Candidate Employees’ Privacy Policy
1. INTRODUCTION MARIS POLYMERS S.M.S.A. is committed to protecting the privacy and security of personal data of its candidate employees. This Policy provides information on how we collect, use and maintain personal information regarding you, in relation to a job application you submitted to the Company, in accordance with the General Data Protection Regulation (GDPR) and the institutional framework of personal data protection in Greece (including Law 4624/2019 and relevant decisions and opinions of the Hellenic Data Protection Authority (HDPA)). It applies to all candidate employees and trainees (together referred to as candidates). The purpose of this policy is to provide information to the above individuals as regards the processing of their personal data by the Company and their rights. 2. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA The Company is responsible for the processing of your personal data as data controller. 3. PRINCIPLES GOVERNING THE PROCESSING The protection of personal data is very important for the Company. In this context, we ensure that your personal data: (a) are processed lawfully, fairly and in a transparent manner. (b) are collected for specific, explicit and legitimate purposes and are not further processed in a manner incompatible with those purposes. (c) are appropriate, relevant and limited to what is necessary for the purposes for which they are processed. (d) are accurate and, where necessary, kept up to date. (e) are kept in a form which allows the identification of data subjects only for the period required for the purposes for which the personal data are processed. (f) are processed in a manner that ensures appropriate security of the personal data, including their protection against unauthorized or unlawful processing, and accidental loss, destruction or damage, by taking appropriate technical and organizational measures. 4. WHAT DATA ARE WE PROCESSING DURING THE RECRUITMENT PROCESS? Τhe Company during the recruitment process, either through a job advertisement or in collaboration with a job search service provider or a web platform, collects exclusively personal data from the candidate employee, which he / she discloses to us, such as his / her personal details, contact details, information regarding his / her marital status, his training and work experience. More specifically, the Company collects from its candidates the following categories of candidates’ data:
Please note that when applying through the Saint Gobain candidate portal, the more specific SG Group Policy here is applicable. 5. ON WHICH LEGAL BASIS DATA PROCESSING IS BASED AND FOR WHICH PURPOSE; The Company processes the Personal Data of its candidate employees before hiring, for the following purposes: (a) Performance of its obligations arising from the employment agreement, such as: -candidate selection and relevant communications -making a hiring decision, -undertaking measures upon request by the data subject, -management, planning and organization of work, -general human resources management. The legal basis for processing for the above purposes is the undertaking of measures before the execution of a contract (Articles 6(1)(b) GDPR & 27(1), (3) Law 4624/2019). (b) Pursuit of the legitimate interests of the Company or a third party, unless these interests are overridden by the candidate’s interests or fundamental rights, such as: -establishment, exercise and defense of legal claims, -smooth operation of the Company, -reporting and statistics - centralized administration of the recruitment process by the SAINT GOBAIN group. The legal basis for processing for these purposes is the legitimate interest of the Company (Article 6(1)(f) GDPR). (c) For special categories of Personal Data, especially health data, the Company processes such data when necessary for the performance of obligations and the exercise of specific rights of the Company or employees in the field of labor law and social security/social protection law, usually on an advanced stage of the recruitment process The legal basis for processing is the performance of obligations and exercise of rights in labor and social security law, assessment of working capacity, and protection of public health (Articles 9(2)(b), 9(2)(h),) GDPR, Article 27 Law 4624/2019). 6. WHO RECEIVES AND PROCESSES THE DATA In order for the Company to fulfill the aforementioned purposes, it discloses candidate’s Personal Data only to the staff members of the Company’s HR department and only to the extent necessary for the performance of their duties. Regarding other employees, access is tiered according to their position and responsibilities and is limited to the data necessary for the specific processing purposes they have been assigned. Your personal data may be disclosed to external service providers, such as, indicatively, job search service providers and IT service providers. Furthermore, if necessary, your data may also be transferred to the personnel files of an affiliated Company within the SAINT GOBAIN group in the EU for centralized administration of the recruitment process 7. TIME OF RETAINING PERSONAL DATA The above personal data are retained for six (6) months after the completion of the job-filling process. If a CV is sent without reference to a specific job opening, it is retained for six (6)months from the time it is received by the Company for the purposes of potential future job opening. 8. DATA SUBJECTS’ RIGHTS Subject to the exceptions provided by the GDPR and national legislation, candidates have the right to request from the Company access to their Personal Data, as well as the rectification, erasure, or restriction of the processing thereof. They also have the right to object to the processing of their Personal Data and the right to data portability of such Personal Data. If the processing of the candidate’s Personal Data is based on his/her consent, the candidate may withdraw such consent at any time with effect for the future. In such a case, the candidate’s Personal Data will no longer be processed for the specific purpose following the withdrawal of consent. The candidate may also lodge a complaint with the Hellenic Data Protection Authority (further information is available on its website, www.dpa.gr). For any questions or concerns regarding the processing of Personal Data by the Company and/or for the exercise of his/her rights, the candidate may contact via email our Data Protection Officer at [email protected]. 9. SECURITY The Company implements appropriate technical and organizational measures to ensure an appropriate level of security for Personal Data, taking into account any risks, in compliance with the GDPR and national legislation The policy is reviewed and revised periodically, where required, in accordance with the applicable Legislation, Circulars and Decisions of the Personal Data Protection Authority. |