Safety is our specialty, and this also applies to handling your personal data and ensuring that your privacy is respected.
PhoneWatch will collect and process personal data about you in relation to the recruitment process. The personal data will be collected from you as well as from other available sources to the extent relevant and permitted by law. Depending on the circumstances, the following personal data may be processed:
• Individual data: name, date of birth, preferred language and nationality
• Contact details: email address, telephone number and postal address
• Application data: application, CV, certificates, attestations and statements from references
• Interview and assessment data: internal assessments/reports from interviews, assessments of capabilities, credit or background checks, depending on the position you are applying for, and where necessary for the recruitment activities
• Test data: information and results from personality and ability tests that you perform during the recruitment process
The following data is processed only in specific situations:
• Certificate of good conduct: If you are offered a position at PhoneWatch, we might for some positions require a certificate of good conduct. The document is to be sent via encrypted email to a dedicated email address for this exact purpose. The document will not be stored anywhere else and it will be deleted immediately if you do not meet the screening criteria.
• Sensitive data: We normally do not and cannot collect sensitive personal data in relation to the recruitment process. However, if you have physical limitations or special needs that require us to make specific considerations during the recruitment process, we may process relevant information to enable our candidates to apply for jobs with us and to ensure that we comply with regulatory obligations placed upon us regarding our hiring. Because email communications are not always secure, we encourage you to not include sensitive data in your emails to us.
Website recruitment system:
For the purpose of receiving and managing job applications via the website recruitment service, we use the services of Greenhouse Software, Inc., 110 Fifth Avenue, 3rd Floor, New York, NY 10011, USA (“Greenhouse Software”). In the webservice, you and may apply for job openings and submit and/or upload related personal information, such as name, email address, LinkedIn-profile, CV and personal documents.
Legal basis for the processing:
Your personal data is processed based on legitimate interests, cf. GDPR art. 6. (1) f). We have a legitimate interest in carrying out the processing for the purpose of managing and completing the recruitment processes that is not overridden by your interests, fundamental rights, or freedoms. We need to make sure that we hire the right person and we must document that the process has been performed correctly.
If any tests are completed by you as a part of the employment process, the processing of personal data in this case will be based on a legitimate interest of PhoneWatch.
We may also process your personal data based on your consent, in which case we have obtained your prior and written express consent to the processing of your personal data. This legal basis is only used in relation to process that is entirely voluntary, it is not used for processing that is necessary or obligatory. Your written consent can always be withdrawn by contacting us or through your online profile.
In certain cases, the processing may also be necessary for compliance with legal and regulatory obligations. The legal basis for processing certificates of good conduct is GDPR art. 10. The respective national law is described below:
National law Ireland:
Employees at the Alarm Receiving Centre are regulated by the private security authority and need to have license to work with PhoneWatch. In order to get the license the employee has to complete garda vetting. They contact the guards directly to complete this process and it does not go through PhoneWatch.
We may share your personal data with third parties only when it is necessary as part of our contract with you, for the conduct of business or when there is a legal or statutory obligation to do so. Whenever we disclose your personal data to third parties, we will only disclose that amount of your personal data necessary to meet such business need or legal requirement. Otherwise, your personal data will not be disclosed to others unless you have given your consent to this, for example in connection with a benefit/special offer or bonus program, or if we are legally obligated to make such disclosure.
Below is a list of the categories of recipients we share personal data with. When sharing personal data, we will always ensure that we have proper agreements and confidentiality undertakings in place. We do not sell your personal data to any third party for commercial purposes.
We are part of the European Sector Alarm Group, in which the Norwegian entity Sector Alarm Holding AS is the controlling entity. The group IT function administers all of our IT applications on our behalf as our data processor, and we have a data processing agreement in place for this purpose. This means that personnel from group IT has access to the personal data we have stored in our IT applications. Other group functions may also request access to personal data in order to perform analysis and to generate reports on sales statistics, customer satisfaction surveys and similar topics in order to ensure reporting to our group management and board of directors. All accesses to our IT applications are granted on a strict need-to-know basis and limited to what is strictly necessary only.
We use suppliers that provide services to us, where processing of personal data is necessary for the supplier to deliver such services. If the supplier processes personal data on our behalf, they are a data processor. We will only use data processors who can guarantee compliance with applicable data protection laws and our technical and organizational requirements, and we will always have a data processing agreement in place to govern our instructions to such data processor. We have the following key categories of suppliers:
- IT application providers: These suppliers may perform service and maintenance on the IT applications they provide to us. To the extent they have access to, or are otherwise processing, personal data on our behalf as data processor, we have a data processing agreement in place. They may also store data on their servers or in a cloud service provided by them, and if so they are our data processors
- Partners: We collaborate with partners who generate potential candidates to us, such as recruitment agencies and temporary hire agencies. These parties share share your information with us on the basis of their agreements or consents with you
International Data Transfers:
As a data subject, you are afforded several rights and freedoms under applicable data protection laws and regulations. To exercise such rights, please contact our Data Protection Officer at firstname.lastname@example.org. In order to ensure that we do not share personal data with unauthorized third parties, we will request that you confirm your identity before we respond to your request. Provided that we have confirmed your identity, we will respond as soon as possible and normally within 30 days. If we are not able to respond within 30 days, we will notify you of the delay and the reason for it in due course and prior to the 30-day deadline. Below is an overview of your rights. You may read more about this on the website of the Irish Data Protection Commission.
Within the limitations set out in applicable law, you have the following privacy rights:
- Right to information: you have the right to obtain further information on our use of your personal data.
- Right of access: You may request access to a copy of the personal data we process about you. Please note that there are some exceptions to this right, for example if the access infringes on the rights of others (for example it reveals personal information about a third party) or if it pertains to business secrets. If we make any exceptions to your right of access, we will inform you of this specifically
- Right to rectification: It is important for us to ensure that we only process personal data which is correct and up to date. If you see that any of the personal data we process is incorrect, then you have the right to demand rectification.
- Right to data portability: You may obtain an electronic copy of the personal data you have provided to us in a digital format either directly to you or to a third party designated by you
- Right to be forgotten: We only store personal data for the time needed to fulfill the purposes it was collected for. If you are of the opinion that we are storing information that should have been deleted, you may request that we delete such personal data. Please be advised however, that legal obligations such as tax reporting and book keeping may result in us being obligated to not delete the personal data until the statutory retention period has expired. For more information about our retention times, please refer to the section How long do we store your personal data below
- Right to objection: You may object to our processing of your personal data if your particular situation so requires. Please note that this may lead to us not being able to continue processing of your job application.
- Right to restriction of processing: You have the right to request that we restrict the processing of your personal data for example if you are of the view that we are processing your data illegally or if you do not want us to delete data that are due for deletion
- Automated decisions and profiling: We do not use automated decisions pertaining to you for recruitment purposes. For the purpose of marketing of open positions, we use segmentation techniques and perform analysis in order to optimize our marketing efforts and to tailor such marketing to our candidates’ preferences and needs. Such analysis may influence our marketing decisions, but are not applied in a manner which may result in legal or similar significant effects for you.
All personal data that is collected and stored based on our legitimate interest, is erased within one year. The storage time is counted in days from the date you were told a candidate was awarded the position you applied for. Where applicable, this include all the information in the categories specified above, i.e.: Individual data, Contact details, Application data, Interview and assessment data, Test data and Technical data
The following personal data may be erased at any time through your online candidate profile: CV, certificates, application and attestations.
As specified above, any certificates of good conduct are deleted immediately if you do not meet the screening criteria. If screening criteria are met, the certificates are deleted as soon as the recruitment process is finalised.
Sometimes we may ask if you want us to keep your personal data for a longer period, for example if you do not qualify for a position but we would like to be able to keep you in our database for other potential future vacancies. You may at any time withdraw any consents to storage and processing of your personal data in your candidate profile.
In addition to what is set out above, we may on a case-by-case basis need to store personal data for a longer period of time if this is necessary in order to comply with legal obligations, enforce contracts or engage in dispute resolution.
We have implemented top-notch technical and organizational security measures in order to protect your personal data and to ensure the availability, integrity and confidentiality of your personal data. Our highly qualified IT and security experts are ensuring that our applications are kept safe by only using providers that can guarantee compliance with applicable security standards and laws.
However, you may also help protect your data by observing these simple safeguards:
- Do not send confidential or sensitive information by unencrypted e-mail. We will never ask you to send us your bank account details by e-mail.
- You should always use a strong password, i.e. a password comprising of both small and capital letters, numbers and a special character
- Do not click on links in any e-mails you receive unless the e-mail is from a trusted sender. Always check the e-mail address of the sender of e-mails that requests any information from you – often the fraudsters use e-mail addresses that are similar to the original. E-mails from us will always be sent from email@example.com
- Make sure your contact information is updated so that we can reach you in case there is suspicion of fraud
- Keep your online devices updated in order to ensure that you always have the latest version of security settings installed, as these may contain patches for formerly identified security weaknesses
- If you observe any suspicious activity or think that you have been subject to identity theft or fraud, contact our customer support center immediately at 0818 753 753.
You may always unfollow our accounts or delete your comments and messages. Please note that unfollowing our account will not delete your personal data. Please note that all of these providers have international data transfers to the USA. We encourage you to read their Privacy Policies for more information about their processing of your personal data.
Furthermore, when using Facebook, we receive aggregated statistical reports from Facebook through a service called Facebook Insights. This service allows us to monitor the activity related to our account. These reports do not comprise any personal data and is anonymous to us, but we are acting as joint controllers with Facebook Inc for the purposes of this service. You may find more information about Facebook Insights here.
Version: 1.0 2021