Privacy Notice for Applicants
Last Updated: September 2024
Introduction
This Privacy Notice is provided to you by the specific Global Payments (“GP”) entity to which you have submitted your application. For the purposes of applicable data protection laws, this GP entity acts as the data controller of your personal data. When terms such as “we”, “us” and “our” are used in this notice, this refers to the specific GP entity processing your application.
For applications submitted to our European or UK entities, please note that these entities are listed in the “List of European and UK Entities” section below.
This notice describes the categories of personal data we may process, how your personal data may be processed, the purposes for which it is processed, and how we protect your personal data.
If you have any questions about the processing of your personal data which are not covered in this notice, or would like to access, correct or delete your personal data, you may do so via your GP Workday account or contact us via [email protected].
What Data do We Process
We may collect various types of personal data about you for the purposes described in this notice including:
- Personal details: including your title, name, gender, nationality, civil/marital status, date of birth, age, personal contact details (e.g., address, telephone or mobile number, email), national ID number, passport information, citizenship, immigration and eligibility to work information, driving licence, languages spoken, emergency contact information, details of any disability and any reasonable adjustments required as a result;
- Recruitment and selection data: including skills and experience information, qualifications, references, CV and application, interview and assessment data, vetting and verification information, right to work verification, information related to the outcome of your application, details of any offer made to you;
- Equality and diversity data: where permitted by law and provided voluntarily, data regarding gender, age, race, nationality, disability status, religious belief and sexuality (stored anonymously for equal opportunities monitoring purposes); and
- Device Information and Other Unique Identifiers: including device identifiers, internet protocol (IP) address, cookies, beacons, pixel tags, or similar unique identifiers.
- Audio and Visual data: including photographs, images, videos, and audio data processed when you choose our digital interview option or as otherwise provided to us as part of the recruiting process.
- Any other personal data which you choose to disclose to us during the course of the recruitment process (whether verbally or in written form ).
Certain additional information may be collected where this is necessary and permitted by local applicable laws in order to assess your application..
Special Categories of Personal Data
To the extent permitted or as required by applicable laws, we may collect and process a limited amount of personal data falling into special categories. This term means information relating to:
- Racial or ethnic origin;
- Political opinions;
- Religious or philosophical beliefs;
- Physical or mental health (including details of accommodations or adjustments);
- Trade union membership;
- Sex life or sexual orientation;
- Biometric and genetic data; and
- Criminal records and information regarding criminal convictions, offences or proceedings.
Personal data relating to criminal convictions and offences will be processed only where authorised by applicable laws, such as during a legally permitted criminal record check as part of the recruitment process.
How we Collect Personal Data
We collect and record your personal data from a variety of sources, but mainly directly from you.
We may also obtain some information from third parties: for example, recruitment agencies, academic institutions, professional organisations, alumni and resume sharing platforms, references from a previous employer or GP personnel who refer you, where we employ a third party to carry out a background check, and from publicly available sources including court records or social media platforms (where permitted by applicable law).
Where we ask you to provide personal data to us on a mandatory basis, we will inform you of this at the time of collection. Failure to provide any mandatory information will mean that we cannot carry out certain recruitment processes. For example, if you do not provide us with your contact details, we may not be able to communicate or schedule interviews with you.
What are the Purposes for which Personal Data is Processed and What is our Legal Basis For Carrying Out the Processing
Your personal data is collected and processed for various business purposes, in accordance with applicable laws, and any applicable employment or collective bargaining agreements.
The Legal Basis on Which we Process your Personal Data
Whenever we process your personal data, we do so with a legal basis or justification for that processing. The legal justification for processing your recruitment data will be one of the following:
- The processing is necessary for compliance with a legal obligation to which we are subject (for example, avoiding unlawful discrimination, meeting statutory record keeping requirements or health and safety obligations); or
- The processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract (for example collecting education / qualification data to determine your eligibility for a particular role) ;
- The processing is based on your consent under circumstances for which consent serves as a valid basis for processing (for example, with appropriate consent from you, we will respond to requests for employment verification and employment references in some circumstances,orprocessotherdatawhichyouaskustoprocessforaparticular purpose);
- The processing is necessary for the legitimate interests pursued by GP and such legitimate interests are not overridden by your fundamental rights or freedoms. This includes, for example, GP’s legitimate interest in:
- Managing its workforce and operating its business. This includes ensuring that GP is able to attract and recruit appropriately qualified team members, and efficiently manage the recruitment process.
- Conducting satisfaction surveys (for example, to manage and improve the recruitment process).
- Conducting data and statistical analysis.
- Recruitment marketing (inclusive of any outreach activities promoting a job opportunity or an associated hiring event).
If you would like further information about the legitimate interests relied upon, and how we have balanced our legitimate interests against your rights and freedoms, please contact your local Data Protection Officer.
The Purposes for Which We use Personal Data and Data Retention
We have identified several purposes for collecting and processing your personal data:
|
Recruitment, pre-employment verification & screening, and offers of employment & onboarding |
To consider your suitability to work for us in the role you have applied for, comparing you to other candidates, making recruitment decisions, performing pre-employment screening including credit and background checks. To contact you via telephone, sms, or email with regards to your application or to send you other recruitment related communications. |
|
Applicant Pool / Future job opportunities, including when you join our GP Talent Community. |
Subject to your consent (where required), to contact you if you are not successful in your initial application should another potentially suitable vacancy arise. |
|
Recruitment feedback and complaints |
To assist with any query, challenge or request for feedback received in relation to our recruitment decisions. |
|
Recruitment marketing (inclusive of any outreach activities promoting a job opportunity or an associated hiring event). |
To contact you via telephone, sms, email and other forms of communication, if we consider that you may be eligible for a vacant role within GP. |
|
Operating GP Policies & Procedures and protecting business information and systems |
Operating email, IT, internet, social media, HR related and other GP policies and procedures. To the extent permitted by applicable laws, GP carries out monitoring of our IT systems to protect and maintain the integrity of our IT systems and infrastructure; to ensure compliance with GP's IT policies and to locate information through searches where needed for a legitimate business purpose. For information security management purposes, such as the planning and implementation of training and monitoring compliance with GP security policies, procedures, and standards. |
|
Legal compliance |
Complying with laws and regulation applicable to GP (for example worker consultation requirements, other employment laws, and regulations to which GP is subject in the conduct of its business). |
|
Ensuring equality of opportunity |
Monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under applicable anti-discrimination laws. |
Withdrawing your consent: You can opt-out of marketing communications or object to certain processing by (i) clicking on the “unsubscribe” link provided in each email/SMS you might receive; (ii) changing preferences via your account or by contacting us via [email protected].
Automated Decision Making and Profiling
We do not solely rely on the automated processing of your personal data to make decisions with legal or similar effects concerning you.
We may use automated technologies, including machine learning, to assist us in the recruiting process (for example to schedule interviews, or to ensure that your qualifications match those required for the role ).
All decisions affecting your application are conducted by GP talent acquisition team members or other individuals responsible for this processing activity.
Retention of Personal Data
When we collect your personal data, we will retain it only for as long as is necessary to complete the legitimate business or legal purposes for which it was collected. The criteria used to determine our retention periods include:
- Legal Obligations: Whether there is a legal, regulatory, accounting or reporting obligation to which we are subject, for example, certain laws require us to keep records (such as diversity and equality information) for a certain period of time before we can delete them;
- Litigation: Whether retention is advisable to preserve our legal position, such as in regard to applicable statutes of limitations, litigation or regulatory investigations; and
- Other business purposes: As necessary to manage our operations, to manage your relationship with us, or to satisfy another purpose as disclosed in this notice.
Disclosures of Personal Data
Within GP, your personal data can be accessed by or may be disclosed internally on a need-to-know basis to:
- Local, regional and global Talent Management, including managers and team members; local, regional and executive management responsible for managing or making decisions in connection with your relationship with the GP,
- Information Security and System administrators where necessary for the performance of specific tasks or system maintenance by the GP,
- Third parties in connection with any proposed or actual reorganisation, merger, sale, public offering, joint venture, assignment, transfer or other disposition of all or any portion of our assets or stock (including in connection with any bankruptcy or similar proceedings;
Your personal data may also be accessed by third parties whom we work together with (for example, Workday) and their associated companies and subcontractors for providing us with services, such as hosting, supporting and maintaining our HR information systems.
Where these third parties act as a "data processor" (for example background check provider) they carry out their tasks on our behalf and upon our instructions for the above-mentioned purposes. In this case your personal data will only be disclosed to these parties to the extent necessary to provide the required services. Where these third parties act as a “data controller” we provide personal data to them to the extent required for them to offer their services, including as needed to assess your eligibility for employment. The third parties who are data controllers may also collect personal data directly from you consistent with the terms and privacy notices they present to you as part of their services.
Security of Personal Data
We are committed to protecting the security of the personal data you share with us. We use a variety of technical and organisational methods to secure your personal data in accordance with applicable laws.
We maintain administrative, technical, and physical safeguards designed to protect your personal data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. Personal data may be stored by GP, any member of the Global Payments Group and third parties (as described above) physically or electronically, including in a cloud, locally or internationally, and may be accessible by these parties either locally or internationally.
International Transfer of Personal Data
From time to time your personal data may be transferred to other Global Payments offices in locations outside of your country (which for European Union data subjects means outside of the EU) to process for the purposes described in this notice. For example, where a manager from a Global Payments location outside of your country is responsible for reviewing or approving the relevant data or the data is part of a global directory where other individuals need to have access.
Your personal data may also be transferred to third parties (e.g., service providers as set out above), who may have systems or suppliers located outside the European Union.
As a result, your personal data may be transferred to countries or territories that do not have the same level of data protection laws that apply in your country. For instance, your personal data may be transferred within the United States where Global Payments corporate offices are located or to any of the affiliates or subsidiaries in the Global Payments Group.
We will ensure that appropriate or suitable safeguards are in place to protect your personal data and that transfer of your personal data is in compliance with applicable data protection laws. The local Data Protection Officer can provide you with additional detail about:
- The countries to which your personal data is transferred; and
- The transfer mechanism on which we rely for each of these transfers, including a copy of the mechanism where applicable.
Your Rights as a Data Subject
You have a number of data subject rights as set out below. There may be limits to the exercise of some of these rights, depending on the processing and applicable legal basis upon which they have been processed.
- The right to be informed about our processing of your personal data and to have your personal data corrected if inaccurate and to have incomplete personal data completed. You can see and update some of this data yourself via the relevant recruitment systems.
- The right to object to processing of your personal data, where we are relying upon legitimate interest to process data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the ‘right to be forgotten’);
- The right to request access to your personal data and to obtain information about how we process it;
- The right to move, copy or transfer your personal data (‘data portability’); and
- Rights in relation to automated decision making that have a legal effect or otherwise significantly affects you.
- The right to complain to a supervisory authority if you consider that the processing of your personal data infringes applicable law. This can be the data protection authority in the EU Member State of your habitual residence, place of work, or of an alleged infringement of the GDPR.
To exercise any of the above rights, please contact our DPO via [email protected].
Notice of Changes
We may change or update this Privacy Notice for Applicants at any time. The “Last Updated” legend at the top of this notice indicates when this notice was last revised.
Should we change our approach to data protection, you will be informed of these changes or made aware that the notice has been updated.
LIST OF GP EUROPEAN AND UK ENTITIES
|