This privacy notice applies to the recruiting-related processing activities conducted by EveryMatrix Group through the use of the software tool offered by TeamTailor.
As part of any recruitment process, EveryMatrix Group (“Controller”, “EM”, “we” “us”) collects and processes personal data relating to job applicants. For these reasons, EM is committed to being transparent about how it collects and processes that data and to meeting its data protection obligations.
The Controller is a group of companies which are incorporated and operate in different jurisdictions around the globe. Therefore, candidates should check EM’s locations worldwide in order to better understand their personal data flow and processing since this would depend on the actual relevant EM’s entity bearing the post a candidate has applied to. EM’s locations can be retrieved as follows:
Our Offices | EveryMatrix
Notwithstanding the foregoing, and without prejudice to HR local teams across the jurisdictions where EM operates, the central HR administration for EM’s group is run in Romania by the following EM’s entity:
EveryMatrix SRL, Nouveau Center, 4th Floor, Lipscani 102 Street, Sector 3, 030039, Bucharest.
As already elucidated above, the recruiting process from EM’s end is carried out through the use of TeamTailor’s software. Teamtailor AB is a Swedish-based company having its a registered office in Östgötagatan 16. SE-116 25 Stockholm.
In order for TeamTailor to provide its services and to fulfil its obligations in accordance with the agreement between TeamTailor and us, candidates’ personal data (as further specified below) will be shared between TeamTailor and EM throughout the lifetime of the said agreement.
Privacy Notice | Teamtailor
What Personal Data will be processed during the recruiting stages?
Candidates’ personal data categories needed have been grouped as per the following breakdown:
Information that uniquely or semi-uniquely identifies a candidate (i.e. name, user name, unique identifier, government-issued identification, tax and social security identifiers, picture);
Information that describes a candidate’s characteristics shared with others (e.g. age ranges, income brackets, geographic);
Information that provides a mechanism for contacting a candidate (i.e. email address, physical address, telephone number);
Information about a candidate’s educational or professional career (i.e. job titles, salary, work history, school attended, еmployee files, employment history, evaluations, memberships, references, interviews, certifications, disciplinary actions);
Information that describes a candidate’s origin (i.e. nationality and languages spoken);
Criminal information about a candidate’s criminal activity (i.e. convictions, charges, pardons);
Information about a candidate’s family and relationships (i.e. family structure, siblings, offspring, marriages, emergency contacts);
viii. Medical and Health:
Information that describes a candidate’s health, medical conditions or health care (i.e. physical and mental health, drug test results, disabilities);
Information about a candidate’s location (i.e. country, city, registered address);
Information that identifies a candidate’s financial account and other financial-related items (i.e. bank account details, salary expectations);
Information communicated from or to a candidate (e.g. email, phone calls and chats);
Information about a candidate’s personal and professional history.
EM may be subject to legal obligations regulating the field of employment, or otherwise impacting its operations and working environment; for such purposes, EM may be required to conduct specific assessments concerning candidates’ health, criminal conduct etc. EM reserves the right to conduct or ensure the conduct of these assessments, or request any such information when required to fulfil these obligations. Should this be the case, candidates will be informed and guided accordingly by EM in full transparency.
Failure to disclose to or share with EM any of the above candidates’ personal data can lead to consequences in terms of candidates being prevented from entering into an employment relationship with EM.
Each candidate can choose not to disclose his/her personal information by not applying for an existing job application.
What are the legal bases for processing?
1. Candidates’ consent materializing as soon as a candidate decides to submit a job application;
2. EM’ s legitimate interest to assess the suitability of candidates;
3. Legal obligations (when information is required by law for certain roles)
Notably, candidates can withdraw their consent at any time. However, withdrawal of consent will affect neither the processing of personal data by EM and TeamTailor up to the moment the consent has been withdrawn nor any potential further processing of candidates’ personal data by EM based on the latter’s legitimate interest not overridden by candidates’ rights.
Who candidates’ personal data is shared with?
Besides TeamTailor, the Controller may share candidates’ personal data within its Group companies.
As specified above, the Controller has a global footprint therefore candidates’ personal data may be processed in the locations where the Controller has its offices.
Should this be the case, EM makes sure to protect candidates’ personal data through the use of adequate legal means (e.g. for EU/EEA residents, the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council).
Unless we are required to do otherwise by applicable law, candidates’ personal data will not be shared with anyone else.
What is the retention period of candidates’ personal data?
EM will keep candidates’ personal data for two years from the time of a candidate’s application for a role, after which your data will be removed from the system. During such a period, EM may contact a relevant candidate should a future role arise which EM deems the said candidate would be suitable for. Candidates still have the right to request the erasure of their personal data at any time, unless such information is required by us to comply with legal obligations or to exercise or defend our rights at law.
What is the security employed to protect candidates’ personal data?
We are an ISO 27001 certified organization and prioritize the personal integrity and therefore works actively so that the personal data of the candidates is processed with utmost care. We take the measures that can be reasonably expected to the make sure that the personal data of candidates and others are processed safely and in accordance to this privacy notice and the applicable law.
However, transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that candidates also take responsibility to ensure that their data is protected. It is the responsibility of the candidates that their login information is kept secret.
What are candidates’ rights with respect to their personal data?
A candidate has the right to:
a. make subject access requests regarding the nature of information held and to whom it has been disclosed;
b. prevent processing likely to cause damage or distress;
c. prevent processing for purposes of direct marketing;
d. be informed about the mechanics of automated decision-taking process that will significantly affect a candidate;
e. have significant decisions that will affect candidates taken solely by automated process;
f. sue for compensation if a candidate suffers damage by any contravention of the applicable law;
g. take action to rectify, block, erased, including the right to be forgotten, or destroy inaccurate data;
h. request the supervisory authority to assess whether any provision of applicable law has been contravened;
i. have personal data provided to him/her in a structured, commonly used and machine-readable format, and the right to have that data transmitted to another controller; and
j. object to any automated profiling that is occurring without consent.
A candidate may exercise any of the rights described in this section by sending an email to firstname.lastname@example.org (Please note that we may ask candidates to verify their identity before taking further action on candidates’ request). Additionally, kindly note that TeamTailor offers user-friendly functionalities which enable the candidates to automatically perform request of erasure, consent management (by way of illustration); this is possible through Data & Privacy - EveryMatrix (teamtailor.com).
We have the right to, at any time, make changes or additions to the privacy notice. The latest version of the notice will always be available through the use of TeamTailor’s software.
How to get in touch with EM or EM’s Lead Supervisory Authority for data protection?
For questions, further information about our handling of personal data or for contact with us in other matters, please use the below-stated contact details:
i. email@example.com; or
ii. EveryMatrix Software Ltd. (to the attention of the Group DPO), Reg. no: C51832, Address: Piazzetta Business Plaza, Office 12, Level 10, Ghar il – Lembi, Tas-Sliema, Malta (EM Group entity responsible for the administration of legal affairs).
Candidates have the right to lodge any complaint they may have toward EM to EM’s Lead Supervisory Authority for data protection-related matters:
The Information and Data Protection Commissioner (“IDPC”), Floor 2, Airways House, Triq Il-Kbira, Tas-Sliema SLM 1549, Malta