BRANDEM’S RECRUITMENT PRIVACY POLICY
This Privacy Policy includes useful information about how and why Brandem Baltic OÜ (“Brandem”) collects, processes and shares personal data. This Privacy Policy follows the General Data Protection Regulation (GDPR). The aim of this Privacy Policy is to protect the privacy of a data subject according to the legislations of the Republic of Estonia and the European Union and to follow the principles of best practice in data protection.
The information presented in this document deals with the processing of personal data with the aim of offering a recruitment service. In this Privacy Policy, “Brandem” refers to the company carrying out the recruitment process on behalf of the organisation (i.e. Brandem’s client) offering the job that a candidate is interested in.
This Privacy Policy is valid from 25.05.2018.
KEY TERMS
Personal data is data about a person that can be used to directly or indirectly identify the data subject based on various identifiers (name, personal identification number, location etc), incl. to establish their characteristics, relations and belonging.
Data processing is the collection, retention or use of personal data or any other activity carried out with personal data for a certain purpose.
Candidate i.e. the data subject is a natural person who offers their possible suitability and/or whose potential candidacy is found and evaluated by Brandem and presented to their client where possible.
Client contract is a contract signed between Brandem and Brandem’s client for the provision of a recruitment service (“contract”).
Third party is Brandem’s partner whose product or service helps Brandem offer services to their clients.
PROCESSING PERSONAL DATA
The basis for processing personal data is legitimate interest deriving from the contract between Brandem and Brandem’s client. By applying for a position made public by Brandem, the data subject agrees to their data being processed as outlined in this Privacy Policy.
Brandem only collects data that is required as a result of the legislations of Estonia and the European Union and any signed contracts or that is important to evaluate the data subject’s suitability for the position they are applying for. Brandem has to process personal data to carry out necessary actions prior to an employment contract being signed between the data subject and Brandem’s client (i.e. the data subject’s employer).
Brandem mainly collects personal data from the subject themselves when they apply for a job position made public by Brandem. When applying for a job, Brandem collects additional data about the data subject from public databases in order to conduct a background check. Brandem also collects data from third-party sources as permitted by appropriate legislations if it is required to evaluate the suitability of the data subject for the position for which they are applying.
For example, Brandem can collect personal data from the following sources:
- work-related social networking sites (e.g. LinkedIn)
- the referees named by the data subject
- establishments related to background checks
- personality or ability test providers
- the databases of job portals and other public databases
Brandem can also collect other data that has been made public by the data subject (e.g. through social media or during a job interview).
For contractually established purposes, Brandem collects and processes various types of personal data that the data subject presents through an e-mail message or an online application system. This data might be the candidate’s name, e-mail address, phone number, address, gender, date of birth, date of availability, expected salary, documents proving their right to work or other information that is important for applying for the job position.
Brandem asks candidates to only present relevant and valid information that is necessary for evaluating the data subject’s suitability for the job position. By applying for a job position made public by Brandem, the candidate agrees to their personal data being carried over to the client of Brandem who is related to the specific recruitment process (deriving from the conditions set out in the client contract).
USE OF PERSONAL DATA
The personal data of a data subject is only processed by those evaluating the candidate’s application or the people processing personal data to perform support services in the recruitment process. A candidate’s personal data is received and managed by Brandem’s recruitment consultant, who evaluates the data subject’s suitability for the job position in question and communicates with the candidate throughout the recruitment process via e-mail and phone.
The personal data of successful applicants is forwarded to the client that ordered the recruitment service in order to complete the recruitment process for the job position the data subject applied for. Candidates’ data might also be forwarded to third parties who conduct additional ability tests or background checks as a part of the recruitment process. In such cases, only relevant and necessary information about a candidate is forwarded to the third party (e.g. the applicant’s name and contact details, personal identification code for background checks). The candidates subject to a background check are informed of the process being carried out and their permission is asked for. If legally required, a candidate’s data might also be disclosed to relevant authorities.
A candidate’s personal data will not generally be forwarded to areas outside of the European Union or the European Economic Area. This will only be done if the job position that the data subject is applying for is offered by an organisation where the people associated with decision-making in the recruitment process are located outside of the EU/EEA. In such cases, candidates’ personal data is managed in accordance with the relevant legislation. A candidate’s personal data can only be forwarded to areas outside of the EU/EEA if the requirements of the General Data Protection Regulation (GDPR) are met.
THE RETENTION AND SECURITY OF PERSONAL DATA
Brandem retains a candidate’s personal data until the end of the contractual period of the recruitment process or for 36 months in Brandem's Talent Database from the moment the data was received with the data subject’s consent. The candidate can consent to this when applying for a job position made public by Brandem. The personal data of data subjects in Brandem's Talent Database is processed according to Brandem's Talent Database Privacy Policy. Throughout this period, the candidates who agreed to their data being retained will be notified of Brandem’s other job offers depending on the data subject’s suitability for the job position in question. At the end of this period, the data subject’s personal data is deleted from Brandem’s Talent Database as well as from various communication channels (Outlook, the recruiter’s mobile phone). CVs on paper will be destroyed in a collection box designed for this purpose. If a candidate proves to be successful in the recruitment process, their personal data will be managed according to the Privacy Policy of Brandem’s client during the course of the employment relationship.
Brandem utilises all reasonable and relevant methods for the protection of candidates’ personal data. Access to personal data and the ability to process it is only granted to authorised personnel. The personal data of all data subjects is treated as confidential information.
THE RIGHTS OF THE DATA SUBJECT
At any time, a candidate has the right to request to access their data (Right to Access), correct (Right to Rectification), complete or erase it (Right to Be Forgotten) where legally justified. The data subject has the right to receive information about if and how Brandem uses their personal data and who has been granted access to this data. In order to exercise their rights, a data subject must request to do so by e-mailing Brandem at tere@brandem.ee.
If a data subject thinks that despite the principles outlined in this Recruitment Privacy Policy, Brandem has violated their data processing rights, they have the right to turn to the Estonian Data Protection Inspectorate.
CHANGES TO THE PRIVACY POLICY
Brandem reserves the right to change this Privacy Policy unilaterally and without prior notice in order to ensure it is in accordance with personal data protection acts and follows the principles of best practice in data protection. The Privacy Policy in its newest form is always available on Brandem’s recruitment privacy policy website https://work.brandem.ee/recruitment-privacy-policy/.
We ask that all questions regarding this Privacy Policy and personal data processing are directed to the e-mail address tere@brandem.ee.
