Privacy and Cookie Policy

We (that’s us, Derivco) hope your stay here is a happy one, but please note that while we make every reasonable effort to ensure the information published on this website is accurate, complete and up to date, we cannot guarantee that there are no mistakes or omissions contained therein, or that any published content is not outdated or inaccurate at the time you download, access or receive it.

We shall not be held liable in contract, tort, delict, negligence or otherwise for any direct, incidental, indirect or consequential damages arising from your use of this website. Please note that we do not accept responsibility for the veracity, relevance or usefulness of any advice or information provided on external websites, nor do we endorse their content or accept liability for any damage, loss or harm resulting from your use of them.

Please also be aware that you are not permitted to share, modify or redistribute any part of this website, in whole or part, without our express consent.

Why are we working together?

A match made in engineering heaven.

While we are separate businesses, we share the same view on what makes a brilliant working culture and between us have more knowledge of the gaming world than anyone else. That’s why we use all of this shared insight to offer up some of the best roles in the industry.

As pioneers and leaders within the gaming world we’re able to support each other in finding the best talent in the market. We understand what makes each other tick and we use all of our shared insight to offer up some of the best roles in the industry.

Our shared philosophy around what great looks like across the gaming industry comes to life through our ambitious common goal – to attract and retain the very best talent in the market.

Please refer to the Privacy Policy of the Company you are applying to below:

Derivco Australia

Privacy and Cookie Policy

Welcome to our website privacy notice (Website Privacy Notice).  We are Derivco Australia PTY Ltd of 36 / 340 Hope Island Road, Hope Island, Queensland, Australia, 4212 (“Derivco”). We are committed to being fully compliant with all applicable data protection legislation and the General Data Protection Regulation (GDPR) as applied in respect of personal data, as well to safeguarding the rights and freedoms of natural persons whose information we collect.

This Website Privacy Notice is broken down into segments that cover specific areas, below are the categories covered, please scroll down to read the whole notice in detail. Please also use the Glossary to understand the meaning of some of the terms used in this Website Privacy Notice.

  1. Important information and who we are
  2. Personal data we collect, and how we use your personal data
  3. Disclosures of your personal data
  4. International transfers
  5. Data security
  6. Data retention
  7. Your legal rights
  8. Glossary
  1. Important information and who we are

Purpose of this Website Privacy Notice

This Website Privacy Notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our vacancy notifications.

This website is only intended for adults over the age of 18, and we do not knowingly collect data from anyone under this age.

It is important that you read this Website Privacy Notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data.  This privacy notice supplements the other notices and is not intended to override them.

Controller

We are the Controller of all personal data relating to our personnel and personal data used in our business for our own commercial purpose.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Website Privacy Notice.  If you have any questions about this Website Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact details

The Data Protection Officer

DPO@localhost

36 / 340 Hope Island Road, Hope Island, Queensland, Australia, 4212

You have the right to make a complaint at any time to the relevant Information Commissioner, the Australian Information Commissioner for data protection issues (https://www.oaic.gov.au/). We would, however, appreciate the chance to deal with your concerns before you approach the above mentioned so please contact us in the first instance.

Changes to the Website Privacy Notice and your duty to inform us of changes

This version was last updated on 21 June 2022

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice of every website you visit.

  1. Personal data we collect, and how we use your personal data

We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract, we are about to enter into, or have entered into, with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have given us consent to use your data
  • Where we need to comply with a legal or regulatory obligation.

These are explained further in section 8 (Glossary) below.

Purposes for which we will use your personal data

We have set out below a description of how we plan to use your personal data, and which of the legal basis we rely on to do so.

  1. Use of cookies and web beacons

Cookies are small files that websites save to your hard disk or to your browser’s memory. The cookies used on our Site are listed below.
You have the ability to accept or decline cookies. Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your computer. If you choose to decline cookies, you may not be able to fully experience the features of our Site or other websites that you visit.
We will be making use of cookies on our Site. We will use both session and persistent cookies. These will be used to authenticate users and prevent fraudulent use of user accounts. We also use analytics cookies to track information on how the Site is used so that we can make improvements. We may also use analytics cookies to test new advertisements, pages, features or new functionality of the Site to see how our users react to them. Finally, we may use various third-party cookies to report usage statistics of the Site and deliver advertisements on and through the Site, including:

  • Sitecore
  • Conversion Tracking
  • Social Media Tools
Cookie Purpose/Content Expiry
seen-cookie-message Used to store a user’s viewing of privacy policy message. If a user has seen this message, a value of ‘yes’ is stored so the message is not displayed again. Message appears again after cookie expires.  14 days

 

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use, or disclosure. For example, we store the personal data you provide on computer systems with limited access that are located in facilities to which access is limited.

  1. Career Opportunities

What information does the company collect and how?

Derivco collects a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • any personal data you have included in your curriculum vitae (CV) for example date of birth, marital status etc.;
  • details of your qualifications, skills, experience and employment history;
  • information from interviews and phone-screenings you may have;
  • information about your current level of remuneration, including benefit entitlements; and
  • information about your entitlement for employment;

We may collect this information in a variety of ways. For example, data might be contained in application forms or CVs (including when these are sent to us through this website, or from Employment Agencies, as part of speculative applications, referrals or queries), obtained from your passport or other identity documents, or collected through interviews or other methods of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer has been made to you.

Data will be stored in a range of different places, including on your application record, in our HR management systems and our email system.

We use Workday to process your job application.  Workday may collect data on the usage of their site or require the use of cookies as per their Privacy Policy (https://www.workday.com/en-us/privacy.html)

Why do we process the data?

Derivco has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work before employment starts.

We will not use your data for any purpose other than the recruitment process of which you are a part and as part of the onboarding process if you are successful in your application.

Who has access to data?

Your information may be shared for the purposes of the recruitment process. This includes sharing with members of the HR team, interviewers involved in the recruitment process, and managers in the business area with a vacancy.  The sharing of your data may be with recruitment specialists within approved third parties if their access to your data is necessary for the recruitment process at Derivco.

We will not share your personal data with other third parties, unless your application for employment is successful and we make you an offer of employment. We will then share only what is necessary of your personal data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.

In addition, we may need to share your personal information with a regulator or other wise to comply with the law.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at DPO@localhost.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. Disclosures of your personal data

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

  1. International transfers

In respect of Australian citizens, we will not transfer your personal data to a country outside of Australia unless safeguards are in place to protect your personal data to the standards that apply within Australia.

  1. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

In some circumstances you can ask us to delete your personal data: see the Glossary below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

  1. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

These rights are explained further in section 8 (Glossary) below.  If you wish to exercise any of the rights set out above, please contact us

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month.  Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.

  1. Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.  We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.  We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).  You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Consent means processing your data where you have given a clear indication that you agree to the processing of your personal data.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”).  This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you.  This enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.

Request erasure of your personal data.  This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal information unlawfully or where we are required to erase your personal data to comply with local law.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.  You also have the right to object where we are processing your personal data for direct marketing purposes.  In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data.  This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party.  We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data.  However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain products or services to you.  We will advise you if this is the case at the time you withdraw your consent.       

Derivco IOM

Privacy and Cookie Policy

Welcome to our website privacy notice (Website Privacy Notice).  We are Derivco Isle of Man Limited of Twenty-Six, Belmont Terrace, Douglas, Isle of Man, IM1 4NH (“Derivco”). We are committed to being fully compliant with all applicable data protection legislation and the General Data Protection Regulation (GDPR) as applied in respect of personal data, as well to safeguarding the rights and freedoms of natural persons whose information we collect.

This Website Privacy Notice is broken down into segments that cover specific areas, below are the categories covered, please scroll down to read the whole notice in detail. Please also use the Glossary to understand the meaning of some of the terms used in this Website Privacy Notice.

  1. Important information and who we are
  2. Personal data we collect, and how we use your personal data
  3. Disclosures of your personal data
  4. International transfers
  5. Data security
  6. Data retention
  7. Your legal rights
  8. Glossary
  1. Important information and who we are

Purpose of this Website Privacy Notice

This Website Privacy Notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our vacancy notifications.

This website is only intended for adults over the age of 18, and we do not knowingly collect data from anyone under this age.

It is important that you read this Website Privacy Notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data.  This privacy notice supplements the other notices and is not intended to override them.

Controller

We are the Controller of all personal data relating to our personnel and personal data used in our business for our own commercial purpose.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Website Privacy Notice.  If you have any questions about this Website Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact details

The Data Protection Officer

DPO@localhost

Twenty-Six, Belmont Terrace, Douglas, Isle of Man, IM1 4NH

You have the right to make a complaint at any time to the relevant Information Commissioner, the Isle of Man supervisory authority for data protection issues (www.inforights.im). We would, however, appreciate the chance to deal with your concerns before you approach the above mentioned so please contact us in the first instance.

Changes to the Website Privacy Notice and your duty to inform us of changes

This version was last updated on 21 June 2022

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice of every website you visit.

  1. Personal data we collect, and how we use your personal data

We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract, we are about to enter into, or have entered into, with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have given us consent to use your data
  • Where we need to comply with a legal or regulatory obligation.

These are explained further in section 8 (Glossary) below.

Purposes for which we will use your personal data

We have set out below a description of how we plan to use your personal data, and which of the legal basis we rely on to do so.

  1. Use of cookies and web beacons

Cookies are small files that websites save to your hard disk or to your browser’s memory. The cookies used on our Site are listed below.
You have the ability to accept or decline cookies. Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your computer. If you choose to decline cookies, you may not be able to fully experience the features of our Site or other websites that you visit.
We will be making use of cookies on our Site. We will use both session and persistent cookies. These will be used to authenticate users and prevent fraudulent use of user accounts. We also use analytics cookies to track information on how the Site is used so that we can make improvements. We may also use analytics cookies to test new advertisements, pages, features or new functionality of the Site to see how our users react to them. Finally, we may use various third-party cookies to report usage statistics of the Site and deliver advertisements on and through the Site, including:

  • Sitecore
  • Conversion Tracking
  • Social Media Tools
Cookie Purpose/Content Expiry
seen-cookie-message Used to store a user’s viewing of privacy policy message. If a user has seen this message, a value of ‘yes’ is stored so the message is not displayed again. Message appears again after cookie expires.  14 days

 

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use, or disclosure. For example, we store the personal data you provide on computer systems with limited access that are located in facilities to which access is limited.

  1. Career Opportunities

What information does the company collect and how?

Derivco collects a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • any personal data you have included in your curriculum vitae (CV) for example date of birth, marital status etc.;
  • details of your qualifications, skills, experience and employment history;
  • information from interviews and phone-screenings you may have;
  • information about your current level of remuneration, including benefit entitlements; and
  • information about your entitlement for employment;

We may collect this information in a variety of ways. For example, data might be contained in application forms or CVs (including when these are sent to us through this website, or from Employment Agencies, as part of speculative applications, referrals or queries), obtained from your passport or other identity documents, or collected through interviews or other methods of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer has been made to you.

Data will be stored in a range of different places, including on your application record, in our HR management systems and our email system.

We use Workday to process your job application.  Workday may collect data on the usage of their site or require the use of cookies as per their Privacy Policy (https://www.workday.com/en-us/privacy.html)

Why do we process the data?

Derivco has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work before employment starts.

We will not use your data for any purpose other than the recruitment process of which you are a part and as part of the onboarding process if you are successful in your application.

Who has access to data?

Your information may be shared for the purposes of the recruitment process. This includes sharing with members of the HR team, interviewers involved in the recruitment process, and managers in the business area with a vacancy.  The sharing of your data may be with recruitment specialists within approved third parties if their access to your data is necessary for the recruitment process at Derivco.

We will not share your personal data with other third parties, unless your application for employment is successful and we make you an offer of employment. We will then share only what is necessary of your personal data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.

In addition, we may need to share your personal information with a regulator or other wise to comply with the law.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at DPO@localhost.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. Disclosures of your personal data

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

  1. International transfers

We may need to transfer your data outside of the European Economic Area (EEA).

  1. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

In some circumstances you can ask us to delete your personal data: see the Glossary below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

  1. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

These rights are explained further in section 8 (Glossary) below.  If you wish to exercise any of the rights set out above, please contact us

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month.  Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.

  1. Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.  We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.  We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).  You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Consent means processing your data where you have given a clear indication that you agree to the processing of your personal data.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”).  This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you.  This enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.

Request erasure of your personal data.  This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal information unlawfully or where we are required to erase your personal data to comply with local law.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.  You also have the right to object where we are processing your personal data for direct marketing purposes.  In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data.  This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party.  We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data.  However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain products or services to you.  We will advise you if this is the case at the time you withdraw your consent.

Derivco Ipswich

Privacy and Cookie Policy

Welcome to our website privacy notice (Website Privacy Notice).  We are Derivco Ipswich Limited of Crown House, Crown St, Ipswich IP1 3HS, United Kingdom (“Derivco”). We are committed to being fully compliant with all applicable data protection legislation, EU General Data Protection Regulation (GDPR) and the United Kingdom General Data Protection Regulation (UK-GDPR) as applied in respect of personal data, as well to safeguarding the rights and freedoms of natural persons whose information we collect.

This Website Privacy Notice is broken down into segments that cover specific areas, below are the categories covered, please scroll down to read the whole notice in detail. Please also use the Glossary to understand the meaning of some of the terms used in this Website Privacy Notice.

  1. Important information and who we are
  2. Personal data we collect, and how we use your personal data
  3. Disclosures of your personal data
  4. International transfers
  5. Data security
  6. Data retention
  7. Your legal rights
  8. Glossary
  1. Important information and who we are

Purpose of this Website Privacy Notice

This Website Privacy Notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our vacancy notifications.

This website is only intended for adults over the age of 18, and we do not knowingly collect data from anyone under this age.

It is important that you read this Website Privacy Notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data.  This privacy notice supplements the other notices and is not intended to override them.

Controller

We are the Controller of all personal data relating to our personnel and personal data used in our business for our own commercial purpose.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Website Privacy Notice.  If you have any questions about this Website Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact details

The Data Protection Officer

DPO@localhost

Crown House, Crown St, Ipswich IP1 3HS, United Kingdom

You have the right to make a complaint at any time to the relevant Information Commissioner, the United Kingdom Information Commissioner for data protection issues (https://ico.org.uk/). We would, however, appreciate the chance to deal with your concerns before you approach the above mentioned so please contact us in the first instance.

Changes to the Website Privacy Notice and your duty to inform us of changes

This version was last updated on 21 June 2022

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice of every website you visit.

  1. Personal data we collect, and how we use your personal data

We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract, we are about to enter into, or have entered into, with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have given us consent to use your data
  • Where we need to comply with a legal or regulatory obligation.

These are explained further in section 8 (Glossary) below.

Purposes for which we will use your personal data

We have set out below a description of how we plan to use your personal data, and which of the legal basis we rely on to do so.

  1. Use of cookies and web beacons

Cookies are small files that websites save to your hard disk or to your browser’s memory. The cookies used on our Site are listed below.
You have the ability to accept or decline cookies. Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your computer. If you choose to decline cookies, you may not be able to fully experience the features of our Site or other websites that you visit.
We will be making use of cookies on our Site. We will use both session and persistent cookies. These will be used to authenticate users and prevent fraudulent use of user accounts. We also use analytics cookies to track information on how the Site is used so that we can make improvements. We may also use analytics cookies to test new advertisements, pages, features or new functionality of the Site to see how our users react to them. Finally, we may use various third-party cookies to report usage statistics of the Site and deliver advertisements on and through the Site, including:

  • Sitecore
  • Conversion Tracking
  • Social Media Tools
Cookie Purpose/Content Expiry
seen-cookie-message Used to store a user’s viewing of privacy policy message. If a user has seen this message, a value of ‘yes’ is stored so the message is not displayed again. Message appears again after cookie expires.  14 days

 

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use, or disclosure. For example, we store the personal data you provide on computer systems with limited access that are located in facilities to which access is limited.

  1. Career Opportunities

What information does the company collect and how?

Derivco collects a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • any personal data you have included in your curriculum vitae (CV) for example date of birth, marital status etc.;
  • details of your qualifications, skills, experience, and employment history;
  • information from interviews and phone-screenings you may have;
  • information about your current level of remuneration, including benefit entitlements; and
  • information about your entitlement for employment;

We may collect this information in a variety of ways. For example, data might be contained in application forms or CVs (including when these are sent to us through this website, or from Employment Agencies, as part of speculative applications, referrals, or queries), obtained from your passport or other identity documents, or collected through interviews or other methods of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer has been made to you.

Data will be stored in a range of different places, including on your application record, in our HR management systems and our email system.

We use Workday to process your job application.  Workday may collect data on the usage of their site or require the use of cookies as per their Privacy Policy (https://www.workday.com/en-us/privacy.html)

Why do we process the data?

Derivco has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work before employment starts.

We will not use your data for any purpose other than the recruitment process of which you are a part and as part of the onboarding process if you are successful in your application.

Who has access to data?

Your information may be shared for the purposes of the recruitment process. This includes sharing with members of the HR team, interviewers involved in the recruitment process, and managers in the business area with a vacancy.  The sharing of your data may be with recruitment specialists within approved third parties if their access to your data is necessary for the recruitment process at Derivco.

We will not share your personal data with other third parties unless your application for employment is successful and we make you an offer of employment. We will then share only what is necessary of your personal data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.

In addition, we may need to share your personal information with a regulator or other wise to comply with the law.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at DPO@localhost.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. Disclosures of your personal data

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

  1. International transfers

We may need to transfer your data outside of the European Economic Area (EEA).

  1. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.  In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

In some circumstances you can ask us to delete your personal data: see the Glossary below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

  1. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

These rights are explained further in section 8 (Glossary) below.  If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month.  Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests.  In this case, we will notify you and keep you updated.

  1. Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.  We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.  We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).  You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Consent means processing your data where you have given a clear indication that you agree to the processing of your personal data.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”).  This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you.  This enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.

Request erasure of your personal data.  This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal information unlawfully or where we are required to erase your personal data to comply with local law.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.  You also have the right to object where we are processing your personal data for direct marketing purposes.  In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data.  This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party.  We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data.  However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain products or services to you.  We will advise you if this is the case at the time you withdraw your consent. 

Derivco Malta

Privacy and Cookie Policy

Welcome to our website privacy notice (Website Privacy Notice).  We are Derivco Malta Limited of Level 3, 9 Empire Stadium Street, Gzira, Malta GZR1000 (“Derivco”). We are committed to being fully compliant with all applicable data protection legislation and the General Data Protection Regulation (GDPR) as applied in respect of personal data, as well to safeguarding the rights and freedoms of natural persons whose information we collect.

This Website Privacy Notice is broken down into segments that cover specific areas, below are the categories covered, please scroll down to read the whole notice in detail. Please also use the Glossary to understand the meaning of some of the terms used in this Website Privacy Notice.

  1. Important information and who we are
  2. Personal data we collect, and how we use your personal data
  3. Disclosures of your personal data
  4. International transfers
  5. Data security
  6. Data retention
  7. Your legal rights
  8. Glossary
  1. Important information and who we are

Purpose of this Website Privacy Notice

This Website Privacy Notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our vacancy notifications.

This website is only intended for adults over the age of 18, and we do not knowingly collect data from anyone under this age.

It is important that you read this Website Privacy Notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data.  This privacy notice supplements the other notices and is not intended to override them.

Controller

We are the Controller of all personal data relating to our personnel and personal data used in our business for our own commercial purpose.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Website Privacy Notice.  If you have any questions about this Website Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact details

The Data Protection Officer

DPO@localhost

Level 3, 9 Empire Stadium Street, Gzira, Malta GZR1000

You have the right to make a complaint at any time to the relevant Information Commissioner, the Malta Information and Data Protection Commissioner for data protection issues (https://idpc.org.mt/). We would, however, appreciate the chance to deal with your concerns before you approach the above mentioned so please contact us in the first instance.

Changes to the Website Privacy Notice and your duty to inform us of changes

This version was last updated on 21 June 2022

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice of every website you visit.

  1. Personal data we collect, and how we use your personal data

We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform a contract, we are about to enter into, or have entered into, with you.
  • Where it is necessary reasonably to protect our legitimate interests (or those of a third party) provided your interests and fundamental rights do not override those interests.
  • Where you have given us consent to use your data.
  • Where we need to comply with a legal or regulatory obligation.

These are explained further in section 8 (Glossary) below.

Purposes for which we will use your personal data

We have set out below a description of how we plan to use your personal data, and which of the legal basis we rely on to do so.

  1. Use of cookies and web beacons

Cookies are small files that websites save to your hard disk or to your browser’s memory. The cookies used on our Site are listed below.
You have the ability to accept or decline cookies. Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your computer. If you choose to decline cookies, you may not be able to fully experience the features of our Site or other websites that you visit.

We will be making use of cookies on our Site. We will use both session and persistent cookies. These will be used to authenticate users and prevent fraudulent use of user accounts. We also use analytics cookies to track information on how the Site is used so that we can make improvements. We may also use analytics cookies to test new advertisements, pages, features or new functionality of the Site to see how our users react to them. Finally, we may use various third-party cookies to report usage statistics of the Site and deliver advertisements on and through the Site, including:

  • Sitecore
  • Conversion Tracking
  • Social Media Tools
Cookie Purpose/Content Expiry
seen-cookie-message Used to store a user’s viewing of privacy policy message. If a user has seen this message, a value of ‘yes’ is stored so the message is not displayed again. Message appears again after cookie expires.  14 days

 

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use, or disclosure. For example, we store the personal data you provide on computer systems with limited access that are located in facilities to which access is limited.

  1. Data Processing in connection with Career Opportunities

What information does the company collect and how?

Derivco collects a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • any personal data you have included in your curriculum vitae (CV) for example date of birth, marital status etc.;
  • details of your qualifications, skills, experience and employment history;
  • information from interviews and phone-screenings you may have;
  • information about your current level of remuneration, including benefit entitlements; and
  • information about your entitlement for employment;

We may collect this information in a variety of ways. For example, data might be contained in application forms or CVs (including when these are sent to us through this website, or from Employment Agencies, as part of speculative applications, referrals, or queries), obtained from your passport or other identity documents, or collected through interviews or other methods of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer has been made to you.

Data will be stored in a range of different places, including on your application record, in our HR management systems and our email system.  Employee rights in connection with data processing may also be governed by other policies that are applicable to Derivco employees.

We use Workday to process your job application.  Workday may collect data on the usage of their site or require the use of cookies as per their Privacy Policy (https://www.workday.com/en-us/privacy.html)

Why do we process the data?

Derivco has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work before employment starts.

We will not use your data for any purpose other than the recruitment process of which you are a part and as part of the onboarding process if you are successful in your application.

Who has access to data?

Your information may be shared for the purposes of the recruitment process. This includes sharing with members of the HR team, interviewers involved in the recruitment process, and managers in the business area with a vacancy.  The sharing of your data may be with recruitment specialists within approved third parties if their access to your data is necessary for the recruitment process at Derivco.

We will not share your personal data with other third parties unless your application for employment is successful and we make you an offer of employment. We will then share only what is necessary of your personal data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.

In addition, we may need to share your personal information with a regulator or otherwise to comply with the law.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at DPO@localhost.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. Disclosures of your personal data

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

  1. International transfers

We may need to transfer your data outside of the European Economic Area (EEA), for example we may transfer your data to Workday (our HR service provider) which is located in Ireland. Where you are resident in the EEA and we transfer your data outside of the EEA to a third country which the European Commission has not recognized as providing adequate data protection, then the transfer will be done in accordance with applicable data protection legislation and following approved data transfer procedures such as the use of standard contract clauses approved by the European Commission, as offering adequate safeguards with respect to data protection. If you would like further information regarding the transfer of your personal data outside the EU/EEA please contract us, see contact details above.

  1. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.  In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

In some circumstances you can ask us to delete your personal data: see the Glossary below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

  1. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

These rights are explained further in section 8 (Glossary) below.  If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month.  Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.

  1. Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.  We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.  We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).  You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Consent means processing your data where you have given a clear indication that you agree to the processing of your personal data.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”).  This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you.  This enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.

Request erasure of your personal data.  This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal information unlawfully or where we are required to erase your personal data to comply with local law.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.  You also have the right to object where we are processing your personal data for direct marketing purposes.  In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data.  This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party.  We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data.  However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain products or services to you.  We will advise you if this is the case at the time you withdraw your consent.       

Derivco Spain

Privacy Policy

 

Welcome to our website privacy notice (Website Privacy Notice). We are Derivco Systems SL of Av Josep Tarradellas Num.123 P.9 08029 – Barcelona, Spain (“Derivco”, “We”). We are committed to being fully compliant with all applicable data protection legislation, namely the General Data Protection Regulation (GDPR) as applied in respect of personal data, and the Organic Law 3/2018, of December 5, 2018, on Data Protection and the Safeguard of Digital Rights, as well to safeguarding the rights and freedoms of natural persons whose information we collect.

This Website Privacy Notice is broken down into segments that cover specific areas. Below are the categories covered. Please scroll down to read the whole notice in detail. Please also use the Glossary to understand the meaning of some of the terms used in this Website Privacy Notice.

1. Important information and who we are
2. Personal data we collect, and how we use your personal data
3. Disclosures of your personal data
4. International transfers
5. Data security
6. Data retention
7. Your legal rights
8. Glossary

1. Important information and who we are

Purpose of this Website Privacy Notice

This Website Privacy Notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our vacancy notifications.

This website is only intended for adults over the age of 18, and we do not knowingly collect data from anyone under this age.

It is important that you read this Website Privacy Notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. This privacy notice supplements the other notices and is not intended to override them.

Controller

We are the Controller of all personal data relating to our personnel and personal data used in our business for our own commercial purpose.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Website Privacy Notice. If you have any questions about this Website Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact details

The Data Protection Officer

DPO@localhost

Carrer Badajoz, 145 – 4◦, Barcelona, Spain.

You have the right to make a complaint at any time to the relevant Information Commissioner, the Spanish Supervisory Authority for data protection issues (https://www.aepd.es/es). We would, however, appreciate the chance to deal with your concerns before you approach the above mentioned so, please contact us in the first instance.

Changes to the Website Privacy Notice and your duty to inform us of changes

This version was last updated on 19 July 2022.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

2. Personal data we collect, and how we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

·       Where we need to perform the contract, we are about to enter into, or have entered into, with you.

·       Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

·       Where you have given, us consent to use your data.

·       Where we need to comply with a legal or regulatory obligation.

These are explained further in section 8 (Glossary) below.

Purposes for which we will use your personal data

We have set out below a description of how we plan to use your personal data, and which of the legal basis we rely on to do so.

Career Opportunities

What information does the company collect and how?

Derivco collects a range of information about you, in order to take steps prior to entering into a contract with you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • any personal data you have included in your curriculum vitae (CV) for example, date of birth and marital status;
  • details of your qualifications, skills, experience, and employment history;
  • information from interviews and phone-screenings you may have;
  • information about your current level of remuneration, including benefit entitlements; and
  • information about your entitlement for employment.

We may collect this information in a variety of ways. For example, data might be contained in application forms or CVs (including when these are sent to us through this website, or from Employment Agencies, as part of speculative applications, referrals, or queries), obtained from your passport or other identity documents, or collected through interviews or other methods of assessment.

However, when Derivco does not collect your personal data directly from you, we shall comply with information requirements as provided under Article 14 of the GDPR (EU) 2018.

We may also collect personal data about you by requesting references from your former employers. We will seek information from third parties only once a job offer has been made to you.

Data will be stored in a range of different places, including on your application record, in our HR management systems and our email system.

We use Workday to process your job application. Workday may collect data on the usage of their site or require the use of cookies as per their Privacy Policy (https://www.workday.com/en-us/privacy.html).

Why do we process the data?

Derivco has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

In some cases, we need to process data to ensure that we are complying with our legal obligations. We are required to check a successful applicant’s eligibility to work before employment starts. We are required to ensure that applicant’s personal data is appropriately retained, whether or not they are successful in their employment application.

We will not use your data for any purpose other than the recruitment process of which you are a part and as part of the onboarding process if you are successful in your application.

Who has access to data?

Your information may be shared for the purposes of the recruitment process. This includes sharing internally with members of the HR team, interviewers involved in the recruitment process, and managers in the business area with a vacancy. The sharing of your data externally may be with approved third-party data processors, for example, recruitment specialists, if their access to your data is necessary for the recruitment process at Derivco.

We will not share your personal data with other third parties unless your application for employment is successful and we make you an offer of employment. We will then share only what is necessary of your personal data with former employers to obtain references for you, and with employment background check providers to obtain necessary background checks, which is necessary to determine the outcome of your employment application with Derivco.

In addition, we may need to share your personal information with a regulator or otherwise to comply with the law.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at DPO@localhost.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

3. Disclosures of your personal data

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

4. International transfers

We may need to transfer your data outside of the European Economic Area (EEA). Further, we may transfer your data to Workday (our HR service provider) which is located in Ireland. Where you are resident in the EEA and we transfer your data outside of the EEA to a third country which the European Commission has not recognised as providing adequate data protection, then the transfer will be done in accordance with applicable data protection legislation and following approved data transfer procedures such as the use of standard contract clauses approved by the European Commission, as offering adequate safeguards with respect to data protection. However, Derivco may transfer your data, in line with the purposes described above, to the Isle of Man, Ireland, Netherlands and South Africa.

5. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at DPO@localhost.

However, with regards to applicant data:

Data Category Description Retention Period
Talent Acquisition/

Recruitment /

Employee Vetting

 This refers to any information in relation with      candidates gathered by the Company, such as first name, last name, curriculum vitae, telephone number, residential address, feedback from interview and professional experience. It also refers to any psychometrical tests done in the process. Recruitment process.

Can be retained for a maximum of 1 year after the candidate joins Derivco.

If a candidate is not selected, Derivco will endeavour to obtain explicit consent to store the personal data. If consent is not given, Derivco will delete/destroy all personal data in this regard.

 

In some circumstances you can ask us to delete your personal data: see the Glossary (Section 8) below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

7. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

·       Request access to your personal data.
·       Request rectification of your personal data.
·       Request erasure of your personal data.
·       Object to processing of your personal data, where our use of personal data is based on the legitimate interest or public interest.
·       Request restriction of processing your personal data.
·       Request the portability of your personal data where our use of personal data is based on the performance of a contract or on consent.
·       Right to withdraw consent, where our use of personal data is based on the consent.

These rights are explained further in section 8 (Glossary) below. If you wish to exercise any of the rights set out above, please email us at DPO@localhost.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances, to which we will advise you accordingly.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

8. Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at DPO@localhost

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Consent means processing your data where you have given a clear indication that you agree to the processing of your personal data.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

Request the portability of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.                  

 

 

 

 

 

 

Política de Privacidad

 

Bienvenido al aviso de privacidad de nuestro sitio web (Aviso de Privacidad del Sitio Web). Somos Derivco Systems SL, con domicilio en Av Josep Tarradellas Num.123 P.9 08029 – Barcelona, España (“Derivco”, “Nosotros”). Estamos comprometidos con el pleno cumplimiento de la legislación aplicable en materia de protección de datos, a saber, el Reglamento General de Protección de Datos (RGPD), en lo que se refiere a datos personales, y la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y Garantía de los Derechos Digitales, así como con la protección de los derechos y libertades de las personas físicas cuyos datos recogemos.

Este Aviso de Privacidad del Sitio Web está dividido en apartados que cubren determinadas áreas. A continuación se indican las categorías cubiertas. Desplácese hacia abajo para leer el aviso en su totalidad. El Glosario le permitirá conocer el significado de algunos de los términos utilizados en el Aviso de Privacidad del Sitio Web.

1. Información importante y quiénes somos
2. Datos personales recogidos y cómo los usamos
3. Comunicación de datos personales
4. Transferencias internacionales
5. Seguridad de los datos
6. Conservación de datos
7. Derechos legales del interesado
8. Glosario


1. Información importante y quiénes somos

Finalidad del Aviso de Privacidad del Sitio Web

El Aviso de Privacidad del Sitio Web tiene por objeto informarle sobre cómo recogemos y tratamos sus datos personales al usar este Sitio Web, incluidos los datos que pueda proporcionar a través del Sitio Web al suscribirse a nuestros avisos de vacantes.

Este Sitio Web está destinado únicamente a mayores de 18 años y no recogemos conscientemente datos de menores.

Es importante que lea el Aviso de Privacidad del Sitio Web, así como cualquier otro aviso de privacidad que podamos realizar en determinadas ocasiones al recoger o tratar datos personales sobre usted, para informarle sobre cómo y por qué utilizamos dichos datos. El presente aviso de privacidad complementa al resto de avisos y no pretende anularlos.

Responsable del Tratamiento

Somos el Responsable del Tratamiento de todos los datos personales de nuestro personal y de los datos personales utilizados en nuestro negocio con fines comerciales.

Hemos designado a un delegado de protección de datos (DPD) que se encarga de supervisar las cuestiones referentes al Aviso de Privacidad del Sitio Web. Si tuviera alguna pregunta sobre el Aviso de Privacidad del Sitio Web, incluida una solicitud de ejercicio de sus derechos legales, contacte con el DPD, cuyos datos se indican a continuación.

Datos de contacto

Delegado de Protección de Datos

DPO@localhost

Carrer Badajoz, 145 – 4◦, Barcelona, España.

Si tuviera cualquier problema relacionado con la protección de datos, tendrá derecho a presentar reclamaciones en cualquier momento ante la autoridad de control competente, en España, la Agencia Española de Protección de Datos, (https://www.aepd.es/es). No obstante, le agradeceríamos que nos brindase la oportunidad de resolver el problema antes de acudir a dicha autoridad, por lo que le rogamos que contacte con nosotros en primer lugar.

Modificaciones del Aviso de Privacidad del Sitio Web y deber del interesado de informar sobre cualquier cambio

Versión actualizada por última vez el 19 de julio de 2022.

Es importante que los datos personales que le conciernen que obran en nuestro poder sean exactos y estén actualizados. Le rogamos que nos mantenga informados sobre cualquier cambio en sus datos personales durante su relación con nosotros.

Enlaces de terceros

El Sitio Web puede incluir enlaces a sitios web, complementos y aplicaciones de terceros. Al hacer clic en esos enlaces o habilitar las conexiones podría permitir la recogida o intercambio de datos por terceros. No ejercemos ningún control sobre los sitios web de terceros y no somos responsables de sus declaraciones de privacidad. Cuando abandone nuestro Sitio Web, le recomendamos que lea el aviso de privacidad de los sitios web que visite.

2. Datos personales recogidos y cómo los usamos

Sólo utilizaremos sus datos personales cuando la ley nos lo permita. Lo más habitual es que utilicemos sus datos personales en las siguientes circunstancias:

·       Cuando necesitemos ejecutar el contrato que vamos a celebrar o hemos celebrado con usted.

·       Cuando sea necesario para nuestros intereses legítimos (o los de un tercero) y sus intereses y derechos fundamentales no prevalezcan sobre esos intereses.

·       Cuando nos haya dado su consentimiento para usar sus datos.

·       Cuando necesitemos cumplir una obligación legal o reglamentaria.

Explicación más detallada en el apartado 8 (Glosario).

Fines para los que usaremos los datos personales

A continuación describimos cómo tenemos previsto utilizar sus datos personales y a qué bases jurídicas nos acogemos.

Oportunidades profesionales

¿Qué datos recopila la empresa y cómo?

Derivco recopila una serie de datos personales para adoptar ciertas medidas antes de la celebración del contrato con usted, incluidos:

  • su nombre, dirección y datos de contacto, incluía dirección de correo electrónico y número de teléfono.
  • los datos personales incluidos en el currículum vítae (CV), por ejemplo, fecha de nacimiento y estado civil.
  • información sobre sus títulos, competencias, experiencia e historial laboral.
  • información de las entrevistas y pruebas telefónicas que, en su caso, realice.
  • información sobre su actual nivel de retribución, incluidas prestaciones a las que pueda tener derecho; e
  • información sobre su derecho al empleo.

La recogida de datos podría efectuarse de distintas formas. Por ejemplo, los datos podrían estar incluidos en formularios de solicitud o CV (incluido el envío de datos a través de este Sitio Web o de Agencias de Colocación, como parte de solicitudes enviadas sin que medie un anuncio de vacantes, referencias o consultas), obtenerse a partir de su pasaporte u otros documentos de identidad o recogerse en entrevistas u otros métodos de evaluación.

No obstante, cuando Derivco no obtenga los datos personales directamente del interesado, deberá cumplir las obligaciones de información previstas en el artículo 14 del RGPD (UE) 2018.

También podríamos obtener datos personales mediante la petición de referencias a antiguos empleadores. Solo solicitaremos información a terceros una vez presentada la oferta de trabajo.

Los datos se almacenarán en distintos lugares, incluidos el expediente de su solicitud, en los sistemas de gestión de RR. HH. y en nuestro sistema de correo electrónico.

Utilizamos Workday para la tramitación de las solicitudes de empleo. Workday podría recoger datos sobre el uso de su Sitio Web o requerir el uso de cookies de acuerdo con lo previsto en su Política de Privacidad (https://www.workday.com/en-us/privacy.html)

¿Por qué tratamos los datos?

Derivco tiene un interés legítimo en el tratamiento de datos personales durante el proceso de selección y para llevar un registro del proceso. El tratamiento de los datos de los solicitantes de empleo nos permite gestionar el proceso de selección, evaluar y confirmar la idoneidad del candidato y decidir a quién ofrecer el puesto de trabajo. También podríamos necesitar tratar los datos de los candidatos a un puesto de trabajo para contestar y defender reclamaciones legales.

En algunos casos, el tratamiento de datos personales es necesario para garantizar el cumplimiento de nuestras obligaciones legales. Estamos obligados a comprobar la idoneidad para trabajar del candidato seleccionado antes del inicio de la relación laboral. Estamos obligados a velar por la adecuada conservación de los datos personales de los candidatos, independientemente de la aceptación, o no, de su solicitud de empleo.

No utilizaremos los datos para ningún fin distinto del proceso de selección en el que participe y como parte del proceso de incorporación, si su solicitud es aceptada.

¿Quién tiene acceso a los datos?

Sus datos podrían ser divulgados a efectos del proceso de selección. Lo que incluye su comunicación, a nivel interno, a miembros del equipo de RR. HH., a los entrevistadores que participen en el proceso de selección y a los gerentes del área de negocio de la vacante. Los datos podrían ser comunicados externamente a encargados del tratamiento autorizados, por ejemplo, especialistas en selección de personal, si necesitasen acceder a dichos datos a efectos del proceso de selección llevado a cabo en Derivco.

Sus datos personales no serán comunicados a otros terceros, a menos que su solicitud de empleo sea aceptada y le hagamos una oferta de trabajo. Acto seguido, únicamente compartiremos los datos personales que sea necesario con antiguos empleadores para obtener referencias y con proveedores de verificaciones de experiencia laboral para obtener las verificaciones de experiencia que sea preciso, lo cual es necesario para determinar el resultado de su solicitud de empleo en Derivco.

Por otro lado, existe la posibilidad de que tengamos que facilitar sus datos personales a autoridades reguladoras o de otra naturaleza para cumplir la ley.

Cambio de fines

Sólo utilizaremos los datos personales para los fines para los que han sido recogidos, a menos que consideremos razonablemente que necesitamos utilizarlos para otro motivo y éste sea compatible con el fin original. Si desea obtener una explicación sobre cómo es compatible con el fin original el tratamiento para el nuevo fin, póngase en contacto con nosotros a través de DPO@localhost.

Si necesitásemos utilizar los datos personales para un fin distinto, le avisaremos y le explicaremos la base jurídica que nos permite hacerlo.

Recuerde que podríamos tratar datos personales sin el conocimiento o consentimiento del interesado, de conformidad con las normas anteriores o cuando así lo exija o permita la ley.

3. Comunicación de datos personales

Exigimos a todos los terceros que respeten la seguridad de los datos personales y los traten de acuerdo con la ley.

4. Transferencias internacionales

Es posible que necesitemos transferir los datos fuera del Espacio Económico Europeo (EEE). Por otro lado, los datos podrían ser transferidos a Workday (el proveedor de servicios de RR. HH. de Derivco), con sede en Irlanda. Si reside en el EEE y Derivco transfiriese sus datos fuera del EEE a un tercer país que según la Comisión Europea no ofrece un nivel de protección de datos adecuado, la transferencia se realizará de conformidad con la legislación aplicable en materia de protección de datos y siguiendo los procedimientos de transferencia de datos aprobados, como el uso de cláusulas contractuales tipo aprobadas por la Comisión Europea, por ofrecer garantías adecuadas con respecto a la protección de datos. No obstante, Derivco podría transferir sus datos, en línea con los fines señalados anteriormente, a la Isla de Man, Irlanda, Países Bajos y Sudáfrica.

5. Seguridad de datos

Hemos establecido medidas de seguridad adecuadas para impedir la pérdida, uso o alteración accidental de datos personales o la comunicación o acceso no autorizados a dichos datos. Asimismo, limitaremos el acceso a los datos personales a aquellos empleados, agentes, contratistas y demás terceros que tengan una necesidad comercial de conocerlos. Solo tratarán los datos personales siguiendo nuestras instrucciones y estarán sujetos a una obligación de confidencialidad.

Hemos establecido procedimientos para hacer frente a cualquier presunta de violación de seguridad de los datos personales e informaremos sobre la violación al interesado y a la autoridad reguladora competente cuando estemos legalmente obligados a ello.

6. Conservación de datos

Solo conservaremos los datos personales durante el tiempo necesario para satisfacer los fines para los que han sido recogidos, incluido el cumplimiento de obligaciones legales, contables o de información.

Para determinar el periodo de conservación adecuado de los datos personales, tenemos en cuenta la cantidad, naturaleza y sensibilidad de los datos, el potencial riesgo de daños derivado del uso o la comunicación no autorizados de los datos personales, los fines del tratamiento de los datos personales y si es posible lograr esos fines por otros medios, así como las obligaciones legales aplicables.

Los detalles de los periodos de conservación de los diferentes aspectos de los datos personales aparecen recogidos en la política de conservación de Derivco, que puede solicitar a través de la dirección DPO@localhost.

No obstante, por lo que respecta a los datos de los candidatos:

Categoría de Datos Descripción Período de Conservación
Adquisición de Talento /Selección de personal /Proceso de Evaluación de Empleados Información sobre candidatos recogida por Derivco como, por ejemplo, nombre, apellidos, CV, número de teléfono, domicilio particular, comentarios procedentes de entrevistas y experiencia profesional. Se refiere asimismo a pruebas psicométricas realizadas en el marco del proceso. Proceso de selección de personal.

Pueden ser conservados durante un máximo de 1 año tras la incorporación del candidato a Derivco.

Si el candidato no es seleccionado, Derivco intentará obtener su consentimiento expreso para almacenar sus datos personales. De no concederse el consentimiento, Derivco suprimirá / destruirá todos los datos personales pertinentes.

En determinadas circunstancias, el interesado puede solicitar la supresión de sus datos personales. Véase el Glosario (Apartado 8) para obtener más información.

En determinados supuestos podríamos anonimizar los datos personales (de forma que no puedan asociarse con el interesado) con fines estadísticos o de investigación, en cuyo caso podremos utilizarlos sin necesidad de avisarle.

7. Derechos legales del interesado

En determinadas circunstancias, en virtud de la normativa en materia de protección de datos le asisten una serie de derechos con respecto a sus datos personales:

·       A solicitar el acceso a sus datos personales.
·       A solicitar la rectificación de sus datos personales.
·       A solicitar la supresión de sus datos personales.
·       A oponerse al tratamiento de sus datos personales, cuando el uso de sus datos personales por Derivco esté basado en el interés legítimo o el interés público.
·       A solicitar la limitación del tratamiento de sus datos personales.
·       A solicitar la portabilidad de sus datos personales cuando el uso de sus datos personales por Derivco esté basado en la ejecución de un contrato o en el consentimiento.
·       Derecho a retirar su consentimiento, cuando el uso de los datos personales esté basado en el consentimiento.

Estos derechos se explican más detalladamente en el apartado 8 (Glosario). Si desea hacer ejercicio de cualquiera de los derechos expuestos anteriormente, envíe un correo electrónico a DPO@localhost

Gratuidad, en general

El acceso a sus datos personales (o el ejercicio de cualquiera del resto de derechos) es gratuito, no obstante, podríamos cobrar un cargo razonable si la solicitud es claramente injustificada, reiterada o excesiva. Por otro lado, podríamos negarnos a atender su solicitud en tales circunstancias y así se lo comunicaremos.

Qué podríamos necesitar de usted

Es posible que necesitemos solicitarle determinados datos para poder confirmar su identidad y garantizar su derecho de acceso a los datos personales (o a ejercer cualquiera de sus demás derechos). Se trata de una medida de seguridad para impedir la comunicación de sus datos personales a cualquiera que no tenga derecho a recibirlos. También podríamos ponernos en contacto con usted para pedirle información adicional sobre su solicitud, con la finalidad de agilizar nuestra respuesta.

Plazo de respuesta

Intentaremos responder a todas las solicitudes legítimas en el plazo de un mes. Ocasionalmente podríamos tardar más de un mes si la solicitud es particularmente complicada, o si hubiera realizado varias solicitudes. En tal caso, se lo comunicaremos y le mantendremos informado.

8. Glosario

FUNDAMENTO JURÍDICO

Por Interés Legítimo se entiende el interés de la empresa en dirigir y gestionar su negocio de forma que sea posible ofrecer el mejor servicio/producto y la experiencia más adecuada y segura.  Nos aseguramos de considerar y sopesar el posible impacto (tanto positivo como negativo) sobre el interesado y sus derechos antes de tratar sus datos personales para nuestros intereses legítimos. No utilizamos sus datos personales para actividades en las que impacto en el interesado prevalezca sobre nuestros intereses (a menos que contemos con su consentimiento o así lo exija o autorice la ley). Para obtener más información sobre cómo evaluamos nuestros intereses legítimos frente al posible impacto sobre el interesado en relación con determinadas actividades, contacte con nosotros en DPO@localhost

Ejecución de Contrato significa el tratamiento de datos necesario para la ejecución de un contrato del que el interesado es parte o para adoptar medidas a petición del interesado antes de celebrar dicho contrato.

Consentimiento significa la manifestación clara por parte del interesado de que acepta el tratamiento de datos personales que le conciernen.

Cumplimiento de obligaciones legales o reglamentarias significa el tratamiento de datos personales necesario a efectos del cumplimiento de una obligación legal o reglamentario a la que está sujeta Derivco.

DERECHOS LEGALES DEL INTERESADO

El interesado tiene derecho a:

Solicitar acceso a sus datos personales (conocido normalmente como “solicitud de acceso del interesado”). Podrá obtener una copia de los datos personales objeto de tratamiento y comprobar que dicho tratamiento es lícito.

Solicitar la rectificación de los datos personales que tenemos sobre usted. De este modo podrá obtener la corrección de cualquier dato o información incompleto o inexacto que le concierna, aunque podríamos necesitar verificar la exactitud del nuevo dato personal que nos facilita.

Solicitar la supresión de sus datos personales. Podrá solicitar a Derivco la eliminación o supresión de sus datos personales cuando carezca de motivos legítimos para seguir tratándolos. También tendrá derecho a solicitar la supresión de sus datos personales cuando haga ejercicio con éxito de su derecho de oposición al tratamiento (véase más adelante), si hubiésemos tratado sus datos personales de forma ilícita o si estuviésemos obligados a suprimir sus datos para cumplir la legislación local. No obstante, no siempre podremos atender una solicitud de supresión, por motivos legales específicos que le serán comunicados, si procede, en el momento de la solicitud.

Oponerse al tratamiento de sus datos personales cuando nos basemos en un interés legítimo (o en los de un tercero) y por motivos relacionados con su situación particular desee oponerse al tratamiento por entender que afecta a sus derechos y libertades fundamentales. También tendrá derecho a oponerse cuando el tratamiento de datos personales tenga por objeto la mercadotecnia directa. En algunos casos, podríamos demostrar que tenemos motivos legítimos imperiosos para tratar sus datos que prevalecen sobre sus derechos y libertades.

Solicitar la limitación del tratamiento de sus datos personales. Podrá solicitar la suspensión del tratamiento de sus datos en los siguientes supuestos: (a)  si desea que verifiquemos la exactitud de dichos datos; (b) si el tratamiento de los datos es ilícito, pero no desea que los suprimamos; (c) si Derivco ya no necesita los datos personales para los fines del tratamiento, pero usted los necesita para la formulación, el ejercicio o la defensa de reclamaciones; o (d) si se ha opuesto a que utilicemos sus datos personales, pero necesitamos verificar si tenemos motivos legítimos imperiosos para utilizarlos.

Solicitar la portabilidad de sus datos personales a usted o a un tercero. Le proporcionaremos a usted, o al tercero que designe, sus datos personales en un formato estructurado, de uso común y de lectura mecánica. Este derecho únicamente resulta de aplicación a información automatizada cuyo tratamiento esté basado en el consentimiento o cuando los utilicemos para ejecutar un contrato celebrado con usted.

Retirar el consentimiento en cualquier momento en aquellos supuestos en los que nos basemos en su consentimiento para poder tratar sus datos personales. La retirada del consentimiento no afectará a la licitud del tratamiento basada en el consentimiento previo a su retirada. Si retira su consentimiento, existe la posibilidad de que no podamos suministrarle determinados productos o servicios. Si así fuera, se lo comunicaremos cuando retire el consentimiento.

 

Cookie Policy

 

Welcome to our cookie privacy notice (Cookie Privacy Notice). We are Derivco Systems SL of Av Josep Tarradellas Num.123 P.908029 – Barcelona, Spain (“Derivco”, “We”). We are committed to being fully compliant with all applicable data protection legislation, namely the General Data Protection Regulation (GDPR) as applied in respect of personal data, and the Organic Law 3/2018, of December 5, 2018, on Data Protection and the Safeguard of Digital Rights, as well to safeguarding the rights and freedoms of natural persons whose information we collect.

Use of cookies and web beacons

Cookies are small files that websites save to your hard disk or to your browser’s memory. The cookies used on our Site are listed below.

You have the ability to accept or decline cookies. Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your computer. If you choose to decline cookies, you may not be able to fully experience the features of our Site or other websites that you visit.

We will be making use of cookies on our Site. We will use both session and persistent cookies. These will be used to authenticate users and prevent fraudulent use of user accounts. We also use analytics cookies to track information on how the Site is used so that we can make improvements. We may also use analytics cookies to test new advertisements, pages, features or new functionality of the Site to see how our users react to them. Finally, we may use various third-party cookies to report usage statistics of the Site and deliver advertisements on and through the Site, including:

·       Sitecore
·       Conversion Tracking
·       Social Media Tools

Cookie Purpose/Content Expiry
seen-cookie-message Used to store a user’s viewing of privacy policy message. If a user has seen this message, a value of ‘yes’ is stored so the message is not displayed again. Message appears again after cookie expires.  14 days

 

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use, or disclosure. For example, we store the personal data you provide on computer systems with limited access that are located in facilities to which access is limited.

How can you opt-out?

Kindly take note that Cookies you have accepted, are persisted on your hard disk or to your browser’s memory. Should you wish to remove these Cookies, you have the option to remove them from your hard disk or to your browser’s memory, via your browser settings or the system settings of your relevant operating system. Please note that should you remove the Cookies and return to our website; you will be prompted again to either accept or decline the Cookies.

 

 

Política de Cookies

 

Bienvenido a la política de cookies (Política de Cookies). Somos Derivco Systems SL, con domicilio en Av. Josep Tarradellas Num.123 P.908029 08029 – Barcelona, España (“Derivco”, “Nosotros”). Estamos comprometidos con el pleno cumplimiento de la legislación aplicable en materia de protección de datos, a saber, el Reglamento General de Protección de Datos (RGPD), en lo que se refiere a datos personales, y la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y Garantía de los Derechos Digitales, así como con la protección de los derechos y libertades de las personas físicas cuyos datos recogemos.

Uso de cookies y balizas web

Las cookies son pequeños archivos que los sitios web guardan en el disco duro o en la memoria del navegador del usuario. Indicamos a continuación las cookies que se utilizan en nuestro Sitio Web.

Tendrá la posibilidad de aceptar o rechazar las cookies. La mayoría de los navegadores de Internet aceptan automáticamente las cookies, pero, por lo general, es posible modificar la configuración del navegador para que rechace las cookies o para que le avise cuando se instalen en el ordenador. Si opta por rechazar las cookies, es posible que no pueda disfrutar plenamente de las características de nuestro Sitio o de otros sitios web que visite.

Utilizaremos cookies en nuestro Sitio. Utilizaremos cookies de sesión y persistentes para autenticar a los usuarios e impedir el uso fraudulento de cuentas de usuario. También utilizaremos cookies analíticas para hacer un seguimiento de cómo es utilizado el Sitio, al objeto de poder introducir mejoras. Podríamos utilizar igualmente cookies analíticas para probar nuevos anuncios, páginas, características o nuevas funcionalidades del Sitio para saber cómo reaccionan los usuarios. Por último, podríamos utilizar cookies de terceros para comunicar estadísticas de uso del Sitio y ofrecer anuncios en el Sitio, incluidas:

·       Sitecore
·       Seguimiento de conversiones
·       Herramientas de redes sociales

Cookies Objeto/Contenido Vencimiento
seen-cookie-message Almacenar la visualización por el usuario del mensaje de la política de privacidad.  Si el usuario ha visto dicho mensaje, se almacena el valor “sí” para no volver a mostrar el mensaje.  El mensaje aparece de nuevo cuando caduca la validez de la cookie. 14 días

 

Estamos comprometidos con la protección de la seguridad de sus datos personales. Utilizamos distintos procedimientos y tecnologías de seguridad para impedir el acceso, uso o comunicación no autorizados de los datos personales. Por ejemplo, almacenamos los datos personales facilitados en sistemas informáticos de acceso limitado ubicados en instalaciones de acceso restringido.

¿Cómo puedo rechazarlas?

Tenga en cuenta que las Cookies aceptadas permanecen en su disco duro o en la memoria del navegador. Si desea eliminar dichas Cookies, podrá eliminarlas del disco duro o de la memoria del navegador a través de la configuración del navegador o de la configuración del sistema del sistema operativo. Si elimina las Cookies y vuelve a nuestro sitio web, se le preguntará de nuevo si acepta o rechaza las Cookies.
Derivco Sweden

Privacy and Cookie Policy

Welcome to our website privacy notice (Website Privacy Notice).  We are Derivco Sweden AB of Sveavägen 24-26, 111 57 Stockholm, Sweden (“Derivco”). We are committed to being fully compliant with all applicable data protection legislation and the General Data Protection Regulation (GDPR) as applied in respect of personal data, as well to safeguarding the rights and freedoms of natural persons whose information we collect.

This Website Privacy Notice is broken down into segments that cover specific areas, below are the categories covered, please scroll down to read the whole notice in detail. Please also use the Glossary to understand the meaning of some of the terms used in this Website Privacy Notice.

  1. Important information and who we are
  2. Personal data we collect, and how we use your personal data
  3. Disclosures of your personal data
  4. International transfers
  5. Data security
  6. Data retention
  7. Your legal rights
  8. Glossary
  1. Important information and who we are

Purpose of this Website Privacy Notice

This Website Privacy Notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our vacancy notifications.

This website is only intended for adults over the age of 18, and we do not knowingly collect data from anyone under this age.

It is important that you read this Website Privacy Notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data.  This privacy notice supplements the other notices and is not intended to override them.

Controller

We are the Controller of all personal data relating to our personnel and personal data used in our business for our own commercial purpose.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Website Privacy Notice.  If you have any questions about this Website Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact details

The Data Protection Officer

DPO@localhost

Sveavägen 24-26, 111 57 Stockholm, Sweden

You have the right to make a complaint at any time to the relevant Information Commissioner, the Swedish Data Protection Authority for data protection issues (https://www.datainspektionen.se/).  We would, however, appreciate the chance to deal with your concerns before you approach the above mentioned so please contact us in the first instance.

Changes to the Website Privacy Notice and your duty to inform us of changes

This version was last updated on 21 June 2022

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice of every website you visit.

  1. Personal data we collect, and how we use your personal data

We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract, we are about to enter into, or have entered into, with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have given us consent to use your data
  • Where we need to comply with a legal or regulatory obligation.

These are explained further in section 8 (Glossary) below.

Purposes for which we will use your personal data

We have set out below a description of how we plan to use your personal data, and which of the legal basis we rely on to do so.

  1. Use of cookies and web beacons

Cookies are small files that websites save to your hard disk or to your browser’s memory. The cookies used on our Site are listed below.
You have the ability to accept or decline cookies. Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your computer. If you choose to decline cookies, you may not be able to fully experience the features of our Site or other websites that you visit.
We will be making use of cookies on our Site. We will use both session and persistent cookies. These will be used to authenticate users and prevent fraudulent use of user accounts. We also use analytics cookies to track information on how the Site is used so that we can make improvements. We may also use analytics cookies to test new advertisements, pages, features or new functionality of the Site to see how our users react to them. Finally, we may use various third-party cookies to report usage statistics of the Site and deliver advertisements on and through the Site, including:

  • Sitecore
  • Conversion Tracking
  • Social Media Tools
Cookie Purpose/Content Expiry
seen-cookie-message Used to store a user’s viewing of privacy policy message. If a user has seen this message, a value of ‘yes’ is stored so the message is not displayed again. Message appears again after cookie expires.  14 days

 

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use, or disclosure. For example, we store the personal data you provide on computer systems with limited access that are located in facilities to which access is limited.

We process your personal data based on your consent. You can always withdraw your consent by changing your web browser’s settings to automatically deny the storage of cookies or to inform you when a website wants to store cookies on your computer. Previously stored cookies can also be deleted through the web browser.

  1. Career Opportunities

What information does the company collect and how?

Derivco collects a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • passport details and/or other identity documents;
  • any personal data you have included in your curriculum vitae (CV) for example date of birth, marital status etc.;
  • details of your qualifications, skills, experience and employment history;
  • information from interviews and phone-screenings you may have;
  • information about your current level of remuneration, including benefit entitlements; and
  • information about your entitlement for employment;

We may collect this information in a variety of ways. For example, data might be contained in application forms or CVs (including when these are sent to us through this website, or from Employment Agencies, as part of speculative applications, referrals, or queries), obtained from your passport or other identity documents, or collected through interviews or other methods of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer has been made to you.

Data will be stored in a range of different places, including on your application record, in our HR management systems and our email system.

We use Workday to process your job application, for this processing Workday is our processor and processes your data on our behalf. Workday may collect data on the usage of their site as controllers as per their Privacy Policy (https://www.workday.com/en-us/privacy.html).

Why do we process the data?

Derivco has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims. Information regarding your personal identification number is processed in order to guarantee a secure identification.

We may also process your data to ensure that we are complying with legal obligations.

We will not use your data for any purpose other than the recruitment process of which you are a part and as part of the onboarding process if you are successful in your application.

Who has access to data?

Your information may be shared for the purposes of the recruitment process. This includes sharing with members of the HR team, interviewers involved in the recruitment process, and managers in the business area with a vacancy. The sharing of your data may be with recruitment specialists within approved third parties if their access to your data is necessary for the recruitment process at Derivco.

We will not share your personal data with other third parties unless your application for employment is successful and we make you an offer of employment. We will then share only what is necessary of your personal data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

In addition, we may need to share your personal information in other cases if required to do so by law.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at DPO@localhost.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. Disclosures of your personal data

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

  1. International transfers

We may need to transfer your data outside of the European Economic Area (EEA), for example we may transfer your data to Workday (our HR service provider) which is located in Ireland. Where you are resident in the EEA and we transfer your data outside of the EEA to a third country which the European Commission has not recognised as providing adequate data protection, then the transfer will be done in accordance with applicable data protection legislation and following approved data transfer procedures such as the use of standard contract clauses approved by the European Commission, as offering adequate safeguards with respect to data protection. If you would like further information regarding the transfer of your personal data outside the EU/EEA please contract us, see contact details above.

  1. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.  In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

In some circumstances you can ask us to delete your personal data: see the Glossary below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

  1. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

These rights are explained further in section 8 (Glossary) below.  If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month.  Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.

  1. Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.  We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.  We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).  You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Consent means processing your data where you have given a clear indication that you agree to the processing of your personal data.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”).  This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you.  This enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.

Request erasure of your personal data.  This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal information unlawfully or where we are required to erase your personal data to comply with local law.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.  You also have the right to object where we are processing your personal data for direct marketing purposes.  In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data.  This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party.  We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data.  However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain products or services to you.  We will advise you if this is the case at the time you withdraw your consent.