Data Privacy Statement
HUG ENGINEERING PRIVACY POLICY
Hug Engineering AG and all entities of Hug Engineering Group (“HUG” or “we”) value our candidates and respect and protect their privacy.
This candidate privacy policy ("Policy") sets out the types of information that HUG, as data controller, collects about you, the purposes for which it is collected, the basis on which it processes it, how HUG handles your Personal Data (as defined below) and who may have access to it. It also explains to you what rights you have about your Personal Data.
This Policy principally applies to current and former candidates applying for a job in Hug’s entities (“Candidate(s)” or “you”).
This Policy does not form part of any contract of employment and does not confer any contractual right on you, or place any contractual obligation on us. We may update or otherwise amend this Policy at any time.
“Personal Data” means any information or pieces of information that could identify you either directly or indirectly. This means that Personal Data includes things like name, email/home addresses, professional or personal phone number, CV, etc.
“Processing” means dealing with the data in any way, such as collecting, using, disclosing or destroying it.
For any question, you may contact our Data Privacy Officer at dpo@hug-engineering.com
1. What types of Personal Data do we collect?
The Personal Data we process about you will have been provided by you during your application for employment such as:
- Identification data and contact details: e.g. name, date of birth, email address, postal address, phone number;
- Recruitment/selection data: e.g. CV, application form, record of interview or interview notes, records of assessments;
- Criminal records data but only where permitted under local law.
When we collect Personal Data through forms including electronic forms, we will indicate the mandatory fields via asterisks. Failure to provide the data marked with an asterisk may make it impossible for us to process your application.
During the recruitment process, we may also request references from third parties and carry out screening and vetting processes using third party sources within the limits authorized by local law.
2. Why and how do we use your personal data?
We use your Personal Data for the following purposes:
- Assessing applications for employment and making recruitment decisions;
- Where authorised by law and required for your role, seeking criminal record disclosure and carrying out credit and employment history checks.
Whenever we process your Personal Data, we do so on the basis of a lawful "condition" for processing. A part of the recruitment process, the processing of your Personal Data will be justified by our legitimate interest as a business and as your potential future employer, more specifically our interest to find the best Candidates for our job offers and to reply to any request we or you may have regarding your application.
3. How long is your Personal Data retained?
We will keep the Personal Data of Candidates only as long as necessary for the purposes of the processing for which it was collected (typically the time needed to make a decision regarding their application). We may, however, keep such Personal Data for a longer period of time if Candidates do not object to such longer period (most of the time 6 months in accordance with local rules) in order to consider the Candidate for new positions and/or for a period necessary to comply with applicable statute of limitations periods.
For successful Candidates, we will keep Personal Data for the length of the employment contract and then in compliance with applicable statute of limitations periods.
4. How is your Personal Data protected?
HUG has implemented all appropriate technical and organisational measures to ensure a level of security appropriate to the risk. This is the reason why your Personal Data is protected as necessary and, depending on the sensitivity of the information, by appropriate security systems such as pseudonymisation, encryption, password protection, restricted and registered access, strict securities policies or any useful means to ensure the confidentiality, integrity, availability and resilience of your data.
More broadly, we strictly apply the “need-to-know” principle. We have entered into strict confidentiality agreements as well as rigorous contracts with our subcontractors providing all the necessary clauses for the protection of your data.
5. When do we disclose your Personal Data?
Some of your Personal Data may be accessed:
- Within HUG (e.g. by managers, HR professionals in charge of the recruitment process, etc.), and by any member of the HUG Group;
ØThis will only be done on a need-to-know basis and where necessary in the context of your application, or to protect HUG’ interests and rights, or with your consent.
- By trusted service providers acting as subcontractors (i.e. data processors), which will carry out certain services necessary for the purposes indicated above on our behalf (hosting services, database maintenance, HR services, recruitment, etc.)
ØWe only provide them with the information they need to perform such services, and we require that they do not use your Personal Data for any other purpose. These service providers will only act upon HUG’s instructions and will be contractually bound to ensure a level of security and confidentiality for your Personal Data that is the same as the level HUG is bound to ensure and to comply with applicable personal data protection laws and regulations.
By third parties, where necessary:
- To protect the rights, property or safety of HUG, our clients, our employees or others; or
- In the context of the consideration, negotiation or completion of a corporate transaction or restructuring of the business or assets of any part of the HUG group (in such case your Personal Data may be disclosed to advisors, potential transaction partners or interested third parties); or
- To comply with a legal obligation or to respond to legal proceedings of any nature, Court orders, any legal action or implementing enforcement measures that are required by the competent authorities; or
- To other third parties like with employees representative bodies or professional advisers for example;
- For other purposes required by applicable legislation or with your prior consent.
6. Where do we store your Personal Data?
The global nature of our business means that your Personal Data may be disclosed to members of the HUG group outside of the EEA (European Economic Area), on a strict need-to-know basis. Certain suppliers and service providers may also have personnel or systems located outside of the EEA.
When transferring your Personal Data to suppliers or service providers outside of the EEA, we will take steps to ensure that your Personal Data receives an adequate level of protection, including by, for example, entering into data transfer agreements or by ensuring that the data receivers are certified under appropriate data protection schemes.
You have a right to request a copy of any data transfer agreement under which your Personal Data is transferred, or to otherwise have access to the safeguards used. Any data transfer agreement made available to you may be redacted for reasons of commercial sensitivity.
7. What are your rights on your Personal Data?
You have a number of rights, which include the following:
- To have access to your Personal Data;
- To rectify your Personal Data that is inaccurate and to complete incomplete Personal Data;
- To erase your Personal Data in limited circumstances, essentially where it is no longer necessary in relation to the purposes for which it was collected or processed;
- To restrict processing of your Personal Data where:
- The accuracy of the Personal Data is contested while steps are taken to correct or complete it or verify the accuracy;
- The processing is unlawful, but you prefer the processing to be restricted than your Personal Data to be erased;
- We no longer require the Personal Data for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim;
- To object to processing of your Personal Data, when such processing is based on our legitimate interest. HUG may, however, invoke compelling legitimate grounds for continued processing.
- To obtain a copy of or access to safeguards under which your Personal Datails transferred outside of the EEA (see Cross-border transfers);
- To lodge a complaint with the supervisory authority;
- Where applicable under local law, to define guidelines (that you may modify or revoke at any time) concerning what happens to your data after death.
Unless the local law provides otherwise, these opposition, access and rectification rights are extinguished upon the death of the data subject.
If you wish to investigate the exercising of any of these rights, please contact our Data Privacy Officer: dpo@hug-engineering.com
8. Data Protection Officer
HUG has a Data Protection Officer who is responsible for HUG’s European region’s compliance with data protection law.
You may contact HUG's Data Protection Officer or their office securely and confidentiality at any time if you have general concerns about the processing of your Personal Data, or any data protection issue. The DPO's email address is dpo@hug-engineering.com