If you apply for a job or submit interest in certain job vacancies through Appcast, Inc. or APPCAST.IO LTD (“APPCAST”), APPCAST will collect and process your personal data as part of the selection and recruitment process. Your data will also be shared with companies to whose job vacancies you apply or submit interest. In accordance with the requirements of the General Data Protection Regulation (GDPR) this notice describes how we collect and use your data both during and after the recruitment process.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
For the purposes of the GDPR, APPCAST is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. As a data controller we are required under GDPR to notify you of the information contained in this privacy notice.
In this section we outline the purposes for which we may process your data. For each ‘purpose’ we also list the types of data we may process and our legal basis for the processing of it.
Types of personal data that may be processed:
Lawful basis for processing personal data:
Types of personal data that may be processed:
Lawful basis for processing ‘special categories’ of personal data:
Under the GDPR, consent is not required if the processing is based on another ‘legal basis’ as listed in Article 6 GDPR. For each of the processing activities listed in this notice we have described which legal basis applies, such as for the performance of the contract with you, or to comply with a legal obligation, or necessary for the purposes of a legitimate interest of the Company. With regards to the latter and having taken into consideration the reasonable expectations of job applicants and we do not believe our legitimate interests are overridden by your interests or fundamental rights and freedoms
For ‘special categories’ of your personal information (health data, genetics, biometrics (where used for ID purposes), race or ethnicity, religious beliefs, sex life, sexual orientation, political opinions, and trade union membership) we ensure that the additional requirements of Article 9 GDPR are complied with.
For information about criminal convictions (and other ‘excluded party lists’), in accordance with Art 10 GDPR we may only use this data where the law allows us to do so. We do not envisage that we will hold information on criminal convictions, however there may be circumstances where the nature of a role requires us to request this information and if this is the case you will be provided with additional prior notification.
A failure to provide certain requested information may prevent us from completing selection and recruitment formalities.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes
Your data will be accessed by individuals and companies involved in the selection and recruitment process for job vacancies to which you apply or submit interest.
We may have to share your data with third parties, including third-party service providers and other entities in the group.
The following categories of third-parties will have access to your personal data:
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes, in accordance with our instructions and under the terms of a data processing agreement.
Note that in circumstances where you have first supplied your data to a third party, such as a recruitment agency, online employment service such as a job board, or social/professional network they will also operate as a data controller for the purposes of the GDPR and as such have their own responsibilities for the security of your data.
We may transfer the personal information we collect about you to countries outside the European Economic Area in order to perform our contract with you.
There is not an adequacy decision by the European Commission in respect of these countries, which means they are not deemed to provide an adequate level of protection for your personal information.
However, to ensure that your personal information does receive an adequate level of protection we have put in place relevant appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the laws on data protection.
You can contact us if you require further information about these protective measures.
The information collect during the selection and recruitment process will form part of your personal record and as such will be retained for 24 months commencing from the date that your application has been submitted. At any time within this period, you have the right to request that your data be destroyed or returned to you.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may continue to use such information without further notice to you.
When we process your personal data we will always apply the core principles of the GDPR to ensure it is:
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at: firstname.lastname@example.org in writing and note in the subject line “GDPR Data Request – Please Forward to the Data Protection Officer”.
As stated above the processing of your personal data is based on legal basis other than your consent, however in the very limited circumstances where you may have provided your consent to the collection and processing of your data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at: email@example.com and include in the subject line “GDPR Data Processing Termination Request – Please Forward to the Data Protection Officer”. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Officer at the following email address: firstname.lastname@example.org and include in the subject line “GDPR Data Request – Please Forward to the Data Protection Officer”.
If you are unhappy with the way in which your personal data has been processed you may in the first instance raise a complaint by contacting the Company using the contact details above.
If you remain dissatisfied then you have the right to apply directly to your local Data Protection Authority for a decision – contact details below:
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Copyright © 2018 Appcast, Inc. All rights reserved.