This personal data protection policy applies to candidates applying for a job, internship or freelance collaboration, as well as persons whose data has been provided to us by third parties such as recruitment agencies or professional social networks (LinkedIn, etc.) (“Candidates” or “you”).

 

This policy informs you about the way in which Tiberone (“Tiberone” or “we”/“us”), in our capacity as a data controller, collects and uses your personal data (“Personal Data”) as part of the application and recruitment process, and about the means available to you to control such use and exercise your rights in relation to it.

 

Tiberone processes your Personal Data with respect for privacy and in compliance with applicable laws and regulations in terms of the protection of personal data.

 

1. Collection of personal data

 

The Personal Data collected and processed by Tiberone is that which you provide directly to us or which is obtained, where applicable, from third parties in the context of the recruitment process, and may include: your last name, first name, and contact details; data relating to your qualifications and professional experience (e.g. degrees or diplomas, previous employment); professional references; and the results of background checks carried out where permitted by applicable law.

 

Tiberone only processes information that is relevant, appropriate, and limited to what is necessary for the purposes for which it is processed.

 

As such, please limit the information sent to us to a strictly professional context, and do not include on your CVs or in any communications with our teams any sensitive information.

 

2. Purposes of processing and legal basis

 

Personal Data is collected and processed as part of the application and recruitment process on the basis of Tiberone’s legitimate interest in recruiting candidates for a job, internship or freelance collaboration and, where applicable, in order to take steps at the request of the candidate prior to entering into an employment or freelance contract.

 

3. Storage period

 

If your application is successful, your Personal Data will be stored for the duration of the employment contract, in addition to any applicable limitation periods.

 

If your application is unsuccessful, your Personal Data will be stored for a duration of two years, starting from our final communication with you, unless you provide us with your consent to keep the data for longer for future recruitment opportunities.

 

4. Who has access to personal data?

 

Your Personal Data is communicated to those Tiberone employees who are responsible for recruitment, as well as to any individual involved in the recruitment process (such as managers, for example).

 

Your Personal Data may be transmitted to Tiberone’s subcontractors, who are required to process your Personal Data within the framework of the assignment entrusted to them by Tiberone.

 

We ensure that our subcontractors provide a level of protection equivalent to that implemented by Tiberone and require contractual commitments so that your Personal Data is processed exclusively for the purposes that you have previously accepted, with the required level of confidentiality and security.

 

As part of its recruitment activities, Tiberone may use subcontractors located outside the United Kingdom. Where Personal Data is transferred internationally, Tiberone implements appropriate safeguards in accordance with applicable data protection laws, including the UK GDPR, such as the use of standard contractual clauses, and ensures that an adequate level of data security is maintained.

 

5. Confidentiality and security

 

We undertake to process your Personal Data in a confidential manner that guarantees its protection. We implement security measures to prevent any unauthorized access, modification, disclosure, or destruction of your Personal Data.

 

6. Candidates’ rights

 

You have the right to access your Personal Data, to have it corrected if it is not accurate, to have it deleted in certain circumstances, to exercise the right to portability of the data, and to request a limitation on the processing of the data.

 

Tiberone has not appointed a Data Protection Officer (DPO). You may nevertheless exercise your rights under applicable data protection regulations by contacting Tiberone at the following contact details:

 

• by email: marketing@tiberone.com

• by post: Tiberone, 1 Brookmans Avenue, Brookmans Park - AL9 7QH Hatfield - England

 

Tiberone undertakes to respond to any request as soon as possible and within the statutory timeframe. Where there is reasonable doubt concerning the identity of the data subject, Tiberone may request additional information necessary to confirm the identity of the requester.

 

For the purposes of traceability and proof of the deletion of your data, we will keep your deletion request, the date of the effective deletion and the date of the reply sent by Tiberone for a period of five (5) years from the effective deletion of the data.

 

If you believe that your rights under applicable data protection laws have been infringed, you have the right to lodge a complaint with the United Kingdom’s data protection supervisory authority:

​

Information Commissioner’s Office (ICO)

Website: https://www.ico.org.uk

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom

 

In addition to the right to lodge a complaint with the Information Commissioner’s Office (ICO), candidates located in the European Union may also lodge a complaint with the data protection supervisory authority of their Member State of habitual residence, place of work, or place of the alleged infringement.

 

7. Applicable law

 

This Privacy Policy is governed by and interpreted in accordance with the laws of the United Kingdom, in particular the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where the processing of Personal Data concerns candidates located in the European Union, such processing is carried out in accordance with the principles of Regulation (EU) 2016/679 (the General Data Protection Regulation - GDPR).