Applicant Privacy Policy
Have you applied for a job with Employment Hero? This policy is for you.
Contents
3. Personal data of applicants
4. Types of information that we collect
5. How we collect your information
6. Why we collect, use and store your information
The legal basis we may rely on when processing Personal Data
7. Disclosure of Personal Data
8. International data transfers
1. Overview
At Employment Hero, we are committed to safeguarding the privacy of our prospective employees, subcontractors or volunteers (“applicants”, “you”, or “your”). We are bound by relevant data protection laws of Australia, the United Kingdom, Canada, New Zealand, and other countries in which we recruit talent, which set out a number of principles concerning the protection of your Personal Data. This Policy was last updated on 15 May 2024.
2. Scope
This Applicant Privacy Policy (“Policy”) describes how Employment Hero Pty Ltd, Employment Hero UK Ltd and/or its other affiliate entities (“Employment Hero“, “we“, “us” or “our“) use your Personal Data in connection with your application for employment with us (regardless of the type of contract). It also describes your data protection rights, including a right to object to some of the processing which Employment Hero carries out. More information about your rights, and how to exercise them, is set out in the “Your choices and rights” section of this Policy.
We also may provide you with additional information when we collect Personal Data, where we feel it would be helpful to provide relevant and timely information.
We will be the data controller for your Personal Data.
This Applicant Privacy Policy applies to all Personal Data relating to applicants which is collected, stored, transferred or processed by us as a part or in relation to the recruitment process and up to the point that the applicant logs onto the Services for the first time after successfully receiving an offer of employment from us. Our internal Employee Privacy Policy will apply to any further processing of Personal Data that occurs after the applicant becomes an employee with us.
You may use the Employment Hero platform and services (“Services”) as a customer/user of the Services. Additional information about our treatment of Personal Data processed from your use of our Services in this way is set out in our customer Privacy Policy.
We may also use our own Services, like SmartMatch, to carry out the recruitment process if you use our Services as a Employment Hero Jobs account holder, in which case our customer Privacy Policy may also apply in regard to how your Persona Data is processed in the recruitment process.
3. Personal data of applicants
| Data Classification | Description |
|---|---|
| Personal Data | Personal Data (also known as “Personal Information”) is any information relating to an identified or identifiable natural person, i.e. one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person |
| Special Categories of Personal Data | Special Categories of Personal Data (also known as “Sensitive Information”) include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation. |
If you cannot be identified, then this notice does not apply to you. An example of this is when your Personal Data has been aggregated and/or anonymised.
4. Types of information that we collect
We collect Personal Data, including Special Categories of Personal Data for the purposes described in this Policy. The types of Personal Data and Special Categories of Personal Data we may collect includes, but are not limited to, the following:
| Categories of data | Specific data |
|---|---|
| Personal identification and communication information | Name, residential address, phone number, email address, date of birth, gender or sex, immigration status, and information about your entitlement to work; |
| Application-related information | Curriculum vitae (CV), cover letter, employment history, education history, qualifications and skills, reference contact information, position preferences, willingness to relocate, desired salary, interests and aspirations, background screening information (if relevant) |
| Special Categories of Personal Data | Information about your health and disabilities where we need to make any reasonable adjustments, equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief, and criminal history checks. |
5. How we collect your information
We may collect Personal Data through multiple channels of communication when you apply for a role with us.
- Employment Hero platform – information is collected through our application portal and from direct interactions with you made via our platform.
- Direct interactions with us – we collect information through direct engagement and communication with your including through interviews, meetings, phone and video call, or assessments.
- Third parties – we collect some information about you from third parties, including recruiters, or your referees, organisations such as LinkedIn if you choose to connect with us via your LinkedIn profile, or apply for a role through LinkedIn, Workable or any other third-party recruitment platform. Where applicable, we also collect information from our third-party background screening provider during the pre-employment screening process.
6. Why we collect, use and store your information
The legal basis we may rely on when processing Personal Data
We must have a legal basis to process your Personal Data and we explain these legal bases below.
- Contractual performance – we have obligations under our contract with you. To fulfil those obligations, we will have to use your data.
- Consent – in certain cases, we ask for your consent to use your data. Whenever we ask for your consent, we will explain the situations where we use your data, and the purposes for which the data will be used.
- Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process Personal Data on the basis of a legitimate interest, then to the extent required by data protection law, we carry out a balancing test to document our interests, to consider what the impact of the processing will be on individuals, and to determine whether individuals’ interests outweigh our interests in the processing activity taking place.
- Legal obligation – as an organisation, we are obliged to comply with applicable legal and regulatory requirements. In certain cases, we will have to use your Personal Data to meet these obligations.
Purposes for processing Personal Data
In the table below, we have explained the reasons for which we process your Personal Data, the processing activity that we carry out, the legal basis that applies in each instance, and the categories of data that we use for such activities.
| What we do and why | Legal basis | Personal Data |
|---|---|---|
| Process and assess your application | Contractual performance, consent, legitimate interest | Any types of data identified that you provide to us when applying for the role |
| Providing you with updates about the role for which you applied | Contractual performance, consent, legitimate interest | Personal identification and communication information |
| Verifying your details or other information you have provided and | Legitimate interest | Personal identification and communication information, Application-related information |
| Carrying out background checks | Legitimate interest | Personal identification and communication information, Special Categories of Personal Data (i.e. Criminal History Information) |
| Keeping in touch with you | Consent, legitimate interest | Personal identification and communication information |
| Improving our recruitment process | Legitimate interest | Any types of data identified that you provide to us when applying for the role |
| Investigating any complaints by or about you | Legitimate interest | Any types of data identified as is necessary for this purpose |
| Investigating, raising or defending ourselves from legal claims | Legitimate interest, legal obligation | Any types of data identified as is necessary for this purpose |
| Responding to legal matters, including court orders, subpoenas, or other legal processes | Legal obligation | Any types of data identified as is necessary for this purpose |
| Complying with our compliance, regulatory, auditing, and investigative obligations (including disclosure of such information in connection with legal process or litigation) | Legal obligation | Any types of data identified as is necessary for this purpose |
| Assessing data to protect the security of our premises, assets, systems, and intellectual property, and to enforce company policies, including monitoring communications as permitted by law | Legal obligation, legitimate interest | Any types of data identified as is necessary for this purpose |
| Processing data when undertaking mergers, acquisitions, reorganisations, or disposals, as permitted/required in accordance with applicable law | Legitimate interest, legal obligations | Any types of data identified as is necessary for this purpose |
Processing Personal Data to verify details and perform background checks
Where we verify the details you have provided (e.g. in relation to your identity, employment history, academic qualification and professional credentials) and conduct pre-employment background checks (e.g. in relation to previous criminal convictions or financial standing), the level of checks will depend on your role, in particular whether you will occupy a regulated role, and will be conducted at a later stage as is practicable in the recruitment process and often only after you have been selected for the position. If your application is successful, we will provide further information about the checks involved and will obtain any necessary consent prior to completing such checks.
7. Disclosure of Personal Data
Personal data will primarily be processed by employees in our People & Culture, IT, Finance, and Legal teams, and relevant employees from the business area of the role for which you applied.
We may disclose your Personal Data to third-party service providers to carry out our recruitment process, including for the purpose of implementing assessments or to enhance your recruitment experience. This may include third parties we use to carry out background checks on you.
We may also disclose your Personal Data to our employees, affiliates, contractors or third-party service providers for the operation of the Services, and fulfilling requests by you.
We may disclose your Personal Data to specific third parties authorised by you to receive information held by us. We will share your Personal Data with third-party suppliers who store data on secure data centres. Further details on our third-party storage provider’s location and security can be found here (for AWS), or here (Google Drive via G-Suite).
Your Personal Data also will be shared with government authorities and/or law enforcement officials if mandated by law or if required for the protection of our legitimate interests in compliance with applicable laws.
In the event that Employment Hero business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
8. International data transfers
We may disclose Personal Data outside of the country in which you are based in connection with the recruitment process. International data transfers may occur when we share Personal Data with Employment Hero team members and affiliates based globally, including in Australia, the United Kingdom, Canada, New Zealand, Singapore, Malaysia, Vietnam, and the Philippines, and other locations from which the team members may work remotely. International data transfers may also occur when we share Personal Data with third party service providers located globally where it is deemed reasonably necessary for us to make such transfers to carry out the recruitment process.
We take measures to ensure that international data transfers take place in compliance with applicable laws relating to international data transfers and in accordance with at least the standards that apply in the country whose privacy or data protection laws apply to that Personal Data.
For applicants based in European Economic Area (“EEA”) or the UK: If your Personal Data is transferred outside the EEA or the UK, we ensure that such transfer is compliant with the relevant requirements.
- Where the European Commission or the UK government has determined that certain countries outside of the European Economic Area or the UK have an adequate level of Personal Data protection, Personal Data can be transferred to such a country without any further safeguards being necessary. A full list of such adequate countries is available here (for the EEA) and here (for the UK).
- Where information is transferred outside the EEA, or the UK, to a location that is not subject to an adequacy decision by the European Commission or the UK government, we ensure that the data is adequately protected. We may transfer the categories of data identified in this Policy outside the UK, or the EEA by relying on the EU Standard Contractual Clauses for the transfers from the EU, or the International Data Transfer Agreement or International Data Transfer Addendum to the EU Standard Contractual Clauses (or any replacement publication made on the website), or relying on such other data transfer mechanisms as available under applicable data protection laws.
Personal data that we may transfer outside the EEA, or the UK, for which the Standard Contractual Clauses may apply include personal identification and communication information, application-related information, and Special Categories of Personal Data.
A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.
9. Your choices and rights
You have the right to ask us for a copy of your Personal Data; to correct, delete or restrict processing of your Personal Data; and to obtain the Personal Data you provide in a structured, machine-readable format. In addition, you can object to the processing of your Personal Data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement).
Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to our processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited, for example, if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority.
Where we collect Personal Data to administer a contract with you or to comply with our legal obligations, this is mandatory, and we will not be able to manage the application (or further the employment relationship) without this information. In all other cases, provision of the requested Personal Data is optional, but this may affect your ability to participate in certain programs or systems, where the information is needed for those purposes.
10. Storage and Retention of Personal Data
Personal Data held by us will be stored and managed on secure data centres by our third-party storage provider. Further details on our third-party storage provider’s location and security can be found here. You can learn more about how we keep your Personal Data secure by viewing our Security Centre and visiting our Security Portal.
If you are successful: we will retain your Personal Data only for as long as we need it for the purposes of the recruitment process and, once this process is finished, for an appropriate period so as to be able to deal with any legal claims linked to the application process, and in accordance with applicable data retention laws. We will take steps to delete your Personal Data or hold it in a form that no longer identifies you if data retention obligations require us to delete your Personal Data. If you become our employee, whether permanent or temporary, subcontractor or volunteer, relevant Personal Data you provide will become a part of your employee file and may be used later for the management of the employment relationship.
If you are not successful: we will delete your Personal Data between 6 to 12 months from the date of your application as permitted by applicable laws. We may retain your application information and related Personal Data for a longer retention period only with your explicit consent.
11. Changes to this Policy
We reserve the right to make changes to this Policy from time to time to reflect any changes to our data processing operations or any other change that may be relevant to you or may impact you. You may periodically review this page to see any changes we have made. In the event we make significant changes to this Policy when it is still relevant to you, we will notify you via email or via notifications through our Services.
12. Contact us
If you have any questions or concerns about how we process your data, please contact us via email at privacy@employmenthero.com.
We have appointed a Data Protection Officer (DPO) in the UK and Singapore, and a representative in the EU. If you wish to contact them about our privacy practices in these jurisdictions, you may do so using the contact details provided below.
| Appointment | Details |
|---|---|
| Data Protection Officer | • Name: Bird & Bird DPO Service SRL • Email: dpo.employmenthero@twobirds.com • Address: Avenue Louise 235 b 1, 1050 Brussels, Belgium |
| EU Representative | • Name: Bird & Bird GDPR Representative Services Ireland • Email: eurepresentative.employmenthero@twobirds.com • Address: Deloitte House, 29 Earlsfort Terrace, Dublin 2, D02 AY28 |
