Privacy Notice for Job Applicants
At H.M.K. Eyescan Limited (hereinafter “we”, “us” or “our”) we are committed to protect our clients’ privacy and handling their personal data in an open and transparent manner.
As part of any recruitment process, we collect and process personal data relating to job applicants. We are committed to being transparent about how we collect and use that data and to meet our data protection obligations.
2.Identity and contact details of the Data Controller and Data Protection Officer.
(a) Data Controller.
H.M.K. Eyescan Limited, a Cyprus private limited liability company, having registration number HE 143773, is the "Data Controller” pursuant to the GDPR, and related Cyprus Law, and determines how your personal data is kept and processed.
The main establishment and the central administration of the Data Controller is situated at 65 Michael Zavou street, Agios Athanasios, 4107, Limassol, Cyprus.
(b) Data Protection Officer (DPO)
The DPO may be contacted directly with regards to all matters concerning this policy and the processing of your personal data including the enforcement of all applicable and available rights.
Official requests may be made by post at 65 Michael Zavou street, Agios Athanasios, 4107, Limassol, Cyprus, Cyprus or electronically at firstname.lastname@example.org.
3. What Personal Data do we collect?
We collect and process different types of personal data about you. This includes:
your name and surname, address and contact details, including email address and telephone number; details of your qualifications, skills, experience and employment history, information about your current level of remuneration, including benefit entitlements.
4. How do we collect personal data?
We may collect personal data in a variety of ways. For example, personal data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.
We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so.
Personal Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).
5. Why do we process personal data?
We need to process personal data to take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into an employment contract with you. In some cases, we need to process personal data to ensure that we are complying with our legal obligations.
We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job.
We may also need to process personal data from job applicants to respond to and defend against legal claims.
We process such personal data to carry out our obligations and exercise specific rights in relation to employment. If your application is unsuccessful, we may keep your personal data on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.
6. Who has access to data?
Your personal data may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles. We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then may share your data with former employers to obtain references for you and we will inform you that we are doing so.
7. How do we protect personal data?
We have put in place appropriate technical and organisational measures including physical, electronic and procedural measures to protect personal data from loss, misuse, alteration or destruction. We restrict access to information at our offices so that only officers and/or employees who need to know the information have access to it. Those individuals who have access to the data are required to maintain the confidentiality of such information. In addition, we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the GDPR.
Please be aware that the transmission of data via the Internet is not completely secure. Users should also take care with how they handle and disclose their personal data and should avoid sending personal data through insecure email.
8. For how long we keep personal data?
If your application for employment is unsuccessful, we will hold your data on file for 12 (twelve) months after the end of the relevant recruitment process.
At the end of that period, or once you withdraw your consent, your data is deleted or destroyed. You will be asked when you submit your CV whether you give us consent to hold your details for the full 12 months in order to be considered for other positions or not.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to our Human Resources file (electronic and paper based) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
9. Your data protection rights
As a data subject, you have a number of rights. You can: access and obtain a copy of your data on request, require the organisation to change incorrect or incomplete data, require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
[Symbol]object to the processing of your data where we rely on our legitimate interests as the lawful reason for processing.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. How to raise a complaint
To exercise any of the above rights, or for any questions or complaints about our use of your personal data, please contact our Data Protection Officer, either by post at 65 Michael Zavou street, Agios Athanasios, 4107, Limassol, Cyprus, Cyprus or electronically at email@example.com.
Complaints may also be lodged to the supervisory authority in Cyprus (Office of the Commissioner for Personal Data Protection, by post at 1 Iasonos Str. 1082, Nicosia, Republic of Cyprus. More information can be found at http://www.dataprotection.gov.cy.
Last updated on 23rd of May 2018