The following definitions apply:
 

• “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
   

• “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
   

PERSONAL DATA WE COLLECT ABOUT YOU
 

We collect the personal data you include in your job application when you send us a spontaneous application or apply to a job offer, as follows:
 

• Identity data, such as first name, surname, username or similar identifier and in some cases, date of birth and gender;
   

• Contact data, such as address, email address and telephone numbers;
   

• Professional data such as current position, work experience, educational background, CV and cover letter;
   

• In certain cases, a criminal record may be requested, in line with the applicable legislation;

By providing your information, you expressly agree that your data will be processed by Governance.com for the purposes indicated below (see How we use your personal data).

We do not collect any special categories of personal data about you, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

Where appropriate and permitted by law, we may seek information about you from other sources, generally in relation to due diligence and employee on-boarding process.

If any information you provide to us relates to someone else, by providing us with such information you confirm that you have obtained permission to do so.

We may also collect personal data from:
 

• Your named referees;
   

• Our referral programme enabling existing employees to recommend potential new hires;
   

• Publicly accessible sources, such as LinkedIn;
   

• Recruitment agencies.

HOW WE USE YOUR PERSONAL DATA

Governance.com processes your personal data for the following purposes:
 

• Processing applications (registering, entering information in our database…);
   

• Assessing the qualifications and skills needed to perform the job you are applying for;
   

• Communication concerning the hiring process (e-mails, phone calls, SMS messages);
   

• Checking referrals (where applicable);
   

• Holding unsuccessful applicants’ CV on file (where applicable) for the purposes of: (1) Complying with legal and regulatory requirements relating to discrimination or equal opportunities, or (2) for contacting you for future employment opportunities, provided you have given consent;
   

• Complying with Anti-Money Laundering and Countering the Financing of Terrorism law (AML/CFT).

OUR LEGAL BASIS FOR DATA PROCESSING

The legal basis for processing your personal data will be either:
 

• Legitimate interest;
   

• Performance of a contract or precontractual measures, depending on the stage of the recruitment process;
   

• Legal obligation;
   

• Consent.
   

WHO WE DISCLOSE YOUR PERSONAL DATA TO?
 

To achieve the above-listed purposes, your person data is shared with the following recipients:
 

• HR department and managers involved in the recruitment process;
   

• Third-party service providers acting as subcontractors and on instruction from Governance.com.
   

In case we are using a subcontractor, a contract is drawn up between Governance.com and the subcontractor in question and appropriate technical and organisational measures are put in place in accordance with Articles 28 and 32 of the GDPR.
 

DATA RETENTION PERIOD
 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. If you are unsuccessful in the recruitment process and upon your explicit consent, we will retain your personal data for up to 6 months. This is so that we can contact you in case a similar role for which you might be a suitable candidate becomes vacant.
 

DATA SECURITY
 

We implement appropriate technical and organisation security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a need-to-know basis.
 

​Security requirements are continually evolving, and effective security requires frequent assessment and regular improvement of outdated security measures. We are committed to continuously evaluate, strengthen, and improve the measures we implement.
 

YOUR RIGHTS
 

You have the right to obtain access to the personal data held by Governance.com about you and to request its rectification or erasure, or restriction of processing or, where applicable, the right to object to processing or the right to data portability. Where the processing is based on your consent or explicit consent, you also have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
 

You can exercise these rights by contacting the Data Protection Officer at our company address or by email at dpo@governance.com.
 

Requests will be dealt with by the DPO and will be responded to within 1 month at the latest, starting from the moment of your identity confirmation. We may request additional information to help us confirm your identity and to ensure that you respect your right to access the personal data (or to exercise any other of your rights). This is a security measure to ensure the non-disclosure of your personal information to an unauthorized person.
 

If you are not satisfied with our response, you also have the right to lodge a complaint at any time with the National Commission for Data Protection (“CNPD”), the Luxembourg supervisory authority for data protection issues.
 

UPDATES TO THE PRIVACY STATEMENT
 

We regularly review this Privacy Statement, and we may change, modify, add, or remove information at any time. We will post any modifications or changes to this Privacy Statement on our website prior to such changes taking effect.
 

Last update: 19 May 2023