Last updated October 8, 2024
This Candidate Privacy Statement describes how EIS Group, Ltd. and its affiliates (collectively, the “EIS”, “Company” or “we”, “us”, “our”) collect, use, store, process and manage handling of Personal Data obtained from external job applicants.
This Candidate Privacy Statement applies to External Applicants who are not currently employed by EIS, and where an offer has not been extended to the Candidate.
Definitions
“Candidate” or “Applicant” means an individual who has applied and/or is being considered for a role within EIS.
“Data Controller” means the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Data; where applicable Data Protection and Privacy Laws determine the purposes and means of processing, the Controller or the criteria for the Controller’s nomination will be as established by applicable Data Protection and Privacy Laws. For the purposes of Processing of Personal Data as described in this Candidate Privacy Statement, EIS is the Data Controller.
“Data Processor” means a natural or legal person, public authority, agency or another body which processes Personal Data on behalf of a Data Controller.
“Data Protection and Privacy Laws” means all current and future applicable laws and regulations relating to the processing, security, protection, and retention of Personal Data and privacy that may exist in the relevant jurisdictions, including, but not limited to, the GDPR and all laws implementing or supplementing the GDPR.
“GDPR” means the General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“Lawful Basis/Bases” Under Article 6 of the GDPR, a Data Controller (EIS for the purposes of this Candidate Privacy Statement) must have a valid lawful basis in order to Process Personal Data.
(a) Consent: the individual has given clear consent for EIS to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract EIS has with the individual or because they have asked EIS to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for EIS to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for EIS to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for EIS’ legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
“Personal Data” means any information relating to an identified or identifiable living individual or as otherwise defined by GDPR 2016/679. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Process”, “Processes”, “Processing” or “Processed” means any operation or set of operations which is performed upon Personal Data whether or not by automatic means, including, without limitation, accessing, collecting, recording, organizing, structuring, retaining, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning, combining, blocking, restricting, erasing and destroying Personal Data and any equivalent definitions in applicable Data Protection and Privacy Laws to the extent that such definitions should exceed this definition.
COLLECTION PRACTICES
Personal Data Collected
EIS collects and processes a range of information about you. This includes the following information in the below chart that indicates the types of Personal Data that EIS may collect:
Collected From the Candidate | From Other Sources |
Resume Details: Name, Email, Location, Educational, References and Work History. Application Data: Diversity Information (Gender, Race, Disability, Veteran Status). Internet Activity: Please review our website Privacy Statement: https://www.eisgroup.com/privacy-statement/ | Publicly available information from websites or social voluntarily provided (LinkedIn). |
Lawful Basis
EIS uses the following bases to Process Personal Data:
- to comply with our contractual obligations to you or to take steps to enter a contract with you;
- to comply with our legal obligations;
- to rely on your consent when you submit your application and click on the checkbox allowing us to process your Personal Data;
- to meet our legitimate interests, for example, to conduct our recruitment processes efficiently and fairly or to manage applicants effectively. When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy or other fundamental rights and freedoms are not overridden by our legitimate interest to comply with our legal obligations, for example obtaining proof of your right to work status to enable us to meet relevant obligations.
How We Use Personal Data
When you apply for a role at EIS, your information is used for the following purposes:
- to create and manage the applicant tracking system and job applications;
- assess and evaluate your experience and skills in relation to the position you have applied to;
- to communicate with you relating your application and the recruitment process;
- to verify your information and where applicable background checks;
- to operate, evaluate and improve the recruitment system, our application tracking;
- to manage recruitment activities (this includes analyzing our job applicant base, our hiring practices or trends, identifying qualifications or skills shortages, and using information to match candidates and potential opportunities);
- to detect, prevent and respond to fraud or potentially illegal activities (such as intellectual property infringement), misuse of the applicant tracking system;
- to perform audits, assessments, maintenance and testing or troubleshooting activities related to the applicant tracking system;
- to consider your application in respect of a role for which you have applied;
- to consider your application in respect of other roles;
- to enhance any information that we received from you with information obtained from third party data providers;
- to find appropriate candidates to fill our job openings;
- to comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies; and
- to respond to your enquiries and requests.
Automated Decisions
EIS does not use automated decision-making or profiling to make recruiting or hiring decisions (as defined within the GDPR).
Data Sharing
EIS does not sell or market your Personal Data. EIS shares your Personal Data with our third-party Data Processors to facilitate the recruitment process. These Data Processors include internet service providers, IT maintenance, service providers used for the implementation of specific IT solutions and tools, hosting service providers. Additionally, EIS shares your Personal Data with third parties to comply with a legal or regulatory obligation, or otherwise to protect our rights, your rights, or the rights of any third party. Consequently, your Personal Data may be shared with our professional advisers such as lawyers, accountants, auditors, government or regulatory authorities, and our insurers.
Data Storage and Retention
Data may be stored in a range of different places, including your personal file, in the EIS Applicant tracking system (PinPoint, Privacy Policy can be found here https://www.pinpointhq.com/security-privacy/privacy-policy/); the Company’s HR management systems (BambooHR, General Privacy Notice can be found here https://www.bamboohr.com/legal/privacy-policy), and or in addition to other internal IT systems (including the Company’s email system). We retain all candidate Personal Data for a period of 18 months (if you are applying for a position in Canada, this period will be 36 months in accordance with Canadian legislation), from the time of your application. If you have given your consent for Personal Data retention and it has not expired, your Personal Data may be deleted on one of the following occurrences: deletion of your Personal Data by you via the “Manage Your Data” tool or your written request to us.
International Data Transfer
From time to time your Personal Data will be transferred to our affiliated companies for the purposes described in this Candidate Privacy Statement. As a result, your Personal Data may be transferred to countries outside of the country in which you are located. These counties may have data protection laws that are less stringent than the country of your location. We will ensure that appropriate safeguards are in place to protect your Personal Data and that the transfer of your Personal Data is in compliance with applicable Data Protection and Privacy Laws.
Your Privacy Rights
Depending on the applicable Data Protection and Privacy Laws based on where you live, you may have the following rights:
- access your Personal Data;
- request information about Personal Data we hold about you;
- update or correct your information if it changes or if the Personal Data that we hold about you is inaccurate;
- restrict the Processing of your Personal Data;
- object to the Processing of your Personal Data;
- request rectification of incorrect or incomplete Personal Data;
- request Personal Data erasure;
- request to port your Personal Data to another company;
- file a complaint with a supervisory authority.
Please note that the rights mentioned above are not absolute and vary from country to country.
Your request to exercise your rights as listed above will be assessed given the circumstances in each individual case. In the event we Process Personal Data by relying on your consent, you have the right to withdraw your consent at any time.
In some instances, EIS is not required to comply with your request if the Processing of your Personal Data is necessary for compliance with a legal obligation or the establishment, exercise, or defense of legal claims. In those cases, we will provide you with a detailed explanation.
Security
The Personal Data we collect about you is protected. We maintain physical, technical, and administrative controls and procedures designed to safeguard the Personal Data you share with us, or we collect about you during the recruitment process. We have implemented adequate technical and organizational measures to protect Personal Data against unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, or access and against all other unlawful forms of processing.
We employ Secure Socket Layer (SSL) encryption on our website. You can identify a secure page because of the lock icon on the bottom of the address section of your browser.
We securely store the Personal Data we collect, store, own, and process about you both at rest and in transit. We further limit access to Personal Data to employees based on their roles and duties. Additionally, we limit access to third-party vendors/suppliers who provide us with assistance in processing that information.
Updates
We may modify or update this Candidate Privacy Statement from time to time to ensure we stay up to date with changes to our practices and to reflect changing legal, regulatory, or operational requirements. If we make a material change to this Candidate Privacy Statement, we will make reasonable efforts to notify you. Each version of this Candidate Privacy Statement is identified at the top of the page by its version date. We encourage you to periodically review this page for the latest information on our privacy practices.
Contact Information
If you have questions or concerns about how your Personal Data has been used, or about this Candidate Privacy Statement, please contact the Privacy Team at privacy@eisgroup.com