E.B.M Consulting Data Privacy

WHAT IS THE PURPOSE OF THIS DOCUMENT?

E.B.M. Consulting (also called E.B.M.C.) is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about you during and after your recruitment process with us, in accordance with the General Data Protection Regulation (GDPR).

E.B.M. Consulting is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This notice applies to all individuals who are entering our internal recruitment process further to their application being accepted by our internal recruitment team. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

We will collect, store, and use the following categories of personal information about you:

  1. Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  2. Date of birth
  3. Gender
  4. Marital status
  5. Nationality
  6. Current salary and package including level of commissions, bonuses, annual leave, pension and benefits information
  7. Location of employment or workplace
  8. Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)

HOW IS YOUR PERSONAL INFORMATION COLLECTED?

We collect personal information about you through the application and recruitment process, either directly from you or sometimes from an employment agency.

We may sometimes collect additional information from third parties including former employers.

We will collect additional personal information in the course of job-related activities throughout the period of you working for us.

HOW WE WILL USE INFORMATION ABOUT YOU

Situations in which we will use your personal information:

  1. Making a decision about your recruitment or appointment.
  2. Checking you are legally entitled to work in the location you’re applying to work in.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to process your application and consider you for the position you applied for.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

We will not collect nor process particularly sensitive information as part of our internal recruitment process.

DATA SHARING

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?

”Third parties” includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers: BoondManager CRM tool helping with the tracking of candidates, prospects and clients keeping a talent pool.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

When might you share my personal information with other entities in the group?

Our internal recruitment and commercial activities being managed from our Bascharage office in Luxembourg, we will share your personal information with other entities in our group as and when relevant depending on the location of the position you applied for.

What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained upon request using the contact details below.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

How long will you use my information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements if applicable. Your personal information including your job application and interview records will be kept during the recruitment process and initially for one year from the date of the notification of your application being unsuccessful, unless you have objected to this in writing to a member of our internal recruitment team. The one-year retention period will reset each time your personal record on our internal recruitment module is updated further to a contact, whether oral or written, with a member of our internal recruitment team. We keep your personal information in order to contact you if future internal positions match your skills and could be of interest to you. To determine the appropriate retention period for personal data, we considered the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION

One of the GDPR’s main objectives is to protect and clarify the rights of individuals with regards to data privacy. This means that you have various rights in respect of your data.

To get in touch about these rights, please contact us at using the contact details at section 13 below. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.

Your rights in connection with personal information

Under certain circumstances and subject to certain conditions, by law you have the right to:

  1. Right to object (including where we are relying on legitimate interests or in relation to direct marketing): this right enables you to object to us processing your personal data including where we do so for (i) our legitimate interests; or (ii) for direct marketing purposes.
  2. Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing arrangements), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless there is an alternative lawful reason to permit our continued processing of your data for this purpose in which case we will inform you of this reason
  3. Data Subject Access Request:You may require us to confirm what information about you we are processing and have access to such information.
  4. Right to rectification:You also have the right to require that we rectify any inaccurate personal data that we hold about you.
  5. Right to erasure: You have the right to require that we erase your personal data in certain circumstances.
  6. Right to restrict processing:You have the right to require that we restrict our processing of your personal data in certain circumstances.
  7. Right of data portability: If you wish, you have the right in certain circumstances to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit the data to another controller without hindrance from us.

No fee usually required

You will not normally have to pay a fee to us to access your personal information (or to exercise any of the other rights).

However, we may charge a fee in the limited circumstances this is lawful.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

CHANGES TO THIS PRIVACY NOTICE

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

HOW TO CONTACT US ABOUT YOUR PERSONAL INFORMATION?

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO.

To exercise all relevant rights, and for queries please in the first instance contact our Data Protection Officer.

By Post

E.B.M. Consulting S.A.

20 Op Zaemer

L-4959 BASCHARAGE

Luxembourg

By email

dpo@ebmc.eu