In light of the introduction of the General Data Protection Regulation (GDPR) from 25 May 2018, organisations within the European Union are required to make available to you some information on the collection and processing of your personal data by the Stars Group.
This privacy notice contains information relating to the processing personal data when you participate in our recruitment process including applications, shortlisting and assessments.
What data do we collect?
In order to assess your suitability for the role you have applied for, we will require certain pieces of information and as part of your application this will include your name and contact details in addition to your employment history, qualifications and referee information.
In progressing through the selection process notes will be made following interviews and in any testing of your skills that are required, a record of the results of these will be maintained.
All of this information will be entered into and stored on our online recruitment system which is managed by Jobvite who are our third party data processor for recruitment.
The lawful basis for this processing is Article 6(1)(b) – necessary for the performance of a contract.
Why and how do we use it?
We use the information you have provided relating to your employment history, skills and qualifications to match to our role requirements and identify whether you should be shortlisted to go further in the process. We will use your contact information to ask you to complete further assessments which could take the form of an online test, attending an assessment centre or traditional phone or face to face interview. Or a combination of all.
We do not carry out solely automated decision making in our recruitment practices. We do have an element of automated processing, for example where a specific qualification is required the system can sift candidates out who are not in possession of the specified criteria and flags this to the TA team member. Ultimately this means the decision on whether the application will continue through selection is made by the TA team, not as a result of the automated process.
Some of our roles require a skills test, eg language capability and these are carried out online. These are subject to a level of automated decision making in terms of assessment. Again, we do not use solely automated decision making, this result is simply made available to the assessing team to make a decision on next steps in the application process.
How do we keep it secure and who do we share it with?
Within our own systems we have restricted access to data held so only those who need to use it can view it so this means only our Talent and People Services teams and post initial screening, the hiring team. In terms of external providers, we have assessed their compliance with the data protection regulations to ensure they apply an equal standard of security.
Where we share data with external parties this data is always secured, for example with a password; delivered using encrypted secure channels.
In some cases, we must provide personal data to our auditors as part of compliance with SOX and COSO regarding our hiring policy and practices. Currently our auditing is carried out by Deloitte.
As a global business, your data may also be transferred across the group. We ensure that the countries we share data with have the data protection adequacy provision as defined by the European Commission. Where we use data processors outside of Europe, we ensure they are covered by the same adequacy provision and where they do not we will employ model contract clauses to cover this protection.
Third Party Providers
Throughout our recruitment process we engage with third party providers who process some personal data. We have taken steps to ensure these suppliers are compliant with GDPR and they have the relevant safeguards in place to protect your personal data.
Where we arrange your travel to interview, we will need you to provide some personal data in order that we can book flights and hotels. Our travel company is GTP.
We do not share your information with any other parties aside from those listed above during the recruitment process. We do not contact anyone and disclose your application unless you have given us permission to do so. Where you have provided referee information, we will only contact these people once you are successful in securing an offer and have accepted. If you are successful we will need to share information with other parties to carry out verification and vetting checks including referencing and for some roles criminal and credit checking. We have a separate privacy notice for these areas.
How long do we keep it for?
If you are successful in securing a role with the Stars Group, we will keep the information you have provided during the application process for the whole period of your employment whatever location you are employed in. Beyond this time each country has specific retention periods for different sets of data. You can see our retention schedule as set out in the Retention and Erasure policy document on the Rail once you become an employee.
If you are unsuccessful in securing a position with us, regardless of how far along the selection process you progressed, we will retain your data for 12 months post the end of the recruitment campaign for the role that you applied for. When you make your application, you will be asked whether you would be happy for us to contact you to discuss other opportunities that you may be suitable for consideration for during this period. Your answer to this question will have no bearing on your application.
We will use all applicant information for analytical purposes and to establish how successful our campaigns have been. We may use data to establish how well we are meeting our diversity targets for example. This reporting is anonymised and you will not be able to be identified from this information.
You have certain rights under the GDPR regarding being informed of and having access to your personal data:-
- To be informed
- Access your data
- Restrict processing
- Data portability
- Rights related to automated decision making including profiling
Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR. It will depend on the lawful basis for the gathering of the category of personal data as to which of the additional rights apply and the right is not necessarily absolute and depends on the circumstances. So, for example if we have a legal obligation to process a dataset, your rights will extend to access and rectification (the latter being where the data is inaccurate).
Full details on rights and under what circumstances they apply can be found in your Information Commissioners’ guidance documents, contact details in the “ Any queries or concerns?” section.
Any queries or concerns?
If you have any concerns or queries about the collection, processing or retention of your data relating to the recruitment process, you can contact firstname.lastname@example.org to raise the matter with a member of the Talent team in the first instance. Please enter Personal Data Query into the subject line of your email.
Alternatively, you can email the data protection team at email@example.com
Should you have concerns that you believe the Company has not resolved or in any event, you can contact the Information Commissioner at:-
UK Information Commissioner's Office
Isle of Man Information Commissioner
Isle of Man
Bulgaria Commission for Personal Data Protection
Prof. Tsvetan Lazarov Blvd.,
Malta Office of the Information and Data Protection Commissioner
Triq II, Krbira
Republic of Ireland Data Protection Commissioner
21 Fitzwilliam Square