Privacy notice
This privacy notice applies to the recruiting-related processing activities conducted by EveryMatrix Group through the use of the software tool offered by TeamTailor.
As part of any recruitment process, EveryMatrix Group (“Controller”, “EM”, “we” “us”) collects and processes personal data relating to job applicants. For these reasons, EM is committed to being transparent about how it collects and processes that data and to meeting its data protection obligations.
The Controller is a group of companies which are incorporated and operate in different jurisdictions around the globe. Therefore, candidates should check EM’s locations worldwide in order to better understand their personal data flow and processing since this would depend on the actual relevant EM’s entity bearing the post a candidate has applied to. EM’s locations can be retrieved as follows:
Our Offices | EveryMatrix
Notwithstanding the foregoing, and without prejudice to HR local teams across the jurisdictions where EM operates, the central HR administration for EM’s group is run in Romania by the following EM’s entity:
EveryMatrix SRL, Nouveau Center, 4th Floor, Lipscani 102 Street, Sector 3, 030039, Bucharest.
As already elucidated above, the recruiting process from EM’s end is carried out through the use of TeamTailor’s software. Teamtailor AB is a Swedish-based company having its a registered office in Östgötagatan 16. SE-116 25 Stockholm.
In order for TeamTailor to provide its services and to fulfil its obligations in accordance with the agreement between TeamTailor and us, candidates’ personal data (as further specified below) will be shared between TeamTailor and EM throughout the lifetime of the said agreement.
TeamTailor’s privacy policy is available at:
Privacy Notice | Teamtailor
What Personal Data will be processed during the recruiting stages?
Candidates’ personal data categories which may be needed have been grouped as per the following breakdown:
i. Identifying:
Information that uniquely or semi-uniquely identifies a candidate (i.e. name, user name, unique identifier, government-issued identification, tax and social security identifiers, picture);
ii. Demographic:
Information that describes a candidate’s characteristics shared with others (e.g. age ranges, income brackets, geographic);
iii. Contact:
Information that provides a mechanism for contacting a candidate (i.e. email address, physical address, telephone number);
iv. Professional:
Information about a candidate’s educational or professional career (i.e. job titles, salary, work history, school attended, еmployee files, employment history, evaluations, memberships, references, interviews, certifications, disciplinary actions), named referees who have provided consent for their contact information and feedback to be shared;
v. Ethnicity:
Information that describes a candidate’s origin (i.e. nationality and languages spoken);
vi. Criminal:
Criminal information about a candidate’s criminal activity (i.e. convictions, charges, pardons);
vii. Family:
Information about a candidate’s family and relationships (i.e. family structure, siblings, offspring, marriages, emergency contacts);
viii. Medical and Health:
Information that describes a candidate’s health, medical conditions or health care (i.e. physical and mental health, drug test results, disabilities);
ix. Location:
Information about a candidate’s location (i.e. country, city, registered address);
x. Financial:
Information that identifies a candidate’s financial account and other financial-related items (i.e. bank account details, salary expectations);
xi. Communication:
Information communicated from or to a candidate (e.g. email, phone calls and chats);
xii. Historical:
Information about a candidate’s personal and professional history.
The personal data EM collects for reference checks is obtained from the following sources:
• Candidates’ application and resume.
• Named referees who have provided consent for their contact information and feedback to be shared.
• Third-party background verification services and social media platform (LinkedIn), if applicable.
EM may be subject to legal obligations regulating the field of employment, or otherwise impacting its operations and working environment; for such purposes, EM may be required to conduct specific assessments concerning candidates’ health, criminal conduct etc. EM reserves the right to conduct or ensure the conduct of these assessments or request any such information when required to fulfil these obligations. Should this be the case, candidates will be informed and guided accordingly by EM in full transparency.
Failure to disclose to or share with EM any of the above candidates’ personal data can lead to consequences in terms of candidates being prevented from entering into an employment relationship with EM.
Each candidate can choose not to disclose his/her personal information by not applying for an existing job application.
What are the legal bases for processing?
1. Candidates’ consent materialises as soon as a candidate decides to submit a job application;
2. EM’s legitimate interest in assessing the suitability of candidates;
3. Legal obligations (when information is required by law, especially labour law)
Notably, candidates can withdraw their consent at any time. However, withdrawal of consent will affect neither the processing of personal data by EM and TeamTailor up to the moment the consent has been withdrawn nor any potential further processing of candidates’ personal data by EM based on the latter’s legitimate interest not overridden by candidates’ rights.
Who candidates’ personal data is shared with?
Besides TeamTailor, the Controller may share candidates’ personal data with:
• Internal personnel involved in the hiring process, including HR personnel and relevant hiring managers;
• Third-party reference check providers;
• Legal and compliance authorities, if required by law;
• EM Group Companies
As specified above, the Controller has a global footprint; therefore candidates’ personal data may be processed in the locations where the Controller has its offices.
Should this be the case, EM makes sure to protect candidates’ personal data through the use of adequate legal means (e.g. for EU/EEA residents, the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council).
Unless we are required to do otherwise by applicable law, candidates’ personal data will not be shared with anyone else.
What is the retention period for candidates’ personal data?
EM will keep candidates’ personal data for two years from the time of a candidate’s application for a role (the “initial processing period”). Once the initial processing period has lapsed, candidates will be notified via email to renew their consent related to EM’s keeping candidates’ personal data. Should a candidate, after being notified, not undertake any action, EM will keep the candidate’s personal data for an additional period of two years (the “further processing period”) after which the candidate’s personal data will be automatically deleted.
Whilst candidates may withdraw at any time their consent to EM processing their personal data by sending an email to dpo@everymatrix.com; for the sake of transparency, EM would like to detail the underlying reasons for retaining candidates’ personal data within the further processing period. Namely, by illustration:
1. Enhanced Talent Pipeline: Creating a valuable talent pool of potential candidates who have previously shown interest in EM. This pool can serve as a reliable resource when new opportunities arise, allowing EM to reach out to qualified individuals who are already familiar with EM.
2. Improved Recruitment Process: Fast access to screened profiles expedites the hiring process, which is crucial for time-sensitive roles.
3. Data-Driven Insights: Historical data allows EM to analyze trends, preferences, and skill sets for a more targeted recruitment strategy and a better work environment.
During EM’s retention of candidates’ personal data, EM may contact a relevant candidate should a future role arise which EM deems the said candidate would be suitable for. Candidates still have the right to request the erasure of their personal data at any time, unless such information is required by us to comply with legal obligations or to exercise or defend our rights at law.
What is the security employed to protect candidates’ personal data?
We are an ISO 27001-certified organization and prioritize personal integrity and therefore work actively so that the personal data of the candidates is processed with utmost care. We take the measures that can be reasonably expected to make sure that the personal data of candidates and others are processed safely and in accordance with this privacy notice and the applicable law.
However, transfers of information over the Internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that candidates also take responsibility to ensure that their data is protected. It is the responsibility of the candidates that their login information is kept secret.
What are candidates’ rights with respect to their personal data?
A candidate has the right to:
a. make subject access requests regarding the nature of information held and to whom it has been disclosed;
b. prevent processing likely to cause damage or distress;
c. prevent processing for purposes of direct marketing;
d. be informed about the mechanics of the automated decision-taking process that will significantly affect a candidate;
e. have significant decisions that will affect candidates taken solely by an automated process;
f. sue for compensation if a candidate suffers damage by any contravention of the applicable law;
g. take action to rectify, block, erase, including the right to be forgotten, or destroy inaccurate data;
h. request the supervisory authority to assess whether any provision of applicable law has been contravened;
i. have personal data provided to him/her in a structured, commonly used and machine-readable format, and the right to have that data transmitted to another controller; and
j. object to any automated profiling that is occurring without consent.
A candidate may exercise any of the rights described in this section by sending an email to dpo@everymatrix.com (Please note that we may ask candidates to verify their identity before taking further action on candidates’ request). Additionally, kindly note that TeamTailor offers user-friendly functionalities which enable the candidates to automatically perform requests of erasure, and consent management (by way of illustration); this is possible through Data & Privacy - EveryMatrix (teamtailor.com).
Changes
We have the right to, at any time, make changes or additions to the privacy notice. The latest version of the notice will always be available through the use of TeamTailor’s software.
How to get in touch with EM or EM’s Lead Supervisory Authority for data protection?
For questions, further information about our handling of personal data or for contact with us in other matters, please use the below stated contact details:
i. dpo@everymatrix.com; or
ii. EveryMatrix Software Ltd. (to the attention of the Group DPO), Reg. no: C51832, Address: Piazzetta Business Plaza, Office 12, Level 10, Ghar il – Lembi, Tas-Sliema, Malta (EM Group entity responsible for the administration of legal affairs).
Candidates have the right to lodge any complaint they may have toward EM to EM’s Lead Supervisory Authority for data protection-related matters:
The National Supervisory Authority For Personal Data Processing
(in Romanian 'Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal' or 'ANSPDCP')
28 30 Magheru Blvd
District 1, Bucharest
T +40 318 059 211
F +40 318 059 602
www.dataprotection.ro
