| Referees
Where a referee is being asked to give a reference based on their professional experience of a Candidate, we will not use the referee's details to reach out to get in touch in the alternative capacity as a Client unless we are explicitly asked to do so by the referee.
Prospective Candidate Data
In relation to the ways in which we collect your data, if we collect your personal data from a third party online platform/website that prohibits data scraping in its terms of use, we will take this into account in determining whether to collect your data from such sources.
We use Prospective Candidate data to work out whether you might be interested in, or might benefit from, our services, and to assess whether and how we might be able to assist you. If we think we can help, we will use your contact details to get in touch with you and find out if you are interested in our services. In Germany, we do this not via email, but via phone or messages via a the job network (unless you have consented to be contacted via email).
Use of sensitive or special category Candidate Data
Race or ethnic background
In Germany, we collect details of our Candidates' religious affiliation to facilitate our payroll process. As this is a necessary legal requirement, we will not seek your explicit consent to process this information.
DSARs
In accordance with local law, we have the right to refuse to respond to your DSAR in circumstances where your data are only being held: (i) pursuant to a legal obligation to retain them; or (ii) for the purposes of monitoring data protection or safeguarding data, in each case where providing the information would require a disproportionate effort, and appropriate technical and organisational measures make processing for other purposes impossible.
Requests to erase your data
Where your data are not being processed in an automated way, unless your data are being processed unlawfully, we will not be required to erase your data if erasure would be impossible or would involve a disproportionate effort due to the specific method of storage, provided that we think your interest in erasure is minimal.
Where your data are being processed in an automated way, we will also have the right to refuse to erase your data if we have reason to believe that such erasure will adversely affect your legitimate interests, or if such erasure would cause us to breach any legal obligation to retain your data for a specific period. Instead, in these circumstances, processing of your data will be restricted in the particular ways envisaged by the GDPR.
Marketing, Retargeting and Market Research Purposes
Soft-opt-In
As described in the main body of our Privacy Policy, we are entitled to rely on "soft-opt-in" consent in respect of certain marketing messages that we wish to send to you. The conditions that apply to our using of soft-opt-in consent are that: (i) we have obtained your email address in connection with the sale of goods or services; (ii) we use that address only for direct advertising of our own (or substantially similar) services; (iii) you have not objected to this use; and (iv) we clearly advise you, in each such communication, of your right to opt-out.
Opt-in
In all other e-marketing circumstances, we are required to obtain your specific "opt-in" consent and we are required to keep records of such consent having been received. To comply with our obligations under the Act Against Unfair Competition, we undertake what is commonly known as the "double-opt-in" consent procedure, which is where we first ask you to opt-in to receive e-marketing, and we then send you an email asking you to confirm that you have given your consent. We may only add you to our marketing list once we have received this second email confirmation.
Retargeting
When you consented to the transfer of data to our advertising partners we send your data (e.g. your email address, your name, your phone number) in an encrypted and pseudonymised way (so called “hashed”) to our advertising partners (for a list of our advertising partners, see below). They compare this data with the data they already process about you and if they match, the partners enable us to run targeted advertising on those matches or on similar groups of people like you, which means the partners display on their platforms Hays advertising which are specially designed for you or for people like you. After the creation of the matches, your encrypted data is automatically deleted again at our partners. The partners do not gain new addresses as a result of this. We think this is a great benefit for you as you get only those advertising which suits your needs.
Hays group companies & Hays advertising partners
When we mention Hays group companies in Germany, Austria, Denmark and Switzerland in the context of our advertising consent wording, we mean the following legal entities:
- Hays AG, based in Germany
- Hays Professional Solutions GmbH, based in Germany
- Hays Talent Solutions GmbH, based in Germany
- Emposo GmbH, based in Germany
- Hays Holding GmbH, based in Germany
- Hays Beteiligungs GmbH & Co.KG, based in Germany
- Hays Vorrat 01 GmbH, based in Germany
- Hays (Schweiz) AG, based in Switzerland
- Hays Talent Solutions (Schweiz) GmbH, based in Switzerland
- Hays Österreich GmbH, based in Austria
- Hays Professional Solutions Österreich GmbH, based in Austria
- Hays Specialist Recruitment Denmark A/S, based in Denmark
When we talk about advertising partners in the context of our advertising consent wording, we mean the following partners:
Transfer outside of the EWR
Where we have asked you for your marketing consent regarding our advertising partners and where those parties are located outside of the European Economic Area, you consent (Art. 49 I a GDPR) to a transfer outside of the European Economic Area, and you are aware that there might be a lower level of data protection with these providers/countries than it is the case in the European Economic Area.
There might be in particular a risk that your data may be accessed through authorities for surveillance purposes, even without legal redress procedures. Exercising data protection rights, you know, and you are familiar with under the GDPR may be more difficult or even impossible.
Market Research Purposes
When you consented to the use of your personal data for market research purposes, this means that we will run surveys regarding satisfaction, NetPromoterScore, personnel topics, wishes, offers, socio-demographic characteristics, new platform testing, test groups, UX testing and brand panels.
Certain aspects of German law suggest a blurring of the line between recruitment candidates and employees. While we do not consider that this blurring was intended to apply in respect of candidates in the context of a recruitment business, should that not be the case, we would rely on the employment-specific provisions of the GDPR (and German law, i.e. the German Data Protection Act-new) to ensure that we can continue to process your data fairly and lawfully.
The employment-specific provisions permit the processing of personal data of employees for employment-related purposes where necessary for hiring decisions or, after hiring, for carrying out or terminating the employment contract or to exercise or satisfy rights and obligations of employees’ representation laid down by law or by collective agreements or other agreements between the employer and any staff council. For more information, please see section 26 of the German Data Protection Act-new.
ID Check for Pay-Agent Services (for Suppliers and Clients)
Purpose of data collection / kind of data we collect
As we provide you payment services according to § 10 Section 1 ZAG, we are obliged by the Money Laundering Act to establish the identity of each of our contractual partners or the person acting on their behalf and to document this. For this purpose, we use a web-based video identity verification process to make identification as convenient as possible for you. During this procedure, a Hays employee or an employee of our service provider, acting on our behalf and according to our instructions, will ask you to identify yourself by means of a camera. The interview will be recorded audio-visually and various images (screenshots) will be taken of the ID document you are using (the front and back, the respective security features), as well as of yourself. For this purpose, we ask you in at the outset of the interview, but before we start recording, for your consent under banking law in relation to the following:
("We will take photos of you, as well as of the complete front and back of your ID card (including its security features) once in the course of this identity verification. Furthermore, the video call now conducted for the purpose of establishing your identity will be recorded visually and acoustically. We will store this data in accordance with our legal obligations. In this way, we will be able to provide proof that we have properly executed the videoIdent at any time upon request by the applicable regulatory authority.")
Furthermore, the information contained on your identification document (for example, first name, last name, citizenship, etc.) is documented, stored and otherwise processed as part of the identity verification process.
Our processing of this information is necessary to ensure that we have identified you correctly and to document the identity verification process correctly.
Legal Basis
Article 6 I c GDPR (compliance with a legal obligation), Article 6 I a GDPR (consent) and §§ 11, 8 GwG (Money Laundering Act)
Retention Period
In accordance with the requirements of the Money Laundering Act, we retain the documents produced in their entirety for the duration of our business relationship with you or your organisation and beyond that for a period of 5 years.
Alternatives
Video identification is the fastest and most convenient method for you to identify yourself to us. We can and will also offer you alternative solutions for identification if you ask us about this and explicitly request an alternative.
ID Check for all other Hays services (for Candidates and Suppliers)
Purpose of data collection / kind of data we collect
In today's virtual age, we unfortunately no longer meet many of our candidates, temporary workers and suppliers in person. As a result, we need to verify the identity of people (or in the case of organisations, people acting on their behalf) that we are seeking to do business with. This is done in for our own legitimate interests, namely to maintain internal compliance standards as well as to comply with our legal obligations (for example, we are obliged not to provide any or only limited services to "sanctioned persons").
For this purpose, we use a web-based video identity verification process to make identification as convenient as possible for you. During this process, a Hays employee or an employee of our service provider, acting on our behalf and according to our instructions, will ask you to identify yourself using a camera. The interview will be recorded audio-visually and various images (screenshots) will be taken of the ID document you are using (the front and back, the respective security features), as well as of yourself. For this purpose, we ask for your consent at the outset of the interview, but before we start recording in relation to the following:
("We will take photos of you, as well as of the complete front and back of your ID card (including its security features) once in the course of this identity verification process. Furthermore, the video call now conducted for the purpose of establishing your identity will be recorded visually and acoustically. We will store this data in accordance with our legal obligations.")
Furthermore, the information contained on your identification document (for example, first name, last name, citizenship, etc.) is documented, stored and otherwise processed as part of this identity verification process. Afterwards, we check this information and if it turns out for us that the check was successful, we delete this data. In the event of discrepancies, we will clarify these with you and retain the data for this period.
This information is necessary to ensure identification and to document the identity verification process correctly.
Legal Basis
Article 6 I f GDPR (legitimate interests condition)
Retention Period
We keep the data collected during the call for the period of the identity check and delete it afterwards. This period is usually a few days. After a successful identity verification check, we will keep a note on your file that your identity has been checked for the duration of our business relationship and for a period of 3 years beyond that.
Alternatives
Video identification is the fastest and most convenient method for you to identify yourself to us. We can and will also offer you alternative solutions for identification if you ask us about this and explicitly request an alternative.
|
