GROUP APPLICANT PRIVACY NOTICE
Last amended: 4thh September 2023
Approved by:
INTRODUCTION
The Applicant Privacy Notice describes how the personal data of persons who have applied for a position (the “Applicants”) is processed by the Rippleffect Group company:
- RONIN International Limited, one of its international subsidiaries (RONIN Research Inc. in the USA, RONIN Research GmbH in Germany, and RONIN Research (Hong Kong) Limited in Hong Kong); or
- Fat Media Limited t/a Reading Room
Together, the “Rippleffect Group” (“we”, “us”).
We take the privacy of Applicants very seriously. We developed our Privacy Notice to inform you of the principles governing our use of your personal data, the types of personal data we may obtain and process, and how we use, share and protect your personal data, including your rights in relation to your personal data. We also provide contact details for any further information.
For your convenience, this Privacy Notice may include links to resources that may aid you in understanding how it applies to you. This Privacy Notice does not extend to external resources, and we have only included these links for information purposes. If you go to these 3rd-party sites, you will become subject to their privacy policies.
We may make updates to this Privacy notice from time to time, without any notice to you. You are responsible for reviewing this Privacy Notice regularly.
ABOUT THE RIPPLEFFECT GROUP
The Rippleffect Group includes the following companies:
- RONIN International Limited, and its international subsidiaries, RONIN Research Inc. in the USA, RONIN Research GmbH in Germany, and RONIN Research (Hong Kong) Limited in Hong Kong. RONIN International provides market research data collection services to the world’s largest market research agencies, delivering fieldwork for both quantitative and qualitative market research. We offer end-to-end fieldwork services from set up and scripting through to data delivery and top line reporting, covering all the major European, American, Asian, and other global markets, on a recurring and ad hoc basis.
- Fat Media Limited t/a Reading Room is a full-service digital consultancy providing services including the design, development, and maintenance of websites; UX, UI and segmentation research; content and imagery; hosting, support, monitoring and maintenance of websites; and digital communications planning from offices in London, Bristol, and Lancaster. The company currently operates two trading names: Fat Media and Reading Room.
To find out more about RONIN International and Reading Room, please visit their websites available at the following links:
- RONIN International: https://www.ronin.com/
- Reading Room: https://www.readingroom.com/
- Fat Media: https://www.fatmedia.co.uk/
THE INFORMATION WE OBTAIN AND PROCESS
Personal information (or “personal data”) is any information from which an individual can be directly or indirectly identified. Personal data that has been stripped of all identifying particulars is called “anonymised data” and outside of the scope of data protection law.
There are “special categories” of personal data which require a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data (if it is used for ID purposes).
We process a range of personal data about you, including:
Personal details
- Your name, home address, and personal contact details (including your e-mail address and telephone number);
- Your date of birth, gender, place of birth, and nationality;
Recruitment details
- Recruitment records, including personal information included in your CV, any application form you submitted, a cover letter, details about your entitlement to work in the UK or in Germany, location of employment or engagement, a copy of your driving license and background check information;
- Details of your employment history, qualifications, education, skills and experience, including information we collect during the interviewing process;
- Information about your current salary, including benefit entitlements;
We may collect this information from a variety of sources submitted by you, such as in application forms or CVs (including for the purpose of speculative applications).
Monitoring information
- If you visit our offices during the recruitment process, you may be recorded by our CCTV system, and we may record your information in a visitor book; we maintain a separate CCTV Privacy Notice in the event that you visit us.
If we have made a job offer to you, we may also collect this information from third parties, such as: when we ask for references from your former employers, confirmation of your qualifications from academic institutions, or request a Basic DBS Check from an authorised provider, if the role we have offered you is subject to this kind of check (unless we are offering you a role with one of our non-UK subsidiaries)—if this is the case, the job advertisement or our offer to you will have made this clear. We have a policy for the secure storage, handling, use, retention, and disposal of disclosure information we receive as part of conducting Basic DBS Checks.
SPECIAL CATEGORIES OF PERSONAL INFORMATION WE OBTAIN AND PROCESS
- Information about your health, including any medical condition (such as allergies) or any disabilities for which we need to make reasonable adjustments during the recruitment process;
HOW WE OBTAIN AND PROCESS YOUR INFORMATION
FROM YOU DIRECTLY
We may collect information about you in a variety of ways, mainly from you directly.
We will collect information about you during the recruitment process from you, when you make application to a role we have advertised. This might be information you provide directly, or share through a third parry, such as LinkedIn or Facebook.
FROM THIRD PARTIES
We may also collect information about you from third parties such as LinkedIn, Facebook, and other public sources; this might be done automatically by systems we use to aid in our recruitment, such as Teamtailor, or manually by our recruitment team.
If your application is successful, we will also involve other third parties: to ask for references from a previous employer or when running background checks.
From time to time, you may also volunteer personal information about you in verbal or written communication with us, even where this was not required by us, and we have no purpose in receiving it. We ask that you please refrain from doing so; we will endeavour to protect personal information you provide in this way to the best of our ability but cannot accept responsibility for it. We will always communicate clearly about how and why we need to collect your personal information.
WHY WE PROCESS YOUR INFORMATION
The personal information listed in this Privacy Notice is required to enable us to operate as a business, fulfil our role as an employer when looking to recruit suitable candidates into vacant positions, or comply with our legal obligations.
The situations and purposes for which we will process your information are listed below:
Recruitment
- Making decisions about your recruitment and appointment, if applicable, including in relation to the terms of your future working relationship with us;
- Checking that you have the right to work in the country where we are offering you work, at the start of your working relationship with us;
- In some cases, we may also need to process information from applicants to respond to and defend against legal claims; we may also need to ensure we are complying with our legal obligations under applicable employment law, such as by checking that a successful applicant is eligible to work in the country where you will be working from, such as the UK, USA, Germany or Hong Kong.
- We may also process your personal data to carry out background checks, which may reveal information about any convictions and offences, so we can make informed hiring decisions in light of our contractual obligations to our clients, the sensitive nature of certain roles and projects, and good working practices.
- We may process your personal data to understand whether or not you have a disability, so that we can make reasonable adjustments. This is so we can meet our obligations or exercise our rights under law related to employment, or to enable us to establish, exercise or defend legal claims.
WHY WE PROCESS YOUR SPECIAL CATEGORIES OF PERSONAL INFORMATION
LEGAL BASIS FOR OUR PROCESSING
Under applicable data protection law, we must have a legal basis for every processing activity we undertake as a company, which includes the processing of your data. We do so for various business purposes as we’ve outlined in this Privacy Notice.
One of the following legal bases will apply to every instance of our collection, use, sharing or any other processing of your personal information:
- You have consented to the processing;
- The processing is necessary for us to comply with our legal obligations, which may include, but is not limited to, checking that a successful applicant is eligible to work in the UK or Germany;
- The processing is necessary for us to perform a contract to which you are a party, such as necessary steps prior to entering into such a contract;
- The processing is necessary to achieve our legitimate interests, or those of a third party, and such interests are not overridden by your interests or fundamental rights and freedoms. We have determined our legitimate interests in processing your personal information for recruitment purposes.
HOW LONG PERSONAL DATA IS KEPT FOR
Different retention periods apply to different types of records.
We assess the amount, nature, and sensitivity of personal information, and the potential risk from unauthorised disclosure or use of personal information, when we determine appropriate retention periods. This is also based on the purpose for which we are processing certain personal information, and any applicable legal requirements.
As a rule, we will store your personal information for as long as reasonably required to achieve the purpose for which it was initially collected, as outlined in this Privacy Notice.
If your application is unsuccessful, we will retain your information for up to 1 year; this could be in case we anticipate other vacancies will open up that you may be interested in applying to, and we wanted to contact you about it, but in some circumstances, we may be required to retain your records for longer in accordance with legal, regulatory, or necessary technical requirements. We may also need to store your personal information for longer periods of time to ensure we maintain an accurate record of our dealings with you, in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your dealings with us.
If your application is successful and you are offered a role with us, we will transfer the personal data we collected or that you provided during the recruitment process to your personnel file. It will be retained during your employment with us. Please refer to our Group Employee Privacy Notice for more information on retention periods applicable to employee information.
DATA SECURITY
As an ISO 27001-certified and Cyber Essentials Plus-accredited organisation, we take steps to ensure the confidentiality, integrity, and availability of your personal information.
We limit access to your personal information to employees, workers, contractors, agents and other third parties who have a business need to know. In such cases, they are only permitted to process your personal information on our instructions. Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
We have also established a policy and procedure to deal with any suspected information security incidents and personal data breaches. In the event of a suspected data breach that affects your personal information, we will notify you and the Information Commissioner’s Office of the suspected breach where we are legally required to do so.
Please note that, if you are using our Teamtailor platform as an applicant for a role, it is the responsibility of Applicants to ensure that their login credentials are kept secret.
DATA TRANSFERS
For the purposes outlined in this Privacy Notice, your personal information may need to be transferred to (shared with) service providers and other third parties, both in the UK and other countries, some of which may be outside of the jurisdiction where you are employed or perform work. These third parties may include: subsidiaries of the Rippleffect Group, our independent service providers, and other third parties, including:
- Any holding company or subsidiary of the Rippleffect Group and its companies; if you are applying for a senior management position with us, we may share your information with our Board of Directors or Group Executive Committee.
- Third-party suppliers, including services providers, where it is necessary to do so to pursue or protect our legitimate interests, provided it is done in a proportionate manner limited to information that is necessary in specific circumstances, such as our applicant tracking system, cloud services, back up and hosting providers, software provider, lawyers, accountants, third party HR and recruitment services, and external auditors, as applicable;
- If we are making you an offer for a role, we will then share your information with former employers and academic institutions, or referees you’ve provided us details for, to obtain references. We may also ask you to go through a Basic DBS Check process if applicable to the role for which we have made you an offer.
If we transfer your personal data within Rippleffect Group or to third parties in different jurisdictions, including, but not limited to, transfers outside of the UK or European Economic Area (EEA) and to jurisdictions that are not deemed to offer adequate protection (such as, for example, between RONIN International Ltd in the UK and its US-based subsidiary RONIN Research Inc.), for the purposes we have outlined in this Privacy Notice, we will take appropriate steps to ensure that an adequate level of protection is in place for your personal information, in accordance with applicable legal requirements, for example by entering into Standard Contractual Clauses.
YOUR RIGHTS
You have certain legal rights in relation to personal data we hold about you. You can exercise your rights by using the details under ‘Getting in touch’.
- You can obtain information about and access a copy of the personal data we hold about out (“right of access”);
- Where we rely on your consent to process your personal data, you can withdraw your consent to our processing—note that this will not affect the lawfulness of the processing before you withdrew your consent;
- You can request that we update or rectify incorrect or incomplete data that we hold about you (“right to rectification”);
- You can request that we delete or stop processing personal data we hold about you, e.g., if the purpose for which we were processing it has lapsed, or if you object to our legitimate interests in processing it (“right to erasure” and “right to restrict processing”);
- Where we rely on our legitimate interests to process your personal data, you can object to our processing of your personal data (“right to object”).
Please note that, if you choose to exercise these rights, we may be unable to take your application forward for a role, to respect your wishes in relation to your personal data.
Please note that some of these rights are subject to exceptions. Where this is the case, we will write to you and explain our reasons why.
AUTOMATED DECISION-MAKING
No decisions that have a significant impact on you will be made based solely on automated decision-making.
COOKIES
If you apply for a position with us via Teamtailor, cookies may be placed in your device or browser. Cookies are passive text files that are stored in the internet browser of users, such as computer, mobile phone or tablet, when using Teamtailor. We use cookies to improve your usage of and to gather information about the platform for example, statistical information. This is also done to secure, maintain and improve the platform. The information that is collected through the cookies can in some instances be personal data and is, in such instances, regulated by our Teamtailor Cookie Policy.
You can disable the use of cookies by changing the local settings in their devices. Disabling of cookies can affect your experience of the platform, for example, by disabling some functions that the Teamtailor platform offers you.
GETTING IN TOUCH
If you want to exercise any of these rights, please contact us using the contact details provided under ‘Getting in touch’.
We have appointed a Data Protection Officer (DPO) who is the point of contact for any questions you may have in relation to this Privacy Notice, your personal information and how we use it. The DPO also acts as the point of contact for any organisation or regulatory body that would have questions about your information and how we use it. If you have any questions, including about this Privacy Notice, please e-mail privacy@rippleffect.com or reach out by postal mail to:
FAO: Data Protection Officer
Rippleffect Group
Harling House, 4th floor
47-51 Great Suffolk Street
SE1 0BS, London, UK
We will endeavour to act on your requests no later than 30 days after receipt. If we require more time, we will let you know within this timeframe. We may need to get in touch first to ask for additional information confirming your identity, so that we do not act on malicious or fraudulent requests.
This information will only be stored to verify that your request is genuine after which it will be destroyed; it will not be used for any other purpose. If your request is likely to affect other data subjects, we may take additional verification steps, but this will be communicated to you in writing. If we cannot deliver on your request at all, we will be in touch in writing to explain why. If the request is deemed unreasonable or excessive, we may request you to pay a small fee before we send you a copy of your data – this will be kept to a reasonable amount.
We will always endeavour to address any complaints or disputes that individuals have about their personal data or privacy, but if you have reason to believe we have not treated you fairly and our response to you have not been satisfactory, you can choose to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s Data Protection Authority and supervisory authority in the UK, by telephone on 0303 123 1113 or on www.ico.org.uk.
CHANGES TO THIS PRIVACY NOTICE
We will update this Privacy Notice from time to time.
Please come back to this Privacy Notice from time to time to have the latest information available about how we process your personal information. We will issue you with a new Privacy Notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.