easyHotel Recruitment Privacy Notice
As part of our recruitment processes, easyHotel PLC and it’s group companies including easyHotel UK Limited (“we”, “us”, “our”) collects, stores, and processes personal data about job applicants and prospective candidates (“you”, “your”). We are committed to protecting your privacy and personal data, and are therefore transparent regarding the data we collect, how the data are collected, where the data are stored, and how the data are processed. The following notice details all of the above, setting out our obligations under both the General Data Protection Regulations 2016/679 (“GDPR”) and the Data Protection Act 2018 (“DPA”).
i. THE DATA WE COLLECT
Information We Collect from You
- Basic personal details including but not limited to your name, email address, contact number(s), postal address, and preferred method of contact.
- Availability and work eligibility details including but not limited to your notice period, preferred start date, current and/or future work eligibility status, visa type, and visa expiry date.
- Documents you provide throughout the application process including but not limited to CVs, covering letters, and assessment outputs. These documents may contain information on your employment history, academic qualifications/history, professional training/certifications, skills, and experiences.
- Application details including but not limited to the source of your application, the date/time, the role(s) you applied for, salary history/expectations, and Equal Opportunities statements.
- Records of electronic communications, including but not limited to the content and attachments of emails.
Information We Collect/Generate About You
- Publicly available data including but not limited to your professional social networks (primarily LinkedIn, but also GitHub, Facebook and similar networks.).
- Job application progress including but not limited to the stages you complete of the recruitment process, records of interviews, interview notes/feedback, assessment feedback, rejection stage, rejection reason, and job offer details.
ii. HOW THE DATA ARE COLLECTED
Personal data may come from a combination of any of the following sources:
- Information you provide on application forms, in email and telephone conversations with our representatives, and in job interviews and assessments.
- Information we collect from publicly available sources online.
- Information we generate following your interactions with our staff, systems, and processes.
- Information provided by third parties, such as recruitment agencies, or via referrals or references (references are not sought without your express prior permission, and typically happen at the point of offer).
iii. HOW THE DATA ARE STORED
Personal data provided, collected, generated, or obtained will be shared with Talos, a cloud services recruitment platform, engaged by us to help manage our recruitment and hiring processes.
We take appropriate measures to ensure that all personal data is kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. Within easyHotel, we limit access to your personal data within Talos to those who have a genuine need to access it: the HR Team, the Hiring Manager for the role in question, interviewers/assessment reviewers for the role in question, the Executive Board, and the Director of the team where the role in question sits (note that there may be overlap between the people in those positions). Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of electronically transmitted data. Any transmission therefore remains at your own risk.
iv. HOW THE DATA ARE PROCESSED
Lawful Basis for Processing
Our lawful basis for the collection and processing of your personal data is for taking steps to enter into a contract of, or for, employment or services with you. We rely on legitimate business interest as the lawful basis on which we collect and use your personal data, specifically in the instances of collecting references and running background checks.
Purposes of Processing
We use information held about you in a number of ways, including but not limited to:
- Considering your application in respect of the role for which you have applied.
- Considering your application in respect of other roles at EasyHotel, both at present and in the future (see How Long We Keep Your Personal Data below for more information on our data retention policy).
- Communicating with you in respect of the/any recruitment process/es.
- Enhancing any information that we receive from you with information collected, generated, or obtained throughout our recruitment processes.
- To help us improve the effectiveness and efficiency of our recruitment systems and processes.
Rights of Access, Correction, and Erasure
Under the GDPR, you have a number of important rights, including the right to access the personal data we hold about you, and to request corrections or partial/full erasure. We have taken steps to ensure speedy compliance with any such request.
All personal data held by EasyHotel about you is stored in Talos recruitment system. In the event that an individual explicitly requests access to, or a copy of, the personal data we hold about them we can provide a file which includes personal information (name, email address, postal address, title etc.), application details (the role you applied for, when, via what channel, information submitted on the application form, work eligibility status etc.), recruitment progress (status, stage, interviewers/assessment reviewers, feedback from those dealing with your application, rejection reasons, offer details etc.), and any documents submitted, or subsequently provided or obtained. In the event you make an explicit request to access this data, EasyHotel will generate the above-mentioned data file and share this with you within 30 days of the request.
In order to correct any inaccuracies in your personal data held by EasyHotel, you must make an explicit request to us, clearly indicating which information is in need of amendment, along with the correct information to take its place. EasyHotel will act on personal data correction requests within five working days of receipt, and send a confirmation email to you upon resolution of the issue/s.
In order to request partial or full erasure of your personal data, you must make an explicit request to us. In the event you desire a partial erasure, you must clearly indicate which data points you would like to be erased. If you do not clearly indicate which data points you would like to have erased in a partial erasure, we reserve the right to delete all personal data we hold about/on you. EasyHotel reserves the right to escalate any partial erasure request into a full erasure at our discretion; you will be notified of this outcome via email immediately before the erasure if we opt for the escalation. In the event you desire a full erasure, you must clearly indicate this in your request. EasyHotel will act on partial and full erasure requests within five working days of receipt, however, no confirmation email will be sent following the completion of the request.
Please note that your right to have your personal data erased is not an absolute right, and we reserve the right to refuse such a request, where there is an appropriate legal justification for doing so. For example, we must retain candidate/application data for a period of six months following a rejection notice. You will be notified accordingly in the event we are unable to process your data erasure request.
If, at any point, you would like to make a request for access, correction, or erasure of your personal data held by easyHotel, you should email email@example.com, providing enough information for us to be able to identify you in our system and carry out your request.
How We Process Your Data for Roles Outside of Your Formal Application
From time to time following your initial engagement with our recruitment processes, we may unilaterally decide to consider your application for another role at EasyHotel. This may occur:
- At the time of your original application when, following an initial review of your CV, we conclude you would be better suited to a different opportunity currently vacant at easyHotel.
- At some point after your original application, when we chose to reactive your status as a candidate for a new opportunity in future.
In either scenario you will be contacted in the first instance by email, and you will have the opportunity to confirm your interest in the new role or to decline our consideration. Equally, the abovementioned rights of access, correction, and erasure will remain open to you for as long as we hold your personal data.
How Long We Keep Your Personal Data
We will retain all personal data relating to your engagement/s with easyHotel for at least six months and one week from your last interaction with our staff, processes, and/or systems (the date of the last email you sent to us, the date of your last interview etc. whichever occurs latest).
The retention period is tracked in Talos and if there is no activity on your candidate account for 6 months, it will be deactivated automatically. You can also request to withdraw your details at anytime and thereafter your data will be fully anonymised for further protection.
In order to have your personal data deleted ahead of the deadline, you must notify easyHotel of your desire according to the instructions outlined in the Rights of Access, Correction, and Erasure section above.
How to Complain
We hope that we can resolve any query or concern you raise about our use of your personal data, however, if you are not satisfied with our processes or approach, the GDPR gives you the right to file a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, live, or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or on 0303 123 1113.
You may also be able to claim compensation for damages caused by a breach of the GDPR or DPA. For further information on your rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office.
If you have any questions, queries, or issues relating to our recruitment policies and processes, or how they relate to our adherence to both the GDPR and DPA, then please contact our Data Protection Manager: firstname.lastname@example.org.