Scope of privacy notice
What do we mean by “personal data” and “processing”?
“Personal data” is information relating to an identified individual (or from which an individual may be identified, whether directly or indirectly) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about an individual, but also intentions and opinions about individual.
“Processing” means doing anything with the data. For example, it includes collecting it, holding it, disclosing it and deleting it.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data (if used to uniquely identify a natural person) are subject to special protection and considered by EU privacy law to be “sensitive personal data”.
Your personal data
We process your data for the purposes of fulfilling our recruitment practices. Some of the personal data that we process about you comes from you. For example, you tell us your contact details. Other personal data about you is generated from references and third party companies such as recruitment agencies. Your personal data will be seen internally by managers, administrators, HR, and other personnel involved in making a recruitment decision about you.
You are not obliged to provide us with this data. However, not doing so may adversely affect your chances of recruitment.
How long do we keep your personal data?
If you are successful in your application your data will be kept on your personnel file. If you are unsuccessful, your data will be deleted twelve months after you have been informed that you were unsuccessful. Your data may be kept on file and considered for other roles. Irrelevant data such as CCTV images of you attending our premises for interview may be deleted after a short period.
Transfers of personal data outside the EEA
We may transfer your personal data outside the EEA to members of our group and/or processors in the United States, which may have lower data protection standards that are customary in the EEA. Where necessary, these transfers are covered by the intra-group transfer agreement.
The recipients of the personal data are indicated in Annex 1.
The transfer of personal data to recipients based outside of the EEA is carried out to obtain approval for new hires and remuneration levels. We will ensure that the transfer is lawful by using model clauses where necessary, and that there are appropriate security arrangements in place.
If you wish to see details of the safeguards we have put in place, please ask the Data Protection Officer.
In processing your personal data, we act as a data controller. Our contact details are as follows:
Data Protection Officer
Legal grounds for processing personal data
What are the grounds for processing?
Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts more than one ground applies. We have summarised certain grounds as Legal obligation and Legitimate Interests and outline what those terms mean below.
|Term||Ground for processing||Explanation|
|Contract||Processing necessary for the performance of a contract with you or to take steps at your request to enter a contract||This covers carrying out our contractual duties and exercising our contractual rights.|
|Legal obligation||Processing necessary to comply with our legal obligations||We process certain data in order to perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination or for diversity monitoring purposes.|
|Legitimate Interests||Processing necessary for our or a third party’s legitimate interests||We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.|
Processing sensitive personal data
If we process sensitive personal data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing sensitive personal data applies, including that the processing is for equality and diversity purposes to the extent permitted by law.
Further information on the data we process and our purposes
Examples of the data and the grounds on which we process data are in the table below. The examples in the table cannot, of course, be exhaustive.
|Purpose||Examples of personal data that may be processed||Grounds for processing|
Standard data related to your identity (e.g. your name, address, place of birth, nationality, gender, contact details, professional experience, education, language skills, and any other personal data that you present us with as part of your application related to the fulfilment of the role).
Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to reside and work in the UK. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements.
|Contacting you or others on your behalf||Your address and phone number, emergency contact information and information on your next of kin||
|Monitoring of diversity and equal opportunities||Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age||
Who gets to see your data?
Your personal data may be disclosed to managers, HR and administrators for employment, administrative and management purposes as mentioned in this document. We may also disclose this to other members of our group as reasonably necessary to make a recruitment decision about you.
We may disclose your personal data on a confidential basis to our advisers, our insurers, or the courts or regulatory authorities in the event of any claims or threatened claims.
We may also disclose your personal data to government agencies for immigration purposes.
Access to your personal data and other rights
We try to be as open as we reasonably can about personal data that we process. If you would like specific information, just ask us. You can contact us at firstname.lastname@example.org.
You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information (subject to certain exemptions), including a description of the personal data, and an explanation of why we are processing it.
If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
As well as your subject access right, you may (in certain circumstances) have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted. If you have provided us with data about yourself (for example your address or bank details), you have the right to be given the data in machine readable format for transmitting to another data controller. This only applies if the ground for processing is Consent or Contract.
If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.
If you have complaints relating to our processing of your personal data, you should raise these with HR or the Data Protection Officer in the first instance. You may also have the right to raise complaints with the appropriate Data Protection Authority and lodge a complaint.
This notice does not form part of any contractual relationship between the Company and a job applicant. This notice can be changed at any time.
Annex 1 – Data recipients located outside of the EEA
|CBS Corporation and subsidiaries||United States|