GDPR Candidate Privacy Notice
Syniti is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect your personal data and indicates how and why your data will be used for the primary purpose of recruitment, and how long it will usually be retained for. Furthermore, this notice provides you with the information that must be provided under the General Data Protection Regulation (GDPR), and it also covers matters relating to our Privacy Shield Certification. Finally, this notice applies to all candidates in the European Union (EU), the UK, and Switzerland. For any questions regarding this privacy notice, please refer to the “Contact Details and Your Rights of Complaint” section below.
RESPONSIBILITY FOR YOUR INFORMATION
BackOffice Associates, LLC d/b/a Syniti and BackOffice Associates Ltd. d/b/a Syniti are “data controllers” of your personal information for the purposes of processing your candidacy. For candidates for roles based in:
- France, BackOffice Associates – France is also a data controller;
- Germany, BackOffice Associates Germany GmbH d/b/a Syniti is also a data controller;
- Italy, Syniti Direct Solutions (HiT Software) is also a data controller;
- Netherlands, BackOffice Associates – Netherlands is also a data controller;
- Spain, BackOffice Associates Spain S.L. is also a data controller; and
- Switzerland, BackOffice Associates – Switzerland is also a data controller.
This means that we are responsible for deciding how we hold and utilize personal information about you as a candidate for a potential position at Syniti (whether as an employee, contractor, trainee, or intern).
THE TYPES OF INFORMATION WE HOLD ABOUT YOU
We collect, store, and use the following categories of information about you during our recruitment process:
- Your name, address, email address, telephone number, and other contact information
- The information you provide in your CV/resume and cover letter
- Any additional information you provide to us in support of an application
- Information included in your profile created on our careers site
- Information from interviews and screenings you may have
- Details of the type of role you are looking for, current salary (where relevant) and salary expectations, and other terms relating to compensation and benefits packages, or other job preferences
- Details of how you heard about the position you are applying for
- Results of the surveys, where relevant
- Reference information and/or information received from background checks, including information provided by third parties
- Information relating to any previous recruitment and/or employment history with us
- If we offer you reimbursement of costs incurred by you in connection with the recruitment process and you accept such an offer – information necessary to execute such reimbursement;
- Information relevant to your right to work or being eligible for internship/traineeship, including nationality, or citizenship for visa purposes; and
- CCTV footage when you are visiting our premises.
We may also collect, store, and use the following “special categories” of more sensitive personal information:
- Information about your national origin where relevant for visa purposes
- Medical or health information where relevant
- Information about criminal convictions and offenses where required for the role and legally permissible (UK only)
HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We collect personal information about candidates from the following sources:
- You (the candidate)
- Our background check provider for roles in all countries except Poland, from whom we collect the following categories of data:
- Six years’ activity history (including employment history)
- Full academic history
- Address verification
- Professional qualifications history
- Credit check (for roles in professional services, finance, and legal only)
- Driving license endorsements check (for roles in professional services, finance, and legal in the UK only)
- Directorship check
- Global Watchlist check (roles outside the UK only)
- Our PI provider, from whom we collect the PI report generated as a result of data submitted by you to the PI provider
- Our recruitment service providers with whom we collaborate
- Disclosure and Barring Service with respect to criminal convictions in the UK for the roles outlined above
- Your named referees from whom we collect confirmation of your role and dates of employment
- Any external provider who advertises a role on our behalf
- Information about you, including your contact details, your profile, and CV (if available) from the following publicly available sources: LinkedIn, Xing, No Fluff, and Twitter; etc.
HOW WE WILL USE THE INFORMATION ABOUT YOU
We will use the personal information we collect about you to:
- Assess your skills, qualifications, and suitability for the role for which you are being considered, or other relevant roles we have
- Carry out background and reference checks where applicable
- Communicate with you about the recruitment process including, in appropriate cases, informing you of other potential career opportunities with us
- Create records relating to our hiring process
- Assist you with obtaining an immigration visa or work permit where required
- Review our recruitment practices including diversity monitoring
- Reimburse you for the costs incurred by you in connection with the recruitment process where relevant
- Comply with legal or regulatory requirements
If you accept a role with us, the information collected during the recruitment process will become part of your employment record.
It is your responsibility to obtain consent from referees to the processing of their personal information before providing it to us.
HOW WE USE SENSITIVE INFORMATION
We may use your sensitive information in the following ways:
• We will use information about your disability status to consider whether we need to adjust the recruitment process
• We may use information about your national origin for visa and immigration purposes if relevant
• We will use information about criminal convictions for roles which involve a high degree of trust and integrity and for roles where this is a customer requirement (UK only)
We may only use information relating to criminal convictions where the law allows us to do so. We have in place appropriate safeguards when processing this data which are required by law.
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION AND SENSITIVE PERSONAL INFORMATION
Our legal basis for processing your personal information includes processing that is necessary for our legitimate interests including the processing activities described above for our recruitment process.
Our legal basis to process your sensitive personal information includes processing that is based on your consent to us processing your personal information for the purposes of recruitment. You have the right to withdraw your consent to this processing at any time. To withdraw your consent, please contact privacy@syniti.com. Once we have received your notification that you have withdrawn consent, you will be withdrawn from our recruitment process and, subject to our retention policy, we will dispose of your data securely, unless we have another legal basis for processing it in law.
IF YOU FAIL TO PROVIDE PERSONAL INFORMATION
If you fail to provide information when requested, which is necessary for us to consider your application, we will not be able to take you forward in our recruitment process. For example, we require a reference for this role and you fail to provide us with relevant details, we will not be able to take your candidacy further.
AUTOMATED DECISION MAKING
You will not be subject to decisions that will have a legal or similarly significant impact on you based solely on automated decision-making.
DATA SHARING
WHY MIGHT YOU SHARE MY DATA WITH THIRD PARTIES?
We may share your information with other companies in the Syniti group as well as limited members of our human resources, IT, and finance departments as well as relevant third parties, including our background check provider, our recruitment service providers and with our PI provider. All our third party providers and other entities in the group are required to take appropriate security measures to protect your personal information. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specific purposes and in accordance with our instructions.
We may also be required to disclose your information to external third parties such as local labor authorities, courts and tribunals, regulatory bodies and/or law enforcement agencies for the purposes of complying with applicable laws and regulations or in response to legal process. For internship and traineeship opportunities, we may also be required to share your data with relevant educational entities to comply with applicable laws and regulations.
TRANSFERRING INFORMATION OUTSIDE THE EU
We will transfer some of the personal information we collect about you to the following countries outside the EU: USA, UK (at the time of updating, the UK is due to leave the EU in 2020), India (expenses only), and Switzerland if any part of the hiring team is based there. Other than Switzerland, there is not an adequacy decision by the European Commission with respect to the other countries, which means that the countries to which we transfer your data are not deemed to provide an adequate level of protection for your personal information. However, to ensure that your personal information does receive an adequate level of protection, we have inserted intercompany agreements including Standard Contractual clauses in place with these entities outside the EU, which is a mechanism approved by the European Commission to give appropriate protection. In addition, we are certified for the Privacy Shield Frameworks (see below). If you would like further information about this, please contact privacy@syniti.com.
DATA SECURITY
We have implemented appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal information to those employees, contractors, and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
DATA RETENTION
HOW LONG WILL YOU USE MY INFORMATION FOR?
We will retain your information in accordance with applicable law and our Retention Policy. We retain your information for that period so we can comply with legal requirements. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.
If we wish to retain your personal information on the basis that a further opportunity may arise in the future and we may wish to consider you for that, we will contact you separately, seeking your explicit consent to retain your information for a fixed period on that basis.
RIGHTS OF ACCESS, CORRECTION, ERASURE, RESTRICTION, AND PORTABILITY
Your Responsibility to Inform Us of Changes
It is important that the personal information we hold about you is accurate. Please keep us informed if your personal information changes during your recruitment process with us.
Your Rights in Connection with Personal Information
You may, in accordance with applicable law have the following rights:
- Right to request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Right to request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party), and there is something reasonable about your particular situation which makes you want to object to processing on this ground.
- Right to request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
- Right to request the transfer of your personal information to yourself or another party (the right to portability).
If you want to review, verify, correct, or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact privacy@syniti.com.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to ask for specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.
CONTACT DETAILS AND YOUR RIGHTS OF COMPLAINT
If you have any additional questions about this privacy notice or how we handle your personal information, please contact privacy@syniti.com.
You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues in the country in which you are based.
PRIVACY SHIELD CERTIFICATION
As described in our Privacy Shield certification https://www.privacyshield.gov/, we comply with the EU-US and Swiss-US Privacy Shield Frameworks as specified by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Backoffice Associates, LLC d/b/a Syniti has certified that it adheres to the Privacy Shield Principles. Syniti remains liable for any of the personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf, as described above. To learn more about the Privacy Shield program, and to view Syniti’s certification, please visit the Privacy Shield website https://www.privacyshield.gov/. Syniti is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In certain circumstances the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles https://www.privacyshield.gov/.
STATUS OF AND CHANGES TO THIS NOTICE
This notice does not form part of any employment contract or other contract to provide services. We may update this notice at any time and changes will appear on this page.
Last updated June 29, 2020