1.1. What is the purpose of this document?
Calligo Limited, its subsidiaries and associated businesses (“Calligo” or “we”) are committed to protecting your personal data and your privacy. We endeavour to ensure that any personal data we collect about you will be held and processed strictly in accordance with applicable data protection legislation.
If you are resident in the EU, this will include the European General Data Protection Regulation (“GDPR”) or, if you are resident in a country that has adopted a local law to implement or adopt the GDPR such as Jersey or Guernsey (together “GDPR Subjects”), the applicable local law implementing or adopting the GDPR (“Applicable Local Laws”). Please see the section “Additional Information for GDPR Subjects” below, for further information.
The terms Personal Data, Data Controller and processing have the meanings given to them in the GDPR (which can be accessed here
), unless otherwise indicated. “Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Calligo has created this Job Candidate Privacy Notice to explain how and why we collect Personal Data about you (“Your Data”), what that data is, under what circumstances we may disclose or transfer it, and how long we store it for. It provides you with certain information that must be provided to you under the GDPR and other applicable data protection legislation.
1.2. What does this Notice cover?
This Privacy Notice sets out information relating to the Personal Data we collect from or about you when you apply to work for us, whether as an employee, worker or contractor. It will apply when you submit your CV or an application form directly to us, through our online recruitment portal (Pinpoint), or where your CV or application form has been sent to us by a recruitment agent on your behalf.
Please note that our recruitment software provider, Pinpoint, creates and hosts the Calligo careers website - https://calligo.pinpointhq.com/
. This Notice does not cover any Personal Data that may be collected by PinPoint, through cookies or similar technologies set on that website, as Calligo is not the Data Controller of this information. Details of these cookies are available here - https://calligo.pinpointhq.com/cookie-policy
1.3. How do I contact Calligo?
For the purposes of the GDPR and Applicable Local Laws, Calligo is the “data controller” of Your Data. This means that we are responsible for deciding how we hold and use Your Data.
If you have any queries regarding this notice or complaints about our use of Your Data, please contact us at email@example.com
or at the address below and we will do our best to deal with your complaint or query as soon as possible.
Chief Privacy Officer
Block 3, The Forum,
2. INFORMATION ABOUT OUR USE OF YOUR DATA
2.1. THE KIND OF INFORMATION WE HOLD ABOUT YOU
In connection with your application for work with us, we will collect, store, and use the following categories of Personal Data about you:
The information you have provided to us in your online application, curriculum vitae and covering letter or email.
- Any information you provide to us during an interview.
- Documentation relating to your right to work in the jurisdiction in which the job is located including a copy of your passport or driving license.
- Background Check Information including your employment history, your address for the previous 5 years, details of any bankruptcies or professional restrictions, results of any credit checks and, where applicable, the results of any DBS checks;
- The results of any tests you undertake for us.
This information is likely to include the following types of Personal Data:
- Email address;
- Postal address;
- Date of Birth;
- Employment history;
If you have used our online recruitment portal, Pinpoint, it will also include details of your visits to our careers website including, but not limited to, traffic data, location data and other communication data, the site that referred you to our careers website and the resources you access.
We may also collect, store and use the following types of more sensitive personal information (known as “Special Category Data”), where this information is relevant to the role you are apply for and/or you choose to disclose it to us:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
- Information about your health, including any medical condition, health and sickness records.
- Information about criminal convictions and offences.
2.2. HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We collect personal information about you in a variety of ways. The majority of the information we collect will come directly from you in the following ways:
- Information you voluntarily upload to our careers/recruitment website, Pinpoint;
- notes made by our recruitment team during a recruitment interview;
- responses you give to tests;
- information from official documentation you provide to us such as your driving license, passport or other right to work evidence.
Other details may be collected indirectly from the following sources:
- recruitment agencies;
- your named referees;
- background check providers;
- credit reference agencies;
- third-party platforms such as Indeed or LinkedIn, if these were used to apply for the role; and
- publicly available sources such as social media sites (to the extent necessary and relevant to the job role).
If you have submitted your application through our recruitment portal, Pinpoint, we may also link the data you provide to us with other publicly available information about you that you have published on the internet, including sources such as LinkedIn and other social media profiles.
2.3. HOW WE WILL USE INFORMATION ABOUT YOU?
We will use the personal information we collect about you to:
- Assess your skills, qualifications, and suitability for the role advertised.
- Carry out background and reference checks, where applicable.
- Communicate with you about the recruitment process.
- Keep records related to our hiring processes.
- Comply with legal or regulatory requirements, such as right to work checks.
Our legal basis for processing Your Data in this way is that it is necessary for our legitimate interests to decide whether to appoint you to the role, since it would be beneficial to our business to appoint someone suitable to that role. Where we are processing Your Data in order to comply with legal or regulatory requirements, our legal basis is that it is necessary for compliance with a legal obligation to which we are subject.
Further, we will process certain of your personal information to decide whether to enter into an employment contract with you.
Once you submit your CV and covering letter to us (or your recruitment agent provides them to us), we will process that information to decide whether you meet the basic requirements to be shortlisted for the role and, if so, invite you for an interview. We will use the information you provide to us at the interview, together with the results of any tests you undertake for us, to decide whether to offer you the role. If we decide to offer you the role, we will then take up references, carry out background checks and right to work checks as part of our pre-employment process.
With your permission, we may also use your personal data to consider you applicability for other roles which may become available. Our legal basis for processing your personal data in this way is your consent, which we will request when if we notify you that you have not been successful for the role you have applied for.
2.4. WHAT HAPPENS IF YOU FAIL TO PROVIDE PERSONAL DATA?
You are not obliged to provide us with Personal Data. However, if you decline to provide information when requested, and this information is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
2.5. HOW WILL WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION?
We will use your Special Category Data in the following ways:
- We will use information about your medical or disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example, whether adjustments need to be made during a test or interview.
- We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
Our legal basis for using your Special Category Data in this way is that it is necessary for the purposes of carrying out our obligations under employment law.
2.6. HOW WILL WE USE INFORMATION ABOUT CRIMINAL CONVICTIONS?
If we decide to offer you the role, we may undertake checks to establish whether you have any criminal convictions. We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us.
2.7. WILL YOU BE SUBJECT TO AUTOMATED DECISION-MAKING?
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. We may leverage Pinpoint’s technology to help us find and short list appropriate candidates for us to consider based on criteria we have identified. The process of highlighting candidates who meet our criteria is automatic, however, any decision as to who we will engage to fill the job opening will be made by our team.
2.8. WILL WE SHARE YOUR DATA WITH THIRD PARTIES?
We will only share Your Data with the following third parties for the purposes of processing your application:
- Background check providers;
- Other entities within the Calligo group of entities;
- Candidate profiling service provider (if we ask you to undertake a candidate profile test);
- Our recruitment portal provider The Infuse Group Ltd (t/a Pinpoint Software);
- Contractors/consultants providing HR services to Calligo.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect Your Data in accordance with the law and in line with our policies. We do not allow our third-party service providers to use Your Data for their own purposes. We only permit them to process Your Data for specified purposes and in accordance with our instructions.
2.9. WHAT DATA SECURITY DO WE HAVE IN PLACE?
We have put in place appropriate security measures to prevent Your Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to Your Data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process Your Data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
2.10. HOW LONG WILL WE USE YOUR DATA FOR?
We will normally retain Your Data for a period of 12 months from the time of your application. After 11 months, we will ask you whether you would like to remain on our system for a further 12 months so that we can contact you about future roles that may become available. If you don’t respond, or you say no, Your Data will be removed automatically after the 12-month period has expired.
If your application was taken forwards to interview and the application process takes longer than 12 months, however, Your Data may be retained for the duration of the application process plus a further 3 months from the date of our last interaction with you.
Please note that, in certain circumstances, we may retain limited information about you for the period of time during which you are able to bring a discrimination claim under your local law. We retain the information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. We will only retain the minimum amount of Personal Data required in these circumstances and will securely delete all other Personal Data that we hold about you.
3. ADDITIONAL INFORMATION FOR GDPR SUBJECTS
3.1. Your privacy rights
Under the GDPR or Applicable Local Laws, you have certain rights with respect to your Personal Data, including those set forth below.
- right to request access – you may obtain confirmation from us as to whether or not Your Data is being processed and, where that is the case, access to Your Data;
- right to rectification – you have the right to obtain rectification of inaccurate personal data we hold concerning you;
- right to erasure – you have the right to obtain the erasure of Your Data without undue delay in certain circumstances
- right to restriction of processing or to object to processing – you may require us to restrict the processing we carry out on Your Data in certain circumstances or to object to us processing Your Data;
- right to data portability – you have the right to receive Your Data in a structured, commonly used and machine-readable format;
- right to withdraw consent – where you have provided your consent to us processing Your Data, you have the right to withdraw your consent at any time. This can be done by emailing firstname.lastname@example.org any time;
- right to lodge a complaint – you may lodge a complaint with the supervisory authority in the EU Member State where you are resident or where you work. For further information on your rights, please see the supervisory authority of your country or EU Member State. The relevant supervisory authorities for the UK, Jersey, Guernsey and Luxembourg are set out below and their websites contain the relevant contact details:
- United Kingdom - the Information Commissioner’s Office whose contact details can be found on their website which can be viewed here - https://ico.org.uk/
- Jersey - the Office of the Information Commissioner whose contact details can be found on their website which can be viewed here - https://oicjersey.org/
- Guernsey - the Office of the Guernsey Data Protection Commissioner whose contact details can be found on their website which can be viewed here -https://dataci.gg/
- Luxembourg – the National Commission for Data whose contact details can be found on their website which can be viewed here - https://cnpd.public.lu/en.html.
If you have submitted an application through our online recruitment portal, you can use the Manage Your Data
tool provided within the portal to view and edit the personal data you have submitted or to withdraw your application at any time.
Alternatively, you can contact us using the details in paragraph 1.3 above.
3.1.1. No fee usually required
You will not have to pay a fee to access Your Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
3.1.2. What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
3.1.3. Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
3.2. International transfers of personal data
In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the GDPR and/or Applicable Local Laws. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
3.2.1. Calligo Group Companies
In addition to our offices in the EU, we have offices in Jersey, Guernsey, the United States and Canada. Your Data may be passed to these entities as part of the recruitment process. Our central servers are also located in Jersey so Your Data will be stored in Jersey.
The European Commission has ruled that Jersey, Guernsey and Canada offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We have also put in place an intercompany agreement which contains the Standard Contractual Clauses approved by the European Commission to ensure that all transfers of Personal Data to any member of the Calligo group are protected to the same level as required under European data protection legislation.
3.2.2. Background check providers
If you are applying for a role in our Canada or United States office, we may need to use background check providers local to those offices. It may, therefore, be necessary to transfer Your Data to third parties outside the EEA in these instances.
Whenever we transfer Your Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring Your Data out of the EEA.