4. What is personal data?

It is important for you to know that ‘personal data’ (or: ‘data’, ‘personal information’, or ‘your data’), means: any information relating to an identified or identifiable natural person (‘data subject’).

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier – or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

5. What personal data do we process about you?

During the recruitment process, we ask you to provide us with information that enables us to assess your suitability for certain positions.

We may process the following personal data about you:

• Your name and contact details
• Gender and date of birth
• All information contained in your CV/resume, motivation or cover letter and other documents you shared with Sbit Hospitality ICT Services in your job application
• Information given by you during face-to-face and video interviews, via emails, phone calls and other means of communication
• Your job preferences
• Results of tests and analyses that you have performed at our request
• Information from pre-employment screening and background checks
• Names and contact details of your references. You must have obtained consent from your references
• On premise information collected through access control and CCTV recordings
• Account login information used to access company systems and applications such as the recruitment portal; and

Special categories data (sensitive personal data)
Special categories of data may be considered sensitive personal data. We only process these for specific, legitimate purposes and where you have given your explicit consent, it is necessary, required by applicable law or inevitable, or you have deliberately made it public.

In the course of our application process, you may for example provide us with a photo that may disclose the following information about yourself: your race, national or ethnic origin, age, physical health (including disability) or religious beliefs. These, together with veteran status, or information relating to criminal convictions or offences, are considered special categories of personal data.

Please note that for the recruitment process, some required personal data may vary, depending on the position you apply for and the location (country) of this position.

How do we obtain your personal data?
We collect personal data directly from you when you apply for a position with us or when we contact you with a possible job offer. In addition, we may collect your personal data independently through different career orienting platforms and websites. We also collect your personal data from third parties, such as professional recruitment agencies, your references, prior employers, Sbit Hospitality ICT Services employees with whom you had interviews, and pre-employment and background check providers, to the extent permitted by applicable law.

We process your personal data via our recruitment portal, through video-interviewing application, via email, via phone, in person at interviews and/or by any other method.

6. For which purposes do we process your personal data?

We process your personal data for recruitment and compliance purposes, in particular for:

• Identifying and evaluating your qualifications for available positions
• Verifying the data you submitted and carrying out reference checks, pre-employment screening and conducting background checks (where applicable)
• Informing you about the progress of your application or other vacancies at Sbit Hospitality ICT Services that we consider suitable for you
• Creating a talent pool for future job openings
• Preparing a job offer and employment contract, where applicable, and for fulfilling onboarding activities in case of a successful application
• Business management and administrative purposes, including maintaining our IT systems, internal audits, record-keeping and improving our business processes.
• Protecting the health, safety, security and integrity of Sbit Hospitality ICT Services and its job applicants, facilities and (IT) assets, including occupational safety and health and
• Complying with the law, including the disclosure of personal data to government institutions or supervisory authorities, and to exercise or defend legal claims7.What is the legal basis for processing your personal data?

The legal bases (or justified reasons) for processing your personal data are:

• The legitimate interest for recruitment and management purposes
• For entering into and managing a contract or employment relationship
• For compliance with our legal obligations and
• On the basis of your consent

7. Who has access to your personal data?

Access to your personal data within Sbit Hospitality ICT Services
Our employees are authorized to access personal data only to the extent necessary to serve one or more of the purposes set forth in Section 6 above and in so far as they need access to perform their job tasks.

Access to your personal data by third parties
To be able to offer you the best possible services and remain competitive in our business, we share certain data outside of Sbit Hospitality ICT Services with trusted business partners, including but not limited to:

• Agencies and consultants that may assist us in performing our business processes; and
• IT service providers.

Your personal data may also be shared with competent public authorities, governments, regulatory or fiscal agencies where it is necessary to comply with legal or regulatory obligations to which Sbit Hospitality ICT Services is subject to.

When we transfer personal data to third parties we will, when appropriate, have an agreement concerning the processing of your personal data in place. 

Sbit Hospitality ICT Services does not sell your personal data to anyone.

International transfers of your personal data
Sbit Hospitality ICT Services is a global organization, so the data we collect may be transferred internationally throughout our organization and to third parties worldwide. 
 
To protect your rights we only store and transfer your personal data in a country where:

1. An adequate level of protection for personal data is provided
2. An instrument covers the requirements for the transfer of personal data
   such as:  
   a.  EU Standard Contractual Clauses; 
   b.  Codes of conduct; and
   c.  Certification mechanisms.

remember that the information you give them will follow their rules and not ours.

8. How long will we keep your personal data?

Your data will be kept only for the period required to serve the purposes mentioned under Section 6 above (and to comply with legal requirements or for litigation or protection against a possible claim – if any). In case of rejection during the recruitment phase, your data will be retained for a maximum period of 4 weeks after the date of rejection, unless you provide us your consent to keep it for 1 year or subject to applicable (local) laws. After the applicable retention period, your personal data will be securely deleted, destroyed or de-identified.

If you accept an offer of employment by us, any relevant personal data collected during your pre-employment period will become part of your personnel records and will be subject to our Employee Privacy Policy. Personal data that is no longer required will be deleted.

9. How is your personal data secured?

We have taken adequate measures to protect the confidentiality, integrity and availability of your personal data. The implementation of appropriate technical, physical and organizational measures protects your personal data against the following instances:

• Accidental or unlawful destruction
• Accidental loss, damage, alteration
• Unauthorized disclosure or access and
• Any other forms of unlawful processing (including, but not limited to unnecessary collection or further processing)

We have procedures in place to deal with a (suspected) data breach. You and/or the applicable data protection authorities will be notified of a data breach, where we are legally required to do so.

10. What about your rights?

You have the following rights in relation to your personal data:

• The right to have your personal data corrected
• The right to have your personal data deleted
• The right to restrict processing of your personal data by us
• The right to object to automated decisions and
• The right to withdraw consent at any time and without detriment

Under certain provisions, you also have the right to:

• Object to certain data processing operations; and
• Request a transfer of your personal data.

If you wish to exercise any of these rights, please contact our Human Resource Department. We will always check your identity to ensure that it is you exercising your rights. If we cannot verify your identity, your request will be rejected. When exercising your right, the more specific you are, the better we can assist you with your question. In some cases we may deny your request, in which case we will notify you of the reason for denial.

If you feel we are not handling your question or request appropriately, you also have the right to lodge a complaint with the relevant data protection authority. 

11. What about your responsibilities?

We would like to kindly remind you that you are responsible for providing us with accurate, complete and up-to-date data. In case you provide us with the personal data of other individuals, such as references, please be sure to comply with legal (local) and Sbit Hospitality ICT Services requirements, including informing the individuals concerned sufficiently about the processing of their data and by obtaining their consent before sharing their personal data with us.

12. How to contact us

When you have a question about the use of your personal data or about this Privacy Policy, we invite you to send an email to our to our Privacy Office via privacy@sbit-hospitality.com.