Data Protection Employee

Last Updated: 24/09/2024

When we refer to “Personal Data” in this Data Protection Statement we mean any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

OUR EMPLOYEE SELECTION DATA PROTECTION STATEMENT

Under the General Data Protection Regulation (the “GDPR”), we are required to explain to you why we are asking for information about you, how we intend to use the information you provide to us and whether we will share this information with anyone else.

This Employee Selection Data Protection Statement sets out specific information relating to candidates applying for temporary, permanent and intern positions in Atlantia (referred to as “Candidates”).

We treat the protection of your personal data seriously and when we collect and process your Personal Data, we will do so in accordance with the GDPR and relevant local data protection laws (the “Data Protection Laws”).

ABOUT US

This Data Protection Statement applies to the following companies in the Atlantia Group:

Atlantia Clinical Trials Limited- Floor 1, Heron House, Blackpool, Cork, T23 R50R, Ireland
Atlantia Clinical Trials Inc-142. E. Ontario Suite 1200, Chicago 60611, Illinois, USA

References to “we”, “us” and “Atlantia” shall apply to the company in the group that is processing your Personal Data.

We are a world-class provider of human clinical studies. We are a full-service, Contract Research Organisation (CRO). We deliver human clinical studies in the following areas; functional foods and beverages, ingredients, supplements, prebiotics, probiotics and microbiome-based therapeutics and cosmeceuticals.

This Data Protection Statement describes how we process Personal Data to recruit prospective permanent and temporary employees to open positions in our company. It includes detailed information about the types of Personal Data that we process and how we use, manage and protect that Personal Data.

CONTACT DETAILS

We have appointed a Data Protection Officer. If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us, please contact:

Data Protection Officer

Address: Floor 1, Heron House, Blackpool, Cork, T23 R50R, Ireland,

Email: dataprotectionofficer@atlantiatrials.com

Telephone: +353 (0)21 430 7442

Our website is: www.atlantiaclinicaltrials.com

THE STRUCTURE OF OUR DATA PROTECTION STATEMENTS

This Data Protection Statement provides specific information relating to the Candidates applying for jobs at Atlantia whose Personal Data we process.

If you are not a Candidate, you will find further information about the processing of Personal Data for other individuals in the following Data Protection statements:

Our Volunteer Data Protection Statement describes how we process Personal Data of volunteers in clinical trials.
Our General Data Protection Statement describes how we process Personal Data of all individuals who are not volunteers on our clinical trials or Candidates including business contacts, sponsors, suppliers and visitors to our website.

WHO THIS DATA PROTECTION STATEMENT APPLIES TO

This Data Protection Statement applies to the Personal Data we process about Candidates applying for positions as employees at Atlantia.

LAWFULNESS OF PROCESSING

We process all Personal Data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds for processing Personal Data.

When Atlantia processes Personal Data about Candidates, any one of the following legal grounds will generally apply. Further detail about the lawful basis for our processing activities is included in the relevant sections of this Data Protection Statement.

CONTRACT

We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering that contract. When you apply for a job some of our processing activities will be carried out in order to take steps necessary to enter into a contract of employment with you.

CONSENT

For certain processing activities we may rely on your consent. Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at dataprotectionofficer@atlantiatrials.com

LEGITIMATE INTEREST

At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and recruitment portals or to maintain their security and protect intellectual property rights.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweighs our legitimate interests.

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at dataprotectionofficer@atlantiatrials.com and we will review our processing activities.

LEGAL OBLIGATION

If we have a legal obligation to process Personal Data, we will process Personal Data on this legal ground.

SOURCES OF CANDIDATE DATA

We receive Personal Data about Candidates from a variety of sources. Usually, Candidates provide us with certain information directly, for example, when the Candidate sends us their CV, applies directly for a position advertised on the Atlantia website, or interacts with our communications (e.g. websites and advertisements).

We may also receive Personal Data about a Candidate when:

the Candidate applies to a position advertised on a third-party job’s website;
the Candidate may be sourced from publicly accessible platforms such as LinkedIn;
the Candidate may be sourced from third party CV providers such as jobs websites that provide CV search facilities and where users have made their CV data available to registered customers of these sites; and
the Candidate’s nominated referees or other individuals may provide us with Personal Data relating to the Candidates.

CATEGORIES OF CANDIDATE PERSONAL DATA

The table below sets out the general categories of Personal Data that we collect in relation to Candidates:

Personal Data Category	Description
Contact Data	may include: home address, work address, email address, phone number, online communication id (e.g skype)
Identification Data	may include: name, date of birth, (copy of or details from) driving license, passport, birth certificate, member ID, identification card, photograph, employment visa
Professional Data	may include: profession, company, department, employment history, skills/ experience, membership of professional bodies
Education Data	may include: degrees, certificates and diplomas awarded, languages, educational history, qualifications
CV Data	may include: Contact Data, Identification Data, Professional Data, Education Data, Application Data
Application Data	may include: information provided as part of an application for a permanent or contract position such as Contact Data, Identification Data, Professional Data, Education Data, CV Data and information about achievements and hobbies
Financial Data	may include: payment and bank details, tax information, social security and salary expectations
Test Data	may include: test answers and results for any job application
Health Data	may include: health information including information about any disability or illness
Media Data	may include: video data and recordings from any interview with the Candidates including, Contact Data, Professional Data, Education Data, Health Data, Application Data and Communications Data
Legal Data	may include: criminal record and credit checks undertaken where required as part of the application process
Position Data	may include: information on salary/rate of pay, working hours and job description
Emergency Contact Data	may include: the name and contact details provided by Candidates in case of an emergency
Communications Data	may include: communications with us over email, text, phone or letter
Marketing Data	may include: Contact Data and any preferences in receiving marketing from us and your communication preferences
Web Data	may include: information provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you are using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use

OUR PROCESSING ACTIVITIES

We can only collect your Personal Data if we have a lawful basis for doing so.

We have set out in the table below, the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.

Purpose/Activity	Type of Personal Data	Lawful basis for processing
Candidate Sourcing
to advertise roles on our website to create a record/file for the Candidate on our system and to associate all notes and tracking throughout the interview, and onboarding process to keep up to date information about Candidates in relation to their requirements, in order to assess their suitability for current or future vacancies to maintain our database screening and identification of Candidates for available positions to communicate with Candidates about positions that might be of interest to them to receive and review Candidates applications to understand current and expected salary, notice period and availability to undertake profiling for the purposes of semi-automated or manual decision making about Candidates.	Identification Data CV Data Communications Data Application Data Marketing Data Web Data	Legitimate interest Consent
Job Applications
responding to Candidates queries receiving and reviewing applications received from Candidates directly communications with Candidates re application setting up interviews with the Candidate	Identification Data Contact data CV Data Communications Data	Consent Legitimate Interest
Job Interview
to arrange and undertake interview recording notes of Interview to communicate with the Candidates following interview	Identification Data Contact Data Test Data CV Data Communications Data Media Data	Consent Legitimate Interest
Candidate Screening
to identify if the Candidate is fit to work to assess the Candidate working capacity	Identification Data Contact Data CV Data Health Data Test Data	Consent
Candidate Finance Activities
to ensure salary expectations are met to remunerate Candidate for interview / travel expenses	Identification data Contact Data Position Data Financial Data	Consent Legitimate Interest Contract
Candidate IT Activities
back-up and storage of Candidate data to make improvements and efficiencies in the employee selection process	Contact Data Identification Data Professional Data Education Data Communications Data Marketing Data Web Data	Consent Legitimate Interest
Website Delivery
to respond to web forms completed by Candidates; to administer the Website; for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes to ensure the safety and security of our website and our services.	Identification Data Contact Data Web Data	Consent Legitimate Interest
Marketing activities
to respond to any requests from Candidates to send newsletters and other information that may be of interest to participate in employee selection conferences, seminars, events to personalise marketing information to segment and distribute targeted marketing	Identification Data Contact Data Marketing Data Web Data	Consent Legitimate Interest

RETENTION OF CANDIDATE PERSONAL DATA

We only keep your Personal Data if it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.

Our retention policy is as follows:

Purpose of Processing	Retention Period
Job Applications	Duration of campaign +18 months
Candidate Interview	Duration of campaign +18 months
Candidate Expense Reimbursement	Duration of campaign +7 years

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on our purpose for processing the Personal Data. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims. We may also delete Personal Data earlier than the specified Retention Period where the Personal Data is no longer required for the purpose.

DISCLOSURE OF PERSONAL DATA

Personal Data is shared in certain circumstances as follows:

to business partners and sub-contractors to deliver our employee selection activities including email, chat, ticketing, applicant tracking systems and hosting service providers
for the purposes of third-party screening and verification, if applicable, including doctors or testing companies (for example, criminal record checks / pre-employment screening services and assessments)
to other companies in the Atlantia group of companies including the affiliated companies documented in this Data Protection Statement for the purposes of administration
to any party acquiring an interest in Atlantia
to tax, audit or other authorities, if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation or in order to enforce or apply any contract that we have
to official authorities to protect our rights, property, or safety, or those of other persons (including you)
to providers of services to Atlantia including IT consultants and hosting companies, marketing, legal and finance
to analytics and search engine providers that assist us in the improvement and optimisation of our website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
to Atlantia insurance brokers and providers where required for administering claims
to our email distribution partner and service providers in the case of newsletters

SECURITY

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process. Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

TRANSFERS OUTSIDE THE EEA

In certain circumstances your Personal Data may be transferred outside the EEA. We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.

If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.

USE OF THIRD-PARTY WEBSITES

Websites that you access via a link on the Atlantia website are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own Data Protection Statements, which may differ from ours. Please check the Data Protection Statements on those websites before you submit any Personal Data to them.

COOKIES

Please see our separate Cookie Notice for further information.

YOUR RIGHTS

You have various rights relating to how your Personal Data is used.

Right of access to the Personal Data we hold about you

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we have recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.

We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.

Right of rectification of Personal Data

You should let us know if there is something inaccurate in your Personal Data.

We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

Right of erasure of Personal Data (right to be forgotten)

In some circumstances you can ask for your Personal Data to be deleted, for example, where:

your Personal Data is no longer needed for the reason that it was collected in the first place
you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
there is no lawful basis for the use of your Personal Data
deleting the Personal Data is a legal requirement

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.

Please note that we cannot delete your Personal Data where:

we are required to have it by law
it is used for freedom of expression
it is used for public health purposes
it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
it is necessary for legal claims.

Right to restrict what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

you have identified inaccurate Personal Data, and have told us of it
where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether

When Personal Data is restricted, it cannot be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

Right to have your Personal Data moved to another provider (data portability)

You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we are using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

Right to object

You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.

Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent, or the processing is authorised by law.

You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

QUESTIONS OR COMPLAINTS

Thank you for reading our Employee Selection Data Protection Statement. Please Contact us if you have any questions.

If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached

Online Form: https://forms.dataprotection.ie/contact

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Tel: +353 578 684 800 or +353 761 104 800

AMENDMENTS TO THIS DATA PROTECTION STATEMENT

We will post any changes to this Data Protection Statement on the Website and on our job ads in recruitment portals and when doing so will change the effective date at the top of this Data Protection Statement.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

Employee Selection Data Protection

Table of contents: