This document relates to Fortna Inc. (Fortna Inc. includes Fortna Inc. and its subsidiaries and will be referred to as “Fortna”, “company”, “we”, “us” and “our”) where General Data Protection Regulations (“GDPR”) apply and explains how Fortna will collect and process personal data relating to job applicants as part of our recruitment process.
We are committed to being transparent about how we collect and use job applicant data and to meeting our data protection obligations.
This document sets out the basis on which we collect, use, and disclose the personal data of our job applicants, as well as your rights in respect of such personal data.
2. Controller and joint controller contact details
The controllers for the processing of personal data are:
Fortna Inc., 333 Buttonwood Street, West Reading, PA 19611, USA; and
in the United Kingdom (“UK”) – Fortna UK Ltd., Gemini House, Linford Wood Business Park, Sunrise Parkway, Milton Keynes MK14 6LS; and
in Germany – Pierau Unternehmensberatung GmbH, Grotenbleken 33, 22391 Hamburg.
3. What information does Fortna collect and how?
The GDPR refers to personal information as “personal data”. We collectively refer to handling, collecting, protecting, or storing personal data as “processing”.
Personal data is anything that enables an individual to be specifically identified or which makes the individual specifically identifiable, such as:
- First, middle, and last names;
- Postal and email addresses;
- Telephone numbers;
- Identity documents (e.g. passports and driving licences);
- Identity numbers (e.g. National insurance and bank account numbers);
- Date of birth, sex, nationality, religion, and ethnic origin;
- Career and educational documents (e.g. CVs and qualifications); or
- Information that is needed in order to employ foreign nationals who are not UK or European Union citizens.
We may collect this information in a variety of ways. For example, data might be contained in application forms or CV’s (including when these are sent to us as part of speculative applications or queries), obtained from your passport or other identity documents, or collected through interviews or other methods of assessment. Most of the information above is collected directly from you via the Company’s Recruitment Management System and directly from you during the recruitment process.
We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek such information from third parties only after you are considered a candidate for an open position at the company; this information will not be collected or utilized from all job applicants.
Data will be stored in a range of different places, including on your application record, in our Human Resources (“HR”) management systems, and our email system.
4. Why does Fortna process personal data?
Fortna collects and processes your personal data for a number of purposes.
Fortna has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm an applicant‘s suitability for employment, and decide to whom to offer a job. We may also need to process personal data from job applicants to respond to and defend against legal claims.
In some cases, we need to process personal data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work in a particular country before employment starts.
Fortna may process information about whether applicants are disabled so we can make reasonable adjustments for applicants who have a disability.
Under the GDPR, applicants have the right not to be subject to a decision based solely on automated processing, for example, automated shortlisting where applicants without a certain level of qualification are automatically filtered out before the applications are considered by the recruiters. Applicants should note that Fortna does not use automated decision-making in its selection process.
Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation, health, or religion or belief, this is for equal opportunities monitoring purposes. Our processing of these types of data will be carried out to ensure you or we can meet our obligations or exercise our rights under law related to employment or (only where applicable) to enable us to establish, exercise or defend legal claims.
We will not use your data for any purpose other than the recruitment process of which you are a part.
5. Who has access to data?
Your information may be shared within the company for purposes necessary to complete the recruitment process. Those within the company receiving personal data may include members of the HR team, interviewers involved in the recruitment process, and managers in the business area with a job vacancy.
We will not share your data with third parties unless your application for employment is successful and an offer of employment is made. We will then share your data with former employers in order to obtain references.
In addition, we may need to share your personal data with a regulator or other government agency or entity in order to comply with the law.
We may also transfer your personal data to other companies within Fortna for the purposes specified in Section 4.
Since some companies of Fortna are not based within the UK, European Union (“EU”) or the European Economic Area (“EEA”), we may transfer personal data to a recipient outside the UK, EU or the EEA. We take appropriate safeguards to secure any transfer or disclosure to and the processing by a non-UK/EU recipient by concluding standard contractual clauses (“SCC”) within the whole of Fortna. For more information, please contact us, see above.
If other Fortna companies have a need to process your personal data, it will be for the same purposes as stated above and under the same lawful basis.
6. How does Fortna protect personal data?
Fortna takes the security of your personal data seriously. Your personal data is stored securely in a range of different places, including HR and Recruitment Management Systems, within electronic documents maintained in a secure network, and on paper stored in secure places with restricted access. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and/or is not accessed except by our personnel in the proper performance of their duties.
7. For how long does Fortna keep personal data?
If your application for employment is unsuccessful (including when you have speculatively applied to us in respect of a role which is not available), we will hold your data on file for 12 months. At the end of that period, your data is deleted or destroyed (unless we need to retain it for longer to exercise or defend any legal claims).
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Fortna personnel file and retained during your employment.
8. Your rights
As a data subject you have a number of rights under the GPDR data protection laws. You can:
- access and obtain a copy of your personal data on request;
- require Fortna to change incorrect or incomplete personal data;
- require Fortna to delete or stop processing your personal data, for example where the personal data is no longer necessary for the purposes of processing;
- object to the processing of your personal data where Fortna is relying on its legitimate interests as the legal ground for processing; or
- ask us, and provide an authorization, to transfer your personal data to another organization.
If you would like to exercise any of these rights or if you have any questions about this notice or our processing of your personal data more generally, please contact firstname.lastname@example.org.
If you believe that the company has not complied with your data protection rights, you can express your concern in the UK to the Information Commissioner’s Office (https://ico.org.uk/) and in Germany to the DPA (email@example.com).
9. What if you do not provide personal data?
You are under no statutory or contractual obligation to provide any personal data to Fortna during the recruitment process. However, if you do not provide the personal data required to meet legal obligations, we will not be able to process your application.