Data Privacy Statement
Following the requirements set out by the current laws on the protection of personal data, namely (i) Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), (ii) applicable EU Member States’ GDPR implementing laws and (iii) any other applicable national laws and regulations to which the members of Uniteam Group of Companies (UGOC) are subject (Data Protection Laws), we would like to inform you why we are collecting your personal data, for what purposes and how we intend to further process them and what rights you may exercise during the time we hold your personal information.
1. DATA CONTROLLER
The Controller, i.e. the party holding overall responsibility for the processing of your personal data, is:
UNITEAM CORPORATION LIMITED
284-286 Makarios Avenue,
3105 Limassol, Cyprus
We have appointed Data Protection Officer (DPO) to oversee the compliance of the processing of personal data with the applicable laws, regulations, policies and procedures by the members of the Group. In case you have any enquiries concerning the processing of your personal data, including any complaints relating to the processing or the requests for execution of your rights, please contact the DPO through:
– e-mail: [email protected] or
– phone: +357 25 846 111
Your enquiries will be addressed as soon as possible, within the 30-day period prescribed by the Data Protection Laws.
3. THE LEGAL BASIS FOR OUR PROCESSING OF YOUR PERSONAL DATA
Submitting your application will be considered as your explicit request to enter into a contract of employment with us or with one of our Clients. Following the receipt of your application data, we will process the data to the extent it is necessary for:
a. taking steps at your request prior to entering into contracts, to which you will be party,
b. the compliance with the legal obligations, to which we and our Clients are subject in relation to your employment,
c. the legitimate interests pursued by us or by our clients.
4. THE CATEGORIES OF YOUR PERSONAL DATA
In the course of the recruitment procedure, we will collect and further process the following categories of your personal data, either submitted by you personally (the information entered directly in the online application form as well as separate CV, cover letter, motivation letter or other documents additionally uploaded by you), recorded during personal interviews or collected from external sources (e.g. from your former employers):
a. Identification information (e.g. full name, date of birth, gender, citizenship, details of an identity document, etc.)
b. Contact details (e.g. home/correspondence address, mobile or home telephone number, e-mail address)
c. Education and training history
d. Proof of your professional qualifications / certification records
e. Your work history and references from your previous employers
f. Your expectations with respect to the conditions of employment
g. Your applicant’s account login credentials (all passwords are stored in encrypted/unrecoverable form).
h. Your images captured by the security CCTV systems installed in our premises
i. Proof of clean criminal record, if applicable with respect to your potential employer and/or the position you apply for.
Please note our processing of the information listed above is necessary for the legitimate, effective and reliable performance of the recruitment process. Failure to provide the necessary data or providing incomplete or incorrect/false information is likely to prevent the successful conclusion of your application. Any such incomplete or false statements discovered after entering into formal contract of employment may lead to the termination of the employment and/or other legal consequences.
5. DATA FROM OTHER SOURCES
In addition to the data provided by you personally, we may collect personal information about you from previous employers or other background check providers.
Your acceptance of this notice will be considered as your consent for contacting your previous employers and/or other background check providers (where applicable).
6. SPECIAL CATEGORIES OF YOUR PERSONAL DATA
Please note that no ‘special categories’ of your personal data are required in the course of recruitment process. Those categories include: any information revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, any genetic data, biometric data that may be used for the purpose of uniquely identifying you, data concerning your health, sex life or sexual orientation as well as any details of your criminal convictions or offences.
You are kindly requested to ensure that no such information is included in the documents you are going to upload to your applicant’s profile. In case such information is received from you, it will be disregarded and removed from the application database, including removal of complete documents (CV, motivation letter, etc.) containing any of the aforementioned data, which may render your application incomplete, thus reducing your chances for a successful recruitment.
7. THE PURPOSES FOR WHICH YOUR DATA WILL BE PROCESSED:
We will process your personal data for the following specific purposes (related to the specified legal bases):
a. Personal identification (3.a)
b. Evidencing your work qualifications (3.a., 3.b.,)
c. Verification of your entitlement to legitimate employment (3.a., 3.b.,)
d. Evidencing your work experience and performance (3.a, 3.b., 3.c.)
e. Assess your salary and other benefits expectations prior to your employment (3.a.)
f. Evidencing your training qualifications and development (3.a.)
g. Administration of the Group’s information security through management of access rights and monitoring usage of IT infrastructure (3.c.)
h. Monitoring the security of the office premises (3.c.)
i. If requested by you, sending you automatic alerts about new vacancies that might be of interest to you (3.a.)
j. Communicating with you (3.a., 3.c.)
8. RECIPIENTS OF YOUR PERSONAL DATA
Your personal data will be primarily processed by Uniteam Global Business Services (UGBS), and specifically by its Human Resources and IT Service Lines. Your data will also be shared with the other members of the Group as and to the extent necessary in the context of assessing the possibilities of your employment with the specific member of the Group. If you apply for employment with one of our external clients, your data will be shared with the responsible personnel of that client.
In case of travelling for recruitment purposes i.e. participate in an interview, relevant necessary scope of your personal data will be disclosed to travel agents, Global Reservation Systems, hotels, as may be required.
Your personal data will be processed with the use of on-premise and cloud-based storage/computing technologies. All respective providers maintain their cloud processing facilities in the European Economic Area (EEA).
9. TRANSFER TO THIRD COUNTRIES
Except for the communication of a limited scope of your personal data to the members of the Group established outside the EEA and possible occasional necessity of transferring your data to non-European travel and hotel providers, we do not intend to transfer your personal data to any other recipient established outside the EEA.
In case it is unavoidable to use a non-EEA travel or hotel provider, we shall ensure that we only use provides that are able to demonstrate that an adequate level of protection of your personal data is applied.
In case your application has not been successful, your complete personal information collected during the process will be retained for a period of twelve (12) months, counting from:
a. the date you last visited / updated your applicant’s account or
b. the date our decision regarding the result of your application was communicated to you,
whichever is later.
You may also cancel your application and delete your applicant’s account at any time.
Whether your account is erased automatically or by your own action, certain information contained in your application data will be retained for a longer time for statistical purposes. This information will be kept in the anonymised form, i.e. it will not be possible anymore to link any part of this information with you.
11. DATA SECURITY
We are taking all necessary organisational and technical measures to protect your personal data against unauthorised (whether accidental or intentional) access, alteration, disclosure, transfer or destruction. The access to your data kept in paper as well as digital format is restricted to authorised personnel only, who are all bound by the obligation to compliance with the Group’s privacy policies and procedures, including the obligation to confidentiality.
All application data processed in digital form are physically stored on servers located in Frankfurt, Germany.
Transmission of data both between our offices and to and from our external processors (e.g. providers of cloud storage/computing) is carried out through secure SSL VPN connections. Procedures, controls and systems are in-place to ensure our security policies are enforced. Access to personal data is governed by controls based on defined roles – either related to employee job description or third-party service agreements. All vendors, partners and service providers are under legal or contractual obligations to provide the personal data with the level of protection required by the European Data Protection Laws.
12. YOUR RIGHTS
During the processing of your personal data by the Group, you may exercise the following rights, within the limits set out in the Data Protection Laws:
a. to verify at any time what personal data concerning you are being processed and in which manner and to receive a copy of your personal data,
b. to have your data promptly corrected, completed or updated in case their incorrectness, incompleteness or outdated status has been identified by any means,
c. to have your personal data erased in case:
i. the purposes for which your data was collected and further processed are not valid anymore or
ii. you withdrew your consent for the processing and the controller has no other legal basis for such processing or
iii. you have exercised your right to object to processing (as explained below) or
iv. there is evidence that your data have been processed unlawfully or
v. the erasure is required by the law,
d. to have the processing of your data restricted to data storage and not further processed if:
i. you have contested the accuracy of your personal data – for such period as is necessary for the Controller to verify the accuracy and, if necessary, to correct/update the data or
ii. your data have been processed unlawfully but you do not wish to have such data erased but you prefer to have their processing restricted instead or
iii. the Controller does not need your data for the purposes they were processed but you require such data to be kept by the Controller for the purposes of establishing, exercising or defending legal claims or
iv. where you exercised your right to object to the processing of your personal data (as set out in paragraph 12.e.i. below) until it is verified whether our compelling legitimate interests override yours,
e. to object to the processing of your personal data in case:
i. the processing is solely based on our legitimate interest (or those of a third party) and, considering your particular situation, you believe that your personal interests, rights and freedoms override our interests or
ii. we are processing your personal information for direct marketing purposes,
f. to have a copy of the personal data that your provided to us transmitted in a digital format back to you or directly to another controller of your choice,
g. to withdraw at any time your consent given for any specific processing, e.g. as stipulated in Section 5 above; the withdrawal will have no influence on the processing based on other legal bases and also the processing based on your consent carried out prior to the withdrawal will remain lawful,
h. in case your personal data have been processed in breach of applicable Data Protection Laws or you have any other complaints, you can contact our DPO as stipulated in Section 2 above so our DPO can address your concern or file a complaint with the Supervisory Authority appropriate to the location of the Controller, i.e.:
OFFICE OF THE COMMISSIONER
FOR PERSONAL DATA PROTECTION
1 Iasonos Street,
1082 Nicosia, Cyprus
Phone: +357 22 818 456
Fax: +357 22 304 565
E-mail: [email protected]
or with the Supervisory Authority appropriate to the place where you normally live or work in the EU or any other place in the EU where you believe your personal data have been processed in violation of the Data Protection Laws.
Some of the rights are subject to certain conditions and their execution may require additional communication, investigation and/or assessment. In any case, processing of each request shall be completed within 30 days.
In order to assist us in maintaining the accuracy of your personal data, you are kindly required to maintain your applicant’s record in the up-to-date status or, alternatively, to let us know whenever any of your personal information which we are processing becomes invalid and requires erasure, correction or updating.
13. CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this privacy notice at any time, especially when any significant changes will be expected in the processing of your personal data or the ways you may exercise your rights.
This privacy statement was last updated on 20 November 2018.
14. YOUR FEEDBACK
If you find anything unclear or inadequately explained in this notice, please feel free to contact us for clarification at any time. Any opinions or suggestions with respect to the form and content of the notice will also be of great value to us.