The EMFI website uses cookies to provide you with a safe, effective and user-friendly website. Should you wish to change your cookie settings, please visit our Cookies Policy. Please also review our Privacy Policy, Terms of Use and Scam Alert before proceeding to the EMFI website.
Privacy Notice: Data protection under the EU General Data Protection Regulation (EU GDPR)
EMFI takes your privacy seriously. This privacy notice contains information on what personal data EMFI and its group companies (“EMFI”, “we”, “our”, or “us”) collect(s), what they do with that information, and what rights you have. If you have any questions or comments about this notice, please contact our Data Protection Officer using the following e-mail address: compliance@emfi.uk
To run our business, EMFI collects and uses information about living individuals (also known as “personal data”), including information about our prospective, current and former Employees ("Employees") for employment with EMFI. As part of our commitment to protect your personal data in a transparent manner, we want to inform you:
1. What does this Privacy Notice cover?
This notice applies to any and all forms of use of personal data (“processing”) by us in the European Economic Area (“EEA”).
2. What type of personal data do we collect?
For prospective, current and former Employees, we collect basic identification information, such as your name, title, position, professional history, experience and contact details.
If you actively apply for a role with EMFI, we will usually also collect:
Information you submit as part of your application must be true, accurate, complete and not misleading. You understand that any false or misleading statements or omissions made by you during the application process, including your application and any assessments and interviews, may be sufficient cause to justify the rejection of your application or, if you have already become an employee, the immediate termination of your employment, subject to due process.
If you provide information about your family or any other third party to us as part of your application (e.g. emergency contacts or referees) then, before providing us with such information, you must inform the relevant individuals that you will disclose their personal data to us and provide a copy of the information in this notice to them.
If you accept a role with EMFI, then in order to conduct any necessary background checks and create your record in the EMFI Group employee database, we will usually also collect:
In some cases, the personal data that we process will also include special categories of data, such as diversity-related information (including data about racial and ethnic origin, religious beliefs and other beliefs of a similar nature) and data about alleged or proven criminal offences, in each case where permitted by law.
In some cases, the personal data we collect from you is needed to meet our legal or regulatory obligations. If so, we will indicate to you that the provision of this information is mandatory, and the consequences if we cannot collect this information.
In some cases, EMFI will also collect personal data indirectly from third parties, such as recruitment agencies that you used to apply to EMFI, background check providers and other administration services providers (for instance who provide Employee shortlisting services), or from publicly available sources such as business- and employment-orientated social networking services and job boards.
3. On which legal basis and for which purposes do we process personal data?
3.1 Legal basis for the processing
We are not allowed to process personal data if we do not have a valid legal ground. Therefore, we will only process your personal data if:
Examples of the ‘legitimate interests’ referred to above are:
To the extent that we process any special categories of data relating to you, we will do so because:
3.2 Purposes of processing
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process Employees’ personal data to:
4. How do we protect personal data?
All personnel accessing personal data must comply with the internal rules and processes in relation to the processing of personal data to protect them and ensure their confidentiality. They are also required to follow all technical and organisational security measures put in place to protect the personal data.
We have also implemented adequate technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the personal data, with particular care for sensitive data.
5. Who has access to personal data and with whom are they shared?
5.1 Within the EMFI Group
We make available personal data to members of our personnel and of other companies of the group to which we belong (the “EMFI Group”) to complete the purposes indicated in section 3.2 above. Such other companies of the EMFI Group will either act as another controller under this notice or will only process personal data on behalf and upon request of the controller.
5.2 Outside the EMFI Group
We usually also transfer personal data to third parties outside the EMFI Group to complete the purposes listed in section 3.2 above including:
5.3 Transfers outside the European Economic Area
The personal data transferred within or outside the EMFI Group as set out in sections 5.1 and 5.2, is in some cases also processed in a country outside the EEA, which covers the EU member states, Iceland, Liechtenstein and Norway. Non-EEA countries may not offer the same level of personal data protection as EEA countries.
If your personal data is transferred outside the EEA, we will put in place suitable safeguards to ensure that such transfer is carried out in compliance with applicable data protection rules. To ensure this level of protection for your personal information, EMFI may use a data transfer agreement with the third-party recipient based on standard contractual clauses approved by the European Commission or ensure that the transfer is to a jurisdiction that is the subject of an adequacy decision by the European Commission or to the US under the EU-US Privacy Shield framework. You may request additional information in this respect and obtain a copy of the relevant safeguard by exercising your rights as set out below. Where EMFI transfers personal data to other group companies, we rely on the standard contractual clauses.
A list of the countries in which EMFI operates (inside and outside the EEA) can be found at https://www.emfi.uk/english/about#presence
6. How long do we store your data?
We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. In general, although there may be limited exceptions, data relating to unsuccessful potential Employees for roles within EMFI is kept for 36 months after the date on which we notify you that your most recent application has been unsuccessful; and data relating to successful Employees for roles within EMFI is kept for 36 months from the date of our last communication with you.
However, if individuals wish to have their personal data removed from our databases, they can make a request as described in section 7 below, which we will review as set out therein.
7. What are your rights and how can you exercise them?
7.1 Your rights
You may have a right to access and to obtain a copy of your personal data as processed by EMFI. If you believe that any information we hold about you is incorrect or incomplete, you may also request the correction of your personal data.
You may also have the right to:
EMFI will honour such requests, withdrawal or objection as required under applicable data protection rules but these rights are not absolute: they do not always apply and exemptions may be engaged. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to better understand your request. If we do not comply with your request, we will explain why.
7.2 Exercising your rights
To exercise the above rights, please send an email to: compliance@emfi.uk
If you are not satisfied with how EMFI processes your personal data, please let us know and we will investigate your concern. Please raise any concerns via the following e-mail address: complaints@emfi.uk
If you are not satisfied with EMFI’s response, you have the right to make a complaint to the data protection authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen. The contact details of each Data Protection Authority can be found at the following website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
In the interests of keeping personal data properly up to date and accurate, we ask you to inform us of any change in relation to your personal data (such as a change of address).
8. Updates to this notice
This privacy notice was updated in May 2018. We reserve the right to amend it from time to time. Any future changes or additions to the processing of personal data as described in this notice affecting you can be viewed on the EMFI website at https://www.emfi.uk/english/privacy-policy