We understand that you care how we use your information, and we appreciate your trust in us. This Notice outlines how we collect and use the personal data of our candidates.

Please note that this Notice covers all candidates of 2C2P and its affiliated companies.

1. Definition

   1.1 For the purpose of this document:

   • “Company” shall mean 2C2P, also referred to as “we”, “us”, “our” and “ours”;
   • “Candidates” shall mean anyone who applies for employment or other engagement with the Company;
   • “Data Protection Authority” means an independent public authority of a particular territory that supervises, through investigative and corrective powers, the application of the data protection law; provides expert advice on data protection issues; and, handles complaints lodged against violations of the General Data Protection Regulation (“GDPR”) and the local data protection law which name may vary in accordance with the terminology used pursuant to the applicable local data protection law in such relevant territory.
   • “Personal data” means any information which relates to an individual and from which that person can be identified (“data subject”) on its own or when taken together with other information which is likely to come into the Company’s possession. It includes any expression of opinion about the person and an indication of the intentions of the Company or others in respect of that person. It does not include data where, for example, the identity has been removed (anonymized data), or data from which an individual cannot be identified, or data which includes a reference to an individual but is not actually ‘about’ that individual; and
   • “Processing” means doing anything with the data, such as collecting, organizing, accessing, holding, storing, disclosing, adapting, destroying, erasing or using the data in any way. This includes processing personal data which forms part of a filing system and any automated processing.
2. Objectives

   2.1 The Company takes the privacy and security of the personal information of Candidates seriously. This Privacy Notice describes how we collect, hold and use personal information or “personal data” about you and explains your rights as a “data subject”.

   2.2 The Company intends to comply with its legal obligations under the GDPR and the local data protection law together with any other replacement law applicable to the protection of personal data in effect from time to time.

   2.3 The Company will be what is known as the “data controller” of the personal data that you, as a Candidate, provide to us. This means that we are responsible for deciding how we hold and use that personal data. We are required under Data Protection Legislation to notify you of the information contained in this Privacy Notice. If you accept employment with or are otherwise engaged by the Company we will collect more information about you and make other uses of your information.

   2.4 Information may be shared with third parties as set out in paragraph 9.

3. Data Protection Principles

   3.1 We will comply with the data protection principles in the GDPR and the local data protection law, which say that personal data must be:

   • Used lawfully, fairly and in a transparent way;
   • Collected and processed only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those stated purposes;
   • Adequate and relevant to the purposes we have told you about and limited only to those purposes for which it is processed;
   • Accurate and kept up to date;
   • Kept only as long as necessary for the purposes we have told you about; and
   • Kept securely.
4. How we collect your data

   We collect information about Candidates in the course of the recruitment process. Some of this information is collected directly from you; for example, in the forms that you are asked to complete, or in interviews or through the completion of tests. Other information may be provided to us by third parties; for example, recruitment agencies, referees and educational institutions including third party service providers or publicly available sources for anti-money laundering, background checking and similar purposes, and to protect our business and comply with our legal, regulatory and security obligations.

5. Types of personal data we hold about you

   5.1 We may collect, store and use the following categories of personal data about Candidates (subject to limitations under applicable law):

   • Basic information about yourself, such as name, title, contact details (including address, telephone number and personal email address), date of birth, gender, nationality and information provided to verify your identity;
   • Information regarding your employment and educational history, any role or roles for which you are applying or being considered for and your relevant personal interests, attributes and career aspirations and plans;
   • Other information about yourself that you provide in a resume or similar document and cover letter;
   • Responses from online assessments you complete during the application process; and
   • In the event that you attend an interview, CCTV/security camera footage and other information obtained through electronic means such as access card records/logs;

   5.2 We may also collect, store and use the following special categories of personal data about Candidates (subject to limitations under applicable law):

   • Information about racial or ethnic origin, age, gender, religious or other philosophical beliefs, sexual orientation and disability, which we collect for equality of opportunity monitoring purposes, only where it is legally permissible to do so;
   • Information about health, including any medical condition and your disability status to consider whether we need to provide appropriate adjustments during the recruitment process;
6. Reasons why we need your personal data

   Generally, we need it for our recruitment purposes. In some cases, we may not be able to consider your application if you cannot provide information that we request. There may be occasions where we need information to comply with a legal obligation, or conversely where provision of information is entirely optional and would not affect your application – we will let you know if this is the case.

7. How we use your information

   7.1 We use Candidate information in accordance with applicable law to manage the recruitment process, to communicate with you about the recruitment process, to assess you for employment or other engagement, to monitor and improve our recruitment processes and for related purposes, including, where applicable, equality of opportunity monitoring, compliance with law and regulation and purposes relating to legal claims made by or against us.

   If your application is unsuccessful
   7.2 If you are unsuccessful in your application we may also retain your Candidate information and use it to assess your suitability for future positions and roles within the organization for a period of one year, with your consent where required by applicable law (see paragraph 11 for further details).

   Your consent
   7.3 We are entitled to use, disclose and otherwise process Candidates (and former Candidates’) information as described in this Privacy Notice because we need to do so for the purposes set out in paragraph 7. We do not rely on Candidates’ consent to collect, use or otherwise process their personal information other than in exceptional circumstances where our process is genuinely optional – in those circumstances we will ask for your consent on a case-by-case basis.

   If you fail to provide personal information
   7.4 If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application successfully.

   Change of reason to collect, use or retain personal data
   7.5 We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

   7.6 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

8. Automated Decision-Making

   You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

9. Data Sharing

   9.1 Subject to applicable law, the Company may disclose Candidate information, where reasonably necessary for the various purposes set out in paragraph 7.1 to:

   • Recruitment agencies working with us in relation to your potential recruitment;
   • Other service provides processing Candidate information on our behalf in the course of supporting our business and operations;
   • To a person who takes over our business and assets, or relevant parts of them;
   • Third parties to whom the Company is required to disclose information by law or regulatory requirement (including litigation counterparties); and
   • Competent regulatory and prosecuting authorities.

   9.2 If you give us names of potential referees, we will disclose the fact that you are applying to work with us to them when we ask them for references.

   How secure your personal data with third-party service providers is
   9.3 All our third-party service providers are required to take appropriate security measures to protect your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

10. Data Security

    10.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They should only process your personal data on our instructions and they are subject to a duty of confidentiality.

    10.2 Should a breach of personal data occur, we must take notes and keep evidence of that breach. If the breach is likely to result in a risk to the rights and freedoms of individuals, we must also notify the Data Protection Authority within 72 hours.

11. Data Retention

    How long we retain your personal data for
    11.1 We will generally retain information about you throughout the recruitment process. Subject to applicable law, some information will be retained after the process ends, either because you are employed or otherwise engaged by us or, if your application is withdrawn or unsuccessful, because:

    • we retain information in case you apply to work for us again (or a suitable position within the Company becomes available); or
    • a recruitment-related dispute arises between us.

    11.2 Subject to applicable law, we will delete or anonymize or restrict/discontinue the processing or personal data when it is no longer needed after the recruitment process ends, in accordance with policies and in accordance with applicable law.

    11.3 If we wish to retain your personal data on file for a period of one year, on the basis that a further opportunity may arise within that time and we may wish to consider you for that, we will write to you, seeking your explicit consent to retain your personal information for a fixed period on that basis.

    11.4 As a general principle, we do not retain Candidate information (except in anonymized / statistical form) for longer than we need it, given the purposes for which it is held.

12. Rights of Access, Correction, Erasure and Restriction

    Your rights in connection with personal data
    12.1 Under certain circumstances, by law you have the right to:

    • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive details of the personal data we hold about you and to check that we are lawfully processing it.
    • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    • Request the erasure of your personal data. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
    • You also have the right to ask us to stop processing personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
    • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Request the transfer of your personal data to another party.

    12.2 If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact the Data Protection Officer in writing.

13. Right to Withdraw Consent

    In the limited circumstances where you may have provided your consent to the Processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

14. Breaches of Data Protection Principles

    14.1 If you consider that this Privacy Notice, including the data protection principles, has not been followed in respect of personal data about yourself or others you should raise the matter with the Data Protection Officer.

15. Contact Us

    15.1 2C2P is committed to operating in a confidential, fair and ethical manner, and always in compliance with our data security policies. If you have any concerns or become aware of any unethical behavior, data security or confidentiality issues then please contact us at dpo@2c2p.com providing us with an explanation of your concerns and observations.