This recruitment privacy notice (also, the “Notice”) describes how Veriff (“we”, “us”) processes job applicant’s Personal Data.
Please read about your rights and the main privacy principles that every employee is to follow from the Veriff general Privacy Notice. Here you can find data processing specifics in case of recruitment.
The specific information on how we handle your Personal Data when you are an employee, will be made available to you when you enter into a contract with Veriff.
Please review this recruitment privacy notice carefully and contact us if you have any comments, questions or concerns. You can reach our data protection officer (DPO) via email at firstname.lastname@example.org or by submitting a form via the link here.
1.1 Terms have the same meaning in this recruitment privacy notice as in the Veriff general Privacy Notice, unless otherwise provided here.
1.2 This Notice is for potential employees, i.e. job applicants (“job applicants” or “you”) and gives an overview of how Veriff processes job applicants’ Personal Data for the recruitment process.
1.3 Additional information may be provided under listed job offers or during the recruitment process, in which case those processing rules are either complimentary to this Notice or prevail over this Notice.
2.1 Personal Data.When we use the term “Personal Data” in this Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual within the context of the individual acting as a recruit or job applicant of Veriff. It does not include aggregated or de-identified information that is maintained in a form that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual. Where we maintain de-identified data, we will maintain and use the data in de-identified form and not attempt to re-identify the data except as required or permitted by law. Categories of Personal Data relevant in the context of our recruitment process are described in p 2.3 below.
2.2 When is your data processed? We are constantly hiring new talent and thus encourage as many applicants as possible to enter into our recruitment process. During recruitment, we process the Personal Data of job applicants we contact with possible job offers as well as the job applicants who apply themselves.
2.3 Content of processed Personal Data. We may collect and process, among other information, the following Personal Data:
(1) Identification Data, such as name, date of birth, picture, personal identification code, legal capacity, nationality, citizenship, IP address and identification document details such as number, name, issuing country, security features, expiration dates and copies, details related to sanctions control, such as documentation of immigration status or residency permit, banking information;
(2) Contact And Communication Data, such as address, phone number, email address, messages sent to us or to you by us;
(3) Web-Related Information, such as data about your interaction (clicks and openings) with our emails;
(4) Current And Previous Employment Data, such as data about your current and previous employer, position within the company, etc.;
(5) Data Related To Your Candidacy, such as CV, cover letter, job preferences, recommenders, (video)interviews, results of your tests and analyses, etc.;
(6) Publicly Available relevant Data, such as checks in public sanctions lists, checks in relevant public records for verification of given data, public social media accounts, etc.
(7) Background Screening Data, as our Service requires a high level of trust, considering the position, we may process job applicants’ background information, such as criminal records check (past offences), reference checks (e.g. professional certifications), and confirmation reports (e.g. living permit) to the extent permitted by law. In certain cases job applicants and employees may choose or may have to go through Veriff-determined background screening service provider's background check. In those cases, the the terms and privacy policies of those service providers will also apply;
(8) Identity Verification Data, as named in Section 4.1 in Veriff general Privacy Notice, including photos and videos, as well as face scans and other measurements extracted from the same - some of this extracted data may be considered biometric data and/or sensitive data in certain jurisdictions. If you are from Texas or Illinois, please see also Section 12.2 of Veriff general Privacy Notice, which governs our collection and use of your biometric data, if any.
2.4 Sources of Personal Data. We usually obtain Personal Data directly from you when you apply for a position with us or when we contact you with a possible job offer. In addition, we collect your Personal Data independently through different channels (e.g. via social media profiles, online job sites). We may also collect your Personal Data from third parties, such as professional recruiting firms, your references, prior employers and employment background check providers, to the extent this is permitted by applicable law. During the recruiting process we may ask for the submission of different information that enables us to assess your suitability for the relevant position. You are not required to provide any of the requested information to us, but kindly note that failing to do so may result in you not being able to continue your candidacy for the position.
2.5 Sensitive Information. Through the recruitment process, we usually do not seek to obtain special categories of Personal Data (“sensitive information”), such as data concerning your race or ethnicity, health, disabilities, philosophical beliefs, sexual orientation, gender identity and transgender status, and biometric information. However, sometimes the collection of such data is mandatory by law or there may be opportunities to voluntarily disclose such information. If sensitive information is disclosed, we may use this sensitive information for the purposes set forth in this Notice. We do not sell sensitive information, and we do not process or otherwise share sensitive information for the purpose of targeted advertising. However, subject to certain legal limitations and expectations, you may be able to limit the processing of sensitive information as described in Veriff general Privacy Notice and under the Data retention section below.
3.1 We process your Personal Data as a Data Controller on the following grounds: under legitimate interest for managing recruitment processing and assessing your suitability for the position (purposes No. (1) up to (4), (6), (8), (9) in case of document verification, and (10)), for preparing and performance of the contract (purpose No. (5) and (11)), for compliance with our legal obligation (purpose No. (3), (7), (9) if legally obliged to do so in respective jurisdiction, and (12)), and on the basis of consent (purposes No (8) and (9) in case of remote verification). The purposes of processing are as follows:
(1) identify the individual as a potential candidate and review their application for a position with us;
(2) to determine job applicants’ suitability for the available position;
(3) to verify the data submitted by the job applicant (including carrying out reference checks and/or conducting background screenings where applicable);
(4) to manage the recruitment process and communicate with the job applicant about the progress of the process;
(5) in the case of a successful application, to prepare a job offer and employment contract, and to fulfil the onboarding activities;
(6) to protect our rights;
(7) for business management and administrative purposes, such as record-keeping and improving our recruitment and business practices, and following limitations related to sanctions;
(8) to store the information in order to inform the job applicant about our vacant positions and make a job offer in the case of a suitable position in the future;
(9) to verify the identity of the job applicant for employment fraud prevention reasons (to make sure a job applicant is who they claim to be);
(10) to conduct internal investigations, audits, compliance, risk management, problem resolution, and security operations;
(11) to fulfil contractual obligations to recruits, job applicants, and other third parties;
(12) to comply with applicable law, rule, regulation, legal proceeding, and governmental investigations including relating to tax reporting and immigration.
4.1 We may share your Personal Data with third parties for the purposes listed in Section 3 of this Notice for the following purposes:
(1) Within Veriff: We share Personal Data relating to recruits and job applicants within our group companies for internal administrative purposes and uses that are consistent with this Notice. For example, the Veriff entity responsible for the job posting may share Personal Data about a job applicant with another Veriff entity that is responsible for our organization-wide recruiting and employment decisions.
(2) Recruiters and Job Application Providers: We often engage recruiters and job application providers to assist us in identifying potential job applicants and processing job applications we receive. In order for these third parties to assist us in the recruiting and job application process, we share Personal Data about potential and current personnel with them. For the conditions for such sharing, see Veriff general Privacy Notice Chapter 8.
(3) Other Service Providers: In addition to the third parties identified above, we engage other third parties to perform certain functions on our behalf, including assisting us with our recruiting process, personnel management, benefits and services offerings and other related business operations. Depending on the function the third party serves, the service provider may process Personal Data on our behalf or have access to Personal Data while performing functions on our behalf.
(4) Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose Personal Data to a third-party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal data may also be disclosed in the event of insolvency, bankruptcy, or receivership.
(6) Otherwise with Consent or Direction: We may disclose Personal Data about our recruits and job applicants to certain other third parties with your consent or direction.
4.2 Sales, sharing or targeted advertising. Except as otherwise described about Cookies in Veriff general Privacy Notice, we do not sell Personal Data about individuals acting in their capacity as job applicants, and we do not share or otherwise disclose Personal Data about individuals acting in their capacity as job applicants to third parties for the purpose of displaying advertisements that are selected based on Personal Data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”).
5.1 We store the Personal Data of job applicants during the recruitment process and for as long as necessary to fulfill the purpose for which it was collected. However, if necessary, we may retain personal data for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator, or other government authority.
5.2 To determine the appropriate duration of retention of Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of Personal Data and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting, and other applicable obligations. Once retention is no longer necessary for the purposes outlined above, we will either delete or de-identify the Personal Data or, if this is not possible (for example, because Personal Data has been stored in backup archives), then we will securely store the Personal Data and isolate it from further processing until deletion or deidentification is possible.
5.3 Please note, that if you enter into an employment (or similar) contract with us, different retention periods apply. Different retention periods may apply to background screening results, depending on the result and the format of the extract. Extracts of results will only be retained after the check for as long as needed to prove any decision about candidacy and/or authenticity of the extract.
6.1. You may be able to exercise the following rights (subject to certain limitations at law):
(1) The Right to Know: The right to get confirmation whether we are processing Personal Data about you and to obtain certain personalized details about the Personal Data we have collected about you, including:
a. the categories of Personal Data collected;
b. the categories of sources of the Personal Data;
c. the purposes for which the Personal Data were collected;
d. the categories of Personal Data disclosed to third parties (if any), and the categories of recipients to whom the Personal Data were disclosed;
e. the categories of Personal Data shared for cross-context behavioral advertising purposes (if any), and the categories of recipients to whom the Personal Data were disclosed for those purposes; and
f. the categories of Personal Data sold (if any), and the categories of third parties to whom the Personal Data were sold. Please note that as stated in section 4.2 above, we generally do not sell your data nor share it for cross-context behavioural advertising purposes.
(2) The Right to Access & Portability: The right to obtain access to the Personal Data we have collected about you and the right to obtain a copy of the Personal Data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
(3) The Right to Correction: The right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of the Personal Data.
(4) The Right to Control Over Sensitive Information: The right to exercise control over our collection and processing of certain sensitive information, if such right is applicable to you.
(5) The Right to Deletion: The right to have us delete the Personal Data we maintain about you.
(6) The Right to Non-Discrimination: The right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, please note that if you exercise these rights it limits our ability to process Personal Data, we may no longer be able to engage with you in the same manner.
(7) The Right to withdraw the consent: The right to take back the consent you have given to us for the processing of Personal Data. Please note that withdrawal of your consent shall not affect the legality of the processing that was made on the basis of consent before the withdrawal.
(8) The Right to object: The Right to file an objection if your Personal Data processing takes place on the basis of our legitimate interest or public interest.
(9) The Right to restriction of processing: The right which in certain cases allows you to direct us to limit the processing of your Personal Data for a certain period of time (e.g., if you have filed an objection to Personal Data processing).
(10) The Right to submit a complaint: If you find that your rights have been breached, you have the right to submit a complaint to a data protection authority.
6.2 Submitting Privacy Rights Requests. You can submit a request to exercise one of the privacy rights identified in Section 6.1 of this Notice by emailing us at email@example.com or by submitting a form via the link here. Before processing your request, we may need to verify your identity. In order to verify your identity, we will generally either require the successful authentication of your work-related account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we require requests to include your name, e-mail address and the date of applying for a job. We may at times need to request additional Personal Data from you, taking into consideration our relationship with you and the sensitivity of your request. In certain circumstances, we may decline a privacy rights request, particularly if we are unable to verify your identity or there is a legal basis to do so, i.e., the declining is in compliance with the law applicable to you.
6.3 Submitting Authorized Agent Requests. In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.
7.1 This Notice is available on our Website.
7.2 Kindly note that we may modify the Notice from time to time. If we make any material changes, we will notify you by posting this Notice on the Website and we will update the “Last Update” date.
7.3 You are advised to review this Notice periodically for any changes.
7.4 Changes to this Notice are effective when they are posted on this page.