This Privacy Notice complies with data protection legislation. It serves as a notice for our recruitment candidates. It notifies them about the personal data that Manpower Malta holds relating to their relationship with the Company, for what purpose it is processed and for how long it is expected to be used.
Contents
WHAT IS THE PURPOSE OF THIS NOTICE?
DATA PROTECTION PRINCIPLES.
THE KIND OF INFORMATION WE HOLD ABOUT YOU.
HOW IS YOUR PERSONAL INFORMATION COLLECTED?
HOW WE WILL USE INFORMATION ABOUT YOU.
HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION.
INFORMATION ABOUT CRIMINAL CONVICTIONS.
AUTOMATED DECISION-MAKING
DATA SHARING.
DATA SECURITY.
DATA RETENTION.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION.
RIGHT TO WITHDRAW CONSENT.
DATA PROTECTION OFFICER.
WHAT IS THE PURPOSE OF THIS NOTICE?
Innovative Workforce Solutions Limited (“Manpower Malta”) of 68, Tower Road, Sliema SLM 1606, Malta in its capacity as a recruitment agency is a “data controller”. . In other words, the Company is responsible for deciding how your personal information is held and used. We understand that you are reading this privacy notice because you are either sending us a specific application for a vacancy we have posted on our website or else you are providing/provided us with your details to hold them in our database in case a job opportunity meeting your requests arises. This notice makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with all the information that must be provided under applicable data protection legislation.
DATA PROTECTION PRINCIPLES
The Company is committed to comply with data protection legislation and principles and thus your personal data will be processed:
- lawfully, fairly and in a transparent way;
- for valid purposes clearly explained to you and not processed in any way that is incompatible with those purposes;
- with relevance to the purposes you have been informed about and limited only to those purposes;
- accurately and kept up to date;
- for as long as necessary for the purposes that you have been informed about.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
Processing of your personal data will only be carried out in relation to your request for us to seek possible recruitment opportunities for you and thus, we will collect, store, and use the following categories of personal information about you:
- The information you have provided to us in your curriculum vitae and a covering letter if any;
- Any information you provide to us during an interview, be it face to face or online;
- Any other information we may request from time to time for onward transmission to a prospective employer.
We may also collect, store and use the following “special categories” of more sensitive personal information:
- Information about your race or ethnicity and religious beliefs;
- Information about your health, including any medical condition.
HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We only collect your personal information which you have provided us with voluntarily or which we might ask you to submit. We do not collect data from background check providers, credit reference agencies, your references or any publicly accessible source.
HOW WE WILL USE INFORMATION ABOUT YOU
We will use the personal information we collect about you to:
- Assess your skills, qualifications, and suitability for the role you have applied for or which we might think that can be suitable for you;
- Communicate with you about the recruitment process;
- Keep records related to our recruitment processes;
- Transfer to prospective employers who will then provide you with their Candidates’ Privacy Notice;
- Comply with legal or regulatory requirements.
Manpower Malta retains the right to decide whether to recommend you to a role or workplace as a legitimate company interest.
expectations and skills. If we decide to recommend you for a post other than the one you specifically applied for, we will inform you before submitting your personal data to the prospective employer and seek your consent as to whether you would like us to recommend you or not.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider you for any vacancies we are aware of (such as evidence of qualifications or work history), we will not be able to process your application successfully and thus we will not be able to take your application further.
HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION
In some circumstances, we might need to use particularly sensitive personal information in the following ways:
We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during the interview;
INFORMATION ABOUT CRIMINAL CONVICTIONS
We do not envisage that we will process information about criminal convictions. On the other hand, such information might be eventually requested by potential employers if it is in their legitimate interest or if they are bound to do so by national or EU legislation and/or regulations.
AUTOMATED DECISION-MAKING
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
It is recommended that you request and consult any potential employers’ respective Privacy Notices to learn more about any automated decision-making which they may carry out regarding your personal data as independent data controllers.
DATA SHARING
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
We will only share your personal information with prospective employers after seeking your consent for the purposes of processing your application. We also have third party service providers, such as our website host, email provider and cloud storage providers. We make sure that the organisations we share your data with take appropriate security measures to protect your personal information in line with our policies. We do not allow them to use your personal data other than for the specific purpose we have supplied it for, in accordance with their privacy standards and in accordance with our instructions.
Which third-party service providers process my personal information?
“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: web hosting.
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies and legal obligations. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our strict instructions.
We may also share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with our legal obligations
Transferring information outside the EU
For web hosting purposes only, we will transfer the personal information we collect about you to the United States of America. There is an adequacy decision by the European Commission in respect of this country. This means that we transfer your data to a country which is deemed to provide an adequate level of protection for your personal information.
However, to ensure that your personal information does receive an adequate level of protection we have put in place the following appropriate measure[s] to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects data protection legislation: Data Processing Agreement including Standard data protection contractual clauses.
DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
DATA RETENTION
How long will you use my information for?
We will retain your personal information for a period of 12 months from your last documented interaction with Manpower Malta or from the date on which you inform us that you are no longer interested in using our recruitment services. In the eventuality that you request us not to retain your personal data we will retain your personal information for 12 months so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.
We will strive not to retain your personal data unnecessarily and thus, unless we hear from you,
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, completed and updated.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing with regard to direct marketing purposes (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. We will not further process your personal data until we are able to demonstrate our compelling legitimate grounds to process your personal data which may override your rights and freedoms, or in cases where we may need to exercise or defend legal claims against you. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the legitimate grounds we may rely on to process your personal data..
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our data protection lead in writing.
Manpower Malta makes every effort to ensure that your data is processed fairly, lawfully and transparently; should you have any questions or complaints regarding such processing, we encourage you to contact our data protection lead at any time. You also have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (Malta) should you so require.
RIGHT TO WITHDRAW CONSENT
When you applied for this role, you provided consent to us for the processing of your personal data for the purposes of the recruitment exercise. You have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please contact our data protection lead. Once we have received notification that you have withdrawn your consent, we will no longer process your application. We will dispose of your personal data securely in accordance with our retention policy unless there are other legal obligations requiring us to retain it.
DATA PROTECTION OFFICER
We have appointed a data protection officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the data protection lead. Our data protection lead may be reached on data.protection@demajo.com.
The automated decision-making is the process of making a decision by automated means without any human involvement. These decisions can be based on factual data, as well as on digitally created profiles or inferred data. Examples of this include:
- an aptitude test used for recruitment which uses pre-programmed algorithms and criteria.
Automated decision-making often involves profiling, but it does not have to.
Thus we need you to confirm that you do not use such means to assess applicants. If you do we need to reword this section and create a specific consent form.
Article 5(1)(e) says:
“1. Personal data shall be:
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)”
So, even if you collect and use personal data fairly and lawfully, you cannot keep it for longer than you actually need it.
The GDPR does not set specific time limits for different types of data. This is up to you, and will depend on how long you need the data for your specified purposes.
Notwithstanding this you will still need to prove the legitimacy of your retention period. We suggest one year following the last communication because an applicant can seek legal action for up to 12 months following the end of a recruitment process in cases of alleged malpractices.
We can’t see how a 2 year retention period can be justified especially not without specific consent and at times where CVs are continuously changing.