The service for handling recruitments and simplifying the hiring process (the "Service") is powered by Teamtailor on behalf of Vitaccess ("Controller" “we” “us” etc.). It is important that the persons using the Service ("Users”) feel safe with, and are informed about, how we handle User's personal data in the recruitment process.
Your privacy is very important to us at Vitaccess.
We provide this policy to explain our information practices, including how Vitaccess collects and manages personal data, your statutory rights, and the choices you can make about the way your information is collected and processed.
This policy provides you with a clear explanation of when, why, and how we collect and process your personal data. It is not intended to override any rights you have under applicable data privacy laws.
We strongly encourage you to read this policy and make sure you fully understand it.
We are the data controller in accordance with current privacy legislations. The Users’ personal data is processed with the purpose of managing and facilitating recruitment of employees to our business.
2. Collection of personal data
We are responsible for the processing of the personal data that the Users contributes to the Service, or for the personal data that we in other ways collects with regards to the Service.
When and how we collect personal data
We collect Users’ personal data when Users;
- make an application through the Service or otherwise, adding personal data about themselves either personally or by using third-party social media sources; and
- use the Service to connect with our staff, adding personal data about themselves either personally or by using third-party social media sources.
- provides identifiable data in the chat (provided through the website that uses the Service) and such data is of relevance to the application procedure.
We collect data from third-party social media sources and through other public sources. This is referred to as “Sourcing” and will be manually performed by our employees or automatically in the Service.
The types of personal data collected and processed
The categories of personal data that can be collected through the Service can be used to identify natural persons from names, e-mails, pictures and videos, information from Facebook and LinkedIn accounts, answers to questions asked through the recruiting, titles, education and other information that the User or others have provided through the Service. Only data that is relevant for the recruitment process is collected and processed.
Purpose and lawfulness of processing
The purpose of the collecting and processing of personal data is to manage recruiting. The lawfulness of the processing of personal data is our legitimate interest to simplify and facilitate recruitment.
Personal data that is processed with the purpose of aggregated analysis or market research is always made unidentifiable. Such personal data cannot be used to identify a certain User. Thus, such data is not considered personal data.
The consent of the data subject
The User consents to the processing of its personal data with the purpose of Controller’s handling recruiting. The User consents that personal data is collected through the Service, when Users;
- make an application through the Service, adding personal data about themselves either personally or by using third-party social media sources, and that Controller may use external sourcing-tools to add additional information; and
- when they use the Service to connect to Controller’s recruitment department, adding personal data about themselves either personally or by using third-party social media sources.
The User also consents to the Controller collecting publicly available information about the User and compiles them for use in recruitment purposes.
The User consents to the personal data being collected in accordance with the above a) and b) will be processed according to the below sections Storage and transfer and How long the personal data will be processed.
The User has the right to withdraw his or her consent at any time, by contacting Controller using the contact details listed under the section titled Contact. Using this right may, however, mean that the User cannot apply for a specific job or otherwise use the Service.
Storage and transfers
The personal data collected through the Service is stored and processed inside the EU/EEA or such third country that is considered by the European Commission to have an adequate level of protection, or processed by such suppliers that have entered into such binding agreements that fully complies with the lawfulness of third country transfers or to other supplies where the adequate safeguards are in order to protect the rights of the data subjects whose data is transferred. To obtain documentation regarding such adequate safeguards, contact the Controller using the contact details listed under the section titled Contact.
How long the personal data will be processed
If a User does not object, in writing, to the processing of their personal data, the personal data will be stored and processed by us for as long as we deem it necessary with regards to the purposes stated above. Note that an User may be interesting in future recruitment and for this purpose we may store Users’ Personal Data until they are no longer of value as potential recruitments. If you as a User do not wish to have your Personal Data processed for the purpose of future recruitment please contact the Controller using the contact details listed under the section titled Contact.
3. Legal rights
Data protection law gives you rights regarding your data:
your right to be informed. To know (a) the name and address of the data controllers; (b) the source of your personal data; (c) whether your data is being processed; (d) for what purpose your data is used; (e) the purposes, legal basis, and methods of processing; and (f) the entities or categories of entity to which your personal data may be transferred.
your right to access. To request that we provide you with a copy of your personal data that we hold. This right of access is not absolute, for example if it affects the rights and freedoms of others or is manifestly unfounded or excessive.
your right to withdraw consent. To withdraw your consent at any time. This does not affect the lawfulness of any processing that you had previously consented to.
your right to rectification. To request that we correct any errors in your personal data, that we update your personal data as required, and we complete data you think is incomplete.
your right to erasure. To request that we erase your personal data. Data can be erased in limited circumstances, where it is no longer necessary in relation to the purpose(s) for which it was collected or processed.
your right to restrict processing. To request that we restrict the processing of your personal data, in whole or in part, where: (a) the accuracy of the personal data is contested; (b) the processing is unlawful but you object to the erasure of the personal data; (c) we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise, or defense of a legal claim. We can consider your request unless it is lawful for us to continue processing your data without consent.
your right to data portability. To request that we send your data to you or someone else in a format that is readable in a different system.
your right to object. To request that we do not transfer your personal data to unaffiliated third parties for any purposes or request that we change the way we contact you.
your right to obtain a copy of the safeguards under which your personal data is transferred outside the EEA.
your right to lodge a complaint with your local supervisory authority for data protection.
Before disclosing to you any personal data requested, we may ask you for additional information to confirm your identity and for security purposes. We reserve the right to refuse your request, or charge a fee where permitted by law, for example if your request is manifestly unfounded or excessive.
In order to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
We ensure that data is secured against unauthorized external and internal access. Data is held securely and access is restricted to named individuals to fulfil a valid business need. Access is revoked once the need is fulfilled.
All data management activities and controls are documented in the ISO 27001-certified Vitaccess Information Security, Physical and Environmental Security, and Cryptographic Controls policies.
We will attempt to resolve any complaints regarding the use of your personal data in accordance with this policy. For EU member state residents, you also have a right to lodge a complaint with your national data protection supervisory authority at any time. However, we encourage you to contact us first.
5. Access to personal data
Personal data are only processed for internal purposes, except in exceptional cases, namely when we are obliged to do so based on a statutory provision or a decision of the court or supervisory authority, or if this is necessary in the interests of the prevention or prosecution of criminal offenses, such as fraud or deception.
Where permitted by local data protection laws, we may disclose or otherwise allow others access to your personal data in response to a legal request, such as a subpoena, legal proceedings, search warrant, or court order, or in compliance with applicable laws, if we believe in good faith that the law requires us to do so, with or without notice to you.
If warranted, we may also allow access to this information in special emergencies where physical safety is at risk. We reserve the right to disclose any personal data or other information obtained from or about you to third parties in connection with a merger, acquisition, bankruptcy, or sale of all or substantially all of our assets, to the extent that this is necessary for the process.
The personal data collected by us may be transferred for the purposes mentioned above (purpose of processing and legal grounds) to any third parties we subcontract for all or part of this processing. This may include hosting providers and server co-location services, communications and content delivery networks, data and cyber security services, fraud detection and prevention services, web analytics, email distribution and monitoring services, session recording and remote access services, performance measurement data optimization and marketing services, content providers, our legal and financial advisors, and any other relevant roles. Note that we will never sell your personal data to a third party.
In the event of transfer of personal data to a country outside of the European Economic Area (EEA), we systematically ensure the application of an adequate level of protection to personal data by means approved by applicable data protection legislation, like that in the UK.
Where appropriate, we may share your data with the following people and organizations:
Reason: To enable us to review candidate application in relation to the job being applied for.
Is personal data shared?: Only with a small team who are managing the data.
Group: Our technology providers (e.g., Microsoft)
Reason: To help us store and analyze the data.
Is personal data shared?: Yes
Reason: To supply the Service, server and hosting companies (including Heroku and AWS), e-mail reference companies, video processing companies, information-sourcing companies, analytical service companies and other companies with regards to suppling the Service.
Is personal data shared?: Yes
6. Aggregated data (non-identifiable personal data)
We may share aggregated data to third parties. The aggregated data has in such instances been compiled from information that has been collected through the Service and can, for example, consist of statistics of internet traffic or the geological location for the use of the Service. The aggregated data does not contain any information that can be used to identify individual persons and is thus not personal data.
For questions about the application process please contact firstname.lastname@example.org
For questions, further information about our handling of personal data or for contact with us in other matters, please use the below stated contact details:
The Oxford Science Park
Robert Robinson Avenue
+44 (0) 1865 818 983
You can complain to the UK Information Commissioner’s Office if you are unhappy with how we have used your data:
Information Commissioner’s Office
+44 (0) 303 123 1113