Candidate Privacy Notice

Any Suntera Global (“Group”) company may act as a Controller for the purposes of Data Protection and in relation to the Personal Data you have and will continue to provide. Generally speaking, the Controller will be your direct employing Suntera Entity, who can be contacted at your office location of work.

Suntera Group’s Data Protection Officers and Information Governance Manager who can be contacted directly at dataprotection@suntera.com.

This Personal Data has been and will be collected and processed for the purposes of:

• Assessing your skills, qualifications, and suitability for the role.
• Carrying out background and reference checks, where applicable.
• Communicating with you about the recruitment process.
• Keeping records related to our hiring processes.
• Maintaining our compliance with AML/CFT – Crime prevention and prosecution of offenders requirements.

Our lawful basis for processing this information is one, or more, of the below:

• It is necessary for the provisional steps of our possibly entering into or performing a contract with you.
• To comply with our legal obligations as detailed above.
• Is necessary for the legitimate interests of the Company (let us know if you would like further information about this).
• Your consent (for the purposes of special categories of data only (if applicable to you)).

Special Category Data (also known as ‘sensitive personal data’) is only collected and processed when you have provided your explicit consent. Please also see further below about how you may accidentally be able to provide us with your Special Category Data when using the Group’s internet systems.

For further information, please contact the Group’s Data Protection Officer by emailing dataprotection@suntera.com.

The Group may collect any information as is reasonably necessary and as specified to you for the purposes detailed above. Examples of the types of Personal Data that the Group may collect about you are as follows:

• Personal details such as name, contact details, address, date of birth, photograph and tax and NI numbers.
• Due Diligence including passport and address verification.
• Family, lifestyle and social circumstances such as emergency contact details, maternity/paternity information and details of dependents.
• Education and training details such as qualifications, certificates, CPD records and training records.
• Employment details such as your CV and references, your contract of employment and any amendments to it; correspondence with or about you (for example, letters to you about a pay rise); information needed for payroll, benefits and expenses purposes, records of holiday; records relating to your career history (such as appraisals, other performance measures and, where appropriate, disciplinary and grievance records).
• Financial details such as bank details and pension information.
• Health records such as medical questionnaires, sickness records and self-certifications.
• Criminal proceedings, outcomes, sentences or offences (including alleged offences) such as police check documents, world check reports and criminal conviction documents.
• Your image for use on the company directory listing and, where you have provided consent, to be used in marketing materials and within our online presence across all platforms.

The Group will not sell, distribute or lease any personal information to any third party unless prior consent is obtained, or the Group are required by law to do so. The Group may on occasion send your Personal Data to the following recipients:

• You as the Data Subject yourself.
• Current or past employers (to check your references).
• Education, training establishments and examining bodies.
• Healthcare, social and welfare advisors or practitioners (only where this may be relevant to your recruitment and ongoing employment).
• Employees and agents of the Controller.
• Other companies in the same group as the Controller (only where applicable to the role you are applying for).
• Financial organisations and advisors.
• Credit reference agencies.
• Trade, employer associations and professional bodies.
• Officers of central Government, Statutory Boards/Authorities.
• Ombudsmen and regulatory authorities.

Where you have provided your Due Diligence for verification purposes and unless you have specifically requested otherwise, on each occasion the Group shall provide your Due Diligence to the relevant parties without your separate prior approval.

If, during the course of the interview process the Group is required to transfer your Personal Data to a third country or country outside of the EEA and where no adequacy decision has been made, the Group ensures that any transfer of Personal Data has put forward appropriate safeguards, and on condition that enforceable Data Subject rights and effective legal remedies for Data Subjects are available. The Group may implement one or both of the following safeguards to ensure compliance with the general principles relating to processing:

Binding Corporate Rules

The Group are aware that BCRs are internal rules (such as Code of Conduct) that can be adopted by a multinational group of companies which define its global policy regarding the international transfers of personal data within the same corporate group to entities located in countries which do not provide an adequate level of protection.

Model Contracts

The European Commission have the power under Article 26 (4) of directive 95/46/EC to provide standard contractual clauses which they consider offer sufficient safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals. The Group utilises two sets of standard contractual clauses for transfers from Controllers to Controllers established outside the EU/EEA and one set for the transfer to Processors established outside the EU/EEA.

We will retain your personal information for the minimum period of time appropriate to the jurisdiction in which you would have been employed after we have communicated to you our decision about whether to appoint you to a role. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.

After this period, we will securely destroy your personal information in accordance with our data retention policy.

In general circumstances, if you are unsuccessful, we shall retain your information for a minimum of 6 months, and a maximum of 6 years, and if you are successful, at least 6 years following the termination of your employment with us. This may however vary depending on your specific circumstances.

We hold the Personal Data collected from you in a secure environment to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

You are entitled to have your Personal Data rectified if it is inaccurate or incomplete. Where a request for rectification has been received, HR shall endeavour to amend your information as soon as is reasonably possible.

Where the Group has disclosed such Personal Data to third parties, we shall inform them of the rectification where necessary and possible.

You can view the Personal Data that is held on you by contacting our HR department.

Under certain circumstances, by law you have the right to the following (please note that some of these rights are not absolute, but conditional on your particular circumstances):

• Access - You have the right to access the information on how we are processing your data and to the personal data that we hold about you.
• Rectification – we can amend your Personal Data should it be incorrect when informed by you.
• Erasure – where relevant, we can erase parts of your Personal Data if they are not required for the purposes detailed above.
• Restrict processing – where relevant, we can restrict the Processing of Personal Data that is being undertaken.
• Data portability – where relevant and following your request, we can export the Personal Data we hold on to you to a select third party depending on the type and format of transfer.
• Object to processing – where relevant, you can object to certain aspects of Processing of your Personal Data.

Where we are processing your Personal Data solely on ‘Consent’, you have the right to withdraw consent at any time, but this may not apply to all the personal data we hold about you.

If you wish to exercise any one or more of these rights, please submit a request to the relevant Data Protection Officer or HR or by emailing dataprotection@suntera.com.

Should you wish to find out more information about your rights, please contact the Group’s Information Governance Manager by emailing dataprotection@suntera.com.

We confirm that Suntera does not use Automated Decision-Making technology when processing your personal data.

You have the right to make a complaint to the supervisory authority for the place you reside, work or where your data is being processed.

We would appreciate the chance to deal with your concerns before you approach the Supervisory authority. Please contact the Group’s Information Governance Manager by emailing dataprotection@suntera.com in the first instance.

The supervisory authority for Suntera Global is the Isle of Man Information Commissioner’s Officer (ICO) who can be contacted via the following link: www.inforights.im. The supervisory authority for where you are working or you reside may be different and, if you choose to make your complaint with them, please contact the Information Governance Manager who will be able to provide you with their specific contact details.