Controller’s information clause
Pursuant to article 13 and article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR"), we would like to inform you that:
The Controller of your personal data is Vention Solutions Inc. with headquarters in PRINCETON SOUTH CORPORATE CTR STE 160, 100 CHARLES EWING BLVD EWING, NEW JERSEY 08628 UNITED STATES OF AMERICA.
The Controller processes personal data of:
- Persons who have submitted their personal data to the Controller via the recruitment or account registration form ("Form") and given their consent to processing their personal data for the purpose of conducting the recruitment process before such submitting. The personal data processed by the Controller include: name, surname, mailing address, e-mail address, telephone number, image, education, work experience and any other data which the Candidate includes in the Form.
- Persons with whom the Controller (or other Controller’s group entity)has contacted through portals on the Internet in order to invite them to participate in the recruitment process. Personal data processed by the Controller (or other Controller’s group entity)in such case include: link to the profile on the portal on the Internet, name and surname, contact details (e.g. email address, phone number) and other data included in the profile relevant for the recruitment process.
- The persons to whom the aforementioned personal data relate are hereinafter referred to as "Candidates".
Purposes and legal grounds for processing
Candidate’s personal data will be processed for the purposes of:
- conducting the recruitment process, including contact between the Controller (or other Controller’s group entity) and the Candidate -i.e. on the basis of the consent referred to in Article 6(1)(a) of the GDPR and given by the Candidate before submitting his/her data via the Form;
- inviting Candidate to the recruitment process and present him a Controller’s (or other Controller’s group entity’s)profile as a potential employer through portals on the Internet –i.e. on the basis of the legitimate interest referred to in Article 6 (1) (f) of the GDPR;
- in the case of Candidates who get to the last stage of the recruitment process, in order to finalize the process i.e. to conclude a contract - on the basis referred to in Article 6(1)(b) of the GDPR;
- conducting future recruitments - i.e. on the basis of a separate consent expressed by the Candidate, i.e. on the basis referred to in Article 6(1)(a) of the GDPR;
- defending against and pursuing claims - i.e. on the basis referred to in Article 6(1)(f) of the GDPR;
- fulfilment of the Controller's (or other Controller’s group entity’s)legal obligations concerning the storage of documentation related to the recruitment process, i.e. on the basis referred to in Article 6(1)(c) of the GDPR.
Information about the data source
Candidates contact information is obtained by the Controller (or other Controller’s group entity) directly from the Candidate or from publicly available websites.
Personal data not obtained directly from the Candidate used for the recruitment process are obtained through online platforms (e.g. LinkedIn) where the Candidate has provided his/her data, such as, profile link on the portal on the Internet, first and last name, contact details (email address or phone number), location and other data relevant to the profile.
Providing personal data by the Candidate in the recruitment process is voluntary, but necessary to take part in the recruitment. The consequence of failing to provide personal data shall be the Candidate's non-inclusion in the recruitment process.
The Controller may share personal data with the following recipients or categories of recipients:
- service providers who provide services on behalf of or for the Controller. In contracts concluded with such service providers, the Controller requires compliance with applicable data protection regulations;
- to other entities within the group of the Controller;
- if such an obligation results from a legal obligation, to the extent necessary also to other third parties, in particular state authorities.
Access to personal data is provided only to those persons in the case of whom such access is justified due to the tasks performed and services rendered. All persons authorized to process personal data are obliged to keep the data confidential and protect them against unauthorized disclosure.
Candidates' personal data processed:
- in order to conduct recruitment, including contacting the Candidate and performing the necessary activities related to recruitment – will be stored for a period of 6 months from the acquisition of personal data by the Controller (or other Controller’s group entity) in a direct or indirect manner;
- in order to conduct future recruitments – on the basis of a separate consent given by the Candidate - will be stored for a period of 12 months from the date of consent;
- in justified cases, e.g. in order to defend against claims and pursue claims – at the latest until the expiry of the period of the statute of limitations for the claims;
- in order to comply with legal obligations incumbent on the Controller (or other Controller’s group entity) – for a period no longer than necessary for the aforementioned purpose.
In the case of a claim filed by a Candidate, the period for storing and processing his/her personal data may be extended if it is necessary for handling the claim and possible defense against such claim.
In connection with the processing of personal data, the Candidate has the following rights: access to data, rectification of data, deletion of data, restriction of data processing, data portability and the right to object to data processing. You are entitled to these rights in the cases and to the extent provided for by applicable law. In connection with data processing, you also have the right to file a complaint with the supervisory authority.
Data transfer to third countries outside the EEA
The Controller stores Candidates' data in IT infrastructure provided by external entities, including email boxes whose servers may be located outside the European Economic Area, and thus transfers personal data to recipients located outside the European Economic Area. The Controller transfers Candidates' personal data using mechanisms that comply with applicable law. For more information on the existing safeguards implemented by the Controller to ensure the processing of personal data in accordance with applicable law and on how to obtain a copy of the data or on where and how to access the data, please contact the Controller as indicated in this clause.
The Controller transfers personal data in accordance with the requirements of the GDPR, contained, inter alia, in Article 46 of the GDPR, in particular on the basis of standard contractual clauses.
Information about the lack of automated decision-making
The Controller will not process your personal data for the purpose of automated decision making, including profiling.
In matters concerning the processing of personal data, the Candidate may contact the Controller:
- by sending traditional correspondence to PRINCETON SOUTH CORPORATE CTR STE 160, 100 CHARLES EWING BLVD EWING, NEW JERSEY 08628 UNITED STATES OF AMERICA, or
- through a dedicated e-mail address: email@example.com.
In exercising his or her rights, a Candidate who has made a request or demand for the processing of his or her personal data may be asked to respond to questions that will allow the Candidate to verify his or her identity.
In addition, a Candidate has the right to file a complaint against the processing of his/her personal data to the relevant data protection authority.