WHO CAN ACCESS THE DATA YOU PROVIDE US WITH?
We may use and share your personal data for a number of reasons with the following:
- Any of our group companies;
- Any organisation or individual who is indicated as a potential referee for your job applications;
- Legal authorities such as Tax and audit firms;
- Any third party individuals or organisation who may provide us with a service in relation to your application
- Any third party cloud storage service provider;
- Applies to Candidates: Our clients (potential employers);
- Applies to Candidates, Candidates’ referees, Staff referees: any third party source providing us with legitimacy assurance of any references and criminal convictions, under local law
- In the case that WORK CHANNEL is acquired by new owners, your personal data may be shared in this instance
Please note: we will NEVER send your personal data to our clients (prospective employers), unless we have already discussed the matter with you, and you have agreed to apply for a particular vacancy.
WHAT KINDS OF PERSONAL DATA WE COLLECT?
- Personal and contact details (name, email address, address (professional or place of living), telephone number, etc);
- education details, employment history, social security number;
- emergency contacts, immigration status;
- financial information (where necessary);
- social security number (where necessary);
- Where appropriate and if obliged by law, we may also collect information regarding health and criminal convictions;
- Identification documents (e.g. national IDs, passports etc) where necessary;
- any other piece of data which you may include in your CV;
- any other piece of information necessary for employment and/or performance of a contract;
- any other piece of information vital and necessary for the provision of services and other related activities; and
- Generally, any data you willingly provide us with.
Special Categories of personal data
You should also note that the kind of personal data we collect may include what is called special categories of personal data. These categories of personal data may be included in your CV without you knowing that they are such data. We are not allowed to process such data unless there is a legitimate ground under Article 9(2) of the GDPR.
Article 9(1) of the GDPR defines such data as personal data “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.”
In case you have given us your consent and/or it is necessary and/or legitimate and/or it is our obligation to treat such data, we will process such data with utmost care.
HOW DO WE PROTECT THE DATA YOU PROVIDE US WITH?
We take privacy seriously, and hence take certain critical measures in order to protect any personal data you provide us with. By protecting your data, we avoid its’ loss, misuse, or unauthorised access to it. If, at any point, you are concerned that there has been a breach, please contact us on email@example.com
HOW LONG DO WE STORE YOUR DATA FOR?
If you have given us consent to keep your CV in order to find job positions relevant with your field, then we will keep your CV for the period of two years if we do not have meaningful contact or until you withdraw your consent before that period.
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services.
For as long as we have purposeful and relevant communication with you, we will keep your data stored in order to increase the chances of helping you find a new career path. By ‘purposeful and relevant communication’, we mean, for instance, communication, either written or verbal, that occurs between us via any means, including but not limited to: email, SMS, telephone, social media.
If you inform us that you have recently been employed and are no longer looking for a new opportunity, then, we will seek to remove the data stored in relation to you.
If you have applied for a particular job position, as soon as the job position is filled with an employee, or withdrawn by the employer, we will delete your data unless there are legitimate reasons not to do so.
If, at any point, you re-send us your CV, we will require that you clearly state your consent to have your personal details stored and processed by WORK CHANNEL
HOW CAN YOU BE INFORMED OF WHAT DATA WE HOLD ABOUT YOU?
The new GDPR aims to ensure that individuals are made clearly aware of the rights they possess over their personal data, especially their rights in relation to their personal data held by companies. These rights are elaborated below.
Should you wish to discuss your rights, please contact us at firstname.lastname@example.org
Records of our communication with you may be kept to aid resolving any issues which may arise.
Right to object: You have the right to object to the processing of your personal data. The right to object only applies in certain circumstances. Whether it applies depends on the purposes for processing and the lawful basis for processing.
Please note that we may refuse to satisfy your request if there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where you object to processing for direct marketing purposes, we will no longer process your data for such purposes.
Right to withdraw consent: this right enables you to, at any time, withdraw your previously given consent to process your data in relation to the activity of applying to vacancies, and thus, the sharing of your information (usually, CV) with our clients (prospective employers). In most cases, your wish to withdraw consent will be complied with, unless, for instance, you withdraw consent after your data has already been shared with our clients (prospective employers).
You may ask to unsubscribe (withdraw consent) from new job alerts at any time by contacting us at email@example.com
You may also contact us via telephone: +357 25 04 00 47
Please be warned that we may refuse to delete and/or destroy and/or stop processing your personal data for various reasons, which include among others, the following:
- for obligations imposed by Law;
- for the establishment, exercise or defence of legal actions;
- the existence of facts that requires the firm to keep the data for its, the client’s or any other person’s interests.
- Any other legitimate reason which is justifiable under the GDPR and national legislation.
Data Subject Access Requests (DSAR): this right enables you to request information in regards to what personal information we have stored about you in our database. Additionally, you have the right to request a modification of the information we hold, including total erasure, should you feel it is not up-to-date, or no longer relevant.
Should you wish to do so, we may take certain measures to verify your identity, and hence ensure that this is request is coming directly from you.
In case we are legally obliged to refuse your request, an explanation for this will be provided.
Right to erasure: this right enables you to request complete or partial erasure of your personal data, under at least one of the circumstances listed below:
- Your personal data is no longer required for the activities it was initially processed for;
- You withdraw your previously given consent to have your data processed by us;
- In the instance that your data has been processed in a procedure that does not comply with the GDPR;
- We are under legal obligation to perform complete erasure of your data;
- In the instance that we are not able to legitimately justify the processing of your data, should you request to withdraw your consent for processing of your data.
We have the right to refuse your request, only under the following circumstances:
- Due to the right of freedom of expression and information;
- To perform any legally-required activities, such as complying with official authority (i.e Labour Office, etc.);
- In the case that we believe there is any danger to public health, or in the interest of the public law and order;
- To comply with any research or survey requirements; or
- In the instance of an active or potential litigation and/or legal claim.
In the instance where we are able to comply with your request for complete or partial erasure of your data, we are required to take all reasonable and necessary action to perform this request.
Right to restrict processing: You have the right to request us to restrict the processing of your personal data in the following circumstances:
- You contest the accuracy of your personal data and we are verifying the accuracy of the data;
- the data has been unlawfully processed and you oppose erasure and request restriction instead;
- we no longer need the personal data but you need us to keep it in order to establish, exercise or defend a legal claim; or
- you have objected to us processing your data, and we are considering whether our legitimate grounds override yours.
We can refuse to comply with a request for restriction
We can refuse to comply with a request for restriction if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.
If we consider that a request is manifestly unfounded or excessive we can:
- request a “reasonable fee” to deal with the request; or
- refuse to deal with the request.
In either case we will justify our decision.
In the instance where we have already shared any of your personal data with any third-party individual or organisation, under legitimate grounds, and should your request to have restrictions applied to the processing of your data be applicable as stated in one of the above reasons, we will take measures to notify the third-party, unless this proves impossible or involves disproportionate effort. If asked to, we will also inform you about these recipients.
Right to rectification: This right enables you to request the modification of any personal data that is inaccurate or incomplete, in order to keep our records up-to-date. In the instance where we have already shared any inaccurate or incomplete data with any third-party individual or organisation, we will take measures to notify the third-party, unless this proves impossible or involves disproportionate effort.
Additionally, should the circumstances be appropriate and if it justifiable, we will inform you of which third-party individual or organisation has received any of inaccurate or incomplete personal data. In case we do not believe that your request to rectify your data is reasonable, we will provide an explanation for this.
Can we refuse to comply with a request for rectification?
We can refuse to comply with a request for rectification if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.
If we consider that a request is manifestly unfounded or excessive we can:
- request a “reasonable fee” to deal with the request; or
- refuse to deal with the request.
In either case we will justify our decision.
How long do we have to comply with your request?
We will act upon the request without undue delay and at the latest within one month of receipt.
Right of data portability: This right gives you the right to receive personal data you have provided to us in a structured, commonly used and machine readable format. It also gives you the right to request that we transmit this data directly to another controller.
The right to data portability only applies when:
- our lawful basis for processing this information is your consent or for the performance of a contract; and
- we are carrying out the processing by automated means (i.e. excluding paper files).
Information is only within the scope of the right to data portability if it is personal data provided to us by you. Should you request this right, your personal data will be provided in a password-protected electronic format to allow you to perform the transfer yourself.
Right to lodge a complaint with a supervisory authority: This right enables you to lodge a complaint with the Local Supervisor Authority of Cyprus, which is The Cyprus Commissioner for the protection of personal data.
Should you wish to do so, please contact:
Work Channel: firstname.lastname@example.org
The Cyprus Commissioner contact details:
Address: 1, Iasonos Str., 1082, Nicosia, Cyprus
P.O. Box 23378, 1682, Nicosia, Cyprus
A record of any communication between us may be kept in order to resolve any issues that may arise.
Our quality of service is reliant on the accuracy of the personal data we hold. For this reason, please ensure that you keep us informed and up-to-date with any changes or updates, including updated CV’s, as your CV forms the fundamental starting point for any career opportunity you may pursue.
WHO HAS ACCESS TO, AND IS RESPONSIBLE FOR THE LAWFUL PROCESSING OF YOUR PERSONAL DATA?
Our registered offices are located at the following address:
Anastasi Sioukri & Olympion
2nd Floor – Office 201
3105 Limassol – Cyprus
Definition of a cookie:
A ‘cookie’ is a small piece of data which stores information in regards to your navigation of a website and the frequency with which you visit a website; thus, it can provide information on the traffic to the website. The purpose of a ‘cookie’, is to improve your experience of a website on the subsequent times in which you visit that same website, by providing personalised advertisement, and for other marketing purposes. These ‘cookies’ are normally stored on the hard drive of the personal computer you are using, and they are harmless.
The vast majority of websites on the world wide web use ‘cookies’, but, you have the power to control your preferences via your browser settings.
LEGAL GROUNDS FOR THE PROCESSING OF YOUR DATA
We may process your personal data under one or more of the following grounds:
a) you have given your consent to the processing of your personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation;
d) processing is necessary in order to protect your vital interests or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested the Work Channel;
f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms
There are two forms of consent with which you should be aware of; Opt-In consent, and Soft Opt-In consent. The type of consent required will depend on which activities will be performed with regards to your personal data.
Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Simply put, this means the following:
- You must give us your consent freely, without us suggesting any incentive or force to your consent;
- You must be entirely aware of what it is that you are consenting to – if you are unsure, please ask;
- You have the right to provide consent to certain activities, and not others – you have control and hence you are able to restrict how your data is processed. Please keep us updated in regards to your preferences by contacting us at email@example.com
- You must give us affirmative evidence/action when giving us your consent – this must be in a clear, concise and unambiguous manner, therefore, please contact us in writing at firstname.lastname@example.org in order to do so
CANDIDATE DATA: Should you, as a candidate, post your CV to a professional networking site, or job board, which can be freely accessed via the internet, it is reasonable to assume that you are consenting to having your data collected and processed in the interest of your job search, and thus you can expect to receive information about our recruitment services.
Once we reach a stage in which a job offer is likely to be made, our client (your prospective employer) may wish to verify any personal information we have provided to them on your behalf as part of your application, including, references, qualifications and any criminal convictions, as applicable under local law.
We wish to be able to provide a useful and relevant service to you, as a Candidate. Therefore, in order for us to tailor any job alerts we send you, we will be required to process your personal data.
Your personal data will also be processed for administrative procedures that will serve to keep our service running smoothly, and as expect by all individuals and organisations who have any contact with us.
PERFORMANCE OF A CONTRACT IN RELATION TO CLIENT DATA: Our high-quality service is reliant on our relationship with you as our Client. For this reason, we are required to keep our records of your personal data, including any individuals within your organisation, in order to maintain our effective communication in regards to our service to you. We will only ask for personal data that are necessary for the performance of our contract.
For the purpose of further improving our service to you, we may ask your cooperation in completing surveys relating to satisfaction.
As previously mentioned, the above instances are deemed crucial and legitimate for our continued collaboration with our Clients.
PERFORMANCE OF A CONTRACT IN RELATION TO SUPPLIER DATA: Our successful collaboration is reliant on our relationship with you as one of our Suppliers. For this reason, we are required to keep our records of your personal data, including any individuals within your organisation, in order to maintain our effective communication in regards to the services you provide to us. We will only ask for personal data that are necessary for the performance of our contract.
Logically, we will be required to keep a record of, and hence use any financial details you have provided us with, in order to fulfil any contractual agreements we have between us. As previously mentioned, the above instances are deemed crucial and legitimate for our continued collaboration with our Suppliers, and the payment of your services to us.
PERFORMANCE OF A CONTRACT IN RELATION TO PERSONAL DATA OF CANDIDATE/STAFF REFEREES OR EMERGENCY CONTACTS:
As part of standard procedures in recruitment, and for the smooth running of our business, our Candidates or Staff members will be required to provide us with the contact details of their referees and/or emergency contacts. It is assumed that the Candidate or Staff member has gained your consent prior to providing us with your details. In the instance that we require a reference from you, or in the instance of an emergency, we will use the contact details provided to contact you.
It is in our legitimate interest to ensure that we provide quality assured candidates to our Clients, hence why we require Referee contact details.
Finally, it is perhaps rather obvious, that for safety reasons, emergency contact details are a standard requirement of any establishment, including WORK CHANNEL.
Work Channel may be legally obliged to process data, as stated in Article 6 (1) (c) of the GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject.
Finally, under legal circumstances, we will be obligated to share your personal data in conjunction with any crime-related activities, to official authorities, or in relation to any legal claim.
Work Channel may be obliged to process data with the view of the public interest in consideration, as stated in Article 6 (1) (e) of the GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
What happens in case of Breach of our duty to take care of your personal data:
Notification of a personal data breach to the supervisory authority
In case of a personal data breach, we will, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Commissioner for the protection of personal data in Cyprus (“The Commissioner”), unless the personal data breach is unlikely to result in a risk to your rights and freedoms.
Where the notification to the Commissioner is not made within 72 hours, it shall be accompanied by reasons for the delay.
The notification referred to above shall:
a) describe the nature of the personal data breach;
b) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
c) describe the likely consequences of the personal data breach;
d) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects;
e) set out any other piece of information considered necessary.
Communication of a personal data breach to the data subject
When the personal data breach is likely to result in a high risk to your rights and freedoms, then we will communicate the personal data breach to you without undue delay.
The above-mentioned communication to you will describe in clear and plain language the nature of the personal data breach and contain at least the information and measures of the following:
a) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
b) describe the likely consequences of the personal data breach;
c) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects;
d) Any other piece information considered necessary.
The communication will not be effected if:
a) we have implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach
b) we have taken subsequent measures which ensure that the high risk of your rights and freedoms is no longer likely to materialise;
c) it would involve disproportionate effort.