S3 Connected Health Candidate Privacy Policy

This notice applies to Personal Data relating candidates only, regardless of the media on which it is stored (paper, electronic or otherwise).  This notice does not apply to anonymous information, namely, information which does not relate to an identified or identifiable natural person or to Personal Data rendered anonymous in such a manner that the Data Subject is not or no longer identifiable.  Please note that, once a candidate is hired by the Organisation, the employees Personal Data becomes subject to the S3 Connected Health Employee Privacy Notice for the duration of their employment.  This notice applies to candidates to the following the Organisation legal entities:

Silicon & Software Systems, Ltd
South County Business Park
Leopardstown
Dublin
D18 T9P8
Ireland

Silicon & Software Systems Polska Sp.z.o.o
Nicolas Business Center
ul. Św. Mikołaja 19
50-128 Wroclaw
Poland

S3 Connected Health USA Inc.
210 Broadway #201
Cambridge
MA 02139
United States

GLOSSARY

Term

Meaning

Personal data

Means any information relating to an identified or identifiable natural person (‘Data Subject’).  An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that unnatural person.

Special categories of personal data

Means any sensitive personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sexual orientation.

Data controller

Means a natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.  For the purposes of the EU General Data Protection Regulations and relevant Member State law, the Organisation is the Controller and processor of data.

Data Subject

Means any living individual who is the subject of Personal Data held by an organisation.  Data Subjects within the Organisation may include current, past and prospective employees, sub-contractors, suppliers and customers, potentially patients of Health Care Professionals using S3 Connected Health products or applications and other individuals with whom the Organisation communicates.

Processing

Means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor

Means a natural or legal person, public authority, agency or another body which processes Personal Data on behalf of the Controller.  Note that within S3 Connected Health, it is perfectly feasible for the Organisation to be a processor on behalf of one of the Affinial Clients for certain Personal Data categories and/or vice-versa for other categories of Personal Data.

Anonymisation

Means the process of turning data into a form which does not identify individuals and where identification is not likely to take place. This allows for a much wider use of the information.

GLOSSARY

WHAT PERSONAL DATA DOES THE ORGANISATION COLLECT?

The Organisation only collects the amounts and types of data that are required to effectively administer its recruitment and hiring processes.

The Organisation collects some or all of the following information in relation to candidates which contain Personal Data such as name, qualifications, employment history, contact details and assessments relating to that candidate.

  • Cover letter
  • Curriculum vitae (CV)/resum­­­­­­­­­­­­­­­­­­­­­­e
  • Interview notes
  • References and other information required to verify information received during the recruitment and hiring process
  • Results of psychometric testing

The Organisation does not require nor ask for any Special Categories of Personal Data in pursuit of its recruitment and hiring process.

The Organisation requests that candidates only submit CVs or resumes with information relevant and required for the recruitment process such as:

  • Name, email address and contact number
  • Employment history, including prior employment, relevant positions and dates
  • Education history, including qualifications or certifications obtained, dates and issuing institutions, and other relevant awards and/or achievements

HOW DOES THE ORGANISATION COLLECT PERSONAL DATA?

Candidate Personal Data can be submitted to the Organisation in a number of ways, including but not limited to the following:

  • Electronically submitted through the Organisation’s online Careers page.
  • Electronically submitted to the Organisation recruitment application via an online recruitment portal.
  • Electronically submitted by email directly to one of the site-specific the Organisation Human Resources Function recruitment email aliases directly by a candidate or recruitment agency on a candidate’s behalf.
  • Electronically submitted by email directly to a member of the Organisation Human Resources Function directly by a candidate or recruitment agency on a candidate’s behalf.
  • Submitted by post to the Organisation Human Resources function or a member of that Function.

WHY DOES THE ORGANISATION COLLECT PERSONAL DATA?

As a potential employer the Organisation is required to source and collect, process and retain information such as that noted above for normal recruitment and hiring purposes.  The Organisation will process such Personal Data for the purpose of determining whether a candidate will become an employee or contractor of the Organisation for a specific position or for job opportunities in the future.

HOW DOES THE ORGANISATION PROCESS PERSONAL DATA?

As noted above, the Organisation processes Personal Data for normal recruitment and selection purposes.  Specifically, a candidate’s Personal Data is processed as follows:

  • In order to maintain contact with the candidate in relation to the specific position applied for, or to contact the candidate in relation to future positions that may arise within a period of 24 months of the date of application.
  • In order to assess and validate whether a candidate will become an employee or contractor of the Organisation for a specific position or for future positions that may arise.
  • In order to verify details provided by the candidate or to request additional Personal Data if not provided.
  • In order to establish, exercise or defend legal claims.

TO WHICH THIRD PARTIES DOES THE ORGANISATION DISCLOSE THIS DATA?

The Organisation will share CVs, resumes cover letters and interview notes with the Organisation Human Resources personnel and hiring managers as required to administer and undertake the recruitment and selection process.

The Organisation will share CVs or resumes with relevant employees participating on interview panels on behalf of the Organisation.

Candidate information will not be disclosed to any other third party without the candidate’s consent, except where it is required to comply with statutory requirements or to provide normal Organisation services.

Candidate Personal Data will not be transferred outside the European Economic Area.

HOW DOES THE ORGANISATION STORE CANDIDATE DATA?

To store candidate data and to administer its recruitment processes, the Organisation uses a third-party software application, eRecruiter which is GDPR compliant.  Candidate’s CVs, resumes and/or cover letters are stored in a hosting centre in Wroclaw that ensures the safety and confidentiality of such data.

Candidate CVs, resumes and/or cover letters will only be distributed to employees involved in a specific recruitment process through this application by sending to that employee, a candidate’s profile in the form of a unique URL linked to a “candidate card” provided by eRecruiter and relating to that candidate only.  Employees will not be able to make local copies of CVs or resumes or distribute candidates’ CVs or resumes to other employees or individuals.  Access to eRecruiter is password protected, restricted and controlled by the Human Resources function.

HOW DOES THE ORGANISATION SAFEGUARD PERSONAL DATA?

The Organisation is committed to taking all reasonable and appropriate steps to protect the Personal Data that it holds from misuse, loss or unauthorised access.  The Organisation does this by having in place a range of appropriate technical and organisational measures.  These include measures to deal with any suspected data breach.

HOW LONG DOES THE ORGANISATION RETAIN THIS DATA?

The Organisation will retain Personal Information in line with the Organisation Data Retention Policy and, for as long as is necessary to comply with our statutory and contractual obligations in accordance with our legitimate interests as a data controller.  In total, the Organisation will retain candidate data for up to 24 months from receipt, after which time such data will be deleted, with the exception of a candidate’s name, date of application, role applied for and outcome.  Note, however, where a candidate is deemed unsuitable for the role for which they apply and/or any future roles within the Organisation, that candidate’s data may be deleted within an earlier timeframe.  The rationale for retaining candidate data for a period of 24 months is to provide sufficient time for the vacancy in question to be filled and, thereafter, to allow the Organisation to process the candidate’s data for related vacancies that may arise.

ADDITIONAL CANDIDATE CONSENT

References, when sought, will be to verify and validate information received during the recruitment and selection process.  References will not be sought in relation to any candidates without written permission from the candidate.

Psychometric testing will only be carried out for specific roles.  Candidates will be required to give their consent in writing in advance of taking any psychometric tests.  The Organisation ensures the protection of candidates’ rights by:

  • Providing the candidate with a copy of the psychometric test report.
  • Only using the results of psychometric testing as part of the selection criteria only and not as a determining factor.

CANDIDATE RIGHTS

Under the General Data Protection Regulation (GDPR), candidates have a number of rights with respect their Personal Data, even if they have given it to the Organisation.

  • The right to access to the Personal Data that the Organisation holds in relation to that candidate together with information about the Processing of that Personal Data.
  • The right to request that any inaccurate Personal Data held about the candidate is corrected, or, if the Organisation has incomplete information, the candidate may request that the Organisation update that information so that it is complete.
  • The right, in certain circumstances, to request that the Organisation erases a candidate’s Personal Data.
  • The right, in certain circumstances, to withdraw consent for the Organisation to processes a candidate’s Personal Data.
  • The right, in certain circumstances, to restrict the processing of a candidate’s Personal Data.
  • The right to object to the Processing of a candidate’s Personal Data by the Organisation but only where we are Processing the Personal Data on the grounds of a legitimate interest.
  • The right to have a candidate’s Personal Data transferred to another Data Controller.
  • The right to lodge a complaint with the Data Protection Commissioner (Irish candidate) or the President of the Office for Personal Data Protection (Polish candidates).
As noted above, the Organisation, at all times, reserves the right to process Personal Data for the establishment, exercise or defence of legal claims.

Candidates should not that the withdrawal of consent for the Organisation to process a candidate’s Personal Data shall not affect the legality of the processing that has taken place prior to the request for withdrawal.

Should candidates have any queries in respect to their rights in relation to Personal Data or should they wish to exercise any of their rights as noted above, they should contact the Organisation’s Human Resources Function at HR@S3ConnectedHealth.com.  The Organisation will respond to you without delay and, in any event, within one month.  Further, candidates are entitled to lodge a complaint with the Data Protection Commissioner (Ireland) or President of the Office for Personal Data Protection (Poland) if they are not happy with the Organisation’s response when they chose to exercise any of their rights noted above.  Please note that the Organisation is allowed to refuse such a request in certain limited circumstances and, if this arises, we will let the candidate know without delay.

CANDIDATE UNWILLING TO PROVIDE THE INFORMATION REQUIRED

In some cases, a candidate may decline to provide the Organisation with their Personal Data.  If we believe that we require that relevant information to effectively and properly manage our recruitment process, we may not be able to continue our relationship with that candidate and will inform the candidate accordingly.

IDENTITY OF DATA CONTROLLER AND DATA PROCESSOR

For the purposes of the EU General Data Protection Regulations and relevant Member State law, the Organisation is the Controller and Processor of data.

Any concerns, questions or requests for further information should be addressed to:

  • Elzbieta Lukaszek, HR Director

AMENDMENTS TO THIS NOTICE

The Organisation reserves the right to amend this policy as necessary and in the interests of best business practice.