Processing of (personal) data by the entity in charge of the online application process

Privacy Statement of Cronofy
1 February 2024

During the processing of personal data Cronofy conforms to the requirements of the applicable data protection legislation, like the General Data Protection Regulation and the UK Data Protection Act. This means we:

· clearly specify our purposes before we process personal data, by using this Privacy Statement;
· limit our collection of personal data to only the personal data needed for legitimate purposes;
· first ask for explicit permission to process your personal data in cases where your permission is required;
· take appropriate security measures to protect your personal data and we demand the same from parties who process personal data on our behalf;
· respect your right to access, correct or delete your personal data held by us.

Cronofy is the party responsible for all data processing in case of an application. In this privacy statement, we will explain what kind of personal data we collect and for which purposes within our recruitment activities. We recommend that you read it carefully.

If you have any questions regarding the processing of personal data, you can find the contact details of Cronofy at the end of this Privacy Statement.

What, how and why?

If you apply for a position within Cronofy, we need some of your personal data. This may include: you name and address details, phone number, e-mail address, gender, date of birth and profile picture. We do this on the basis of your consent.
We process your personal data for the following purposes:

· establishing and maintaining contact;
· answering questions you have asked or providing information you request;
· making a selection of candidates to start an interview process with; going through an application process;
· conducting proper administration and internal management;
· handling any complaints you may have and resolving disputes;
· going through the pre contractual phase with you and being able to enter into it of an (employment) contract with you;
· to inform you about developments of your application or within Cronofy.

We store this information as long as the application procedure is running. The personal data will be deleted one month after your application has ended, either because we have hired you or because we have decided not to proceed with your application.^[1]
This would not apply if you give permission to enter our Talent Pool for a longer period of time. In that case, your personal data will be stored for a maximum of one year after you have given permission. We will reach out to you within 12 months to ask if you’d like us to retain your personal data in the Talent Pool or remove it completely.

Do we provide your personal data to third parties?

No. We do not under any circumstance provide your personal data to other companies or organisations, unless we are required so by law (for example, when the police demands access to personal data in case of a suspected crime), or if we have your consent to do so.

Do we make use of subprocessors?

Yes, Cronofy makes use of the following two sub processors during the application and interview process:

· Personio, our human resource and candidate management software solution. To view their privacy notice please click here.
· Metaview, an AI-third party that we use to transcribe some of our interviews to help with training and to improve the quality of our interviews. To view their privacy notice please click here.

What about security?

Great question. We take security measures to reduce misuse of and unauthorized access to personal data. We take responsibility in the security of your personal data. We renew our security measures to ensure safe storage of personal data and keep track what might go wrong.

Can we change this Privacy Statement?

Yes. We have to reserve the right to modify this statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes.

What are your right under this Privacy Statement?

You can always contact us if you have any questions regarding our privacy policy or wish to review, modify or delete your personal data.
You have the following rights:

· Right of access: you have the right to see what kind of personal data we processed about you.
· Right of rectification: you have the right to rectify any personal data we have processed about you, if this information is (partially) wrong.
· Right to complain: you have the right to file a complaint against the processing of your personal data by us, or against direct marketing.
· Right to be forgotten: you can file a request with us to remove any personal data we processed of you.
· Right to data portability: if technically possible, you have the right to ask us to transfer your processed personal data to a third party.
· Right to restriction of processing: you can file a request with us to (temporarily) restrict the processing of your personal data.

If you exercise any of the rights mentioned above, we will ask to identify yourself with a valid ID, to conform it is your personal data. It is important that you hide your social security number and photo.
We will usually comply to your request within one month. This term can be extended if the request is proven to be complex or tied to a specific right. You will be notified about a possible extension of this term.

What to do with complaints?

If you think that we are not helping you in the right way, you have the right to lodge a complaint at the authority. For The Netherlands, this is the Autoriteit Persoonsgegevens. For the UK, this is the Information Commissioner’s Office.

How can you reach us?

Cronofy B.V. (Netherlands) Cronofy Ltd (UK)
Mr Treublaan 7 1 Broadway
1097 DP Amsterdam NG1 1PR Nottingham
The Netherlands United Kingdom

The easiest way to reach us is via: privacy@cronofy.com or recruitment@cronofy.com

^[1] In the event of complaints or disputes about the contact or application process, your personal data will be kept during the handling of these complaints and disputes. When it is clear that a complaint or dispute has been resolved, the personal data stored for that purpose will be removed.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.