Privacy Statement for Candidates
Thank you for your interest in Gen II! The protection of your personal data already from this early stage of interaction with you is very important for us. The purpose of this privacy statement is to inform you about how we collect, process, and store your personal data (i.e., information that can directly or indirectly identify you as an individual) in the context of your candidacy for an open position at Gen II (regardless of whether it is a full-time or part-time position, fixed or unlimited term, internship, or any other type of occupation). We invite you to read the below carefully so that you can also understand your rights with respect to the privacy of your personal data.
- Who is Gen II?
Gen II (or we, us, our as used in this privacy statement) refers to Gen II Luxembourg Services SARL, with offices at 22 Rue des Bruyères L-1274 Howald, who will function as your employer in the context of the specific open position.
Gen II will function as a Data Controller, as such term is defined in the applicable Data Protection Legislation.
Gen II processes Personal Data in compliance with applicable laws and regulations, in particular, in accordance with the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) (referred to in this Privacy Statement as “Data Protection Legislation”).
If you have any questions or requests pertaining to the processing of your personal data, please contact our Global Data Protection Officer at: email@example.com.
2. How do we collect your personal data?
We may collect your personal data directly from you or indirectly from third parties, in the following ways:
a. Directly from you during the recruitment process, via our website and social media, recruitment platform, correspondence exchanges, telephone conversations, interviews, or other interactions with you. You may also participate in job fairs or recruitment competitions we organize;
b. Indirectly from the recruitment agencies with which we collaborate (when you get in direct contact with them, and they share your personal data with us);
c. Indirectly from referrals of other Gen II employees through our referral program or of other affiliated to us parties and stakeholders;
d. Indirectly from third parties such as social media and legally accessible online and offline platforms and databases used by our HR Department in the course of the recruitment process to the extent relevant for an open position;
e. Indirectly from the people you have mentioned as your reference contacts; and
f. Indirectly as a result of your use of our online recruitment tools (your computer or mobile device details, your IP, logs for your connectivity) or feedback forms.
3. What personal data could we collect?
Depending on your interaction with us, we may collect the following personal data from the moment you apply for an open position with Gen II until, if you are successful, you sign a contract with us:
Identification information, such as your name, surname, middle name, nickname, and any other identification information you may choose to include in your CV and application form or on your social media pages, a copy of your ID or passport (which may also include additional details) if you accept an offer, in order for us to draft your employment agreement;
Contact details, such as your personal phone number, your personal email address, your home address, your current and/or previous country of residence;
Photo, in case you decide to include it in your CV or social media pages;
Communication information such as email exchanges, text messages, voice mail or recruitment management system notifications;
Gen II will not request or collect any sensitive personal data during the stage of recruitment. You may be requested to provide us with additional information regarding your criminal background and employment health-check where legally required, but this will only be the case once you have accepted an employment offer and signed an employment contract. Therefore, such processing of personal data will be governed by the Employee Privacy Statement which you will receive before signing your contract as part of the onboarding documents.
We strongly advise you against sharing any sensitive personal data at the stage of recruitment, whether via your CV, motivation letter or publicly available social media pages.
4. For which purposes is your personal data processed?
a. To assess your suitability to the position of your interest;
b. To match your remuneration expectations with our available budget;
c. To review your references;
d. To prepare a job offer and the related contractual documentation;
e. To communicate with you for the purposes of recruitment and onboarding;
f. To manage our recruitment platforms, social media accounts and any IT tool/ software that is internally used for the documentation and handling of the recruitment process;
g. To comply with our legal and regulatory obligations (including but not limited to obligations on anti-money laundering, independence, fight against corruption or equality and diversity);
h. To communicate with public authorities where necessary (following their request or in case the position has been shared with the Administration of Work);
i. To produce reports and statistics for our management;
j. To perform business improvements and related collection of feedback, conduct surveys and data analytics studies (with the aim to better understand the candidate experience and satisfaction);
k. To receive advice and support from our professional advisors where necessary (including lawyers, consultants, other service providers for archiving and security etc.).
5. With whom do we share your personal data?
Your personal data, in the context of recruitment, may be shared with the following recipients:
a. Our internal departments, including HR, Finances, IT and our management;
b. Our service providers, such as software providers, cloud hosting providers, our recruitment platforms and social media pages, tools used to manage and document the recruitment process;
c. Governmental, judicial, social security and supervisory authorities where necessary;
d. Other members of the Gen II Group as necessary in case of shared positions or for reporting purposes;
e. The recruitment agency with which you were initially in contact in order to keep them informed about the status of your application;
f. Our advisors (for legal, tax or other matters).
Please note that some of the recipients of your personal data mentioned above, may be based in countries outside the European Economic Area (EEA), where laws may not provide the same level of data protection as that ensured within the EEA. In such cases, we shall make sure that adequate safeguards are in place to protect your personal data while at the same time complying with our legal and regulatory obligations. Further details regarding recipients of your personal data and the measures we have put in place can be obtained from us by contacting our Global Data Protection Officer at firstname.lastname@example.org .
6. For how long do we keep your personal data?
Gen II will keep your personal data for the entire duration of the recruitment process. If you are not hired, we will store your personal data for a period of 2 years from the data of last communication with you, unless you choose to maintain your information on our recruitment management systems with the aim to apply for a new opportunity at a later stage, in which case our retention period will be extended until the moment when you delete your account from our recruitment management systems. During this period your data may be re-used by Gen II in order to contact you for a new opportunity which may be of interest to you and initiate a new recruitment process to the extent you have agreed thereto. If you are hired, your personal data will be stored in your HR file during the duration of our employment relationship and for 10 years thereafter.
7. How do we secure your personal data?
We use a combination of technical and organizational measures to make sure we keep your personal data secure, accurate and up to date. These measures include:
- Administrative and technical controls to restrict access on a need-to-know basis;
- Technological security measures including firewalls, encryption, and anti-virus software;
- Physical security measures such as access badges to protect our premises;
- IT security measures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
- Safeguards to ensure our ability to restore data in a timely manner in the event of technical or physical incident;
- Processes for regular testing, assessment, and evaluation of the effectiveness of our measures;
- Education and training to relevant staff to ensure they are aware of our privacy and confidentiality obligations when we handle personal data.
8. What are your privacy rights?
a. Right to information, rectification, erasure, and restriction of processing
You may request to obtain, at no cost, within reasonable intervals and in a timely manner, the communication of your personal data being processed, as well as all information on the origin of such data.
You also have the right to rectify your personal data in case of inaccuracies.
In cases where the accuracy of the personal data is challenged, the processing is unlawful, or where you have objected to the processing of your personal data, you may ask for the restriction of the processing of such personal data. This means that personal data will, with the exception of storage, only be processed with or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another individual or entity or for reasons of important public interest of the European Union or of an EU Member State. Should a processing be restricted, you will be informed before the restriction of processing is lifted.
You may request the deletion of personal data, without undue delay, when the use or other processing of such personal data is no longer necessary for the purposes described above, and in particular when consent relating to a specific processing has been withdrawn or where the processing is not or no longer lawful for other reasons.
b. Right to object
You may object to processing of your personal data which is based on the legitimate interests pursued by Gen II or by a third party. In such a case, Gen II will no longer process your personal data unless it has compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Your right to object is not subject to any particular formality.
c. Right to withdraw consent
You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
This also applies to any consent given before the coming into force of the EU General Data Protection Regulation on 25 May 2018. The withdrawal of consent shall only affect future processing.
d. Right to data portability
Where the processing of your data is based on consent or the execution of a contract with you, you also have the right to data portability for information you provided to Gen II, i.e., you can obtain a copy of your data in a commonly used electronic format so that you can manage and transmit it to another data controller.
e. Right to lodge a complaint
Should you wish to make a complaint about how Gen II processes your personal data, please contact our Global Data Protection Officer at email@example.com; your request will be processed as soon as possible. This is without prejudice to your right to file a complaint with the Luxembourg data protection authority (Commission Nationale pour la Protection des Données – CNPD) or another European data protection authority (e.g., in your country of residence), should you have concerns about the processing of your personal data.
You can exercise your rights any time by contacting our Global Data Protection Officer, at the following address: firstname.lastname@example.org.
We will respond to individual complaints and questions relating to privacy and will investigate and attempt to resolve all complaints. We will only be able to answer favorably to any of the above requests related to your rights provided that it does not interfere with, or contradict our legal obligations (e.g., a legal obligation to keep the related personal data, or a legal obligation to protect the personal data of another individual) or due to any other impediment that would justify that we would not be able to grant such requests.
In order to reply to your request, we may ask you to verify your identity. We undertake to handle each request within a reasonable timeframe of one (1) month.
If you have any questions or comments about this privacy statement, the ways in which we collect and use your personal data, your choices, and rights regarding such use, or wish to exercise your rights under applicable data protection laws, please do not hesitate to contact us at:
Email address: email@example.com
Gen II Luxembourg Services, SARL
22 Rue des Bruyères
Attn: Global Data Protection Officer
10. Amendment of this privacy statement
This privacy statement shall be made available to you when you apply for an open position at Gen II, either on our online recruitment platforms or via email in case your first contact with our company has been through a referrer or a recruitment agency. Gen II may amend this privacy statement from time to time to ensure that you are fully informed about all processing activities and our compliance with applicable data protection legislation. In case of material changes which take place during an active recruitment process, you will be notified of changes to this privacy statement by appropriate means.