
- for recruitment purposes to assess your suitability for a vacant role that matches your skills and experience
- to communicate with you about the recruitment process
- to decide whether to enter into a contract of employment with you
- to follow legal or regulatory requirements
3.6 We will ask for your consent to process your personal data so we can fill a position that is currently vacant or vacant in the future.
3.7 If you decline to provide personal data which is necessary for us to consider your application, we may be unable to process your application.
3.8 In addition to the specific purposes for which we may process your personal data set out in Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another person.
3.9 Please do not supply any other person’s personal data to us, unless we request that you do.
3.10 You will not be subject to decisions that will have a significant impact on you based on automated decision-making.
- SHARING OF YOUR PERSONAL DATA
4.1 We do not disclose your personal data outside of Ensynia during the recruitment process unless we have your consent.
4.2 Third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We only allow them to process your personal data for specified purposes and under our instruction.
4.3 We may disclose your personal data where such disclosure is to follow a legal obligation which applies to us or to protect your interests or the interests of another person.
4.4 We may disclose your personal data where such disclosure is necessary to establish or exercise legal claims.
- TRANSFERRING PERSONAL DATA TO OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
5.1 We may have offices and affiliate partners in United States of America, Canada and New Zealand, so we may have to transfer your data internationally. The European Commission has made an “adequacy decision” on the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards.
- DATA SECURITY
6.1 Your personal data cannot be altered or disclosed in an unauthorised way. We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. For more information contact firstname.lastname@example.org.
6.2 Procedures are in place to deal with any data security breach and we will notify you and any applicable regulator if a data breach has occurred.
- RETAINING AND DELETING PERSONAL DATA
7.1 We will keep your personal data for a maximum period of 24 months to show that our recruitment process was not discriminative against any candidates on prohibited grounds.
7.2 Candidates who have been indirectly sourced through a publicly accessible platform will be notified that their personal data is in our possession and is being processed for recruitment purposes.
7.3 During the 24 month period, you will be able to exercise your right to erasure and right to withdraw consent at any time.
7.4 At the end of the 24 month period, we will delete your personal data.
7.5 If you are unsuccessful for the role you applied for, we may notify you that you have been unsuccessful but we will still keep your data in case a suitable role comes up in the future. If you do not wish us to keep your data please contact email@example.com
8.1 We may update this policy from time to time by publishing a new version on our website.
8.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
8.3 We will notify you of changes to this policy by email.
- YOUR RIGHTS
9.1 In this Section 9, we have summarized the rights that you have under data protection law. This is a brief summary and you should still read the relevant laws for a full explanation of these rights.
9.2 Your principal rights under data protection law are:
9.2.1 the right to be informed and the right of access
You have the right to confirmation on whether we hold or process your personal data and, where we do, access to that personal data, together with extra information. That extra information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data.
9.2.2 the right to rectification
You have the right to have any inaccurate personal data about you corrected and updated.
9.2.3 the right to erasure
You have the right to have your personal data deleted from our systems without undue delay. We will delete your personal data in the following circumstances:
- the personal data is no longer necessary in relation to the purpose .
- you withdraw consent to have your personal data processed.
- you object to the processing under certain rules of applicable data protection law.
- the personal data is unlawfully processed.
Exclusions to the right of erasure include where processing is necessary, for example: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or to establish/exercise legal claims.
9.2.4 the right to restrict processing
You have the right to request that your personal data is no longer processed. This is due to the inaccuracies of the personal data or the reason for processing.
9.2.5 the right to data portability
You have the right to request that your personal data be transferred by us to another party of your choice.
9.2.6 the right to object
If we have misused your personal data, you have the right to make a complaint with a supervisory authority responsible for data protection.
9.2.7 rights in relation to automated decision making and profiling.
You will not be subject to decisions that will have a significant impact on you based on automated decision-making.
9.3 Where the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
9.4 You may exercise any of your rights by written notice to us or by any of the methods specified in Section 9.
- RECRUITMENT EVENTS AND MEETUPS
10.1 If you are an organiser, founder or speaker for a meetup organisation we may request the following personal data from you to host your event:
- Full name;
- Contact details (email address and mobile number);
- Meetup group or organisation you represent; and
- Current position and professional background
10.2 Personal data collected from you, will be stored in our email system and may be shared among employees within Ensynia to advertise the event.
10.3 Once the event has taken place we will delete your personal data immediately unless you agree for us to keep your data for a maximum period of 3 months to host events with you in the future.
10.3.1 Your personal data is stored in our email system for a maximum period of 3 months from the date in which you consent to us retaining your data.
10.4 For security reasons we will request a list of the confirmed attendees which may include their full name and email address.
- This personal data will be stored in our email system and shared among the People Team so we can check who has attended the event
- The attendees personal data will be immediately deleted after the event.
- CONTACT US
11.1 We are registered in England under registration number 09544009, and our registered office is at 86–90 Paul Street, London EC2A 4NE.
11.2 Our principal place of business is at 86–90 Paul Street, London EC2A 4NE
11.3 If you have any questions about this privacy notice or how we handle your personal information, you can contact us with attention to the Data Protection Officer:
(a) by post to the postal address given above;
(b) using our website contact form;
(c) by telephone, on 0208 050 9818; or
(d) by email, using firstname.lastname@example.org.