Ocorian Job Applicant Privacy Notice
Total Page:16
File Type:pdf, Size:1020Kb
OCORIAN JOB APPLICANT PRIVACY NOTICE ocorian.com Ocorian Job Applicant Privacy Notice: 20 Aug 2021 1. Introduction Members of the Ocorian Group are bound by data protection legislation in each of the various jurisdictions in which they operate and are committed to protecting your privacy. This Notice sets out the basis on which Personal Information that members of the Ocorian Group collect from you, or that you provide to a member of the Ocorian Group, will be processed. Most of the countries in which Ocorian operates have laws concerning the collection, use, transfer and disclosure of the personal information of individuals. The EU's General Data Protection Regulation ("GDPR") means that all EU jurisdictions and other countries such as Jersey that have adopted GDPR-compliant data protection laws will operate under broadly similar data protection regimes. The internal data protection policies and procedures of the Ocorian group are based on GDPR compliance. Your "Personal Information" means any information that can be used (whether alone or with other information) to identify you, the "data subject". In relation to you applying for a position in Ocorian, your Personal Information will mean a wide range of things, including: (a) your name, home and email addresses and phone numbers; and (b) details of previous employment, education and qualifications. The above list is not exhaustive and therefore, in the context of your applying for a position at Ocorian, your Personal Information will consist of all sorts of information that you provide to Ocorian or that Ocorian generates in the course of the recruitment process. A fuller definition of "Personal Information" is given in Appendix 1 and lists of the kinds of Personal Information that the Ocorian Group may process can be found in Appendix 2. If you have any queries regarding anything in this Notice, please contact our Global Data Privacy Officer, whose contact details can be found at the end of this Notice. 2. Uses and grounds on which Personal Information is processed We process your Personal Information on one or more of the following legal bases: (a) With your consent; and/or (c) it is necessary, in our legitimate interests for recruitment purposes. The processing by us will include sharing your Personal Information within the Ocorian Group, where such people need to know the information in question for the lawful and orderly management and operations of the Ocorian Group, as this too is in our legitimate interests. Some of these recipients may be located outside of your home jurisdiction. No member of the Ocorian Group will use Personal Information for any other purpose incompatible with the purposes described in this Notice unless it is either required or authorised by law, authorised by you (in which 2 ocorian.com Ocorian Job Applicant Privacy Notice: 20 Aug 2021 case your express consent will be sought) or is in your own vital interest (for example, in the case of a medical emergency). 3. Storage, transfer and use of Personal Information Your Personal Information will be stored by us as follows: (a) if you are applying for a role in the Ocorian Group in Jersey, Ireland, the Netherlands or the United Kingdom, Personal Information collected by us is hosted (i) on Ocorian's servers at its physically- secured premises in St Helier, Jersey and (ii) in an independently-certified third party data centre in Jersey. (b) if you are applying for a role in the Ocorian Group in Luxembourg, Personal Information collected by us is hosted on servers in a data centre provided by a third party IT service provider regulated by the Luxembourg regulator, the CSSF and if you are an employee of a member of the Ocorian Group in Luxembourg City, Personal Information collected by us is hosted on its servers at its physically-secured premises in Luxembourg City. (c) if you are applying for a role in Singapore Trust Company or Ocorian (Mauritius) Limited, some of your Personal Information is, in addition to being held by either entity, held by Ocorian Group HR in Jersey. (d) In addition, regardless of the jurisdiction in which you work, we use Smart Recruiters for applicant tracking management purposes and may process your Personal Information in other cloud-based and/or on-premises, third party HR systems. (e) Third party suppliers of data centre hosting and business continuity services and of HR systems have been approved for use by Ocorian and are each subject to contractually-binding terms covering the protection of personal information, in accordance with Ocorian's Data Protection Policy. 4. Security All members of the Ocorian Group will take appropriate measures to protect Personal Information that are consistent with EU privacy and data security laws and regulations, including requiring service providers to use appropriate measures, to protect the confidentiality and security of Personal Information. Personal Information is stored securely, subject to the control of our management team. As a general rule, Ocorian's IT tools and applications such as the e-mail system and the data/client/document management systems are administered by members of Ocorian's IT team in Jersey. In Luxembourg, Ocorian's IT tools and applications are controlled by Luxembourg management but are administered by a third party IT service provider regulated by the Luxembourg regulator, the CSSF. Appropriate technical and organisational security measures are in place across the whole Ocorian Group to avoid the accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access of Personal Information. On occasion, we may grant access to reputable and trusted third party IT suppliers or third party advisors outside the Ocorian Group, as set out in Appendix 2 to this Notice. Some of these third parties will be located outside of your home jurisdiction. 3 ocorian.com Ocorian Job Applicant Privacy Notice: 20 Aug 2021 If we transfer your Personal Information to a third party located in a "third country" (broadly, a country that is not a member of the European Union or one that ensures "adequate protection" for personal data: see Appendix 1 for a full definition) such as Mauritius, Singapore and, the United States of America, it will do so only on the basis that the recipient is subject to binding contractual terms covering the protection of personal data that will provide for adequate protection of your rights as a data subject by, for example, being in accordance with the European Union's model clauses. 5. Data integrity and data retention We take all reasonable steps to ensure that the Personal Information processed is reliable for its intended use, and is accurate and complete for carrying out the purposes described in this Notice. We will retain Personal Information for the period necessary to fulfil the purposes outlined in this Notice, typically 6 months unless a longer retention period is required or permitted by law. Retention periods are kept under review. Where we rely on your consent in respect of the Personal Information you disclose during the recruitment and selection process we will cease processing that Personal Information by deleting it if you withdraw that consent at any time. If you object to the processing of your Personal Information by us and, as a result, we stop processing it, you need to be aware of the possible consequences. Please see "6. Your rights: access, correction and objection" below. Personal Information will be securely disposed of at the point it is no longer required. 6. Your rights: access, correction and objection As a data subject, you have several rights in relation to your Personal Information. You have the right under certain circumstances to: (a) have access to your Personal Information by making a "subject access request"; (b) have your Personal Information corrected if it is wrong or, in certain circumstances, to have it deleted; (c) have the processing of your Personal Information restricted (while we verify or investigate your concerns with this information for example); (d) object to the further processing in certain circumstances of your Personal Information; (e) request we move your Personal Information elsewhere (data portability); (f) withdraw any consent that you have given us if we are processing your Personal Information only because you have given that consent; and (g) object to (1) processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), (2) direct marketing (including profiling), and (3) processing for purposes of scientific/historical research and statistics; and 4 ocorian.com Ocorian Job Applicant Privacy Notice: 20 Aug 2021 (h) protection in respect of automated decision making and profiling. If you do want to exercise one of your rights in relation to your Personal Information, we will seek to alert you to the possible consequences of that at the relevant time. 7. Ocorian contact details If: (a) you wish to exercise any of you rights in relation to your Personal Information; (b) you have any complaint about the way in which we process Personal Information; or (c) you require any further information about this Privacy Statement or its contents, please contact: (i) the Global Data Privacy Officer, Ocorian Limited, 26 New Street, St Helier, Jersey JE2 3RA, Tel: +44 (0)1534 507000; Email: [email protected]. 8. Data protection regulator contact details If your request or concern is not satisfactorily resolved by us you may approach your local data protection authority in the jurisdiction in which our office is located. The contact details for the data protection regulators in the jurisdictions in which members of the Ocorian group operate are as follow: • Bermuda: Information Commissioner's Office, Valerie T. Scott Building, 60 Reid Street, Hamilton, Bermuda HM12.