Global Recruitment Privacy Notice

Global Recruitment Privacy Notice

Last updated: 03/01/2024

  1. Introduction

This privacy notice should be read together with the General Privacy Policy available here.

Personal data / personal information – all information related to you that we process. For example: first name, last name, e-mail address, telephone number, information about your education and professional experience, etc.

Processing – all activities performed in regard to your personal data. For example: collecting, retaining, or updating data, sending messages to you, deleting data.

In addition to this Global Recruitment Privacy Notice:

  • if you are a California resident, please see here,
  • for information specific to countries and regions where GlobalLogic operates, please see a relevant section under “VII. Local regulations” at the end of this document.

In case of any discrepancies between this Global Recruitment Privacy Notice and Section VII hereto (Local regulations), the latter shall prevail.

  1. Information about GlobalLogic – the data controller

We are Method – a GlobalLogic company and part of Hitachi Group, which includes GlobalLogic Inc., its parents, subsidiaries, and affiliated entities (“GlobalLogic”).

E-mail address for contact: privacy@globallogic.com

The data controller is the GlobalLogic company based in the country where the position you applied for is located – you can find company details, including post address, here

  1. Scope of personal data we collect, the purpose and legal basis for processing that data

The scope of personal data we process depends on what information you provide in connection with your application, especially: name, surname, email, phone number, work experience and education. It includes the content of documents, information on how you submit them, your feedback on the recruitment process as well as the content of our possible further communication and conclusions from the recruitment process. Provision of all data is voluntary, but if you decide not to provide us with some of them, we might not be able to assess your application, and as a consequence you might be excluded from the recruitment process.

Our processing may also include information we collect directly or through a third party, such as a recruitment agency, e.g. if we are conducting background checks (including upon request of our clients or pursuant to a legal obligation) in order to verify your personal suitability for a certain position. Such information may include for example output of background checks, other information publicly available, internal notes further to your interview with us.

We process your personal data in line with applicable data privacy requirements including, when legally required, basing the processing on an appropriate legal basis. Such legal basis can be, for example, your consent, a legal obligation to which we are subject, or another legal basis as regulated by applicable laws.

The purposes for which we are processing your personal data are:

  1. to assess your candidacy in respect of requirements for the position for which you have submitted your application, and/or for future recruitments for which a similar skill set and experience is required; this may also include a background check and the screening of relevant sanctions and restrictions lists;
  2. to verify your identity;
  3. to share your application with the Globallogic company that is best suited to consider your application and hire you;
  4. if you meet the requirements for a position – to present you an offer of employment and to conclude a contract;
  5. to demonstrate that the recruitment process is compliant with applicable laws;
  6. to ensure safety of our property – we may introduce video monitoring (CCTV) in our offices, placing the cameras in places requiring special protection, including the entrances to offices and communication routes. Thus, if you visit our offices e.g. for an interview, we may process your image captured on the video recordings. The monitored areas are appropriately designated and the recordings are stored for the time necessary for operational purposes depending on local specifics (unless they constitute or may need to constitute evidence in legal proceedings, in such case we may keep them until the proceedings have been closed).

Where legally allowed, some of the personal data provided by you, for example your name, surname contact address and feedback, may be used by us also for operational and marketing purposes, such as sending you thank you notes, seasonal greetings, satisfaction surveys, etc. or improve our recruitment process. 

We may also process your data for statistical purposes, in relation to defense against claims and to share your personal data with our group member companies listed here.

  1. Retention period

We will process your data for no more than 3 years, unless earlier you withdraw your consent or the purpose of data processing is fulfilled.

The exception to the above rule is when you are in the UK or Mexico and you decide to apply to a single vacancy only. In such case we will process your data for 6 months.

The above retention periods are counted from the last activity in your candidate profile: you applying to a vacancy, interview with you; presenting you with an offer and closing the recruitment process. 

If we hire you, we will continue retaining your data for the duration of the employment relationship and possibly thereafter in compliance with local laws, as described in the applicable Employee Privacy Notice.

The periods described above may be extended as appropriate in the event of any claims or court proceedings – for the duration of such proceedings and their settlement – and if the law obliges us in certain cases to process such data for a longer period of time.

  1. Who has access to your personal data

GlobalLogic operates internationally and, therefore, personal data may be used in countries outside of your country, which may not have data protection regulations as stringent as those in your country. We will transfer your data to third countries only in accordance with applicable privacy laws. This includes in particular data transfers to countries in which GlobalLogic conducts business, or has a service provider, for the purposes set out in this document. 

GlobalLogic applies all required safeguards, including standard data protection clauses adopted pursuant to decisions of the European Commission or relevant data protection authorities, where needed. We may also transfer your data to a country that is deemed ‘adequate’ by the European Commission in relation to data protection pursuant to the GDPR. 

If you are based in Argentina, Chile, Israel or Ukraine – by taking part in our recruitment process you also consent to such data transfers. 

Access to your personal data will be given exclusively to appropriately authorized employees or associates of GlobalLogic, vendors, partners, consultant or auditors and only to the extent necessary to perform their responsibilities. Your data may be transferred, for example, to providers of hosting services or ICT services, other entities that provide to us technical or organizational assistance and support of our recruitment process, including communication with candidates (e.g. recruitment agencies) or distribution of invitations / documentation etc. (e.g. couriers). GlobalLogic may also be required – if there is a legal basis to do so – to provide certain information to public authorities, for purposes related to proceedings they are conducting.

Our staff may work directly with our clients, that is why our client may be also involved in the recruitment process. In the final stages of the recruitment process we may share your data with our clients who could potentially work with you in the future. 

  1. Your rights related to processing of your personal data

To exercise your rights please contact us at privacy@globallogic.com  or by other means as convenient for you. 

GlobalLogic respects all applicable privacy laws and your rights under the applicable legislation – in particular you can request that we delete your data or withdraw your consent for personal data processing. You can also opt-out of receiving marketing communication by using the “unsubscribe” link included in the emails we send you, or by contacting us as described below.

For more details on your rights please see below additional information for the residents of the particular countries and regions. 

Please note that we are legally obliged to confirm your identity before we can process your request, so you may be asked to provide some further information.

  1. Local regulations

ADDITIONAL INFORMATION FOR RESIDENTS OF THE UK

This section applies to the processing of personal data by a GlobalLogic group company that has its seat or establishment within the UK. In case of any doubts please contact us at privacy@globallogic.com.  

Recruitment via third party (supplier, outsourcing/recruitment company, etc.) 

If we received your personal data from a third party that you work with or that you applied with, the name of that party will be specified in our email correspondence with you.  

The scope of data processed by GlobalLogic depends on the data you provided the third party with and includes, in particular, data identifying you, as well as information on your education, experience, professional qualifications, and conclusions from the recruitment process. 

In case you get involved in one of our projects via third party, we will also process data on your access to our buildings and systems, information about the project you are working on, your tasks and assessment of your work.

We may process some of your data (name, surname, email and the third party we got your data from) due to the contractual obligations towards that third party. 

Source of personal data 

We may also receive your personal data from our staff who may recommend you for a vacancy (“referral”).  In order to start a recruitment process, GlobalLogic will confirm if you consent to participate in it. If we do not receive confirmation within 5 business days, we will delete your data. Otherwise, we will store your personal data in line with retention periods specified in this notice. 

Who has access to your personal data?

If you were recommended as a referral, the person who recommended you may receive information on the stage of your recruitment process.

If our client is involved in your recruitment process, we will inform you each time before we transfer your data to them. If you do not agree, please object to our action immediately. Please note, however, that if you make such an objection, we will not be able to further process your application.

What is a legal basis of processing?

The legal basis for the processing of your personal data is your consent (Article 6(1)(a) UK GDPR) and taking steps at the request of the data subject prior to entering into a contract with you (Article 6.1(b) UK GDPR) or the relevant provisions of national data protection legislation. 

In case we are processing your data for operational or marketing purposes, the legal basis for such processing is our legitimate interest (Article 6(1)(f) UK GDPR) – maintaining our relationship and promoting GlobalLogic brand – or, where we have obtained  your explicit consent for processing your data for operational or marketing purposes, your consent (Article 6(1)(a) UK GDPR).

Our legitimate interest (Article 6(1)(f) UK GDPR) is also the legal basis for processing your personal data for statistical purposes, for defense against claims, for sharing your personal data with our group member companies and/or our clients involved in the recruitment process or due to contractual obligations towards third parties.

To ensure the best standards, each application is verified by our recruiter. Please note, that considering the need to handle many applications and our legitimate interest, as part of our recruitment process we use the OCR technology for more efficient introduction of applications to our system, followed by an internal search engine that allows us to find suitable applications. If you do not agree to such actions, please do not take part in our recruitment process.

The processing of your personal data for background checks and screenings of relevant sanctions and restrictions lists is based on our legal obligation (Article 6(1)c UK GDPR) where we are legally obliged to run these checks or screenings. In other cases, we process your personal data on basis of your consent (Article 6(1)(a) UK GDPR) or legitimate interest (Article 6(1)(f) UK GDPR) – ensuring the integrity, security and compliance of GlobalLogic and its group companies and business partners with their regulatory requirements.

Where processing of your data is based on consent, we remind you that you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If your data is processed on the ground of our legitimate interest, you have the right to object to such processing

You can find a description of your rights below.

How long do we process your personal data

As a rule, personal data will be processed:

  • for the purposes of conclusion and performance of a contract – for the duration of the contract and its settlement;
  • on the basis of our legitimate interest – until the objection to such processing or the fulfilment of the purpose for which the data has been processed;
  • on the basis of your consent – until withdrawal of such consent or fulfilment of the purpose for which it was given;

unless the law requires that we process such data for a longer period, or in case of potential claims, for such claim’s limitation period specified by law – whichever is longer. 

Your rights related to processing of your personal data 

You have the following rights:

  1. Access to your personal data – you may ask us at any time to provide information regarding:
    • whether we are processing your personal data;
    • for what purpose;
    • what categories of data we are processing;
    • who is the recipient of your data;
    • what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration;
    • if the personal data has not been given by you – all available information about the source of the data.

    2. You can also receive access to all of your personal data that we are processing (data copy).

  2. Data rectification – if information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete. 
  3. Consent withdrawal – you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.
  4. Data erasure – in certain situations, UK GDPR gives you the “right to be forgotten.” You can invoke this right where one of the following grounds applies:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
    • you withdrew consent to the processing of personal data and there is no other legal ground for continuing to process it;
    • you object to the processing of your personal data when there are no overriding legitimate grounds for processing;
    • you object to the processing of your personal data for marketing purposes;
    • your data is processed unlawfully;
    • the personal data have to be erased for compliance with a legal obligation.
  5. Restriction of processing – you can demand that we restrict our activities in principle only to storing information about you when:
    • you contest the accuracy of personal data we are processing – for a period of time that allows us to verify the accuracy of the personal data;
    • the processing of your personal data violates the law, but you prefer that processing be restricted rather than the data be erased;
    • GlobalLogic no longer needs your personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims;
    • you have objected to the processing of your personal data – only until such time as it is determined whether our legitimate grounds override yours.
  6. Data portability – you have the right to receive your data in a structured, commonly-used and machine-readable format , and also to transmit your data to another data controller, if: 
    • the processing is based on your consent or on a contract; and
    • the processing is carried out by automated means.
  7. Objection – you have the right to object to some operations we perform on your personal data on grounds related to your particular situation, particularly in the following cases: 
    • when our processing is based on our legitimate interest;
    • when we process your personal data for purposes related to scientific or historical research, or for statistical purposes.

    8. When despite of your objection we find that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or basis for the establishment, exercise or defence of legal claims, we will continue to process data covered by the objection to the extent necessary. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).

    Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 

  8. Complaints to the relevant public authority – in connection with our actions as the controller of your personal data, you are entitled to lodge a complaint to the relevant supervisory authority. The relevant public authority in the UK is the Information Commissioner’s Office https://ico.org.uk/global/contact-us/. Of course, we encourage you to first contact us at privacy@globallogic.com
  9. You can obtain a copy of the security measures we apply for the transfer of personal data to third countries by contacting us at privacy@globallogic.com.

ADDITIONAL INFORMATION FOR RESIDENTS OF INDIA

  1. Personal Data or information as described in the overview section of this policy should be read as below:
    1. Personal Information/Personal Data means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person;
    2. Sensitive Personal Data or Information includes information relating to password, financial information such as bank account, credit card etc., physical, psychological and mental health condition, sexual orientation, medical records and history, biometric information, any such details provided to body corporate for providing service or received by it for processing, stored and processed under lawful contract or otherwise. Sensitive personal data or information does not include any information freely available or accessible in public domain and/or information furnished under the Right to Information Act, 2005 or under any other prevalent law.
  2. The information provider shall have the option of withdrawing/reviewing/amendment of the information provided. 
  3. GlobalLogic India may collect/process sensitive personal data related to financial information such as payslips and bank statements if they are necessary for the background check purposes. In such case, where legally required GlobalLogic will obtain a consent in writing through letter, fax or email from the provider of ‘sensitive personal data or information’.
  4. All data privacy matters are handled by the Grievance officer, Name and contact address: Diljeet Singh and Alok Malik grievance.privacyIndia@globallogic.com
  5. GlobalLogic India Private Limited and GlobalLogic Technologies Private Limited are ISO 27001 certified.

ADDITIONAL INFORMATION FOR RESIDENTS OF MEXICO

This section applies only to Mexico Residents, GlobalLogic processes personal data in accordance with the Federal Law for the Protection of Personal Data in Possession of Private Parties (“LFPDPPP”), its Regulation of the Federal Law for the Protection of Personal Data in Possession of Private Parties (“RLFPDPPP”) and its Privacy Policy Guidelines, hereinafter “Mexican data protection legislation”. 

Category of personal data we collect, purpose and legal basis for its treatment/processing

In addition to the personal data disclosed in this section of the Privacy Policy and the Global Notice, we may collect the following categories of personal data:

  • Identification and contact information
  • Financial and patrimonial data
  • Employment and academic data 

Please note that we may collect the following sensitive personal data:

  • Health condition (past, present and future)
  • Union membership

If GlobalLogic Mexico processes such sensitive personal data, we will ensure that we obtain this consent expressly and separately in writing and in accordance with applicable law. 

Purposes for which we use your personal information 

Based on the information set out in the section “Category of personal data we collect, purpose and legal basis for its treatment/processing” we remind you that the purposes marked with a), b), c), and d) are necessary for us to continue with the process, as mentioned in the first paragraph of that section. 

We also remind you that we may use your personal data for the following secondary purposes: 

  • For operational and marketing purposes, such as sending thank you notes, holiday greetings, satisfaction surveys, etc.
  • To be considered in future selection processes for available positions within the GlobalLogic group.

Candidates must ensure that they have the prior consent of the third parties from whom they provide us with their data. 

In addition, GlobalLogic may ask you to show original documentation and provide a copy of it as evidence to support the information you have provided.

For secondary purposes, you may object through the mechanisms established in the section “ARCO Rights and other Rights”.

Transfers of personal data

In terms of the last paragraph of the section “Who has access to your personal data”, among the transfers we may make, the following require your consent: duly authorized partners, consultants or auditors and only to the extent necessary for the fulfillment of their responsibilities. 

Please note that GlobalLogic may transfer your personal data to holding companies, subsidiaries or affiliates under common control of GlobalLogic, or to a parent company or any company in the same group as GlobalLogic.

Also, GlobalLogic may transfer your personal data in accordance with the provisions of article 37 of the LFPDPPP. 

By accepting this Privacy Policy, you consent to the data transfers that require your consent. However, you may object to them at any time through the mechanisms established in the section “ARCO Rights and other Rights”.

ARCO and other rights

You, as the owner of your personal data, can exercise your rights of Access, Rectification, Cancellation and Opposition (known as “ARCO” rights), request the limitation to the use and disclosure of your personal data, oppose to secondary purposes, oppose to transfers that require your consent, revoke the consent you have given us to process your personal data. 

To exercise your rights and know the procedures to privacy@globallogic.com

Your request must contain, at least, the following information: a) name, address or other means to communicate you the answer; b) document proving your identity or your personality as representative of the holder of the personal data; c) clear description of the personal data in respect of which you wish to exercise a right and which right you wish to exercise; d) elements or documents that facilitate the location of the data; e) in case of requesting the right of rectification you must indicate the corresponding modifications to the personal data.

We will respond to your request within 20 working days from the date of receipt of your request. In the event that it is appropriate, we will make it effective within the following 15 working days.

It will be understood that we have given you access to your personal information when we make it available to you, regardless of the medium or format, as long as it is understandable. Before giving you access to your data, you will have to prove your identity, this is for your own security.

Updates to Recruitment Privacy Policy

We reserve the right to change the Recruitment Privacy Policy at any time and for any reason. The date the Policy was last revised will be indicated by the date set forth in “Last Updated” at the beginning of this document. We encourage you to be aware of updates and changes to this Policy by checking this date when you access our Sites.

Consent

You consent to the treatment of your personal data in the terms and for the purposes, including those not necessary, set forth in this Privacy Policy; as well as the transfers that require your consent.

By providing personal data of third parties, you warrant that you have obtained authorization from the third parties from whom you have provided personal data for GlobalLogic to process such data in the manner specified herein, and that you have communicated this Privacy Policy to such third parties.

Let’s work together