Applicant Privacy Notice
Version 1.0 Last updated 1st October 2020.
This Applicant Privacy Notice describes how OnceHub, and all its affiliates and subsidiaries (together referred to as “OnceHub”, “we”, “our”, and “us”) collects, uses and discloses personal information from Applicants (“you” and “your”) for employment via our careers web site page or other recruitment channels.
This notice does not form part of any contract of employment or other contract for services and may be reviewed and amended from time to time. If we make material changes, we will communicate any updates by email or any other appropriate method.
What information we collect
We collect personal data from you to assist with our recruitment processes and to monitor recruitment statistics that broadly fall into the following categories:
Information that you voluntarily provide to us
- Personal contact details such as name, title, home address, telephone number and email address;
- Date of birth;
- Marital status and dependents;
- Copies of passport, driving licence and similar documents;
- Education history, training, and professional experience;
- Current and past employment details;
- Nationality, immigration status and work permits;
- Languages spoken and level of proficiency;
- Other information given in your CV; and
- Right to work documentation.
Please note that we do not require you to provide sensitive personal information (such as information about your health, race, ethnicity, religion, or sexual orientation) and you are specifically requested not to provide us with this information during the application process.
Information provided by third parties
- Results from any assessment tests managed by third-party providers; and
- Identity verification and background check service providers.
Information that we collect from your use of the careers page on our website
- We may collect information through Cookies as you navigate our careers web site pages. For further information regarding Cookies you should refer to our Cookie Notice.
Publicly available information
- Publicly available information on social networking sites such as LinkedIn, Facebook, and Twitter.
What we do with your information
The information about you which is obtained by us during the application process may be used by us for the following purposes:
- To consider your suitability for employment or contractor services;
- To take up your references;
- To conduct appropriate checks;
- To negotiate and communicate with you in relation to your application;
- To manage and operate our careers website, our business and for administrative purposes;
- To undertake business analysis activities; or
- To comply with our legal and regulatory obligations and for other legal purposes.
In some countries and for some roles, we may need to conduct criminal background and drug screening checks, but only where this is required or permitted by applicable laws.
We store your personal data in hard copy and electronic format. We use appropriate technical and organisational safeguards to protect personal data both online and offline from unauthorised use, loss, or destruction. We use physical and procedural security measures to protect information from the point of collection to the point of destruction. This includes encryption, pseudonymisation, firewalls, access controls, policies, and other procedures to protect information from unauthorised access.
Only authorised personnel and third-party service providers are permitted access to personal data, and that access is limited by need. We will only transfer personal data to a third party if it agrees to comply with those procedures and policies, or if it puts in place adequate measures itself.
Despite these precautions we cannot guarantee the security of information transmitted over the Internet or that unauthorised persons will not obtain access to personal data. In the event of a data breach, we have put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where required to do so.
How long we keep your information
We will retain the information we collect from unsuccessful Applicants in accordance with applicable law, it will then be destroyed or deleted. We may retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
If your application is successful and you subsequently become employed by us, the information will become part of your personnel file.
Sharing your information with third parties
We may share your share information with:
- Other authorised employees;
- Our professional advisors (including lawyers, accountants, and auditors);
- Third party hosting services as part of our business continuity plan;
- Our reference checking agency;
- Recruitment agencies and other service providers processing
- Applicant information on our behalf while supporting our business and operations;
- To a person who takes over our business and assets, or relevant parts of them;
- Third parties to whom we are required to disclose information by law or regulatory requirement (including litigation counterparties); and
- Competent regulatory and prosecuting authorities.
We will also disclose your personal information to the extent we are under a duty to disclose or share your personal information to comply with any legal obligation.
The legal basis for our processing
If you are from the European Economic Area (“EAA”), the purposes for which we process your information and the legal basis for our processing is as follows:
Purposes for which we will process your information
- To consider your application in line with our recruitment purposes;
- To carry out background and reference checks;
- For equal opportunities monitoring purposes;
- For administrative purposes in connection with your employment contract or contract for services;
- To undertake business analysis activities; or
- To comply with our legal and regulatory obligations.
Legal Basis for our processing
- To take steps at your request both prior to, and at the point of, entering into a contract with you;
- Processing for the purposes of our legitimate interests that is proportionate and that is not prejudicial or detrimental to your privacy rights; and
- To comply with our legal and statutory obligations as an employer and service provider.
If you are from the EAA you have specific privacy rights including the right:
- To obtain access to, and copies of, the personal data that we hold about you (“subject access request”);
- To require us not to send you marketing communications (if applicable);
- To require us to erase your personal data (the “right to be forgotten”);
- To require us to restrict our data processing activities;
- To receive from us the personal data we hold about you which you have provided to us, including for the purpose of you transmitting that personal data to another data controller (“data portability”);
- To require us to correct the personal data we hold about you if it is incorrect, or to complete any data which is incomplete including by means of providing a supplementary statement (the “right to rectification”);
- The right to object to processing of your personal data which is based on our legitimate interests;
- If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing for such marketing; and
- You also have the right to complain to the relevant Data Protection Authority if you are unhappy about our collection and use of your personal information.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.
We do not use automated decision making to make decisions about Applicants.
We and our service providers may transfer your data to jurisdictions other than the one in which you provided it, including to the United States, United Kingdom, Israel and India.
If you are an Applicant from the EEA, we will protect your personal information when it is transferred outside of the EEA:
- By ensuring that the country to which data is transferred has an adequate level of protection; or
- By ensuring that the third-party service provider has provided adequate safeguards by way of standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data.
Please contact the OnceHub Data Protection Officer by using the contact form on our your rights page, if you:
- Have any questions about this privacy notice or our data process practices;
- Wish to exercise any of your rights;
- Wish to make a complaint; or
- Require further information about our international transfers of personal information.