Privacy policy for recruitment

Applicants’ privacy policy in the context of selection and recruitment

This privacy policy governs the processing of your personal data on the basis of the European Regulation (EU) N°2018/1725 (“EU-DPR”) by Key Digital Technologies Joint Undertaking (“KDT JU”)set up by Council Regulation (EU) 2021/2085 of 19 November 2021, as part of your job application with us as temporary agent (TA), contract agent (CA), seconded national expert (SNE), interim staff or trainee.

Who are we?

Your personal data are processed on the basis of applicable data protection legislation by KDT JU, located Avenue de la Toison d’Or, 1060 Brussels, Belgium. You can contact us via e-mail at dpo@kdt-ju.europa.eu

Where reference is made in this applicants’ privacy policy to laws or regulations, possible amendments to these laws or regulations are implicitly included.

We reserve the right to change and adapt this applicants’ privacy policy on our own initiative. In that case, those changes will be communicated to you via e-mail. If you do not agree to the changes, you can withdraw your consent.

Which of your personal data do we process?

When you apply for a job (selection process), we may process:

· Identity information you provide us with, such as your first name, last name, birthdate, preferences and interests;

· Contact details you provide us with, such as your e-mail address, postal address, country and (mobile) telephone number;

· Resume information you provide us with, such as your employer, professional experience, education, skills and references;

· Results of the selection process

· Any other personal data you provide us with to support your job application or to allow the verification of the eligibility and selection criteria laid down in the vacancy notice.

For the recruitment process, we process:

Documents verifying appropriate character references (in accordance with Article 12(2) and 82(3) of CEOS);

  • All the information from the selection process mentioned above;
  • Documents verifying nationality;
  • Family situation;
  • Document sent from the Commission Medical Service indicating that the selected candidate is physically fit or not to perform the job;
  • PMO forms to allow the establishment of the recruited staff’s entitlements under the Staff Regulation and CEOS;
  • A declaration on honour;
  • Any other personal data you provide us with.

We receive most of your personal data directly from you, but it may happen that our HR department includes additional information in your job application or that we receive information from a recruitment agency. In such case, the agency is responsible to provide you with the information in this Applicants’ privacy policy. Also, we advise you to consult the privacy policy of the recruitment agency.

We do not intend to process sensitive personal data about you, such as information revealing your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of unique identification, data concerning health, sex life or sexual orientation. If such information is necessary for your job application, we will ask for your consent separately. If you nevertheless provide us with such information on your own initiative, we will derive your explicit, freely given, specific, informed and unambiguous consent to the processing of this data. We might also request you to remove such sensitive data from the pertaining documents. Personal data concerning health (medical data) are processed by the Medical Service of the European Commission.

Candidates failing to provide compulsory data as requested in the vacancy notice will be excluded from the selection process.

For what purposes do we process your personal data and what is the legal basis for this?

We process your personal data for selection and recruitment purposes so that you are able to apply for a job with us at this moment or in the near future, as well as to keep track of your details in this context and to follow up on your application. We rely on your consent for this processing activity. We also rely on Article 2(a) and (f), 3(a), 12, 82 and 86 of CEOS. If special categories of personal data are processed, we may rely on the derogation provided by explicit consent (Art. 10(2)(a) of the EU-DPR).

To whom do we send your personal data?

We may share your personal data with third parties in order to process your personal data for the purposes outlined above. Third parties are only allowed to process your personal data on our behalf and upon our explicit written instruction. We also warrant that all those third parties are selected with due care and are committed to observing the safety and integrity of your personal data.

We may be legally obliged to share your personal data with competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies.

We do not send your personal data in an identifiable manner to any other third party than the ones mentioned in this section without your explicit consent to do so. However, we may send anonymized data to other organizations that may use those data for improving our job application process.

Where do we process your personal data?

We process your personal data within the European Economic Area (EEA).>

What quality assurances do we comply with?

We do our utmost best to process only those personal data which are necessary to achieve the purposes outlined above and only as long as needed to achieve these purposes, or up until such time where you withdraw your consent for processing them.

If you are recruited, your personal data is kept for 10 years after termination of employment. If you are not recruited, your personal data is kept for 5 years after expiry of the reserve list. If you are not on a reserve list, your personal data is kept for 5 years after the notification of non-selection.

We will take appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss tampering or destruction. Access by our personnel or third parties’ personnel will only be on a need-to-know basis and be subject to confidentiality obligations. You understand, however, that safety and security are best efforts obligations which can never be guaranteed.

WHAT ARE YOUR RIGHTS?

You have the right to request access to all your personal data processed by us.

You have the right to rectification, i.e. to ask that any of your personal data that are inaccurate, are corrected.

You have the right to withdraw your earlier given consent for processing of your personal data.

You have the right to erasure, i.e. to request your personal data to be deleted if these data are no longer required in the light of the purposes outlined above or if you withdraw your consent for processing them.

You have the right to restriction instead of deletion, i.e. to request that we limit the processing of your personal data.

You have the right to object to the processing of personal data if the processing by us is necessary for the performance of a task carried out in the public interest, unless if we demonstrate compelling legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You have the right to data portability, i.e. to receive from us in a structured, commonly-used and machine-readable format all personal data you have provided to us if the processing is based on your consent or a contract with you and the processing is carried out by automated means.

If you wish to submit a request to exercise one or more of the rights listed above, you can contact us by sending an e-mail to dpo@kdt-ju.europa.eu. An e-mail requesting to exercise a right will not be construed as consent with the processing of your personal data beyond what is required for handling your request. Such request should meet the following conditions:

  • State clearly which right you wish to exercise; and
  • Your request should be accompanied by a digitally scanned copy of your valid identity card proving your identity.

We will promptly inform you of having received your request. If the request meets the conditions above and proves valid, we will honour it as soon as reasonably possible and at the latest thirty (30) days after having received your request.

If you have any complaints regarding the processing of your personal data by us, you may always contact us by sending an e-mail to dpo@kdt-ju.europa.eu. If you remain unsatisfied with our response, you are free to file a complaint with the European Data Protection Supervisor (https://edps.europa.eu).

More information on Data Protection at the JU can be obtained in the record of processing activities and in the privacy notices published on the JU’s website.