Purpose and Legal Basis for Processing
ThreatLocker’s purpose for processing this information is to assess your suitability for a role at ThreatLocker.
Where processing takes place in the UK or EU, or you are a resident of the UK or EU, the legal basis we rely on for processing your personal data is article 6(1)(b) of the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract. The legal basis we rely on to process any information you provide as part of your enquiry or application which is special category data, such as health, religious or ethnic information, is article 9(2)(b) of the GDPR, which also relates to our obligations in employment and the safeguarding of your fundamental rights and article 9(2)(h) for assessing your work capacity as an employee.
How Will ThreatLocker Use This Information?
We’ll use all the information you provide during the recruitment process to progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary.
We’ll use the contact details you give us to contact you to progress your enquiry or application. We’ll use the other information you provide to assess your suitability for the role. This may include sharing your information with one or more of hiring team, including your CV, details of your qualifications, relevant experience and skills, identification documentation, references and background and criminal record checks (where applicable).
Where applicable, we may also share your information with the data processors detailed below.
We will not share any of the information you provide with any third parties for marketing purposes.
We do not and will not sell your personal data.
What Information Will ThreatLocker Ask For and Why?
We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask but it may affect our assessment efforts if you don’t.
Applications
If you use our online application system, your details will be collected by a data processor on our behalf (please see below).
We ask you for your personal details including name and contact details. We’ll also ask you about your eligibility to work in the country concerned, previous work experience, education, referees and for answers to questions relevant to the role. Our recruitment team and relevant business lead will have access to all this information.
You will also be asked to provide equal opportunities information. This is not mandatory – if you don’t provide it, it won’t affect your application. We won’t make the information available to any staff outside our recruitment team, including business leads, in a way that can identify you. Any information you provide will be used to produce and monitor equal opportunities statistics.
Pipelining
Our Talent Acquisition team and hiring managers pipelines applications for interview. The hiring managers will not be provided with your equal opportunities information if you have provided it.
Vetting
We may ask you to participate in technical assessments; demonstrations ; attend an interview (including by recorded video); or a combination of these. Information will be generated by you and by us. For example, you might complete a written assignment, or we might take interview notes. This information is held by us.
If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in ThreatLocker’s own talent pool. If you say yes, we may proactively contact you should any further suitable vacancies arise.
Employment Offer
If we make an offer of employment, we’ll ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to employment. We must confirm the identity of our staff and their right to work in the relevant country, and seek assurance as to their trustworthiness, integrity and reliability.
You must therefore provide:
· Proof of ID (passport – if no passport, birth certificate and national insurance/social security documents)
· Proof of Right to Work in country where job is based
· Proof of Address
We may also perform the following, subject to local laws and practices:
· Criminal Record check
· Electronic ID Verification check
· Credit & Bankruptcy checks, including a full 7-year address history
· Global Financial Sanctions checks
· Compliance checks, including Office of Foreign Assets Control (OFOC)
· Directorship & Media Searches
Education & Professional Qualifications Checks
Proof of Seven Years Employment References check
How Long Is The Information Kept For?
This will depend on whether your application is successful or not (unless we state otherwise in our ‘data processor’ section below):
Successful Recruitment Candidate Information (including CV’s applications, interview notes, etc.) will be destroyed 12 months after the end of employment. Except in the United States, where candidate information is retained for 24 months. Eligibility documents (identity, right work in country) and background checks (including personal references) are typically kept for 5 years after the end of employment, or longer to comply with local laws. Please refer to your local ThreatLocker Recruitment Team for further information.
Unsuccessful Recruitment Candidate Information (including third party referee details provided by the applicant) will be destroyed 12 months after the last action unless you consent for information to be held for longer. Except in Poland, where candidate information is retained for 6 months and in the United States for 24 months.
How We Make Decisions In Our Hiring Process?
At the initial application stage we may automatically decline your on-line application if you fail to satisfy any relevant legal requirements for employment (e.g. You state you do not have the legal right to work in the country where the role exists and/or fail to meet other requirements per job qualifications.
Final recruitment decisions are made by members of our talent acquisition team and hiring managers. We take account of all the information gathered during the application process.
You can ask about decisions on your application by speaking to your contact in our recruitment team.
Your Rights
As an individual, you have certain rights regarding your own personal data.
For more information on your rights, please see the ‘Your Data Protection Rights’ section of the ThreatLocker Privacy Notice: https://www.ThreatLocker.com/Data-privacy-notice
ThreatLocker’s Data Protection Officer can be contacted at: privacy@threatlocker.com
Do We Use Any Data Processors?
Yes – we use several processors to provide elements of our recruitment service for us as follows:
On-line Candidate Application Management Service
We use Greenhouse’s candidate application management platform. You can access their Privacy Policy here: https://www.greenhouse.io/privacy-policy.
Recruitment Agencies and Talent Pools
We have relationships with a number of recruitment agencies and talent pools and where you have applied for a position with ThreatLocker through such agency or registered with a particular talent pool, you should approach them directly for information on their privacy policy and data retention periods.
Employment Vetting
ThreatLocker use the following range of providers, depending on your location and operational requirements:
HireRight. You can access their Privacy Policy here: https://www.hireright.com/emea/legal/privacy-policy/emea-and-apac-candidate-policy
Notice Version: 18 OCTOBER 2022