NAVEX Global - Candidate Privacy Notice
NAVEX Global, including its applicable affiliates and subsidiaries, are committed to respecting your privacy and we recognize the need to appropriately protect and manage any personally identifiable information, or personal data, you share with us.
Under applicable privacy laws, NAVEX Global is a “data controller” and a “business” in relation to personal data you share with us. This means we are responsible for appropriately holding and using your personal data. This Candidate Privacy Notice (“this Notice”) is intended to provide you with additional information about how and why your personal data will be used and how long we will usually retain it. In addition, this Notice provides you with certain information that must be provided under applicable laws, including the General Data Protection Regulation ((EU) 2016/679) and the California Consumer Privacy Act of 2018 (“CCPA").
Data protection principles
We will comply with applicable data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
- We do not sell personal information.
Why we collect information from you
The personal data we collect from you is used by us as part of our employment and recruitment process.
The kind of information we hold about you
In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:
- The information you have provided to us in your curriculum vitae and cover letter.
- The information you have provided on our application form, including name, title, address, telephone number, personal email address, employment history, qualifications.
- The information provided to us in connection with a pre-employment aptitude test.
- Any information you provide to us during an interview.
How is your personal information collected?
We collect personal information about candidates from the following sources:
- You, the candidate.
- Recruitment agencies and vendors we have agreed terms in place with.
- Your public professional networking profile.
- Employees and others who refer you to us.
- You may also be invited to apply through our recruitment agencies and vendors.
How we will use information about you?
We will use your personal data to:
- Assess your skills, qualifications, and suitability for the role.
- Carry out background and reference checks, where applicable.
- Communicate with you about the recruitment process.
- Provide you a pre-employment aptitude test.
- Keep records related to our hiring processes.
- Comply with legal or regulatory requirements.
- Decide whether to offer you employment and enter into a contract of employment with you.
Having received your CV, cover letter and/or your application form, we will then process that information to decide whether you meet the basic requirements to be screened by our in-house recruitment team. Once screened by our in-house team, we will decide whether your application is strong enough to invite you for an interview, be it by telephone, in person or other electronic means. You may be invited to take a pre-employment aptitude test as part of our screening process. If we decide to engage you for an interview, we will use the information you provide to us during the interview to decide whether to offer you employment.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your employment (such as evidence of qualifications or work history), we will not be able to process your application successfully and unable to take your application further.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Data sharing with service providers and other countries
We will only share your personal data with third party partners as follows:
- For the purposes of processing your application;
- We may share your information with other companies within our ownership group if we believe they may have relevant vacancies you might be interested in;
- Any service provider or other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies and applicable law. We do not allow service providers to use your personal data for their own purposes and only allow them to process your personal data for specified purposes and in accordance with our instructions.
As applicable, we may transfer your personal information to the United States in support of our employment and recruitment processes. Any such transfers will be in compliance with the EU-U.S. or Swiss – U.S. Privacy Shield principles. NAVEX Global and its U.S. affiliates, The Network, Inc. and Lockpath, Inc. ("NAVEX US") have committed to handling such information in accordance with the EU-US Privacy Shield and Swiss-US Privacy Shield Framework Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from countries in the EEA. All NAVEX US companies have certified that they adhere to the Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity & Purpose Limitation, Access and Recourse, Enforcement & Liability (the “Principles”). However, in 2020, both frameworks were declared invalid as a legal mechanism that could be relied on for the lawful transfer and processing of personal information from the EEA, the United Kingdom, and Switzerland. Despite this, NAVEX Global continues to certify its compliance with the frameworks as a means of evidencing its continued commitment to protecting personal information from the EEA, the United Kingdom, and Switzerland and remains under the jurisdiction of the U.S. Federal Trade Commission. As required by the frameworks, any personal information we receive under the frameworks will be maintained in accordance with the Principles.
If there is any conflict between the policies in this Notice and the Principles, the Principles shall govern. To learn more about the Principles and to view our certification, please visit: https://www.privacyshield.gov/.
We have taken appropriate safeguards to require that the personal information we process will remain protected when transferred internationally. NAVEX Global relies on the European Commission's Standard Contractual Clauses, a third-party service provider’s Binding Corporate Rules or other legally approved mechanism, for any transfer of personal information to non-EEA, United Kingdom, or Switzerland locations.
Personal information received by NAVEX Global following invalidation of the Frameworks will be transferred and processed in accordance with the applicable European Commission’s Standard Contractual Clauses. More information about Privacy Shield can be found here and more information about the Standard Contractual Clauses can be found here.
NAVEX Global entities located in the United States are subject to the investigatory and enforcement powers of the Federal Trade Commission.
If you are resident in the EEA and believe that your personal data has not been processed in compliance with the Principles, you may raise your complaint in a number of ways:
(1) You can contact us directly using the contact details provided below and we will respond to your complaint within 45 days of receipt:
Please use this web form or contact firstname.lastname@example.org.
(2) If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you can contact your state or national data protection or labour authority in the jurisdiction where you work. We have committed to cooperate with the panel of the EU Data Protection Authorities (DPAs), and the state or national data protection authority where you work, to investigate unresolved complaints.
Under certain conditions, described more fully on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
We use appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third party partners who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- Where you are not hired by us, we may retain your personal information for a reasonable period so that we can make you aware of any suitable alternative roles that arise during this period.
- We also retain your personal information so that we can demonstrate, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.
- Unless prohibited by applicable law, you can request that we not retain your personal information by notifying us at any time and we will delete your personal information.
NAVEX Global acknowledges that you may have the right to access your personal information under certain circumstances.
Identity Verification Requirement. We are required by law to verify that any request submitted was made by someone with the legal right to access the data. Therefore, prior to accessing or divulging any information pursuant to a data subject access request, we may request that you provide us with additional information in order for us to verify your identity and legal authority.
Under certain circumstances we may not be able to fulfill your request, such as where doing so would interfere with our regulatory or legal obligations, where we cannot verify your identity, or if your request involves disproportionate cost or effort; in any event, we will respond to your request within a reasonable time frame and as required by law, and provide you an explanation.
Rights provided under the Privacy Shield Frameworks to personal information transferred from European Union (EU) member countries and Switzerland to the United States. NAVEX Global respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please use this web form.
European Economic Area, Switzerland or United Kingdom Citizen Rights. Individuals who reside in the European Economic Area (EEA), including Switzerland and the United Kingdom (UK) have additional rights reserved under the General Data Protection Regulation (GDPR), the UK Data Protection Act and/or ePrivacy Directive, as applicable. This section details those additional rights and information on how to exercise them:
- You may request to access, correct, update or request deletion of your personal information.
- You may request additional information related to the purposes for which we process your personal information, the categories of personal information we process, where we originally collected the information, who we share it with, and how long we will retain it.
- You may object to our processing of your personal information, request that we restrict the processing of your personal information or request portability.
- You have the right to opt-out of marketing communications we sent you at any time. You can do so by clicking the “unsubscribe” or “opt-out” link in the marketing emails we send to you. You may also opt-out of other forms of marketing (such as postal or telemarketing).
- Where we have collected and processed your personal information with your consent, you can withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- Upon your request, and where it is technically feasible, NAVEX Global will provide you with a copy of your personal information or transmit it directly to another controller.
- You have the right to submit a complaint to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authorities. Contact details are available here.
To make a request please use this web form or email us at email@example.com with “Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information and any other detail you feel is relevant. NAVEX Global will provide a response to an access request within 30 days of receiving such request or if we cannot, we will notify you and provide you with the reason for the delay.
California Citizen Rights. If you are a California-based consumer, as that term is defined under California law, this section shall apply in addition to all other applicable rights and information contained in this privacy notice. We collect, use and disclose the categories of personal information from the sources identified in this privacy notice. Our business purposes for such collection, use and disclosure, along with any categories of third party partners, are identified in this privacy notice. Individuals who reside in the state of California have additional rights reserved under the California Consumer Privacy Act and the California Shine the Light law:
- You have the right to request that we provide you with the categories of personal information and the specific pieces of personal information we have collected and store about you.
- You have the right to request that we delete personal information we, or our service providers, store about you.
- If you elect to exercise any rights under this section of our privacy notice, we will not discriminate or retaliate against you.
- We do not sell personal information.
- To exercise your rights as a California consumer, please use this web form or call us toll-free at +1 844-842-0916.
Right to withdraw consent
When you apply for a role, you provide consent to our processing your personal information for the purposes of the recruitment and employment exercise. You have the right to withdraw your consent for processing for that purpose at any time.
To withdraw your consent, please contact the Recruitment Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our policies, we will dispose of your personal data securely.
Data protection officer
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO by email, at firstname.lastname@example.org.
You have the right to make a complaint at any time to your local supervisory authority for data protection issues.
Cookies on NAVEX Global’s Career Site
For NAVEX Global’s Career Site (e.g. https://navexglobal.wd5.myworkdayjobs.com/en-US/NAVEX and related pages), NAVEX Global uses only cookies and similar tracking technologies (beacons, tags, and scripts) which are required for the website to function properly.
All cookies used on our Career Site are session-based. Session cookies make it easier to navigate our Career Site and disappear from your computer when you close your browser or turn off your computer.
These cookies cannot be switched off in our systems. They support session management (permitting timing out session after inactivity), security management (protecting web infrastructure against potential attacks), and routing (forwarding requests for a single session to the same server for consistency of service across pages within the Career Site). You can set your browser to block or alert you about these cookies, but some parts of our Career Site will not work if you block them. They do not store information that identifies you directly.