Privacy policy
General purpose and objectives
This privacy policy will inform you on our internal procedures and the way we manage your personal data while interacting with us.
THE RECRUITER (“we“, “us” or “our“) respects your privacy and is committed to protecting your personal data regarding the Reg. 2016/679 (called hereafter “GDPR”).
This policy applies to all our services. We will ensure that the personal information you submit to us via our website or through our office is only used for the purposes set out in this policy.
This version of our privacy policy was last updated on 20th January 2020.
It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes in your personal data during your relationship with us.
1. Who is responsible for the processing of your personal data?
The Data Controller (hereinafter referred to as “THE RECRUITER” or “we”) in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
THE RECRUITER
Address : 83 rue de Bonnevoie
L-1260 Luxembourg
A complaint can be reported at any time to the CNPD (Commission Nationale de Protection des Données), the Luxembourgish supervisory authority for data protection issues (www.cnpd.lu). Before approaching the CNPD, we invite you to contact us in first instance in case of concerns.
Third-party links
The website of HR Advisory does not include links to any third-party websites, plug-ins and applications. You can browse our jobs, read contents and advices that are published on our website. No data about you or your activity on our website is stored.
2. How do we collect personal information and what kind of information?
There are several ways in our activities to be in contact with you, which lead us to collect data from and about you, including through:
- Direct interactions: This refers to direct contact with us that means you can contact us directly as a client or future client, as a third party or as a candidate or individual by emailing us with your contact details whether as a client or future client, as a third party or as a candidate.
- Mutual referrals: your personal network can put you in contact with our company who will share your CV and/or other personal contact details.
- Social media and the Internet: public personal contact details can be uploaded from social media in our system.
- Social media and the Internet: public personal contact details can be uploaded from social media in our system.
We may collect the information that you provide to us, such as:
- Identity Data including first name, last name, title, date of birth and gender.
- Contact Data including address, email address and telephone numbers.
- Financial Data including salary package details.
- Profile Data including your CV, employment history, education and diplomas, interview notes, references, evidence of right to work, personality test and aptitude tests.
It is not our objective to collect sensitive data such as political opinions, religion, race…etc. Theoretically, it could only happen if we had to recruit for the public sector or any sector needing sensitive information that would be key to the business activity. In this case, this information has a specific protection regarding the GDPR (article 9).
3. Why we use the information we collect?
We will only process your personal data in the execution of our activities that are conducted in the following context:
- Consent - we have obtained your consent to process with your personal data. Your consent can be withdrawn at any time by contacting us at contact (at) therecruiter (.)lu.
- Performance of a contract – we may need to collect and use your personal data for the performance of a contract signed with our clients.
- Legitimate interest – we may use your personal data for the purpose of pursing our legitimate interests (this includes carrying out the business of providing legal services and pursuing our general business interests).
- Compliance with law and regulation – we may use your personal data when necessary to comply with applicable law/regulation.
4. How we process with your personal information?
While executing our activities, we may proactively contact you. In this specific case, when we have initiated the contact by active solicitation, your consent will be priory requested for registering your personal data in our database. When uploading your CV or applying to a job advert, we may consider that it is a tacit authorization that allow us to proceed with you personal data.
We may use your data
- To communicate with you, answer your questions or comments;
- To provide you with updates and job opportunities corresponding to your profile by phone or email;
- For our legitimate business interests related to our HR Services, whereby all data are treated in a confidential and rendered anonymous;
- To prevent and respond to actual or potential fraud or illegal activities;
- When needed to comply with a legal or regulatory obligation.
5. Disclosures of your Personal Data
We collect Personal Data only for the purposes of our activity, by providing recruitment services; in-house services, evaluation, assessment and background check services.
Employees of THE RECRUITER
Clients of THE RECRUITER
Information will be shared with our person of contact in the organization, being most of the time the HR Department and/or the Top Management.
We do not sell, license or share information that individually identifies our customers / clients / applicants…etc. with companies, organisations or individuals outside of our firm and organisation.
6. Security and Emergency procedures
We apply and maintain adequate technical and organisational security measures related to the personal data stored on our devices, the nature of the data, the confidentiality and sensitivity of the data and associated risks. We foresee regular tests to make sure that any security measures put in place as well as the processes foreseen for emergency situations are adapted to the risk.
Emergency procedures
Any breach or incident affecting the personal data will be reported within the shortest period of time and latest within 24 hours of the moment in which the incident has been detected.
7. Personal Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Specific procedures are in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Personal Data transfer
When you enter into contract with us, you consent to the data processing, sharing, transferring and uses of your information as outlined in this Privacy Policy.
Regardless of the country where you reside, you allow us to transfer, process, store and use your information in countries other than your own, in accordance with this Privacy Policy.
We may process information related to individuals in the EU/EEA that submit to the GDPR.
The same guarantee as in the EU should be guaranteed to you. Our data is stored in a datacenter based in Luxembourg.
We still ensure that our service provider respect the standards of the GDPR.
If we have to transfer your Personal Data into a non EU/EEA Country, we will collect your prior consent before processing.
9. Data retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We keep basic information about our Clients for a period of time that is based on our legitimate business interests to collaborate on a long-term basis.
We keep basic information about our candidates (including Identity, Contact, Financial and Profile Data) for a period of time that is based on our legitimate business interest to work on a long-term basis, 36 months being the maximum if no contact has been initiated since the first contact.
The Background Check report is available for re-edition for a period of 6 months from the first edition. After this period of time, all the collected data received for performing the reference check are erased from the server with no back-up solution.
The Assessment Center report is available for re-edition during a period of 12 months from the first edition. After this period of time, the report is erased from the server with no back up solution.
10. Personal Data management
Right of access
This enables you to receive a copy of the personal data we hold about you and obtain from us confirmation whether Personal Data relating to you are processed. If such processing is taking place, you can request the following:
- The purposes of processing;
- The categories of Personal Data concerned;
- The recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular and when applicable, recipients in third countries or international organisations;
- Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the Data Controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the data subject or to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Any other Data we have collected and resulting from testing, references, …etc. and not provided by you are ‘THE RECRUITER’ property.
Right to rectification of the personal data that we hold about you
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Right to erasure of your personal data
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
Right to restriction of processing of your personal data
This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to data portability
You have the right to receive your Personal Data in a commonly used and machine-readable format and send it to another Data Controller.
In this case:
- 1) The data processing is based on consent under Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
- 2) The processing is carried out by automated means.
The right to data portability does not apply to the processing of Personal Data, which is required for a task that is performed in the public interest or in the exercise of official authority vested in us.
The right to data portability is strictly limited to the Personal Data you are providing to us. Any other Data we have collected and resulting from testing, references, …etc. and not provided by you are our property. If you want to use your portability right, this additional Data will be deleted or made anonymous for statistical purposes or other.
Right to object
Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms.
11. Other important information
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
