Privacy

Notice

1. Purpose

This data protection notice provides information about the ways in which Core Experience d.o.o. collects and uses Personal Information. This Notice informs you, as an employee or job applicant at Core Experience (referred to as “Company”, “We”, “Us”, “Our”), about the Personal Information (“PI”) we collect, why we need it, how we use it, and the protections in place to keep it secure. As the Company’s entities may expand, additional processing of personal data may be required, and this Privacy Notice will be updated accordingly. Any future changes will be communicated in a timely manner.

2. Scope

This Notice applies to all directors, officers, and employees working as part of the Company and its subsidiaries and affiliates. It also applies to all individuals employed by any company, subsidiary, or affiliate within the Company’s group. Additionally, this Notice covers all applicants/candidates who apply for a job with the Company, whether through our website, application forms, or any other recruitment channels.

3. Data integrity and purpose limitation

The Company commits to using Personal Information solely for the purposes for which it was originally collected or for purposes subsequently authorized by you. This ensures that the use of your data is transparent and aligns with your expectations. To maintain data integrity, the Company will undertake the following measures:

Relevance: Personal Information collected will be strictly relevant to the purpose for which it is collected. This means we will not collect or store data that is not necessary for the intended purpose.
Accuracy: The Company will take all reasonable steps to keep Personal Information accurate and up to date. This includes verifying the information at the point of collection and at regular intervals thereafter.
Completeness: We ensure that the data collected is complete, avoiding any misinterpretations or omissions that could affect the accuracy and reliability of the data.
Currency: The Company will ensure that Personal Information is current. This involves updating information as necessary to reflect the most recent and accurate data available.
Regular Audits: The Company will conduct regular audits of data processing activities to ensure compliance with this policy and relevant data protection laws.
Data Minimization: We adhere to the principle of data minimization, collecting only the personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Retention and Deletion: Personal Information will only be retained for as long as necessary to fulfill the purposes for which it was collected, after which it will be securely deleted or anonymized. The retention period will comply with applicable legal and regulatory requirements.
User Rights: You have the right to access, correct, or request the deletion of your Personal Information. The Company will facilitate these rights promptly and transparently.

4. Key terms and purposes

4.1. Key Terms

Data Controller is the person or entity who determines the purpose and means of the processing of personal data and is ultimately responsible for the lawfulness of the data processing.

Personal Information includes any information relating to an identified or identifiable natural person, such as names, contact details, identification numbers, and any factors relating to a person’s identity. This includes information protected under privacy or data protection laws of the country in which you are employed.

Processing of Personal Information means any operation performed on Personal Information, whether manual or automated, such as collecting, recording, organizing, storing, altering, retrieving, consulting, using, disclosing, combining, blocking, erasing, or destroying the data.

4.2. Purposes

We collect and use different types of Personal Information about you depending on your circumstances, role, and applicable law. The purposes for which we process Personal Information include:

4.2.1 Recruitment Purposes:

Your Application: When you apply for a job with us, we ask for Personal Information to support your application and determine your eligibility and suitability for the role, including, but not limited to name and surname, address, contact, identification numbers, career history, employment details, educational qualifications, and skills. If successful, your Personal Information will become part of your HR record.

Pre-employment Checks: Prior to starting work or changing jobs within the company, we may use your Personal Information for pre-employment checks, including criminal record, legal enforcement certificates and right-to-work checks, where allowed by local law.

4.2.2 Human Resources (HR), Administration, Compensation:

If permissible under applicable local law, we will use your Personal Information for the following purposes:

Administering Pay and Compensation: We use bank details, social security numbers, and previous employment earnings to pay your salary, make pension deductions, and pay tax and insurance contributions. Personal Information may be shared with external service providers managing these functions on our behalf.

Managing Employment Relationship: Personal Information used includes performance records, training and compliance records, workforce management information, absence history, unpaid leave requests, accident records, and management interview notes.

Processing Employment-related Claims: This includes handling grievances, disciplinary actions, personal injury, and compensation claims.

Emergency Contact: We collect home and mobile phone numbers and emergency contact details. Ensure your emergency contacts are informed and have given their consent where applicable.

Pension and Health Insurance: We collect and use Personal Information to administer your pension or other ongoing entitlements after employment ends. Personal Information may be shared with external service providers managing these functions.

4.2.3 Finance and Accounting:

Business Expenses: We use Personal Information such as bank details to reimburse expenses, manage company car allocations, fuel allowances, and comply with legal reporting obligations.

4.2.4 Information Technology (IT) Administration:

System Access and Usage: Personal Information may be required to authorize, grant, administer, monitor, and terminate access to IT systems. This includes reporting, managing, resolving IT issues, and maintaining IT systems.

4.2.5 Security and Business Continuity, Legal and Compliance:

Monitoring Communication Channels Usage: We provide communication services and facilities for business use. Usage must be appropriate to protect our reputation. We may block access to certain sites and monitor, record, and analyze usage subject to local laws.

Video Surveillance (CCTV): Where legally permitted, we use CCTV to enhance security and protect people and property. In the event that a specific location is monitored, the area will be properly marked and all relevant and necessary information will be listed in accordance with local laws and implementing regulations. CCTV is monitored for security reasons and as evidence in case of misuse or suspected criminal activity.

Physical Access Control: Access cards may be provided to enter work locations. Usage is monitored for security compliance and emergency management. Third parties or clients may require Personal Information for access to their facilities.

Crime Prevention and Detection: In cases of suspected criminal activity or serious disciplinary offenses, monitoring may be conducted as part of a specific investigation, authorized by a Board member or Data Protection Officer, and in compliance with applicable laws.

Legal and Compliance: We maintain compliance programs to adhere to applicable laws. You are required to notify us of potential conflicts of interest related to your work. Suspected breaches of ethical policies are investigated in accordance with local laws.

5. Access to your personal information

The Company ensures that access to your Personal Information is limited to those who have a legitimate need to know. This includes:

Internal Access:

Company, Subsidiaries, and Affiliates:
Employees of the Company, its subsidiaries, and affiliates who need access to your Personal Information for legitimate business purposes.
Managers: Your manager may maintain local records on your performance, notes from one-on-one interviews, emergency contact numbers, etc. They also have access to information in our HR systems, including job-related information, current pay, and absence history.
HR, Finance, and Other Departments: Dedicated professionals who require access to manage business needs, provide specialist support, and calculate pay and bonuses.

Sensitive Information:

Ethnicity and Disability Data: If you provide information relating to ethnicity and disability, access is restricted to a smaller group who need this information to comply legal obligations.

Third-Party Access:

Service Providers: We may share your Personal Information with external organizations when necessary for business purposes, such as HR administrative services (e.g., payroll, finance administration), or IT support. These third parties must have appropriate agreements in place to ensure your Personal Information is secure, including robust technical and organizational measures (TOMs).

Compliance with Legal Obligations: Personal Information may be shared with third parties if required due to legal compliance, court order, or to fulfill other legal obligations. This includes ensuring that the third party has appropriate technical and organizational measures (TOMs) in place to protect your data, and that they only use it according to our instructions.

6. How can you keep your personal information accurate and up-to-date?

It is important that the Personal Information we hold about you is kept accurate and up-to-date. Please inform us of any change or update to your Personal Information. Speak to your line manager , to HR or to gdpr@corex.cx if you are unsure how to update your Personal Information.

7. How can you request access to the personal information we hold about you?

If you have any questions about the Personal Information that we stored, we suggest that you speak to your line manager or HR in the first instance.

You have choices about how to manage your Personal Information and what types of communications you receive from us. Please note that we may have a legal obligation to preserve certain data and that we may need to request information from you to confirm your identity. This ensures that we can locate relevant data and that your Personal Information is not disclosed to someone who does not have the right to receive it.

For EU Job Applicants/Employees: In accordance with the requirements of Regulation (EU) 2016/679, or General Data Protection Regulation (“GDPR”), if you are an EU Job Applicant/Employee, you have certain rights and may make a “Data Subject Request” to exercise them.

Under certain circumstances, you have the right to:

Request access to your Personal Information, as that term is defined in the GDPR.
Request correction of your Personal Data.
Request erasure of your Personal Data.
Object to some processing of your Personal Data.
Request restriction of processing of your Personal Data.
Request the transfer of your Personal Data to you or to a third party.
Withdraw your consent.
Object to being subject to automated decision-making.
Lodge a complaint.

In such an instance, we request that you first contact us directly at gdpr@corex.cx to resolve any issue. Please note that we may have legal or other obligations to preserve certain Personal Information which could prevent us from deleting certain Personal Information.

8. International transfers of data

Sometimes we may have to transfer your Personal Information internationally, including to countries that may not, by law, have the same level of data protection as you have in your country. We seek to ensure that the appropriate technical and organizational measures and processes are in place to keep your Personal Information secure and that it is only used in accordance with our instructions.

9. How long do we keep personal information?

We retain Personal Information for as long as you are employed with us or, post-termination of employment, for as long as it is necessary to provide the services you have requested and for other legal compliance or essential business purposes, such as enforcing our employment contracts, maintaining the security of our services, enforcing our legal rights, or dispute resolution.

10. Changes to this Privacy Policy

From time to time, it may become necessary to update or change our Privacy Policy consistent with changes in data protection laws and our privacy program. We have the discretion to update this Privacy Policy at any time. When we do, we will revise the date of updating in this document. We encourage you to periodically check the most current version to stay informed about how we are helping to protect the Personal Information we collect. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications. If significant changes are made, we will provide you with appropriate notice, which may include conspicuous notice on our website, email notification, or as part of your employment contract.

11. Contacts

If you have any questions or comments regarding this Privacy Policy please contact us at gdpr@corex.cx

This Privacy Policy has been updated on 4. 7. 2024.