This policy only applies to the personal data of job applicants, potential candidates for employment or partnership, and those who participate in our recruiting programs and events.
We are a “controller” in relation to the personal data we collect as part of the recruitment process. This means that we are responsible for deciding how we hold and use personal information about you.
This policy has been drafted based on the principles of GDPR and other recognised privacy legislation in the territories in which we operate. However, the fundamental principles of data protection, confidentiality, and security of data apply throughout our business. Consequently, this policy is intended to apply to our personal information-processing activities globally. However, we have highlighted where some obligations are applicable to specific territories in this policy.
We will comply with data protection law and principles, which means that your data will be:
In connection with your application for work with us, we may collect, store, and use the following categories of personal information about you:
For roles based in the USA, if we make you an offer of employment, we will also complete a background check or instruct a third party to do so on our behalf. Background checks will only be done where permitted by law applicable to the location where the position is located and to the extent necessary and proportionate to the role that you are being offered. A background check will only involve criminal background data to the extent permitted in your specific jurisdiction.
We collect information about you for use during recruitment from a variety of sources:
We will use the personal information we collect about you to:
In the UK, we may ask our applicants if they have any disabilities to enable us to make reasonable adjustments for candidates who have a disability.
We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process since it is in our legitimate interests to decide whether to appoint you to work at OPEN Health. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment, and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
In some cases, we need to process data to ensure that we are complying with our legal obligations, such as checking a successful applicant’s eligibility to work in the country in which the role will be based before employment starts.
If your application is unsuccessful, OPEN Health may keep your personal data on file in case there are future employment opportunities for which you may be suited. Please see “How long we keep your personal data” below.
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy, and members of the OPEN Health senior or executive teams, as well as IT staff if access to the data is necessary for the performance of their roles.
We will only share your personal information with the following third parties for the purposes of processing your application: Job Adder and Applicant Stack. All our third-party service providers and other entities in the OPEN Health Group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
For candidates based in the UK or EEA (meaning the EU, Switzerland, and Norway), we may transfer your personal data outside the EEA to members of the OPEN Health Group where this is necessary for the recruitment process. If we transfer your data to the OPEN Health Group or third parties outside the UK and/or EEA, we have entered into an agreement ensuring appropriate and suitable safeguards with our OPEN Health Group members and third parties using terms adopted by the Information Commissioner and approved by the Commission (EU Model Clauses). For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need-to-know. If we share your personal data with our agents, contractors, and other third parties, we require they adhere to our Supplier Privacy and Security Requirements, which are available at www.openhealthgroup.com/legal.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
If your application for employment is unsuccessful, we will hold your data on file for no more than 12 months after the end of the relevant recruitment process. However, if there is no further communication between us, we will delete the data 6 months after the end of the relevant recruitment process.
If you have consented for us to keep your personal data on file for consideration for future employment opportunities, then we will hold your data on file for a further 5 years. At the end of that period, or once you withdraw your consent, your data will be deleted or destroyed.
You may withdraw your consent at any time by contacting us via firstname.lastname@example.org.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained in accordance with our employee data-retention policy.
Recruitment processes are not based solely on automated decision-making; however, we may ask you to complete a psychometric test that will be considered as part of the process. No decision will be made solely on the results of any psychometric tests.
Some of our online recruiting activities are hosted by third parties. When you access sites operated by these third parties, they may place their own cookies or other tracking technologies on your device.
As a data subject, you have a number of rights. You can:
If you would like to exercise any of these rights, please use the contact details below.
As required under the CCPA, we have provided the metrics regarding the consumer rights requests we received from California residents from January 1, 2020 to December 31, 2020 in the following table:
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application properly or at all.
In processing your personal data for the purposes of recruitment, we act as data controller if you provided your details to us directly. If you provided your details via a recruitment agency, we will be joint data controllers with that recruitment agency.
For privacy queries please contact EvalianDPO@openhealthgroup.com. For queries related to your job application please contact email@example.com.
For candidates based in the UK or EEA, if you believe that we have not complied with your data protection rights, you have the right to make a complaint at any time to the following: