Job Candidate Privacy Notice
At ADME (CY) LTD and its affiliates, (collectively referred to as «we», «us», «our») the protection of your personal data is a top priority. Keeping your data secure and private is part of our philosophy to apply the highest professional standards within our company. We are committed to process your personal data as follows:
Fairly and lawfully;
In an appropriate manner;
For limited purposes and not longer than necessary;
For the purpose required and not in an excessive way;
Keep them up-to-date and accurate;
Processed in line with your individual rights and in accordance with applicable Law;
In a secure way avoiding unauthorised or unlawful processing;
Protected against breach, accidental loss, destruction or damage by using appropriate technical and organisational measures;
Not transferred to third parties or organisations without adequate protection;
This privacy notice is directed to you because you are applying to work with us (whether as an employee or an external associate), or because we have received your personal data from third party providers which you have provided with consent to do so. It describes how we process your personal data during and after your job application, in accordance with the EU Regulation 2016/679 («GDPR») and Cyprus’ Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018).
If you reside or are located in the Russian Federation, your personal data will be processed in compliance with the Federal Law of Russia N 152-ФЗ as of 27.07.2006 “On Personal Data”. You will enjoy all rights provided to you by the said law. Any reference to GDPR also includes the reference to the above Federal Law of Russia N 152-ФЗ.
Any terms or keywords contained in this notice shall have the same meaning as defined in GDPR.
It is important that you read this privacy notice, together with any other notice which might be communicated to you, so that you are fully aware of how and why we are using such information.
We will work closely with you and third parties, where appropriate, to ensure that all statutory requirements and our policies dealing with personal data protection in the human resources context, strike an effective balance between the legitimate interests of our company and its member companies as an employer and our potential employees.
We have established effective policies to protect your personal data while allowing us to utilise all processes at issue to make our business more efficient.
Identity and contact details
ADME (CY) LTD is a Cyprus private limited liability company with registration number HE347617 and is the «Data Controller» pursuant to the GDPR, and related Cyprus Laws, and determines how your personal data is kept and processed.
The main establishment and the central administration of the Data Controller is situated at 62 Agiou Athanasiou, BG WAYWIN PLAZA, 1st Floor, Office 101, 4102, Limassol, Cyprus.
Official requests may be made by post at 62 Agiou Athanasiou, BG WAYWIN PLAZA, 1st Floor, Office 101, 4102, Limassol, Cyprus, or electronically at firstname.lastname@example.org.
2.The kind of information we hold about you
In connection with your application to work with us, we will collect, store, use and overall process the following categories of personal data about you:
Information you have provided on our application form, including name, title, address, telephone number, personal email address, date of birth, gender, family status (for potential relocation purposes) employment history, qualifications and professional accreditations, including related certificates and/or diplomas;
Information you have provided to us in your curriculum vitae (CV), the covering letter and the reference letters;
Any information you provide to us during an interview;
A copy of the interview’s audio and video recording - We will request your express written consent before any recording takes place;
Any other information which might be statutory required to be requested, depending on the nature of the job description or whether the job will require your relocation away from your usual residence.
Taking into consideration the nature of the applied job, when required by law or with your express consent we might request and collect special categories of personal data. Pursuant to the definition given by the GDPR, these data may include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data, data concerning health, sex life or sexual orientation and criminal records.
We will collect personal information about you through the application process, either directly from you, from named referees (upon receiving your express consent and authorisation), or where applicable from a recruitment agency, third party vacancy pages and/or related applications.
3.How we will use your personal information
The purposes for which our company will process your personal data include but are not limited to:
Assess your skills, qualifications, and suitability for the applied job;
Carry out background and reference checks, where applicable;
Communicate with you about the recruitment process and initiate any interview proceedings;
Keep records related to our recruitment process;
Comply with legal or regulatory obligations, where applicable.
(Some of the above grounds for processing overlap and there may be several grounds which justify our use of your personal data).
We will also need to process your personal data to decide whether to enter into a contract of employment with you or any other agreement.
Having received your personal information and/or your CV and/or any other related documents, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If we believe that you do, we will decide whether your application is strong enough to invite you for an interview. Contacting you for an interview does not mean that our company has decided to make you an offer or that your application was successful. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to make you an offer or not. We reserve the right to request for the interview to be audio and video recorded and/or additional information and/or references and/or supporting documents and for this purpose we will ask for your express consent and authorisation to do so in advance.
The basis for collecting and processing your personal data would be your express consent (where applicable), our mutual rights and obligations in the field of employment and social security, any potential contractual rights and obligations for the performance of such an agreement, our legal obligation to comply with the rules and regulations under the relevant applicable laws and our company’s legitimate interest in promoting an effective working environment and delivering our professional services.
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of claimed qualifications or work history and/or other related information), or if fraud is detected, then we will not be able to process your application successfully.
We reserve the right to make backup data files and hold secure multiple copies of personal data (including any electronic copies), in order to protect our company’s interests in the event of data loss.
Should there be a need to further process your personal data, for a purpose other than that for which they were initially collected, you will be informed accordingly.
4.Recipients and Users of personal data
We will only use your personal data for legitimate purposes and for the purposes mentioned above. Your data may be processed through our secure computer network systems and accessed only by the following respective users within our company:
Staff employed in our human resources department or other authorised personnel;
Members of our management;
Any specified and contracted third party processor, acting under written and express authorisation on behalf of our company, used to process internal corporate personal data, providing secure processing facilities and data access.
When we are statutory obliged to do so or pursuant to a court order, your personal data may be also processed by any governmental and/or other official authority and/or any other third party.
5.Third party processing
Data processing may be carried out on behalf of us by third party data processors which may be located in the European Economic Area (EEA) or in other third countries, pursuant to written and express authorisation for specific purposes contained in the relevant authorisation. We have taken all necessary steps, including the implementation of appropriate legal, technical and organisational measures, to ensure that the data processing meets all applicable statutory requirements, thus safeguarding your rights.
6.Transfer of personal data to third countries or international organisations
We may operate within the European Union (EU), the European Economic Area (EEA) and other third countries, and therefore your personal data or part of them may have to be transferred overseas.
We have taken all reasonable steps to ensure that your personal data are provided with adequate protection based on international protection frameworks and that all transfers of data are conducted pursuant to our written agreements and the supervisory authorities’ guidelines (if required) and/or other legal and/or regulatory requirements.
7.Automated decision making including profiling
You will not be subject to decisions that will produce legal effects or have a significant impact on you, based solely on automated decision – making.
8.Data Retention policy
We will retain your personal data for a maximum period of five years after your last contact with us so that we may consider you for future job openings, unless you object in writing (ex: per email). In all cases, we will retain your personal data for a period of time corresponding to the applicable statute of limitations for any kind of claims, or legal or regulatory obligations.
Here at ADME (CY) LTD, security of your personal data is taken very seriously. For both hard and electronic copy processing we have data management systems which are periodically updated in accordance with technological development and a framework of multilevel security policies to hold data confidential and secure. Security measures have also been taken to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Moreover, we have procedures to deal with suspected data security breaches or threats and should a breach ever materialise, you will be notified accordingly, along with the supervisory authority, if we are required to do so.
More information on our security framework is available upon request.
10.Your rights in connection with personal data
You enjoy a number of rights relating to the processing of your data. Any personal data related requests shall be processed within reasonable time and in any case within 1 (one) month from the signed written request. This period of time may be extended under certain circumstances by further 2 (two) months.
You will not have to bear any cost to exercise any of your rights. We may though charge a reasonable fee should your requests be clearly unfounded or excessive, due to their repetitive character, or refuse to comply with such requests.
We may request specific information to assist us confirm your identity and ensure your capacity to enforce your rights. This is part of our security measures to certify that personal information is not disclosed to any person who has no right to receive it.
Save for any statutory provisions to the contrary, the rights available to you by law are the following:
(a) Right of Access
You have the right to enquire and obtain information from us, as to whether or not your personal data is being processed, including information on the purposes and legal standing of the processing, the categories of data, the recipients or group of recipients and where possible, the envisaged period for which the personal data will be stored.
Where applicable, you may also enquire in respect of any transfer of personal data to a third country or international organisation as well as to obtain more information about our existing security measures / safeguards governing such transfer.
(b) Rectification / Amendment
We aim to have up-to-date personal data kept in our records. Any inaccurate or incomplete personal data may be updated or rectified pursuant to a formal request.
(c) Right of erasure («right to be forgotten»)
Save for any limitations provided by express legal or regulatory provisions, including our policies for data retention, you have the right to request your personal data to be erased from our database, should any of the following occur:
The personal data is no longer necessary in relation to the purposes for which it was initially collected;
There is an objection to the further processing;
The personal data has been unlawfully processed;
The personal data should be erased in compliance with a legal obligation.
(d) Restriction of data processing
Provided that no statutory exceptions apply, should any of the following apply, you have the right to request from us to restrict the further processing of your personal data:
There is a dispute as to the accuracy of the personal data;
The processing is unlawful, and the erasure right was not requested;
The personal data will be used to establish, exercise or defend of legal claims.
(e) Right of portability
You have the right to receive your personal data in a structured, commonly used and a machine-readable form. In addition, and where it is technically feasible, you have the right to request the personal data to be transmitted directly from one data controller to another; thus, from one organisation to another.
Subject to any statutory requirement, the right of portability will not extend to personal data which is inferred or derived by us, such as activity registry, performance appraisals or other results of algorithmic analysis.
(f) Withdraw consent
Where the personal data processing is based exclusively on consent, you have the right to request from us to withdraw such consent at any given time. Nevertheless, such withdrawal will not affect the lawfulness of any data processing based on that ground prior to your withdrawal.
Upon receiving your request, we will no longer process your information for the purposes you originally agreed to, unless another legal basis exists, or for the establishment, exercise or defence of legal claims.
11.Changes to the Privacy Notice
Complaints relating to the processing of any personal data may be communicated electronically at email@example.com.
Complaints may also be lodged before the supervisory authority responsible for the protection of personal data, in the country of your habitual residence, place of work, or place of the alleged infringement of your personal data. More information about how to contact the supervisory authorities across the EEA, can be found in the European Data Protection Board’s website here.