Recruitment privacy notice
- 1.1 Commvault Systems International BV and our associated companies (“Company”, “we”, “us” and “our”) values recruitment applicants and respects and protects their privacy. This recruitment privacy notice (“Notice”) sets out the basis on which Company processes the personal data which you provide to use in the course of your application for employment with Company.
- 1.2 Whilst the Company is the primary controller of your personal data, other entities within the Company group may process their own copies of your personal data if they are involved in the recruitment decision, consistent with the purposes set out in this Notice.
- 1.3 This Notice applies to recruitment applicants, as well as any third parties whose information you provide to us in connection with your application (for example, referees or emergency contacts).
- 1.4 This Notice does not constitute an offer for employment, or confer any contractual right on you, or place any contractual obligation on us.
2. PROCESSING OF PERSONAL DATAThe Company collects and processes your personal data for the purposes described in this Notice. “Personal data” means any information describing or relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
3. WHAT DATA DO WE PROCESS?
- 3.1 The types of personal data which we process will vary depending on the role applied for, your location and the conditions attached to the role (if any). Typically the types of personal data will include, but may not be limited to, the following:
- 3.1.1 Personal details: your title, name, previous name, gender, nationality, civil/marital status, date of birth, age, personal contact details (eg address, telephone or mobile number, e-mail), national ID number, immigration and eligibility to work information, driving licence, languages spoken; next-of-kin/dependent/emergency contact information, details of any disability and any reasonable adjustments required as a result;
- 3.1.2 Recruitment and selection data: skills and experience, qualifications, references, CV and application, interview and assessment data, vetting and verification information (eg results of credit reference check, education check, financial sanction check and a basic disclosure criminal record check relating to unspent convictions where carried out and permitted by applicable law), right to work verification, information related to the outcome of your application, details of any offer made to you;
- 3.1.3 Any other personal data which you choose to disclose to Company personnel during the application or interview process, whether verbally or in written form, including in particular any other information which you disclose on a CV / résumé; and
- 3.1.4 Informal data including opinion data generated during the application or interview process.
4. HOW DOES THE COMPANY COLLECT DATA?
- 4.1 The Company collects personal data from you if you make an application direct to Commvault using our recruitment forms or platforms, and in any CV or covering letter that you submit to us. We also collect personal data from you during the assessment process, including in interviews.
- 4.2 If you make an application via a recruitment agency, they will provide your personal data to us. Recruitment agencies act as separate controllers, and you should contact them if you have any concerns about how your personal data was initially collected.
- 4.3 We may also contact referees to confirm aspects of your employment history or for a personal reference, and we reserve the right to contact other third parties (such as education providers) to verify your background or experience.
- 4.4 The Company may also collect personal data via Third Party sources, such as networking websites or job boards, eg, Linked In, Zing, Total Jobs and other internet sources. These Third Party companies act as separate controllers, and you should contact them if you have any concerns about how your personal data was initially collected.
5. WHAT ARE THE PURPOSES FOR WHICH DATA IS PROCESSED AND WHAT IS OUR LEGAL BASIS FOR CARRYING OUT THE PROCESSING?
- 5.1 We use your personal data for a number of purposes which we have listed at paragraph 5.5 below.
- 5.2 Whenever we process your personal data, we do so on the basis of a lawful “condition” for processing.
- 5.3 The processing of your personal data will be justified on one of the following bases:
- 5.3.1 it is necessary for us to comply with a legal obligation to which Company is subject (for example, conducting immigration and right to work checks);
- 5.3.2 it is in our legitimate interests as a business in order to identify and assess suitable candidates for recruitment, and our interests are not overridden by your interests, fundamental rights or freedoms (for example, grading candidates performance in interviews, carrying out background checks to verify your identity and qualifications / experience);
- 5.3.3 subject to your consent;
- 5.3.4 it is necessary in order to take steps at your request prior to entering into an employment contract with you (this applies at the post-offer stage, where we need to collect further information, or process information already collected, in order to enter into and then perform the contract of employment).
- 5.4 The processing of special categories of data will be justified by a condition in paragraph 5.3, and normally by one of the following special exemptions (which may also apply to the processing of criminal records):
- 5.4.1 it is necessary for the purposes of carrying out obligations under employment law (for example, processing of ethnicity data contained in immigration or right to work documents);
- 5.4.2 it is necessary for reasons of substantial public interest authorised under local law (for example, carrying out selected criminal record checks on candidates for senior roles to prevent crime and other unlawful acts and to protect the business and clients from fraud, dishonesty or incompetence); or
- 5.4.3 it is necessary for the establishment, exercise or defence of legal claims.
- 5.5 Generally, the purposes for which we process your personal data are to assess your suitability and aptitude for employment with Company. If you do not provide some or all of this data it may affect Company’s ability to process your application. In some cases, it may mean that we are unable to continue with your application for employment as Company will not have the personal data we believe to be necessary for the effective and efficient management of the recruitment process.
- 5.6 We collect this data from you for the purposes of managing Company’s related activities. Company may use your personal data in relation to the evaluation and selection of applications; including for example setting up and conducting interviews and tests, evaluating and assessing as is otherwise needed in the recruitment processes including the final recruitment, reviewing your eligibility to work, where authorised by law and required for your role, seeking criminal record disclosure, and other purposes relevant to the recruitment process.
6. RETENTION OF PERSONAL DATA
- 6.1 If your application is successful, some of your recruitment information (such as your basic details) will be used to create your employee profile. Other information will be retained for a reasonable period of time after you become an employee of Commvault in order to resolve any queries or challenges regarding your recruitment.
- 6.2 If you are unsuccessful, we will retain your application for a period of one year in order to consider you for future similar vacancies which may arise.
- 6.3 In certain cases, legal or regulatory obligations require us to retain specific records for a set period of time, including following the end of the recruitment process.
7. DISCLOSURES OF PERSONAL DATA
- 7.1 We may share your personal data with other members of the Company group where required in order to, for example take decisions about your recruitment. Within the Company, your personal data can be accessed by or may be disclosed internally on a need-to-know basis to the hiring manager and any other relevant business colleagues responsible for managing or making decisions in connection with your potential employment with the Company.
- 7.2 We may use third party suppliers to help us provide recruitment services. These third parties may have access to or merely host your personal data, and may support and maintain the May 2018 4 framework of our recruitment system, but will always do so under our instruction and subject to a contractual relationship.
- 7.3 Your personal data may be shared with certain interconnecting systems (such as HR information, payroll and benefits systems) if your application for employment with Company is successful. Data contained in such systems may be accessible by providers of those systems, their associated companies and sub-contractors.
- 7.4 We may be required to disclose your personal data to third parties:
- 7.4.1 including tax authorities, IT administrators, lawyers, auditors, investors, consultants and other professional advisors;
- 7.4.2 in response to orders or requests from court, regulators, government agencies, parties to a legal proceeding or public authorities; or
- 7.4.3 to comply with regulatory requirements or as part of a dialogue with a regulator. The Company expects such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security.
8.0 INTERNATIONAL TRANSFER OF PERSONAL DATA
- 8.1 The global nature of our business means that your personal data may be disclosed to members of the Company group, or to third party suppliers or partners, located outside of the European Economic Area (“EEA”), including Commvault Systems, Inc. in the United States of America.
- 8.2 In respect of internal transfers within the Company group, we have entered into an IntraGroup Data Transfer Agreement to ensure your data receives an adequate level of protection.
- 8.3 Where third parties transfer your personal data outside of the EEA, we will take steps to ensure that your personal data receives an adequate level of protection, including by, for example, entering into data transfer agreements or by ensuring that third parties are certified under appropriate data protection schemes. You can request details of any mechanism used to transfer your personal information outside of the European Economic Area. Any data transfer agreement made available to you may be redacted for reasons of commercial sensitivity.
9. SECURITY OF YOUR PERSONAL DATA
- 9.1 We implement reasonable physical, technical and administrative security standards designed to protect your personal data from loss, misuse, alteration, destruction or damage and to ensure a level of security appropriate to the risk.
- 9.2 We take steps to limit access to your personal data to those Company staff who need to have access to it for one of the purposes listed in Section 4
10. DATA SUBJECT RIGHTS
- 10.1 You have the following rights in respect of your personal data, where these are applicable to the processing which we carry out:
- 10.1.1 to obtain a copy of your personal data together with information about how and on what basis that personal data is processed;
- 10.1.2 to rectify inaccurate personal data (including the right to have incomplete personal data completed);
- 10.1.3 to erase your personal data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed;
- 10.1.4 to restrict processing of your personal data where:
- 10.1.4.1 the accuracy of the personal data is contested;
- 10.1.4.2 the processing is unlawful but you object to the erasure of the personal data;
- 10.1.4.3 we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim;
- 10.1.5 to challenge processing which we have justified on the basis of a legitimate interest;
- 10.1.6 to object to any decisions which are based solely on automated processing;
- 10.1.7 to obtain a portable copy of your personal data, or to have a copy transferred to a third party controller; or
- 10.1.8 to obtain a copy of or access to safeguards under which your personal data is transferred outside of the EEA (see paragraph 8.3).
- 10.2 In addition to the above, you have the right to lodge a complaint with the supervisory authority.
11. CONTACTIf you have any questions about the way Company uses your personal data, or you wish to investigate exercising any rights in respect of your personal data, please contact our Global Data Governance Officer at GDGO@commvault.com