Recruitment Privacy Notice

Introduction

Last Updated: October 7, 2024

Scope of privacy notice

This Recruitment Privacy Notice explains the type of information we process, why we are processing it and how that processing may affect you. 

What do we mean by “personal data” and “processing”?

“Personal data” is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you. 

“Processing” means doing anything with the data. For example, it includes collecting it, holding it, using it, disclosing it and deleting it. 

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by privacy law applicable to the Maven group to be “sensitive personal data”. 

If you are based in California, please see California – Notice at Collection.

Your personal data 

We process your data for the purposes of our recruitment practices. Some of the personal data that we process about you comes from you. For example, when you tell us your contact details or participate in our applicant assessment during our recruitment process where we may collect personal data about you and generate inferences from that information regarding specific skills or abilities (the “Task-Based Assessment”). For additional information regarding the information collected through the Task-Based Assessment, please see the “Assessment Data” section below. Other personal data about you is generated from references and third party companies such as recruitment agencies. Your personal data will be seen internally by managers, administrators and HR. 

Assessment Data

We provide a task-based assessment through our recruitment process to assess and screen candidate abilities. Personal data collected through the Task-Based Assessment includes:

• Contact identifiers, such as your name, physical address, email address, and phone number.

• Account information including information regarding your candidate profile information. This may include information you choose to disclose regarding an existing disability to ensure you receive appropriate adjustments in the Task-Based Assessment. Disclosure of disability is optional for the Task-Based Assessment.

The Task-Based Assessment will also include games and activities designed to evaluate specific personality and cognitive traits including memory, risk tolerance, learning ability, impulsivity, pattern recognition, focus, problem solving abilities, decision making skills, teamwork, cognitive processing, drive, emotional intelligence, information processing, and numerical reasoning. This information is collected and processed by our service provider(s). To the extent required by law, we contractually prohibit our service provider(s) from processing information they collect on our behalf for purposes other than performing services for us, although we may permit them to use non-personal data for any purpose to the extent permitted by applicable law.

We will only use the data collected through the Task-Based Assessment, and any related analysis, for recruitment purposes including to contribute to hiring decisions. For information regarding your rights to the data collected through the Task-Based Assessment, please see the Supplementary Information under Access to your personal data and other rights.How long do we keep your personal data?

We retain each category of personal data in accordance with our records retention policies for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. If you are successful in your application your data will be kept on your personnel file. If you are unsuccessful, your data will normally be destroyed twenty-four months after you have been informed that you were unsuccessful. Irrelevant data such as CCTV images may be deleted after a short period in line with our building management’s policy (where applicable).

International Transfers of personal data

We may transfer your personal data throughout the world to members of our group and other processors who provide us services in connection with the recruitment process. This may involve service providers and members of the Maven group situated in the UK, the Netherlands, the USA, Hong Kong, Singapore and Australia. Where necessary such transfers are covered by an intra-group transfer agreement.

Contact details 

In processing your personal data, we act as a data controller. Our contact details are as follows:

Dataprivacy@mavensecurities.com

LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

What are the grounds for processing?

In certain jurisdictions, like the EEA, there are grounds on which we must rely when processing your personal data. In some contexts, more than one ground applies. We have summarised these possible grounds under the EEA as Legal obligation, Legitimate Interests, Contract and Consent, and outline what those terms mean below. 

  • Contract
    Ground for processing  –  Processing necessary for performance of a contract with you or to take steps at your request to enter a contract
    Explanation  –  This covers carrying out our contractual duties and exercising our contractual rights.  
  •  Legal obligation
    Ground for processing  –  Processing necessary to comply with our legal obligations Explanation  –  Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination and in the EEA, ensuring that work permits for non-EU candidates comply with local UK legislation.  
  •  Legitimate Interests
    Ground for processing  –   Processing necessary for our or a third party’s legitimate interests
    Explanation  –  We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.  
  •  Consent
    Ground for processing  –   You have consented to us and/or a third party processing your data.
    Explanation  –  We may rely on consent where you have consented to us or a third party processing your data. For example, you may be asked whether you consent to us collecting personal information as part of your job application in order to help us ensure we are able to facilitate appropriate support and adjustments to individuals  with a disability, or you may be asked whether you consent to the collection of anonymised demographic information for equality and diversity purposes. If you do give your consent to the processing of your personal data, you may subsequently withdraw your consent at any time, and are also able to access and seek correction to that data – please see the section entitled ‘Access to your data and other rights’ below for full details on how to do so. You can contact us with any such requests by emailing dataprivacy@mavensecurities.com.

Processing sensitive personal data

If we process sensitive personal data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing sensitive personal data applies (see below), including that the processing is for equality and diversity purposes to the extent permitted by law.

In outline, these include: 

  • Processing being necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law or collective agreement; 
  • Processing relating to data about you that you have made public (e.g. if you tell colleagues that you are ill); 
  • Processing being necessary for the purpose of establishing, making or defending legal claims;
  • Processing being necessary for provision of health care or treatment and other related benefits, medical diagnosis, and assessment of your working capacity;
  • Processing for equality and diversity purposes to the extent permitted by law; and
  • Processing where you have explicitly consented to us doing so.

Further information on the data we process and our purposes

Examples of the data and the grounds on which we process data are as shown below. The examples in the table cannot, of course, be exhaustive. 

  • Recruitment
    Examples of personal data that may be processed  – Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to work in the UK. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangement. We will also process, CVs, sound recordings (work phone lines are recorded), References, details of your work history, NI/social security numbers etc. We also process your information for purposes of evaluating specific skills as part of your application. For more information about this processing, please see the “Assessment Data” section above,
    Grounds for processing under the EEA  – Contract, Legal obligation, Legitimate interests
  • Contacting  you or others on your behalf
    Examples of personal data that may be processed  – Your address and phone number, emergency contact information and information on your next of kin
    Grounds for processing under the EEA – Contract, Legitimate interests
  •  Security
    Examples of personal data that may be processed  – CCTV images, building access control data
    Grounds for processing under the EEA  – Legitimate interests
  • Monitoring of diversity and equal opportunities 
    Examples of personal data that may be processed  – Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age.
    Grounds for processing under the EEA  – Legal obligation, Legitimate interests, Consent.

Who gets to see your data? 

Your personal data may be disclosed to managers, HR, third party screening, service providers that facilitate our recruitment processes, including providing the Task-Based Assessment, and recruitment platforms and administrators for employment, administrative and management purposes as mentioned in this document. We may also disclose this to other members of our group.

Access to your personal data and other rights

We try to be as open as we reasonably can about personal data that we process. If you would like specific information, just ask us.

In certain jurisdictions, like the EEA, you also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information, including a description of the personal data, and an explanation of why we are processing it.

If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity. 

As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted. 

We generally do not require consent, but in the case where we have specifically requested it as a ground for processing under the EEA, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.

California – Notice at Collection

For residents of California, at or before the time of collection of your personal data, you have the right to receive notice of our data practices in accordance with the California Consumer Privacy Act as amended (“CCPA”). Our data practices are as follows:

The categories of personal data we have collected about you in the past 12 months include:

  • Identifiers, including your name, email address, postal address, phone number, and device identifiers (like IP address).
  • Internet activity, including browsing and search history on our computers or devices, or interactions with our website.
  • Non-precise geolocation data, including your location derived from an IP address through our computer or mobile devices.
  • Professional History, including your resume or CV, qualifications, work experience, compensation history where permissible under applicable law, language abilities, areas of expertise, training records, union membership, awards and prizes, references, criminal record, and background check information.
  • Education History, including your transcripts, technical skills, educational background, and professional registrations or certifications.
  • Employment Information, including job titles, date of commencement or employment, working hours, electronic corporate device tag or registration numbers, photographs, performance reviews, records of roles performed and applied for, appraisal and evaluation records, disciplinary and accident information, compensation, incentive details, special work environment requests, like insurance beneficiary designations, government forms and records in relation to employment and related taxes and job profile.
  • Characteristics or demographics, including your age, gender, and country.
  • Content, including content within any messages you send to us (such as feedback or questions) or provide through the Task-Based Assessment.
  • Sensitive identifiers, including your social security number and government issued identification number (such as driver’s license or passport number).
  • Financial information, including bank account number and pension number for payroll and pension contributions.
  • Health information, including health and dental insurance policy number, details about spouses and dependents, absences from work, disability information, allergies and intolerances, and medical and ongoing health conditions. This may also include self-reported health screening questionnaires, test result information regarding your COVID-19 status, and other information as necessary to help ensure the safety of our employees.
  • Protected Classes, including information about your race, age, gender, sex, citizenship status (evidence of the right to work), nationality, medical conditions and disabilities (physical or mental to provide assistance), marital status and veteran status.
  • Inferences generated from the categories above.

The specific business purposes for collecting and using personal data are set out in the “Further information on the data we process and our purposes” section above.

We do not “sell” or “share” your personal data as those terms are defined by the CCPA.

We collect, use, and disclose sensitive personal data only for the permissible business purposes for sensitive personal data under the CCPA. We do not sell or share sensitive personal data.

You have the right to know certain details about our data practices with respect to your personal data. In particular, you may request the following from us:

  • The categories of personal data we have collected about you;
  • The categories of sources from which the personal data was collected;
  • The categories of personal data about you we disclosed for a business purpose or sold or shared;
  • The categories of persons to whom the personal data was disclosed for a business purpose or sold or shared;
  • The business or commercial purpose for collecting or selling or sharing the personal data; and
  • The specific pieces of personal data we have collected about you.

Additionally, subject to certain exceptions, you have the right to correct or delete the personal data we have collected from you. These rights also apply to your sensitive personal data collected.

You may designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

You also have the right not to receive discriminatory treatment by us for the exercise of any of your rights detailed above.

To exercise any of these rights, please contact us as set out in the “Contact details” section above and specify which right you are seeking to exercise. Please note that your rights may be limited due to various exceptions and exemptions, including as required for us to comply with applicable employment law.

Complaints 

If you have complaints relating to our processing of your personal data, you should raise these with HR in the first instance, as well as with Maven’s data privacy team by emailing dataprivacy@mavensecurities.com. You may also raise complaints with your local regulator or supervisory authority. If you are based in the UK, the Information Commission is the statutory regulator.

Statutory Regulators

The statutory regulators that enforce and oversee data privacy regulations in the regions in which the Maven group operates are as follows:

UK: Information Commissioner’s Office – For contact and other details see: https://ico.org.uk/ICO

Netherlands: Dutch Data Protection Authority – For contact and other details see: https://autoriteitpersoonsgegevens.nl/en

Hong Kong: Office of the Privacy Commissioner for Personal Data – For contact and other details see: https://www.pcpd.org.hk/

Singapore: Personal Data Protection Commission – For contact and other details see: https://www.pdpc.gov.sg/

Australia: Office of the Australian Information Commissioner – For contact and other details see: https://www.oaic.gov.au/

US: Privacy Office of the U.S. Department of State – For contact and other details
see: https://www.state.gov/about-us-privacy-office/

Scope

This notice does not form part of any contractual relationship between the Company and a job applicant. This notice can be changed at any time.