Candidate privacy policy

To operate our activities, ARTEC EUROPE SARL collects and uses information about living individuals (“Personal Data”), including information about our current, former and prospective candidates for employment with ARTEC EUROPE (“you”).

ARTEC EUROPE takes your privacy seriously. This Candidate Privacy Policy (“Policy”) contains information on what Personal Data ARTEC EUROPE (“ARTEC EUROPE”, “we”, “our”, or “us”, ) and other companies of the group to which we belong (the “ARTEC Group”) collect(s), what they do with that information, and what rights you have. As part of our commitment to protect your Personal Data we want to inform you in a transparent manner:

  • why and how ARTEC EUROPE collects, uses and stores your Personal Data;
  • the lawful basis for the use of your Personal Data; and
  • what your rights are in relation to such processing and how you can exercise them.

I. Scope of this Policy

This Policy applies to any all forms of use of your Personal Data (“processing”) by us if you are a current, former or prospective candidate of ARTEC EUROPE.

II. Categories of Personal Data collected

For prospective, current and former candidates, we collect basic identification information, such as your name, title, position, professional history, and experience and contact details.

If you actively apply for a role with ARTEC EUROPE, we will usually also collect:

  • Personal details and identification information (e.g., date of birth, nationality, picture, gender, ID card, passport numbers and other national ID numbers as required, immigration status);
  • Physical and electronic address details (e.g., private telephone number, private email and/or postal address and business telephone number);
  • Education and employment information (e.g., remuneration at your current employer, employment dates with your current employer, interview performance evaluation and scores in any online testing, position information such as position title, and language skills);
  • Information submitted as part of your application (e.g., recordings of any video interviews in which you participate, and anything you choose to submit by choice in support of your application);
  • Electronic and physical communication information, including but not limited to in and outbound emails including attachments, phone conversations, chat or other instant messaging, faxes (digital) and other communication data (e.g., phone meta data); and
  • Where relevant, behavioural information and information about personality characteristics such as data collected to assess a candidate’s suitability.
  • Information you submit as part of your application must be true, accurate, complete and not misleading. Any false or misleading statements or omissions made by you during the application process, including your application and any assessments and interviews, may constitute a sufficient reason to justify the rejection of your application or, if you have already become an employee, the immediate termination of your employment, subject to appropriate and compliant process.

If you provide information about your family or any other third party to us as part of your application (e.g., emergency contacts or referees) then, before providing us with such information, you must inform the relevant individuals that you will disclose their Personal Data to us and provide a copy of the information in this Policy to them.

If you accept a role with ARTEC EUROPE, then in order to conduct any necessary background checks and create your record in the ARTEC Group employee database, we will usually also collect:

  • Family information (e.g., marital status, and details of any family or personal relationships within ARTEC EUROPE); and
  • Financial information (e.g., summary credit history, bank account details, tax-related information, and information required to undertake required checks for money laundering, criminal activities, corruption, terrorist financing and related matters).

In some cases, the Personal Data that we process will also include special categories of data (such as diversity related information including data about racial and ethnic origin, religious beliefs and other beliefs of a similar nature) and data about alleged or proven criminal convictions and offences, in each case where permitted by applicable law.

The above-mentioned Personal Data are collected from information that you directly provide (through the completion and submission of online application forms and profiles, through resumes or curriculum vitae, or through interviews or other communications). In some cases, ARTEC EUROPE will also collect Personal Data indirectly from third parties, such as recruitment agencies that you used to apply to ARTEC EUROPE background check providers and other administration services providers (for instance Personio, and/or entities who provide candidate shortlisting services), or from publicly available sources such as business- and employment-orientated social networking services and job boards (LinkedIn, Indeed, …etc),.

III. Purposes of the processing of your Personal Data and legal basis

A. Purposes of processing

We always process your Personal Data for a specific purpose and only process the Personal Data which is relevant to achieve that purpose. In particular, we process Personal Data of candidates, within applicable legal limitations, for the purposes of:

1. Recruiting and application handling.

For example, to:

  • undertake recruitment activities, such as determining the suitability of a candidate’s qualifications, maintaining information on the status of your application;
  • assist us in managing external providers (e.g., recruitment agencies – see below for further information about when we work with third parties);
  • prepare for and enter into a contractual employment relationship such as offer approvals.
2. Staff Administration.

For example, to:

  • manage our HR records and update the Artec Group employee database (e.g., keeping your application data on file);
  • communicate with you about any actual or potential job vacancy.
3. Onboarding.

For example, to:

  • set up internal profiles, collecting information required to complete the employee onboarding process.
  • Request working and residence permit for you and your family.
  • For background checks see 4) below);
  • assist us in managing external providers involved in the onboarding process (e.g., insurance companies, pension funds).
4. Compliance & Risk Management and / or Crime Prevention.

For example, to:

  • carry out background checks as part of the employee onboarding process, including checking for any existing or potential conflicts of interest or any other restrictions which may otherwise restrict or prevent a candidate’s employment with ARTEC EUROPE as well as to prevent crime, including fraud or criminal activity, misuses of our products or services as well as the security of our IT systems, architecture and networks;
  • receive and handle complaints, requests or reports made to a compliance function, HR function, or other designated units within ARTEC EUROPE or the ARTEC Group;
  • reply to any actual or potential proceedings, requests or the inquiries of a public or judicial authority (e.g., if ARTEC EUROPE is under a duty to disclose personal data to comply with any legal or regulatory obligation);
  • comply with any legal or regulatory obligations imposed on ARTEC EUROPE in relation to its recruitment practices such as governmental reporting requirements.
5. Other purposes
  • to provide information to other ARTEC Group entities or third parties to benefit from cost-effective services, efficient solutions and subject-matter expertise (e.g., we may opt to use certain IT platforms offered by suppliers. We may also share Personal Data with another ARTEC GROUP entity so that a team with the appropriate subject-matter expertise can provide advice or support);
  • to provide information to third parties to enable a transfer, merger or disposal to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer, merger or disposal of part or all of ARTEC EUROPE’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
  • to exercise our duties and/or rights vis-à-vis you or third parties (e.g., if ARTEC EUROPE needs to obtain legal advice or provide Personal Data in connection with judicial proceedings);
  • to collect data to ensure the security of buildings, as well as property and information located or stored on the premises and to prevent unauthorized physical access to secure premises (e.g., maintaining building access logs and CCTV system images);
  • to create custom and lookalike audiences on various social media platforms allowing to display targeted job advertisements.

B. Legal basis for the processing of Personal Data

Depending on the purpose of the processing activity (see section 3.1), the legal basis for the processing of your Personal Data will be one of the following:

  • necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request, such as preparing a contract of employment for you following a decision to make you an offer of employment (for example when we use your data for some of the purposes in section III.A.1) and 2) above);
  • necessary to comply with our legal or regulatory obligations, such as reference requirements (for example when we use your data for some of the purposes in section III.A.1), 3), 4) and 5));
  • necessary to protect the vital interests of the relevant individual or of another natural person, such as providing disability access to ARTEC EUROPE premises for interviews where applicable;
  • necessary for the legitimate interests of ARTEC EUROPE, and does not unduly affect your interests or fundamental rights and freedoms (for example when we use your data for some of the purposes in section III.A 1), 2), 4) and 5). See below for more examples of legitimate interests of ARTEC EUROPE);
  • in some cases, we have obtained prior consent (such as when we apply automated decision making to evaluate whether to reject or proceed with your application processed for some of the purposes in section 3.1 a) above), or processed with your explicit consent in the case of special category of Personal Data (such as your health data).

Examples of the “legitimate interests” referred to above are:

  • to benefit from cost-effective services, efficient solutions and subject-matter expertise (e.g., we may opt to use certain IT platforms offered by suppliers. We may also share Personal Data with another ARTEC GROUP entity so that a team with the appropriate subject-matter expertise can provide advice or support) - (see section 3.1 e) above);
  • to determine whether a candidate or potential candidate’s skills, qualities and experience are suitable for a role within ARTEC EUROPE, and determine whether or not to either
    • make an offer of employment with ARTEC EUROPE; or
    • approach a candidate with a view to making an offer of employment with ARTEC EUROPE, on this basis; (see section III.A 1) above);
  • at the appropriate stage in the recruitment process (i.e., as part of making an offer of employment to you), to verify the accuracy of information you have provided to us as part of your application, including through background screening (see section III.A 4) above);
  • to prevent fraud or criminal activity, misuses of our products or services as well as the security of our information, IT systems, architecture and networks and security of ARTEC EUROPE premises (see section III.A 4) and 5) above);
  • to create custom and lookalike audiences on various social media platforms allowing to display targeted job advertisements (see section III.A 5) above);
  • to exercise our rights under Articles 16 and 17 of the Charter of Fundamental Rights, including our freedom to conduct a business and right to property (where applicable).

To the extent that we process any special categories of data relating to you, we will do so because:

  • the processing is necessary to carry out our obligations under employment, social security or social protection law;
  • the processing is necessary for the establishment, exercise or defense of a legal claim;
  • the processing is necessary for reasons of substantial public interest; or
  • you have given your explicit consent to us to process that information (where legally permissible). You are under no obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

IV. Measures implemented to protect your Personal Data?

A. Within ARTEC EUROPE and the ARTEC Group

We make available Personal Data to members of our personnel and within the ARTEC Group for the purposes indicated in section III.A.

Other companies of the ARTEC Group may process your Personal Data on behalf and upon request of ARTEC EUROPE.

B. Outside ARTEC EUROPE and the ARTEC Group

For the purposes listed in section III.A above, and to the extent permitted under applicable law, we may also transfer Personal Data to third parties outside ARTEC EUROPE and the ARTEC Group, such as:

  • third party service providers, who are contractually bound to confidentiality, such as our IT system or hosting providers ( M207), cloud service providers, social media platforms, database providers, consultants (including the recruitment agency whom you used to apply to ARTEC EUROPE, if applicable, and lawyers) and third parties who carry out pre-employment checks on prospective employees;
  • a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of ARTEC EUROPE’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
  • authorities, e.g., regulators, or courts or party to proceedings where we are required to disclose information by applicable law or regulation or at their request, or to safeguard our legitimate interests;
  • the referees provided on your application form to ARTEC EUROPE;
  • any central or local government department and other statutory or public bodies; and
  • any legitimate recipient of communications required by laws or regulations. Where ARTEC EUROPE or ARTEC Group transfer your data to third party service providers processing data on ARTEC EUROPE behalf, we take steps to ensure they meet our data security standards, so that your Personal Data remains secure. Third party service providers are thereby mandated to comply with a list of technical and organisational security measures, irrespective of their location, including measures relating to:
    • information security management;
    • information security risk assessment and
    • information security measures (e.g., physical controls; logical access controls; malware and hacking protection; data encryption measures; backup and recovery management measures).

C. Data Transfers to other countries

The Personal Data transferred within or outside ARTEC EUROPE and the ARTEC Group as set out in sections 5.1 and 5.2, is in some cases also processed in other countries. We only transfer your Personal Data abroad to countries which are considered to provide an adequate level of data protection, or in the absence of such legislation that guarantees adequate protection, based on appropriate safeguards (e.g., standard contractual clauses adopted by the European Commission to the extent recognized by the competent Data Protection Authority or another statutory exemption) provided by local applicable law.

VI. Duration of the storage of your data

We will only retain Personal Data for as long as necessary to fulfil the purpose(s) for which it was collected or to comply with legal, regulatory or internal policy requirements, whichever is longer. In general, although there may be exceptions, data relating to unsuccessful candidates for roles within ARTEC EUROPE is kept for 36 months after the date on which we notify you that your most recent application has been unsuccessful; data relating to potential candidates for roles within ARTEC EUROPE is kept for 36 months from the date of our last recorded communication with you. Any maximum storage term set forth by applicable local law will prevail. Personal Data relating to successful candidates is dealt with by the employee privacy Policy that will be provided to you upon joining ARTEC EUROPE. If your application is successful, your application will be retained as part of your personnel record.

However, if you wish to have your Personal Data removed from our databases, you can make a request as described in section VII below, which we will review as set out therein.

VII. Your rights and the way to exercise them

A. Your rights

You have a right to access and to obtain a copy of your Personal Data as processed by ARTEC EUROPE. If you believe that any information we hold about you is incorrect or incomplete, you may also request the correction of your Personal Data.

You also have the right to:

  • object to the processing of your Personal Data;
  • request the erasure of your Personal Data;
  • request restriction on the processing of your Personal Data; and/or
  • withdraw your consent where ARTEC EUROPE obtained your consent to process Personal Data (without this withdrawal affecting the lawfulness of any processing that took place prior to the withdrawal).

ARTEC EUROPE will honour such requests, withdrawal or objection as required under applicable data protection rules subject to exemptions that may be engaged. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to better understand your request. If we do not comply with your request, we will explain why.

In certain circumstances, ARTEC EUROPE may process your Personal Data through automated decision-making. Where this takes place, you will be informed of such automated decision-making that uses your Personal Data and be given information on criteria and procedures applied. You can request an explanation about automated decision making carried out and that a natural person reviews the related decision where such a decision is exclusively based on such processing.

B. Exercising your rights

To exercise the above rights, please send an email to dpoofficer@artec-group.com.

If you are not satisfied with how ARTEC EUROPE processes your Personal Data, please let us know and we will investigate your concern. Please raise any concerns by contacting the ARTEC Group Data Protection Office at: dpoofficer@artec-group.com.

If you are not satisfied with ARTEC EUROPE’s response, you have the right to make a complaint to the Data Protection Authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen.

VIII. Changes to your Personal Data

We are committed to keeping your Personal Data accurate and up to date. Therefore, if your Personal Data changes, please inform us of the change as soon as possible.

IX. Updates to this Policy

Any amendment or update to this Policy will be made available to you here. Please visit the ARTEC EUROPE website frequently to understand the current Policy, as the terms of this Policy are of a high importance to you.

If you have any questions or comments about this Policy, please contact the Group Data Protection Office at dpoofficer@artec-group.com.