California Privacy Notice for Job Applicants

CALIFORNIA PRIVACY NOTICE FOR JOB APPLICANTS

September 2023

About this Privacy Notice

During the course of our activities we, GroupM, will process personal information (which may be held on paper, electronically, or otherwise) about applicants for roles in our business and we recognize the need to treat it in an appropriate and lawful manner, in accordance with the California Privacy Rights Act (CPRA) and other applicable data protection laws. The purpose of this privacy notice (“Notice”) is to make you aware of how we, as a Business, will handle your personal information. This notice applies to job applicants (“Applicant”) who are residents of the State of California.

This Notice also serves as our “Notice at Collection” under the CPRA.

We may amend this notice at any time, for which we do not require Applicant approval, but we will keep Applicants informed of material changes.

Data protection principles

We will comply with the following data protection principles and such additional conditions for processing as may be relevant under applicable law, which include:

  • (a) Lawfulness, fairness and transparency.
  • (b) Purpose limitation.
  • (c) Data minimization.
  • (d) Data accuracy.
  • (e) Storage limitation.
  • (f) Integrity and confidentiality.
  • (g) Accountability.

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as collecting, accessing, disclosing, storing, selling, sharing, destroying or using the data in any way.

Categories of personal information we collect

We may collect the following categories of personal information for the purposes explained below:

  • Personal identifiers:such as your name, home address, phone number, email, passport number, driver’s license number, date of birth, signature, education, bank details, medical information, health insurance information and unique personal identifiers (such as device IDs, cookies, beacons, pixels, mobile device IDs, and similar technologies).
  • Personal information protected under California Civil Code Section 1798.80(e):such as information about your age, race, ethnicity, marital status, sex, or gender.
  • Characteristics of protected classifications under California or federal law:such as your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license information or state ID number, insurance policy number, education information, employment information, commercial information, including records of personal property, products or services purchased, obtained or considered or other purchasing or consumer histories or tendencies, bank account number, other financial information, medical information, biometric information or health insurance information.
  • Professional or employment-related information:such as your academic background, employment record, employment contract, references, information relating to your achievements, accreditations and awards, training, performance evaluations, any termination information.
  • Education information, such as your academic background, education transcripts, and information related to your achievements, accreditations and awards, and training.
  • Sensory data:such as video or audio information relating to your interview or CCTV footage as monitored by our security cameras in the facilities we operate.
  • Inferences taken from other personal information, including information to create a profile:information inferred from information gathered sources to create your profile e.g., this could refer to things like your characteristics, behaviour, abilities.
  • Sensitive personal information:as defined in the CPRA, such as your driver’s license information, passport information, bank details, precise geolocation information, biometric data, or information about your race, sexual orientation, health, or ethnic origin.

We may also collect notes linked to job interviews, information obtained from our background screening, test results or any other information you provide when applying for a job with us.

Sources of personal information

We will collect personal information directly from you during your application process or when you otherwise contact us.

In most instances, you are required to make your personal information available (such as part of your job application), and the supply of the information is accordingly mandatory. In instances where it is voluntary, we will inform you accordingly.

We may combine personal information that you provide us with information we collect from elsewhere. Such sources may include:

  • Recruitment partners;
  • Academic institutions;
  • Social media platforms or publicly accessible sources (e.g. Twitter, Facebook, Linkedin);
  • Previous employers and references;
  • Pre-employment screening and background check vendors and
  • Other sources as directed by you for example, accreditation boards etc.

Business purposes for collecting personal information

We process the categories of personal information listed above for the following purposes:

  • Recruiting our employees:we use your personal information to manage your job application and application profile, assess your academic background, arrange, and conduct interviews and to liaise with you.
  • Conducting prior screening and background checks:we use your personal information to undertake screening and background checks.
  • Equal opportunities legislation:we may process your personal data in order to report on and monitor globally our progress in promoting equal opportunities and compliance with equal opportunities legislation.
  • Complying with legislation:we use your personal information for the purposes of adhering to applicable laws, to respond to legal orders, resolve legal disputes, action our rights in applicable employment or related contracts. and adhere to legal and regulatory requirements more generally.
  • Our vital interests:we use your personal information to undertake internal investigations, prevent or detect fraud or security incidents, protect our employees’ rights and safety, manage whistleblowing cases, and adhere to our company policies.

Disclosure of personal information

We may share your personal information for the business purposes described in section 5 of this notice, with the following third parties:

  • Affiliates and subsidiaries:we may share your personal information with our affiliates and subsidiaries.
  • Service providers:we may share your personal information with service provides (these could include head-hunters, vendors who undertake screening services or background checks, third party benefit providers, payroll firms, and finance vendors).
  • Professional service firms:we may share your personal information with advisors such as auditors or legal counsel.
  • Persons involved with business acquisitions or mergers:we may share your personal information to third parties in the event of a merger, acquisition, joint vendor, dissolution, liquidation or other type of re-organisation).
  • Government:we may share your personal information with governmental authorities such as federal agencies, courts, and other government authorities where are required under applicable law.

Purpose limitation

We will only process your personal data for the specific purpose or purposes notified to you.

Data minimization

Your personal information will only be processed to the extent that it is necessary for the specific purposes notified to you.

Data accuracy

We will keep the personal information we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.

Storage limitation

We will not keep your personal information for longer than is necessary for the purpose or otherwise required in law. This means that data will be destroyed or erased from our systems when we are no longer required or authorized to retain it.

Data security

We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.

We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. We will only transfer personal information to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures.

Maintaining data security means guaranteeing the confidentiality, integrity, and availability (for authorized purposes) of the personal information.

Your rights

The CPRA provides you with certain rights in relation to your personal information. These rights include:

  • The right to know:You have the right to access what personal information we have processed about you. This includes the categories of personal information we have collected, the categories of sources from where we have collected personal information, the business purpose of collect or disclosing your personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of information we have collected about you.
  • The right to delete:You have the right to delete the personal information we have processed about you.
  • The right to correct:You have the right to correct or amend the personal information we have on file about you that may be incorrect.
  • The right to non-discrimination:You have the right to not be discriminated against for exercising any of the rights outlined above, including the right not to be retaliated against in an employment setting.

The rights outlined above may be subject to certain exceptions. To exercise any of your rights, please contact us using the information below. We will respond to your request within the timeframe permitted under applicable law.

Prior to executing your individual rights request, we will first verify your identity by asking you to provide information about yourself and comparing that information with what we have on file about you. The information we may ask you to provide to verify your identity may include your name or some other personal identifier. You may also authorize an agent to submit a request on your behalf by submitting a written permission that authorizes the agent to act on your behalf and includes your signature. If you use an authorized agent, we will still take steps to verify your identity.

Please note that we do not “sell” or “share” your personal information, as those terms are defined under the CPRA. Additionally, we do not use your “sensitive personal information” for any purposes that would permit you to limit our use of such information. You may review Cal. Civ. Code Section 1798.121(a) to learn more about these permitted purposes.

Contact and queries

We will not discriminate or retaliate against you if you choose to exercise any of your rights under the CPRA.

Should you have any queries regarding this notice or processing of personal information by GroupM please contact us by email at [email protected] or by telephone at 1 (888) 203-7903.