Valid as of 25 May 2018
Personal Data Protection Notice
In accordance with the General Data Protection Regulation of the European Union, the following notice provides an overview of the principles of personal data processing in Manpower OÜ (hereafter referred to as the Controller).
The Controller is Manpower OÜ, whose registered office is in Estonia.
Collected personal data are processed by the Controller. Furthermore, personal data may be processed or jointly processed by the Controller and its affiliates.
This notice is intended for (1) candidates for jobs and users of our career services, (2) employees we hire or send to a client’s premises to perform a task and individuals we provide with services related to finding a new job or changing jobs after the termination of their employment relationship, (3) users of the websites and apps (hereafter referred to as the Site) listed here and (4) our business partners, clients and suppliers’ representatives. The notice does not concern our main office and local statutory staff who are employees of and work directly for ManpowerGroup, not its clients.
The notice shall describe the type of personal data or personal information collected, how the information is used, processed and protected, how long it is retained, who receives it and the rights that a natural person can exercise in relation to their personal data. It will also describe how you can contact us in relation to personal data protection and exercise your rights. Our data protection activities may vary between countries, as they reflect local practices and legal requirements. Local requirements can be found on the respective local websites.
Information we collect
We may collect your personal data in various ways, such as via our website and social media channels, at our events, over the phone, via job applications, in connection with recruitment or in the course of communicating with clients and suppliers. We may collect a variety of personal data depending on the nature of our relationship with you, including (if permitted by local law) the following:
- contact details (name, postal address, e-mail address and telephone number);
- username and password upon registering on our Site;
- information regarding friends or people we should contact (the Controller assuming that the individuals in question have given their consent for this);
- other data that you may provide us with, for instance in surveys or
- via the ‘Contact us’ function on our Site.
If you are an employee or candidate, applying for a job or creating an account for that purpose, we may collect the following personal data (if permitted by local law):
- previous work experience and education;
- language skills and other work-related skills;
- personal identification code or another officially issued identification number;
- date of birth;
- bank account details;
- citizenship and the validity of your work permit;
- information on benefits;
- tax information;
- information provided by referees;
- information set out in your resume, work-related interests and other information regarding your professional qualifications.
If required by law, you must give explicit consent for:
- the processing of information related to disabilities and health;
- the use of the results of a drug test, criminal record inquiry or other form of background check. We also may collect information that you provide about other people, such as someone we should contact in the event of an accident.
How collected data are used
The Controller compiles and uses data that have been collected in order to:
- offer workforce-related solutions and help people find work;
- create and manage online accounts;
- process payments;
- manage client and supplier relationships;
- send advertising material and notices concerning job vacancies and other matters in accordance with the Controller’s notice concerning cookies and advertisements (which forms part of this notice via a reference);
- send notices concerning special events, sales promotions, programmes, tenders, surveys, competitions and market research and manage participation in these, if permitted by applicable law;
- respond to the queries and demands of individuals;
- manage, assess and improve our company (including developing, analysing and improving our services; managing our communication; and performing accounting, auditing and other internal operations);
- establish, prevent and defend against fraud and other illegal activities, claims and other obligations;
- comply with and apply valid legal requirements, field standards, contractual obligations and our policies.
Personal data are always processed on an appropriate legal, basis which may include one of the following:
- the consent of the data subject or explicit consent if the applicable law requires it;
- ensuring that we comply with a legal or contractual requirement or with a requirement that is needed for signing a contract (for instance, we may process your personal data in order for your salary and taxes to be paid);
- it is important and necessary in the legitimate interests of the Controller (for instance, to manage users’ website access permissions as offered in relation to the services provided).
If you are an employee or candidate and you are applying for a job or creating an account for that reason, we will use the information described in this notice for the following purposes in addition to the aforementioned activities:
- to offer job opportunities and positions;
- to provide you with personnel services, including the management of employee benefits programmes, payroll preparation, results and disciplinary proceedings;
- to offer you additional services concerning such areas as training, careers counselling and career change;
- to assess the suitability of a candidate and the qualifications of an employee;
- to analyse data, for example (I) to analyse the database of candidates and employees; (II) to assess the results and capabilities of an individual, including their work-related skills; (III) to determine where their skills shortages lie; (IV) to use information to link individuals and job opportunities; and (V) to analyse general data (related to recruitment trends).
We may also use the information for other purposes, in which case we will inform you separately before or while collecting the data.
The Controller may process personal data for a legitimate business purpose that partly or fully includes the following:
- to strengthen, change, personalise or improve in any other way our services/communication with clients, candidates and employees, if the process allows us to do so;
- to detect and prevent fraud;
- to improve the security of our computer network, network connections and information systems;
- to gain a better understanding of how people interact with our websites;
- to display content and advertisements on websites that are of interest to the people who use them in accordance with the Controller’s notice concerning cookies and advertisements;
- to send e-mails that we feel may be of interest to you;
- to determine the effectiveness of sales promotion campaigns and advertisements.
We respect and take into account your rights when processing data for these purposes. You have the right to object to this processing. If you wish to do so, please contact us (see ‘How to contact us’). Please note that if you exercise this right, it may affect our ability to provide services for your benefit.
Ways of processing and protecting personal data
Amongst other things, we process collected data automatically for the aforementioned purposes over a period that accords with our data retention rules so as to guarantee that personal data are not retained for any longer than is necessary.
We implement organisational, technical and physical security measures to guard your personal data against accidental, illegal or unauthorised loss, destruction, modification, access, publication or use. In order to ensure the adequate security and confidentiality of your personal data, we implement the following security measures:
- encryption of transmitted data;
- strong authentication for users;
- reinforced network infrastructure;
- network monitoring solutions;
- only allowing physical access to the Controller’s rooms to those entitled to access them.
Retention period of collected data
We retain collected data in our systems in a way that enables data subjects to be identified for no longer than is necessary for the purpose for which the data were collected or for which data are additionally processed.
We determine the specific period taking into account the following:
- the need to retain collected personal data in order to provide the services requested by the user;
- the need to protect the legitimate interests described under the objectives of the Controller;
- the existence of specific legal obligations that make the processing and retention of personal data necessary for specific periods.
Information we share
We do not share collected data except in the cases set out in this notice, if you have agreed to a certain activity or if it is required by law. We may share personal data with our suppliers who provide services on our behalf and based on the instructions given by us. We do not give such suppliers permission to use or disclose such information unless this is necessary for providing services on our behalf or for complying with legal requirements. We may share your personal data with (I) our subsidiaries and affiliates, (II) clients who may offer job opportunities or are interested in hiring our candidates and (II) others we cooperate with to find you a job, such as consultants and subcontractors.
We may also transmit your personal data if (I) it is required by law, (II) it is legally requested by a law enforcement authority or other government official and (III) we find it necessary or appropriate in order to avoid physical or financial losses or in relation to fraud or illegal activities or their investigation. In addition, we have the right to transmit your personal data if we sell or transfer our entire business or assets or part thereof (including in the event of transformation, dissolution or liquidation).
Transmission of data
We may transmit your personal data to countries in which the data were not originally collected. These countries may not have data protection acts that offer the same protection as the country in which you originally submitted the data. If we transmit your data to other countries, we will protect it in accordance with the methods described in this notice and follow the applicable law.
The countries to which we may transfer your data are:
- Member States of the European Union;
- third countries.
If we transmit you personal data to countries outside of the European Union or to international organisations, the basis for transmission is:
- the adequacy decision of the European Commission;
- in its absence, another permitted legal basis, such as a) a legally binding and enforceable document between public authorities or public bodies; b) binding intragroup rules; or c) standard data protection clauses adopted by the Commission (formerly known as standard contractual clauses).
Rights of data subject
The data subject can exercise the following special rights under articles 15-22 of the General Data Protection Regulation (GDPR):
- Right of access. The data subject has the right of access to their data and the right to verify whether the data are being processed in accordance with the law.
- Right to rectification. The data subject has the right to demand the rectification of inaccurate or incomplete personal data related to them so as to ensure the accuracy of said data and to adapt them for the processing of personal data.
- Right to erasure. In some cases, the data subject has the right to demand that the Controller erase personal data concerning them and that their data no longer be processed.
- Right to restriction of processing. In some cases, the data subject has the right to demand that the Controller restrict processing.
- Right to data portability. The data subject has the right to obtain the personal data concerning them which they have provided to a controller in a structured, commonly used and machine-readable format and the right to request that the Controller transmit said data to another controller.
- Right to object. A data subject who submits their personal data to the Controller has the right to object to the processing of the data at any time without having to justify their decision on different grounds provided for in the GDPR.
- Right to prohibit individual decisions based on automated processing, including profiling. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them.
- Right to lodge a complaint with a supervisory authority. Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their permanent residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the GDPR.
If the processing of personal data is based on consent in accordance with article 7 of the GDPR, the data subject may withdraw their consent at any time.
If you need more information on how your personal data are processed, click on ‘How to contact us’ and scroll down.
This notice (including its annexes) may be updated to reflect any changes in our personal data protection practices and applicable law. In the case of significant changes, we will notify you via a notice on our Site, indicating in the header of each personal data notice when it was last amended.
How to contact us
If you have any questions or comments regarding the personal data protection notice or if you wish to exercise your rights, fill in our application form.