As part of any recruitment process, Timagenis Law Firm (referred to as “The Firm“, “we“, “us“, “our”) collects and processes personal data relating to job applicants. Timagenis Law Firm is a data controller. This means that we are responsible for controlling how we may process your personal information as part of our candidate application and recruitment activities. You are being referred to or receiving this notice because of your application for work with us (whether as an employee, worker or contractor). With this notice we inform you about how and why we use your personal information, namely for the purposes of our recruitment process, and for how long we will retain it for. This Candidate Privacy Notice sets out:
- Data Protection Principles
- The Information We Hold about Candidates
- Information about Criminal Convictions
- How We Collect Personal Data about our Candidates
- Legal Basis for Processing
- Purposes of Processing Your Information
- Automated Processing
- Data Sharing
- Data Retention
- Your Legal Rights
- Data Security
- Contact Details
- Updates and Further Information
We will process your personal data in compliance with the data protection law and principles. This means that your personal data will be:
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in any way;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as it is necessary for the purposes we have told you about; and
- kept securely.
You are under no statutory or contractual obligation to provide data to Timagenis Law Firm during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
Personal data, or personal information, means any information about an individual from which that person can be identified, excluding data where the identity has been removed (anonymous data).
We may obtain your personal data from the following sources (please note that this list is not exhaustive):
- You (e.g. a Curriculum Vitae, cover letter and any other supporting information you provide us with, as well as information you provide us with during an interview);
- Other candidates or employees;
- Online jobsites;
- The public domain;
- Social Media;
- At interview;
- Conversations on the telephone;
- Notes following a conversation or meeting.
We may collect, store, and process, indicatively, the following types of personal information about you for the purposes of our recruitment process:
- personal details, i.e., inter alia, name, home address, date of birth, contact details, including e-mail address and telephone number, father’s name, mother’s name, etc.;
- date of birth, place of birth;
- tax number;
- Identity Card number, date of issuance and issuing authority;
- passport number;
- marital status, next of kin, number of dependants (sons and daughters);
- your photograph;
- details of your qualifications, skills, experience and employment history;
- information about your current level of remuneration;
- education received (including secondary education, higher education and/or university education), native language and foreign languages, other qualifications, certificates and/or diplomas;
- information regarding your previous experience, including, inter alia, name of previous employers, your position, job details etc.;
- references and assessment results.
Special Categories of Personal Information:
We may also inadvertently collect some special categories personal data, where such have been provided or made publicly available by you or can be inferred from your curriculum vitae. Such information relates to your race or ethnicity, medical condition, health history and data concerning your health etc.
Data will be stored in a range of different places, in hard copies or digitally, including on your application record and on our IT systems (including e-mail).
We envisage that we might process information about the candidate’s criminal convictions and offenses.
We will collect information about your criminal convictions history if we would like to offer you the work (conditional on checks and any other conditions, such as references, being satisfactory). We are entitled to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role.
We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
We set out below a list of the sources from which we may collect information about candidates:
- Directly from you, the candidate, when you are applying for a position at our Firm and/or by your interaction with us;
- From third parties, such as your named referees, colleague recommendations; and
Publicly accessible sources, where you have made your information available for the purposes of recruitment on jobs boards such as LinkedIn and/or other social media networks and databases.
We will only use your personal data when the law allows us to. Below you will find more information about the types of lawful basis that we rely on to process your personal information:
- For the purposes of performing or entering into a contract to which you will be/are a party and in order to take steps at your request prior to you entering into those contracts;
- For the purposes of legitimate interests pursued by us for general recruitment processes and for keeping records of the process; more specifically processing data from job applicants permits us to manage the recruitment process, evaluate an application, assess and confirm a candidate’s suitability for employment and decide to whom to make an offer of employment;
- For the compliance with a legal obligation that we are subject to;
- We may also need to process data from job applicants to respond to and defend against legal claims.
Please note the we will not be able to process your application successfully in case you fail to provide personal information when requested, which is necessary for us to consider your application.
Based on the abovementioned legal grounds (see Section 5), we will process your personal information specifically to:
- Assess your skills, qualifications and suitability for the role;
- Carry out reference checks, where applicable;
- Communicate with you about our recruitment process;
- Maintain our records related to our hiring processes;
- Comply with legal/regulatory requirements.
We may process your sensitive personal information to:
- To make appropriate adjustments during our recruitment process to ensure our candidates receive equal treatment.
- To verify the information provided in the context of the recruitment process.
- To assess your overall fitness to work taking into account the specific requirements of your position.
We will only use your personal data for the purposes for which we collected it. Please note we may process your personal data without your knowledge or consent, where this is required or permitted by law.
We do not carry out automated decision-making or profiling in relation to your personal information.
We will only share your personal data for the purposes of processing your application, and the information shared is limited to what is required by each individual to perform their role in the recruitment process. More specifically, we might share your personal information:
- Internally: Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the Firm, interviewers involved in the recruitment process and IT staff, if access to the data is necessary for the performance of their roles. Your information will be shared only with those employees who have business need-to-know, and they are subject to a duty of confidentiality. The information shared is limited to what is required by each individual to perform their role in our recruitment process. Moreover, employees will comply with security obligations and technical and organisational measures imposed on us under the GDPR, and set out below in clause 10.
- Externally: With your referees for the purposes of processing your application. Please note that it is your responsibility to obtain consent from referees before providing their personal information to us. We might also share your personal information with local labour authorities, courts and tribunals, regulatory bodies and/or law enforcement agencies for the purposes of complying with applicable laws and regulations, or in response to legal process.
If you apply for a job at Timagenis Law Firm, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
a. If your application is unsuccessful or you withdraw from the process or decline our offer, we will retain your information for a period of twelve (12) months after we have informed you about our recruitment decision. After this period of time, we will securely destroy your personal information in accordance with our data retention policy and the applicable laws and regulations. We will retain your personal information to:
i. prove that our recruitment decision was not discriminatory against candidates and that we conduct our recruitment activity in a fair and transparent way in case of a legal claim against us; and
ii. to consider you for future job opportunities at our Firm. Please note that in this case, we will write to you separately, seeking your explicit consent to retain your personal data for a fixed period.
b. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personal file (electronic and hard copy) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice on commencement of employment.
You have a number of rights concerning the way that we use your information. At any time, you have the right to:
- Request access (“Data Subject Access Request”) or a copy of any personal data we hold about you;
- Request rectification of the personal data we hold about you that you may consider as inaccurate or incomplete, though verification of such new data might be required;
- Request erasure of your personal data, if you consider that we do not have the right to hold it (the right to be forgotten). This enables you to request the deletion or removal of your personal data where you have successfully exercised your right to object to processing (see below), where we have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be communicated to you, if applicable, at the time of your request;
- Object to processing of your personal data particular purpose or to request that we stop using your information where you feel it impacts on your fundamental rights and freedoms;
- Request restriction of processing of your personal information in case you wish us to establish the data’s accuracy;
- Object to decisions being taken by automated means;
- Data Porting – where you have provided us with personal information and we use this information either on the basis of your consent or to perform a contract with you, you have the right to receive your personal information from us in a commonly used and machine readable format, and the right to require us to transmit your personal information to someone else if it is technically feasible; and
- Withdraw consent at any time where we are relying on consent to process your personal information. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our privacy team using the details set out below:
- E-mail: firstname.lastname@example.org
- Phone: + 30 210 422 0000
- Address: 136, Notara Street & 10, Filellinon Street, 185 36 Piraeus, Greece.
Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our retention policy, we will dispose of your personal data securely, unless we have another legitimate basis for acting otherwise.
Any request for access to or a copy of your personal data or to exercise any of your rights as set out above must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with applicable data protection legislation.
Please note that some restrictions may apply to the applications of the rights.
If you have any concerns about the way we are collecting or using your personal information, please contact us in the first instance (See clause 11). You also have the right to lodge a complaint with Greece’s supervisory authority for data protection matters – the Hellenic Data Protection Authority http://www.dpa.gr/.
Timagenis Law Firm is committed to protecting the personal data you entrust to us. We adopt robust and appropriate technologies and policies, so the information we have about you is protected from unauthorised access and improper use. We have put in place appropriate security measures to protect your personal information from being accidentally lost, altered, disclosed or destroyed, used and/or accessed in an unauthorised way. In addition, the access to your personal information is limited only to those employees who have business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality, in accordance with clause 7 above.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the Hellenic Data Protection Authority of a breach as is required by articles 33 and 34 of the GDPR.
Those measures taken by us include or display indicatively the following features and functionalities:
- The pseudonymisation and encryption of personal data.
- The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;
- Regular training of our staff in relation to their data protection obligations and executing confidentiality agreements with them.
Phone: + 30 210 422 0000
Address: 136, Notara Street & 10, Filellinon Street, 185 36 Piraeus, Greece.
This Privacy Notice was updated on 25 February 2019. It may be updated to take into account changes at Timagenis Law Firm or for example to reflect changes to regulation or legislation.
Updates to this Privacy Notice will be posted on Timagenis Law Firm website – please check back from time to time.
Timagenis Law Firm,
25 February 2019