Job Applicant Privacy Policy

Job Applicant Privacy Notice

What is this notice and why should you read it?
1. This privacy notice explains how and why the Draken Europe group, including each of its operating entities (also referred to as “Draken Europe”, “we”, “our” and “us”) uses personal data about individuals that apply to become employees, staff, contractors, trainees, officers, consultants, and temporary or agency workers of Draken Europe (referred to as “Applicants” or “you”).
2. You should read this notice, so that you know what we are doing with your personal data. Please also read any other privacy notices that we give you, that might apply to our use of your personal data in specific circumstances in the future (for example, should you be successful in your application, the processing of your personal data will be in accordance with the Draken Europe Employee Fair Processing Notice).
3. This notice does not form part of any contract with you (including any contract of employment that may be offered) or any other contract to provide services.
Draken Europe’s data protection responsibilities
1. “Personal data” is any information that relates to an identifiable natural person. Your name, address, contact details, salary details and CV are all examples of your personal data, if they identify you.
2. The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission.
3. Draken Europe is a so-called "controller" of your personal data. This means that we make decisions about how and why we process your personal data, and, because of this, we are responsible for making sure it is used in accordance with data protection laws.
What types of personal data do we collect and where do we get it from?
1. We collect many different types of personal data about you for lots of reasons. We cannot administer your application without your personal data. Where we don’t need your personal data, we will make this clear, for instance we will explain if any part of an application form that you are required to complete is optional and can be left blank.
2. Further details of the personal data we collect, where we get it from and what we do with it are set out in Schedule 1 .
3. As set out in the table at Schedule 1 we collect your personal information from you directly when you correspond with us and apply for a job with us. We also create some personal data ourselves and obtain some personal data from other people and organisations, including some public sources, such as publicly available directories and online resources, your previous employers, your use of Draken Europe systems and platforms and your (or our) Recruitment Partners (as applicable).
4. Due to the type of business undertaken by Draken Europe, we also conduct background checks on our Applicants. Depending on the role applied for, these checks can relate to any criminal convictions that you may have and include those checks that are required by applicable law and those required for our own policy compliance. Please see also the section below in relation to ‘Sensitive Information’.
5. If any of the personal information you have given to us changes, such as your contact details, please inform us without delay by contacting your Draken Europe recruitment contact (which may be the Recruitment Partners appointed by Draken Europe).
What do we do with your personal data and why?
1. We process your personal data for particular purposes in connection with your application or engagement with us, and the management and administration of our business.
2. We are required by law to always have a permitted reason or justification (called a “lawful basis”) for processing your personal data. There are six such permitted lawful basis for processing personal data. The table at Schedule 2 sets out the different purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.
3. Please note that where we have indicated in the table at Schedule 2 that our processing of your personal data is either:
  1. necessary for us to comply with a legal obligation; or
  2. necessary for us to take steps, at your request, to potentially enter into an employment contract with you and you choose not to provide the relevant personal data to us, we may not be able to enter into our contract of employment or engagement with you.
4. We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand which areas of our business receive the most Applicants.
Sensitive Information
1. Some of the processing described in the table at Schedule 2 will include the processing of ‘special categories of personal data’ and/or sensitive personal data (together, “Sensitive Information”). This refers to sensitive or special categories of personal data for which applicable laws require us to process with more care.
2. The table at Schedule 3 sets out the different purposes for which we process your Sensitive Information and the relevant lawful basis on which we rely for that processing. For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.
Who do we share your personal data with, and why?
1. Sometimes we need to disclose your personal data to other people.
2. We are part of the Draken Europe group, which includes a number of companies and operations globally. Therefore, we may need to share your personal data with other companies in the Draken Europe group for our general business and workforce management purposes and, in some cases, for line management, authorisations/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis. For example, your application may be shared with other group members if the authority of that member is required to approve the offering of an employment contract.
3. Access rights between members of the Draken Europe group are limited and granted only on a need to know basis, depending on job functions and roles.
4. Where any Draken Europe group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to make sure your personal data is protected [and we will enter into a written contract imposing appropriate security standards on them].
5. From time to time we may ask third parties to carry out certain business functions for us, such as IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data and we will enter into a written contract imposing appropriate security standards on them. Examples of these third-party service providers include service providers and/or sub-contractors, include HR and marketing service providers, and our IT systems software and maintenance, back up, and server hosting providers.
6. In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is in relation to:
  1. services provided to you or us by a third party acting independently to Draken Europe, but which has a relationship with Draken Europe, for example a Recruitment Partner;
  2. the purchase or sale of our business (or part of it) in connection with a share or asset sale, as part of which we may disclose or transfer your personal data to the prospective seller or buyer and their advisors; and/or
  3. the disclosure of your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.
7. We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
  1. consultants and professional advisors including legal advisors and accountants;
  2. courts, court-appointed persons/entities, receivers and liquidators;
  3. business partners and joint ventures;
  4. trade associations and professional bodies;
  5. governmental departments, statutory and regulatory bodies including (in the UK) the Department for Work & Pensions, Information Commissioner’s Office, the police and Her Majesty’s Revenue and Customs.
Where in the world is your personal data transferred to?
1. As part of a global organisation, Draken Europe may transfer your personal data to recipients (either internally or externally, as set out above) that are established in jurisdictions other than your own. Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under the laws in your jurisdiction.
2. If any disclosures of personal data referred to above require your personal data to be transferred from within to outside the European Economic Area, we will only make that transfer if:
  1. the country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
  2. we have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient;
  3. the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or
  4. you explicitly consent to the transfer.
How do we communicate with you?
1. We will use your personal data to contact you in relation to the progress of any applications that you make with us and to respond to any other questions, comments or complaints that you may raise.
2. We will only send you information in relation to other roles and vacancies, if you have explicitly updated your role preferences or advised us that you are interested in other opportunities
How do we keep your personal data secure?
1. We will take specific steps (as required by applicable data protection laws) to ensure we take appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
How long do we keep your personal data for?
1. If you are successful in your application, we will keep your personal data during the period of your employment and then, after your employment with us ends, for as long as is necessary in connection with both our and your legal rights and obligations. If you are unsuccessful in your application, we will only retain your personal data for a more limited period of time. This may mean that we keep some types of personal data for longer than others, depending on the following factors:
  1. any laws or regulations that we are required to follow;
  2. whether we are in a legal or other type of dispute with each other or any third party;
  3. the type of information that we hold about you; and
  4. whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
2. For more information on our data retention practices, you should contact your Draken Europe recruitment contact (which may be the Recruitment Partner(s) appointed by Draken Europe)
What are your rights in relation to your personal data and how can you exercise them?
1. You have certain rights, which are briefly summarised at Schedule 4 , in relation to any personal data about you which we hold.
2. Where our processing of your personal data is based on your consent (please see Schedule 2 and Schedule 3 ), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.
3. Where our processing of your personal data is necessary for our legitimate interests (please see Schedule 2 ), you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
4. If you wish to exercise any of these rights, please contact your Draken Europe recruitment contact (which may be the Recruitment Partners appointed by Draken Europe), in the first instance.
5. You also have the right to lodge a complaint with the relevant Supervisory Authority (which is the Information Commissioner’s Office in the UK, for example).
Updates to this notice
1. We may update this notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. In the event of a material change which affects the processing of your personal data, we will notify you. We also encourage you to check this notice on a regular basis.

Schedules

SCHEDULE 1 - CATEGORIES OF PERSONAL DATA

Type of personal data	Collected from
1. Contact Information
Name(s) Address(es) Email address(es) Contact details including mobile telephone number(s)	You
2. Personal Information
Contact information (see above), as relevant Date of birth Gender Next of kin or other dependants Marital or relationship status Lifestyle and social circumstances Emergency contact information	You
3. Identity and Background Information
Contact information (see above), as relevant Details of education and qualifications and results Career history, experience and skills Passport information Driving licence information Right to work, residency and/or other visa information (where unrelated to your race or ethnicity) Curriculum Vitae (CV) or resume Educational certificates or other qualification evidence Image or photographs Application form Evaluative notes and decisions from job interviews Preferences relating to job location and salary Conflicts of interests (including where related to family networks) Background checks relating to criminal records (see also Sensitive Information) and credit score	You Recruitment Partner Your previous employers Publicly available information from online resources
4. Financial Information
Contact information (see above), as relevant Bank account details Previous and/or offered salary, compensation and other remuneration and benefits information National insurance number and/or other governmental identification numbers Tax codes	You Your previous employer
5. Sensitive Information
Racial or ethnic origin (including your nationality and visa information) Data concerning physical and/or mental health (including occupational health requirements, accident reports, day-to-day health concerns such as diabetes or epilepsy conditions which we should be aware of, dietary requirements, allergies, drug and alcohol test results and reasons for any short term or long-term absence) Health and safety and accident records and reports Sexual orientation Information relating to actual or suspected criminal convictions and offences	You Your use of Draken Europe security control systems
6. Applicant Administration Information
Contact information (see above), as relevant Offered terms and conditions of employment Your working preferences and feedback in relation to Draken Europe and our staff Your preferences in relation to our use of your personal data	You
7. Application Performance Information
Contact information (see above), as relevant Interview notes, appraisals, and associated feedback Psychometric test results	You Recruitment Partner Draken Europe staff
8. Investigation, Grievance and Complaints
Contact information (see above), as relevant Draken Europe investigations records Grievance and disciplinary records Employment tribunal records	You Draken Europe staff Third parties, as permitted by applicable law
9. Asset, Systems and Platform Usage and Communications Information
Contact information (see above), as relevant Access logs and usage records from application systems and other Draken Europe provided applications and technologies User IDs and password information IP addresses and device identifiers Relevant records of calls, messages and/or internet or other data traffic and communications	You Your use of Draken Europe assets, systems and platforms
10. Security, Location and Access Information
Contact information (see above), as relevant Information (including images) captured or recorded by electronic card access systems, CCTV and other security control systems	You Your use of Draken Europe security control systems

SCHEDULE 2 - PROCESSING ACTIVITIES AND LAWFUL BASIS

	Purposes of processing	Categories of personal data	Lawful basis We are permitted to process your personal data because…
	Purposes of processing	Categories of personal data	You have given your consent to the processing	It is necessary to perform your employment contract	It is necessary for us to comply with a legal obligation	It is necessary for our legitimate interests or those of third parties		It is necessary to protect your vital interests (or those of someone else)
a) Recruitment and workforce planning
1.	Developing, operating and collecting feedback on recruitment activities and employee selection processes	Personal Information Identity and Background Information Application Performance Information					✔
2.	Administering your application for a job with us and considering your suitability for the relevant role	Personal Information Identity and Background Information Application Performance Information					✔
3.	Obtaining, considering and verifying your employment references and employment history	Identity and Background Information Application Performance Information					✔
4.	Reviewing and confirming your right to work	Identity and Background Information			✔
5.	Conducting verification and vetting, including criminal background checks and credit checks where required by law (Note: please also see Schedule 3)	Sensitive Information Identity and Background Information			✔
6.	Conducting background checks, verification and vetting which are not required by law but needed by us to assess your suitability for your role (Note: please also see Schedule 3)	Identity and Background Information Sensitive Information	✔ (where such checks involve the processing of Sensitive Information your consent may be required – please see Schedule 3)				✔
7.	Making a job offer to you and entering into a contract of employment with you	Personal Information Financial Information Applicant Administration Information		✔
8.	Identifying and assessing Draken Europe’s strategic business direction, resourcing needs and areas for development	Applicant Administration Information Application Performance Information					✔
9.	Promotion and succession planning	Applicant Administration Information Application Performance Information					✔
10.	Analysing recruitment and retention objectives, processes and employee turnover rates	Applicant Administration Information Job Performance Information					✔
b) General Applicant management and administration
11.	Communicating with you and providing you with information in connection with your application or engagement with us from time to time	Personal Information		✔			✔	✔
12.	General staff administration, including workforce management and facilities operations	Employment Administration Information Asset, Systems and Platform Usage and Communications Information					✔
13.	Managing our health and safety compliance obligations (Note: please also see Schedule 3)	Applicant Administration Information Sensitive Information			✔
14.	Determining whether any adjustments are necessary to enable you to carry out a role (Note: please also see Schedule 3)	Personal Information Sensitive Information		✔	✔
15.	Considering your suitability for existing and future vacancies	Personal Information Application Performance Information					✔
16.	Handling grievances and complaints, including investigating issues, considering appropriate resolution and mitigating actions and reviewing outcomes	Investigation, Grievance and Complaints					✔
17.	Responding to feedback requests from you or your recruiter	Applicant Administration Information Application Performance Information Investigation, Grievance and Complaints					✔
c) Security and governance
18.	Monitoring the security of Draken Europe’s physical premises and systems, networks and applications	Security, Location and Access Information			✔		✔
19.	Identifying and authenticating Applicants and other individuals (Note: please also see Schedule 3)	Security, Location and Access Information Sensitive Information					✔
20.	Identifying, investigating and mitigating suspected misuse of Draken Europe’s assets, systems and platforms (Note: please also see Schedule 3)	Asset, Systems and Platform Usage and Communications Information Security, Location and Access Information Sensitive Information			✔		✔
d) Legal and regulatory compliance and responsibilities
21.	Managing and administering our equal opportunities reporting (Note: please also see Schedule 3)	Sensitive Information	✔
22.	Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities (Note: please also see Schedule 3)	Potentially all categories of personal data			✔
23.	Responding to non-binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities (Note: please also see Schedule 3)	Potentially all categories of personal data					✔
24.	Complying with disclosure orders arising in civil proceedings (Note: please also see Schedule 3)	Potentially all categories of personal data			✔
25.	Investigating, evaluating, demonstrating, monitoring, improving, reporting on and meeting Draken Europe’s compliance with relevant legal and regulatory requirements (Note: please also see Schedule 3)	Potentially all categories of personal data			✔
26.	Investigating, evaluating, demonstrating, monitoring, improving, reporting on and meeting Draken Europe’s compliance with best practice and good governance responsibilities (Note: please also see Schedule 3)	Potentially all categories of personal data					✔
e) Day-to-day business operations
27.	Implementing, adapting and enhancing systems and processes to develop or improve our business and/or make the application process easier or more enjoyable	Applicant Administration Information Investigation, Grievance and Complaints Asset, Systems and Platform Usage and Communications Information Security, Location and Access Information					✔
28.	Managing, planning and delivering our global business strategies	Application Administration Information Application Performance Information					✔
29.	Supporting and maintaining our technology infrastructure	Asset, Systems and Platform Usage and Communications Information Security, Location and Access Information		✔			✔
30.	Supporting the sale, transfer or merging of part or all of our business or assets, or in connection with the acquisition of or by another business (Note: please also see Schedule 3)	Potentially all categories of information			✔		✔
31.	Helping to attract, monitor and maintain an inclusive and diverse workforce (Note: please also see Schedule 3)	Personal Information Sensitive Information	✔ (where this involves the processing of Sensitive Information, your consent may be required – please see Schedule 3)		✔ (where such a legal obligation applies)		✔

SCHEDULE 3 - SENSITIVE INFORMATION – PROCESSING ACTIVITIES AND LAWFUL BASIS

	Purposes of processing	Sensitive Information - lawful basis We are permitted to process your personal data because…
	Purposes of processing	You have given your explicit consent to the processing	It is necessary for your/our obligations and rights in the field of employment and social security and social protection law	It is necessary to protect the vital interests of the data subject or another person you or they are physically or legally incapable of giving consent	It is necessary for our establishment, exercise or defence of legal claims	It is necessary for reasons of substantial public interest	It is necessary for preventive or occupational medicine, for the assessment of the working capacity of the employee
a) Recruitment and workforce planning
1.	Conducting verification and vetting, including criminal background checks and credit checks where required by law		✔			✔
2.	Conducting background checks, verification and vetting which are not required by law but needed by us to assess your suitability for your role	✔				✔ (where such checks relate to matters of national security and defence)
b) General application management and administration
3.	Managing our health and safety compliance obligations		✔			✔
4.	Determining whether any adjustments are necessary to enable you to carry out a role		✔			✔
c) Security and governance
5.	Identifying and authenticating Applicants and other individuals	✔			✔ (where such processing is necessary to detect or prevent an unlawful act)	✔ (where such processing is required as a matter of national security and defence)
6.	Identifying, investigating and mitigating suspected misuse of Draken Europe’s assets, systems and platforms				✔
d) Legal and regulatory compliance and responsibilities
7.	Managing and administering our equal opportunities reporting					✔
8.	Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities or sharing information (on a voluntary basis) with the same				✔
9.	Responding to non-binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities	✔				✔ (where such processing is necessary to detect or prevent an unlawful act)
10.	Complying with disclosure orders arising in civil proceedings				✔
11.	Investigating, evaluating, demonstrating, monitoring, improving and reporting on Draken Europe’s compliance with relevant legal and regulatory requirements				✔
12.	Investigating, evaluating, demonstrating, monitoring, improving, reporting on and meeting Draken Europe’s compliance with best practice and good governance responsibilities	✔			✔	✔ (where such processing is necessary to detect or prevent an unlawful act or to comply with law or a regulatory code of conduct)
e) Day-to-day business operations
13.	Supporting the sale, transfer or merging of part or all of our business or assets, or in connection with the acquisition of or by another business	✔
14.	Helping to attract, monitor and maintain an inclusive and diverse workforce	✔

SCHEDULE 4 - YOUR RIGHTS IN RELATION TO PERSONAL DATA

Your right	What does it mean?	Limitations and conditions of your right
Right of access	Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “*data subject access request*”).	If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
Right to data portability	Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.	If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal data that has been provided to us by you.
Rights in relation to inaccurate personal or incomplete data	You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number, immigration status.	Please always check first whether there are any available self-help tools to correct the personal data we process about you. This right only applies to your own personal data. When exercising this right, please be as specific as possible.
Right to object to or restrict our data processing	Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.	As stated above, this right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.
Right to erasure	Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten” ), e.g. where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.	We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.
Right to withdrawal of consent	As stated above, where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time.	If you withdraw your consent, this will only take effect for future processing.

Job Applicant Privacy Policy

Schedules

SCHEDULE 1 - CATEGORIES OF PERSONAL DATA

SCHEDULE 2 - PROCESSING ACTIVITIES AND LAWFUL BASIS

SCHEDULE 3 - SENSITIVE INFORMATION – PROCESSING ACTIVITIES AND LAWFUL BASIS

SCHEDULE 4 - YOUR RIGHTS IN RELATION TO PERSONAL DATA

Cookies & Privacy