PRIVACY POLICY FOR HUMAN RESOURCE CONSULTING SERVICES

Introduction  

This document sets out the personal data / privacy policy of Cronje & Yiannas Actuaries and  Consultants Ltd (hereinafter “We” or “C.Y Actuaries”) in relation to the Human Resource  Consulting Services we offer and covers the following: 

  • What kind of personal data we collect 
  • How we collect personal data 
  • How we store personal data 
  • How we use personal data 
  • Personal data sharing with third parties 
  • Retention period  
  • Use of cookies 
  • Your rights 
  • Contact us 

The purpose of this document is to provide you with all the information relating to your personal information. We are committed to protecting your privacy, hence your personal data is dealt with in a confidential manner and securely by the C.Y Actuaries team and in accordance  with the provisions of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and  the national legislation in relation to Personal Data, L.125(I)/2018, as may be amended from  time to time. 

For the purposes of the GDPR, personal data means any information relating to an identified  or identifiable natural person (‘data subject’); an identifiable natural person is one who can be  identified, directly or indirectly, in particular by reference to an identifier such as a name, an  identification number, location data, an online identifier or to one or more factors specific to  the physical, physiological, genetic, mental, economic, cultural or social identity of that natural  person. 

1. What kind of personal data we collect 

C.Y Actuaries as a consulting firm receives a significant amount of personal data, including  sensitive data, for the provision of HR Services.  

Personal data of potential candidates, include, for example (the below is a non-exhaustive list): 

  1. Name (including middle names and surname); 
  2. Age – date of birth; 
  3. Address; 
  4. Nationality; 
  5. Gender; 
  6. Telephone number;
  7. Email address; 
  8. Contact details; 
  9. Educational history; 
  10. Professional Memberships; 
  11. Employment history; 
  12. Financial information (including salary history, bonus, pension schemes, financial  background check if applicable); 
  13. Social Insurance number; 
  14. Referee details and any additional information that may be disclosed to us by such  referees; 
  15. Clean criminal record details; 
  16. General information about you, including hobbies and extracurricular activities; (xvii) Any additional information that you may disclose to us; 
  17. Any additional information that we may find about you available on the internet; (xix) IP address. 

We may also collect sensitive data about you, such as ethnicity, political beliefs, health data,  religious or philosophical information.  

2. How we collect personal data 

We will collect your personal data when you directly provide us with it, in your curriculum  vitae (CV) as well as the covering letter/email you may send to us.  

In some instances, we may collect personal data relating to you through referees or third parties  (including employers/past employers). 

We may also collect personal data through publicly available sources, such as social media  (LinkedIn/Google/Facebook) and online.  

We request solely the necessary data for the purposes collected (more information below). In  case we receive personal data that is considered unnecessary, we will delete and destroy that  data.  

3. How we store personal data 

We aim in protecting your personal information and endeavour to ensure that no unauthorized  access and/or misuse of your personal data occurs. To this end, we have put in place all  necessary organizational and technical measures. We have implemented design mechanisms in  the way data is stored and privacy settings have been set at a high level by default.  

We have adopted by default systems and technology designed in such a way to ensure that data  processing is limited to what is necessary for the purpose for which the data was collected and  only the members of the team who need to access the personal data are allowed with access.

4. How we use personal data 

For the purposes of GDPR we are controllers in relation to your personal data. That means that  we will determine the means and purposes of the processing of your personal data, the way we will use them, store them, how long we retain them and more.  

We will use your personal information lawfully, fairly and in a transparent way. We shall use  it to assist you in finding suitable employment, based on your CV, educational and professional  background. This includes background and reference checks, communicating with you for  updates or requesting additional information or for potential suitable vacancies. We will not  use such information for any other purposes, not disclosed to you. In addition, we may use  personal data we collect about you to comply with legal or regulatory requirements.  

We treat sensitive data with caution. We may use such data to evaluate whether additional  arrangement need to be made with potential employers or during interviews, for instance, in  case of a disability. Also, we may use data relating to your nationality or ethnicity to determine  whether a work permit or visa is necessary for your suitability as a successful candidate.  

In accordance with the GDPR, we may only process your personal data:  

  1. Based on the explicit, unambiguous consent of the data subject; 
  2. When processing is necessary to perform a contractual obligation; 
  3. When processing is necessary to comply with a legal obligation; 
  4. When processing is necessary for the legitimate interests pursued, except where such  interests are overridden by the rights and freedoms of the data subject, in particular  where the data subject is a child; 
  5. When processing is necessary in order to protect your vital interests or of another  natural person; 
  6. When processing is necessary for the performance of a task carried out in the public  interest or in the exercise of official authority vested in us. 

5. Personal data sharing with third parties 

We will share your personal data with our clients / prospective, currect or past employers for  recruitment purposes and to increase the chances of finding a suitable employment for you. We  may also share your data with third-party service providers for the purposes of adopting  appropriate security measures for the protection of your personal data. Lastly, we may share  your data with public bodies, auditors, accountants and legal consultants, if necessary to  comply with a legal or regulatory obligation.  

We will only transfer personal data to any third parties, upon receiving confirmation that the  said third party is aware of the GDPR provisions and has complied with those, or is taking steps  to ensure compliance.

6. Retention Period  

We will retain your personal data for a period of 1.5 years from the date you provide us with  it. We will keep the data for this period so that we can contact you in case a suitable vacancy  comes to our attention and also to be able to keep records in case of an allegation or legal claim  being pursued relating to the recruitment process. Kindly ensure that your data is kept up to  date and remains accurate.  

We may keep your personal data for a longer period if necessary for legal, regulatory or  technical reasons. 

Data that we keep for any reason after the retention period expires, will be completely  anonymised.  

7. Use of cookies 

We use "cookies" to help you personalize your online experience. Cookies are also used to protect you from security risks. Please refer to our Cookie Policy for more details and information. 

8. Your rights 

Under the appropriate circumstances, you have the right: 

  1. to receive information on the personal data we hold about you and how such  personal data is used (right to access); 
  2. to rectify inaccurate personal data concerning you (right to data rectification);
  3. to delete/erase your personal data (right to erasure/deletion, “right to be forgotten”); 
  4. to receive the personal data provided by you in a structured, commonly used and machine-readable format and to transmit those personal data to another data  controller (right to data portability); 
  5. to object to the use of your personal data where such use is based on our legitimate  interests or on public interests (right to object); and 
  6. in some cases, to restrict our use of your personal data (right to restriction of  processing). 

You can exercise these rights by contacting us (as per the contact information mentioned  below).  

You also have the right to complain to the Office of the Commissioner for Personal Data  Protection. 

9. Contact us 

We have appointed a Data Protection Officer to ensure compliance with applicable legislation  as well as this privacy notice. You can contact our DPO for any queries at  This email address is being protected from spambots. You need JavaScript enabled to view it. or at +35722456006. 

 

(+357) 2245 6007

CY Actuaries logo