Job Candidate Privacy Policy

Calligo has created this Job Candidate Privacy Policy which explains how and why we collect your data, what that data is, under what circumstances we may disclose or transfer it, and how we store it.

If you have any queries, please contact privacy@calligo.cloud

1. Introduction

 

1.1 What is the purpose of this document?

Calligo Limited, its subsidiaries and associated businesses (“Calligo” or “we”) are committed to protecting your personal data and your privacy.  We endeavour to ensure that any personal data we collect about you will be held and processed strictly in accordance with applicable data protection legislation.

If you are resident in the EU, this will include the European General Data Protection Regulation (“GDPR”) or, if you are resident in country that has adopted a local law to implement or adopt the GDPR such as Jersey or Guernsey (together “GDPR Subjects”), the applicable local law implementing or adopting the GDPR (“Applicable Local Laws”). Please see the section “Additional Information for GDPR Subjects” below, for further information.

The terms Personal Data, Data Controller and processing have the meanings given to them in the GDPR (which can be accessed here), unless otherwise indicated. “Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Calligo has created this Job Candidate Privacy Notice to explain how and why we collect Personal Data about you (“Your Data”), what that data is, under what circumstances we may disclose or transfer it, and how long we store it for. It provides you with certain information that must be provided to you under the GDPR and other applicable data protection legislation.

 

1.2 What does this Notice cover?

This Privacy Notice sets out information relating to the Personal Data we collect from or about you when you apply to work for us, whether as an employee, worker or contractor. It will apply when you submit your CV or an application form directly to us or where your CV or application form has been sent to us by a recruitment agent on your behalf.

 

1.3 How do I contact Calligo?

For the purposes of the GDPR and Applicable Local Laws, Calligo is the “data controller” of Your Data. This means that we are responsible for deciding how we hold and use Your Data.

If you have any queries regarding this notice or complaints about our use of Your Data, please contact us at privacy@calligo.cloud or at the address below and we will do our best to deal with your complaint or query as soon as possible.

GDPR Owner

Calligo Limited

Block 3, The Forum,

Grenville Street,

St Helier,

Jersey,

JE2 4UF

 

2. Information about our use of your data

 

2.1 The kind of information we hold about you

In connection with your application for work with us, we will collect, store, and use the following categories of Personal Data about you:

  • The information you have provided to us in your curriculum vitae and covering letter or email.
  • Any information you provide to us during an interview.
  • Documentation relating to your right to work in the jurisdiction in which the job is located including a copy of your passport or driving license.
  • Background Check Information including your employment history, your address for the previous 5 years, details of any bankruptcies or professional restrictions, results of any credit checks and, where applicable, the results of any DBS checks;
  • The results of any tests you undertake for us.

We may also collect, store and use the following types of more sensitive personal information (known as “Special Category Data”), where this information is relevant to the role you are applying for and/or you choose to disclose it to us:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about criminal convictions and offences.

 

2.2 How is your personal information collected?

We collect personal information about you in a variety of ways including directly from you by way of the information you include in your CV or cover letter and notes made by our recruitment team during a recruitment interview or response you give to tests. Other details may be collected directly from you in the form of official documentation such as your driving license, passport or other right to work evidence. In some cases, we will collect data about you indirectly from the following sources:

  • recruitment agencies;
  • your named referees;
  • background check providers;
  • credit reference agencies;
  • third party platforms such as Indeed or LinkedIn, if these were used to apply for the role; and
  • publicly available sources such as social media sites (to the extent necessary and relevant to the job role).

 

2.3 How will we use information about you?

We will use the personal information we collect about you to:

  • Assess your skills, qualifications, and suitability for the role.
  • Carry out background and reference checks, where applicable.
  • Communicate with you about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements.

It is in our legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business to appoint someone suitable to that role.

Further, we will process your personal information to decide whether to enter into a contract with you.

Once you submit your CV and covering letter to us (or your recruitment agent provides them to us), we will process that information to decide whether you meet the basic requirements to be shortlisted for the role and, if so, invite you for an interview. We will use the information you provide to us at the interview, together with the results of any tests you undertake for us, to decide whether to offer you the role. If we decide to offer you the role, we will then take up references, carry out background checks and right to work checks as part of our pre-employment process.

 

2.4 What happens if you fail to provide personal data?

You are not obliged to provide us with Personal Data. However, if you decline to provide information when requested, and this information is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

 

2.5 How will we use particularly sensitive personal information

We will use your Special Category Data in the following ways:

  • We will use information about your medical or disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Our legal basis for using your Special Category Data in this way is that it is necessary for the purposes of carrying out our obligations under employment law.

 

2.6 How will we use information about criminal convictions?

If we decide to offer you the role, we may undertake checks to establish whether you have any criminal convictions. We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us.

 

2.7 Will you be subject to automated decision-making?

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

 

2.8 Will we share your data with third parties?

We will only share Your Data with the following third parties for the purposes of processing your application:

  • Background check providers;
  • Other entities within the Calligo group of entities;
  • Candidate profiling service provider;
  • Contractors/consultants providing HR services to Calligo.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect Your Data in accordance with the law and in line with our policies. We do not allow our third-party service providers to use Your Data for their own purposes. We only permit them to process Your Data for specified purposes and in accordance with our instructions.

 

2.9 What data security do we have in place?

We have put in place appropriate security measures to prevent Your Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to Your Data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process Your Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 

 

3. Additional information for GDPR Subjects

 

3.1 Your privacy rights

Under the GDPR or Applicable Local Laws, you have certain rights with respect to your Personal Data, including those set forth below.

  • right to request access – you may obtain confirmation from us as to whether or not Your Data is being processed and, where that is the case, access to Your Data;
  • right to rectification – you have the right to obtain rectification of inaccurate personal data we hold concerning you;
  • right to erasure – you have the right to obtain the erasure of Your Data without undue delay in certain circumstances
  • right to restriction of processing or to object to processing – you may require us to restrict the processing we carry out on Your Data in certain circumstances or to object to us processing Your Data;
  • right to data portability – you have the right to receive Your Data in a structured, commonly used and machine-readable format;
  • right to withdraw consent – where you have provided your consent to us processing Your Data, you have the right to withdraw your consent at any time. This can be done by emailing privacy@calligo.cloud at any time;
  • right to lodge a complaint – you may lodge a complaint with the supervisory authority in the EU Member State where you are resident or where you work. For further information on your rights, please see the supervisory authority of your country or EU Member State. The relevant supervisory authorities for the UK, Jersey, Guernsey and Luxembourg are set out below and their websites contain the relevant contact details:
    • United Kingdom – the Information Commissioner’s Office whose contact details can be found on their website which can be viewed here – https://ico.org.uk/
    • Jersey – the Office of the Information Commissioner whose contact details can be found on their website which can be viewed here – https://oicjersey.org/
    • Guernsey – the Office of the Guernsey Data Protection Commissioner whose contact details can be found on their website which can be viewed here -https://dataci.gg/
    • Luxembourg – the National Commission for Data whose contact details can be found on their website which can be viewed here – https://cnpd.public.lu/en.html.

3.1.1 No fee usually required

You will not have to pay a fee to access Your Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

3.1.2 What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

3.1.3 Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

3.2 International transfers of personal data

In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject.  Any such transfers are, at all times, made in accordance with the GDPR and/or Applicable Local Laws.  Details of the circumstances and mechanisms in place to ensure compliance are set out below:

3.2.1 Calligo Group Companies

In addition to our offices in the EU, we have offices in Jersey, Guernsey, the United States and Canada.  Your Data may be passed to these entities as part of the recruitment process. Our central servers are also located in Jersey so Your Data will be stored in Jersey.

The European Commission has ruled that Jersey, Guernsey and Canada offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.

We have also put in place an intercompany agreement which contains the Standard Contractual Clauses approved by the European Commission to ensure that all transfers of Personal Data to any member of the Calligo group are protected to the same level as required under European data protection legislation.

3.2.2 Background check providers

If you are applying for a role in our Canada or United States office, we may need to use background check providers local to those offices. It may, therefore, be necessary to transfer Your Data to third parties outside the EEA in these instances.

Whenever we transfer Your Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

 

Please contact us if you want further information on the specific mechanism used by us when transferring Your Data out of the EEA.

 

3.3 How long will we use your data for?

We will retain your personal information for a period of 18 months after we have communicated to you our decision about whether to appoint you to the relevant role. We retain Your Data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. We may also wish to contact you regarding other roles which may arise during this period, for which we feel you may wish to apply. After this period, we will securely destroy Your Data in accordance with applicable laws and regulations.

 

Change log:

  • 20th November, 2018