RECRUITMENT PRIVACY NOTICE
SCOPE OF THIS PRIVACY NOTICE
- Like most businesses, we hold and process a wide range of information, some of which relates to individuals who apply to work for us, including personal data. This notice explains the type of information we process when you apply to work for us and the information we process in connection with our recruitment process, why we are processing it and how that processing may affect you.
Please note that if you accept an offer from us the business will process further information as part of the employment relationship and we will provide you with our Workplace Privacy Notice for employees and other workers as part of the on-boarding process.
In this notice ‘we’, ‘us’ and ‘our’ refers to the relevant company that acts as the ‘data controller in respect of your personal data, a list of which is set out in the Annex of this document. ‘Data controller’ means the person that determines the purposes and means for which your personal data is processed. In the context of this notice, the relevant data controller of your personal data is the company which you apply to work for:
This notice is set out in this document (the “Core Notice”) and the Supplementary Information in the Annex to this document.
In the Supplementary Information, we explain what we mean by “personal data”, “processing”, “special personal data” and other terms used in the notice.
2. In brief, this notice explains:
- what personal data we hold and why we process it;
- the legal grounds which allow us to process your personal data;
- how long we keep your personal data;
- how to access your personal data and other rights; and
- how to contact us.
PERSONAL DATA – WHAT WE HOLD AND WHY WE PROCESS IT
3. We process your personal data for recruitment, management, administrative, employment and legal related purposes. The Supplementary Information provides more specific information about these purposes, on the type of personal data that may be processed and the grounds on which we process it. See Legal grounds for processing personal data and Further information on the data we process and our purposes.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
4. In general, we only keep your data for as long as necessary for the purpose for which it was collected and in accordance with the following retention periods:
(a) Successful candidates: if you become employed by us we will keep your personal data for the duration of your employment with us and then for a certain period of time thereafter (further information will be provided in our Workplace Privacy Notice).
(b) Unsuccessful candidates: if you are unsuccessful in gaining employment with us, we usually keep your personal data for up to 12 months from the date that we received your application, unless you agree that we can retain it for longer (in which case we retain the information for such longer period that you have agreed to).
(c) Other information: certain other information collected in connection with the recruitment process, may be kept for a shorter time period (e.g. CCTV footage data if you attend our premises for an interview) which we will store and delete such data in accordance with our internal retention policies.
5. In certain limited cases, we may keep your personal data for different periods of time including for periods of time that may not have a finite retention period where such period of time will depend on particular circumstances relating to your personal data (e.g. in the event that it relates to a legal claim). Where there is no finite retention period we take into account the following criteria in order to determine how long to retain your personal data including the relevance and usefulness of the personal data to our business and any legal obligations or interest in we have in retaining your personal data (e.g. to exercise or defend against a potential claim).
TRANSFERS OF PERSONAL DATA OUTSIDE THE UK
6. We will, where necessary and as set out in this notice, transfer your personal data outside the UK, in particular to third party service providers and other group companies located in both adequate and non-adequate countries for data protection purposes (a country is considered “adequate” if it is subject to an adequacy decision which is recognised by the UK).
7. Where we transfer your personal data to a non-adequate country, we will ensure appropriate safeguards are in place (e.g. standard contractual clauses or the transfer takes place under the UK Extension to the EU-U.S. Data Protection Framework). You can obtain a copy of these safeguards by contacting us using our contact details set out below in this notice. Further information on transfers under the UK Extension to the EU-U.S. Data Protection Framework is set out in the Annex.
CONSEQUENCES OF NOT PROVIDING PERSONAL DATA
8. When you apply to work for us, some of the personal data that we process about you comes from you. For example, you tell us your contact details and work history.
9. If you do not provide information that we need to evaluate your application or enter into a contract with you, we may not be able to progress through the relevant stage(s) of the recruitment process or enter into a contract with you.
WHO WE SHARE YOUR PERSONAL DATA WITH
10. We will only disclose your personal data if doing so is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.
11. We will disclose your data if:
(a) it is necessary for our legitimate interests as an organisation or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy);
(b) where we are required to do so by law, in connection with criminal, regulatory or an investigation by a public body (e.g. the police); or
(c) with your consent.
12. Specific circumstances in which your personal data may be disclosed include:
organisations and service providers that process data on our behalf e.g. third parties that provide or host our websites, IT systems and information (e.g. our email provider);
- third party recruitment consultants and similar businesses (including online recruitment portals) as a part of the recruitment process, particularly where you have applied to us via a recruiter or third party website;
- referees, in connection with our referencing processes;
- group companies (e.g. where information is shared internally in connection with your application);
- disclosure of aggregated and anonymised diversity data to relevant regulators as part of a formal request (see above); and
- to a third-party organisations in connection with a potential or actual business transaction (e.g. a merger or acquisition).
YOUR DATA PROTECTION RIGHTS
13. You have various rights in relation to the personal data we hold about you, including:
Right to make a subject access request
You have the legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information about it, including giving you a description and copy of the personal data and telling you why we are processing it.
Other rights
You may have a legal right to have your personal data rectified or erased, to object to its
processing or to have its processing restricted. If you have provided us with data about yourself (for example your address), you have the right to be given the data in machine readable format, including to have it transmitted to another data controller (this only applies if the ground for processing is Consent or Contract, as defined in the Annex).
If we have relied on Consent as a ground for processing, you may withdraw your consent at any time but doing so will not affect the lawfulness of our processing of your personal data which we conducted on the basis of your consent prior to you withdrawing it.
Right to complain
If you have a complaint relating to our processing of your personal data, you should raise these with your contact in the recruitment team in the first instance or with our Data Protection Officer.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at http://ico.org.uk
CONTACT DETAILS AND DATA PROTECTION OFFICER
14. We have appointed a data protection officer whose role in relation to data protection includes informing and advising us and those of our employees who are involved in processing data of their obligations under data protection legislation. Our contact details and those of our data protection officer are as follows:
Omnicom Media Group Europe Limited
Attn: Data Protection Officer
Bankside 3, 90-100 Southwark Street
London
SE1 0SW
United Kingdom
[email protected]
STATUS OF THIS NOTICE
15. This notice does not form part of any contract of employment or engagement that you may enter into with us and does not create contractual rights or obligations. It may be amended by us at any time. Nothing in this notice is intended to create an employment relationship between us and any non-employee.
Version 3, March 2024
ANNEX: SUPPLEMENTARY INFORMATION
LIST OF DATA CONTROLLERS
Company Name | Company Number |
Adylic Limited | 11531861 |
Drum OMG Limited | 02904456 |
Empyrean OMG Limited | 13240527 |
Hearts & Science Limited | 10445362 |
Mobile5 Media Limited | 07554778 |
OMD EMEA Limited | 04094368 |
OMD Group Limited | 02078820 |
Omnicom Media Group Europe Limited | 01662822 |
Omnicom Media Group UK Limited | 04431736 |
PHD International Limited | 03750670 |
PHD Media Limited | 02423952 |
Resolution Media UK Limited | 03802728 |
Verve Search Limited | 06803568 |
WHAT DO WE MEAN BY “PERSONAL DATA” AND “PROCESSING”?
- “Personal data” is information relating to you (or from which you may be identified directly or indirectly) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system.
Data “processed by automatic means” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device. It covers data derived from equipment such as access passes within a building, data on use of vehicles and sound and image data such as CCTV or photographs.
“Processing” means doing anything with the data. For example, it includes collecting it, holding it, disclosing it and deleting it.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical
beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric
data are subject to special protection and considered by data protection laws to be “special
category data”.
References in this notice to employment, work (and similar expressions) include any
arrangement we may have under which an individual provides us with work or services, or
applies for such work or services. By way of example, when we mention an “employment
contract”, that includes a contract under which you provide us with services; when we refer to
ending your potential employment, that includes terminating a contract for services. We use
the word “you” to refer to anyone within the scope of the notice.
LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
WHAT ARE THE GROUNDS FOR PROCESSING?
2. Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts more than one ground applies. We have summarised these grounds as Contract, Legal obligation, Legitimate Interests and Consent and outline what those terms mean in the following table.
Term | Ground For Processing | Explanation |
Contract | Processing necessary for performance of a contract with you or to take steps at your request to enter a contract. | This covers carrying out our contractual duties and exercising our contractual rights. |
Legal obligation | Processing necessary to comply with our legal obligations. | Ensuring we perform our legal and regulatory obligations. For example, providing safe premises and avoiding unlawful discrimination. |
Legitimate Interests | Processing necessary for our or a third party’s legitimate interests. | We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data.
Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms. |
Consent | You have given specific consent to processing your data. | In general processing of your data in connection with employment is not conditional on your consent but there may be limited occasions when where it is applicable. |
PROCESSING SPECIAL PERSONAL DATA
3. If we process special personal data about you (for example (but without limitation), storing your health records to assist us in ensuring that we provide you with a healthy and safe work workplace or processing personal data relating to diversity monitoring), as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing special personal data applies. In outline, these include:
- processing being necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law;
- processing relating to data about you that you have made public (e.g. if you tell us you are ill);
- processing being necessary for the purpose of establishing, making or defending legal claims; processing being necessary for provision of health care or treatment, medical diagnosis, and assessment of your working capacity; and
- processing for equality and diversity purposes to the extent permitted by law.
FURTHER INFORMATION ON THE DATA WE PROCESS AND OUR PURPOSES
4. The Core Notice outlines the purposes for which we process your personal data. More specific information on these purposes, examples of the personal data and the grounds on which we process that personal data are set out in the table below.
The examples in the table cannot, of course, be exhaustive. For example, although the table does not mention data relating to criminal offences, if we were to find out that someone applying to work for us was suspected of committing a criminal offence, we might process that information if relevant for our purposes. In certain circumstances, we may also require criminal background checks (for example, for those working in financial roles).
Purpose | Examples of personal data that may be processed | Grounds for processing |
Application and recruitment process administration activities.
Administering our recruitment process including processing receipt of your application via our online Careers Portal. |
CV information and information you otherwise submit to us in connection with your application (e.g. via our Careers Portal), such as your:
|
Legitimate interests: Administering our recruitment process and processing candidate applications. |
Evaluating you and your application for the role.
Assessing your suitability for the role and reaching a decision including reviewing the information that has been provided to us about you and which we have obtained from interview with you (as applicable). Evaluating your experience and qualifications against the requirements of the position you are applying for. |
CV information, in particular your:
Information you provide to us or we obtain during interview such as your responses to our questions our interview notes and assessments of your application and performance. If necessary, we will also process information concerning your health, any disability and in connection with any adjustments to working arrangements. |
Legitimate interests:
Ensuring that we hire a suitable person for the available role. Contract Legal obligation |
Verifying your identity, right to work and application information.
Verifying your identity and the information you have provided as part of the recruitment process including your references and right to work in the jurisdiction. |
Name
Identity Information such as passport, driver’s license, national identity cards, utility bills and any other information used to verify your identity. CV information and reference related information, in particular, qualification information and previous roles held. |
Legal obligation
Legitimate interests: Ensuring the information we process about candidates is correct and accurate. |
Communicating with you in connection with the recruitment process.
Contacting you in connection with the recruitment process e.g. to confirm interview availability, inform you of the status of your application, respond to queries and questions or communicate acceptance or rejection of your application and making you an offer of employment. |
Contact Details such as phone number (home, mobile and/or work); email address (personal or work, as provided); and address (home and/or work, as provided). | Legitimate interests: Administering our recruitment process and ensuring your recruitment process runs smoothly and efficiently. |
Entering into a contract with you (if you are made an offer by us) | Information on your terms of employment from time to time including your hours and working patterns, your pay and benefits, such as your participation in pension arrangements, life and medical insurance; and any bonus or share schemes. | Contract
Legal obligation |
Contacting you or others on your behalf | Your address and phone number, emergency contact information and information on your next of kin. | Legitimate interests: Ensuring your safety and safeguarding your interests |
Payroll administration | Information on your bank account, pension contributions and on tax and national insurance.
Your national insurance number or other government issued identifier. |
Contract
Legal obligation |
Financial planning and budgeting | Information such as your proposed salary and (if applicable) envisaged bonus levels. | Legitimate interest:
Ensuring the financial viability of our business |
Monitoring of diversity and equal opportunities | Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age as part of diversity monitoring initiatives. Such data will aggregated and used for equality of opportunity monitoring purposes. Please note we may share aggregated and anonymized diversity statistics with regulators if formally required / requested. | Legitimate interests
Promoting equality across our workforce |
Physical and system security | CCTV images upon attendance for interview at our premises. | Legitimate interests:
Safeguarding our premises, staff and visitors. |
Business transactions
Providing information to third parties and group companies in connection with transactions that we contemplate or carry out. |
Information on any offer made to you and your proposed contract and other employment data that may be required by a party to a transaction such as a prospective purchaser, seller or outsourcer. | Legitimate interests:
Facilitating business transactions. |
Disputes and legal proceedings | Any information relevant or potentially relevant to a dispute or legal proceeding affecting us. | Legal obligation
Legitimate interests: Establishing, exercising or defending against legal claims. |
EU-U.S. Data Privacy Framework / Swiss-U.S. Data Privacy Framework / UK Extension to the EU-U.S. Data Privacy Framework
We and certain affiliates comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as set forth by the U.S. Department of Commerce regarding the notice, choice, onward transfer, security, data integrity, access and enforcement of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States.
We and certain affiliates have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Principles with regard to the processing of personal data received from the European Union, United Kingdom, and Switzerland and are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between the terms in this Privacy Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.
When we receive personal information under the Data Privacy Framework and then transfer it to a third-party recipient acting as our agent, we have certain liability under the Data Privacy Framework. If the agent processes the personal information in a manner inconsistent with the Data Privacy Framework Principles, we will be responsible for the event giving rise to the damage.
If you are a resident of the European Union, United Kingdom, or Switzerland and are not satisfied with the manner in which we have addressed your concerns about our privacy practices, you may seek further assistance, free of charge, from our designated Data Privacy Framework independent recourse mechanism. You may have the option to invoke binding arbitration for the resolution of your complaint under certain circumstances. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Please note that we may need to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/. Our affiliates certified under the Data Privacy Framework include Accuen Inc., OMD Worldwide Holdings, Inc., Media Services, Inc., Resolution Media Inc., Pathway Group LLC, Hearts and Science LLC, OMG Entertainment & Sports LLC, PHD Media LLC, OMD USA LLC.