Recruitment Privacy Policy
Last updated: June 1, 2023
1. About this Policy
1.1 At SSENSE ("SSENSE", "us", "we", or "our"), we respect your privacy and we want to be transparent about the types of Personal Data (as defined below) we collect about you and how we use it. This Recruitment Privacy Policy ("Policy") explains how we collect, share and use any information that, alone or in combination with other information, in relation to individuals ("Personal Data") who apply for a job on our website ("Applicants", "you" and "your").
1.2 This Policy sets out the rights that you have in relation to the Personal Data that we process about you and how you can exercise them. This Policy also describes the measures we implement to protect your Personal Data.
1.3 The recruitment process on this website is managed by SSENSE headquartered at 333 Chabanel Street W #900, Montreal QC, H2N 2E7, Canada, who is the data controller for the Applicant's Personal Data. As a data controller, SSENSE is responsible for ensuring that the processing of Personal Data complies with applicable data protection law, including the UK GDPR as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
1.4 Please take the time to read this Policy carefully. If you have any questions or comments, please contact us as described in the "How to contact us" section below
2. What Personal Data does SSENSE collect and why?
2.1 When you apply for a position at SSENSE, we may collect the following types of Personal Data about you, which we will process for the purposes described below:
| Types of Personal Data | Why we collect it | Legal basis | Retention period |
|
Name Surname E-mail address Home address Phone number Curriculum Vitae ("CV") Information about whether you are legally authorized to work in the UK City, State, Country Education details Work History |
To enable you to contact us or enable us to respond and provide feedback in the context of recruitment; To evaluate and select job applicants including for example setting up and conducting interviews; To evaluate and assess the results thereto and as is otherwise needed in the recruitment process including the final recruitment; To communicate with you during the recruitment process. |
Our legitimate interest to carry out recruitment and to manage the hiring process and our legal obligations to collect work information. |
One (1) year following our last contact with you and if you are successful, this information will be transferred to your personnel file. |
|
Name Surname Email address Phone Number CV Information about whether the Applicant is legally authorized to work in the UK City, State and Country of location |
To put in place necessary arrangements for future employment | Contractual necessity and our legal obligations to collect work information. |
One (1) year following our last contact with you and if you are successful, this information will be transferred to your personnel file. |
| Bank account details | To reimburse any expenses incurred by you during the recruitment process (e.g. traveling). | Our legitimate interest to facilitate the recruitment process for all Applicants and your legitimate interest to obtain reimbursement for any expenses incurred during recruitment process | For the time needed to process the reimbursement and then this data is deleted |
|
Name, Surname Email address Phone Number CV Information about whether the Applicant is legally authorized to work in the UK City, State and Country of location |
To generally manage and improve our recruitment and hiring process. | Our legitimate interest to manage and improve our hiring process. | One (1) year following our last contact with you |
| Where applicable, disability information | To provide reasonable adjustments throughout the hiring process. | To comply with our legal obligations under equalities legislation. | For six (6) months following our last contact with you. |
2.2 We may collect information regarding your gender, racial or ethnic origin and sexual orientation in order to ensure that our candidates are representative of the population, to the extent permitted by applicable laws. In the UK, we will collect this data on the basis of your explicit consent. We may also have knowledge of some sensitive data (e.g. religion) if you voluntarily provide it to us in your CV.
2.3 If we ask you to provide any other Personal Data not described above, then the Personal Data we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect that Personal Data.
3. Cookies and other tracking technology
3.1 We may also collect certain information automatically from your device. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers (IMEI number), browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.
3.2 Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.
3.3 Some of this information may be collected using cookies and similar tracking technology, as explained further in our Cookie Policy which is available here.
4. Who does SSENSE share your Personal Data with?
4.1 We may disclose your Personal Data to the following categories of recipients:
(a) to our group companies for purposes consistent with this Policy. We take precautions to allow access to your Personal Data only to those of our employees who have a legitimate business need for access and with a contractual prohibition of using the Personal Data for any other purpose. Our group companies include: Atallah Group Inc., Atallah Group Limited, Atallah Hong Kong Limited, Atallah Group US Inc., GAI Services PTY Limited, Atallah International Inc., Atallah Group EU SRL;
(b) to our third party vendors, services providers and partners who provide data processing services to us, or who otherwise process Personal Data for purposes that are described in this Policy or notified to you when we collect your Personal Data. This may include disclosures to third party vendors and other service providers we use in connection with the services they provide to us, including to support us in areas such as managing résumé/CV information, IT platform management or support services, infrastructure and application services, data analytics. Our third party vendors, services providers and partners include: Sterling Backcheck, PwC, SmartRecruiters;
(c) to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
(d) to our auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Data for any other purpose;
(e) to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Data only for the purposes disclosed in this Policy;
(f) to any other person if you have provided your prior consent to the disclosure.
5. How we protect your privacy
5.1 We will process Personal Data in accordance with the following principles:
(a) Fairness: We will process Personal Data fairly. This means that we are transparent about how we process Personal Data and that we will process it in accordance with applicable law;
(b) Lawfulness: We will process Personal Data only on lawful grounds;
(c) Purpose limitation: We will process Personal Data for specified explicit and legitimate purposes, and will not process it in a manner that is incompatible with those purposes, unless permitted by applicable data protection laws;
(d) Data minimization: We will process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed;
(e) Data accuracy: We take appropriate measures to ensure that the Personal Data that we hold about you is accurate, complete and, where necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Data is kept as accurate, complete and current as possible by informing us promptly of any changes or errors. You should notify us of any changes to the Personal Data that we hold about you (e.g. a change of address);
(f) Data security: We use appropriate technical and organisational measures to protect the Personal Data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. In particular, all data is protected according to the varying levels of risks through physical measures, such as secure areas, technical measures, such as encryption, and organisational measures such as employee security through vetting and supervision;
(g) Limited Retention: We keep your Personal Data in a form that allows us to identify you for as long as necessary to achieve the purposes for which we are processing your data and do not store your data for longer, unless we must comply with applicable laws.
6. Data storage, retention and deletion
6.1 The Personal Data we collect from you is stored in our servers located in the United States.
6.2 We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
6.3 When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
6.4 If you are not retained following the recruitment process, SSENSE will keep your application form on file for future job openings no longer than one year. If you are successful and offered a job at SSENSE, your Personal Data will be used to complete your hiring process by our HR department.
6.5 For more details about the periods of retention of your Personal Data, please refer to the table above.
7. Transfers of Personal Data outside the United Kingdom
7.1 Your Personal Data may be transferred to, and processed in, countries other outside the United Kingdom, which includes Canada (where we are established). These countries may have data protection laws that are different to the laws of the U.K.
7.2 Specifically, our Website servers are located in the United States, and our group companies and third party service providers and partners operate around the world. This means that when we collect your Personal Data we may process it in any of these countries.
7.3 However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Policy.
7.4 When transferring your personal data to Canada, we rely on the UK's adequacy regulation with Canada (where applicable) and otherwise we rely on the International Data Transfer Agreement (IDTA) that was issued by the Information Commissioner's Office. .
7.5 When transferring your Personal Data to other entities of the SSENSE group or to third party service providers who are located in the United States or other third countries, we rely on the ICO’s International Data Transfer Agreement (IDTA).
7.5 The IDTA may be amended or replaced from time to time and at such time as it is amended or replaced in relation to data protected under the UK GDPR, we will amend our data transfer agreement accordingly.
8 Your data protection rights
8.1 You have the following data protection rights:
(a) You can access, rectify or request erasure of your Personal Data as detailed here below. Please note that deletion requests are subject to certain limitations, for example, we may retain Personal Data as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. The right to access to Personal Data enables you to receive confirmation as to whether or not SSENSE is processing your Personal data and information about that processing, and to receive a copy of your Personal Data. You may also request correction of any of your inaccurate Personal Data, as well as the deletion of your Personal Data.
(b) You can object to the processing of your Personal Data at any time (including profiling) when the processing is based on our legitimate interest. You may also object at any time to the processing of your Personal Data for direct marketing purposes (which includes any profiling to the extent that it is related to such direct marketing).
(c) You may also ask us to restrict (block) the processing of your Personal Data under certain conditions.
When the processing is based on your consent or the performance of your contract with us, you may exercise your right to data portability, which enables you to receive your Personal Data in a structured, commonly used and maching-readable format and have it transmitted to another controller.
(d) If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
(e) If you have a complaint or concern about how we are processing your Personal Data then we will endeavour to address such concern(s). If you feel we have not sufficiently addressed your complaint or concern, you have the right to complain to the Information Commissioner's Office (click here to access to the ICO's website).
8.2 You may exercise any of the rights above at any time by contacting us as described under the “How to contact us” section below. We respond to all requests in accordance with applicable data protection laws.
9. Updates to this Policy
9.1 We may update this Policy from time to time in response to changing legal, technical or business developments. When we update our Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Policy changes if and where this is required by applicable data protection laws.
9.2 You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Policy.
10. How to contact us
10.1 If you wish to access, correct, update or request deletion of your Personal Data, you can do so at any time by using the SSENSE Data Request Form (please click here for the form in English).
10.2 If you have any questions or concerns about this Policy of the way we process your Personal Data, please contact us by phone at +1 877 637 6002 or via email at dataprotection@ssense.com.
10.3 If you wish to contact our Data Protection Officer, you may do so via email at dpo@ssense.com.
10.4 The data controller of UK residents’ personal data is Groupe Atallah, Inc. 333 Chabanel Street W #900, Montreal QC H2N 2E7, Canada.
10.5 To contact our UK representative, please write us by email at: dataprotection@ssense.com or alternatively by postal address at: Atallah Group Ltd, UK Representative (Data Protection), 125 Old Broad Street, 15th floor, London, EC2N 1AR, UK.