Applicant Privacy Notice

emTransit B.V.

T/A

Dott

Job Candidate Privacy Notice

Date of last amendment: 28 January 2022.

This notice explains what personal data (information that can directly or indirectly identify you) we hold about you, how we collect it, and how we use and may share information about you during your application process. We are required to notify you of this information under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.

Who collects the information

This privacy policy is issued on behalf of emTransit B.V. (trading as Dott), a private limited liability company incorporated under Dutch law, with registered office at Burgerweeshuispad 101, 1076 ER, Amsterdam, the Netherlands, registered under number 72795921 and its subsidiaries so when we mention “Dott”, “we,” “us” or “our” in this privacy policy, we are referring to the relevant company in the Dott Group responsible for processing your data which would vary depending on your country of residence.

While different entities in our corporate group may from time to time act as (co-)controllers in respect of your personal data, emTransit B.V. acts as the primary controller and responsible entity for all personal data processing described in this policy. Our Data Protection Officer oversees the entire corporate group’s compliance. For any questions about this policy, including questions about your rights under data protection law, please contact our Officer at: privacy@ridedott.com.

What information do we collect about you and for what purpose?

We will need certain information from you before we decide to employ you. This would usually include your name and contact details, details of your qualifications, experience, employment history and interests; details of your referees, proof of eligibility to work (for non-nationals), any other information you decide to submit or disclose during the recruitment process and any other information that we decide is necessary for us to arrive at a recruitment decision.

We collect this for the purpose of deciding whether to recruit you or not, to comply with legal obligations and for the purposes of our legitimate interests: to ensure we employ the right people.

How we collect the information?

We may collect this information:

  1. Directly from you when you provide it to us during your job application process or during your employment with Dott.
  2. Indirectly from your references, the social media profiles you shared with us and any recruitment agency if you have applied through them.

 

What do we do with your information?

>Information we collect >Why we collect the information (legal basis) and how we use it. >How we use and may share the information
>Contact details (names, email address,

home address, phone number, social

media handles).

CV (qualification information, work

experience, employment history,

interests).

References.

Proof of eligibility to work (for

non-nationals).

Certificate of conduct (if applicable, you

will receive further notice of this

practice).

Legitimate interest: for the purpose of assessing your candidacy for the role that you have applied to, determining whether you are eligible to work in the country you are applying for, and for ensuring

that we find the right candidate for the open role at Dott.

To comply with legal obligations.

>To assess your candidacy for the role.

To enter into/perform the employment contract.

We may share this information with the relevant

subsidiary if applicable, or with any recruitment

agencies we may be working with if you have

applied through them.

>Gender you identify with >Legitimate interest: for the purpose of increasing inclusivity in our recruitment processes and improving these, and in order to improve the process for the candidates. >We use and share internally this information in an aggregated manner.

Where information may be held

Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described at the end of this notice. Information may be transferred internationally to our group of companies and overseas to other countries around the world, including countries that do not have data protection laws equivalent to those in your country of residence, for the reasons described at the end of this notice. We will transfer your personal data outside the European Economic Area only when there is an appropriate safeguard in place.

We use Lever to process recruitment applications. For details on their privacy practices, please see: https://www.lever.co/privacy/

Most of our personnel records are stored on BambooHR. For details on their privacy practices, please see: https://www.bamboohr.com/privacy-policy/

We use different third-party payroll providers depending on your country of your residence. They act as our processors and we maintain primary responsibility for the protection of your information that we send to them.

How long we keep your information

If you provide us with your consent, we will retain this information for no longer than 1 year for the purpose of reaching out to candidates that we are interested in at a later stage, unless you ask us to delete it before that. If you do not provide us with your consent, we will retain this data for 90 days and once this period is reached, your personal data will be deleted.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and after going through a vetting process and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your rights under data protection law

We are committed to fulfilling your statutory data protection rights. If you send us a request regarding your rights under data protection law, we will respond within one month from the day of receipt and, where possible, address your request within such time. Where necessary, this period may be extended by up to a further two months in complex cases. Under the General Data Protection Regulation, you have the right:

to be informed to access (such information) to rectification
to erasure to restrict processing to object to profiling
to data portability to complain to the regulatory authority to withdraw consent

 

For full information on your statutory rights, please visit the:

  • Belgian Data Protection Authority’s website (https://www.autoriteprotectiondonnees.be/ – https://www.gegevensbeschermingsautoriteit.be/) for candidates based in Belgium;
  • Dutch Data Protection Authority’s website (https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/privacyrechten) for candidates based in the Netherlands;
  • Finish Data Protection Authority’s website (http://www.tietosuoja.fi/en/) for candidates based in Finland;
  • French Data Protection Authority’s website (http://www.cnil.fr/) for candidates based in France;
  • German Data Protection Authority’s website (http://www.bfdi.bund.de/) for candidates based in Germany;
  • Italian Data Protection Authority’s website (http://www.garanteprivacy.it/) for candidates based in Italy;
  • Norwegian Data Protection Authority’s website (https://www.datatilsynet.no) for employees based in Norway;
  • Polish Data Protection Authority’s website (https://uodo.gov.pl/pl) for candidates based in Poland; and
  • Spanish Data Protection Authority’s website (https://www.aepd.es/es) for candidates based in Spain.
  • Swedish Data Protection Authority’s website (https://www.imy.se/) for candidates based in Sweden.
  • United Kingdom’s Information Commissioner’s Officer (https://ico.org.uk/) for candidates based in the United Kingdom.

 

We would, however, appreciate the chance to deal with your concerns before you approach your Data Protection Authority so please contact us first by emailing us at privacy@ridedott.com.