GDPR Applicant HR Notice

Personal Information Protection Notice for EU and UK Applicants

1. Introduction

Mighty Proud Media, Inc. and its subsidiaries and affiliates (“Company” or “We”) may operate in many different countries. Some of these countries have laws related to the collection, use, transfer and disclosure of the personal information of individuals, including applicants. We take these obligations very seriously and are committed to protecting the privacy of our current and former applicants.

The purpose of this Personal Information Protection Notice for EU and UK Applicants (“Notice”) is to give applicants who are based in the EU and UK, (“EU and UK Applicants”) information about: what personal information we collect; how we collect, use and disclose that information and the legal grounds for us doing this; and their rights in respect of their personal information.

Mighty Proud Media, Inc. is the data controller of your personal information and is responsible for how your personal information is processed.

This Notice does not form part of your application or any future contract of employment and may be updated at any time. We will provide you with a revised Notice if we make any substantial updates. It is important you read this Notice, so that you are aware of how and why we are using your personal information.

2. What Information We Collect About EU and UK Applicants

Before, during and after their application to the Company, including time spent on the Careers section of our website (located at https://themighty.com/jobs/ (“Careers Site”) we may collect and process information about EU and UK Applicants. We refer to such information in this Notice as “EU and UK Personal Information.” We collect the following EU and UK Personal Information:

  • Personal Details: Name, home contact details (email, phone numbers, physical address) languages(s) spoken, gender, date of birth, national identification number, social security number, disability status, emergency contact information and photograph;
  • Documentation Required under Immigration Laws: Citizenship and passport data, details of residency or work permit;
  • Talent Management Information: Details contained in letters of application and resume/CV (previous employment background, education history, professional qualifications and memberships, language and other relevant skills, certification, certification expiration dates), information necessary to complete a background check, information relating to references such as referees’ names and contact details, details on performance management ratings, development programs planned and attended, e-learning programs, performance and development reviews, willingness to relocate, driver’s license information, and information used to populate employee biographies;
  • Any other information you provide to us: such as current salary, desired salary, employment preferences; and
  • Sensitive Information: EU and UK Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person’s sex life or sexual orientation, and criminal conviction data.

We ask that you avoid submitting Sensitive Information, unless such information is legally required and/or the Company requests you to submit such information.

Any information you submit through the Careers Site must be true, complete and not misleading. Submitting inaccurate, incomplete or misleading information may lead to a rejection of your application during the recruitment process or disciplinary action including immediate termination of your employment. In addition, it is your responsibility to ensure that the information you submit does not violate any third party’s rights.

If you provide us with personal information of a referee or any other individual as part of your application, it is your responsibility to obtain consent from that individual prior to providing the information to us.

3. Sources of EU and UK Personal Information

We collect EU and UK Personal Information from the following sources:

  • EU and UK Applicants: in person, online, by telephone, or in written correspondence and forms;
  • Third-party websites: where you can apply for jobs at the Company;
  • Previous employers and other referees: in the form of employment references;
  • Background and credit check vendors: as part of the recruitment process;
  • Employment agencies and recruiters; and
  • Providers of sanctions and “politically exposed persons” screening lists.

4. How we use and disclose EU and UK Personal Information

Legal Basis for Processing

We will only use EU and UK Personal Information when the law allows us to. Most commonly, we will use your EU and UK Personal Information in the following circumstances:

  • where it is necessary in order to take steps at your request prior to entering into an employment contract;
  • where it is necessary to comply with a legal obligation (including, in respect of Sensitive Information, obligations under employment law) on us; and
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, the Company has a legitimate interest in conducting certain background checks on applicants to ensure that it is offering employment to those individuals whom it considers are most likely to be successful when working for the Company.

We may also use your EU and UK Personal Information in the following situations, which are likely to be rare:

  • where it is necessary to protect your (or someone else's) vital interests (and, in the case of Sensitive Information, where you are incapable of consenting);
  • where it is necessary for us to defend, prosecute or make a claim against you, us or a third party; and
  • in the case of Sensitive Information, where you have made the information public.

In particular, we may use your Sensitive Information, such as health/medical information, in order to accommodate a disability or illness during the recruitment process, your diversity-related EU and UK Personal Information (such as race or ethnicity) in order to comply with legal obligations relating to diversity and anti-discrimination, and your criminal conviction data only where it is appropriate (given the role for which you are applying) and we are legally able to do so.

Purposes of Processing

We process EU and UK Personal Information for the following purposes:

  • Managing Workforce: Managing recruitment and assessing your suitability, capabilities and qualifications for a job with us, processing your application and performing background checks if we offer you a job, such as credit checks, anti-fraud checks and checks to prevent fraud and money laundering;
  • Communications: Facilitating communication with you regarding your application;
  • Taking legal action: Pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures; and
  • Compliance and safety: Complying with legal (including, in respect of Sensitive Information, obligations under employment law) and other requirements, such as record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas.

There may be more than one purpose that justifies our use of your EU and UK Personal Information in any particular circumstance.

We will only use your EU and UK Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your EU and UK Personal Information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

If you fail to provide certain EU and UK Personal Information when requested, we may not be able to review your application, or we may be prevented from complying with our legal obligations.

Disclosures to third parties

We share EU and UK Personal Information with the following unaffiliated third parties:

  • Service Providers: Companies that provide products and services to the Company such as human resources services, IT systems suppliers and support and background check providers, recruiters and headhunters, and hosting service providers; and
  • Public and Governmental Authorities: Entities that regulate or have jurisdiction over the Company such as regulatory authorities, public bodies, and judicial bodies, including to meet national security or law enforcement requirements.

5. Transfer of EU and UK Personal Information

The Company may disclose EU and UK Personal Information throughout the world to fulfil the purposes described above. This may include transferring EU and UK Personal Information to other countries (including countries other than where an EU or UK Applicant is based and located outside the European Economic Area (“EEA”) and UK) that have different data protection regimes and which are not deemed to provide an adequate level of protection for EU and UK Personal Information. To ensure that EU and UK Personal Information is sufficiently protected when transferred outside the EEA and UK the Company has put in place protective measures.

6. Data Security

The Company will take appropriate measures to protect EU and UK Personal Information that are consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of EU and UK Personal Information.

Access to EU and UK Personal Information within the Company will be limited to those who have a need to know the information for the purposes described above, and may include personnel in HR, IT, Compliance, Finance and Accounting. Such personnel will generally have access to EU and UK Applicants’ business contact information such as name, desired position, telephone number, postal address and email address.

The Company has put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach of your EU and UK Personal Information where we are legally required to do so.

7. Data Retention

The Company’s retention periods for EU and UK Personal Information are based on business needs and legal requirements. We retain EU and UK Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, as set out in this Notice, and any other permissible, related purposes. For example, we may retain certain information to comply with regulatory requirements regarding the retention of such data, or in the event a litigation hold is imposed. When EU and UK Personal Information is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymized information) or securely destroy the data.

8. Data Accuracy

The Company will take reasonable steps to ensure that the EU and UK Personal Information processed is reliable for its intended use and is accurate and complete for carrying out the purposes described in this Notice.

9. Automated Decisions

The Company does not envisage that you will be subject to decisions that will have a significant impact on you based solely on automated decision-making. The Company will notify you in writing if this position changes.

10. Your Rights

You have the right, in certain circumstances, to object to the processing of your EU and UK Personal Information. You can exercise this right by contacting Christian Gerace, Software Engineer, at christian@themighty.com and Sara Ray, Senior Vice President of Operations and Insights, at sara.ray@themighty.com.

You also have the right, in certain circumstances, to access your EU and UK Personal Information, to correct inaccurate EU and UK Personal Information, to have your EU and UK Personal Information erased, to restrict the processing of your EU and UK Personal Information, to receive the EU and UK Personal Information you have provided to the Company in a structured, commonly used and machine-readable format for onward transmission, and to object to automated decision-making. If you wish to exercise any of these rights, please contact https://themighty.com/privacy-request/. Please note that certain EU and UK Personal Information may be exempt from such access, correction, erasure, restriction and portability requests in accordance with applicable data protection laws or other laws and regulations.

You also can file a complaint with your local data protection supervisory authority. If you are in the EU, please contact the Data Protection Commission (Ireland) at www.dataprotection.ie, and if you are in the UK, contact the Information Commissioner’s Office at https://ico.org.uk/.

11. Your Obligations

You should keep your EU and UK Personal Information up to date and inform us of any significant changes to your EU and UK Personal Information.

12. Questions or Complaints

The Company has appointed a Data Protection Officer and a supporting team to oversee compliance with this Notice. Please contact Christian Gerace, Software Engineer, at christian@themighty.com and Sara Ray, Senior Vice President of Operations and Insights, at sara.ray@themighty.com with any questions or complaints regarding this Notice or the Company’s privacy practices.