GLOBAL CANDIDATE PRIVACY NOTICE
1.1 You are being shown this copy of our Privacy Notice because you are applying for work with us (whether as an employee, worker, contractor, volunteer or intern). This Privacy Notice describes how we may collect and use your Personal Data for the purposes of the recruitment process. We are committed to protecting the privacy and security of your Personal Data.
1.2 Cision is a global organization so this notice describes the processing we may do all regions in which we work while respecting the Privacy Laws of each country, so some terms may not be applicable in each country.
1.3 Cision is made up of different legal entities (the “Cision Group”). This policy applies to all entities within the Cision Group as they are Data Controllers and gather and use certain Personal Data about you. Your Personal Data may therefore be shared with and used by our affiliated entities within the Cision Group in accordance with this policy. Therefore, in this notice, references to "we" "us" or "our" mean Cision Group. and any other company with the Cision Group of companies. Details of our group companies can be found here
1.4 If at any time you have any questions about this Privacy Notice or the way we use your personal data, please contact our Privacy Team via Privacy@Cision.com or Data Protection Officer via DPO@Cision.com.
2. Key terms used in this Privacy Notice
Any information relating to an identified or identifiable individual
Special Category Data
Personal Data revealing racial or ethnic origin, or trade union membership
Genetic and biometric data
Data concerning health
Criminal Record Data
Personal Data relating to criminal convictions and offences or related security measures
3. What kind of information do we process about you?
3.1 Depending on the country in which you are applying, we may collect, store and use the following categories of Personal Data about you:
3.2 We may collect, store and use the following categories of Special Categories of Personal Data:
3.3 Where appropriate, we may collect, store and use your Criminal Record Data.
4. What principles do we follow when we process your Personal Data?
4.1 We will comply with the following data protection principles when processing your Personal Data:
4.1.1 We will process Personal Data lawfully, fairly and in a transparent manner.
4.1.2 We will collect Personal Data for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes.
4.1.3 We will only process Personal Data that is adequate, relevant and necessary for the relevant purposes.
4.1.4 We will keep Personal Data accurate and up to date and take reasonable steps to ensure that inaccurate Personal Data are deleted or corrected without delay.
4.1.5 We will keep Personal Data for no longer than is necessary for the purposes for which the data is processed; and
4.1.6 We will take appropriate technical and organisational measures to ensure that Personal Data are kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
4.2 In addition to complying with the principles set out at paragraph 4.1 above, we will only process your Special Category Data if one of the following special conditions applies:
4.2.1 You have given us explicit consent;
4.2.2 Where we need to process the data to carry out our legal obligations or exercise rights in connection with employment law;
4.2.3 Where the processing is necessary to protect your vital interests and you are not capable of giving your consent;
4.2.4 Where you have already made the information public;
4.2.5 Where the processing is necessary for the establishment, exercise or defence of legal claims; or
4.2.6 The processing is necessary for reasons of substantial public interest.
4.3 We will only process your Criminal Record Data where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with the principles set out at paragraph 4.1 above and paragraph 11 below.
5. How do we collect your Personal Data?
5.1 We collect your Personal Data through the application and recruitment process, either directly from you, via an electronic application you have submitted using our third party electronic application tracking system, via an employment agency or background check agency, or via publicly available online platforms (such as LinkedIn). We may sometimes collect additional information from third parties including former employers, credit reference agencies. In countries requiring it, certain personal data types will only be collected with your express consent. Depending on the country and where appropriate, we may collect Criminal Record Data as part of the recruitment process either directly from you or via or the Disclosure and Barring Service (DBS).
6. What is our lawful basis for processing your Personal Data
6.1 We will only use your Personal Data when we have a lawful basis for doing so, including:
6.1.1 Because it is in our legitimate interests to decide whether to appoint you to a role (since it would be beneficial to our business to appoint someone to that role).
6.1.2 Because we need to decide whether to enter into a contract with you.
6.1.3 Because we need to process your Personal Data to comply with our legal obligations.
7. Ways in which your Personal Data may be processed
7.1 Your Personal Data may be processed in one or more of the following ways:
7.2 For those countries who collect Special Category Data, this may be processed in the following ways:
7.3 Depending on the country and where appropriate, your Criminal Record Data may be processed if appropriate depending on the nature of your role. For example, if you are applying for a position in our finance department, we may request criminal records information from you or obtain such information through criminal offence records providers during the recruitment process.
7.4 We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the lawful basis which allows us to do so.
8. Automated Decision Making
8.1 We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
9. How may we share your Personal Data?
9.1 We may share your Personal Data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. "Third parties" includes third-party service providers (including contractors and designated agents).
9.2 The following activities are carried out by third-party service providers: processing job applications (via a third-party recruitment application)
9.3 All our third-party service providers are required to take appropriate security measures to protect your Personal Data. We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
9.4 We may in dealing with your application share your Personal Data with other companies within the Cision group of companies, and with third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your Personal Data with a regulator or to otherwise comply with the law.
9.5 If you are applying from within the EEA, we may transfer the Personal Data we collect about you outside the EEA, for example if one of our third-party service providers or one of our relevant group companies is based outside of the EEA. When we transfer your Personal Data to a country outside of the EEA, but for which the European Commission has recognized that country as providing an adequate legal level of data protection with regard to European legislation (eg Switzerland, Canada), your data will be transferred on the basis of this adequacy decision. When we transfer to a non-EEA country, where the European Commission has not recognized that country as providing an adequate legal level of data protection with regard to European legislation without, we do so in accordance with model contracts approved by the European Commission to ensure that there is an adequate level of protection for your Personal Data.
10. How secure is my Personal Data?
10.1 We have appropriate security measures in place to prevent your Personal Data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.
10.2 We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
11. How long will you keep my Personal Data?
11.1 If you are unsuccessful in your application, after we have communicated our decision to you, we will hold your personal data for a period of no longer than two years, so that we can contact you if relevant job opportunities arise during that period. If you wish us to erase your personal data at any time you may contact us and we will securely destroy your Personal Data in line with our policies.
Depending on the country you are applying from, if there is any correspondence between us which might be construed as an employment offer, we may retain your Personal Data for a maximum period of four years. This is so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After that period, we will securely destroy your Personal Data in line with our policies.
11.2 If you are successful in your application and come to work for us, then we will keep your Personal Data during and after the period you work for us for no longer than is necessary for the purposes for which the Personal Data is processed and in accordance with our policies. If you are employed by us you will be provided with a copy of our Employee Privacy Notice when you join which will explains how we deal with employee data.
12. Keeping us informed
12.1 It is important that your Personal Data is accurate and up to date. Please keep us informed if your Personal Data changes.
13. Failure to provide Personal Data
13.1 If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application.
14. Your rights
14.1 Under certain circumstances, you have rights under data protection laws in relation to your Personal Data.
14.2 Those rights include:
The right to be provided with a copy of your personal data
The right to require us to correct any mistakes in your personal data
To be forgotten
The right to require us to delete your personal data—in certain situations
Restriction of processing
The right to require us to restrict processing of your personal data—in certain circumstances, eg if you contest the accuracy of the data
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
The right to object:
—At any time to your personal data being processed for direct marketing (including profiling);
—In certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
14.3 If you wish to exercise your rights, please contact our Privacy Team via Privacy@cision.com or Data Protection Officer via DPO@Cision.com
14.4 You also have the right to make a complaint at any time to your local Supervisory Authority (a list of those for the EU can be found here ). We hope that we would be able to resolve any concerns that you may have before you approach your Supervisory Authority so please do contact us in the first instance.
LAST UPDATE: April 2020
1-877-297-8912from 8 AM - 5 PM CT