Privacy Notice – Job Candidates

1. Introduction

 

This privacy notice (referred to as the “Notice”) outlines how A.M. Mangion Ltd, bearing registration number C4112, with its registered address at Mangion Building, New Street off Valletta Road, Luqa, (referred to as the “Company”, “Organisation”, “we” or “us”), collects and processes Personal Data relating to job applicants and candidates seeking employment opportunities.

 

A.M. Mangion LTD is committed to protecting the privacy and security of Personal Data in accordance with the General Data Protection Regulation EU 2016/679 (“GDPR”, “Regulation”), the Data Protection Act (Chapter 586 of the Laws of Malta – “the DPA”) and any regulation, guidelines or directives, delegated or subordinated legislation in force from time to time, collectively called “Applicable Data Protection Law”.

 

2. Scope and purpose

 

This Privacy Notice (hereinafter referred to as the “Notice”) applies to all job candidates in respect of vacancy/s for any role/s within the Company. Its purpose is to provide an explanation of how we collect and use your Personal Data, as well as the reasons for such usage. Additionally, this Notice outlines your rights under the Applicable Data Protection Law and provides further information regarding the security measures adopted to ensure confidentiality of information in connection with our recruitment processes.

 

3. Definitions

 

The definition of “Personal Data”, “Automated Decision”, “Data Controller”, “Profiling”, “Processing”, and “Special Category of Data” have the same meaning of GDPR.

 

4. Controller Details

 

The Data Controller of your Personal Data is A.M. Mangion Ltd, a company registered in Malta bearing company registration number C4112 and having its registered address at Mangion Building, New Street off Valletta Road, Luqa (the “Controller”). You can contact us at gdpr@ammangion.com

 

5. Where do we collect the information from?

 

The Personal Data we process is usually collected directly from you through the application (whether submitted in electronic or physical form), or indirectly through recruitment platforms and agencies.

 

6. What information do we collect?

 

We may collect and process some or all of the following Personal Data from you:

 

  • Personal details such as name, surname, temporary or permanent address, DOB and place of birth.
  • Contact details such as email address, mobile, or telephone number.
  • Work history/job data, CV’s and covering letters, previous employers, positions, dates, professional qualifications, skills and experience.
  • Interview assessments, notes and recordings.

 

7. If you fail to provide Personal Data

 

If you fail to provide Personal Data when requested, which is necessary for us to consider your application (including evidence of qualifications or work history), we may not be able to process your application and proceed with or finalise the recruitment process any further.

 

8.  How do we use information about you?

 

We process your Personal Data for the following purposes based on the following lawful bases:

 

  • Based on the performance of a contract or in order to take steps prior to entering into a contract for example when we use your Personal Data to assess the skills, qualifications and suitability for the role and when we assess whether to enter into a contract with you.
  • Based on compliance with legal processes or enforceable governmental requests/actions and with legal and regulatory obligations emanating from the applicable laws and regulations, including in case of audit activities from our Marketing Authorization Holders.
  • Based on the Company’s legitimate interest in processing your Personal Data, for instance when we manage the recruitment process, when we communicate and negotiate with you, when we have to respond to and defend against legal claims, when we have to exercise a Company legal right and when we have to protect our rights and property.

 

Where we process your Personal Data in reliance on article 6(1)(f) GDPR, we ensure that our legitimate interest does not override your interests or fundamental rights and freedoms which require protection of Personal Data.

 

It may sometimes be necessary to process sensitive or Special Category of Data to comply with equal opportunities obligations or with any obligation arising from employment, social security and social protection law. In these instances, the Processing is based on the appropriate legal grounds, including those provided by art. 9 GDPR.

 

9.  Who do we disclose your information to?

 

We may share your Personal Data with:

 

  • Internal departments, functions and individuals within the Company, limiting access to what is required or needed by each individual in the recruitment process. This includes members of the human resources department, interviewers, managers and heads of departments who need to process your data in their respective areas.
  • External recruitment agencies and providers.
  • Professional advisors, trusted service providers and suppliers we are using to run our business, including systems, cloud and database providers, agents, or independent contractors providing services to the Company.
  • Authorities, courts and law enforcement bodies where such disclosures are permitted or required pursuant to Applicable Data Protection Law.
  • In the event that we are acquired by or merged with a third-party entity, or in the event of bankruptcy or a comparable event, or in the event of restructuring of the business, we reserve the right to transfer or assign Personal Data in connection with the foregoing events, when allowed or imposed by Applicable Data Protection Law and in compliance with legal and regulatory requirements.

 

10.  How do we protect your personal information?

 

The Company has put in place reasonable security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your Personal Data to authorised personnel on a need-to-know basis. They will only process your Personal Data on the Company’s instructions or where the task or job at hand demands such access in order to be able to carry out a certain function or perform a certain job. We also provide education and training to relevant staff to ensure they are aware of our privacy obligations when handling Personal Data.

 

We have put in place procedures to deal with any suspected data security breach and will notify you and the Supervisory Authority of a suspected breach where we are legally required to do so.

 

11.  How long do we retain your information for?

 

We will only retain Personal Data relating to you for as long as is necessary (taking into consideration the purpose for which it was originally obtained). We establish the retention period taking into account several factors and criteria, which includes but is not limited to any retention period set out by legal or regulatory requirements. We also take into consideration the time periods established by law, regulations and directives to exercise legal actions, to defend rights, to carry out procedural actions. Thereafter, Personal Data shall be immediately and irrevocably erased.

 

If your application for employment is unsuccessful, we will retain your Personal Data (including the CV) for a period of 4 months from the closing date of the job posting.

 

If your application for employment is successful and you accept an offer of employment with us, any relevant Personal Data gathered during the recruitment process will become part of your personal records stored by the Human Resources Department and will be retained in accordance to our internal policies for employment purposes.

 

With your consent, we might keep your CV on file for future reference. This would enable us to reach out to you in the event of any suitable vacancies aligning with your profile. Where consent was sought and given, we will retain your CV for a period of 6 months starting from when you gave us your consent.

 

We might retain your data for a longer period of time based on our legitimate interest to comply with our legal obligation, in case of a legal proceeding/audit or inspection form Authorities.

 

12.  What are your rights?

 

As a data subject, you have various rights in relation to your Personal Data. In particular, you have the following rights:

 

  • Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  • Request rectification of Personal Data that we hold about you.
  • Request erasure of your Personal Data (where applicable). This enables you to ask the Company to delete or remove personal information where there is no good reason for us continuing to process it.
  • Object to the processing of your Personal Data (where applicable) where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to the processing on this ground.
  • Request that we provide you with any Personal Data that you may have provided us, in a structured, commonly used and machine-readable format;
  • Request the restriction of processing of your Personal Data.
  • Request that we transmit your Personal Data directly to you or to another controller indicated by you (to the extent the processing is based on consent or a contract).

 

Although all reasonable efforts will be made to keep your information updated, you are kindly requested to inform us of any change referring to the Personal Data we hold about you.  In any case, if you consider that certain information about you is inaccurate, you may request rectification of such data, as explained above.

 

Please note that the above rights are not absolute and that they can be subject to specific legal requirements or exemptions and therefore may not always be applicable.

 

There is no charge for the provision of this information except in circumstances where the request is manifestly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances. The Company may withhold certain information which is exempt from the right of subject access in accordance with Applicable Data Protection Law.

 

We may need to request specific information from you to help us confirm your identity and ensure the exercise of your rights. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

To exercise any of your rights, file a complaint relating to your privacy or if you have any other questions about our use of your Personal Data, please contact us at gdpr@ammangion.com

 

If you are unsatisfied with the way we have handled your Personal Data or any privacy query or request that you have raised with us, you also have a right to complain with the Office of the Information and Data Protection Commissioner (IDPC). For further information on how to file a complaint visit the IDPC website (www.idpc.gov.mt).

 

13.  Automated decision making

 

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. The Company does not currently make any automated decisions about Job Candidates without human intervention.

 

14.  Transfer of Personal Data outside the EU

 

We may transfer your data outside the European Economic Area (“EEA”). When the recipient and/or third party situated in a jurisdiction outside of the EU has not received an adequacy decision issued by the European Commission (Art. 45 GDPR), the transmission of data shall be subject to appropriate safeguards within the meaning of Article 46(1) of Regulation (EU) 2016/679, which might include the Standard Contractual Clauses (SCCs). You can obtain a copy of the Standard Contractual Clauses (SCCs) by contacting us at gdpr@ammangion.com

 

15.  Change of purpose

 

The Company will only use Personal Data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated or new purpose, we will notify you and will explain the legal basis which allows us to do so.

 

16.  Updates to this Privacy Notice

 

We may update this Privacy Notice at our sole discretion including as a result of a change in the Applicable Data Protection Law or processing activities. To let you know when we make changes to this Notice, we will amend the revision date of this page. The new modified or amended Notice will apply from that revision date. Therefore, we encourage you to periodically review this Notice to be informed about how we are processing your information. We may also notify you in other ways from time to time about the processing of your personal information.

 

Last Updated Date 15/01/24