Iniala – Candidate Privacy Policy
Introduction
1.1. Iniala Management Ltd (C 63367) located at 9, St Dominic Street, Valletta VLT 1604, Malta, (herein “Iniala”, “we”, ”our” or “us”) is committed to protect and respect your privacy.
1.2. This Privacy Policy (“Policy”) is being provided to you because you are registering as a candidate with us.
1.3. We are the controller of your personal data; this means that we are responsible for deciding how we hold and use personal data about you.
1.4. The Policy sets out the basis on which we will process your personal data namely for the recruitment purposes and how long it will be retained for. This Policy also provides you with certain information that must be provided under the General Data Protection Regulation (EU 2016/679) (GDPR) and local data protection laws. Please read this Policy carefully to understand our practices regarding your personal data and how we will use it.
2. Principles for Processing your Personal Data
2.1. We will comply with data protection laws and principles which means that your data will be:
– Processed lawfully, fairly and in a transparent way.
– Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
– Relevant and adequate to the purposes we have told you about and limited only to those purposes.
– Accurate and kept up to date.
– Maintained only for as long as necessary for the purposes we have told you about, i.e. in relation to the recruitment exercise.
– Kept securely and protected against unauthorised or unlawful processing and against loss or destruction using appropriate technical and organisational measures.
3. Personal Data which is protected
3.1. This Policy aims to provide you with all the information concerning your personal data, specifically what type of personal data is collected and for what purposes.
3.2. We may process personal data and/or special categories of personal data;
– Personal Data: is defined as any information relating to you as an identified or identifiable natural person
– Special Categories of Personal Data: is specific data concerning more sensitive data relating to you as an identified or identifiable person which reveal your racial, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
4. Personal Data we collect from you
4.1. We collect personal data about the candidate from you, or your named references
4.2. We will collect, hold and process the following data about you:
– The data you have provided to us in your curriculum vitae (CV) and personal data contained in your covering letter.
– The data you have provided upon registering with us as a candidate including your name, title, home address, telephone number, personal email address, nationality, identification number and any other data provided by you during interviews in support of the recruitment process.
– Any personal data provided to us about you by your references [if applicable]
4.3. The legal basis on which we process the categories of personal data referred to in 4.2. are referred to in 5.2.
5. How we use your personal Data
5.1. We will use your personal data to:
– Assess your skills, qualifications and suitability for the role
– Carry out background and reference checks, where applicable
– Communicate with you about the recruitment process
– Keep records related to our hiring processes
– Comply with legal or regulatory requirements
5.2. Legal basis on which we may process your personal data
– Consent: We may seek your consent to process your personal data in specific circumstances; or
– Legal Obligation: We may process your personal data where we have a legal or regulatory obligation to adhere to; or
– Legitimate interest: We may process your personal data where it is necessary for the purposes of our legitimate interests as a business, specifically, to ensure that we recruit the best possible candidates.
6. Retention and Storage of your Personal Data
6.1. If you apply for a job with us and your application is unsuccessful or you have decided to withdraw from registering with us, we will retain your information for a year after you submit your application. The reasons why we retain your application for a year include the possibility of future jobs, contractual obligations or if applicable, for future legal claims to ensure that the recruitment exercises was carried out in a fair and transparent manner.
6.2. Your personal data will be stored in electronic means on a specific CV Software System which only authorised personnel have access to.
7. Disclosure of your personal data to Third Party
7.1. We work closely with third parties to provide the best possible service to you. These third parties include recruitment software providers.
7.2. We have processing agreements in place to ensure that the processors handle your personal data responsibly and comply with GDPR obligations and take appropriate security measure to protect your personal data.
7.3. The above mentioned third parties are only permitted to process your personal data for specified purposes and in accordance with our instructions.
7.4. We may also be under the obligation to disclose your personal data to if we are under an obligation to do so. These third parties include but are not limited to the courts, tribunals or any other authority to which we are subject to.
7.5. We do not transmit any data to third countries.
8. Your Rights as a Data Subject
8.1. As a data subject you are entitled to exercise the following rights:
a. Right to access to your personal data. (commonly known as a “data subject access request”). This enables you to request from us confirmation whether or not we are processing personal data that concerns you, to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. We may charge a reasonable fee if your request for access is clearly unfounded or excessive
b. Right to rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
c. Right to erasure of your personal data. You have the right to ask us to delete your personal data but only when permitted by law.
d. Right to Object to processing of your personal data. You shall have the right to object to the processing of your personal data by us when such processing is carried out for the performance of a task for public interest or when processing is necessary for the purposes of a legitimate interest by us or a third. You may not object to the processing in the instances described by law.
e. Right of restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it or while we are considering your objection to processing.
f. Right to withdraw your consent. You have the right to withdraw your consent to this Policy, and the processing practices abovementioned at any time by sending us an email. The right to withdraw your consent is only applicable when the basis of processing your data is carried out on the legal basis of consent.
g. Right of Data Portability. To ask us to provide your personal data (that you shall have provided to us) to you in a structured, commonly used, machine-readable format, or (where technically feasible) to have it ‘ported’ directly to another data controller.
9. Data Security
9.1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our specific instructions, and they are subject to a duty of confidentiality.
10. Changes to this Privacy Policy
10.1. We reserve the right to update this Policy at any time.
10.2. We will notify you via email if we make any changes to this Policy in the future.
11. Contact information
11.1. If you have any questions about this Policy or how we handle your personal data please contact us on hrmalta@iniala.com
11.2. You may also submit a complaint with the Information Data Protection Commissioner (IDPC), the Maltese Supervisory authority for data protection uses by email idpc.info@idpc.org.mt or contact the IDPC via telephone on (+356) 2328 7100