Candidate Privacy Notice
Medacta International SA, with registered offices in Strada Regina, Castel San Pietro (Switzerland) (hereinafter “Medacta” or “Data Controller”), in its capacity as Data Controller regarding the processing of personal data, pursuant to Swiss Federal Act on Data Protection of 19 June 1992 (FADP), to UE General Data Protection Regulation 2016/679 (GDPR) and to all the applicable privacy laws (hereinafter collectively defined “Applicable Law”), collects and processes personal data relating to job applicants. Medacta is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
Medacta has appointed a Data Protection Officer (“DPO”) who is freely contactable for any information relating to the processing of personal data by Medacta, at the following address: firstname.lastname@example.org Medacta invites you to carefully read this Privacy Information Notice as it contains important information regarding personal data protection and security measures adopted to ensure confidentiality and full respect of the Applicable Law.
Please be informed that processing of your data will be carried out in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose and storage limitations, data minimisation, integrity and confidentiality. Your personal data will be processed in accordance with the legislative provisions of the Applicable Law and of the confidentiality obligations included therein.
What information does the Employer collect?
For the purpose of recruitment, Medacta collects a range of information about you. This may include:
- [your name, address and contact details, including email address and telephone number;
- details of your qualifications, skills, experience and employment history;
- information about your current level of remuneration, including benefit entitlements;
- information about your entitlement to work in Switzerland.]
Medacta may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes or collected through interviews.
Data will be stored in HR management systems and on other IT systems (including email).
Why does Medacta process personal data?
Medacta needs to process data to process your job application.
In some cases, Medacta needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant's eligibility to work in Switzerland before employment starts.
Medacta has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows Medacta to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. Medacta may also need to process data from job applicants to respond to and defend against legal claims.
For some roles, Medacta is obliged to seek information about criminal convictions and offences. Where Medacta seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.
Medacta will use your data for the recruitment exercise for which you have applied. If your application is unsuccessful, Medacta may keep your personal data on file in case there are future employment opportunities for which you may be suited. Medacta will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.
Who has access to data?
Your information may be accessed by the people of Medacta who participate in the recruitment exercise. This includes [members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and authorized employees.]
Your data may be transferred outside the European Economic Area (EEA). Data is transferred, on the basis of declaration of adequacy.
How does Medacta protect data?
Medacta takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
For how long does Medacta keep data?
If your application for employment is unsuccessful, Medacta will destroy or anonimize your data after the end of the relevant recruitment process. If you agree to allow Medacta to keep your personal data on file, Medacta will hold your data on file for 2 years for consideration for future employment opportunities. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require Medacta to change incorrect or incomplete data;
- require Medacta to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where Medacta is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact the Data Protection Officer, available at the email email@example.com
If you believe that Medacta has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to Medacta during the recruitment process. However, if you do not provide the information, Medacta may not be able to process your application properly or at all.