applicant privacy notice (eu citizens) - the headlines
TRANSCRIPT
1
Applicant Privacy Notice (EU citizens) - The Headlines
Discovery, Inc. and its US and non-US subsidiaries and divisions, including the subsidiaries listed in
Appendix 1 (“we” or “Discovery”) has prepared this Applicant Privacy Notice (made up of the Headlines
and the Applicant Privacy Policy attached) for EU citizens who apply for roles with us (“applicants”). The
Headlines and the Applicant Privacy Policy attached apply to all European candidates and are subject to
local law. They do not create contractual rights or obligations and may be amended by us at any time.
Discovery takes the security and privacy of your data seriously. We need to gather and use information or
‘data’ about you in order to process your job application.
What categories of personal data does Discovery collect about me and why?
"Personal data" means any information which identifies you. During the application process,
Discovery will collect, process and use your personal data, for a range of different purposes. For example:
It's important to know that Discovery may also need to process sensitive personal data about you, in
accordance with applicable laws, such as ethnicity data (UK only) or health / medical data if, for example,
you have a disability.
Find out more about what data Discovery processes and why by reading the detailed Applicant Privacy
Policy attached.
Who might Discovery share my personal data with, and what happens if it's transferred out of
Europe?
As you know, we are part of the global Discovery group and entities across the group are involved in
processing data.
We might also need to transfer your data to other third parties - e.g. potential business partners, acquiring
entities, suppliers, customers, or government bodies. Our policy is to limit who has access to that data as
much as we can. If we need to transfer data out of Europe, Discovery will take all necessary measures to
ensure your data is adequately protected.
How long will Discovery keep my personal data for?
What personal data?
• Identification - your name, address, national
insurance number, bank details
• Contact details
• Education and work experience
• Background check information (where
applicable)
• Other application data (e.g. information
contained in your CV and obtained from
recruiters)
• Disability details (if applicable)
Why?
• To process your application
• To determine your eligibility for the role you
have applied for
• To conduct background checks as part of your
application (if applicable)
• To communicate with you about future job
opportunities
• To comply with the law and our obligations eg.
to do right to work checks
• To communicate with you and with Discovery
employees and third parties
• To comply with our financial and regulatory
obligations
• To consider / implement any changes needed if
you have a disability (where applicable)
2
We won't keep it for any longer than we need to, either to comply with the law or to ensure that we are
complying with our obligations to you and other third parties.
What rights do I have in respect of my personal data?
You have a number of rights in relation to your data, subject to local law. These include a right to access,
correct and erase your data as well as more technical rights to restrict the way we process it, and to
transfer your data.
Your rights are important, and we've set them out in detail in the Applicant Privacy Policy attached.
Who can I contact if I have questions?
If you have concerns or questions regarding your personal data, please contact the Privacy Office on
We have appointed a data protection officer whose role in relation to data protection includes informing
and advising us and those of our employees who are involved in processing data of their obligations under
data protection legislation. The data protection officer is the Privacy Partnership and they can be contacted
3
Appendix 1
Discovery subsidiaries who are data controllers
Discovery Corporate Services Limited
Discovery Communications Europe Ltd
Discovery Media Ventures Ltd
DPlay Entertainment Limited
DNI Licensing Limited
Discovery Networks International Global LLP
Discovery Networks Norway AS
Discovery Networks Denmark ApS
Discovery Networks Sweden AB
Discovery Networks Finland Oy
Discovery Communications Deutschland GmbH & Co. KG
Discovery Communications Benelux, BV
Eurosport SAS (France)
Discovery Italia Srl
Discovery Networks SL
ESP Media Distribution Portugal, S.A.
Discovery Polska Sp. z o.o.
Discovery Romania SRL
Discovery Czech Republic S.R.O.
Discovery Hungary Média Szolgáltató Kft
Discovery Bulgaria EOOD
Eurosport Media SA
1
Applicant Privacy Policy (EU citizens)
Discovery, Inc. and its US and non-US subsidiaries and divisions, including the subsidiaries listed in Appendix 1 (“we” or “Discovery”) has prepared this Applicant Privacy Policy ("Policy") for EU citizens who apply for roles with us (“applicants”). This Policy applies to applicants for Discovery roles worldwide. This Policy is non-contractual and subject to local law. We reserve the right to change it at any time. The purpose of this Policy is to give you information about how Discovery collects, processes, stores and otherwise uses information about you (“personal data”), and your rights in relation to that information. We are known as the “controller” of the personal data you give us as part of your application. The information provided here is what we are obliged to provide to you in this Policy.
Discovery needs to process your personal data in order to progress your application for employment and to
comply with our legal duties. If we are not able to carry out the processing activities we describe in this Policy,
we may not be able to continue with your application.
Sometimes, we need to ask for your consent to process your personal data in a particular way, such as for the
purpose of conducting background checks prior to you starting employment with us or to enable us to liaise with
your referees. Please sign and complete the consent section at the end of this Policy to confirm you consent to
us processing your data for the purposes of carrying out the background checks listed.
Although we are seeking your consent in relation to certain background checks, please note that in most cases
we will process your personal data for the legitimate business reasons set out in this Policy and it won't be
necessary for you to provide consent.
When we say "Discovery", "we" or "us" in this document, we mean the Discovery entity that you're applying to
work for. In addition, you will see a number of references to the "Discovery Group", which includes all other
Discovery entities globally. We may update this document from time to time, for example if we implement new
systems or processes that involve the use of personal data.
What categories of personal data does Discovery collect about me and why does Discovery use it?
"Personal data" means any information relating to you. Discovery will collect, process and use the following
categories and types of personal data about you:
• identification data, such as your name, passport data, drivers' licence information, national insurance
number and tax reference;
• personal information, such as your date of birth, emergency contact details and gender;
• contact details, such as your home address, telephone number and email address;
• education and work experience, such as contact details for your current/former employer, information
about your educational background, your work experience and other experience;
• other application data, such as the information included in your application form/CV;
• information collected as part of the interview process, such as notes taken from your interview or
information provided from recruitment agencies;
• background check information, such as information obtained through reference checks and
confirmation about your work/educational background.
together "Applicant Data".
Below a list of reasons (the "Processing Purposes") why we collect and use the Applicant Data as part of
your job application, along with examples of some of the Applicant Data used for each of the Processing
Purposes:
2
• processing your application and determining your eligibility for the role you applied for, (as well
as processing a job offer if your application is successful) including identification data, contact
details, information about your qualifications and employment history, information obtained
during your interview and information contained in your CV and information provided in your post
hire form;
• conducting background checks as part of your application (subject to local law), including
identification data, contact details, information about your qualification and employment history;
• complying with applicable laws including in respect of employment and immigration laws, income
tax and national insurance deductions which involves the processing of identification data and
contact details;
• communicating with you, other Discovery employees and third parties, including informing you
of future opportunities with Discovery (such as existing or potential business partners, suppliers,
customers, end-customers or government officials), including communicating future employment
opportunities, which involves the processing of identification data and your contact details;
• responding to and complying with requests and legal demands from regulators or other
authorities in or outside of your home country which involves the processing of identification data
and contact details;
• complying with corporate financial responsibilities, including audit requirements (both internal
and external) and cost/budgeting analysis and control which involves the processing of
identification data, contact details, information about the role you have applied for, including the
role's salary and benefits.
In addition to the collection, processing and use of the Applicant Data, Discovery may collect, process and
use the following special categories of personal information about you (subject to local law) which we
describe as "Sensitive Applicant Data":
• health and medical data, such as information on disability for purposes of accommodating your
application and interview and compliance with legal obligations;
• criminal records data, in the event that Discovery has conducted or received the results of criminal
records background checks in relation to you in the process of your application, where appropriate
to the role that you are applying for;
• diversity data such as information contained in your passport or other citizenship and right to
work documentation, and information which you have voluntarily provided to Discovery for the
purposes of our equal opportunities and diversity monitoring and Ofcom reporting obligations.
Why does Discovery need to collect, process and use my Applicant Data and Sensitive Applicant Data?
We are required to explain to you the legal reasons for collecting, processing and using your Applicant Data and Sensitive Applicant Data. This could be so that we can comply with our legal obligations or for a legitimate business reason to protect Discovery (e.g. to prevent fraud and run the business) or in order to be able to pay you if your application is successful. Occasionally we may need to use your personal information if we need to protect your or someone else’s interests or if it’s in the public interest. The information we hold about you will be used in a number of ways. The main ones are:
• to progress your application;
• to pay you and provide you with benefits;
• to check you have the right to work in the country where the role is based and to check your suitability
for employment with us;
3
• to comply with our legal and regulatory reporting obligations to (for example) tax authorities or other
government departments;
• Discovery’s business planning and management, including accounting and audits; and
• to prevent fraud.
Where we talk about legitimate business reasons (or interests) of Discovery or third parties, this can include:
• Assessing your suitability for working at Discovery;
• Implementation and operation of a group-wide organisational structure and group-wide information
sharing;
• Prevention of fraud, misuse of company IT systems, or money laundering;
• Physical security, IT and network security;
• Internal Investigations; and
• Proposed mergers and acquisitions.
When relying on the “legitimate interests” reason for processing your personal data, we will balance
Discovery’s legitimate interest and any relevant third party with your interests, rights and freedoms in
relation to the protection of your personal data to ensure it is appropriate for us to rely on legitimate
interests and to identify any additional steps we need to take to achieve the right balance.
Got it - but who might Discovery share my personal information with?
As you know, we are part of the global Discovery Group, and several entities in this group may be involved
in the Processing Purposes. It is our policy to limit the categories of individual who have access to your
personal information.
Discovery may transfer personal data to third parties, including to entities within and outside the Discovery
Group located in any jurisdictions where Discovery Group entities are located, for the Processing Purposes
as follows:
• Within the Discovery Group. As the Discovery entity that you're applying to work for is part of a wider
group, and offices located across the globe, which all partially share management, human resources,
legal, compliance, finance and audit responsibility, Discovery may transfer the Applicant Data and
Sensitive Applicant Data to, or otherwise allow access to such data by other entities within the
Discovery Group, which may use, transfer, and process the data for the following purposes: to
communicate information about the Discovery Group (including Discovery Communications, Inc, in the
United States, where our IT servers are located); to monitor and assure compliance with applicable
policies and procedures, and applicable laws; and to respond to requests and legal demands from
regulators and other authorities, including authorities in the United States.
• Regulators, authorities and other third parties. As necessary for the Processing Purposes described
above, personal information may be transferred to regulators, courts, and other authorities (e.g., tax
and law enforcement authorities), independent external advisors (e.g., auditors), insurance providers,
pensions and benefits providers, internal compliance and investigation teams (including external
advisers appointed to conduct internal investigations).
• Data processors. As necessary for the Processing Purposes described above, personal data may be
shared with one or more third parties, whether affiliated or unaffiliated, to process personal
information under appropriate instructions ("Data Processors"). The Data Processors (such as ICIMS)
may carry out instructions related to recruitment, workforce administration, IT system support and
maintenance, payroll and compensation, training, compliance, and other activities, and will be subject
4
to contractual obligations to implement appropriate technical and organisational security measures to
safeguard the personal information, and to process the personal information only as instructed.
Some countries where recipients are located already provide an adequate level of protection for this data.
Due to our global nature, we transfer your personal data outside the EEA internally (within the Discovery
group). Any such transfers will be processed in accordance with the Discovery Intra Group Transfer
Agreement (a copy of which is available from the Privacy Office, [email protected]).
We also need to share some information externally with third party processors outside of the EEA (such as
the United States) in connection with our business and for employment, administrative, management and
legal purposes. We will ensure that the transfer is lawful and that there are appropriate security
arrangements in place.
You can ask for a copy of the such appropriate safeguards by contacting us as set out below ("Who can I
contact?").
How long will Discovery keep my personal information for?
We will keep your personal information as long as we have a good reason to need it and in line with our
Retention Policy, which is available from HR.
It is our policy not to keep personal information for longer than is necessary. We may, for example, keep
your personal information for a reasonable time after your application process is completed, in case we
have future job opportunities that we consider you are suitable for. Where personal information is retained,
that period will be determined based on applicable local law.
What rights do I have in respect of my personal information?
You have a number of rights in relation to your Applicant Data and Sensitive Applicant Data. These rights
can differ by country, but can be summarised in broad terms as follows:
(i) Right of access to your personal data including the categories processed, the reasons we
process it and who receives the data
(ii) Right to rectify inaccurate or incomplete personal data concerning you
(iii) Right to request erasure of your personal data (right to be forgotten)
(iv) Right to restriction of processing
In limited circumstances, you may have the right to ask that we restrict processing of your personal data. However, where we process it and think we have a legitimate interest to do so, your request may be overridden.
(v) Right to data portability
You may have the right to receive personal data concerning you, which you have provided to us, in a structured and machine-readable format and you may have the right to transmit that data to another entity.
(vi) Right to object and rights relating to automated decision-making
Under certain circumstances you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, by us and we can be required to no longer process your personal data. This may include requesting human intervention in relation to an automated decision so that you can express your view and to contest the decision.
5
To exercise any of these rights, or if you have concerns or questions regarding this Policy or your rights in respect
of your personal information, please contact the Company’s global or European headquarters, your local
Discovery office or the Privacy Office on [email protected]
Company global headquarters (U.S) Company European headquarters (U.K)
One Discovery Place
Silver Spring,
MD 20910
Discovery House
Chiswick Park Building 2
566 Chiswick High Road
London
W4 5YB
We have appointed a data protection officer whose role in relation to data protection includes informing and
advising us and those of our employees who are involved in processing data of their obligations under data
protection legislation. The data protection officer is the Privacy Partnership and they can be contacted on
Subject to local law, you also have the right to lodge a complaint with your local data protection supervisory
authority which are listed below:
AUSTRIA National DPA Contact Details
Austria - Data Protection Authority (Datenschutzbehörde)
Hohenstaufengasse 3 1010 Wien
Phone: +43 1 531 15 / 202525 Fax: +43 1 531 15 / 202690 E-mail: [email protected] Website: https://www.dsb.gv.at
BELGIUM National DPA Authority Contact Details
Belgian Data Protection Authority (DPA) – Commission for the Protection of Privacy.
Commission for the Protection of Privacy, Drukperssstraat 35 1000 Brussels Phone: +32 (0)2 274 48 78 Fax: +32 (0)2 274 48 35 Email: [email protected] Website: www.privacycommission.be
BULGARIA National DPA Authority Contact Details
The Bulgarian data protection authority (DPA) is the Personal Data Protection Commission (In Bulgarian: Комисия за защита на личните данни):
2 Professor Tsvetan Lazarov, Sofia 1592 Bulgaria
Phone: +3592 915 3531 Fax: +3592 915 3525
6
Email: [email protected] Website: www.cpdp.bg
CROATIA National DPA Contact Details
Croatian Personal Data Protection Agency (AZOP'). AZOP has a registered seat in
Fra Grge Martica 14 Zagreb Fra Grge Martića 14 HR - 10 000 Zagreb
Phone: 00385 (0)1 4609-000 Fax: 00385 (0)1 4609-099
E-mail: [email protected] Web: http://www.azop.hr Legal questions Phone: 00385 (0)1 4609-080 (every working day 13:30 - 15:30 h) E-mail: [email protected] Central register Phone: 00385 (0)1 4609-046 (every working day 10:00 - 12:00 h) E-mail: [email protected]
REPUBLIC OF CYPRUS
National DPA Contact Details
Office of the Commissioner for Personal Data Protection ('Commissioner')
1, iasonos Str. 2nd Floor, 1082 Nicosia, Cyprus P.O. BOX 23378, 1682 Nicosia Phone: 0035722818456 Fax: 0035722304565 Email: [email protected]
CZECH REPUBLIC
National DPA Authority Contact Details
The Office for Personal Data Protection ('Office')
Pplk. Sochora 27 170 00 Prague 7 Czech Republic
Phone: +420 234 665 111 Phone: +420 234 665 555 Fax: +420 234 665 444
Email: [email protected] Website: www.uoou.cz
DENMARK National DPA Authority Contact Details
Datatilsynet ('DPA') borgergade 28, 5
7
DK 1300 København K
Phone: +45 3319 3200 Fax: +45 3319 3218
Email: [email protected] Website: www.datatilsynet.dk
ESTONIA National DPA Authority Contact Details
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
19 Väike Ameerika St., 10129 Tallinn Estonia Phone: (+372) 627 4135 Email: [email protected] Website: www.aki.ee
FINLAND National DPA Authority Contact Details
The Data Protection Ombudsman (Tietosuojavaltuutettu) is the local supervisory authority.
Post address: P.O. Box 800 00521 Helsinki Finland Visiting address: Ratapihantie 9, 6th floor Phone: +358 29 56 66700 Email: [email protected] Website: www.tietosuoja.fi
FRANCE National DPA Authority Contact Details
Commission Nationale de l'Informatique et des Libertés (CNIL) 8, rue Vivienne CS 30223 75083 Paris Cedex 02 Phone: 01 53 73 22 22 Fax: 01 53 73 22 00 Website: http://www.cnil.fr/english/
GERMANY National DPA Authority Contact Details
Each individual German state has a Data Protection Authority which is responsible for the enforcement of data protection laws and competent for data controllers established in the relevant state.
8
Federal Data Protection Act (Bundesdatenschutzgesetz in German) ("BDSG")
Phone: 49 (0) 228-997799-0 Fax: 49 (0 )228-997799-550 Website: www.bfdi.bund.de/
Note: Individual states have separate DPAs responsible for enforcement
GREECE National DPA Authority Contact Details
Data Protection Authority
1-3 Kifissias Avenue, Athens, Greece. T 2106475600 F 2106475628
[email protected] www.dpa.gr
HUNGARY National DPA Authority Contact Details
National Authority for Data Protection and Freedom of Information Address: H-1125 Budapest, Szilágyi Erzsábet fasor 22/c.
T +36 1 391 1400 F +36 1 391 1410
http:\\www.naih.hu ügyfélszolgá[email protected]
IRELAND National DPA Authority Contact Details
Office of the Data Protection Commissioner ('DPC')
Canal House Station Road Portarlington Co. Laois Ireland
LoCall 1890 25 22 31 T +353 57 868 4800 F +353 57 868 4757
[email protected] www.dataprotection.ie
ITALY National DPA Authority Contact Details
Garante per la protezione dei dati personali
Piazza di Monte Citorio n. 121 - 00186 ROMA
T +39 06.696771 F +39 06.69677.3785
9
Email: [email protected]
www.garanteprivacy.it, the ‘Garante’
LATVIA National DPA Authority Contact Details
Data State Inspectorate
Blaumana Street 11/13 11 Riga LV 1011 Latvia Phone: +371 67 223 131 Fax: +371 67 223 556
E mail: [email protected] Website: www.dvi.gov.lv/
LITHUANIA National DPA Authority Contact Details
The State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija in Lithuanian, website available here http://ada.lt/)
Address: A. Juozapavičiaus str. 6/Slucko str. 2 LT-09310 Vilnius Lithuania T +370 5 279 1445 F +370 5 261 9494 [email protected] www.ada.lt
LUXEMBOURG National DPA Authority Contact Details
Commission Nationale pour la Protection des Données (CNPD)
1, avenue du Rock’n’Roll L-4361 Esch-sur-Alzette T +352 26 10 60 1 F +352 26 10 60 29
www.cnpd.public.lu/fr/index.html
MALTA National DPA Authority Contact Details
Office of the Information and Data Protection Commissioner Airways House
Second Floor High Street Sliema SLM 1549 Malta
T +356 2328 7100 F +356 23287198
[email protected] www.idpc.gov.mt
10
NETHERLANDS National DPA Authority Contact Details
Autoriteit Persoonsgegevens Juliana van Stolberglaan 4-10
2595 CL DEN HAAG Postbox 93374 2509 AJ DEN HAAG
T 00.31.70 – 8888 500 F 00.31.70 – 8888 501
www.autoriteitpersoonsgegevens.nl
POLAND National DPA Authority Contact Details
General Inspector of Personal Data Protection (Generalny Inspektor Ochrony Danych Osobowych)
Stawki 2 00-193 Warsaw, Poland
T (22) 860 70 86 or (22) 860 70 70 (hotline) F (22) 860 70 86
[email protected] www.giodo.gov.pl
PORTUGAL National DPA Authority Contact Details
Comissäo Nacional de Protecçäo de Dados (‘National Commission for the Protection of Data’ also known as ‘CNPD’).
Rua de São Bento n°. 148, 3° 1200-821 Lisbon
T +351 21 392 84 00 F +351 21 397 68 32
[email protected] www.cnpd.pt
ROMANIA National DPA Authority Contact Details
National Authority for the Surveillance of Personal Data Processing (in Romanian ‘Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal’ or 'ANSPDCP')
28-30 Magheru Blvd District 1, Bucharest
T +40 318 059 211 F +40 318 059 602
11
www.dataprotection.ro
SLOVAKIA National DPA Authority Contact Details
The Data Protection Office of the Slovak Republic (‘Office’) is: Úrad na ochranu osobných údajov Slovenskej republiky (Official Slovak Name)
Hraničná 12 820 07, Bratislava 27 Slovak Republic
Phone: +421/2/32313214 Fax: +421/2/32313234 E-mail: [email protected]
Website: https://dataprotection.gov.sk/uoou/en
SLOVENIA National DPA Authority Contact Details
Mojca Prelesnik, Information Commissioner
Zaloska 59 SI - 1000 LJUBLJANA
Phone: 01 230 97 30 Fax: 01 230 97 30 E-mail: [email protected] Website: www.ip-rs.si/
SPAIN National DPA Authority Contact Details
Spanish Data Protection Commissioner’s Office ('AEPD', standing in Spanish for Agencia Española de Protección de Datos) based in Madrid. Regional commissioners may exist as well in certain territories, dealing only with data protection issues of the regional public authorities themselves.
Phone: 34/901/100.099 Fax: 91.445.56.99 Website: www.agpd.es/index.php
SWEDEN National DPA Authority Contact Details
The Data Inspection Board (Sw. Datainspektionen, below ‘DIB’) is the supervisory authority under the Act.
Contact details: Datainspektionen Drottninggatan 29, plan 5 Box 8114 104 20 Stockholm
T +46 8 657 61 00
[email protected] www.datainspektionen.se
12
UK National DPA Authority Contact Details
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
T +0303 123 1113 (or +44 1625 545745 if calling from overseas) F 01625 524510
Email: https://www.ico.gov.uk/Global/contact_us.aspx
www.ico.org.uk
13
Appendix 1
Discovery subsidiaries who are data controllers
Discovery Corporate Services Limited
Discovery Communications Europe Ltd
Discovery Media Ventures Ltd
DPlay Entertainment Limited
DNI Licensing Limited
Discovery Networks International Global LLP
Discovery Networks Norway AS
Discovery Networks Denmark ApS
Discovery Networks Sweden AB
Discovery Networks Finland Oy
Discovery Communications Deutschland GmbH & Co. KG
Discovery Communications Benelux, BV
Eurosport SAS (France)
Discovery Italia Srl
Discovery Networks SL
ESP Media Distribution Portugal, S.A.
Discovery Polska Sp. z o.o.
Discovery Romania SRL
Discovery Czech Republic S.R.O.
Discovery Hungary Média Szolgáltató Kft
Discovery Bulgaria EOOD
Eurosport Media SA