EQUIOM PRIVACY NOTICE - relating to colleagues recruitment
This privacy policy is issued by the Equiom group of companies (Equiom or the Equiom Group). The Equiom Group is made up of Equiom Holdings Limited and its subsidiaries and managed companies. Equiom Bidco Limited is the data controller for the purposes of data protection law who will collect, use and/or otherwise process your personal information.
As a potential Equiom employee you may share a large amount of your personal information with us. We are committed to protecting the privacy and security of your personal information. This privacy notice explains why we collect your information, how we use it, your rights and choices and the steps we take to keep it secure and confidential.
In addition, to collecting information directly from you or on your behalf from recruitment agencies, Equiom also uses a platform for handling recruitment and simplifying its colleagues recruitment process which is powered by TeamTailor on its behalf.
Equiom may collect information in the following ways:
- Directly from you
- From recruitment agencies
- Internal referral from an existing Equiom colleague
- Via our platform for handling recruitment and simplifying the hire process which is powered by TeamTailor on behalf of Equiom (the Services).
Where we refer to potential employees in this notice we mean any person that may be employed by Equiom, including all permanent, contracted or temporary employees including agency workers, consultants, those colleagues who contract with an Employer Of Record and members of the boards of directors of our various group companies.
We keep this privacy notice under review to ensure that we are being transparent about how we may use your personal data and we recommend you check it regularly. This privacy notice was last updated on 14th
September 2023. A further Privacy notice will be issued to successful candidates as part of their contract pack for signing, setting out how the Equiom Group will process and use their personal data.
HOW THE LAW PROTECTS YOU
Your privacy is protected by law. This section provides an overview of how that protection works.
Data protection law states that we are only allowed to use personal information if we have a proper reason to do so. This includes when we may share it outside the Equiom Group. The law also states that we must have a lawful basis to process your data and we generally do so for one or more of the following reasons:
- when you have consented to it; or
- where it is necessary prior to entering into a contract with you (i.e. your contract of employment), or
- when it is our legal duty, or
- when it is in our legitimate interest to do so.
Please note that when you provide your consent for us to process your personal data, you may withdraw this consent at any time, by contacting us as set out below.
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is best or right for you. If we rely on our legitimate interest, we will tell you what that is. The section below (“How We Use Your Personal Information”) contains a list of the ways in which we may use your personal information.
HOW WE USE YOUR PERSONAL INFORMATION
This privacy policy relates to our use of any personal information that we collect from you directly or through other means, such as:
- When you make an application directly to Equiom or through the platform provided by TeamTailor and provide information about yourself.
- When you use the platform provided by TeamTailor to connect with our colleagues.
- Other third-party sources (such as Facebook or LinkedIn or where we receive your information from existing employees).
- When you provide information to us in the Chat provided by the TeamTailor App.
Equiom uses your personal information to enable it to manage the recruitment process; this includes:
- working through and, where appropriate, completing the recruitment process and, agreeing the terms of your Contract of Employment;
- to send you important messages and information relating to your application and where applicable recruitment; and
- to match your details against future open positions that may arise (where you have agreed that we may retain your data for this purpose).
There are times when Equiom is under a legal obligation to collect your personal information, including where we need to:
- carry out the health and safety checks required in some jurisdictions where Equiom operates;
- complete key person checks prior to your appointment if required by regulatory authorities;
- obtain information about you from third parties that are entitled to share that information; e.g., credit agencies, recruitment agencies, public sources or previous employers;
- ensure potential employees hold the required work permits and visas (where applicable);
- monitor equal opportunities information as required in some jurisdictions where Equiom operates; and
- be aware of any secondary employments or directorships to determine whether any conflicts of interest exist and understand any potential health impact on you.
There are occasions where it is in Equiom’s legitimate interests to collect and process your information, for example:
- During the recruitment and onboarding process we carry out background screening checks to confirm that you have the qualifications and experience necessary to carry out the role you have been offered (and dependent on the role, this may include credit and criminal background checks), and to assist us in meeting our duty of care to our clients, other employees and shareholders in assessing the integrity and quality of our employees.
- If you visit our offices as part of the recruitment process, CCTV may be used to monitor access to some of our offices to help keep our colleagues and property safe and to protect the personal information we process from unauthorised access.
- We can monitor emails and online activity to assist in demonstrating that the personal data we use is protected from unauthorised access or disclosure.
- The virtual meeting methods we sometimes use to communicate, e.g. Microsoft Teams, may be recorded so the meeting or presentation can be shared with others.
In most circumstances we do not need to ask for your consent before processing your personal information because we already have a legal basis for processing it, as listed in the sections above. There are, however, some instances when you can choose whether to give us your personal information, for example:
- In the event of accident, injury or illness whilst at our offices you may need to inform our first aiders of any medical conditions or allergies you have if the information will assist them in treating you. If you choose to provide this information, only first aiders will have access to it and it will only be disclosed to emergency services or medical colleagues if it is relevant to the treatment of an illness or injury at work. The information will not be used for any other purposes.
The examples listed above give a summary of the ways Equiom processes your personal information. If you would like more details of our processing activities and our legal basis for processing, please contact the Group Data Protection Team.
HEALTH, WELLNESS AND DISABILITY INFORMATION
Some of the information Equiom collects from you may be sensitive, including but not limited to, information about your health, wellbeing and disabilities. We only ask for this information where we need it in order to fulfil our duty of care to you as a potential employee, to ensure you receive the help support and benefits you are entitled to, and to meet our legal or regulatory obligations.
TYPES OF PERSONAL DATA
We collect and use lots of different types of personal data. Personal data is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to. The personal data that we collect, and how we collect it, depends upon how you interact with us. Categories of personal data that we may collect as part of the recruitment process include:
- Your name
- Your contact details (address, email, telephone number)
- Information on your CV or provided in your application (e.g. past and present work details, education, qualifications)
- Copies of any qualifications or examination results
- Any results from tests (e.g. psychometric tests) undertaken as part of the onboarding process
- Personal data available on social media or publicly available
- Personal data contained in references
KEEPING YOUR PERSONAL INFORMATION UP TO DATE
If the information you have provided to us changes during the recruitment process, please update this information using the recruitment system. However, if you are unable to do so, please let us know as soon as possible by emailing the People Systems Team. (PeopleSystems@equiomgroup.com).
INFORMATION RELATING TO OTHER PEOPLE
If you intend giving us personal data about someone else, e.g., your next of kin, emergency contacts, dependents or beneficiaries, you must ensure that you gain their consent to do so beforehand and that you explain to them how we collect, use, disclose and retain their data or direct them to read this Notice.
SHARING YOUR INFORMATION WITH OTHER EQUIOM ENTITIES
The information you provide to us during the recruitment process may be shared with other Equiom Group entities through our internal systems.
SHARING YOUR INFORMATION WITH SUB-CONTRACTORS
In the usual course of our business, we use sub-contractors to support the essential delivery of our services. Sub-contractors operate under contracts that restrict their use of your personal information to ensure they only use it to provide the services listed in their contract with Equiom. Under these circumstances Equiom remains responsible for the security and privacy of your information and we regularly review all sub-contractor’s security measures to ensure they meet strict information security standards. The services provided by sub-contractors include:
- providing and supporting Equiom’s IT systems;
- providing web-based applications;
- carrying out background screening; and
- transporting, storing and destroying documents and records;
SHARING YOUR INFORMATION WITH OTHER CONTROLLERS
There are times when we need to share your information with other organisations that do not operate under our instructions. As data controllers, these external organisations have a legal obligation to comply with privacy and data protection legislation and they may also operate under a professional duty of confidentiality due to the type of service they provide. They have their own privacy policies that provide details of how they use your information.
In some cases, your personal information will be shared with other data controllers in order to obtain specialist or professional services that are necessary for the services we provide. These include:
- Credit reference agencies who may assist us in carrying out background screening
- Government departments, regulators, ombudsmen, and law enforcement agencies
You can find out more about the organisations your data has been shared with by contacting the Group Data Protection Team.
TRANSFERRING YOUR INFORMATION TO OTHER COUNTRIES
When we share your information with organisations that are located in different jurisdictions, including between Equiom entities, data protection laws require us to ensure you are given equivalent rights and protections to safeguard your personal data. If you would like details of how your information is lawfully transferred to other parts of the Equiom Group please contact the Group Data Protection Team.
STORING AND DELETING YOUR INFORMATION
All personal information recorded in Equiom’s IT systems is stored on servers in the Isle of Man and Singapore. We also use web-based systems for our HR data system.
Whilst Equiom is moving towards keeping worker records (including for potential employees) in digital format only, paper records are kept by the People Team in some jurisdictions where they are required to do so.
Data protection legislation does not specify how long information can be kept, so when setting retention periods for personal information Equiom takes into account the jurisdiction where you may be employed, the type of information, and whether other laws or regulations specify how long the information should be retained.
Where there are no legal or regulatory retention periods, we assess how long we reasonably need to keep your information in order to deal with ongoing queries and actions.
We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal or reporting obligations or to assert or defend against legal claims.
Details of our retention periods are set out in the Group’s data retention policy. Please note that as a general rule, we do not retain personal data relating to job applications that do not lead to employment or engagement for longer than twelve months, unless you provide consent for us to retain your data for a further period (for example, where you want us to continue holding your data in case another position of interest should arise).
KEEPING YOUR INFORMATION SECURE
We are committed to protecting the confidentiality and security of the information that you provide to us. Equiom has put in place a wide range of technical and organisational safeguards to prevent unauthorised access or unlawful use of confidential information. Access to your information is limited to members of the People Team, and details are only disclosed to others where they need it in order to comply with Group policies and procedures, or to meet legal and regulatory requirements.
By way of example we:
- Ensure the physical security of our offices.
- Ensure the physical and digital security of our equipment, devices and systems by mandating appropriate password protection, encryption and access restrictions.
- Ensure appropriate access controls so that access to your information is only granted to those of our people that need to use it in the course of their work.
- Carry out annual penetration testing of our systems.
- Maintain internal policies and procedures to make sure our colleagues understand their responsibilities in looking after your information and take appropriate measures to enforce these responsibilities.
YOUR RIGHTS
Under data protection law in the jurisdictions in which we operate, you have various rights in respect of the personal information that we hold about you which generally include the following. Please note that these rights may be restricted in certain circumstances and may vary slightly between jurisdictions:
- to know whether Equiom is processing your personal information;
- to request a copy of the personal information Equiom holds about you, along with certain related information. There are exceptions to this right; for example, where information is legally privileged or if providing you with the information would reveal personal data about another person;
- to have any information updated, or inaccuracies corrected or and have incomplete personal data completed;
- to have your personal data erased if it is no longer needed;
- to ask Equiom to restrict the processing of your data;
- to object to Equiom processing your data;
There are some jurisdictional variations in the rights you have in relation to your personal information. If you would like more information about how to exercise your rights please contact the Group Data Protection Team.
IF YOU CHOOSE NOT TO GIVE PERSONAL INFORMATION TO EQUIOM
We may need to collect personal information by law or as part of the recruitment process. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations or completing the recruitment process.
Any data collection that is optional would be made clear at the point of collection.
SOCIAL MEDIA
Equiom may collect personal data from social media sites as part of the recruitment process.
When you interact with our social media accounts, including when you react to, comment on or share our posts, we may receive information from them that can identify you. The amount of information we receive is governed by your social media account privacy settings and the policies and procedures of each social media platform. We recommend that you regularly review the privacy settings of your social media accounts.
REQUESTS TO RECTIFY OR REMOVE PERSONAL DATA
You can request the removal of your personal data and withdraw your consent to further processing at any time. To do this, please contact the Data Protection Team at the details set out below. The team will respond to all requests as soon as practicable following receipt.
Please be aware that if you request the removal of your personal data and/or withdraw your consent to further processing during the recruitment process, we will be unable to proceed with any recruitment activities that you have applied for. We will also be unable to consider you for future vacancies unless you submit a new application.
CONTACT THE GROUP DATA PROTECTION TEAM
This privacy notice aims to give you an overview of the way Equiom processes your personal information. If you would like more detail or have any queries, please contact the Group Data Protection Officer or Data Protection Team at:
Second Floor, Jubilee Buildings
Victoria Street,
Douglas
ISLE OF MAN IM1 2SH
Phone: +44 1624 699000
Email: dataprotection@equiomgroup.com
However, if you remain dissatisfied with our response, you have the right to take the matter up with the Regulatory Authority dealing with data protection in the jurisdiction in which your employer is based. If you would like details of the relevant Authority in your jurisdiction, please contact the Group Data Protection Team and they will provide this information to you.
