Recruitment Privacy Notice

SCOPE OF PRIVACY NOTICE

1. Like most businesses, we hold and process a wide range of information, some of which relates to individuals who are applying to work for us. This Recruitment Privacy Notice explains the type of information we process, why we are processing it and how that processing may affect you.

The notice focuses on individuals who are applying to work for us and the data we process as part of that process. We have a separate Workplace Privacy Notice that applies to our current and former employees.

This Recruitment Privacy Notice comprises this document (the Core Notice) and the Supplementary Information in the Annex to this document.

The Supplementary Information section contains a Glossary, in which we explain what we mean by “personal data”, “processing”, “special personal data” and other terms used in this Recruitment Privacy Notice.

2. In brief, this Recruitment Privacy Notice explains:

  • what personal data we hold and why we process it;
  • the legal grounds that allow us to process your personal data;
  • where the data comes from, who gets to see it and how long we keep it;
  • how to access your personal data and other rights; and
  • how to contact us.

PERSONAL DATA – WHAT WE HOLD AND WHY WE PROCESS IT

3. We hold various types of data about the individuals who apply to work for us, including their personal details and work history. Further examples of the types of data we hold are given in the Supplementary Information.

We process this data for the purposes of our business, including management, administrative, employment and legal purposes.  The Supplementary Information provides more specific information on these purposes.

See Further information on the data we process and our purposes.

LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

4. Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts, more than one ground applies.  We have summarised these grounds as Contract, Legal Obligation, Legitimate Interests and Consent, and you can find further information on each in the Supplementary Information.  See Legal grounds for processing personal data.

WHERE THE PERSONAL DATA COMES FROM AND WHO GETS TO SEE IT

5. Some of the personal data that we process about you comes from you. For example, you tell us your contact details and work history as part of the recruitment process.  If you are joining us, you may provide your banking details.

Other personal data may come from third parties such as recruiters acting on your behalf or from your references.

Your personal data will be seen internally by managers, HR and, in some circumstances (if you join us) colleagues.  We will where necessary and as set out in this Recruitment Privacy Notice also pass your data outside the organisation, for example to people you are dealing with and background checking agencies.

Further information on this is provided in the Supplementary Information.  See Where the personal data comes from and Who gets to see your personal data?

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

6. We do not keep your personal data for any specific period but we will not keep it for longer than is necessary for our purposes. In general, if you become employed by us we will keep your personal data for the duration of your employment and for a period afterwards.  If you are unsuccessful in gaining employment with us, we will likely keep your personal data for a short period after informing you that you were unsuccessful.

See Retaining your personal data – more information in the Supplementary Information.

TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA

7. We may transfer your personal data outside the EEA to members of our group and third parties who process data on our behalf.

Further information on these transfers and the measures taken to safeguard your personal data are set out in the Supplementary Information under Transfers of personal data outside the EEA – more information.

YOUR PERSONAL DATA RIGHTS

8. You have a right to make a subject access request to receive information about the personal data that we process about you. Further information on this and on other rights is in the Supplementary Information under Access to your personal data and other rights. We also explain how to make a complaint about our processing of your data.

CONTACT DETAILS

9. In processing your personal data, we act as a “data controller”. Our contact details are as follows:

General Contact in the EEA:

Ann Coyne

Finance Director
15 Fitzwilliam Quay
Dublin 4
Ireland
Email: [email protected]

Contact at our corporate headquarters:
Joe Robertson

Senior Vice President
FleishmanHillard
200 No. Broadway
St. Louis, Missouri 63102
Email: [email protected]

In Germany, we have appointed a data protection officer whose role in relation to data protection includes informing and advising us and those of our employees who are involved in processing data of their obligations under data protection legislation.  The contact details of the data protection officer in Germany is as follows:

Magnus Grünheidt, Volljurist
Justiziar
datenschutz süd GmbH
Niederlassung Köln
Oskar-Jäger-Str. 50
50825 Köln
Germany

Email: [email protected]

STATUS OF THIS NOTICE

10. This Recruitment Privacy Notice does not form part of any contract of employment you might enter into and does not create contractual rights or obligations. It may be amended by us at any time.

ANNEX TO CORE NOTICE

SUPPLEMENTARY INFORMATION

GLOSSARY

1.Personal data” is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.

Personal data “processed automatically” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device.  It covers data derived from equipment such as access passes within a building, data on use of vehicles and sound and image data such as CCTV or photographs.

Processing” means doing anything with the data.  For example, it includes collecting it, holding it, disclosing it and deleting it.

Special personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data. These types of data are subject to special protection under the law.

References in the Recruitment Privacy Notice to “employment”, “work” and similar expressions include any arrangement under which an individual works for us or provides services to us, or applies to provide services.  This includes individuals who are our employees and also those who provide services under a freelance or independent contractor arrangement.  Similarly, when we mention an “employment contract”, this should be taken to include any contract with an employee, a freelancer or a contractor; and when we refer to ending your potential “employment”, that includes terminating a freelance engagement or a contract for services.

We use the word “you” to refer to anyone within the scope of this Recruitment Privacy Notice.

LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

WHAT ARE THE GROUNDS FOR PROCESSING DATA?

2. Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts more than one ground applies.  We have summarised these grounds as Contract, Legal obligation, Legitimate Interests and Consent and outline what those terms mean in the following table.

Term Ground for processing Explanation
Contract Processing necessary for performance of a contract with you or to take steps at your request to enter a contract This covers carrying out our contractual duties and exercising our contractual rights.
Legal obligation Processing necessary to comply with our legal obligations Ensuring we perform our legal and regulatory obligations.  For example, providing a safe place of work and avoiding unlawful discrimination.
Legitimate Interests Processing necessary for our or a third party’s legitimate interests We (and third parties) have legitimate interests in carrying on, managing and administering our respective businesses.  Part of managing businesses will involve the processing of your personal data.  Your data will not be processed if, in processing your data, your interests, rights and freedoms related to the data override the businesses’ interests in processing the data for businesses purposes.
Consent You have given specific consent to processing your data In general processing of your data in connection with employment is not conditional on your consent.  But there may be occasions where we do specific things such as provide a reference and rely on your consent to do so.

PROCESSING SPECIAL PERSONAL DATA

3. If we process special personal data about you (for example (but without limitation), processing your health records to assist us in ensuring that we provide you with reasonable adjustments during any recruitment process), as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing special personal data applies. In outline, these include:

  • Processing being necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law or collective agreement;
  • Processing relating to data about you that you have made public (e.g. if you have told us you are ill);
  • Processing being necessary for the purpose of establishing, making or defending legal claims;
  • Processing being necessary to provide any necessary reasonable adjustments during the recruitment process.

FURTHER INFORMATION ON THE PERSONAL DATA WE PROCESS AND OUR PURPOSES

4. The purposes for which we process your personal data, examples of the personal data that may be processed and the grounds on which we process it are set out in the table below.

The examples in the table cannot, of course, be exhaustive.  For example, although the table does not mention personal data relating to criminal offences, if we were to find out that someone applying to work for us was suspected of committing a criminal offence, we might process that information if relevant for our purposes.

Purpose Examples of personal data that may be processed Grounds for processing
Recruitment Standard data related to your identity (e.g. your name, address, email address, ID information and documents, telephone numbers, place of birth, nationality, contact details, professional experience and education (including university degrees, academic records, professional licenses, memberships and certifications, awards and achievements, and current and previous employment details), financial information (including current salary information) language skills, and any other personal data that you present us with as part of your application related to the fulfilment of the role.

Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to work.

If necessary, we will also process information concerning your health, any disability and in connection with any adjustments to working arrangements.

Please note also that we may process your personal data in relation to an application for one job, in relation to an application for another job for which we feel you may be suitable.

Contract

Legal obligation

Legitimate interests

Administering our recruitment process Evaluating your experience and qualifications against the requirements of the position you are applying for.

Administering our online careers portal.

Communicating with you in respect of any offer of employment we choose to make and providing you with information about our onboarding process.

Contract

Legal obligation

Legitimate interests

Entering into a contract with you (if you are made an offer by us) Information on your terms of employment from time to time including your hours and working patterns, your pay and benefits, such as your participation in pension arrangements, life and medical insurance; and any bonus or share schemes.

 

Contract

Legal obligation

Legitimate interests

Contacting  you or others on your behalf For the purpose of gathering references. Contract

Legitimate interests

Financial planning and budgeting Information such as your proposed salary and (if applicable) envisaged bonus levels. Legitimate interests
Physical and system security CCTV images upon attendance for interview at our premises.

 

Legal obligation

Legitimate interests

Providing information to third parties in connection with transactions that we contemplate or carry out Information on any offer made to you and your proposed contract and other employment data that may be required by a party to a transaction such as a prospective purchaser, seller or outsourcer. Legitimate interests
Monitoring of diversity and equal opportunities Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age as part of diversity monitoring initiatives. Such data will aggregated and used for equality of opportunity monitoring purposes. Please note we may share aggregated and anonymized diversity statistics with regulators if formally required / requested. Legitimate interests
Disputes and legal proceedings Any information relevant or potentially relevant to a dispute or legal proceeding affecting us. Legitimate interests

Legal obligation

Please note that if you accept an offer from us the business will process further information as part of the employment relationship. We will provide you with our full Workplace Privacy Notice as part of the on-boarding process.

WHERE THE PERSONAL DATA COMES FROM

5. When you apply to work for us the initial personal data about you that we process is likely to come from you: for example, contact details, bank details and information on your immigration status and whether you can lawfully work.  We may also require references and information to carry out background checks.  If you have concerns about this in a particular context, you should speak to your recruiter or our HR department.

Please note we may also receive data from third party recruiters, agents and similar organisations as a part of the recruitment process.

WHO GETS TO SEE YOUR PERSONAL DATA?

Internal use

6. Your personal data may be disclosed to managers, HR and administrators for the purposes of your application as mentioned in this document. We may also disclose this to other members of our group and to Omnicom for the same purposes.

External use

7. We will only disclose your personal data outside our group if disclosure is consistent with one or more of our legal grounds for processing and if doing so is lawful and fair to you.

We may disclose your personal data if it is necessary for our legitimate interests as an organisation or the interests of a third party, such as if we use a recruitment portal managed by a third party provider we may send your personal data on to that third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy).

We may also disclose your personal data outside the group:

  • if you consent to the disclosure;
  • where we are required to do so by law; or
  • in connection with criminal or regulatory investigations.

8. Specific circumstances in which your personal data may be disclosed include:

  • Disclosure to organisations that process data on our behalf such as our payroll service, insurers and other benefit providers, our bank and organisations that host our IT systems and data. This would normally occur if you accept an offer from us and would be carried out as part of the on-boarding process;
  • To third party recruitment consultants and similar businesses (including online recruitment portals) as a part of the recruitment process.

RETAINING YOUR PERSONAL DATA – MORE INFORMATION

9. Although there is no specific period for which we will keep your personal data, we will not keep it for longer than is necessary for the purposes described in this Recruitment Privacy Notice. In general if you are successful in becoming employed by us, we will keep your personal data for the duration of your employment and for a period afterwards.    If you are unsuccessful in gaining employment with us, we will likely keep your personal data for a short period after informing you that you were unsuccessful.  In considering how long to keep your data, we will take into account its relevance to our business and your potential employment either as a record or in the event of a legal claim.

If your data is only useful for a short period (for example, CCTV footage data) we will delete it.

Personal data relating to job applicants (other than the person who is successful) will be deleted in compliance with applicable law.

TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA – MORE INFORMATION

10. In connection with our business and for employment, administrative, management and legal purposes, we may transmit personal data outside the EEA to certain categories of third parties and more specifically to: (1) our headquarters in St. Louis, Missouri, United States (“US”); (2) our different offices in the US and other locations globally; (3) our affiliated entities in the US or in other locations globally.

11. In particular when transferring your personal data outside the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented: (1) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; (2) where we use certain service providers, we may use specific contracts approved by the European Commission referred to as the “model clauses” which give personal data the same protection it has in Europe; or (3) where we have partners or suppliers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

12. Please note that FleishmanHillard in the US complies with the Privacy Shield Principles of the EU-US Privacy Shield framework as set forth by the U.S Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union to the United States. This forms the safeguard for transfers of HR data to FleishmanHillard entities in the US. More about FleishmanHillard’s Privacy Shield certification can be found on our main Privacy Notice available at https://fleishmanhillard.com/privacy-policy-general/.

ACCESS TO YOUR PERSONAL DATA AND OTHER RIGHTS

13. We try to be as open as we reasonably can about personal data that we process. If you would like specific information about your data, just ask us.

You also have a legal right to make a “subject access request”.  If you exercise this right and we hold personal data about you, we are required to provide you with information on it, including:

  • Giving you a description and copy of the personal data; and
  • Telling you why we are processing it

If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.

As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted.  If you have provided us with data about yourself (for example your address or bank details), and the ground for processing is Consent or Contract, you have the right to be given the data in machine readable format for transmitting to another data controller.

If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.

COMPLAINTS

14. If you have complaints relating to our processing of your personal data, you should raise these with HR in the first instance or with our Data Protection Officer, where applicable. You may also raise complaints with the Information Commissioner who is the statutory regulator.  For contact and other details ask HR or see:  https://ico.org.uk/ICO.