eCredits (“we” or “us” or “eCredits”) refers to Liechtenstein company named ECR AG with a registered address: Aeulestrasse 74, 9490 Vaduz, Liechtenstein and is a data controller in respect of personal data about you.
1. Data protection principles
We will comply with Data Protection Law, which means that your data will be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about;
- Kept securely.
2. The kind of personal data we hold about you
In connection with your application to work with us, we may collect, store, and use the following categories of personal data about you:
- The information you have provided to us via our email on your application, including name, title, address, telephone number, personal email address and LinkedIn profile;
- The information you have provided in your curriculum vitae, cover letter and your portfolio or in your reference letters (if any);
- The information about you that is available from a publicly accessible source (such as your profile on LinkedIn);
- The information about your entitlement to work in the country where the local subsidiary is located;
- The information whether you have a disability for which we need to make adjustments during the recruitment process;
- The information you provide to us during your interview;
- The results of your expertise tests that you may undertake as part of your recruitment process with us (if you undertake one);
- The information from your ID or passport document (provided we need such information to organize a live interview or for other such reason during the recruitment process);
- The information from your labor medical examination (provided you are considered as finalist for the position and considered this is a regulatory employment requirement).
3. How is your personal data collected?
We collect personal data about you from a variety of sources. For example, data collected from you, the candidate, recruitment agencies and publicly accessible sources (e.g. your profile on LinkedIn).
4. How is your personal data being used?
We need to process your personal data to decide whether to enter into a contract of employment with you. Article 6(1)(b) GDPR represents legal ground for the processing of your personal data.
We will use the personal data we collect about you for the following purposes:
- Assessing your skills, qualifications, and suitability for the job position you are applying for (or for any job position we have open in the future in case you have sent us your application as a general inquiry or further consented to staying in contact with us);
- Communicating with you about the recruitment process;
- Keeping records related to our recruitment processes;
- Complying with legal or regulatory requirements or for purposes connected to legal claims or proceedings.
Having received your application form, your CV and cover letter (and your portfolio and recommendation letters, if any) and the results from your expertise test, which you may be asked to complete, we process that information to decide whether you meet the basic requirements to be shortlisted for the role. If we decide to further consider you for the position, we may invite you to an interview and further to complete certain additional assessments. We will use such information to decide whether to offer you the position with us. In the events required by local labor legislation you will be invited to undertake a medical examination with the authorized labor medicine center.
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application properly or at all.
5. Who will we share your personal data with?
We will only share your personal data with our related companies within its connected companies and if applicable our third-party service providers.
All our third-party service providers and related companies are required to take appropriate security measures to protect your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also share your personal data with any supervisory or any similar regulatory authority that is responsible for the enforcement of the Data Protection Law or other law enforcement authority upon their request.
6. Data transfer
We may transfer personal data received from you outside European Union (EU), Switzerland and European Economic Area (EEA) where such transfer is of a type authorized by Data Protection Law in the exporting country, for example in the case of transfers from within the EU/EEA to a country (such as Switzerland for example) or scheme (such as the US Privacy Shield) which is approved by the Commission of EU as ensuring an adequate level of protection or any transfer which falls within a permitted derogation.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained if you write to [email protected]
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
8. Data retention
How long will you use my personal data for?
We will retain your personal data for a period up to 30 days after the recruitment process for the position you applied for with us has been completed or in certain cases for a longer period as defined further below. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. We may retain your personal data for a longer period if required to protect our position in the event of a legal claim or proceeding and/or in case we are required to comply with legal or regulatory requirements. After this period, we will securely destroy or anonymize your personal data in accordance with applicable laws and regulations (provided you have not given us your consent to further process your personal data in our talent fileCandidate file – see below).
If your application is successful, your personal data gathered during the recruitment process will be transferred to and retained in human resources file, candidate file.
9. Consent to keep your personal data in our candidate file
We are interested in staying in contact with you after the recruitment process is completed, on the basis that further opportunities may arise in the future and we may wish to consider you for that. Therefore, in the process of your application, we will ask you if you wish to stay in contact with us. Kindly note we can only stay in contact with you after the recruitment process for the position you are applying for with us will be completed if you provide your consent. We will also seek your consent in case you sent us your application as a general inquiry. It is completely up to you to decide whether you wish to give us your consent.
If you choose to stay in contact with us we retain your personal data for a period of 24 months after the recruitment process for the position you applied for with us has been completed. Note: If you sent us your application as a general inquiry, we retain your personal data for a period of 24 months after the receipt of your consent. After this period (or once you withdraw your consent), your personal data will be securely destroyed or anonymized in accordance with applicable laws and regulations.
10. Your rights (right to access, correction, erasure and restriction)
As a data subject under Data Protection Law you have a number of rights, including the right to:
- Request access to your personal data. You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of your personal data. You have the right to request correction of any personal data we hold about you that is inaccurate, incorrect, or out of date.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data, where there is no lawful reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data. You have the right to object to process of your personal data where we are relying on a legitimate interest as the legal basis for processing.
- Request restriction of processing your personal data. You have the right to request that we restrict the processing of your personal data (for example, while we verify or investigate your concerns with this information, or we no longer need your personal data for the purposes of the processing, but they are necessary for the establishment, exercise or defense of legal claims).
- Request transfer of your personal data. You have the right to request an export of your personal data.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us in writing by sending an email to [email protected]. We may also need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.
11. Right to withdraw consent
You have the right to withdraw your consent for processing of your personal data at any time. To withdraw your consent, please contact us by sending an email to [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your application and we will dispose of (delete or anonymize) your personal data securely.
Email: [email protected]
If you believe that the processing of your data violates data privacy law or that your data privacy rights have been violated in some other way, you can also lodge a complaint with your local data protection authority (see https://edpb.europa.eu/about-edpb/board/members_en ). We would, however, appreciate the opportunity to deal with your concerns before you approach the authorities, so please contact us in the first instance.
©eCredits (August, 2019)