- What kind of personal data we collect
- How we collect personal data
- How we store personal data
- How we use personal data
- Personal data sharing with third parties
- Retention period
- Your rights
- Contact us
The purpose of this document is to provide you with all the information relating to your personal information. We are committed to protecting your privacy, hence your personal data is dealt with in a confidential manner and securely by the C.Y Actuaries team and in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the national legislation in relation to Personal Data, L.125(I)/2018, as may be amended from time to time.
For the purposes of the GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1. What kind of personal data we collect
C.Y Actuaries as a consulting firm receives a significant amount of personal data, including sensitive data, for the provision of HR Services.
Personal data of potential candidates, include, for example (the below is a non-exhaustive list):
- Name (including middle names and surname);
- Age – date of birth;
- Telephone number;
- Email address;
- Contact details;
- Educational history;
- Professional Memberships;
- Employment history;
- Financial information (including salary history, bonus, pension schemes, financial background check if applicable);
- Social Insurance number;
- Referee details and any additional information that may be disclosed to us by such referees;
- Clean criminal record details;
- General information about you, including hobbies and extracurricular activities; (xvii) Any additional information that you may disclose to us;
- Any additional information that we may find about you available on the internet; (xix) IP address.
We may also collect sensitive data about you, such as ethnicity, political beliefs, health data, religious or philosophical information.
2. How we collect personal data
We will collect your personal data when you directly provide us with it, in your curriculum vitae (CV) as well as the covering letter/email you may send to us.
In some instances, we may collect personal data relating to you through referees or third parties (including employers/past employers).
We may also collect personal data through publicly available sources, such as social media (LinkedIn/Google/Facebook) and online.
We request solely the necessary data for the purposes collected (more information below). In case we receive personal data that is considered unnecessary, we will delete and destroy that data.
3. How we store personal data
We aim in protecting your personal information and endeavour to ensure that no unauthorized access and/or misuse of your personal data occurs. To this end, we have put in place all necessary organizational and technical measures. We have implemented design mechanisms in the way data is stored and privacy settings have been set at a high level by default.
We have adopted by default systems and technology designed in such a way to ensure that data processing is limited to what is necessary for the purpose for which the data was collected and only the members of the team who need to access the personal data are allowed with access.
4. How we use personal data
For the purposes of GDPR we are controllers in relation to your personal data. That means that we will determine the means and purposes of the processing of your personal data, the way we will use them, store them, how long we retain them and more.
We will use your personal information lawfully, fairly and in a transparent way. We shall use it to assist you in finding suitable employment, based on your CV, educational and professional background. This includes background and reference checks, communicating with you for updates or requesting additional information or for potential suitable vacancies. We will not use such information for any other purposes, not disclosed to you. In addition, we may use personal data we collect about you to comply with legal or regulatory requirements.
We treat sensitive data with caution. We may use such data to evaluate whether additional arrangement need to be made with potential employers or during interviews, for instance, in case of a disability. Also, we may use data relating to your nationality or ethnicity to determine whether a work permit or visa is necessary for your suitability as a successful candidate.
In accordance with the GDPR, we may only process your personal data:
- Based on the explicit, unambiguous consent of the data subject;
- When processing is necessary to perform a contractual obligation;
- When processing is necessary to comply with a legal obligation;
- When processing is necessary for the legitimate interests pursued, except where such interests are overridden by the rights and freedoms of the data subject, in particular where the data subject is a child;
- When processing is necessary in order to protect your vital interests or of another natural person;
- When processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
5. Personal data sharing with third parties
We will share your personal data with our clients / prospective, currect or past employers for recruitment purposes and to increase the chances of finding a suitable employment for you. We may also share your data with third-party service providers for the purposes of adopting appropriate security measures for the protection of your personal data. Lastly, we may share your data with public bodies, auditors, accountants and legal consultants, if necessary to comply with a legal or regulatory obligation.
We will only transfer personal data to any third parties, upon receiving confirmation that the said third party is aware of the GDPR provisions and has complied with those, or is taking steps to ensure compliance.
6. Retention Period
We will retain your personal data for a period of 1.5 years from the date you provide us with it. We will keep the data for this period so that we can contact you in case a suitable vacancy comes to our attention and also to be able to keep records in case of an allegation or legal claim being pursued relating to the recruitment process. Kindly ensure that your data is kept up to date and remains accurate.
We may keep your personal data for a longer period if necessary for legal, regulatory or technical reasons.
Data that we keep for any reason after the retention period expires, will be completely anonymised.
8. Your rights
Under the appropriate circumstances, you have the right:
- to receive information on the personal data we hold about you and how such personal data is used (right to access);
- to rectify inaccurate personal data concerning you (right to data rectification);
- to delete/erase your personal data (right to erasure/deletion, “right to be forgotten”);
- to receive the personal data provided by you in a structured, commonly used and machine-readable format and to transmit those personal data to another data controller (right to data portability);
- to object to the use of your personal data where such use is based on our legitimate interests or on public interests (right to object); and
- in some cases, to restrict our use of your personal data (right to restriction of processing).
You can exercise these rights by contacting us (as per the contact information mentioned below).
You also have the right to complain to the Office of the Commissioner for Personal Data Protection.
9. Contact us