Effective as of June 25, 2024
This privacy notice describes how we process personal data about you in the context of our application and recruitment process.
In some jurisdictions, such as the European Economic Area (“EEA”), United Kingdom (“UK”) and Brazil, data protection laws include the concept of a “controller.” Where that concept is recognized, the Plarium entity to which you are applying or which is considering hiring you is the controller of your personal data.
If you have any queries or issues about how we process your personal data, we invite you to contact [email protected].
What type of personal data do we process about you? And how do we collect your personal data?
If you apply with us directly, we will process the personal data you provide us in your application. We also may collect other information that you provide to us during the recruitment and application process, such as if you provide further information that we need for your recruitment process or that we request from you, or that we receive from third parties, such as if we receive your application through a third party (e.g., a head-hunter). Depending on where you live, this information may include:
Contact information, such as your name, address, email address, telephone numbers and other contact information.
Information and documents that support your job application, including resumes or curriculum vitae (“CVs”), employment and education history, professional licenses, references, and information about your work preferences and abilities.
Information about our interactions with you, including responses to screening and other questions, results of any assessment you are required to take in the hiring process; information obtained through interviews, from your references or from background checks (where applicable), recordings, such as voicemail and CCTV footage, and in connection with other standard business processes, such as reimbursing authorized travel expenses and any applicable security and health screenings if you visit our work spaces. We also may collect your social security number and birthdate and, where applicable, background check information. For some jobs, we may also conduct drug tests, as permitted by law.
Sensitive or demographic information obtained during the application or recruitment process, such as gender, information about your citizenship and/or nationality, medical or health information, and racial or ethnic origin. We also may collect demographic information about racial and ethnic origin, disability, sexual orientation, religion, and gender, if you otherwise provide the information, such as through surveys on diversity and inclusion topics.
Information that you make available on professional social media networks, such as LinkedIn, job boards, and from other publicly accessible sources.
Device and usage information that we collect automatically when you click on a job posting or otherwise interact with us electronically in the context of our job application or recruitment activities, such as your referral source (i.e., the website where you saw the job advert); details of the pages you have viewed, including how long you spend on a page and which links you select; information about your computer, such as the web browser used and device type; and your IP address. We also may capture your approximate geolocation.
Other information that you provide us, such as through surveys and forms and our communications, or that we collect in connection with our recruitment and hiring activities.
We may collect additional information if you become an employee pursuant to the Employee Privacy Notice.
How do we use your personal data?
We will only use your personal data as permitted by law. In those countries where we need a legal basis to process your personal data (such as in the EEA, UK and Brazil), we will typically use your personal data for any of the following legal bases:
Where we have your consent to do so.
Where we need to take steps prior to entering into a contract of employment with you.
Where we need to comply with a legal obligation.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. See below for further details.
Below we list some of the purposes for which we process your personal data. We reserve the right to add a new purpose to the list of purposes below at any time, although we will comply with any relevant legal requirements to notify you of changes.
EEA Lawful Basis | Processing Activities |
Where we need to take steps prior to potentially entering into a contract with you | We will process your personal data as reasonably necessary prior to our potentially entering into a contract of employment with you, such as to:
|
Where it is necessary for our legitimate interests | We may process your personal data to:
We may conduct the checks described in this policy on any prospective or current employee in order to prevent or detect unlawful acts, given the confidential and sensitive nature of the information that all employees will have access to and handle throughout their employment with Plarium. In such cases, we will ask you to authorize our third-party screening provider to obtain the criminal record disclosure as part of our background screening checks. We will exclude records from our review in accordance with local laws. We will use personal data obtained through our external background screening providers (which may include address history, employment history, education background, criminal records information, credit history and employment history) to verify (1) the information provided by you on your CV; (2) the relevant qualifications/requirements for the role; (3) your employee declaration and as necessary for compliance and as required by regulatory bodies; and to verify that there are no issues with your credit history that could place unnecessary risks on Plarium or third parties. We normally request references from your current employer and a previous employer, and we also conduct the same checks on gaps in your employment history. |
Where we obtain your consent | Where required by applicable law, we may request your consent for certain processing activities. |
Where we need to comply with a legal obligation | We process your personal data to check whether you are legally entitled to work in the jurisdiction where you are applying for work. Further, we may collect information about your health as permitted by applicable laws, such as information on certain health conditions, symptoms information, testing information, and other information that is needed for screening purposes and in order to make reasonable adjustments to the recruitment process for you as required by applicable law (e.g., UK Equality Act 2010). |
With whom might we share your personal data?
For the purposes listed above, we may share your data with third parties, including third-party service providers and any sub-contractors of those service providers. For example, we may use Phenom and Workday to host and manage the applications, to store personal data in a talent database, and to advertise our job openings.
In the context (and for the purposes) of this application process, we will contact and discuss your previous experience and performance with any persons you indicated as references. This may involve sharing some of your personal data with these persons.
We may also disclose or otherwise process your personal data in the context of any sale or transaction involving all or a portion of the business, or as may be required or permitted by law, court order, or otherwise as required for the purposes of any regulatory audit to which we may be subject from time to time. For instance, we may be required to share your personal data with government entities, law enforcement authorities and other public entities.
If your application is successful, we will process your data in accordance with our employee, worker and contractor privacy notice, which we will provide to you during on-boarding.
If we need to transfer your personal data to another country, we will use a lawful basis to do so where required by applicable law.
Where applicable data protection law provides for the use of EU-approved Standard Contractual Clauses or other transfer agreements to transfer data abroad, we generally rely on such clauses for our transfers unless other transfer grounds are more appropriate. You can ask for a copy or information about these clauses by contacting [email protected].
How long will we retain your personal data?
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for. However, we may retain your personal data for longer if we need to, for example, to comply with a legal obligation, for the length of any applicable statutory limitation period for a potential complaint or legal claim, or for the establishment, exercise or defence of legal claims. Please contact us at [email protected]. for more information on how long we retain your personal data.
If your application is successful and you are offered an employment with us, your personal data will be transferred to an employee personnel file and will be processed and retained in accordance with our privacy notice for employees, workers and contractors.
What are your rights and obligations as a data subject?
Depending on where you live and the Plarium company your application is being considered for, you may have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This allows you to request information about and a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This allows you to request that any incomplete or inaccurate information we hold about you be corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data, but only where there is no valid reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which causes you to object to processing on this ground.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.
Request information about the recipients of your personal data.
Request information about the criteria and proceedings used to take an automated decision.
Lodge a complaint with a supervisory authority, in particular in the jurisdiction of your habitual residence, place of work or place of the alleged infringement of applicable law.
The above-mentioned rights are not absolute. Applicable law limits these rights.
If you want to request to exercise these rights, you or your authorized agent should please contact [email protected]. We will respond in accordance with local laws.
What we may need from you
We may need to request specific information from you to help us confirm your identity and verify your right to access the information (or to exercise any of your other rights). This is another appropriate security measure designed to protect individuals.
What are your rights to withdraw consent to processing?
Depending on your jurisdiction, you may have the right to withdraw your consent to allow us to continue processing your personal data, but only where consent was sought as a lawful means of processing your personal data.
In the limited circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you may have the right in accordance with local laws to request to withdraw your consent for that specific processing at any time. Your withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
To request to withdraw your consent, please contact [email protected].
Security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect. Some of the steps we take are placing confidentiality requirements on our staff and service providers; destroying or permanently anonymizing personal data if it is no longer needed for the purposes for which it was collected. We will comply with applicable laws in the event of any breach of the security, confidentiality or integrity of your personal data and, where we consider appropriate or where required by applicable law, notify you via email, text or conspicuous posting on our website in the most expedient time possible and without unreasonable delay, in so far as it is consistent with (i) the legitimate needs of law enforcement, or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
However, the security of personal data depends in part on the security of the device used to communicate with us, the security you use to protect your login information, and the security provided by your internet access service provider. We make commercially reasonable efforts to make the collection and security of information consistent with this notice and all applicable laws and regulations. Where you have a Plarium username, login or password, you are responsible for keeping this information confidential. We ask you not to share a username, login or password with anyone.
What happens if we change this privacy notice?
We reserve the right to update this privacy notice at any time by posting an updated notice or notifying you. Please check back regularly to ensure you are familiar with our current practices. We may also notify you in other ways from time to time about the processing of your personal data.