Being the controller means that this company is responsible for ensuring that your Personal Data is processed in compliance with applicable privacy and data protection legislation.
PERSONAL DATA
As used in this Candidate Privacy Notice, “Personal Data” means information that identifies job applicants and potential candidates for employment with us, either submitted as part of the online application and/or through alternative channels (e.g., via external recruitment firms).
PERSONAL DATA WE COLLECT
This policy covers the information you share with us and/or which may be acquired or produced by EF, its subsidiaries and its affiliates during the application or recruitment process, including:
· Your name, address, email address, telephone number and other contact information;
· Your National ID number;
· Your resume or CV, cover letter, previous and/or relevant work experience or other experience, education, transcripts, or other information you provide to us in support of an application and/or the application and recruitment process;
· Information from interviews and phone-screenings you may have, if any;
· Details of the type of employment you are or may be looking for, current and/or desired salary and other terms relating to compensation and benefits packages, willingness to relocate, or other job preferences;
· Details of how you heard about the position you are applying for;
· Any sensitive and/or demographic information processed during the application or recruitment process such as gender, information about your citizenship and/or nationality, medical or health information and/or your racial or ethnic origin;
· Reference information and/or information received from background checks (where applicable), including information provided by third parties;
· Information relating to any previous applications you may have made to EF and/or any previous employment history with EF;
· Your information from publicly available sources, including online, that we believe is relevant to your application or a potential future application (e.g. your LinkedIn profile); and/or
· Information related to any assessment you may take as part of the interview screening process.
Sensitive Personal Data is a subset of Personal Data and includes ethnicity, health, trade union membership, philosophical beliefs, sexual orientation, as well as other categories as prescribed by law. We do not generally seek to obtain and will not collect such data about a candidate unless permitted to do so by applicable laws or if you have specifically consented to provide us such information.
We may also collect Personal Data through cookies. Cookies allow a web server to transfer data to a computer or device for recordkeeping and other purposes. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to decline the use of cookies. To learn more about cookies, please visit http://www.allaboutcookies.org/. For detailed information about the cookies we use and the purposes for which we use them, please see our Cookie Policy available online under www.ef.com/legal/cookie-policy.
USE OF YOUR PERSONAL DATA
We collect and use your Personal Data for the purposes of carrying out our application and recruitment process which includes:
· identifying and evaluating candidates for potential employment, as well as for future roles that may become available;
· recordkeeping in relation to recruiting and hiring;
· ensuring compliance with legal requirements, including requests from unemployment authorities or diversity and inclusion requirements and practices;
· conducting criminal history checks as permitted by applicable law;
· protecting our legal rights to the extent permitted by law; or
· emergency situations where the health or safety of one or more individuals may be endangered.
· communications with you about the recruitment process and/or your application(s), including, in appropriate cases, informing you of other potential career opportunities at EF;
· where requested by you, assisting you with obtaining an immigration visa or work permit where required;
· making improvements to EF’s application and/or recruitment process;
· proactively conducting research about your educational and professional background and skills and contacting you if we think you would be suitable for a role with us;
· we may process information regarding your demographics as described above where we are required to do so to meet our legal and contractual obligations, such as reporting obligations to authorities and third parties and other similar requirements, or when we have obtained your consent.
· we may request Personal Data from you for statistical purposes or to conduct internal surveys on our candidate pool (e.g., information relating to gender or age).
We may also analyse your Personal Data or aggregated/pseudonymized data to improve our recruitment and hiring process and augment our ability to attract successful candidates.
HOW DO WE SHARE PERSONAL DATA?
We share your Personal Data with EF’s corporate affiliates, business partners and service providers both within and outside the EEA/Switzerland:
· Your Personal Data may be accessed by recruiters and interviewers working in the country where the position for which you are applying is based, as well as by recruiters and interviewers working in different countries within the EF Group. Individuals performing administrative functions and IT personnel within EF may also have a limited access to your Personal Data to perform their jobs.
· We use third party service providers to provide a recruiting database and related software systems. We also share your Personal Data with other third party service providers that may assist us in recruiting, administering and evaluating pre-employment screening and testing, and improving our recruiting practices.
· In addition, we may disclose or transfer your Personal Data to EF affiliates in the event of an internal re-organization, merger, sale, joint venture, assignment, or other internal transfer or disposition of all or any portion of our business.
It is your responsibility to obtain consent from referees before providing their personal information to EF.
We also share Personal Data as we believe to be necessary: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions or a contract; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
INTERNATIONAL DATA TRANSFERS
EF operates globally, which means your information may be stored and processed outside of the country or region where it was originally collected including in the United States or India. In some of these countries, you may have fewer rights in respect of your information than you do in your country of residence. Regardless of where your information is processed, we apply the same protections described in this policy. We comply with certain legal frameworks relating to the transfer of data, such as the frameworks described below.
Adequacy Decisions: The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal data, which means that data can be transferred from the European Union (EU) and Norway, Liechtenstein, and Iceland to those countries. The United Kingdom (UK) and Switzerland have adopted similar adequacy mechanisms. We rely on the following adequacy mechanisms:
Standard contractual clauses. The European Commission has approved the use of standard contractual clauses (SCCs) as a means of ensuring adequate protection when transferring data outside of the EEA. Such clauses have also been approved for transfers of data to countries outside the UK and Switzerland. By incorporating SCCs into a contract established between the parties transferring data, personal data is considered protected when transferred outside the EEA, Switzerland or the UK to countries which are not covered by an adequacy decision. We rely on SCCs for our data transfers where required and in instances where the transfers are not covered by an adequacy decision, or when the recipient is not self-certified under the EU-U.S. and Swiss-U.S. Data Privacy Frameworks. For more information on standard data protection clauses in place, please see the contact section below.
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
If EU data protection or UK data protection law applies to the processing of your data, our legal basis for processing your data
We collect and process your Personal Data where it is necessary in order to take steps, at your request, prior to potentially entering into a contract of employment with you.
We may also seek your consent to process your Personal Data in specific circumstances, or process it where necessary to comply with a legal obligation or for purposes connected to legal claims. If we use your information to improve our application or recruitment process, we do so on the basis that it is in our legitimate interests to ensure we recruit the best possible candidates.
Where we process special categories of data such as health information, or racial or ethnic origin, we will only do so where necessary for the establishment, exercise or defense of legal claims, with your consent, or where otherwise required by applicable local law, including our obligations under employment and social security and social protection law.
If other data protection laws apply to the processing of your data, our legal basis for processing your data
We base our right to collect and use your Personal Data on your consent.
SECURITY
We use appropriate organizational, technical and administrative measures to keep the Personal Data under our control accurate and up-to-date, as well as to protect the Personal Data against unauthorized or unlawful processing and the accidental loss, destruction or damage of the Personal Data.
HOW LONG DO WE STORE PERSONAL DATA?
We will only keep your Personal Data for as long as it is necessary for the purposes for which it has been collected or in accordance with time limits stipulated by law and market practice, unless further retention is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims or unless a specific time period has been communicated.
If you accept an offer of employment by us, any relevant Personal Data collected during your pre-employment period will become part of your personnel records and will be retained in accordance with specific country requirements. If we do not employ you, we may nevertheless continue to retain and use your Personal Data for a period of time (which may vary depending on the country) for system administration purposes, to consider you for potential future roles, and to perform research. Thereafter, we retain a minimum amount of your Personal Data to record your recruiting activity with us.
If you elect to join a recruiting program, we may retain your Personal Data to consider you for future employment opportunities and for a period of time specific to that program, unless you decide to opt-out prior to such time.
If you join a recruiting program, but subsequently wish to withdraw, please contact us as described under “Contact Us” section below :
If you do not want us to retain your information for consideration for other roles, or want us to update it, please contact us as described under “Contact Us” section below. Please note, however, that we may retain some information if required by law or as necessary to protect ourselves from legal claims. Please note, however, that we may retain some information if required by law or as necessary to protect ourselves from legal claims.
UPDATES TO THIS CANDIDATE PRIVACY NOTICE
Our Candidate Privacy Notice may change from time to time. We will post any Candidate Privacy Notice changes on this page and, prior to implementing significant changes, we will provide a more prominent notice. Where required by law, we will seek your prior consent to any change.
YOUR RIGHTS
In certain countries, you may have certain rights under data protection laws, including a right to request access or to update or review your Personal Data, request that it be deleted or anonymized, or object to or restrict EF using it for certain purposes. You may also have a right to receive your Personal Data in a machine readable format and you have a right to transfer your personal to another data controller and to withdraw your consent.
If you have questions or concerns related to your rights, or would like to exercise your rights, you can contact us at as set out in the Contact Us section below.
U.S. STATE LAW REQUIREMENTS
Some U.S. state privacy laws, such as the California Consumer Privacy Act (CCPA), require specific disclosures for state residents.
This policy is designed to help you understand how EF handles your information. In the sections above, we explain: (1) the categories of information we collect and the sources of that information; (2) how we use information; (3) when we may disclose information; and (4) how we retain information. EF does not sell your personal information. EF also does not “share” your personal information as that term is defined in the CCPA.
State laws like the CCPA also provide the right to request information about how EF collects, uses, and discloses your information. And they may give you the right to access and correct your information, and to request that EF delete that information. Finally, the CCPA provides the right to not be discriminated against for exercising these privacy rights.
If you have questions or concerns related to your rights under CCPA, or would like to exercise your rights, you (or your authorized agent) can contact us as set out in the Contact Us section below. We’ll validate your request by verifying your interactions with us, and may require that you provide us with additional information, such as any names, phone numbers or email addresses you have used when communicating with us.
The CCPA also requires a description of data practices using specific categories:
Categories of information we collect
Identifiers and similar information, such as your name, phone number, and address; username and password; and unique identifiers tied to the browser, application, or device you’re using.
Demographic information, such as your age, gender, and language(s) spoken. If you choose, you may also provide additional information, like your racial or ethnic origin, religious or philosophical beliefs, trade union membership, or sexual orientation.
Financial information, such as your current and/or desired salary and other terms relating to compensation and benefits packages.
Geolocation data, including as determined by IP address, depending in part on your device and account settings.
Audio, electronic, visual, and similar information, such as information transmitted in connection with interviews or phone-screenings you may have, if any.
Communications data, such as emails that you may send or receive in connection with the application or recruitment process.
Health information, if you choose to provide it, in connection with the application or recruitment process, such as data you may provide in connection with an accommodations request.
Professional, employment, and education information, such as information you provide in connection with the application and recruitment process, as well as information EF may otherwise collect through reference checks, criminal and financial background checks (where applicable) and information from publicly available sources, including online, that may be relevant.
Other information you create or provide, such as the content you create, upload, or otherwise provide in connection with the application and recruitment process.
Inferences drawn from the information above.
Business purposes for which information may be used or disclosed
Administrative purposes: EF uses and may disclose information for purposes related to carrying out its application and recruitment process, including for assessing candidates; verifying information and conducting reference checks and criminal and financial background checks (where applicable); communicating with you; responding to requests for assistance with obtaining an immigration visa or work permit (where required); and other related activities.
Protecting against security threats, abuse, illegal activity, and violations: EF uses and may disclose information to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, EF may receive or disclose information about IP addresses that malicious actors have compromised.
Research and development: EF uses information to improve our application and recruitment process.
Use of service providers: EF shares information with service providers to perform services on our behalf, in compliance with this privacy policy and other appropriate confidentiality and security measures. For example, we may rely on service providers to help perform criminal and financial background checks (where applicable).
Legal reasons: EF also uses information to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
Parties with whom information may be disclosed
Other people with whom you choose to share your information, such as the content you create, upload, or otherwise provide in connection with the application and recruitment process.
Third parties with your consent, for example if you have given us permission to contact your references.
Service providers, trusted businesses or persons that process information on EF’s behalf, based on our instructions and in compliance with this privacy policy and any other appropriate confidentiality and security measures.
Law enforcement or other third parties, in response to legal process or enforceable government requests, and as necessary to identify, report on and investigate violations of applicable laws and regulations.
CONTACT US
If you would like to have a copy of the information EF holds about you; a copy of the standard data protection clauses or would like to exercise any of your rights, please contact us at the relevant address based on where you applied from (see below)
