Job Applicant Privacy Notice
Introduction
At ITB-MED we are committed to maintaining the accuracy, confidentiality, and security of your personal data. This Job Applicant Privacy Notice (“Privacy Notice”) describes how we collect, use, share, and protect your personal data during the job application process. This Privacy Notice also describes your rights regarding your personal data.
Scope
“ITB-MED” includes both ITB-MED LLC and ITB-MED AB. All references in this Privacy Notice to “ITB-MED,” “we,” “us,” “our,” and like terms should be interpreted accordingly.
This Privacy Notice applies to the personal data of all individuals applying for employment at ITB-MED (“Job Applicants”). If you are a current or former employee, please contact HR at hr@itb-med.com for more information about how we process your personal data in employment-related contexts. For more information about ITB-MED’s privacy practices in other contexts, please read our general Privacy Policy.
ITB-MED is the “controller,” as that term is defined by the EU General Data Protection Regulation (“GDPR”), for any personal data collected, processed, used, disclosed, or transferred in connection with your job application and recruitment process.
Teamtailor AB is a “processor” who maintains the careers website and handles job applications on behalf of ITB-MED.
Policy of Compliance
It is ITB-MED's policy to comply with the privacy laws within each jurisdiction in which we operate. This Privacy Notice describes how ITB-MED handles your personal data and complies with those laws.
What is Personal Data?
“Personal data” is any data about an identified or reasonably identifiable individual. Personal data does not include anonymous or aggregated information (i.e., information that cannot be associated with or tracked back to a specific individual).
What Personal Data Do We Collect?
ITB-MED may collect the following categories of personal data in connection with our recruiting process:
- Identifiers and contact information, such as your name and any aliases or nicknames, title, date of birth, driver’s license number, Social Security or other national identification number, home address, phone number, personal email address, or other addresses at which you can receive communications.
- Financial information, such as expense reimbursement information.
- Demographic information, such as, where permitted by local law and if you choose to disclose it, your age, gender, military service information, veteran status, and your race or national origin.
- Health information, such as any disability that you self-identify or for which you require accommodation and, where permitted by local law, drug test results.
- Professional, educational, and background information, such as your resume/Curriculum Vitae (CV), employment preferences, current or past education and work history, work authorization status, visa sponsorship requirements, professional qualifications and certifications, special competencies, salary expectations, language skills, reasons for prior terminations, the names of relatives working at ITB-MED or of individuals who may have referred you to a position, interview notes, and, where permitted by local law, criminal background check information.
- Internet-related activity information, such as your IP address, device identifiers, login credentials for our careers website, analytics data about your use of the website, such as the dates and times you access it, your browsing behavior, and other interactions with the website, including data from cookies.
- Audio, video, and pictures, such as recordings of your video interviews, to the extent you provide consent to these recordings, and security footage that may include your image if you visit one of our facilities.
- Any other information you voluntarily provide to us during the application process such as supporting documentation attached to your application or your responses to our questions.
- Any other information that you have made publicly available, such as through social media profiles like LinkedIn.
How Do We Collect Personal Data?
ITB-MED may collect personal data in connection with our recruiting activities:
- From you: Information may be collected when you provide it to us via your job application or during other online or offline interactions, such as an interview or emails with a recruiter.
- From your devices: The devices you use to access our careers website may provide information to us, including the device model, operating system, your Internet Protocol (“IP”) address, and other unique identifiers. To collect much of this information, we use cookies, web beacons, and other similar technologies. For more information, please review our Cookie Policy.
- From third parties: Our vendors and service providers, such as the hosting partner for our recruitment site, Teamtailor, may collect your information on our behalf or provide us with information about you or your use of the careers website. We may also access information about you from service providers, such as our background check providers or drug test providers, to the extent permitted by law. You may also give us permission to access your information from third parties such as your former employers or other references you provide.
- From publicly available information: If you choose to post publicly on third-party websites, such as on social media networks like Facebook or LinkedIn, we may collect information that you make public on these sites.
How Do We Use Your Personal Data?
When you access our careers website or apply for a job, ITB-MED may use the personal data we collect:
- To process your employment application, including collecting relevant employment and skills data, assessing your suitability for the role, scheduling and holding conversations or interviews with you, and communicating with you about the status of your application and our hiring decisions.
- To promote diversity and inclusion, including non-discrimination in hiring, equality of opportunity or treatment, promoting and maintaining a diverse workforce, and reporting statistics to government agencies.
- To respond to your inquiries and requests.
- To verify your information and carry out employment, criminal background, and reference checks, where applicable, subject to your consent and where permitted by law.
- To suggest job vacancies that may meet your skills or interests.
- To store your candidate profile information for future job applications and to meet our legal retention obligations, as described in the “How Long Is Your Personal Data Retained?” section below.
- To comply with applicable laws, regulations, industry codes of conduct, and our legal obligations.
- To protect our rights, property, safety, and those of our users and employees, including to detect, prevent, or otherwise address fraud, security, or technical issues.
We will only process your personal data for the purposes we collect it. If we need to process your personal data for another purpose, we will inform you of this and, if required by law, seek your consent.
What We Do Not Do with Your Personal Data
We do not sell job applicant personal data for monetary or other valuable consideration. We also do not share job applicant personal data for behavioral advertising purposes, including cross-context behavioral advertising. We do not use sensitive personal data for inferring characteristics about individuals. We do not use automated processing of personal data for profiling purposes.
Legal Bases to Process Personal Data
ITB-MED uses personal data when one of the following legal bases applies:
- With Your Consent, such as if you choose to submit an application, send or receive communications to or from us, permit us to collect certain personal information like your race or ethnic origin, request that we retain your candidate profile for an extended period, or permit the collection of your personal information through cookies and similar technologies.
- If you provide your consent, you may withdraw your consent at any time by contacting us using the contact details listed at the end of this Privacy Notice.
- Our Legitimate Interests. We have a legitimate business need to manage, operate, maintain, and secure our careers platform, our network systems, and other assets. We may also process personal information for our legitimate business interest in filling our job vacancies with qualified candidates. We believe that our legitimate interests are not outweighed by risks to your rights and freedoms under applicable law. If you wish to object to processing based on our legitimate interests, please contact our Privacy Office using the contact information listed below.
- When Necessary to Meet Our Legal Obligations. We may process personal information as required by law, including responding to lawful requests by public authorities (e.g., investigating fraud or responding to a government request).
When Do We Disclose Your Personal Data?
We are careful about who has access to your personal data. Only authorized personnel and/or third parties who have a legitimate business reason can access or receive it.
ITB-MED will share your personal data within the company to manage your application and to conduct necessary business operations.
ITB-MED may share your personal data with third parties. For example, we share your personal data with Teamtailor to assist us with administering the recruitment process. In some situations, we may be compelled by law to disclose your personal data to government and public authorities, including to meet national security or law enforcement requirements. Similarly, ITB-MED may share your personal data with a law firm or auditor to comply with the law or to protect ITB-MED’s legal rights.
When we share data with third-party vendors, we make sure they only use or share your personal data as we have instructed and in a way that complies with this Privacy Notice. We have contracts with third-party vendors to ensure they keep your personal data confidential and have the right data privacy and security measures in place.
Does Your Personal Data Leave the Country?
We may send your personal data outside of your home jurisdiction, either to other ITB-MED personnel or to third parties, and as a result, your personal data may be used, processed, or stored in the United States of America or other countries that do not provide the same level of data protection as your home country. ITB-MED implements additional safeguards to secure the transfer of your personal data to the United States and other jurisdictions.
ITB-MED complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. ITB-MED has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Where ITB-MED transfers your personal data to a vendor or third party, ITB-MED ensures that the vendor or third-party handles and protects your personal data in compliance with the DPF and this Privacy Notice. We remain responsible and liable under the Data Privacy Framework Principles if a third party that we engage to process personal data on our behalf does so in a manner inconsistent with the Principles, unless ITB-MED proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF, ITB-MED commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.
How Is Your Personal Data Secured?
At ITB-MED, we care about keeping your personal data safe. We use appropriate technical and organizational security measures to protect your personal data. But remember, no system or security measure is perfect. While we strive to protect your personal data, we cannot promise that things like unauthorized access, hacking, data loss, or a data breach will never happen. If something like that does happen, you can be sure that we, and any third parties involved, will take the appropriate steps to limit the damage to you and your personal data.
How Long Is Your Personal Data Retained?
Except as otherwise permitted or required by applicable law or regulation, we will retain your personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal or regulatory requirements.
If you are offered and accept employment with ITB-MED, the personal data we collected during the application and recruitment process will become part of your employment record, and we may use and retain it in connection with your employment.
Under some circumstances, we may anonymize or aggregate your personal data so that it can no longer be associated with you and continue to use such anonymized and aggregated data for our legitimate business purposes. The aggregated data does not contain any information that can be used to identify you and is thus not personal data.
If you are a resident of the European Economic Area, we will ask for your consent to store your application data for consideration of future job opportunities.
What Are Your Rights?
Generally, you have the right to access, correct, update, or request that ITB-MED erase the personal data we hold about you. Where we have collected or used your personal data for a specific purpose with your express consent, you may withdraw your consent at any time.
Furthermore, if you live in the European Economic Area, you have certain additional rights in relation to your personal data, such as the right to object to the processing of your personal data, ask us to restrict the processing of your personal data, or request portability of your personal data.
In some circumstances, ITB-MED may not be able to completely fulfill your request or objection. If this is the case, ITB-MED will provide an explanation to you.
To exercise any of these rights, please contact the Legal team at privacy@itb-med.com.
Inquiries or Concerns?
We have appointed an external, independent Data Protection Officer to oversee compliance with this Privacy Notice. If you have any questions or complaints about this Privacy Notice or how we handle your personal data, including data transfers under the EU-U.S. DPF, or you would like to exercise your rights, please contact the Data Protection Officer at:
Amy R. Worley
If you are unsatisfied with our response, you may be entitled to file a complaint with the Data Protection Authority for your jurisdiction.
In the United States, ITB-MED is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (the “FTC”).
In Sweden, the data protection authority is the Integritetsskyddsmyndigheten (IMY) and can be contacted at:
Telefon: 08-657 61 00
E-post: imy@imy.se
Postadress:
Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm
https://www.imy.se/om-oss/kontakta-oss
Furthermore, in certain circumstances, you may have the right to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional information, please review Annex I of the DPF Principles, available here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
In compliance with the EU-U.S. DPF, ITB-MED commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or visit https://www.jamsadr.com/file-a-dpf-claim to file a complaint. The services of JAMS are provided at no cost to you.