Candidate Privacy Statement
Effective as of December 20, 2023, EIS Software Ltd. (“EIS”), and its affiliated companies (collectively, the “EIS Group Inc” or “we” or “us” or “our”), have updated our Candidate Privacy Statement (“Statement”). This Notice may be updated to reflect changing legal, regulatory, or operational requirements. We encourage you to periodically review this page for the latest information on our privacy practices.
This Privacy Statement describes EIS (“EIS”) Software Ltd. et al., (the “Company” or “we” or “us”) handling of Personal Data obtained from external job applicants.
This Privacy Statement describes how EIS and subsidiaries collect, use, store and otherwise Process the Personal Data of external candidates.
This Privacy Statement applies to External Applicants that are not currently employees of EIS, where an offer has not been extended to the Candidate.
“Candidate” or Applicant means an individual who has applied and or is being considered for a role within EIS.
“Data Controller” means the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Data; where applicable Data Protection and Privacy Law determine the purposes and means of processing, the Controller or the criteria for the Controller’s nomination will be as designated by applicable Data Protection and Privacy Laws. For the purposes of Processing of Personal Data as described in this Statement, EIS is the Data Controller.
“Data Processor” means the legal person who processes Personal Data on behalf of a Data Controller or on the instruction of another Data Processor acting on behalf of a Data Controller.
“Data Protection and Privacy Law” means all current and future applicable laws and regulations relating to the processing, security, protection, and retention of Personal Data and privacy that may exist in the relevant jurisdictions, including, but not limited to, the GDPR and all laws implementing or supplementing the GDPR.
“GDPR” means the General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“Lawful Basis/Bases” Under Article 6 of the GDPR, a Data Controller (EIS for the purposes of this Statement) must have a valid lawful basis in order to Process Personal Data.
(a) Consent: the individual has given clear consent for EIS to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract EIS has with the individual or because they have asked EIS to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for EIS to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for EIS to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for EIS’ legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
“Personal Data” means any information relating to an identified or identifiable living individual or as otherwise defined by GDPR 2016/679. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity.
“Process”, “Processes”, “Processing” or “Processed” means any operation or set of operations which is performed upon Personal Data whether or not by automatic means, including, without limitation, accessing, collecting, recording, organizing, structuring, retaining, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning, combining, blocking, restricting, erasing and destroying Personal Data and any equivalent definitions in applicable Data Protection and Privacy Laws to the extent that such definitions should exceed this definition.
Personal Data Collected
EIS collects and processes a range of information about you. This includes the following information in the below chart that indicates the types of Personal Data that EIS may collect:
Collected From the Candidate
Resume Details: Name, Email, Location, Educational, References and Work History.
Application Data: Diversity Information (Gender, Race, Disability, Veteran Status).
From Other Sources
Publicly available information from websites or social voluntarily provided (Linkedin).
EIS uses the following bases to Process Personal Data:
- to comply with our contractual obligations to you or to take steps to enter a contract with you;
- to comply with our legal obligations;
- to meet our legitimate interests, for example, to conduct our recruitment processes efficiently and fairly or to manage applicants effectively. When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy or other fundamental rights and freedoms are not overridden by our legitimate interest to comply with our legal obligations, for example obtaining proof of your right to work status to enable us to meet relevant obligations.
When you apply and/or are interviewed for a role at EIS, your information is used for the following purposes:
- create and manage the applicant tracking system and job applications;
- assess and evaluate your experience and skills in relation to the position you have applied to;
- communicate related to your application and the recruitment process;
- verify your information and where applicable background checks;
- operate, evaluate and improve the recruitment system, our application tracking;
- and recruitment activities (this includes analyzing our job applicant base, our hiring practices or trends, identifying qualifications or skills shortages, and using information to match candidates and potential opportunities);
- detect, prevent and respond to fraud or potentially illegal activities (such as intellectual property infringement), misuse of the applicant tracking system;
- perform audits, assessments, maintenance and testing or troubleshooting activities related to the applicant tracking system;
- comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies; and
- respond to your enquiries and requests.
EIS does not use automated decision-making or profiling to make recruiting or hiring decisions based solely on automated processing or profiling (as defined within the GDPR).
EIS does not sell or market your personal data, we do share your Personal Data with our third-party Data Processors to facilitate the recruitment process. These Data Processors include internet service providers, IT maintenance, service providers used for the implementation of specific IT solutions and tools, hosting service providers. Additionally, EIS shares your Personal Data with third parties to comply with a legal or regulatory obligation, or otherwise to protect our rights, your rights, or the rights of any third party. Consequently, your Personal Data may be shared with our professional advisers such as lawyers, accountants, auditors, government or regulatory authorities, and our insurers.
Data may be stored in a range of different places, including in your personnel file, in the EIS Applicant tracking system (PinPoint); the Company’s HR management systems (BambooHR), and or in addition to other internal IT systems (including the Company’s email system).Our general approach is to retain your Personal Data only for as long as required to fulfill the purposes for which it was collected, as described in this Statement.
International Data Transfer
From time to time your Personal Data will be transferred to associated companies of EIS to process for the purposes described in this Statement. As a result, your Personal Data may be transferred to countries outside of the country in which you work to countries whose data protection laws may be less stringent than yours. We will ensure that appropriate or suitable safeguards are in place to protect your Personal Data and that transfer of your Personal Data is in compliance with applicable Data Protection and Privacy Law. Where required by Data Protection and Privacy Law, we have ensured that service providers (including other related entities) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over EIS. You can obtain a copy of any standard contractual clauses in place which relate to transfers of your personal information by contacting us using the details in the “Contact Information” section below.
You may have certain rights to contact us related to your Personal Data:
- The right to access. You may have the right to access your Personal Data through electronic means and obtain from us confirmation as to whether or not personal data concerning you are being processed;
- Right to be informed. You have the right to clear and concise information about what we do with your personal data;
- Right to data portability. You may have the right to receive your personal data, and to have that information transmitted to another organization under certain circumstances.
- Right to erasure. You may have the right to request to erase your personal data if there is no longer necessary for the purposes for which we have collected it or under other circumstances provided by applicable data protection laws;
- Right to rectification. You may have the right to update or correct your information if it changes or if the Personal Data that we hold about you is inaccurate;
- Right to restriction of processing. In limited circumstances, you may have the right to restrict our use of your PI;
- Right to object. You may have the right to object to the Processing of your Personal Data on grounds relating to your particular situation.
In some instances, EIS is not required to comply with your request if the Processing of your Personal Data is necessary for compliance with a legal obligation or the establishment, exercise, or defense of legal claims. In those cases, we will provide you with a detailed explanation.
We would ask that you address any concerns or issues with us in the first instance before contacting the relevant supervisory authority. You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that our Processing of your Personal Data infringes applicable Data Protection and Privacy Law.
We may modify or update this privacy statement from time to time. If we make a material change to this Privacy Statement, we will notify you of the change.
If you have questions or concerns about your Personal Data has been used, or about this Privacy Statement, please contact the Privacy Team at email@example.com.
EIS Software LTD
Middle Glanmire Road
Montenotte, Cork, Ireland