Version: 2.0
Last modified: April 23, 2024
Introduction
This Candidate Privacy Notice (“Privacy Notice”) applies to all candidates of GR8 Tech (“candidate”, “you”, “your”) whose personal data is used during the recruitment process. Personal data refers to any information from which an individual can be identified.
This Privacy Notice does not cover our data practices related to:
- Your interactions with our non-career websites or when you engage with our products and services;
- Our processing of your personal data as an employee or contractor.
These processing activities are governed by other privacy notices, which will be provided to you in a timely manner.
This is a global Privacy Notice that applies to information collected from candidates in any country where they are located. The specific information collected may vary slightly from country to country, as permitted by law. Therefore, some sections of this Privacy Notice may not apply directly to you. It is important that you read this Privacy Notice carefully, along with any other notices we may provide when collecting and processing your personal data.
Table of contents:
- Who we are
- Our data protection officer
- How is your personal data processed?
- What personal data we process
- How we use your personal data
- How we share your personal data
- International data transfers
- Data security
- Data retention
- Your data protection rights
- Automated decision-making
- Changes to this Privacy Notice
- Contacting us
Who we are
There are a number of companies within GR8 Tech group, including parent and ultimate holding companies, affiliates, subsidiaries, and business units (“we”, “us”, “our”). Any of these companies within GR8 Tech group may access your personal data for recruitment purposes.
The data controller, responsible for determining how your personal data is processed, is Ater-Tech Limited (reg. no. ΗΕ 445116).
You can contact us:
- By mail to: Iakovou Tompazi 1, office 101, Limassol, 3107, Cyprus;
- By email to: [email protected].
Our data protection officer
If you have any questions about this Privacy Notice or want to know more about how we handle your personal data, please contact our data protection officer (DPO):
- By mail to: Iakovou Tompazi 1, office 101, Limassol, 3107, Cyprus;
- By email to: [email protected].
How is your personal data collected?
In most cases, we collect personal data directly from you. Depending on your location, we may also receive information about you from third parties, such as referrers, employment agencies, previous employers, and background check providers. Additionally, we use information from publicly available sources, including job boards and social networking platforms like LinkedIn, to find and contact potential candidates.
You are not legally required to provide us with your personal data. However, if you do not provide certain information when requested during the recruitment process, we may be unable to proceed with your application (for example, if we cannot verify your right to work in the country you are applying for). Providing us with complete and accurate information during the recruitment process is crucial.
What personal data we process
We may process the following categories of personal data about you. Please note that while this list is comprehensive, it may not be exhaustive and can vary by location:
| Categories of personal data |
Types of data |
| Identity and Contact Data |
Name, date of birth, gender, contact details such as your phone number, email address, messenger, etc. |
| Communication Data |
Communications via our websites, including our chat, email, phone, messengers, and social media accounts. |
| Recruitment Data |
Skills and experience, specialization, qualifications, employment history, CV and/or application forms, cover letters, notes of interviews, assessments completed, right to work verification (including passport, visas or national identity cards, location of workspace), information related to the outcome of application, details of any offers made, and executed offer. |
| Financial Data |
Remuneration information (preferred or offered), pension, benefits. |
| Background Check Data |
Depending on the position you are applying for and your location, we may collect, use, and store references, background and verification information (such as your name, nationality, date of birth, country of residence, professional references, passport/ID card/government-issued ID, and the results of checks conducted). |
| Online Data |
Information which is publicly available, such as LinkedIn profile information or media & news outlets including phone, email, skills, education history, job history that is available publicly. You should read the relevant platform’s privacy notices and terms and conditions to understand how they process your personal data. |
| Device Data |
When you access our website, we collect information from your device, which includes details about the device’s hardware and software, how you use the website, traffic data, IP address, etc. |
| Usage Data |
This information may pertain to you, your preferences, or your device, and is collected during your interactions with our websites. While it typically does not directly identify you, it can improve and personalize your browsing experience. Details about the use of cookies and other tracking technologies are provided in the cookie notice on our websites. |
| Special Categories Data |
Where permitted by law or provided voluntarily, we may process special category data related to racial or ethnic origin, health or biometric data.
While we do not request information related to racial or ethnic origin in our regular business operations, it may become visible on your identification documents or be voluntarily disclosed to us by you. Health data may include health and wellbeing information declared by you or obtained from details of any access needs or reasonable adjustments. Depending on your position and office location, we may also process your biometric data for the purposes of identity verification.
Where we process special categories of personal data, we primarily do so based on the following legal bases:
- Your consent (where you share such information voluntarily);
- Compliance with our legal obligations;
- Our legitimate interests.
Where we process special categories of personal data, the additional bases for processing that we rely on are:
- Your explicit consent (where you share such information voluntarily);
- For the establishment, exercise or defense of legal claims;
- Where processing is necessary for reasons of substantial public interest.
|
| Criminal Data |
Depending on the position you are applying for and your location, we may process information regarding criminal convictions and offenses. The lawful basis we rely to process this data are:
- Your consent (where you share such information voluntarily);
- Compliance with our legal obligations;
- Our legitimate interests.
We do not maintain a comprehensive record of criminal conviction information. |
| CCTV Data |
CCTV footage (applicable for candidates attending face to face job interviews) |
- How we use your personal data
We will use your personal data for the following purposes and related lawful bases:
| Purpose of processing |
Categories of personal data |
Lawful basis |
| To process job applications and manage our recruitment process, including reviewing information on application forms or CVs, shortlisting, setting up and conducting interviews and tests for applicants, evaluating and assessing the results, communicating with applicants |
Identity and Contact Data
Communication Data
Recruitment Data
Financial Data
Online Data |
Legitimate interests (e.g., to evaluate potential candidates for vacant positions)
Consent |
| For pre-employment verification and background screening (if and to the extent allowed by law) |
Identity and Contact Data
Background Check Data
Special Categories Data
Criminal Data |
Legitimate interest (e.g., for ensuring suitable candidates are placed in roles)
Legal obligations |
| To enter into a contract with applicants |
Identity and Contact Data
Financial Data |
Contract |
| For intra group data sharing such as sharing personal data with other entities within GR8 Tech group |
Identity and Contact Data
Communication Data
Recruitment Data
Financial Data
Online Data
Device Data
Usage Data
Special Categories Data
Criminal Data
CCTV Data |
Legitimate interest (e.g., for business operations purposes) |
| To assess candidate’s suitability for other roles and provide information about other job opportunities which we consider may be of interest to applicants |
Identity and Contact Data
Communication Data
Recruitment Data
Online Data |
Legitimate interest (e.g., to identify suitable candidates for open roles) |
| For our websites management, such as ensuring that our websites work properly, identifying errors and improving experience |
Device Data
Usage Data |
Legitimate interests (e.g., to keep our websites updated and relevant) |
| To defend against legal claims and potential litigation |
Identity and Contact Data
Communication Data
Recruitment Data |
Legitimate interests (e.g., to defend, enforce, exercise and uphold our rights if you get involved in a dispute with us) |
| For compliance with applicable legal, regulatory, and corporate obligations, including applicable licensing and other regulatory requirements imposed by official authorities in the regions where we operate |
Identity and Contact Data
Communication Data
Recruitment Data |
Legal obligations
Legitimate interests (e.g., to comply with licensing requirements) |
| To assess effectiveness and improving our recruitment processes, analyzing and discovering trends |
Identity and Contact Data
Communication Data
Recruitment Data
Financial Data
Online Data
Usage Data |
Legitimate interests (e.g., to effectively organize our recruitment) |
| For security, crime prevention and detection, safeguarding the company’s property rights, and providing a safer workplace |
CCTV Data |
Legitimate interests (e.g., to prevent unauthorized access to our offices) |
How we share your personal data
6.1. Sharing your personal data within GR8 Tech group
Your personal data will be shared with companies within the GR8 Tech group, in compliance with applicable data protection laws and the provisions of this Privacy Notice, for the following purposes:
- Ensuring uninterrupted business processes;
- Effectively managing human resources;
- Obtaining legal, compliance, or financial assistance;
- Fulfilling our regulatory obligations;
- Conducting reporting and overseeing group activities;
- System maintenance support and hosting of data;
- For the continuity of business in the event of a merger or takeover.
Entities within the GR8 Tech group are required to implement appropriate technical and organizational measures, including security measures, to safeguard your personal data.
6.2. Sharing your personal data with our service providers
We use service providers to assist with our recruitment processes. We enter into contracts with our service providers and ensure they take good care of your personal data. We engage service providers for the following services:
| Categories of providers |
Purpose of sharing |
| Applicant tracking system |
To help manage our recruitment and hiring process |
| IT and data storage services |
To store data and documents and facilitate both internal and external communications |
| Background checks providers |
To carry out pre-employment verification and background screening |
| Electronic signature services |
To facilitate the electronic signing and sending of documents |
| Audit, legal, and compliance services |
To obtain expert advice and services from consultants, lawyers, accountants, and other professional service providers |
If you want further information on the specific service provider, please contact us at [email protected].
6.3. Sharing your personal data in other circumstances
We may share your personal data under the following circumstances:
- When mandated by applicable law or regulation, such as disclosures to governmental, regulatory, or enforcement authorities;
- To comply with a court order;
- To protect ourselves and/or in connection with legal proceedings; and
- During negotiations of a takeover, purchase, merger, or sale of assets, and in accordance with such transactions.
International data transfers
As a multinational business, we collaborate with service providers in various countries, including those outside the European Economic Area (EEA) and the United Kingdom (UK). To ensure an adequate level of data protection, we implement the following measures:
| Transfer mechanism |
Description |
| Adequacy decision |
We may transfer personal data to a third country that has received an official determination of “adequacy” from the relevant regulatory authorities. For more information about “adequacy decisions” for the EEA, click here. For more information about “adequacy regulations” for the UK, click here. |
| Appropriate safeguards |
We establish appropriate safeguards by using binding, standard data protection clauses adopted by the relevant regulatory authorities. These clauses are enforceable by data subjects within the United Kingdom and/or the European Economic Area. For more information about the Standard Contractual Clauses for the EEA and UK, click here. For more information about the international data transfer addendum and international data transfer agreement for the UK, click here. |
| Derogations |
Depending on the circumstances, we may also collect and transfer personal data based on specific derogations, such as explicit consent from the data subject, the necessity of performance under a contract involving the data subject, important public interest reasons, or the establishment, exercise, or defense of legal claims. |
If you want further information on the specific transfer mechanism used by us when transferring your personal data, please contact us at [email protected].
Data security
We implement appropriate security, technical, and organizational measures to protect your personal data against theft, loss, or unauthorized access. We limit access to your data on a genuine business need-to-know basis. If you suspect that your personal data has been compromised, please contact us immediately for investigation. We have established procedures to address potential data security breaches and will inform you and any relevant regulator of a suspected breach, as legally required.
Data retention
We do not retain your personal data longer than necessary. The duration for which we keep your personal data varies depending on many factors. To determine the appropriate retention period for personal data, we consider the volume, nature, and sensitivity of the personal data, the risk of harm from unauthorized use or disclosure, the processing purposes, and whether these purposes can be achieved by other means, along with legal requirements.
When determining the relevant retention periods for your personal data, we will take into account factors including:
- Legal obligations under applicable law;
- Our legitimate interests (e.g., to protect our business against potential legal claims);
- Guidelines issued by relevant data protection authorities.
For instance, the default data retention period for most processing activities is 3 years. However, please be aware that the specific retention period may vary depending on the country you are applying to work in. You can request information about the retention period applicable to you by contacting us at [email protected].
You have the right to ask for your data to be deleted at any time.
When we no longer need to keep your personal data, we delete or anonymize it in accordance with applicable security standards, so it can never be linked back to an individual.
If your recruitment process is successful and you join GR8 Tech, your personal data will be retained as outlined in our Staff Privacy Notice, which will be provided to you upon joining us.
Your data protection rights
Under the applicable data protection laws, you have the following rights regarding your personal data:
| Privacy right |
Description |
| Right to access |
You have the right to obtain confirmation that your personal data is processed and to obtain a copy of your personal data. |
| Right to rectification |
You have the right to ask us to rectify data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete. |
| Right to erasure |
You have the right to ask us to delete your personal data in certain circumstances. |
| Right to restriction of processing |
You have the right to ask us to restrict the processing of your personal data in certain circumstances but we need to verify whether we have overriding legitimate grounds to use it. |
| Right to object to processing |
You have the right to object to processing if we are able to process your data based on our legitimate interests. Please note that in some cases, we may demonstrate that we have legitimate grounds to process your data which override your rights and freedoms. |
| Right to data portability |
You have the right to ask that we transfer the information you gave us from one organization to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. |
| Right to withdraw consent |
When we rely on consent to process your personal data, you have the right to withdraw your consent at any time. |
| Right to complain |
You can lodge a complaint about the way we process your personal data with the relevant data protection authority, particularly in the country where you habitually reside, work, or believe an infringement has occurred.
We ask that you contact us at [email protected] in the first instance to allow us the opportunity to address your concerns. |
You are not required to pay any charge for exercising your data protection rights. We have one month to respond to you. Please contact us at [email protected] if you wish to exercise your data protection rights. We may need to request specific information from you to confirm your identity before complying with your request.
Automated decision-making
Automated decision-making takes place when an electronic system uses personal data to make a decision without human involvement. We do not use automated decision-making which produces legal effects concerning you or similarly significantly affects you.
Nevertheless, under the applicable data protection laws, you have the right to not be subject to a decision based solely on automated processing, without human involvement, that has a legal effect or significantly affects you. This right allows you to request the involvement of one of our employees or representatives in the decision-making process.
Changes to this Privacy Notice
We may, from time to time, change or update this Privacy Notice. All changes to this Privacy Notice will be published on this page. We recommend that you revisit and read this Privacy Notice regularly to ensure that you are up-to-date. In case of substantial changes to this Privacy Notice, we will take additional steps to ensure you are aware of them.
Contacting us
If you have any questions or comments about this Privacy Notice or want to know more about how we use your personal data, please contact our data protection officer (see section 2).
