This policy was last updated on 16 January 2023
1. ABOUT US
For the purpose of the EU General Data Protection Regulation (the “GDPR”) (and any other applicable UK laws, such as the UK GDPR), this policy applies to the situations where DICE is the “Data Controller” of Candidates’ data.
3. THE BASIS FOR THE PROCESSING OF YOUR DATA
3.1 DICE processes Candidates’ data as part of entering into the contract of employment.
3.2 DICE further processes Candidates’ data based on its legitimate interest to assess the Candidates’ job applications, to compare it to other candidates and for recruitment analytics purposes, and to make-/defend against potential claims.
3.3 We may ask for your consent in other cases where we process your data. Such consent can be withdrawn at any time by contacting us at email@example.com. Please note that the withdrawal of consent will not affect the lawfulness of processing based on consent before the withdrawal.
4. INFORMATION GATHERED
4.1 Candidates’ data may be collected directly from the data subjects or via other persons such as recruitment agents. It may further be obtained via open internet sources or legitimate subscription sources.
4.2 The data gathered would typically comprise name, contact details such as physical address, email address and telephone, curriculum vitae information such as past employment, education, and other qualifications, interests, or activities, interview notes and statements, application and circumstances concerning its submission and filing, plus correspondence and decision, including contract terms offered or considered.
5. THE USE OF YOUR PERSONAL INFORMATION
We may use the Candidates’ data we collect in order to:
- Analyse and compare job applications and Candidates;
- Make a selection;
- Provide job offers, including employment agreements;
- Communicate with the Candidates;
- Perform HR and recruitment analytics;
- Make-/defend against claims.
6. RECIPIENTS OF YOUR INFORMATION
Candidates’ data may be shared with third parties such as:
- Storage providers
- HR and recruitment services providers
- Analytics providers
- Communications providers and web communications tools.
7. INTERNATIONAL TRANSFERS OF DATA
7.1 Candidates’ data may be transferred to, and stored at, destinations outside the European Economic Area (EEA) where the laws on processing personal data may be less stringent than in your country. It may also be processed by staff operating outside the EEA who work for us or for one of our agents or suppliers.
7.2 Presently personal data collected from you is stored in data centres as well as cloud networks which are located or hosted in Ireland.
7.3 When your personal data is transferred to parties located outside of the EEA we shall undertake an assessment and take appropriate measures to ensure such third party will provide adequate security of such personal data and respect your rights to privacy. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and may include:
- only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA (for example, if transferring your data to the USA).
7.4 For further information on the safeguards used, please contact us at firstname.lastname@example.org.
8. DATA TRANSMISSION
8.1 Although we take all steps reasonably necessary to ensure that your personal data is treated securely, you should be aware that the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data during its transmission.
9. DATA RETENTION
9.1 We may retain your personal data for as long as we require it for the purposes for which it is processed or as is otherwise required by applicable law. We will always retain your data for at least three months of our decision regarding your application, which is the UK limitation period for discrimination claims. Our actual retention periods may be longer if that is necessary to make-/defend against actual or potential claims.
9.2 We will typically retain data for up to one year for HR and/or recruitment analytics purposes. After that, we will consider anonymising or deleting the data.
9.3 Email correspondence with the Candidates may be kept in line with our general correspondence retention policies, which may be up to six years in line with the general UK claims limitation period.
9.4 When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention or limitation periods. Once the processing of the data is no longer required, we may securely delete or anonymise your personal data.
9.5 For more details about our retention periods, please contact us at email@example.com.
10. YOUR RIGHTS
10.1 Under the GDPR and any equivalent rules in the UK, you are entitled to certain rights in relation to our handling of your personal data, as described below.
10.2 You may request details of the personal information that we hold about you under data protection laws. If you would like a copy of the information held about you please write to us at firstname.lastname@example.org.
10.3 If you think any information we have about you is incorrect or incomplete, please write to us or email us at email@example.com as soon as possible. We will correct or update any information as soon as we can.
10.4 You have the right to erasure of your data. We are not required to delete the information important for the establishment, exercise or defence of legal claims, or that we need to retain in order to comply with the law.
10.5 You have the right of restriction of processing, where the data is wrongfully processed but should not be erased for a reason listed in Article 18 (1) of the GDPR.
10.6 Until a download option has been developed based on universally recognised standards, you may exercise your right of data portability by obtaining your data by sending us an email request.
10.7 If you would like to exercise these rights, please write to us or email us at firstname.lastname@example.org.
11. CONTACT AND COMPLAINTS
Should you have any complaints about how we handle your personal information, please contact us at email@example.com . Should we be unable to resolve your complaint and you wish to take your complaint further, you may do so by contacting the UK Information Commissioner’s Office.
12. DATA PROTECTION OFFICER CONTACT DETAILS
DICE has appointed a data protection officer for you to contact if you have any questions or concerns about the DICE’s personal data policies or practices. DICE’s data protection officer’s name and contact information are as follows:
163 City Rd
London EC1V 1NR
Contact email: firstname.lastname@example.org
Contact telephone: (+44) (0)20 3917 4158