SODASTREAM – CANDIDATE PRIVACY Notice
Notice last updated: November 2020
1. Our Commitment to Privacy
Your privacy is very important to us at SodaStream and its affiliates, hereinafter also "we" and/or "us" and/or "SodaStream". To better protect your privacy, we provide this notice ("Candidate Privacy Notice") explaining our information practices and the choices you can make about the way your information is collected and used.
2. Important information
2.1 The purpose of this Candidate Privacy Notice is to provide you with clear explanation of what personal data we collect, when, why and how we collect, use and share your personal data and it explains your statutory rights. This Candidate Privacy Notice is not intended to override the terms of any contract you have with us, nor any rights you might have under applicable data privacy laws.
2.2 Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information on our careers website from those we actually know are under 16, and no part of our careers website is structured to attract anyone under 16. If you believe we might have any information from or about a person under 16, please contact us at firstname.lastname@example.org.
3. What information do we collect and how do we collect it?
In the context of the recruitment process, we may collect the below information related to you:
· Personal details: name, home contact details (email, phone numbers, physical address) languages(s) spoken, gender, date of birth, national identification number, Social Security number, driver’s license information, accommodation requests, emergency contact information and photograph;
· Account information: username and password;
· Documentation required under immigration laws: citizenship and passport data, details of residency or work permit;
· Talent management information: details contained in letters of application and resume/CV (previous employment background, education history, professional qualifications and memberships (such as licenses, and permits), language and other relevant skills, certification, certification expiration dates), writing samples, information necessary to complete a background check, information relating to references such as referees’ names and contact details, details on performance management ratings, development programs planned and attended, e-learning programs, performance and development reviews, willingness to relocate, and information used to populate employee biographies;
· Any other information: such as current salary, desired salary, employment preferences, references, whether you are subject to prior employer obligations, information from job application materials (for example, your cover letter, references, work history, education transcripts; and
· Sensitive information: such as information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health (including information needed to understand and assess accommodation requests regarding potential disabilities or other health conditions) or data concerning a person’s sex life or sexual orientation, and criminal conviction data.
· Video and voice recordings related to the use of the Video Interview feature, including, but not limited to, traffic data, location data, weblogs and other communication data.
3.2 In particular, we process personal details such as name, email address, address, telephone number, date of birth, qualifications, experience, information relating to your employment history, skills experience that you provide to us, as well as your video in case you conduct your interview using the Video Interview feature.
3.3 We ask that you avoid submitting sensitive information, unless such information is legally required and/or Sodastream requests you to submit such information.
3.4 Any information you submit to us must be true, complete and not misleading. Submitting inaccurate, incomplete or misleading information may lead to a rejection of your application during the recruitment process or disciplinary action including immediate termination of your employment. In addition, it is your responsibility to ensure that the information you submit does not violate any third party’s rights.
3.5 In certain cases, we may ask you for additional information for purposes of complying with applicable laws.
4. How do we use your personal data?
4.1 To process job applications
We collect applicant’s personal data solely for SodaStream's internal recruitment purposes including for: identifying applicants, evaluating their applications, making hiring and employment decisions, and contacting applicants by phone or in writing.
4.2 To manage workforce:
Managing recruitment and assessing your suitability, capabilities and qualifications for a job with us, processing your application and performing background checks if we offer you a job, such as credit checks, anti-fraud checks and checks to prevent fraud and money laundering, enabling us to conduct our business, managing IT systems and infrastructure, analysing and improving our application and recruitment processes, accommodating disabilities or health conditions, and providing you with customized content;
4.3 To operate the careers site:
Operating the Site and any other site to which this Privacy Statement is posted;
4.4 To Communicate with you
Facilitating communication with you regarding your application;
4.5 To Take legal action:
Pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures, complying with internal policies and procedures, protecting our, your or others’ rights, safety and property, investigating and deterring against fraudulent, harmful, unauthorized, unethical or illegal activity, and other business operations;
Complying with legal (including, in respect of sensitive information, obligations under employment law) and other requirements, such as record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, sharing information with government authorities, law enforcement and private parties where we have a good-faith belief it is necessary; and
Creating anonymous, aggregated or de-identified data that we use and share to analyse our application and recruitment activities, business and for other lawful business purposes.
5. Legal basis for processing personal data:
6. How we protect and store your personal data
6.1 Data Security
6.1.1 To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect. Some of the steps we take are placing confidentiality requirements on our staff and service providers; destroying or permanently anonymising personal data if it is no longer needed for the purposes for which it was collected. Sodastream will comply with applicable laws in the event of any breach of the security, confidentiality or integrity of your personal data and, where we consider appropriate or where required by applicable law, notify you via email, text or conspicuous posting on our website in the most expedient time possible and without unreasonable delay, in so far as it is consistent with (i) the legitimate needs of law enforcement, or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
6.1.2 However, the security of personal data depends in part on the security of the device used to communicate with us, the security you use to protect your login information, and the security provided by your internet access service provider. We make commercially reasonable efforts to make the collection and security of information consistent with this Candidate Privacy Notice and all applicable laws and regulations. Where you have a SodaStream username, login or password, you are responsible for keeping this information confidential. We ask you not to share a username, login or password with anyone.
6.2 Data Retention
6.2.1 Please note that SodaStream may retain applicant’s personal data after the applied position has been filled or closed with the applicant’s consent. This is done so we could re-consider applicants for other positions and opportunities at SodaStream; so we could use their information as reference for future applications submitted by them; and in case the applicant is hired, for additional employment and business purposes related to his/her work at SodaStream. If you previously submitted applicants personal data to SodaStream, and now wish to access it, update it or have it deleted from SodaStream's systems, please contact us at email@example.com.
7. We may share your personal data
SodaStream may share your personal data with third parties (or otherwise allow them access to it) only in the following manners and instances:
7.1 to other SodaStream affiliates for the purposes mentioned in this Candidate Privacy Notice.
7.2 with any third parties to whom the relevant SodaStream entity subcontracts all or part of this processing.
7.3 where permitted by local data protection laws, SodaStream may disclose or otherwise allow others access to your personal data pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have a good faith belief that the law requires us to do so, with or without notice to you. If warranted, we may also allow access to this information in special emergencies where physical safety is at risk.
7.4 we may disclose any personal data or other information obtained from or about you, to third parties in connection with a merger, acquisition, bankruptcy or sale of all or substantially all of our assets, to the extent that this is necessary for the process.
8. Transferring personal data globally
8.1 Your personal data may be transferred and stored outside your place of residence, that are subject to different standards of data protection. In particular, if you live in the EU, you should be aware that your personal data may be shared with, and transferred to, SodaStream affiliates and third-party service providers who are located outside the EU. We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
8.1.1 we will ensure that transfers within SodaStream and its affiliates will be covered by an agreement entered into by members of SodaStream Group (an intra-group agreement) which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within the Group;
8.1.2 where we transfer your personal data outside SodaStream or to third parties who help provide our products and services, we will obtain contractual commitments from them to protect your personal data. Some of these assurances are well recognised certification schemes like the EU - US Privacy Shield for the protection of personal data transferred from within the EU to the United States; or
8.1.3 where we receive requests for information from law enforcement or regulators, we will carefully validate these requests before personal data is disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when this is transferred as mentioned above.
9.1 Subject to paragraph 11.2, certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have the following rights in this paragraph:
9.1.1 to request that we provide you with a copy of your personal data that we hold and you have the right to be informed of; (a) the source of your personal data; (b) the purposes, legal basis and methods of processing; (c) the data controller's identity; and (d) the entities or categories of entity to whom your personal data may be transferred;
9.1.2 to request that we cease processing your personal data, in whole or in part, as you direct us, for any purpose, save to the extent it is lawful to do so without consent;
9.1.3 to request that we restrict the processing of your personal data where: (a) the accuracy of the personal data is contested; (b) the processing is lawful but you object to the processing of the personal data; (c) we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defence of a legal claim;
9.1.4 to request that we erase your personal data in limited circumstances where it is no longer necessary in relation to the purpose(s) for which it was collected or processed;
9.1.5 to challenge processing which we have justified on the basis of a legitimate interest;
9.1.6 to request that we not transfer your personal data to unaffiliated third parties for the purposes of direct marketing or any other purposes;
9.1.7 to request that we change the manner in which we contact you for marketing purposes;
9.1.8 to request that we correct any errors in your personal data;
9.1.9 to request that we update your personal data as required. Note that you may also correct, update or remove certain parts of such personal data by yourself, or completely deactivate your SodaStream account, through your account settings;
9.1.10 to obtain a copy of the safeguards under which your personal data is transferred outside the EU; and
9.1.11 to lodge a complaint with your local supervisory authority for data protection.
9.2 We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
We may update and change this privacy statement from time to time, to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this Candidate Privacy Notice.
11. Contact information
11.1 If you have any questions about this Candidate Privacy Notice or wish to exercise any of your rights as described in paragraph 9, you can contact us at:
email address: firstname.lastname@example.org
We will attempt to resolve any complaints regarding the use of your Personal data in accordance with this Candidate Privacy Notice.
11.2 For EU Member State residents, you also have a right to lodge a complaint with your national data protection supervisory authority at any time. However, we encourage you to first contact us.