Scope of This Privacy Statement
This policy explains:
At Dott, we understand that your personal data is essential to you. This privacy statement explains in a simple and transparent way to process your personal data.
As you are a potential employee of Dott, there is certain personal information we are legally required to collect or that we need to execute our duties and fulfill our contractual obligations. There is also information that we need for specific HR processes.
We aim to only ask you for personal data that is strictly necessary for the relevant purpose. Not providing this information may mean we cannot hire you.
This privacy statement applies to the following:
All job applicants, including independent contractors or anyone else, are hired to work at Dott.
We obtain your personal data in the following ways:
You share it with us when you apply for a job.
From the person who recommended your job application.
The Types of Personal Data We Processes
Personal data refers to any information that identifies or is identifiable to you.
Personal data we process about you includes:
Identification data, such as your name, surname, date, and place of birth, ID number, passport number, other data in your ID document, driving license, passport or other document confirming your identity, social security number, home address, or place of residence, phone number and email address.
Personal information, such as nationality; gender; work permits; photographs; professional experience (profile, previous employers, termination of last employments and work carried out, special projects, outside positions); education, professional qualifications, and continuous training (diplomas, certificates, internships).
Interests and needs, for example, hobbies and memberships you share with us.
Audio-visual data, where applicable and legally allowed, we process surveillance videos of Dott offices and car parks.
Sensitive personal data is information about your health, ethnicity, religious or political beliefs, genetic or biometric data, or criminal records.
We may process your sensitive data if:
It is legally required and allowed to do so under local law. For example, we may be obliged to keep a copy of your passport or identity card when you become a Dott employee.
If you are offered and accept employment with Dott, the information collected during the application and recruitment process will become part of your employment record.
Dott will use your information for the purposes of carrying out its application and recruitment process, which includes:
Human Resources and Personnel Management
As your potential employer, we process information about you necessary to fulfill our contractual obligations or to take necessary steps at your request before entering a contract. We also process information about you when we have a legal obligation to do so, or it is in our legitimate interest, such as for administrative purposes and to manage our relationship with you. Activities falling under this purpose include recruitment.
Dott will use your information for the purposes of carrying out its application and recruitment process, which includes:
Assessing your skills, qualifications, and interests against our career opportunities;
Verifying your information and carrying out reference checks and/or conducting background checks (where applicable) if you are offered a job;
Communications with you about the recruitment process and/or your application(s), including, in appropriate cases, informing you of other potential career opportunities at Dott;
Creating and/or submitting reports as required under any local laws and/or regulations, where applicable;
Where requested by you, assisting you with obtaining an immigration visa or work permit where required;
Making improvements to Dott’s recruitment process, including improving diversity in recruitment practices;
Complying with applicable laws, regulations, legal processes, or enforceable governmental requests; and/or
Proactively researching your educational and professional background and skills and contacting you if we think you would be suitable for a role with us.
As part of our commitment to equal-opportunity employment, we may process information regarding your membership in various organizations to support our diversity and inclusion efforts.
Retention of Your Personal Data
We are legally required to retain your personal data for a specified period. This retention period may vary from a few months to years, depending on the categories of personal data, but not later than 18 months maximum.
When we no longer need your personal data for the process or activity, we originally collected it for, we delete it, or aggregate it (bundle data at a particular abstraction level), render it anonymous, and dispose of it in accordance with the GDPR.
Who We Transfer Your Data With?
We share specific data internally (with other Dott entities) and externally (with third parties outside of Dott).
Whenever we share personal data in countries outside of the European Economic Area (EEA) — whether internally among the entities or with third parties we ensure there are safeguards in place to protect it. For this purpose, we rely on (among) others:
Applicable local laws and regulations.
EU Model clauses, when applicable. We use standard contractual clauses in agreements with service providers to ensure personal data transferred outside of the EEA complies with EU General Data Protection Regulations (GDPR).
Adequacy decisions by the European Commission establish whether a country outside of the EEA ensures personal data is adequately protected.
Dott entities transfer data across Dott businesses and branches for various purposes. We may also transfer data to de-centralized storage systems or for processing centrally within Dott for efficiency.
For all internal data transfers, we rely on our legitimate business interests.
Government, supervisory, and judicial authorities to comply with our regulatory obligations, we may disclose data to the relevant government, supervisory or judicial authorities. In some cases, we are obliged by law to share your data with external parties, including:
Tax authorities may require us to report your assets (e.g., your salary). We may process your social security number or tax identification number for this.
Judicial/investigative authorities such as the police, public prosecutors, courts, and arbitration/mediation bodies on their express and legal request.
Service providers and other third parties, when required for a particular task, may share your personal data with external service providers or other third parties who carry out certain activities for Dott in the ordinary course of our business.
Service providers support us with activities like:
We use Lever to process recruitment applications. For details on their privacy practices, please see: https://www.lever.co/privacy/
Researchers, As Dott, we always seek new insights to help you get ahead in life and business. For this, we may share your personal data with partners like universities and other independent research institutions, who use it in their research and innovation. The researchers we engage must satisfy the exact strict requirements of Dott employees. This personal data is shared at an aggregated level, and as far as possible, the research results are anonymous.
In all these cases, we ensure that third parties can only access personal data necessary for their specific tasks.
Your Rights and How We Respect Them
You have certain privacy rights when it comes to processing your personal data.
We respect the following rights:
Right to access information, you have the right to ask us for an overview of your personal data that we process and/or a copy of this data.
Right to rectification, if your personal data is incorrect, you have the right to ask us to rectify it. If we have shared data about you with a third party, we will notify that party of any corrections made.
Right to object to processing, you can object to us using your personal data for our own legitimate interest – if you have a justifiable reason. We will consider your objection and assess whether there is any undue impact on you that would require us to stop processing your personal data.
You may not object to us processing your personal data if:
It is legally required to do so, or
It is necessary to fulfill a contract with you.
Rights regarding automated decisions, we sometimes use systems to make automated decisions based on your personal information that is necessary for fulfilling a contract with you. If automated decisions are used, we will inform you about this. You have the right to object to such automated decisions and ask an actual person to make the decision instead.
Right to restrict processing, you have the right to ask us to restrict using your personal data if:
If the information is not accurate
If the processing of your personal data unlawfully
Dott no longer needs the data, but you want us to keep it for use in a legal claim
You have objected to us processing your data for our own legitimate interests.
Right to data portability, you have the right to ask us to transfer your personal data directly to you or another company. This applies to personal data we process by automated means, with your consent, or based on a contract with you. We will transfer your personal data where technically feasible and based on GDPR.
Right to erasure
We are legally obliged to keep specific personal data for a specified period. You may ask us to erase your online personal data, and the right to be forgotten is applicable if:
We no longer need your personal data for its original purpose
You object to us processing your personal data for our own legitimate interests, and we find your claim to be legitimate
We unlawfully process your personal data
Local law requires Dott to erase your personal data.
Right to complain
Should you not be satisfied with how we have responded to your concerns, you have the right to submit a complaint. If you are unhappy with our reaction to your complaint, you can contact the data protection authority in your country if applicable.
Exercising your rights
If the requirements for your request are not fulfilled, your request may be denied. If the law permits, we will notify you of the reason for the denial.
We aim to address your request as quickly as possible. However, our response time may vary based on your location and applicable local laws. Should we require you to complete your request, then legally allowed, we will notify you immediately and provide reasons for the delay.
How We Protect Your Personal Data
We take appropriate technical and organizational measures (policies and procedures, IT security, etc.) to ensure the confidentiality and integrity of your personal data and how it’s processed. We apply an internal framework of policies and minimum standards across all our businesses to keep your personal data safe. These policies and standards are periodically updated to remain current with regulations and market developments.
Update To Your Privacy Statements
We may amend this privacy statement to remain compliant with any changes in law and/or to reflect how we process personal data. This version was created on 06.03.2023
Contact and Questions
You may always contact the Data Protection Officer for any questions or concerns. In addition, depending on your country of residence, you may raise queries or concerns regarding your personal information with your local data protection authority.