- Our commitment: The protection of your privacy, as well as compliance with applicable data privacy laws, is of great importance to Symantec. This Privacy Notice (“Notice”) outlines and explains how Symantec protects your privacy by processing your Applicant Personal Data (please refer to the Definitions below) in accordance with applicable privacy legislation.
- Goal: The aim of this Notice is to provide you with information on what Applicant Personal Data we process, how and why we process that data, including detailing the data protection principles we abide by, and informing you of the rights you can exercise in relation to your Applicant Personal Data.
- Structure: This Notice is therefore structured around the following key areas:
- What Applicant Personal Data we process
- Why we process your Applicant Personal Data
- How we process your Applicant Personal Data
- What are your rights and how can you exercise them
- Notice to Applicants:
- Localization: Where applicable, this Notice is subject to local law. In the event of any conflict between this Notice and local law, local law will prevail.
2. What Applicant Data we process
2.1 Applicant Personal Data
- Collected directly from you and generated by Symantec: Symantec collects General Applicant Information directly from you when you apply for a position at Symantec, for example your contact details and resume. In addition, we also generate General Applicant Information in relation to you during the course of your application procedure, for example when we take notes during interviews or in relation to your file and documentation. In some cases, you are requested before or during the application procedure to provide Right to Work Information, and in order to prepare your contract and onboarding Personal Financial Applicant Information.
- Collected from third parties: We are also provided or source data about you from other sources which can include third party vendors (such as recruitment agencies or background screening providers), business partners and online platforms if strictly required in the course of the application process – please refer to the purposes described below. For example, this can include conducting and sourcing simple or advanced background verification.
2.2 Sensitive Applicant Personal Data
- Sensitive Applicant Personal Data: Symantec only processes Sensitive Applicant Personal Data in limited circumstances in accordance applicable laws, including when the information is provided by the Applicant and/or required by Symantec as maybe required to meet employment law obligations during the application process.
- Keeping your Sensitive Applicant Personal Data safe: Note that when Sensitive Personal Applicant Data processing is required, Symantec considers this a high risk personal data processing and will apply the highest levels of technological and organizational measures to keep this data safe.
3. Why we process your Applicant Personal Data
3.1 Purpose of Applicant Personal Data processing
We will only process your Applicant Personal Data for specified and lawful processing purposes, described in this Notice which can include any of the following:
- Legitimate business interest: The processing of your General Applicant Information is necessary for the purposes of Symantec’s legitimate interest in recruiting and assessing applicants in the context of the application procedure;
- Contract: the processing is necessary in the preparation of your job offer and/or employment contract;
- Legal obligation: the processing is necessary for us to comply with our legal obligations (not including contractual obligations). For example: compliance with employment and right to work laws;
- Upon your request: There maybe exceptional circumstances where you may request us to disclose your Applicant Data to other people or organisations such as companies handling a data subject claim on your behalf, or otherwise.
We process your Applicant Personal Data for the following purposes:
|Talent Acquisition & Onboarding
Candidate selection and assessment, tracking of candidates, including pre-employment screening for validation of identity and background and reference checks, and the preparation of a job offer and/or your employment contract.
|Data Categories (please see definitions below for categorization)
||Categories of Recipients with whom data maybe shared (outside of Symantec)*
|Applicant Personal Data
Sensitive Applicant Personal Data
- General Applicant Information;
- Personal Financial Applicant Information;
- Right to work information.
- Advanced background checks including data relating to criminal convictions and offences (where permitted by local law);
- Government issued identification number.
- Necessary to enter into an employment contract with you or in order to take steps prior to enter into an employment contract with you
- Necessary to comply with a legal obligation (social security and social protection laws, tax laws);
- Necessary for the purposes of the legitimate interests pursued by Symantec or a third party.
- Cloud service providers;
- External advisors such as law firms or auditors;
- Public authorities in the course of investigations of mergers or acquisitions or criminal investigations.
*Third party transfers: Please note that in some cases these recipients qualify as third parties - other controllers who process your Applicant Personal Data for their own purposes – please refer to the privacy statement or data processing notice of these third parties for information on their processing of your Applicant Personal Data.
4. How we process your Applicant Personal Data
The principles we abide by when processing Applicant Personal Data
4.1 Purpose limitation
Your Applicant Personal Data will be only processed for specified and lawful processing purposes, as detailed in this Notice and will not be further processed in a manner incompatible with those purposes.
4.2 Data Minimization
We will only process Applicant Personal Data that is adequate, relevant and is limited to what is necessary so that we do not process Applicant Personal Data that is not required for any particular task. This also includes restricting access to your Applicant Personal Data to solely those functions/groups of functions that effectively need this data to carry out their work.
4.3 Data is accurate and, where necessary, kept up to date
We take adequate measures to ensure that the Applicant Personal Data that we process about you is accurate and up to date. During the extended retention term (please refer to the paragraph below), we provide you with the ability to correct, amend, or delete inaccurate data where this is appropriate, in accordance with applicable laws. Please see Section 5 for more information on how you can request the correction, amending or deletion of your Applicant Personal Data.
4.4 Data is held for no longer than is necessary
When Applicant Personal Data is no longer required to be stored, we take adequate steps to securely delete, anonymize or transfer the data to an archive (where this is allowed under applicable laws).
4.5 Data is protected by appropriate level of technical and organizational measures
The right security controls are in place to protect against unauthorized and unlawful processing and against accidental loss or destruction of, or damage to, your Applicant Personal Data. This includes both technical controls (e.g. pseudonymization/encryption, role based access control) and organizational controls (e.g. training and awareness).
4.6 Data is only transferred to third parties and/or outside the EEA if there is adequate protection
- To third parties: Where the transfer of EEA based Applicant Personal Data to Third Parties outside the EEA is concerned, we will ensure that the required contractual obligations will be stipulated between us and the third party. In case of international data transfer to countries that do not offer adequate protections outside of the European Economic Area, we will ensure that appropriate safeguards, as required by applicable laws, will be put in place to protect the Applicant Personal Data.
- Within Symantec: Symantec is a global business, and as such we need to transfer data internationally. We are fully committed to ensuring that there are adequate safeguards in place, as required by applicable laws, to protect the Applicant Personal Data we transfer to countries that may not have adequate data protection laws. As part of this commitment, we have adopted an intracompany data transfer agreement that applies to each of our subsidiary entities for any data transfers outside the EEA. and are seeking adoption of Binding Corporate Rules, each of which applies or will apply to the transfer of EEA based Applicant Personal Data across different countries.
5. What are your rights and how can you exercise them
If you are based in the EEA, you have the right:
- To be informed about the collection and use of your Applicant Personal Data by us. This information is shared with you through this Notice;
- Of access to the Applicant Personal Data that we process about you;
- To rectification of inaccurate Applicant Personal Data, or completed if it is incomplete;
- To erasure of your Applicant Personal Data. However, this right only applies under certain circumstances and is not absolute;
- To restrict processing of the Applicant Personal Data. However, this right only applies under certain circumstances and is not absolute;
- To move, copy or transfer your Applicant Personal Data. This right is not absolute, as it only applies to Applicant Personal Data that is directly provided by you and where the processing is based consent or on performance of a contract (see 2.1);
- To object to:
- processing based on legitimate interests (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics.
- Not to be subjected to a decision based solely on automated processing, including profiling:(e.g. automated processing of Applicant Personal Data to evaluate certain aspects about you), which produces legal effects concerning you or similarly significantly affects you unless it is:
- Necessary for entering into, or performance of, a contract between us; or
- Authorized by law (e.g. for the purposes of fraud or tax evasion); or
- You provide your explicit consent.
To exercise these rights or to receive more information, please contact us using the below contact details or by submitting a request through HR ServiceExchange.
Internal - https://Symantec.Service-now.com/hr
External - https://Symantec.Service-now.com/hrp
We will provide you with information on the action taken within one month after receipt of your request. When handling your request we will follow the appropriate procedure relating to Data Subject Access Requests.
||Individuals that apply for a job/position at Symantec, including candidates that are referred to Symantec by recruitment agencies until the moment the Applicant receives a formal rejection or the Applicant signs the employment agreement with Symantec. In the latter case, from that moment onwards the Applicant is considered an Employee and the Employee Privacy Notice is applicable.
|Applicant Personal Data
||Any information related to any identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his identity. The term Applicant Personal Data in this Policy means both Applicant Personal Data that is processed on you in your capacity of Applicant, during the course of your job application at Symantec (as detailed here), as well as Sensitive Applicant Personal Data (please see defined term below). Apart from Sensitive Applicant Personal Data, Applicant Personal Data can refer to the following data categories:
- General Applicant Information: name, gender, data of birth, contact information including home address, phone number, email address, resume / CV and/or completed applicant form containing details of employment and education history, qualifications and vocational training, reports from executive search, recruitment business, interview notes, interview details including hiring decision notes and feedback, background and reference checks;
- Personal Financial Applicant Information: bank account details and any other personal financial information;
- Right to Work Information: nationality, work visa status, copy of employment permit / right to work, sponsorship info / visa.
|Sensitive Applicant Data
||Sensitive Applicant Data includes:
- Advanced background checks including data relating to criminal convictions and offences (where permitted by local law);
- Government issued identification numbers.
||Any operation or set of operations performed upon Applicant Data. This includes collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combining, blocking, erasure or destruction.
|Transfer of information
||Providing a copy of the information or disclosing it, sharing it, granting access to it or making it otherwise available to any person or entity.
|European Economic Areas
||The European Union member states including Iceland, Liechtenstein, Norway (EEA)
||The natural or legal person which alone or jointly with others determines the purposes and means of the processing of Applicant Personal Data.
7. Reporting concerns
- If you believe this Notice may have been violated, immediately submit a confidential report to the Office of Ethics and Compliance online through Symantec’s EthicsLine, over the phone (US/Canada 1.866.833.3430, international numbers listed on EthicsLine), or via e-mail. Reports may be made anonymously through EthicsLine online, where permitted by local law.
- You may also choose to report your concern to HR.
- Symantec will not tolerate retaliation against anyone, who in good faith, reports a concern or cooperates with a compliance investigation, even when allegations are found to be unsubstantiated.
8. Identity of the Controller and Contact details
If you are a EEA based Applicant then the entity with whom you are seeking employment is the Controller for the processing of your Applicant Personal Data.
We have tried our best to make this policy as concrete and complete as possible. For further clarification on this Policy, to file a complaint or in the event you would like to make a data subject right request, please use the following contact details:
Contact the Privacy Office
If you have any queries or concerns in relation to the contents of this Notice, please contact the Global Privacy Office [firstname.lastname@example.org] in the first instance.
Additionally, you can also contact our Data Protection Officer [DPO@HewardMills.com].
Right to lodge a complaint with the Supervisory Authority
If you are a EEA based Applicant then you have the right to lodge a complaint directly with the data protection authority about how your Applicant Personal Data is processed. Please find a link here with an overview of the relevant authorities.