Candidate Privacy Notice
1. WHAT IS A PRIVACY NOTICE?
This Privacy Notice (the Notice) applies to all individuals engaging in a job application process with the Company.
The Company (“we”, “our” and “us”) is the controller of your Personal Data which means that by law we are responsible for deciding how we hold, use and secure your Personal Data.
In this Notice we set out what information we collect about you, how we will use it and for what purpose, in all cases in accordance with applicable Data Protection Laws.
We review this Notice regularly and we may modify it from time to time. When we update this Notice, we will provide you with an updated copy as soon as reasonably practicable.
2. WHAT DATA PROTECTION PRINCIPLES DO WE ADHERE TO?
We comply with the following seven (7) internationally recognized data protection principles:
1. Lawfulness, Fairness, Transparency: we Process Personal Data lawfully, fairly, and in a transparent manner. This means that we can only Process Personal Data where we have a lawful basis to do so.
2. Purpose Limitation: we only collect Personal Data for specified, explicit and legitimate purposes and we do not Process any such data in a manner that is incompatible with these purposes.
3. Data Minimization: we only Process Personal Data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which such Personal Data is Processed.
4. Accuracy: we will ensure that all Personal Data that we process is accurate and, where necessary, kept up-to-date and it is the responsibility of the Company Personnel to fulfil their responsibilities regarding collecting and updating accurate information.
5. Storage Limitation: we store and retain Personal Data for no longer than is necessary for the purposes for which the Personal Data is Processed.
6. Integrity and Confidentiality: we implement appropriate organisational and technical measures to protect against any unauthorized or unlawful Processing and against accidental loss, destruction, or damage of Personal Data. This includes technical IT security measures to protect Personal Data.
7. Accountability: we are responsible for demonstrating our compliance with applicable Data Protection Laws.
3. WHAT PERSONAL DATA WILL WE COLLECT AND USE?
As part of the application process with the Company, it is routine for us to collect, store and Process Personal Data about you. We may also ask you for certain Personal Data.
This Personal Data may include, but is not limited to:
• Your name, date of birth, address, contact details, marital status, gender, passport details, nationality and signature;
• Your academic record and qualifications;
• your recruitment and employment history; or
• Any other information you have provided to us voluntarily including in your application form, curriculum vitae or during interview.
We obtain this Personal Data either directly from you or sometimes from third parties such as employment agencies, background check providers, your former employer(s) or referees.
You are required by law to provide certain information to us, for example, to enable us to verify your right to work in the country of hire in the event that we offer you a job. If you fail to provide certain Personal Data when requested, we may not be able to continue with your application.
4. HOW AND WHY WILL WE USE YOUR PERSONAL DATA?
We need to use your Personal Data to process your application and determine your suitability for the vacant role or a potential role within the Company in future. We also need to ensure that we comply with our legal obligations regarding checking your right to work in the applicable country. In some cases, we may also use your Personal Data for our legitimate interests.
The situations in which we will commonly use your Personal Data and the legitimate interests we rely on to Process your Personal Data include:
• Assessing your skills, qualifications and suitability for the role;
• Carrying out our screening processes;
• Communicating with you about the recruitment process;
• Making informed and fair recruitment decisions;
• Maintaining appropriate records of our recruitment process; or
• Monitoring activities and ensuring compliance with our policies and procedures, for example if permitted or required by Data Protection Laws, capturing CCTV video imagery during your visit to Company premises.
No decision will be made about you solely on the basis of automated decision making.
5. WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?
The Company is part of a global organization, and we must ensure the provision of effective and efficient services and communication throughout the Group. As such, we may be required to transfer your Personal Data within the Group.
We will also need to share your Personal Data with third parties from time to time, including:
• Our colleagues within the Company where it is necessary for them to undertake their duties with regard to recruitment. This includes, for example, the HR department, and those in the department where the vacancy is;
• Our medical adviser, insurance providers, and/or occupational health providers in relation to any pre-employment medical questionnaire/examination;
• Previous employers, or named individuals as part of a reference request process;
• Our Group companies for the purposes of future employment;
• An external authority/security agency, where enhanced checks are required due to the sensitive nature of the role (in which case you will be specifically informed this is to happen); or
• Regulatory authorities (including Supervisory Authorities) we may be subject to for the purpose of demonstrating compliance with Data Protection Laws or to comply with a judicial proceeding, court order or any legal process served on the Company or the Group.
We may share your Personal Data with other third parties, for example in the context of the possible sale or restructuring of the Company. In this situation, we will, so far as possible, share only encrypted or anonymized data with the other parties to the transaction before the transaction completes. Once the transaction is completed, we will share your Personal Data with the other parties to the transaction if and to the extent required under the terms of the transaction, in which case, we may notify you if required under applicable Data Protection Laws.
All our third-party service providers and other entities within the Company or the Masdar Group are required to implement appropriate security measures to protect your Personal Data in line with our policies and the measures described in this Notice. We do not sell, trade or distribute your Personal Data for commercial purposes, and we do not allow our third-party service providers to use your Personal Data for their own purposes. We will only permit them to Process your Personal Data for specified purposes and in accordance with our instructions.
6. WHERE MIGHT WE TRANSFER YOUR PERSONAL DATA?
In circumstances where we do need to share your Personal Data, the recipient may be located outside of the country in which you are residing, and your Personal Data may be Processed in countries where the Data Protection Laws may not be equivalent to, or as protective as, the Data Protection Laws in your home country.
Where the Supervisory Authority in your home country has not issued an adequacy decision in relation to each country where your Personal Data is to be Processed, we will only transfer your Personal Data to such country where appropriate safeguards have been put in place to protect your Personal Data in accordance with applicable Data Protection Laws. This may include the use of data transfer agreements and standard data protection clauses. We may also rely on alternative mechanisms to make the overseas transfer where we are permitted to do so by applicable Data Protection Laws.
If you would like to know more about this, see the contact details at the bottom of this Notice.
7. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
If you are successful with your job application, your Personal Data will be kept in accordance with our Employee Privacy Notice. If you are unsuccessful with your job application, your Personal Data will be kept for the duration of the application process, plus a reasonable period of time after confirmation that your application was unsuccessful to allow us to record the reasons for our decision in relation to our application (including so that we can exercise, establish, or defend any legal claim). We will also keep your Personal Data for the period required by applicable laws and where permissible, we may also retain your Personal Data for a reasonable period to consider you for another suitable opening within the Company in the future. We will also keep your Personal Data where we need to do so in connection with any legal action or investigation involving the Company. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we Process your Personal Data, and whether we can achieve such purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
8. HOW DO WE KEEP YOUR PERSONAL DATA SECURE?
Data security is very important to us and to protect your Personal Data we have implemented extensive policies, procedures and technical measures to safeguard and secure data collected about you, in all cases in accordance with applicable Data Protection Laws. These measures vary depending on the nature and sensitivity of the Personal Data we collect and are designed to prevent unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. Examples of measures the Company has implemented include:
• Access controls;
• Encryption;
• Endpoint Detection & Response;
• Security Monitoring and Logging; and
• Security Awareness Training
In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know and all such recipients are subject to binding duties of confidentiality. They will only Process your Personal Data on our instructions.
We have also put in place procedures to deal with any suspected data security breach and will notify you and any Supervisory Authority of a suspected breach where we are required to do so under applicable Data Protection Laws.
9. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?
In accordance with Data Protection Laws and under certain conditions, you may have the right to require us to:
• Provide you with clear, transparent and easily understandable information about how we use your Personal Data and your rights;
• Provide you with access to the Personal Data we hold about you;
• Correct your Personal Data we hold about you if it is inaccurate or incomplete;
• Delete or remove any of your Personal Data that we no longer have a lawful ground to use, unless an exception applies at law;
• Where Processing is based on consent, stop that particular Processing by withdrawing your consent at any time;
• Object to certain types of Processing of your Personal Data;
• Restrict how we use your Personal Data, provided that we may still store your Personal Data; or
• Transfer your data to you or a third party in a standardized machine-readable format without affecting its usability.
We usually act on requests and provide information free of charge. Alternatively, we are entitled to refuse to act on a request that we reasonably deem is baseless, excessive or repeated, or where the request is for further copies of the same information.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
You also have the right to lodge a complaint about the way we handle or Process your Personal Data with the Supervisory Authority.
10. CONTACT US
If you have any questions or concerns about this Notice, or our privacy practices, you can contact us at ethics@masdar.com.
Reporting Breaches:
Masdar has a zero-tolerance approach to retaliation against anyone raising a concern. Those who engage in retaliatory behaviour will be subject to disciplinary action, including but not limited to termination of employment.
Direct any questions, concerns, or any known or suspected violations of this Privacy Notice or related Policies or Procedures to the Ethics & Compliance Team in person or through the Helpline (helpline.taqa.com).
11. DEFINITIONS
In this Privacy Notice, except where the context otherwise demands, the following words and expressions shall have the following meaning:
|
Term |
Definition |
|
Company/we/us |
The entity within Masdar responsible for determining the purposes and means of Processing your Personal Data. |
|
Company Personnel |
All directors, officers, employees and secondees of the Company. |
|
Company/we/us |
The entity within Masdar responsible for determining the purposes and means of Processing your Personal Data. |
|
Data Protection Laws |
Applicable Data Protection Laws that apply to the Processing of Personal Data, including any local laws and regulations that may apply in your home country. |
|
Data Subject |
An identifiable person who is the subject of Personal Data. |
|
Ethics & Compliance Team |
The Company’s Ethics & Compliance Team. |
|
Masdar |
Abu Dhabi Future Energy Company PJSC - Masdar |
|
Masdar Group/Group |
Masdar, any entity, operation, or investment controlled by Masdar (including the Company) and any entity, operation, or investment that adopts the Code of Ethics & Business Conduct from time to time. |
|
Personal Data |
This is very broadly defined under Data Protection Laws and includes any information which relates to a living individual who can be identified, directly or indirectly, from that information. Examples of Personal Data (not limited to) are a person’s name, address, date of birth, photographs, telephone numbers, email addresses, next of kin, passport details, IP addresses, location data, and bank and payroll information. |
|
Process/Processing/Processed |
Has a very wide meaning under Data Protection Laws and includes obtaining, recording, or holding the information or data or carrying out any operation or set of operations on the information or data, including: |
|
Supervisory Authority |
The applicable data protection regulator in your jurisdiction.
For example, but not limited to: |
