GREENHOUSE AS SUB-PROCESSOR
We as the data controller use Greenhouse Software Inc. (Greenhouse) as a service provider to facilitate the recruitment process. They are a cloud services provider located in the United States of America. As our sub-processor they collect, use and store personal data, pertaining to website applicants, on our behalf. We are responsible for the processing of your personal data.
PERSONAL DATA PROVIDED
Your personal data is processed with the purpose of managing recruitment related activities concerning candidates for our business, as well as for global organizational planning.
When you apply through the career site or via LinkedIn you provide personal data that goes directly to Greenhouse. Categories of personal data to provide could be for example name, e-mail address, phone number, location, resume, cover letter, degree, further education, and/or LinkedIn profile. What is mandatory versus optional personal data to provide varies depending on what is relevant to process for the role you are applying for. Please note that the above are examples of categories and the list is not exhaustive.
As part of the recruitment process we may perform sourcing where we collect personal data from public sources such as Facebook and LinkedIn. For candidates moving on in the process, we may also collect personal data from references and previous employers.
SPECIAL CATEGORIES OF PERSONAL DATA
No special categories of personal data are processed by us. We do not process either racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic or biometric data, trade union membership nor data concerning health or sex.
PROCESSING BASED ON CONSENT
The personal data you provide, and data that is collected publicly, is processed with your consent and may be used in the recruitment processes, as part of evaluation and selection of applicants, setting up and conducting interviews and tests, evaluating and assessing results, and as otherwise needed in the recruitment process, including the final recruitment.
We will reach out to candidates passing sourcing and first review. Some positions will require work assessments and/or personality tests. We also perform a background check for compliance reasons. The processing of your personal data described in this section is based on your consent.
Under GDPR you have the right to withdraw your consent at any time. You may do so by sending an e-mail to email@example.com. However, please note that by your personal data is used to evaluate your application for employment and by excerizing this right you can not use the career site service.
Personal data provided in the recruitment process will be processed for as long as deemed necessary in relation to business recruitment related activities, and for global organizational planning, as well as in accordance to jurisdictional requirements.
Please note that we may retain your personal data after we have stopped providing services to you, if it is necessary in order to comply with our legal obligations, prevent fraud, meet regulatory requirements, or to resolve disputes. We may keep your personal data if you could be a potential candidate for future recruitment. We may also keep anonymized derivatives of your personal data for business analytical purposes, such as recruitment statistics. Rest assure that personal data that we process for any purpose will not be retained longer than what is necessary for that specific purpose.
Under GDPR you have the right to request access to your personal data, to request that your personal data is corrected or erased and to request restriction of the processing of your personal data.
Current employees may refer candidates via Greenhouse. By doing so they provide personal data about those candidates, who will be notified about the referral and must also approve the content.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We use third party suppliers that perform services on our behalf, and we may disclose your personal data to such suppliers. These third party suppliers include for example hosting, analytical services, database management and internet service providers. In line with our business purposes and as permitted by law, we may share your personal data with other parties, such as professional advisers. In certain cases, we may be required to disclose information, either by law, as part of a legal process or according to regulations.
PROTECTING YOUR PERSONAL DATA
We uphold state of the art security measures in order to protect your personal data from unauthorized access, unlawful disclosure, destruction or modification, accidental loss, and other misuse. The security mechanism we use are technical, physical and administrative, such as encryption, firewalls, physical access controls and information access controls. Despite our reasonable efforts to safeguard personal data, please note there is always a risk that a third party may unlawfully access our systems or otherwise access personal data. We do not accept liability for protecting personal data disclosed through your internet connection.
Please note that for a definitive explanation of these right you should familiarize yourself with relevant laws and regulations as this is intended to be an illustrative list. According to GDPR your principal rights are:
- The right to access: You can contact us to request a copy of your personal data being processed.
- The right to withdraw consent: You may withdraw your previously given consent where this is the legal basis for processing your personal data.
- The right to rectification or erasure: You can contact us to request us to modify, correct or remove information that we process about you, in cases where it is incorrect, incomplete or no longer necessary.
- The right to object to or restrict processing: You can contact us if you consider the processing to be unlawful or if you don’t want it to be processed in a certain manner.
- The right to request portability: You can request us to transfer your personal data should you wish to use it elsewhere.
- The right to complain to a supervisory authority: You may contact your local data protection authority if you wish to make a complaint regarding our collection and use of your personal data.
To execute your rights please contact us by e-mail at firstname.lastname@example.org.
CHANGES TO THIS POLICY
© 2020 NetEnt Group