MThree Corporate Consulting Limited - Candidate Data Protection Privacy Notice
This notice explains what personal data (personal information) we will hold about you, how we collect it, and how we will use and may share personal information during the application process. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information.
Who collects the personal information
MThree Corporate Consulting Limited (‘Company’) is a ‘data controller’ and gathers and uses certain personal information. This personal information is also used by our affiliated entities, namely MThree Singapore, MThree China, MThree Hong Kong, MThree Americas, Mtrois, MThree France, MThree Poland and MThree Australia (our ‘affiliated companies’) and so, in this notice, references to ‘we’ or ‘us’ mean the Company and our affiliated companies.
Data protection principles
The data protection principles which we will apply when gathering and using personal information, are set out in our Data Protection (Employment) Policy) available from the HR Department.
About the personal information we collect and hold
A table summarising the personal information we collect and hold up to and including the shortlisting stage of the recruitment process, how and why we do so, how we use it and with whom it may be shared is available here.
A table summarising the additional personal information we collect before making a final decision to recruit, i.e. before making an offer of employment unconditional, how and why we do so, how we use it and with whom it may be shared is available here.
We seek to ensure that our personal information collection and processing is always proportionate. We will notify you of any changes to personal information we collect or to the purposes for which we collect and process it.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your personal information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Where personal information may be held
Personal information may be held at our offices and those of our affiliated companies, and third-party agencies, service providers, representatives and agents and in cloud-based IT services.
How long we keep your personal information
We keep the personal information that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep your personal information will depend on whether your application is successful, and you become employed by us, the nature of the personal information concerned and the purposes for which it is processed.
We will keep recruitment personal information (including interview notes) for no longer than is reasonable, taking into account the limitation periods for potential claims such as race or sex discrimination (as extended to take account of early conciliation), after which they will be destroyed. If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so but will first consider whether the records can be pseudonymised, and the longer period for which they will be kept.
If your application is successful, we will keep only the recruitment personal information that is necessary in relation to your employment. For further information, see our data protection privacy notice (employment).
Who should I contact if I have any queries?
You should contact the Head of HR who can be contacted at firstname.lastname@example.org (our Data Protection Contact).
Your rights to correct and access your personal information and to ask for it to be erased
Please contact our Data Protection Contact if (in accordance with applicable law) you would like to correct or request access to personal information that we hold or if you have any questions about this notice. You also have the right to ask our Data Protection Contact for some but not all of the personal information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. our Data Protection Contact will provide you with further information about the right to be forgotten, if you ask for it.
How to complain
We hope that our Data Protection Contact can resolve any query or concern you raise about our use of your personal information. If not, contact the Information Commissioner at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.