(July 2022 Version)
SCOPE OF THIS RECRUITMENT PRIVACY NOTICE
· Like most businesses, Konami Digital Entertainment B.V. (we, us, our) collects and processes a wide range of personal data, some of which relates to individuals who are applying to work for us.
· It is our priority to keep your personal data safe, secure and only processed in accordance with your expectations and with our obligations under the applicable UK, EU and Member State laws and regulations on data protection, in particular (in the EU) the General Data Protection Regulation 2016/679 (GDPR) and related Member State domestic legislation enacted to supplement the GDPR and (in the UK) the retained EU law version of the GDPR (UK GDPR) and the UK Data Protection Act 2018 (collectively, Data Protection Laws).
· This Recruitment Privacy Notice & Supplementary Information (this Privacy Notice) explains the type of personal data we process, why we are processing it and how that processing may affect you. It focuses on individuals who are applying to work for us and the personal data we process as part of that procedure. We have a separate Workplace Privacy Notice that applies to our current and former employees.
· In this Privacy Notice we explain:
o what personal data we hold about you and why;
o our legal grounds for processing your personal data;
o where the personal data comes from and who gets to see it
o how long we keep your personal data;
o transfers of your personal data outside the UK/EEA
o your data rights; and
o how to contact us.
· This Privacy Notice supplements the information in the privacy notice which we provide to candidates as part of the job description at the beginning of the recruitment process. In relevant sections of this Privacy Notice, we have therefore set out a link to certain additional Supplementary Information so that you can easily access it.
· You should of course feel free to contact us with any questions or requests for further information which you may have, using the contact details set out below.
For more detail:
Supplementary Information – Understanding key data protection and employment terminology
Supplementary Information – How we keep your personal data safe
WHAT PERSONAL DATA WE HOLD ABOUT YOU AND WHY
· We will process various personal data about you in order to assess your suitability for the role you have applied for, to meet and communicate with you during the recruitment process and to decide whether to offer you the role. The main categories of personal data we will process are:
o information about your work experience and qualifications (e.g. as set out in your CV) and about your reasons for applying for the role, current salary and salary expectations, and
your location. This is usually provided to us by recruitment agents but sometimes by you directly;
o the information you provide to us, and the score sheet notes we make about you, during the interview process;
o images of you recorded by onsite CCTV at our premises; and
o information we obtain from references from your previous employers or other referees.
· In limited circumstances, the information we collect might include sensitive personal data, such as information about your health, dietary requirements or disabilities. We do not envisage processing information about previous criminal offences or convictions for most roles.
For more detail: Supplementary Information – Additional conditions for processing sensitive personal data & criminal convictions and offences
OUR LEGAL GROUNDS FOR PROCESSING YOUR PERSONAL DATA
· We process your personal data only when the law allows us to, with our principal legal grounds being:
o to decide whether to enter into an employment contract with you;
o to comply with our legal obligations;
o where necessary to pursue our legitimate interests, or the legitimate interests of third parties, but only where your interests and fundamental rights do not override those interests. An example is that we operate CCTV on our premises to ensure the security of recruitment candidates as well as of other visitors onsite and our staff.
· Less commonly, for certain roles there may also be parts of the recruitment process where we would need to obtain your consent to process your personal data. We do not envisage this happening often and we will always comply with the specific requirements of Data Protection Laws when requesting your consent.
· The Supplementary Information provides more specific information on the legal grounds on which we process your personal data, including the additional conditions we must satisfy for processing any sensitive personal data we obtain from you.
For more detail: Supplementary Information – Understanding our legal grounds for processing your personal data
SOURCES OF PERSONAL DATA AND WHO WE SHARE IT WITH
· For most of our candidates, we receive their personal data (such as CVs) from third party recruitment agents which we engage to identify and introduce appropriate individuals to us for shortlisting. Occasionally candidates approach us directly, in which case we obtain such personal data directly from them. If you fail to provide any necessary information we request (such as evidence of qualifications or work history), we will not be able to progress your application successfully.
· As part of the recruitment process, your personal data will be seen internally by our HR team, relevant team managers and senior management. Certain members of the HR team of our parent company in Japan, Konami Group Corporation, will also be provided with your personal data as part of the Konami group’s global workforce management processes for approving new recruits.
· Please note that if you accept an offer from us then the information which you provided to us will become part of your personnel file and processed in accordance with our Workplace Privacy Notice that will be provided to you as part of the on-boarding process.
HOW LONG WE KEEP YOUR PERSONAL DATA
· If your application is successful, the personal data you provided during the application process will be stored as part of your personnel file and retained in accordance with the retention periods and criteria explained in our Workplace Privacy Notice.
· If your application is unsuccessful, we normally retain your personal data for no more than six months from the time that we inform you of our hiring decision. We retain personal data for this period so that we can demonstrate, in the event of a legal claim, we have not discriminated against you and that the recruitment process was fair and transparent. After this period, we will securely destroy your personal data.
· CCTV images of you attending our premises are deleted after 30 days.
TRANSFERS OF PERSONAL DATA OUTSIDE THE UK/EEA
· As explained in this Privacy Notice, we will transfer your personal data outside the United Kingdom (UK) and European Economic Area (EEA) to our parent company in Japan as part of the recruitment approval process.
· Japan has been approved under Data Protection Laws as a country which provides adequate protection for personal data. In addition, we implement appropriate technical and organisational measures to ensure that, throughout the recruitment process, your personal data is kept secure and is only accessed by individuals who have a genuine need to access it for the recruitment process.
· If other ad-hoc transfers outside the UK/EEA are required then we will ensure that they are made strictly in accordance with the requirements of Data Protection Laws, including the implementation of appropriate safeguards such as approved Standard Contractual Clauses.
YOUR DATA RIGHTS
· Data Protection Laws provide you with certain rights in relation to your personal data, including the right to request from us access to and rectification or erasure of your personal data, to restrict or object to processing about you, as well as the right to data portability and to withdraw consent. You also have the right to make a complaint to the data protection regulator in your country about our processing of your personal data.
For more detail: Supplementary Information - Your data rights and how to complain
HOW TO CONTACT US
· In processing your personal data, we act as a data controller and we are registered with the ICO (the UK data protection regulator) with registration number ZA029809. Our contact details are as follows:
Head of HR, Konami Digital Entertainment B.V. Tel: +44 (0)1753 271888
· We have appointed a Data Protection Officer (DPO) to inform and advise us on our obligations under Data Protection Laws. You can contact our DPO by email at the following address:
E-mail: dpo-team@konami.com
STATUS OF THIS PRIVACY NOTICE
· This Privacy Notice does not form part of any contract of employment you might enter into with us and does not create contractual rights or obligations. It may be amended by us at any time.
KONAMI DIGITAL ENTERTAINMENT B.V. RECRUITMENT PRIVACY NOTICE SUPPLEMENTARY INFORMATION
UNDERSTANDING KEY DATA PROTECTION AND EMPLOYMENT TERMINOLOGY
· “personal data”: means information relating to you (or from which you may be identified) which is processed by automated means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.
· “processed by automated means”: includes data held on, or relating to use of, a computer, laptop, mobile phone or similar device. It also covers data derived from equipment such as access passes within a building, and sound and image data such as CCTV or photographs.
· "processing": means doing anything with your personal data. For example, it includes collecting, storing, amending, disclosing and deleting your personal data.
· “sensitive personal data”: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data. These are all subject to special protection under Data Protection Laws.
· “employment”, “work” and similar expressions include any arrangement we may have under which an individual provides us with work or services, or applies for such work or services. By way of example, when we mention an “employment contract”, that includes a contract under which you provide us with services; when we refer to ending your potential employment, that includes terminating a contract for services.
UNDERSTANDING OUR LEGAL GROUNDS FOR PROCESSING YOUR PERSONAL DATA
· Under Data Protection Laws, we must always have a legal ground on which we can rely when processing your personal data. In some contexts, more than one legal ground may apply depending on our purposes for processing your personal data.
· The principal legal grounds which we may rely on can be summarised as Contract, Legal Obligation, and Legitimate Interests. In limited circumstances, we may also be able to rely on the legal ground of Consent. The following table summarises these legal grounds:
|
Term |
Legal ground for processing |
Explanation |
|
Contract |
Processing necessary for performance of a contract with you or to take steps at your request before entering a contract with you (Article 6(1)(b) of GDPR / UK GDPR) |
The recruitment process is essentially a pre-contractual process for us and you to assess whether we mutually agree to enter into an employment relationship governed by a formal employment contract. Consequently, the principal legal ground that we will rely on for processing your personal data as part of the recruitment process is that we are taking steps at your request before entering into a contract with you. |
|
Legal Obligation |
Processing necessary to comply with our legal obligations (Article 6(1)(c) of GDPR / UK GDPR) |
As a potential employer, we have a number of statutory obligations that we must comply with when recruiting employees, for example to avoid unlawful discrimination. Some of your personal data will therefore be processed because we are required by law to do so. |
|
Legitimate Interests |
Processing necessary for our or a third party’s legitimate interests |
We and our parent company in Japan have legitimate interests in undertaking the recruitment process for the purpose of managing and developing our business effectively, and processing the personal data of recruitment candidates is necessary to ensure that we have the workforce which our business needs for its success. However, we will not process your personal data for our legitimate interests where this would pose an unacceptable risk to your interests or fundamental rights and freedoms. |
|
Consent |
You have given specific consent to processing your data (Article 6(1)(a) of GDPR / UK GDPR) |
We will rarely process your personal data as part of the recruitment process based on your consent. Depending on the role, however, there may be limited circumstances where it is appropriate to request your consent. This will only ever be the case where you are in a position to freely and unambiguously provide such consent having been fully informed of the specific purpose and of your right to withdraw your consent. |
Additional conditions for processing sensitive personal data & criminal convictions and offences
· We generally do not collect sensitive personal data about you as part of the recruitment process. There may, however, be limited circumstances that we do collect sensitive personal data. For example, we may need to collect information relating to your health records to assist us in ensuring that we provide you with a healthy and safe workplace (although in the ordinary course we would collect such information after you join us and so it would be covered under our Workplace Privacy Notice).
· Where we do collect and process sensitive personal data about recruitment candidates, we must satisfy an additional processing condition under Data Protection Laws. In such circumstances, the additional condition we rely on is Article 9(2)(b) of the GDPR / UK GDPR (which relates to our obligations in employment and the safeguarding of your fundamental rights) and the related provisions in national laws which address processing for employment purposes (in the UK, these are set out in Schedule 1 part 1(1) of the Data Protection Act 2018).
· We would only collect information about criminal convictions and offences from recruitment candidates in exceptional circumstances, where we were either under a legal obligation to do so or where it was otherwise necessary for the role and we obtained the candidate’s explicit consent in strict accordance with Data Protection Laws.
HOW WE KEEP YOUR PERSONAL DATA SAFE
· We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed.
· Our security includes physical security measures (such as keeping paper files in secure, access- controlled premises), IT security (such as robust firewalls, encrypted storage, strict access controls. and endpoint anti-virus protection) and organisational measures (such as internal training, policies and procedures relating to information security, data breaches and disaster recovery).
· We limit access to your personal data strictly to those employees who have a business need to know.
· In general, we do not use third party processors for processing the personal data of recruitment candidates. Where we do use third party data processors for processing personal data on our
behalf, we only use processors which we have confirmed implement security measures that satisfy the requirements of Data Protection Laws and where we have entered into an appropriate data processing agreement with them.
· We have put in place reporting procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach when we are legally required to do so.
YOUR DATA RIGHTS AND HOW TO COMPLAIN
· Data Protection Laws provide you with certain rights in relation to your personal data. These are as follows:
o The right to access your personal data. This gives you the right to receive a copy of the personal data we hold about you subject to certain exemptions.
o The right to request correction or completion of personal data. This gives you the right to have any incomplete or inaccurate personal data corrected.
o The right to request erasure of your personal data. This allows you to request us to delete or remove personal data. You also have the right to request us to delete or remove your personal data where you have exercised your right to object to processing (see below). In certain circumstances this right may not apply, such as where we have a good, lawful reason to continue using the information in question and, if so, we shall inform you of such reasons at the relevant time.
o The right to object to processing of your personal data. You can object to us processing your personal data for legitimate interests purposes. We must then stop processing your data unless we have a strong reason to continue which overrides your objection.
o The right to restrict how your personal data is used. You can limit how we use your personal data in certain circumstances. Where this applies, any processing of your personal data (other than storing it) will only be lawful with your consent or where required for legal c laims, protecting certain rights or important public interest reasons.
o The right to have a portable copy or to transfer your personal data. You can request that we provide you, or (where technically feasible) a third party, with a copy of your personal data in a structured, commonly used, machine-readable format. Note this only applies to personal data which we obtain from you and, using automated means, process in order to perform a contract with you or in the rare circumstances that we may be relying on your consent.
o The right to withdraw consent. In the rare circumstances that we are relying on consent to process your personal data then you have the right to withdraw that consent at any time.
· We try to respond to all personal data requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
· You will not normally have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
· If you want to exercise any of the rights described above, please contact our DPO using the contact details in the How to Contact Us section above.
Your Right To Complain To A Supervisory Authority
· You have the right to complain to a data protection supervisory authority if you are not satisfied with our response to a data protection request or if you think your personal data has been mishandled. The relevant supervisory authority will depend upon your location and will generally be one of the following depending upon which of our UK/EU branches you are applying to work for:
UK: Information Commissioner’s Office (ICO): https://ico.org.uk
France: Commission Nationale de l'Informatique et des Libertés (CNIL): https://www.cnil.fr/en/contact-cnil
Germany (State of Hesse): Der Hessische Beauftragte für Datenschutz und Informationsfreiheit: https://datenschutz.hessen.de//
Spain: Agencia Española de Protección de Datos (AEPD): https://www.aepd.es/es
· In certain circumstances, the relevant supervisory authority may be different. A list of all supervisory authorities in the EEA is available here: https://edpb.europa.eu/about-edpb/board/members_en