Group Data Privacy Policy for Job Applicants

1.1 This Policy describes how GXS Bank, its subsidiaries, affiliates, branches and entities in the bank group (collectively “Group”, “we”, “us” or “our”) may collect, use, process and disclose the Personal Data of any Job Applicant that is in our possession or under our control (collectively “you”, “your” or “yours”). Each singular element of the Group is termed as “Affiliate”.

1.2 “Personal Data” is any information that relates to an identifiable individual.

1.3 “Job Applicant” refers to any person who submits or wishes to submit an application for employment with us (whether on a part-time, fixed-term, temporary or full-time basis, including interns, trainees, secondees or volunteers who will be working with or attached to us).

2.1 We may collect Personal Data:

1. that you knowingly and voluntarily provide in the course of your job application with us, whether directly or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “Authorised Representative”, which may include your job placement agent or an Affiliate-appointed recruitment agency);

2. from other sources, including:

• our employee who recommends you as a candidate for a specific job opening;
• third party service providers such as our appointed recruitment agency who may recommend you as a candidate for a specific job opening;
• academic institutions (universities, colleges etc.), previous employers and your referees to validate the information you have provided and conduct reference checks;
• other publicly available sources where your Personal Data has been published, such as LinkedIn and other social media platforms; and

3. where the collection, use or disclosure of such Personal Data without consent is permitted or required by any applicable laws.

2.2 Some of the Personal Data that we collect may be sensitive in nature. This includes your government-issued identification number and financial information. We collect this information only with your consent and/or in strict compliance with applicable laws.

2.3 Some examples of Personal Data that we may collect include:

1. name or alias and demographic information obtained during the application and recruitment process such as gender, date of birth, nationality, country and city of birth; 
2. national ID and passport number;
3. mailing address, telephone numbers, email address and other contact details; 
4. your resume or CV, cover letter, previous or relevant work experience or other experience, education, transcripts, or other information you provide to us in support of your application, or the application and recruitment process; 
5. details of the type of employment you are or may be looking for, current and desired salary, and other terms relating to compensation and benefits packages, willingness to relocate, and other job preferences; 
6. reference information and information received from background checks (where applicable), including information provided by third parties; 
7. information relating to any previous applications you may have made to the Affiliate and any previous employment history with the Affiliate; 
8. information about your educational and professional background from publicly available sources, including online, that we believe is relevant to your application or a potential future application; 
9. information from any interview screenings you may have undergone, and related to any assessment you may take as part of the interview screening process;
10. financial information such as last drawn salary, compensation and credit information; 
11. medical and health information; 
12. photographs, videos and other audio-visual recordings; and
13. biometric information.

2.4 Where you provide the Personal Data of other individuals (such as referees, emergency contacts and next-of-kin) to us, it is your responsibility to notify them of the relevant purposes and our processing of their information, and obtain their consent before making such disclosure. 

2.5 Depending on the purposes of the processing activity, we may rely on the following legal bases for the collection, use or disclosure of your Personal Data under the applicable laws: 

1. necessary to enter into, manage or terminate an employment relationship with you or to appoint you to any office;
2. necessary for the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data;
3. necessary to fulfil the rights and obligations under applicable laws; or
4. based on your consent. 

3.1 We collect Personal Data from you and use such Personal Data for the purposes of our recruitment process. These include:

1. processing your job application and assessing your skills, qualifications and interests against our career opportunities;
2. contacting you in respect of your job application;
3. verifying your identity and the accuracy of information provided; 
4. validating the references provided and conducting pre-employment checks and security clearances;
5. considering you for other current or future job opportunities at the Group; and
6. allowing us to better understand, analyse and improve our recruitment processes.

3.2 Certain purposes may continue to apply even when your application for a job opening is not successful, for a reasonable period thereafter.

3.3 The Personal Data that we collect for the purposes of the recruitment process may continue to be used and disclosed, along with any additional Personal Data that we may collect, for the purposes of entering into, managing or terminating our employment relationship with you. The Group’s policies on the collection, use and disclosure of employees’ Personal Data will be made available to you as an employee of the Affiliate. 

3.4 It is important to note that, in certain circumstances, you may need to provide your Personal Data in order to comply with legal requirements or where it is necessary to conclude a contract. Failure to provide Personal Data, under such circumstances, may constitute failure to comply with legal requirements or contractual obligations, or the inability to conclude a contract with you, as the case may be.

4.1 In order to achieve these purposes, we may disclose the personal data collected from you to:

1. different units, departments or Affiliate within the Group;
2. our affiliates, partners or joint ventures in the various countries and jurisdictions in which we may operate, in relation to the purposes described above;
3. academic institutions (universities, colleges etc.), previous employers and referees in the process of validating the information you have provided and conducting reference checks; and
4. Authorised Representatives, Affiliate-appointed recruitment agencies or third party service providers.

4.2 In order to comply with applicable legal or regulatory obligations or requests, we may also be required to disclose your Personal Data to third parties such as the authorities, courts, tribunals, regulatory bodies, legal advisors and law enforcement agencies. 

5.1 In the course of our collection, use and disclosure of your personal data for the purposes, we may from time to time transfer the personal data outside the country in which we operate. 

5.2 When transferring Personal Data outside the country, we will ensure that the Personal Data is accorded a standard of protection that is comparable to the protection provided under applicable laws and regulations.

6.1 We will take reasonable legal, organisational and technical measures to ensure that your Personal Data is protected. This includes measures to prevent Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. We limit access to your Personal Data to our employees and any third parties on a need-to-know basis. Our employees who have access to your Personal Data and are processing your Personal Data will only do so where authorised and are required to treat your Personal Data as confidential.

6.2 Please note that we cannot guarantee the security of your Personal Data transmitted through any online means, and such transmission is at your own risk. Once we have received your personal data, we will use strict technical and organisational measures to protect your Personal Data. 

7.1 We generally rely on the Personal Data provided by you or your Authorised Representative. You should ensure all personal data that you provide us is true, accurate and complete, and inform us of any changes to the personal data provided. 

7.2 We will take reasonable steps to ensure the accuracy and completeness of your personal data when it is likely to be used to make a decision that affects you or disclosed to another organisation.

8.1 We retain Personal Data for the period necessary to fulfil the purposes outlined in this Policy and consistent with such retention periods prescribed under applicable laws and our internal policies.

8.2 We will cease to retain your Personal Data, any documents containing your Personal Data and remove the means by which your Personal Data can be associated with any particular individual as soon as we are able to reasonably assume that the purposes for which your Personal Data was collected is no longer being served by retention of your Personal Data, and we no longer have a legal or business purpose for retaining it. Under such circumstances, we will take steps to erase, destroy or anonymise your Personal Data.

9.1 In accordance with applicable laws and regulations, you are entitled to:

1. ask us what Personal Data we have of you, including to be provided with a copy of your Personal Data, and how your Personal Data has been used or disclosed in the last one (1) year;    
2. request the correction of your Personal Data; and
3. withdraw your consent to the processing of your Personal Data for any purpose (where we are processing your Personal Data based on your consent).

9.2 Where you are given the option to provide your Personal Data to us and/or consent to the use of your Personal Data for a purpose, you can always choose not to do so. If you have provided your consent to process your Personal Data for a purpose and you later choose to withdraw your consent, we will respect that choice in accordance with our legal obligations.

9.3 However, choosing not to provide your Personal Data or withdrawing your consent to a purpose could mean that we are unable to perform the actions necessary to achieve the purposes described in the section on “What We Use Personal Data For”. After you choose to withdraw your consent, notwithstanding, we may continue to process your Personal Data to the extent required or otherwise permitted by applicable laws and regulations.

9.4 If you wish to make a request to exercise your rights, you can contact us through our Data Privacy Officer set out in the section on “How to Contact Us” below.

9.5 We will assess the veracity of all requests. In doing so, we may require you to provide supporting information or documentation to corroborate the request. Once verified, we will respond to your request as soon as reasonably possible, within 30 days of receiving your request. 

9.6 We may decline your request if the law permits us to do so and in accordance with our internal policies on access and correction of Personal Data. For instance, we may decline requests for access to and/or correction of opinion data kept solely for an evaluative purpose.

10.1 This Policy applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your Personal Data by us. We may process your Personal Data for a new or different purpose only if we have a legitimate basis for doing so, with your consent or in accordance with applicable laws. 

10.2 We may revise this Policy from time to time without any prior notice. Such amendments shall be notified to you through our website, App and/or other appropriate means. You may determine if any revision has taken place by referring to the date on which this Policy was last updated.

11.1 If you have any queries about this Policy or would like to exercise your rights as set out in this Policy, please visit our help center.