Data Processing Notice - Recruitment using Teamtailor
Effective Date: 10th August 2020
This notice (“Notice”) will provide You with information on our data processing activities with respect to your personal data when accessing and using the service for handling and simplifying the hiring process (“Service”) which is powered by Teamtailor on behalf of WSAudiology (“Controller”, “we”, “us” or “WSA”). It is important that any person (“You” or "Your”) using the Service feels safe with, and is informed about, how we handle Your personal data in the recruitment process. We strive to maintain the highest possible standard regarding the protection of personal data. We process, manage, use, and protect Your personal data in accordance with this Notice. The Notice considers the rights and obligations set forth in the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”).
Scope of applicability: This Summary Notice applies to You if You use the Service.
Processing of Your personal data and processing purposes: We are the controller in accordance with GDPR and process certain personal data about You when You access and use the Service, such as: Your name, contact details (including E-Mail, Telephonnumbers), account settings, educational details (“Personal Data”), etc. for the following purposes: Creation of account and profile, applications, etc. For more details see I. of the Full Notice.
Recipients of Your data: We may provide access to Your Personal Data to other WS Audiology group companies and third parties such as governmental agencies and regulators (e.g., tax authorities), social insurance carriers, courts, and government authorities, all in accordance with applicable law some of the recipients may be located in jurisdictions outside the EEA. For more details see III. of the Full Notice.
Managing Your account: You have different option to manage Your account. For more details see IV. of the Full Notice.
Retention periods for and deletion of Your Personal Data: Your Personal Data will be deleted once they aren’t needed any longer for the purposes motivating their original collection, or if You provide Your consent to store Your data in our career portal or as required by applicable law. For more details see V. of the Full Notice.
Your statutory rights: As set forth by applicable law, You have several rights regarding the Processing or Your Personal Data, each as per the conditions defined in applicable law, such as the right to get access to Your data, to get the data corrected, erased or handed over. Please refer any of Your questions to our recruiting team or Data Privacy Officer at: firstname.lastname@example.org. For more details see VI. of the Full Notice.
Changes: Both this summary and the Full Notice are subject to change. You will be notified adequately of any such changes, see VII of the Full Notice.
How to contact us: If You wish to exercise Your rights or if You have any other questions concerning this Summary or the Full Notice, please address Your request to email@example.com or to the Data Protection Officer, who can be contacted at firstname.lastname@example.org.
I. Your Personal Data and processing purposes
We are the controller in accordance with GDPR and process certain personal data about You when You access and use the Service with the purpose of managing and facilitating recruitment of employees to our business.
2. Collection and Processing of personal data
We are responsible for the processing of the personal data that You provide us when using the Service, or for the personal data that We in other ways collect with regards to the Service.
When and how we collect personal data:
We collect personal data about You, from You, when You;
- make an application through the Service or otherwise, add personal data about Yourself either personally or by using a third-party source such as Facebook or LinkedIn; and
- use the Service to connect with our staff, add personal data about Yourself either personally or by using a third-party source such as Facebook or LinkedIn.
- provide identifiable data in the chat (provided through the website that uses the Service) and such data is of relevance to the application procedure.
We collect data from third parties, such as Facebook, LinkedIn and through other public sources. This is referred to as “Sourcing” and be manually performed by our employees or automatically in the Service.
The types of personal data collected and processed:
The categories of personal data that can be collected through the Service can be used to identify natural persons from names, e-mails, pictures and videos, information from Facebook and LinkedIn-accounts, answers to questions asked through the recruiting, titles, education and other information that You or others have provided through the Service. Only data that is relevant for the recruitment process is collected and processed.
Purpose and lawfulness of processing:
The purpose of the collecting and processing of personal data is to manage staffing and recruiting of WSA companies. The lawfulness of the processing of personal data is our legitimate interest to attract the best talents to join WSA as well as to simplify and facilitate the recruitment process as such.
Personal data that is processed with the purpose of aggregated analysis or market research is always made unidentifiable. Such personal data cannot be used to identify an individual applicant (You). Thus, such data is not considered personal data.
The consent of the data subject:
You will be asked to consent to the processing of Your personal data with the purpose of Us handling recruiting. You will have to provide Your consent that personal data is collected through the Service, when You;
- make an application through the Service, adding personal data about Yourself either personally or by using a third-party source as Facebook or LinkedIn, and that Controller may use external sourcing-tools to add additional information; and
- when You use the Service to connect to Controller’s recruitment department, adding personal data about Yourself either personally or by using a third-party source such as Facebook or LinkedIn.
You also consent to the Controller collecting publicly available information about You and compiles such data for use in recruitment purposes.
You also consent to the personal data being collected in accordance with the above a) and b) will be processed according to the below Sections.
You have the right to withdraw Your consent at any time, by contacting Us using the contact details listed under VI below. Exercising this right may however mean that You can not apply for a specific job or otherwise use the Service anymore.
We may from time to time conduct surveys to improve our process. In case permitted by law or based on Your specific consent we may ask You to participate in such surveys occasionally. These surveys will either be conducted by WSA itself or by a specialized external processor on behalf of WSA. For this purpose, any external processor will only get Your Personal Data as required to conduct the survey and, in any case, solely to the extent permitted by law or based on Your consent. The participation in such a survey is voluntary and not participating in such a survey will have no negative impact on any current or future applications submitted by You.
4. Communicating with us via the Portal and receiving new job posting notifications and information about career opportunities
You may communicate with us via the Service (e.g., by asking questions regarding an application or about a position or Your profile using the Service). In this context, we will process Your Personal Data (including such that You disclose to us in connection with such a query) to the extent required to respond to Your query. We will not use such information for another purpose. The processing is insofar necessary to take steps at the request of You prior to potentially entering a contract and based on Art. 6 para. 1 lit. b) GDPR.
Based on preferences You indicated in Your account settings You made on creating Your account within the Service or at a later stage within the preference section of Your profile (consent, Art. 6 para. 1 lit. a) GDPR) we shall send You new job posting notifications and/or information about career opportunities. You may revoke Your consent by changing Your account settings in a way as not to receive new job posting notifications and/or information about career opportunities.
5. Further use of Your Personal Data
In addition to sections 1. to 4. above, Your Personal Data may also be processed where we reasonably consider it necessary for complying with legal or regulatory obligations (pursuant to Art. 6 para. 1 lit c) GDPR), or for the following legitimate interests (pursuant to Art. 6 para. 1 lit. f) GDPR), for example establishing, exercising or defending legal rights of members of the WS Audiology group. Your Personal Data will also be processed in the operation and management of WS Audiology group IT systems being hosted either internally or externally.
The provision of Personal Data is necessary for the conclusion and/or performance of a contract with You. The provision of Personal Data is voluntary. However, if You do not provide Personal Data, the affected application processes or provision of the Service might be delayed or impossible.
II. Cookies and similar tools
We will not sell or otherwise transfer Your’ personal data to third parties. The following recipients or categories of recipients will receive access to some of Your Personal Data.
1. WSA's group wide Portal
We transfer Your Personal Data to other WSA group companies as permitted under applicable data privacy law pursuant to Art. 6 (1)(f) GDPR for the legitimate interests of WSA to administer applications and candidate information at a group wide level and enable candidates to manage their own Personal Data in some cases.
Only authorized employees with a need to know have access to Your Personal Data; this includes sharing of Your Personal Data on a "need-to-know" basis between our employees in the recruiting department. Certain executives, managers and employees at other companies of the WSA Group may also have access to certain Personal Data, however, on a “need-to-know” basis if there are legitimate business purposes (e.g., enabling employees in our shared service centers to arrange an interview or as required during an application process).
2. Third Parties
We may also transfer Your Personal Data to governmental agencies and regulators (e.g., tax authorities), social insurance carriers, courts, and government authorities, all in accordance with applicable law based on Art. 6 (1) (c) GDPR and to external advisors acting as controllers (e.g., lawyers, accountants, auditors etc.) based on Art. 6 (1) (f) GDPR.
3. Service Providers
WSA contracts with third party service providers or other WSA group companies as part of its normal business operations to carry out certain human resources-related or IT-related tasks. We will only transfer Your personal data to third parties that we have confidence in. We carefully choose partners to ensure that Your personal data is processed in accordance to current privacy legislations. We cooperate with the following categories of processors of personal data:
Teamtailor, who supplies the Service, server and hosting companies, e-mail reference companies, video processing companies, information-sourcing companies, analytical service companies and other companies with regards to suppling the Service.
When required by local law to process Sensitive Employee Data, then this information will only be transferred outside of Your country if permitted by applicable law.
4. Cross-Border Data Transfer
We may transfer Your Personal Data outside of the country You are located. Some recipients of Your Personal Data may be located in another country for which the European Commission has not issued a decision that this country ensures an adequate level of data protection, namely: The U.S. or some of the locations of non-European WSA group companies, depending for example on the job You applied for or where the hiring manager is located.
Some recipients located outside of the European Economic Area (“EEA”) are in countries for which the European Commission has issued adequacy decisions. In which case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (Art. 45 GDPR).
By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Art. 46 (5) GDPR or other adequate means we have established that all other recipients located outside the EEA will provide an adequate level of data protection for the Personal Data and that appropriate technical and organizational security measures are in place to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including Our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by applicable law.
IV. Managing Your account
You have a variety of options to manage kind and volume of data we store about You.
- You can delete Your entire account at any time.
- You can delete all or selected information in Your profile.
- You can withdraw an application.
All three options will lead to the deletion of the personal data as described above, except to the extend we are required by law to keep the respective data
V. Retention periods & Security
Data collected for the purposes hereunder will be stored only if necessary for (i) a specific application and/or (ii) Your registration in the Service, as well as during a transition period (e.g., the compliance of WSA’ obligations regarding data retention as established in the applicable laws or as long as retaining the data is permitted by applicable law).
We shall delete Your account if You have not logged into Your account for more than 180 days. In such case, You will receive a separate notification informing You about the upcoming deletion.
Your Personal Data will not be kept in a form that allows You to be identified for any longer than is reasonably considered necessary by WSA for achieving the purposes for which it was collected or processed or as it is established in the applicable laws related to data retention periods or as permitted by applicable laws.
We prioritize data integrity and therefore work actively so that Your personal data is processed with utmost care. We take the measures that can be reasonably expected to the make sure that Your personal data and others are processed safely and in accordance with this Notice and GDPR.
However, transfers of information over the internet and mobile networks can never occur without any risk. It is important that You also take responsibility to ensure that Your data is protected. It is Your responsibility that Your login information is kept secret.
VI. Your statutory rights
Under the conditions set out under applicable law (i.e., the GDPR), You have the following rights:
Right of access: You have the right to obtain from us confirmation as to whether Personal Data concerning You is being processed, and, where that is the case, to request access to the Personal Data. The access information includes – inter alia – the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed. You have the right to obtain a copy of the Personal Data undergoing processing. For additional copies requested by You, we may charge a reasonable fee based on administrative costs.
Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Data concerning You. Depending on the purposes of the processing, You have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
Right to erasure (right to be forgotten): You have the right to ask us to erase Your Personal Data.
Right to restriction of processing: You have the right to request the restriction of processing Your Personal Data. In this case, the respective data will be marked and may only be processed by Us for certain purposes.
Right to data portability: You have the right to receive the Personal Data concerning You which You have provided to us in a structured, commonly used and machine-readable format and You have the right to transmit those Personal Data to another entity without hindrance from us.
Right to object: You have the right to object, on grounds relating to Your situation, at any time to the processing of Your Personal Data by us and we can be required to no longer process Your Personal Data. If You have a right to object and You exercise this right, Your Personal Data will no longer be processed for such purposes by us. Exercising this right will not incur any costs.
Such a right to object may not exist if the processing of Your Personal Data is necessary to take steps prior to entering a contract or to perform a contract already concluded
Please note that the rights might be limited under the applicable national data protection law.
If You wish to exercise Your data subject rights please address Your request to the data protection officer, who can be contact at email@example.com.
In case of complaints You also have the right to lodge a complaint with the competent supervisory authority in the Member State of Your residence or alleged infringement of the GDPR.
We have the right to, at any time, make changes or additions to this Notice. The latest version of the Notice will always be available through the Service. A new version is considered communicated to You when You either received an e-mail informing You of the new version (using the e-mail stated by You in connection to the use of the Service) or when You are otherwise informed of the new Notice.