Candidate and Applicant Privacy Notice

What is the purpose of this document?

This privacy notice (the Privacy Notice) for candidates and applicants sets out the information that must be provided by us to you at the time your Data is obtained. We are making you aware of our Privacy Notice because you are applying to or have expressed an interest in working with us (whether as an employee, worker or contractor).  This Privacy Notice concerns your Data which is obtained during the recruitment or selection process. This Privacy Notice describes how we collect and use Data about you and gives examples of the types of Data we hold, Processing activities and the justifications for that Processing. It is drafted in compliance with Data Protection Law. The following terms have defined meanings in this Privacy Notice:

Business is defined in the CCPA:

CCPA means the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020;

Consumer means a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however identified, including by any unique identifier;

Data means in relation to Data Protection Law: Personal Data and Special Category Data; and in relation to the CCPA: Personal Information, and shall be construed in this Privacy Notice as the context requires.

Data Controller means the organisation that determines the purposes for which and the manner in which Personal Data are processed; for the purpose of this Privacy Notice the Data Controller is SmartComms Entity with whom you have an employment or work contract unless specified otherwise in this Privacy Notice;

Data Processor means the organisation that processes Personal Data on behalf of the Data Controller and per it’s instructions;

Pursuant to applicable data protection laws, we are a “data controller” and we collect, store, hold, process, use, record, consult, disclose, erase, make decisions based upon, destroy and in some instances, transmit personal data about you as a job applicant or candidate for a role at Smart Communications (together these activities are referred to as “Process”, “Processed” or “Processing”).

Data Protection Law means any applicable laws and regulations relating to privacy or the use or processing of data relating to natural persons, including but not limited to: General Data Protection Regulation ((EU) 2016/679) as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”); the EU’s General Data Protection Regulations (EU Regulation 2016/679) (“GDPR”); the Australian Privacy Principles (APPs) under the Australian Privacy Act 1988 (Cth)(APA) (together the “Australian Privacy Law”); the UK’s 2018 Data Protection Act (“DPA 2018”); Federal Data Protection Act in Germany (“BDSG”); the Swiss Federal Act on Data Protection and the Swiss Ordinance to the Federal Act on Data Protection (together the “Swiss DPA”); the California Consumer Privacy Act of 2018 (“CCPA”); any laws or regulations ratifying, implementing, adopting, supplementing or replacing such legislation in each case to the extent in force and as updated, amended or replaced from time to time; and any further applicable data protection laws;

Data Subject  means a living, identifiable individual about whom Personal Data is processed. For the purposes of this Privacy Notice, we will refer to you as the “Data Subject”;

Personal Data if defined under the applicable law – such specific definition applies. In general,  means Data which relates to a living individual who can be identified from those Data or from those Data and other information which is in the possession of or is likely to come into our possession as Data Controller or Data Processor, as the case may be. Personal Data include opinions and any indications of our intentions towards an individual;

Personal Information is defined in the CCPA as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household and includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:

  1. identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
  2. any categories of personal information described in California Civil Code 1798.80(e).
  3. characteristics of protected classifications under California or federal law.
  4. commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  5. biometric information.
  6. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
  7. geolocation data.
  8. audio, electronic, visual, thermal, olfactory, or similar information.
  9. professional or employment-related information.
  10. education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
  11. inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes.

Processing includes obtaining, recording, holding, altering, retrieving, consulting, using, disclosing, blocking, erasing or destroying Personal Data;

Related Policy means any Smart Communications policy which is expressly referred to in this Privacy Notice or any which is referred to in any compulsory training provided by Smart Communications;

SC Personnel means an employee or contractor of one of the SmartComms Entities or all employees and contractors of a SmartComms Entity (as the context requires);

SmartComms Entity/ies means: SmartComms SC Limited, a limited company incorporated under the laws of England and Wales with registered number 04303041 and its registered address at Catalyst House, 720 Centennial Court, Centennial Park, Elstree, Hertfordshire, England, WD6 3SY; SmartComms, LLC, of 18208 Preston Road, Suite D9 #350, Dallas Texas 75252, USA; SmartComms Pty Ltd, a proprietary limited company incorporated under the laws of Australia with registered number 3110278521 and its registered address at Level 14, 264-278 George Street, Sydney, NSW 2000 Australia; SmartComms Platinum AG of Blegistrasse 1, 6343 Rotkruez, Switzerland; SmartComms GmbH of Stengelstrasse 1 66117 Saarbrücken Germany; Smart Communications CCM Austria GmbH of Schottenring 25, 1010 Vienna Austria; SmartComms Platinum Pte Ltd Of 10 Anson Road, International Plaza #11-03, 079903 Singapore; Intelledox Pty Ltd (Australia 054161456) of Level 14, 264-278 George Street, Sydney, NSW 2000 Australia; Intelledox Asia Pte Ltd (Singapore) of 10 Anson Road, #31-10 International Plaza, 079903 Singapore; Intelledox Inc of 18208 Preston Road, Suite D9 #350, Dallas Texas 75252, USA. and SmartComms Entity shall be construed accordingly.

Smart Communications, we, our, us means the SmartComms Entity which is sending this Privacy Notice to the relevant SC Personnel;

Special Category Data means information about the Data Subject relating to the (a) racial or ethnic origin, (b) political opinions, (c) religious beliefs or other beliefs of a similar nature, (d) trade union membership, (e) physical or mental health or condition, (f) sexual life, (g) commission or alleged commission by any offence, and (h) any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings, in accordance with applicable law; and

You, your means the candidate or applicant in receipt of this Privacy Notice whether by notice, URL link or other form of communication.

Pursuant to Data Protection Laws, we are a “Data Controller” and we Process Data about you as a job applicant or candidate for a role at Smart Communications.

Pursuant to the CCPA, we are the “Business” and you are the “Consumer”.

This Privacy Notice will only apply to the extent that it is consistent, or can be made consistent, with that local guidance from time to time.

This Privacy Notice does not form part of any contract of employment or other contract to provide services.

It is important that you read this Privacy Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Data about you, so that you are aware of how and why we are using such information. If you require any additional information relating to this Privacy Notice email [email protected].

DATA PROTECTION PRINCIPLES

We will comply with data protection law and principles, which means that your Data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely

What Data is Processed?

In connection with your application for work with us, we shall collect, store, Process and use the following categories of personal data about you:

  • The information you have provided to us in your curriculum vitae and covering letter.
  • The information you have provided on our application form, including (if applicable) name, title, address, telephone number, personal email, address, date of birth, gender, employment history, qualifications, reference information, work status, visa requirements.
  • Any information you provide to us during an interview.
  • Any information you provide to us or the results of any pre-employment testing process.
  • Any information you provide to us, as permitted by applicable data protection law.

Such Data may include: name, title, address and address history, telephone number, personal email, date of birth, gender, employment history including salary and dates of employment, reason for leaving, dates employed and position whilst employed, qualifications, reference information, work status, visa requirements, eligibility to work, address history, education history, identification number, credit status and supporting documents for example, a copy of your government issued ID; certificates showing professional qualifications; documents that you provide that verify any gaps in your employment history and any other Data you make available.

Specific Processing in Germany, Switzerland and Austria:

Notwithstanding the above, only the following Data shall be Processed if you are located in Germany, Switzerland or Austria:

  • The results of any employment screening process, as permitted by applicable data protection law and employment law, including address history, credit checks (“Betreibungsregisterauszug” or “SCHUFA Auszug”), visa requirements, eligibility to work, education history, employment history including salary and dates of employment, reason for leaving, dates employed and position whilst employed, and supporting documents and documents that you provide that verify any gaps in your employment history and any other Data you make available.
  • Proof of eligibility to work in the country that you have applied.

Special Category Data

As a general rule, we try not to collect or process any Special Category Data about you, unless authorized by law or where necessary to comply with Data Protection Law. However, in some circumstances, we shall need to collect, or request on a voluntary disclosure basis, some Special Category Data for legitimate employment-related purposes, as permitted by applicable law.

Therefore we may also collect, store and use the following special categories of more Special Category Data:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
  • Information about your health, including any medical condition, health and sickness records
  • Information about criminal convictions and offences

Specific Processing in Germany, Switzerland and Austria:

Notwithstanding the above, following Data may be Processed if you are located in Germany, Switzerland or Austria:

  • Information about your race, ethnicity and gender
  • Information about your health, including any medical condition
  • Information about criminal convictions and offences relevant to the job position (in accordance with Data Protection Law)

All roles at Smart Communications, and the services we supply to our customers, require a high degree of trust and integrity since it involves dealing with highly regulated industries such as Investment banks and Financial Institutions. In addition our compliance accreditations are critical to be able to provide services to our customers on our cloud platform. To ensure compliance with our legal obligations derived from Data Protection Law and – as applicable – our customer obligations and our key accreditation bodies any roles with access to Smart Communications or Smart Communications’ Source Code; any roles with access to our customer’s data; any roles with access to our customer’s live systems and any employees with access to the Company’s Financial Information are all required to complete background screening prior to being provided with access to our IT systems as permitted under Data Protection Law.

For the purpose of the CCPA, the Personal Information which we collect and hold for you falls into the following categories:

Pursuant to title 1798.100(b) of the CCPA, this Privacy Notice is intended to inform you about (i) the categories of “Personal Information” which we collect and (ii) the purposes for which we collect such Personal Information.

Categories:

  1. Identifiers: Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
  2. Customer records information: None
  3. Characteristics of protected classifications under California or federal law: Race, religion, sexual orientation, gender identity, gender expression, veteran status, age
  4. Commercial information: None
  5. Biometric information: Only if provided by candidate on Application – e.g. Photograph
  6. Internet or other electronic network activity information: None
  7. Geolocation data: None
  8. Audio, electronic, visual, thermal, olfactory, or similar information: None
  9. Professional or employment-related information: Professional qualifications obtained; institutions attended; dates of attendance at Institutions and dates the qualifications were awarded; employment history including previous employers and dates of employment.
  10. Education information: Education history; educational attainments and qualifications obtained; institutions attended; dates of attendance at educational institutions
  11. Inferences: None

 

How is Your Data Collected?

Data is collected directly through you or from an employment agency, jobsite or background check provider. We shall sometimes collect additional information from third parties including former employers or credit reference agencies.

We shall collect Data about candidates from the following sources:

  • You, the candidate;
  • Recruitment agency(ies) (only where the agencies have obtained your consent to pass on your application for employment purposes);
  • HireRight background check provider, as permitted under Data Protection Law;
  • Publicly accessible sources for example your LinkedIn Profile, Facebook and Twitter profile, as permitted under applicable data protection;
  • Your named references;
  • Disclosure and Barring Service/Conduct Search, as permitted under applicable data protection law.

The “Lawful Basis” for Processing

Under Data Protection Law, Data Controllers have to explain how Data about Data Subjects is used because they can only use Data when they are permitted to do so by law. Data Controllers will be permitted to use Data by law when they can establish a “Lawful Basis” in accordance with Data Protection Law (a lawful basis is not, however, required for the purposes of the Swiss DPA). The Lawful Basis relevant for Processing Data about you in the recruitment context is that:-

  • LEGITIMATE INTEREST – It is necessary for the purposes of legitimate interests pursued by us or by a third party and your interests or your fundamental rights and freedoms do not override our interests. It is in our legitimate interests to decide whether to appoint you to the role or provide you with work since it would be beneficial to our business to appoint someone to that role or work.
  • CONTRACT – It is necessary for entering into a contract with a You. We need to process your Data to decide whether to enter into a contract of employment or work with you.

For the purpose of the CCPA, the list below sets out our purposes for collecting your Personal Information.

We will use the Data we collect about you to:

  • Assess your skills, qualifications, and suitability for the work or advertised role
  • Carry out background and reference checks, as permitted by Data Protection Law
  • Assess your right to work in the country where you have applied for in compliance with immigration rules
  • Communicate with you about the recruitment process
  • Keep records related to our hiring or recruitment processes
  • Carry out data analytics including the profiles of those applying for roles with us. (In such case Smart Communications will be the Controller as defined under applicable data protection law).
  • Comply with legal or regulatory requirements for example comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations
  • Comply with specific regulatory requirements of our customers, as permitted by applicable laws
  • Manage the recruitment process, and ensure effective HR, personnel management and business administration
  • Monitor equal opportunities (In such case Smart Communications will be the Controller as defined under applicable data protection law)
  • Enable us to establish, exercise or defend possible legal claims,

Having received your CV and covering letter we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role or work. If we decide to offer you the role or work, we will then take up references, carry out a criminal record check and/or carry out any other relevant checks before confirming your appointment, to the extent permitted by law.

If the collection of any of your Data is not mandatory (for example, where we collect information on a voluntary disclosure basis for equal opportunities monitoring), and provided that the applicable law allows for it, we will let you know this before we collect it, as well as the consequences of failing to provide us with this information (if any).

If you fail to provide Data when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history) and in compliance with applicable law, we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

Special Categories of Data:

Our Lawful Basis’s for Processing your Special Category Data are as follows:

  • LEGAL OBLIGATION – Where we need to comply with a legal obligation.
  • CONSENT – You have given clear consent for us to process your Data for a specific purpose.
  • CONTRACT – It is necessary for entering into a contract with a You. We need to process your Data to decide whether to enter into a contract of employment or work with you.

 

We will only collect and use your Special Category Data, which includes information about criminal convictions and offences, when the law allows us to do so.

Some Special Category Data e.g. information about your health, and information about criminal convictions and offences, is processed so that we can perform or exercise our obligations or rights under employment law and in line with our data protection policies.

The purposes for which we are processing, or shall process, health information and information about any criminal convictions and offences, are to:

  • assess your suitability for employment or engagement
  • comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks
  • comply with specific regulatory requirements of our customers
  • comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations
  • ensure compliance with your statutory rights
  • ascertain your fitness to work
  • ensure effective HR, personnel management and business administration
  • ensure meaningful equal opportunity monitoring and reporting.

 

Where Smart Communications processes other Special Category Data i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring in recruitment and in line with our data protection policy and Data Protection Law.

Where appropriate and permitted under applicable laws, we will collect information about criminal convictions as part of the -background/screening process or we will be notified of such information directly by you in the course of you working for us.

Data that Smart Communications uses for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information. In such case Smart Communications will be the Controller as defined under Data Protection Law.

In accordance with Data Protection Law, we request relevant information about your criminal convictions history if we would like to offer you the work or role (conditional on checks and any other conditions, such as references, being satisfactory). We are required to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role.

All roles at Smart Communications and the services we supply to our customers require a high degree of trust and integrity since it involves dealing with highly regulated industries such as Investment banks and Financial Institutions and so we would like to ask you about existing job- and/or role-relevant criminal convictions and – as permitted by applicable law – to provide a copy of your criminal records history.

Change of Purpose

We will only use your Data for the purpose for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes. If we need to use your Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may also process your Data without your knowledge or consent, in compliance with the above rules, where this is permitted or required by law.

Automated Decision-Making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Third Party Recipients of Data

We take precautions to allow access to applicant Data only to SC Personnel and third parties who have a legitimate purpose for access and who require such access to perform their job duties.

We shall as part of the recruitment or selection processes share your Data with the following third parties, provided that applicable law allows us to do so:

  • Parent, Associated Employers or Group Companies
  • Legal representatives
  • Regulators and professional bodies
  • Recruiters or reference checking agencies
  • Government or statutory bodies
  • Cloud service providers
  • Consultants or Contractors working on our behalf (specifically for the purposes of recruitment and selection)
  • Background checking providers (specifically to allow them to perform the background screening)

 

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your Data in line with our policies or the data processing contract with have entered with them. We do not allow our third-party service providers to use your Data for their own purposes. We only permit them to process your Data for specified purposes and in accordance with our instructions.

Transferring Data

Your Data shall be transferred to, and processed in, countries other than the country in which you are resident; in exceptional circumstances, in any country in the world. These countries shall have data protection laws that are different to the laws of your country.

Smart Communications. In respect of transfers between SmartComms Entities we will only transfer your Data in order for Human Resources and Finance to perform their duties.

Smart Communications and our third-party service providers and partners operate around the world. This means that when your Data is collected it shall be processed in any of these countries.

Where we transfer your Data between SmartComms Entities, the transfer shall be in accordance with the Standard Contractual Clauses approved by the European Commission including supplementary measures, as applicable and appropriate. Transfers may also occur under Smart Communication’s intra group data transfer agreement which applies the same standard of adherence to Data Protection Law.

Where we transfer your Data to third parties, we shall only do so in compliance with Data Protection Law. Where such transfer is made from the United Kingdom or EEA, such transfers  are compliant with the transfer mechanisms approved by the European Commission under GDPR and equivalent UK law.

Smart Communications is committed to processing and handling your Data in accordance with Data Protection Law, and we continue to monitor guidance on Data Protection Laws regarding appropriate safeguards for transfers of Data.

Where we transfer your Data to third parties we shall only do so in compliance with Data Protection Law.

Any questions about the transmission of Data or requests to receive a copy of the Data being transferred should be addressed in writing to the Data Protection Officer, whose contact details are provided below.

Data Security:

We maintain appropriate administrative, technical and organisational measures which are designed to help safeguard the confidentiality, integrity and availability of your Data and to protect it against accidental or unlawful destruction, accidental loss, unauthorised alteration, disclosure or access, misuse, and any other unlawful form of processing. To ensure compliance with data protection laws and our internal policies, we address information security at all appropriate technology infrastructure points. We also train SC Personnel on the importance of data privacy and we permit SC Personnel to access Data solely on an authorized need to know basis.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention:

The periods for which Data will be stored and the criteria used to determine retention periods or whether Data can be deleted will depend on the information in question, its relevance or sensitivity; however, generally, Data will be deleted if it has been superseded by other relevant or up to date information, if it is out of date, irrelevant or no longer necessary.

Generally, provided that the applicable law allows for it, this means that your Data will be retained until the end of your employment application, or work relationship with us plus a period of 12 months after we have communicated to you our decision about whether to appoint you to a role or offer you work. Once hired, we will retain your Data for the period of your employment with us and as required to comply with applicable retention obligations under Data Protection Law. We retain your Data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely delete your Data in accordance with our Data Retention Policy. In some circumstances we shall anonymise your Data so that it can no longer be associated with you, in which case we shall use such information without further notice to you.

Your Rights in Relation to you Data:

Under certain circumstances, by law you have the right to:

  • Request access to your Data (commonly known as a “data subject access request”). This enables you to receive information about the Data we hold about you. California residents have the right to a data subject access request on the Data we collect, how we collect it, the purpose of processing, and any specific Data we process about them.
  • Request correction of the Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Data. This enables you to ask us to delete or remove Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove your Data where you have exercised your right to object to processing (in certain circumstances).
  • Object to processing of your Data where we are relying on a legitimate interest for processing (or a legitimate interest of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Data for direct marketing purposes.
  • Request the restriction of processing of your Data. This enables you to ask us to suspend the processing of Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the portability of certain Data to another party.
  • Withdraw your consent at any time, where we process your Data on the basis of consent.
  • Not be discriminated against for exercising your rights under Data Protection Laws.

Conditions, exceptions and restrictions might apply with regard to the exercise of these rights under Data Protection Law. Subject to conditions, and exceptions, and restrictions under the CCPA, applicant who are California residents have the above privacy rights.

Before we are able to respond to your request, we will ask you to verify your identity and to provide further details about your request.

Also, please note that Smart Communications does not carry out any automated decision-making, including profiling, which produces legal effects concerning you or which otherwise similarly significantly affects you.

If you want to review, verify, correct or request erasure of your Data, object to its Processing, or request that we transfer a copy of your Data to another party, please [email protected] in writing. We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice [email protected]. California applicants may additionally exercise their rights under the CCPA by contacting the company at 1-800-986-6810.

You also have the right to lodge a complaint as to our Processing of your Data with the competent data protection supervisory authority in your country. You can:

For California residents, you can find a form to file with the California Attorney General here: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company

Changing this Privacy Notice

Smart Communication reserves the right to update this Privacy Notice at any time, and it will provide you with a new Privacy Notice when we make substantial changes. We may also notify you in other ways from time-to-time about the processing of your Data.

Any questions about this Privacy Notice should be directed to [email protected].