EU & UK Recruitment Privacy Notice

Last Updated: January 26, 2021

 I. Glossary – basic concepts

Personal data – all information related to you that we process. For example: first name, last name, e-mail address, telephone number, education, information about your professional experience, etc.

Processing – all activities performed relating to your personal data. For example: gathering, retaining, updating, sending messages to you, deleting data.

II. Information about GlobalLogic – the data controller

 E-mail address for contact: privacy@globallogic.com

 The data controller is the GlobalLogic company based in the country where the position you applied for is located – you can find company details here.

III. What personal data we collect, and what is the purpose and legal grounds for processing that data?

The scope of personal data we process depends on what information you provide in your application – this includes the content of documents, information on how you submit them, as well as the content of our possible further communication and conclusions from the recruitment procedure. Provision of all data is voluntary, but if you decide not to provide us with some of them we might not be able to assess your application, and as a consequence you might be excluded from the recruitment process.

Our processing may also include information we collect (directly or through a service provider/governmental authority,) e.g. if we are conducting background checks upon request of our clients or pursuant to a legal obligation, in order to verify your personal suitability for a certain position.

The legal basis for processing of your personal data is your consent (Article 6.1(a) GDPR/UK GDPR) and taking steps at the request of the data subject prior to entering into a contract (Article 6.1(b) GDPR/UK GDPR or the relevant provisions of national data protection legislation, such as § 26 (1) of the German Data Protection Act). In some cases, we may process your personal data for the purpose of future recruitments based also on our legitimate interests (Article 6.1(f) GDPR/UK GDPR), to present you an offer of employment in accordance with your qualifications and our needs – for purposes consistent with the purpose for which your personal data was originally collected (so-called compatible purpose as defined by Article 6.4 GDPR/UK GDPR).

In every case, the purposes for which we are processing data are:

  1. assessment of your candidacy in respect of requirements for the position indicated in the job offer for which you have submitted your application, and/or for future recruitments for similar positions;
  2. if you meet the requirements for a position – to present you an offer of employment and to conclude a contract;
  3. demonstrating that the recruitment process is compliant with the law.

Notwithstanding the foregoing, some of the personal data you provided, e.g. your first name, last name and contact address, may be used by us for promotional purposes, e.g. to send you occasional correspondence (e.g. thank you notes or seasonal greetings). The legal basis for processing of abovementioned personal data for this specific purpose will be our legitimate interest (Article 6.1(f) GDPR/UK GDPR) – maintaining our relationship and promoting GlobalLogic brand, or, where necessary, your explicit consent (Article 6.1(a) GDPR/UK GDPR).

Our legitimate interests (Article 6.1(f) GDPR/UK GDPR) are also the legal basis for processing your personal data for statistical purposes, in relation to defence against claims and for sharing your personal data with our group member companies.

In the case of data processing on the ground of consent, we remind you that you can withdraw your consent at any time, without affecting the lawfulness of processing that has already been done on the basis of that consent. Whereas, if your data is processed on the ground of our legitimate interest, you have the right to object to such processing. You can find a description of your rights in Part VI below.

IV. Duration of retention of your personal data

 If you applied on or after May 25th 2018 and we process your personal data in connection with a single recruitment process, it will be deleted after 6 months from the end of the recruitment process understood as the conclusion of a contract with another candidate. This time allows to complete the trial period and confirm that the position has actually been effectively filled-in.

Data processed on the basis of a consent to participate in future recruitment processes (this includes also recruitment processes for positions that are constantly open), if the consent was given on or after May 25th 2018, is processed until withdrawal of the consent or until the purpose for which such consent was expressed (hiring you) is fulfilled, but usually for no longer than 3 years from the time you granted the consent.

If you applied before May 25th 2018, processing of your personal data is based on our legitimate interest (see Part III above) for up to 18 months from collecting it.

The periods described above may be extended as appropriate in the event of any claims and court proceedings – for the duration of such proceedings and their settlement – and if the law obliges us in certain cases to process such data for a longer period of time.

V. Who has access to your personal data?

 Access to your personal data will be given exclusively to appropriately authorised employees or associates of GlobalLogic, partners, consultant or auditors – in the extent necessary to perform their responsibilities. Your data may be transferred, for example, to providers of hosting services or ICT services, other entities that provide to us technical or organizational assistance in recruitment process, including communication with candidates (e.g. recruitment agencies) or distribution of invitations/ documentation etc. (e.g. couriers), including also companies from the GlobalLogic group.

We are a global company, which means that some companies from the GlobalLogic group are located outside the European Economic Area (EEA) or located outside the UK. In each case when personal data is transferred outside the EEA or outside the UK, we apply all required safeguards, including standard data protection clauses adopted pursuant to decisions of the European Commission or those adopted pursuant to the UK Data Protection Act 2018. Additionally, in order to protect personal data, both when sending and after receiving it, we apply generally accepted standards. You can obtain a copy of the security measures we apply for the transfer of personal data to third countries by contacting us at privacy@globallogic.com.

GlobalLogic may also be required – if there is a legal basis to do so – to provide certain information to public authorities, for purposes related to proceedings they are conducting.

VI. Your rights related to processing of your personal data

For effective exercise of your rights, please send your request to privacy@globallogic.com from the email address you have used when contacting GlobalLogic in the past, with subject “GDPR Request”, and please specify which right(s) you wish to invoke. Please note that the instructions given in the preceding sentence are only a recommendation, not a requirement.

You have the following rights:

  1.  Access to your personal data – you may ask us to provide detailed information regarding i.a.:
  • whether we are processing your personal data;
  • for what purpose;
  • what categories of data we are processing;
  • who is the recipient of your data;
  • what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration;
  • if the personal data has not been given by you – all available information about the source of the data.

You can also receive access to all of your personal data that we are processing (data copy).

  1. Data rectification – if information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete.
  1. Consent withdrawal – you may withdraw your consent to the processing of your personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  1. Erasure of data – in certain situations, GDPR gives you the “right to be forgotten.” You can invoke this right if we are still processing your personal data, particularly in the following cases:
  • the data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you withdraw consent to the processing of personal data and there is no other legal ground for continuing to process it;
  • you object to the processing of your personal data when there are no overriding legitimate grounds for processing;
  • you object to the processing of your personal data for marketing purposes;
  • your data is processed unlawfully;
  • your data has to be erased for compliance with a legal obligation.
  1. Restriction of processing - you can demand that we limit our activities in principle only to storing information about you when:
  • you question the accuracy of personal data we are processing – for a period of time that allows us to verify the accuracy of that data;
  • the processing of your personal data is unlawful, but you prefer that processing be restricted rather than the data be erased;
  • GlobalLogic no longer needs your personal data for the purposes of processing, but you need it for the establishment, exercise, or defence of legal claims;
  • you have objected to the processing of your personal data – only until such time as it is determined whether our legitimate grounds override yours.
  1. Data portability – you have the right to receive your data in a commonly-used format that can be read by a computer, and also to have your data sent to another data controller, if:
  • the processing is based on your consent or on a contract; and
  • the processing is carried out by automated means.
  1. Objection – you have the right to object to some operations we perform on your personal data for special reasons related to your personal situation, particularly in the following cases:
  • when our processing is based on our legitimate interest;
  • when we process your personal data for purposes related to scientific or historical studies, or for statistical purposes.

Remember, however, that when despite your objection we find that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or basis for the establishment, exercise or defence of legal claims, we will continue to process your personal data covered by the objection to the extent necessary. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

  1. Complaints to the relevant public authority – in connection with our actions as the controller of your personal data, you are entitled to lodge a complaint to the relevant supervisory authority. You can find list of local authorities responsible for data protection across the EU and their contact details at: https://edpb.europa.eu/about-edpb/board/members_en. The relevant public authority in the UK is the Information Commissioner’s Office (ICO - https://ico.org.uk/global/contact-us/).

Of course, if you have any comments, we encourage you to first contact us at privacy@globallogic.com.

  • URL copied!