This privacy notice explains how we collect and use your personal information during and after the recruitment process. Zestia Limited is a "controller", which means we are responsible for deciding how we use your personal information. This policy applies to all applicants to Zestia Limited in the UK and CapsuleCRM Inc in the USA and is in line with the UK GDPR and other data protection laws.
When you apply for a role, we may collect the following types of personal data through the application and recruitment process:
- Personal contact details include your name, title, addresses, telephone numbers, personal email addresses, date of birth, gender, marital status, and dependents.
- Recruitment information (including copies of right to work documentation, references, LinkedIn profiles and other information included in a CV or cover letter).
- Employment records (including job titles, right-to-work information, work history, working hours, holidays, training records, location of employment, start date, leaving date, reason for leaving, performance, disciplinary and grievance information).
How we will use information about you
We will use your personal information in the following circumstances:
- Review and process your application.
- Communicate with you about your application status.
- Arrange interviews and assessments.
- Verify your eligibility to work.
- Maintain records of our recruitment processes.
- Improve our recruitment and hiring practices.
Data sharing
Please note that we may be required to disclose personal information in response to a lawful request by a public authority, including but not limited to meeting national security or law enforcement requirements that we are legally required to comply with.
We will also share your personal information where it is required to administer the recruitment and application process or where we have a legitimate interest to do so. All third-party service providers are required to take appropriate security measures to protect your personal information.
Data security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal information to only those who have a business need to know. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and any applicable legal requirements.
Rights of access, correction, erasure and restriction
Under certain circumstances, by law, you have the right to:
- Request access, correct, or delete your personal data.
- Object to the processing of your personal information where we are relying on a legitimate interest and you want to object to the processing.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
For EU and UK HR data
CapsuleCRM Inc complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. CapsuleCRM Inc has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/ In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, CapsuleCRM Inc commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
In accordance with CapsuleCRM Inc’s obligations under the DPF, We confirm that the following applies in relation to CapsuleCRM Inc:
CapsuleCRM Inc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, you have the right to invoke binding arbitration in relation to CapsuleCRM Inc’s use of your personal information. CapsuleCRM Inc is obliged to arbitrate claims and follow the terms as set out in Annex I of the DPF Principles (published at; https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction), provided that you have invoked binding arbitration by delivering notice to Us and following the procedures and subject to conditions set out in Annex I of the DPF Principles.
Contact Us about the use of your personal information
If you object to using or disclosing your personal information in any of the ways set out in this privacy notice or have any questions about this privacy notice, please contact us at support@zestia.com for details of how you can exercise your choices about our use of your personal information and the means we provide to enable you to limit our use and disclosure of your personal information.