Recruitment Privacy Notice. Information we collect about you

Transcription

1 Recruitment Privacy Ntice At BAT we are cmmitted t prtecting the privacy f ur candidates and users f this erecruitment Site ("Site"). We want t prvide a safe and secure user experience. We will ensure that the infrmatin yu submit t us via this Site is nly used fr the purpses set ut in this Privacy Ntice. We are cmmitted t acting respnsibly and with integrity with regard t prtecting yur privacy rights and freedms. Please read this dcument carefully as it sets ut ur 'Privacy Ntice' which infrms yu what we d with yur persnal data and applies t all individuals wh are registering as a user n the Site. Fr the purpse f this Privacy Ntice and applicable data prtectin legislatin (including but nt limited t the General Data Prtectin Regulatin (Regulatin (EU) 2016/679) (the "GDPR"), the data cntrller and the cmpany respnsible fr yur persnal data that yu prvide initially is British-American Tbacc (Hldings) Limited whse address is Glbe Huse, 4 Temple Place, Lndn WC2R 2PG. When yu apply fr a specific jb then yur persnal data will be transferred t the legal entity stated in the specificatin fr that jb which shall then be a 'secnd' data cntrller f yur persnal data prvided prir t that applicatin, and the sle data cntrller fr all ther persnal data prvided subsequently in cnnectin with that applicatin. In this Privacy Ntice we refer t each data cntrller as ("BAT", "us" r "we"). Details fr each f the BAT legal entities are available n the Site here. We may amend this Privacy Ntice frm time t time. Please visit this page if yu want t stay up-t-date as we will pst any changes here. If yu are dissatisfied with any aspect f ur Privacy Ntice, yu may have legal rights which we have described belw where relevant. Infrmatin we cllect abut yu BAT will cllect, use and/r prcess yur persnal data in rder t prvide yu with infrmatin abut jb pprtunities relevant t yu (if yu have subscribed t such cmmunicatins n registratin) and recruitment prcesses within BAT. We als may share yur persnal data with ther members f the BAT grup f cmpanies wrldwide fr recruitment purpses. Depending n the relevant circumstances and applicable lcal laws and requirements, we cllect sme r all f the infrmatin listed belw fr the reasns which we describe in this Privacy Ntice: Name; Cntact details; Cuntry f residence; Backgrund i.e. educatin histry, emplyment histry, vcatin/prfessin; and Extra infrmatin that yu chse t tell us. The abve list details sme f the persnal details that may we cllect frm yu. Sme f the persnal data we cllect frm yu are required t enable us t fulfil ur duties t yu r t thers. Fr example, t prvide yu with infrmatin abut jb pprtunities and the recruitment prcess within BAT, we need t cllect yur address, name and cuntry t be 1

2 able t prcess yur request. Other items may simply be needed t ensure that ur relatinship can run smthly, such as when we cntact yu t rganise a step in the recruitment prcess. Depending n the type f persnal data in questin and the grunds n which we may be prcessing it, shuld yu decline t prvide us with such data, we may nt be able t fulfil the request. Fr example, if yu d nt prvide cntact details we cannt cmmunicate prgress n a recruitment prcess applicable t yu. In rder t prcess yur persnal data, we need a lawful reasn t d s. Fr details f the legal bases that we rely n t be able t use and prcess yur persnal data, please see the belw sectin entitled "Legal bases fr us prcessing yur data". Hw d we cllect yur Persnal data? We cllect yur persnal data in three primary ways: 1. Persnal data that yu give t us; 2. Persnal data that we receive frm ther surces; and 3. Persnal data we cllect autmatically. Persnal data yu give t us: There are numerus ways that yu can share yur infrmatin with us. These include: Where yu register with n this recruitment website (fr example when yu sign up t be a registered user); Where yu cntact us practively, usually by phne, r via scial media; and/r Where we cntact yu, either by phne r yu may prvide us with infrmatin during such cmmunicatin. Persnal data we receive frm ther surces We may seek mre infrmatin abut yu frm ther surces generally including frm third parties. Fr example, we may receive infrmatin n yu frm thse rganizatins that yu have asked us t use fr prfessinal r academic references such as a previus emplyer r a cllege r university. In additin, if yu chse t apply r submit infrmatin using Facebk r similar scial media sites, we imprt the requested infrmatin frm yur scial media accunt and we make it part f yur prfile. This Privacy Ntice pertains t this Site nly. Fr details n hw yur persnal data is handled and prcessed by the scial media Site that yu have used t submit yur infrmatin, please cnsult the Privacy Ntice n that scial media site. Persnal data we cllect autmatically When yu visit the Site, we cllect technical infrmatin, including the Internet prtcl (IP) address used t cnnect yur cmputer t the Internet, brwser type and versin, time zne setting, brwser plug-in types and versins, perating system and platfrm. We use the infrmatin fr statistical reprting and d nt link it t any named individuals. BAT will nt intentinally cllect any infrmatin abut registered users t this Site wh are under eighteen years f age. If BAT becmes aware that a child has prvided any infrmatin this will immediately be deleted frm BAT's recrds. 2

3 Why d we cllect yur persnal data? We cllect, use and disclse yur persnal data fr a number f reasns, including: t ensure that we can respnd t any queries and cntact yu if yu request us t d s fr string yur details (and updating them when necessary) n ur database and t enable yu t submit yur CV fr general applicatins t allw yu t apply fr specific jbs r t subscribe t ur jb alerts s that we can cntact yu in relatin t jb pprtunities r respnd t any query yu have asked us t answer t assess yur qualificatins fr a particular jb r task t verify infrmatin we have received, using third party resurces (such as psychmetric evaluatins r skills tests), r thrugh infrmatin requests (such as references, qualificatins and ptentially any criminal cnvictins, t the extent that this is apprpriate and in accrdance with lcal laws) as part f the research that we cnduct fr statistical purpses t administer ur website fr internal peratins, including trubleshting, data analysis, testing, research, statistical and survey purpses t ensure the effective peratin f sftware and IT services prcured by us (including disaster recvery) fr ther reasns with yur cnsent. Wh d we share yur infrmatin with? We will share yur persnal data primarily t ensure we prvide yu with the mst relevant and up t date news, cntent and events, r t ensure we can respnd t any query quickly and expeditiusly. Unless yu specify therwise, we may share yur infrmatin with any f the fllwing grups: Any f ur BAT entities. As identified in this Privacy Ntice, yur persnal data will be shared with the BAT entity respnsible fr the jb that yu are applying fr. Yu may apply fr several different jbs. Depending n the lcatin f the jb that yu chse t apply fr yur persnal data culd be transferred inside and utside the Eurpean Ecnmic Area fr such purpses as enable them t cntinue any lcal recruitment services t yu wrldwide. Tax, audit, r ther authrities, when we believe that the law r ther regulatin requires us t share this data (fr example, because f a request by a tax authrity r in cnnectin with any anticipated litigatin) r in rder t help prevent fraud r t enfrce r prtect the rights and prperties f British American Tbacc r its subsidiaries; r prtect the persnal safety f British American Tbacc emplyees, third party agents r members f the public. Third party service prviders wh perfrm functins n ur behalf (including lcal recruitment agents, cmmunicatins service prviders and prfessinal advisers 3

4 such as lawyers, auditrs and accuntants, technical supprt functins and IT cnsultants carrying ut testing and develpment wrk n ur business technlgy systems), third party utsurced IT prviders where we have an apprpriate data prcessing agreements (r similar prtectins) in place; If a BAT entity merges with r is acquired by anther business r cmpany in the future, we may share yur persnal data with the new wners f the business r cmpany (and prvide yu with ntice f this disclsure); and Circumstances may arise where, whether fr strategic r ther business reasns, British American Tbacc decides t sell, buy, merge r therwise rerganise businesses in sme cuntries. Such a transactin may invlve the disclsure f yur persnal infrmatin t prspective r actual purchasers, r the receipt f it frm sellers. It is British American Tbacc's practice t seek apprpriate prtectin fr persnal infrmatin in these types f transactins. We d nt share, rent r trade yur infrmatin with third parties fr marketing r prmtinal purpses. Hw lng d we keep yur persnal data fr? We will nt keep yur persnal data fr any lnger than is necessary fr the purpses fr which we cllect it. If yu are nt successful fr a jb applicatin we may retain yur details and CV s that yur infrmatin is available already in yur prfile. Yu are able t delete yur prfile and registratin at any time. In additin, we may be required by law t retain yur data e.g. in respect f equal pprtunity claims. Where we are subject t a regulatry r ther legal bligatin in a specific jurisdictin which requires us t keep data fr a specified perid f time, we will cmply with thse regulatry requirements with respect t the retentin f such data. Hw d we keep yur persnal data secure? We care abut prtecting yur infrmatin. That is why we put in place apprpriate measures that are designed t prevent unauthrised access t, and misuse f, yur persnal data. We are cmmitted t taking all reasnable and apprpriate steps t prtect the persnal data that we hld frm misuse, lss, r unauthrised access. We d this by having in place a range f apprpriate technical and rganisatinal measures, including encryptin measures and disaster recvery plans. Unfrtunately, there is always risk invlved in sending infrmatin thrugh any channel ver the internet. Yu send infrmatin ver the internet entirely at yur wn risk. Althugh we will d ur best t prtect yur persnal data, we cannt guarantee the security f yur data transmitted ver the internet and we d nt warrant the security f any infrmatin, including persnal data, which yu transmit t us ver the internet. If yu suspect any misuse r lss f r unauthrised access t yur persnal infrmatin please let us knw immediately. Please raise yur cncern by cntacting us (using the details belw) r by using the Cntact us sectin f this website, in the first instance, and we will investigate the matter and update yu as sn as pssible n next steps. 4

5 Yur rights Yu have varius rights in relatin t the data which we hld abut yu. We have set these ut belw. Right nt t be subject t autmated decisin making This right enables yu t nt be subject t a decisin based slely n autmated prcessing including prfiling which prduces legal effects n yu r similarly affects yu. If yu are asked as part f the applicatin prcess t cmplete certain tests the results f these tests will be recrded and we may use autmated decisin-making prcesses hwever BAT des nt make recruiting r hiring decisins based slely n autmated decisin-making. Right t bject This right enables yu t bject t us prcessing yur persnal data where we d s fr ne f the fllwing reasns: because it is in ur legitimate interests t d s (fr further infrmatin please see the sectin belw "Legal bases fr us prcessing yur data"); r fr scientific, histrical, research, r statistical purpses. We will stp such prcessing unless we can demnstrate cmpelling legitimate grunds fr the prcessing which verrides yur interests r if the prcessing is necessary fr the establishment, exercise r defence f legal claims. Right t withdraw cnsent Where we have btained yur cnsent t prcess yur persnal data fr certain activities, yu may withdraw this cnsent at any time and we will cease t use yur data fr that purpse unless we cnsider that there is an alternative legal basis t justify ur cntinued prcessing f yur data fr this purpse, in which case we will infrm yu f this cnditin. Data Subject Access Requests Yu may ask us fr a cpy f the infrmatin we hld abut yu at any time, and request us t mdify, update r delete such infrmatin. We will respnd t yur request within ne mnth. That perid may be extended by tw further mnths where necessary, taking int accunt the cmplexity and number f requests. We may request prf f identificatin t verify yur request. If we prvide yu with access t the infrmatin we hld abut yu, we will nt charge yu fr this unless permitted by law. If yu request further cpies f this infrmatin frm us, we may charge yu a reasnable administrative cst. Where we are legally permitted t d s, we may refuse yur request. If we refuse yur request we will always tell yu the reasns fr ding s. Right t erasure Yu have the right t request that we "erase" yur persnal data in certain circumstances. Nrmally, this right exists where: The data are n lnger necessary; Yu have withdrawn yur cnsent t us using yur data, and there is n ther valid reasn fr us t cntinue (where the prcessing is based n cnsent); The data has been prcessed unlawfully; 5

6 It is necessary fr the data t be erased in rder fr us t cmply with ur bligatins under law; r Yu bject t the prcessing and we are unable t demnstrate verriding legitimate grunds fr ur cntinued prcessing. We wuld nly be entitled t refuse t cmply with yur request fr erasure in limited circumstances and we will always tell yu ur reasn fr ding s. Right t restrict prcessing Yu have the right t request that we restrict ur prcessing f yur persnal data in certain circumstances, fr example if yu dispute the accuracy f the persnal data that we hld abut yu r yu bject t ur prcessing f yur persnal data fr ur legitimate interests. If we have shared yur persnal data with third parties, we will ntify them abut the restricted prcessing unless this is impssible r invlves disprprtinate effrt. We will, f curse, ntify yu befre lifting any restrictin n prcessing yur persnal data. Right t rectificatin Yu have the right t request that we rectify any inaccurate r incmplete persnal data that we hld abut yu. If we have shared this persnal data with third parties, we will ntify them abut the rectificatin unless this is impssible r invlves disprprtinate effrt. Yu may als request details f the third parties that we have disclsed the inaccurate r incmplete persnal data t. Where we think that it is reasnable fr us nt t cmply with yur request, we will explain ur reasns fr this decisin. Right f data prtability If yu wish, yu have the right t transfer yur persnal data between service prviders. In effect, this means that yu are able t transfer the details we hld n yu t anther third party, withut hindrance. T allw yu t d s, we will prvide yu with yur data in a cmmnly used machine-readable frmat s that yu can transfer the data. Alternatively, we may directly transfer the data fr yu. Right t cmplain Yu als have the right t ldge a cmplaint with a lcal supervisry authrity, in particular in the Member State f yur residence, place f wrk r place f an alleged infringement if yu cnsider that the prcessing f yur persnal data infringes the GDPR. In the EU, the privacy regulatrs fr each Member State are listed (alng with cntact details) n the fllwing website: 29/structure/data-prtectin-authrities/index_en.htm If yu wuld like t exercise any f these rights, r withdraw yur cnsent t the prcessing f yur persnal data (where cnsent is ur legal basis fr prcessing yur persnal data), please cntact us using the Cntact Us frm n the website. We will respnd t yur request within ne mnth. Please nte that we may keep a recrd f yur cmmunicatins t help us reslve any issues which yu raise. Hw d we stre and transfer yur data internatinally? Yur persnal data may be transferred utside f the Eurpean Ecnmic Area r EEA (i.e. the Member States f the Eurpean Unin, tgether with Nrway, Iceland and Liechtenstein) t the types f entities described in the sectin called 'Wh d we share yur infrmatin with?' abve and any BAT Entities 6

7 We want t make sure that yur persnal data is stred and transferred in a way which is secure. We will therefre nly transfer data utside f the EEA where it is cmpliant with data prtectin legislatin and the means f transfer prvides adequate safeguards in relatin t yur data, fr example: By way f an intra-grup agreement between BAT entities, incrprating the current standard cntractual clauses adpted by the Eurpean Cmmissin fr the transfer f persnal data by cntrllers in the EEA t cntrllers and prcessrs in jurisdictins withut adequate data prtectin laws; By way f a data transfer agreement with a third party, incrprating the current standard cntractual clauses adpted by the Eurpean Cmmissin fr the transfer f persnal data by cntrllers in the EEA t cntrllers and prcessrs in jurisdictins withut adequate data prtectin laws; r By transferring yur data t an entity which has signed up t the EU-U.S. Privacy Shield Framewrk fr the transfer f persnal data frm entities in the EU t entities in the United States f America r any equivalent agreement in respect f ther jurisdictins; r By transferring yur data t a cuntry where there has been a finding f adequacy by the Eurpean Cmmissin in respect f that cuntry's levels f data prtectin via its legislatin; r Where it is necessary fr the cnclusin r perfrmance f a cntract between urselves and a third party and the transfer is in yur interests fr the purpses f that cntract (fr example, if we need t transfer yur data t a benefits prvider based utside the EEA); r Where yu have cnsented t the data transfer. Where we transfer yur persnal data utside the EEA and where the cuntry r territry in questin des nt maintain adequate data prtectin standards, we will take all reasnable steps t ensure that yur data is treated securely and in accrdance with this Privacy Ntice. Please cntact us if yu wish t btain infrmatin cncerning such safeguards (Cntact Us belw). Legal bases fr us prcessing yur data There are a number f different ways that we are lawfully able t prcess yur persnal data. We have set these ut belw. Where using yur data is in ur legitimate interests We are allwed t use yur persnal data where it is in ur interests t d s, and thse interests are nt utweighed by any ptential prejudice t yu. We believe that ur use f yur persnal data is within a number f ur legitimate interests, including but nt limited t: T identify and recruit apprpriately skilled and experienced talent; T ensure that we administer an efficient recruitment prcess t attract apprpriate talent t ur rganisatin; T prvide an easy and simple way fr applicants t apply fr jbs at BAT; T help us understand visitrs t the Site better and prvide mre relevant infrmatin and services t them; T ensure that the Site runs smthly; and 7

8 T help us keep ur systems secure and prevent unauthrized access r cyber-attacks. We dn't think that any f the activities set ut in this Privacy Ntice will prejudice yu in any way. Hwever, yu d have the right t bject t us prcessing yur persnal data n this basis. We have set ut details regarding hw yu can g abut ding this in the sectin 'Yur rights' abve. Where yu give us yur cnsent t use yur persnal data We are allwed t use yur data where yu have specifically cnsented. In rder fr yur cnsent t be valid: It has t be given freely, withut us putting yu under any type f pressure; Yu have t knw what yu are cnsenting t - s we'll make sure we give yu enugh infrmatin; Yu shuld nly be asked t cnsent t ne thing at a time - we therefre avid "bundling" cnsents tgether s that yu dn't knw exactly what yu're agreeing t; and Yu need t take psitive and affirmative actin in giving us yur cnsent - we're likely t prvide a tick bx fr yu t check s that this requirement is met in a clear and unambiguus fashin. When yu register n ur website, we may ask yu fr specific cnsents t allw us t use yur data in certain ways. If we require yur cnsent fr anything else in the future we will prvide yu with sufficient infrmatin s that yu can decide whether r nt yu wish t cnsent. Yu have the right t withdraw yur cnsent at any time. We have set ut details regarding hw yu can g abut this in sectin 'Right t withdraw cnsent' abve. Where using yur persnal data is necessary fr us t carry ut ur bligatins under ur cntract with yu We are allwed t use yur persnal data when it is necessary t d s fr the perfrmance f ur cntract with yu. Fr example, we need t cllect yur address in rder t be able t prvide yu with any alerts that yu have requested. Where prcessing is necessary fr us t carry ut ur legal bligatins As well as ur bligatins t yu under any cntract, we als have ther legal bligatins that we need t cmply with and we are allwed t use yur persnal data when we need t in rder t cmply with thse ther legal bligatins. Cntact Us If yu have any cmments r suggestins cncerning this Privacy Ntice please cntact us using the cntact details stated in the jb specificatin relating t the vacancy fr which yu have applied, as identified in any Specific Cuntry Ntice Terms belw r at recruitmentadmin@bat.cm. We take privacy seriusly and will get back t yu prmptly. 8

9 Specific Cuntry Ntice Terms In the event that yu have applied fr a jb in any f the cuntries listed belw then the fllwing additin Privacy Ntice prvisins shall apply. Australia Fr the purpses f this Privacy Ntice, 'persnal data' means any infrmatin r an pinin abut an identified individual, r an individual wh is reasnably identifiable, whether r nt the infrmatin r pinin is true, and whether r nt the infrmatin r pinin is recrded in a material frm. Nthing in this Privacy Ntice restricts, excludes r mdifies r purprts t restrict, exclude r mdify any statutry rights under any applicable law including the Cmpetitin and Cnsumer Act 2010 (Cth). Krea, Malaysia, Singapre Terms used in this Privacy Ntice shall have the meanings assigned t them by the Persnal Data Prtectin Act 2010 (als knwn as the PDPA). Germany and Austria If yu wish t exercise yur rights under "Yur rights" r if yu have any questins abut data prtectin at BAT r abut this privacy ntice, yu can als cntact ur data prtectin fficer directly by t Datenschutz@bat.cm r by telephne under +49(0) Hungary Terms used in this Privacy Ntice shall have the meanings assigned t them by the Act CXII f 2011 n the right t infrmatin self-determinatin and freedm f infrmatin. 9