Privacy Notice and Consent for Job applicants
Diyar (“Diyar Al Muharraq W.L.L.”, “us” , “we” , “organization” or “DAM”), understand that your privacy is important to you. We may process your personal data in the capacity as data controllers. We are committed to respecting your privacy and protecting your personal data, which is any information that can identify you as an individual person. This Recruitment Privacy Notice (“Privacy Notice”) describes how we handle and protect your personal data in connection with [organization’s] recruiting processes and programs.
This Privacy Notice only applies to the personal data of job applicants, potential candidates for employment, and our recruitment drives/ events.
As used in this Privacy Notice, “personal data” means information that identifies job applicants and potential candidates for employment with us, either submitted as part of the online application and/or through alternative channels (e.g., via professional recruiting firms, social media). Sensitive personal data may also be collected in the process such as medical records, previous salary details, background checks etc.
We will process your personal data in accordance with this Privacy Notice, unless such processing conflicts with the requirements of applicable law, in which case, applicable law will prevail.
By submitting your personal data and sensitive personal data to us, you acknowledge that:
· You have read and understood this Privacy Notice and agree to the use of your personal data as set out herein.
· Your personal data may be transferred and processed outside of Bahrain for the purposes and in the manner specified in this Privacy Notice.
· You are not required to provide any requested information to us, however failing to do so may result in not being able to continue your candidacy for the job for which you have applied.
· All your representations are true and correct to the best of your knowledge and belief, and you have not knowingly omitted any related information of an adverse nature. Providing any inaccurate information may make you ineligible for employment.
· This Privacy Notice does not form part of any contract of employment offered to candidates hired by Diyar.
What Personal data do we collect?
The types of personal data that we request from you and the ways that we process it are determined by the requirements of the country in which the position is located, and not the country in which you reside. Should you apply to more than one location or should the role to which you apply be available in more than one country, the types of personal data we request from you and the ways that we process it are determined by the requirements of all the countries in which the position is located.
The types of personal data we collect and process when you apply for a role with us includes (but is not limited to):
· Identification data and contact details - such as your name, address, email address, phone number, photograph and other contact information, gender, date of birth, nationality, national identifiers (such as CPR number, passport, driving license number).
· Background information - such as academic / professional qualifications, details included in your CV / resume (which might include details of any memberships or interests constituting “sensitive data”, a term which we define below), criminal records data (for verification purposes, where permissible and required in accordance with applicable law);
· Previous applications / roles - such as data relating to previous applications you have made to us. This could include data on any previous employment history with us.
· Other data you voluntarily provide - throughout the process, including through assessment centers/ exercises, social interaction, meetings, and interviews.
Generally, during the recruitment process, we intent not to collect or process any sensitive personal data: data that reveals your racial or ethnic origin, religious, political or philosophical beliefs or trade union membership; genetic data; biometric data for the purposes of unique identification; or data concerning your health / sex life unless required by applicable laws or where necessary to comply with applicable laws.
However, in certain circumstances, we may need to collect or request on a voluntary disclosure basis, sensitive personal data for legitimate purposes: for example, data about your racial / ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government and regulatory reporting obligations, where applicable. Another example where we might request voluntary disclosure of sensitive personal data is about your physical or mental condition and data collected during your health check-up so that we can consider how we might accommodate you during the recruitment process and / or subsequent job role if we recruit you.
You may provide, on a voluntary basis, other categories of sensitive personal data during the recruitment process, for example your CV may state that your interests include activities involving a particular religious group or a group which espouses particular political or philosophical views.
Personal data collected from other sources
a) References provided by referees.
b) Other background data provided or confirmed by academic institutions and training or certification providers.
c) Criminal records data obtained through criminal records checks. (we will not carry out such checks without your explicit consent unless required for any legitimate purpose or lawful processing).
d) Data provided by recruitment or executive search agencies.
e) Pre-employment health checkup performed only for expatriate applicants/ employees where data is provided by diagnostic centers/ pathological labs; and
f) Data collected from social networks and social media platforms.
Personal Data that we collect automatically
Use of your personal data
We collect and use your personal data for legitimate human resources and business management reasons including:
identifying and evaluating candidates for potential employment, as well as for future roles that may become available.
recordkeeping in relation to recruiting and hiring.
ensuring compliance with legal requirements, including diversity and inclusion requirements and practices.
conducting criminal history checks as permitted by applicable law.
protecting our legal rights to the extent authorized or permitted by law; or
emergency situations where the health or safety of one or more individuals may be endangered.
We may also analyze your personal data or aggregated data to improve our recruitment and hiring process and augment our ability to attract successful candidates.
We process your personal data when we have your consent to do so, when necessary to enter into an employment contract with you, when necessary for us to comply with a legal obligation or when necessary for the purposes of our legitimate interests as an employer.
We may desire to retain your personal data to consider you for future employment opportunities. In such an event, we will seek your consent, either prior to or after you formally apply for a job opportunity, to be part of one of our recruiting programs that provides you ways to further learn about Diyar. These recruiting programs are entirely optional.
Data recipients and international data transfers
Your personal data may be accessed by recruiters and interviewers working in the country where the position for which you are applying is based, as well as by recruiters and interviewers working in different locations of Diyar. In addition to HR, the hiring function, appointing authority and interview panel individuals performing administrative functions and Third-Party companies facilitating the recruitment web based solution and IT personnel within Diyar may also have a limited access to your personal data to perform their jobs. We have put in place legal mechanisms designed to ensure adequate level of data protection of your personal data that is processed by Diyar, including the transfer of your personal data to countries other than the one in which you reside.
We also share your personal data with other third-party service providers that may assist us in recruiting talent, administering, and evaluating pre-employment screening and testing, and improving our recruiting practices.
We maintain processes designed to ensure that any processing of personal data by third party service providers is consistent with this Privacy Notice and protects the confidentiality, availability, and integrity of your personal data. Where required by law, we put in place legal mechanisms designed to ensure adequate level of data protection of your personal data in another country.
In addition, we may disclose or transfer your personal data in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.
If you accept an offer of employment with Diyar, any relevant personal data collected during your pre-employment period will become part of our filing records and will be retained in accordance with specific requirements. If we do not employ you, we may nevertheless continue to retain and use your personal data for a period of time (which may vary depending on applicable regulations for retention) for system administration purposes, to consider you for potential future roles, and to perform analysis/ research activities. Thereafter, we will retain a minimum amount of your personal data to record your recruiting activity with us.
We may retain your personal data to consider you for future employment opportunities and for a period of time specific to that program.
We have implemented generally accepted standards of technical and operational security to protect personal data from loss, misuse, alteration, or destruction.
Sensitive personal data is protected for data in transit by data encryption. In addition to encryption, we have implemented robust network security controls to help protect data in transit. Network security solutions such as firewalls and / or network access control to secure the networks used to transmit data against malware attacks or intrusions.
Only authorized personnel of Diyar and of our third-party service providers are provided access to personal data, and these employees and third-party service providers are required to treat this information as confidential. Despite these precautions, we cannot guarantee that unauthorized persons will not obtain access to your personal data.
Under certain circumstances, by law you have the right to:
a) Request access: To your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
b) Request rectification: Of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. We may need to verify the accuracy of any new data you provide to us.
c) Request erasure: Of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
d) Object to processing: Of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which means we can continue to process your personal data.
e) Request the restriction of processing: Of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
i. if you want us to establish the data's accuracy.
ii. where our use of the data is unlawful, but you do not want us to erase it.
iii. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
iv. You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
f) Right to withdraw consent at any time: Where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you would like to make a request to access, review, erase, object, restrict, withdraw or rectify the personal data we have collected about you, or to discuss how we process your personal data, please contact our DC/ DPO at DPO@Diyar.bh
To help protect your privacy and security, we will take reasonable steps to verify your identity before granting you access to your personal data. We will make reasonable attempts to promptly investigate, comply with, or otherwise respond to your requests as may be required by applicable law. Depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where producing your information may reveal the identity of someone else. We reserve the right to deny your requests where, in the organization’s discretion, they may be unfounded, excessive, or otherwise unacceptable under applicable law.
In addition, and where granted by applicable law, you may have the right to lodge a complaint with a competent data protection authority.
We do not make recruiting or hiring decisions based solely on automated decision-making.
Cookies and other tracking technologies
By accepting this policy or providing us with your personal data or providing your sensitive personal data or uploading your documents to our website or sending it over E-mail you provide us with your consent and confirmation of understanding of the below:
1. Agree to this Privacy notice and all it’s contents.
2. Hold personal and sensitive personal data about you in order that we can process your employment application.
3. Use and process your personal data relating to your job application (examples of which are listed below and above).
Include only if automated Processing of applications: [We do use automated application/ CV scanning software to search for key essential job criteria (e.g. relevant qualifications). If you would like your application to be examined by one of our staff, please make this clear in your application.]
The data we wish to obtain and hold (a range of examples provided, but not limited to:
|S.No||Type of Data||Why we wish to hold it||How long it will be kept for|
1. Previous employers
2. Types of job held at other companies
3. Previous salaries
4. Skills and qualifications obtained
5. Background checks
7. Educational certificates
8. Languages Spoken
|• This will allow us to decide on your suitability for employment/engagement
• It will help us to decide which dept. you may be most suitable in
|• To ensure we are aware of any medical issues you may have and can make provisions for these if you have a medical requirement at the workplace should there be an offer of employment.|
2 Health records/ disability information
• To ensure we are aware of any medical issues you may have and can make provisions for these if you have a medical requirement at the workplace should there be an offer of employment.
• Data obtained during recruitment will only be kept until either your application has been declined and then destroyed subject to legal requirements or retained for future job recruitment opportunities.
|To ensure we are aware of any medical issues you may have and can make provisions for these if you have a medical requirement at the workplace should there be an offer of employment.||• Data obtained during recruitment will only be kept until either your application has been declined and then destroyed subject to legal requirements or retained for future job recruitment opportunities.
• If employment is offered, it will be governed by the policies related to employment with the organization.
In giving my consent:
1. I understand that I can ask to see this data to check its accuracy at any time via a subject access request.
2. I understand that I can ask for a copy of my personal data held about me at any time, and this request is free of charge.
3. I understand that I can request for data that is no longer required to be held, to be removed from my file and destroyed, subject to local laws on records retention.
5. I understand I can contact the DC/DPO directly if I have any questions or concerns by sending an E-mail to DPO@Diyar.bh .
6. I understand that you are the Data Controller for my employment, and I can contact you directly if I have any questions or concerns about my personal data.