XLOC (hereinafter, “the Company”) is strongly committed to protecting your personal information. It is our corporate social responsibility to protect personal information obtained from customers directly or through affiliated companies.
Accordingly, the Company shall comply with all applicable laws in the territories in which it operates. We regard proper management of personal data to be one of the core principles of our business.
The Company herein sets forth its Personal Data Protection Policy. Acting as a Data Controller with respect to the personal data collected from our website visitors and data subjects who directly send us their CVs, the Company will comply with laws and regulations pertaining to personal data protection, and shall put in place its own rules and systems.
All employees of the Company shall abide by the Personal Data Protection Policy and will make the strongest effort to protect personal data.
You can contact our Data Protection Manager at firstname.lastname@example.org for more information or concerns.
“Personal data” is defined in Article 4(1) of the GDPR as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
“Biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Data controller” means, the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Data protection laws” means for the purposes of this document, the collective description of the GDPR and any other relevant data protection laws that Jobcare complies with.
“Data subject” means an individual who is the subject of personal data
“GDPR” means the General Data Protection Regulation (EU) (2016/679)
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Supervisory Authority” means an independent public authority which is established by a Member State. In Ireland, this is the Office of the Data Protection Commissioner.
“Third Party” means a natural or legal person, public authority, agency or body other than the data subject, under our direct authority.
The Company will obtain personal data via appropriate methods. Except where allowed by laws and regulations, the Company uses personal data within the scope of the purposes of use specified. The Company will not use personal data beyond the necessary scope for the attainment of the stated purposes of use. Except where allowed by laws and regulations, the Company shall not provide personal data and personal identification data to a third party without prior consent from the individual.
Article 13(1) of the GDPR provides that:
“(1) Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: … (c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; (d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party.”
Article 6(1)(f) of the GDPR provides that:
“(1) Processing shall be lawful only if and to the extent that at least one of the following applies: (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
The legal basis for processing your personal data is our legitimate interests to carry out our business in favour of the well-being of all our clients, job seekers, service providers, employees and shareholders.
The data received from you will be used for recruitment purposes only and won`t be further processed in a manner that is incompatible with these purposes. Personal information submitted via the website could potentially be shared across our global studios and this would only be done for the purposes of recruitment.
The Company has offices located across 4 continents and 20 countries. The European Commission has made an “adequacy decision” with respect to the data protection laws of each of the countries The Company interacts with. For purposes of recruitment, appropriate safeguards will protect data transfers to each of the countries. More information about our Studios and their locations can be found at our About Us and Contact pages.
XLOC will keep your application and personal data for up to 12 months from the date you apply for a role so that you can be considered for future positions within this timeframe.
We have ensured that appropriate measures have been taken to provide information referred to in Articles 13/14 and any communication under Articles 15 to 22 and 34 (collectively, The Rights of Data Subjects), in a concise, transparent, intelligible and easily accessible form, using clear and plain language
In this section, we have summarised the rights that you have under the GDPR. Some of the rights may be complex, so please refer to GDPR Chapter 3 of the Regulation or feel free to get in touch with the Data Protection Manager at email@example.com for more information.
Your principal rights under data protection law are:
If you do not agree with or are not comfortable with any aspect of this statement, your only remedy is not to send your CV over and to discontinue using XLOC. Your continued use of any part of our site following notification or posting of such changes will constitute your acceptance of those changes.
The Company shall assign managers to oversee the protection and management of personal data. Roles and responsibilities regarding personal data will be clearly defined for all employees. Employees will receive guidance on best procedures when handling personal data.
In order to ensure the security of personal data, The Company shall implement and oversee security measures necessary for prevention of leakage, loss or damage of personal data. Should any the handling of any personal data be outsourced to a third party, an agreement with that third party requiring the protection of personal data will be created. The Company will provide instructions and supervision to the third party regarding the correct handling of personal data.
The Company shall continuously review and look for improvements in its Personal Data Protection Policy to match with changes in business, social, legal or IT environments.
The Company shall comply with all laws, government guidelines and other regulations governing the protection of personal data.
We do not knowingly collect any personally identifiable information from children below the age requiring parental consent. If it is discovered that we have collected personally identifiable information from such children without their parent’s consent, then reasonable measures will be taken to erase the information promptly.
The Company may revise this Policy in response to changes in applicable laws and regulations, or as necessary for best protecting personal information. Revisions to the Personal Data Protection Policy will become effective at the time of posting on the Company’s website unless otherwise noted.
The Company will establish a procedure to accept and respond to inquiries regarding the Personal Data Protection Policy or collected data by the Company, and will respond in a timely manner.
Updated on 1st October 2018
Contact information for inquiries about the Personal Data Protection Policy or Personal Data.