Job Applicant's Privacy Policy

SECTION 1 – Applicants Privacy Notice 

This Privacy Notice applies to the recruitment activities of Debono Group Holdings Limited, Michael Debono Limited, Storage Systems Limited & New Mobility Limited and Parts Supply Limited, hereafter individually and collectively referred to as the “Company”.

As part of our recruitment process, the Company’s HR Department collects and processes personal data relating to job applicants. The personal data may be held by the Company [and its subsidiaries] in paper or in electronic format. The Company [and its subsidiaries] is committed to being transparent about how it collects and uses that data and to meeting its obligations under the General Data Protection Regulation [GDPR] and the Data Protection Act 2018.

The purpose of this Privacy Notice is to make you aware of how and why we will collect and use your personal data during the recruitment process. We are required under the GDPR to notify you of the information contained in this Privacy Notice which applies to all job applicants.

If you have any questions about this Privacy Notice or about how we handle your personal data please contact [email protected]

SECTION 2 – What Personal Data Do We Collect? 

As part of the recruitment process we may collect the following personal data:

name, address, date of birth, email address, nationality and phone number; personal data included in a CV, application form, cover letter or interview notes, such as qualifications, skills, experience and employment history; information about your entitlement to work in Malta, where applicable; References; Driving licence (where applicable).

The Company may also collect, use and process the following special categories of personal data during the recruitment process:

whether or not you have a disability, (if voluntarily disclosed by you), for which the Company needs to make reasonable adjustments during the recruitment process;

information about criminal convictions and offences and a conduct certificate issued not more than six (6) months prior to the date of submission of the application. Provided that the Company shall only verify and will not retain any such certificates, unless required by law.

The Company may collect this data in a variety of ways. For example, data might be contained in application forms, covering letters, CVs, your identity documents or collected through interviews. We may also collect personal data about you from third parties, such as recruitment agencies or references supplied by current or former employers. Other than recruitment agencies, the Company will only seek personal data from third parties once a conditional offer of employment has been made to you and we will inform you if and when we are doing so.

Data will be stored in a range of different places, including on your application record, in employee files, in HR management systems and on other IT systems (including email).

SECTION 3 – Who Is The Data Controller? 

Whether received by e-mail, by post, online or in any other manner, the HR Department is the Data Controller for Job Applications. The Data Controller for Job Applications can be contacted on the following e-mail address:[email protected]

SECTION 4 – Who Has Access To The Data? 

Your personal data received for the purposes of recruitment will be mainly processed by the HR Department. Any employment service provider who has access to such data is governed by the conditions described in the ‘How does the Company protect data?’ section below. The personal data may be shared internally for the purposes of the recruitment exercise. This includes managers in the department which is offering the vacancy and IT staff if access to the data is necessary for the performance of their roles.

Where we share such data with a third party employment service provider, we will do so in accordance with the conditions described in the ‘How does the Company protect data?’ section below.

We may then share your data with (i) former employers to obtain references, (ii) employment background checks to obtain necessary reference checks (iii) professional advisors, such as lawyers.

SECTION 5 – Why Does Debono Group Process Personal Data?

We will only collect and use your personal data when the law allows us to. We need to process data prior to entering into an Employment Agreement with you. In some cases, we need to process data to ensure that we are complying with legal obligations. For example, it may be necessary for us to check the applicant’s eligibility to work in Malta before employment starts if the applicant is from a non-EU/EEA country.

The HR Department has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Our legitimate interests include: pursuing our business by employing employees; managing the recruitment process; and conducting due diligence on prospective staff and performing effective internal administration. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

SECTION 6 – Special Categories Of Data 

Some special categories of personal data i.e. information about your health, criminal convictions and offences, are processed so that we can perform or exercise our obligations or rights under employment law and in line with our Employee Privacy Policy, a copy of which may be obtained by request to [email protected].

SECTION 7 – How Does The Company Protect Data? 

We take the security of your data very seriously. The company has put in place internal policies and controls to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

Where your personal data is shared with third parties, we require all third parties to take appropriate technical and organizational security measures to protect your personal data and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow third parties to process your personal data for specific purposes and in accordance with our written instructions.

The Company also has in place procedures to deal with a suspected data security breach and we will notify both the Information and Data Protection Commissioner and yourself of any suspected data breach where we are legally required to do so.

SECTION 8 – For How Long Does The Company Keep Data? 

The company will only retain your personal data for as long as necessary, to fulfil the purposes for which it was collected and processed, in this case recruitment. For our Data Retention Policy contact [email protected].

If your application for employment is unsuccessful, the company will hold your data on file for 6 (six) months from the date on which the Company shall communicate its decision to engage you or not.

If you agree to allow us to keep your personal data on file, we will do so for consideration for future employment opportunities for a further period of six (6) months. You are also reminded that you are free to withdraw your consent at any time. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources employee file (electronic and/or paper based) and retained during your employment. This will be subject to our general Privacy Policy for current employees.

In instances of false statements including but not limited to false representations of one’s qualifications or inconsistencies in one’s employment history, we shall retain a record of any necessary details in our legitimate business interest or the possible establishment, exercise or defence of legal claims, as permitted under the Criminal Code (Chapter 9 of the Laws of Malta).

SECTION 9 – Your Rights As A Data Subject 

As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to: be informed; access your personal data; request rectification of your personal data; restrict processing; be forgotten (erasure); portability; restrict processing; refuse automated decisions;  object to certain types of processing.

You have the right to make an enquiry or send a complaint to the Company’s Data Protection Officer at [email protected]. The Company may request specific information from you in order to verify your identity and check your right to access the personal data or to exercise any of your other rights. This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive this. For more information on our Data Subject Request procedures kindly contact [email protected].

In the unlikely event that you consider that we are processing your data not in accordance with the law, you also have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner by email on [email protected], by ordinary mail at Information and Data Protection Commissioner, Level 2, Airways House, High Street, Sliema, SLM 1549, Malta or by calling on (+356) 2328 7100.

SECTION 8 – What If You Do Not Provide Personal Data? 

You are under no statutory or contractual obligation to provide data to the Company during the recruitment process. However, if you fail to provide the data when requested, we may not be able to process your application properly, or at all.

  • Changes to this Privacy Notice

The Company reserves the right to update or amend this privacy notice from time to time.

  • Contact

If you have any questions about this privacy notice or how we handle your personal data please feel free to contact us on [email protected].

The Company’s Data Protection Officer may be reached at [email protected].

 

Version 2021.09 | Last Update: 2nd September 2021

< Back