EU/EEA/UK Prospective Employee Privacy Notice

This Prospective Employee Privacy Notice (“Privacy Notice”) describes, among other things, how Nisos Holdings Inc. and its affiliates (“Nisos” or the “Company”) collects, processes, and uses your Personal Data (“Personal Data”) during your recruitment process with Nisos. Should you be selected for a position at Nisos, during onboarding, you will be provided with Nisos’s EU/EEA/UK Employee Privacy Notice, which further explains the processing of your Personal Data for purposes of entering into an employment contract with Nisos and processing during and after the expiration of the employment relationship. To this end, we process your Personal Data to the extent that is necessary and in compliance with the European Union General Data Protection Regulation (“EU GDPR”) and the United Kingdom’s General Data Protection Regulation (“UK GDPR”).

NISOS’S DATA PROCESSING ACTIVITIES

We collect Personal Data from you when you provide it to us, such as when you submit a job application or communicate with us as part of the application process. We may also collect your Personal Data from third parties authorized to share it with us, such as recruiters that share information about potential applicants.

TYPES OF PERSONAL DATA BEING PROCESSED

“Personal Data” means information related to an identified or identifiable person. Nisos may collect and process the following categories of Personal Data about you during the recruitment process:

  • Personal contact details such as name, job title, phone number, home address, e-mail address;
  • Recruitment information (including copies of right to work documentation, references and other information included in a resume or cover letter as part of the application process);
  • Date of birth;
  • Gender;
  • Ethnicity and Religion;
  • Information about professional qualifications;
  • Employment history;
  • The CV/Resume you submitted and all information therein;
  • A LinkedIn profile (if applicable);
  • Any other information you chose to provide to us.

SOURCES OF PERSONAL INFORMATION

 

  • The above information is collected in the following methods listed below:
  • Job applications (hard copy or electronic copy);
  • Resume(s)/Curriculum Vitaes/references;
  • Information provided during job forums and recruitment events;
  • Information forwarded by recruitment agencies;
  • Information provided directly by prospective employee;
  • Publicly available sources such as your social media profile (e.g. LinkedIn, X, Facebook);
  • Information provided through reference checks.

LEGAL BASIS FOR PERSONAL DATA PROCESSING

During the recruitment process, we only process data that is necessary to assess your suitability for the position you are applying to and, in the case of a successful candidacy, for the conclusion of the employment contract.

The legal basis for the processing of your data during the recruitment process and, in the case of a successful candidacy, for purposes of concluding an employment contract is Nisos’s legitimate interest in finding the best and most suitable candidates for the positions for which said candidates have applied to, and Nisos’s interest in concluding an employment contract with the selected candidate(s).

Any other processing of your Personal Data will only be undertaken if there is a legal basis for it, i.e., if processing is necessary to fulfill a legal obligation to which Nisos is subject. Should such a situation occur, we will notify you of it.

SHARING YOUR PERSONAL DATA

We may share your Personal Data as necessary for the purposes described in this Privacy Notice. For example, we may share your Personal Data as follows:

  • Affiliates: We may share your Personal Data with our Affiliates.
  • Third-Party Service Providers: We may use third party service providers to host and facilitate our operations and business (including human resources operations), such as cloud services providers, accounting service providers, human resource providers, external testing service providers.
  • Business Transfers: We may transfer your Personal Data to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of our business (in whole or in part).
  • Professional Advisors: We may share your Personal Data with other professional advisors.
  • Law Enforcement or Other Lawful Authority. We may also share your Personal Data with third parties for purposes of fulfilling our legal obligations under applicable law, regulation, court order, or other legal process, such as (i) preventing, detecting, and investigating security incidents and potentially illegal or prohibited activities; (ii) protecting the rights, property, or safety of’ you, us, or another party; (iii) enforcing any agreements with you; (iv) responding to claims; and (v) resolving disputes.
    In any other case, we will only transfer your Personal Data to third parties if you have given explicit, effective consent for Nisos to do so. You are not obligated to give consent. Effective consent can only be given freely, and consent can be withdrawn at any time.

TRANSFER OF YOUR DATA TO THIRD COUNTRIES

Nisos affiliates and third-party service providers may be located outside of the EU/EEA and UK. We may therefore transfer your data to the US or other countries (“Third Countries”) in accordance with this Privacy Notice, including to recruitment personnel and department heads in the US, for review and processing in connection with your job application. We may also transfer your Personal Data to third parties in the US for processing in connection with your job application.

Nisos recognizes that the data protection laws in the Third Countries where the data is transferred to, may differ from those in the country were you originally provided the data. Nisos takes commercially reasonable measures to confirm that Personal Data transferred to a Third Country is provided with adequate security measures and protected from unauthorized access. Further, to the extent that Nisos uses any third-party service providers that are located in a Third Country, Nisos will enter into appropriate standard contractual clauses or other contractual arrangements to provide appropriate protection as required under applicable laws, including the EU GDPR and the UK GDPR. Your Personal Data will primarily be stored in the EU/EEA/UK but may also be stored in the US for processing purposes.

RETENTION OF YOUR DATA

Nisos will not maintain your Personal Data for longer than necessary for the purpose for which it was collected. We will store your Personal Data until the end of the recruitment process, i.e., until a suitable candidate has been selected and an employment agreement concluded with said candidate. Should you be selected and onboarded for the position for which you applied, you will be provided with Nisos’s Employee Privacy Notice.

We may further store your Personal Data for purposes of possibly considering you for future job openings at Nisos. You may request that Nisos remove your Personal Data at any time by emailing your request to careers@nisos.com.

SECURITY OF YOUR DATA

We employ commercially reasonable technical and organizational security measures, taking into account (i) the current level of available technology; (ii) the cost-efficacy ratio of current technology; (iii) the extent, scope, context, and purposes of processing; and (iv) the risks associated with specific processing activities. We may limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any data security incident. We will notify you and any applicable regulator of a data security incident where we are legally required to.

YOUR RIGHTS AS A DATA SUBJECT

To the extent any data privacy law applies to the collection and processing of your Personal Data, you may have certain data rights in relation to your Personal Data that is processed by Nisos, including the following:

  • Right to Access. You have the right to access your Personal Data processed by Nisos. Specifically, you have the right to access any Personal Data that Nisos processes about you and to request information about:
    • The purposes for processing your Personal Data;
    • The categories of Personal Data concerned;
    • The recipients or categories of recipients to whom the Personal Data has been or will be disclosed;
    • For how long Nisos intends to store your Personal Data;
    • If we did not collect the data directly from you, information about the source;
    • Whether we use automated decision-making (including profiling), and, if so, the logic involved and the intended consequences of such processing; and
    • The safeguards we employ when transferring your data to another country outside EU/EEA or UK.

Upon your request, Nisos will provide you with a copy of your Personal Data in a structured, commonly used electronic form.

  • Right to Rectification. If you believe that Nisos holds any incomplete or inaccurate data about you, you have the right to request that Nisos correct and or complete the information. Nisos will correct or complete the information, provided that Nisos will notify you if it has a legal reason for being unable to do so.
  • Rights to Delete, Restrict, or Object. You have the right to request erasure of your Personal Data or to restrict processing in certain circumstances in accordance with the data protection laws, as well as to object to any processing of Personal Data on grounds relating to your particular situation, if the processing is based on legitimate interests pursued by Nisos.
  • Data Portability. If we are processing your Personal Data based on your consent, pursuant to a contract, or by automated means, you may request a copy of your Personal Data in a structured, commonly used and machine-readable format. You also have the right to withdraw your consent for processing at any time.
  • Right to Object to Automated Processing. You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects for you.

DATA SUBJECT REQUESTS

In order to exercise your rights under this Privacy Notice and applicable data protection laws, you may contact Nisos via the contact information listed below.

If Nisos receives a request from you to exercise any of your rights, Nisso may ask you to provide additional information which we may deem necessary to confirm your identity, before acting on the request.

Due to certain requirements under applicable laws Nisos may be unable to complete your request. We will notify you when this occurs and provide the legal basis for our inability to complete your request.

If you believe Nisos is failing to adequately meet any of the rights outlined above please contact us immediately. You may also have the right to lodge a complaint with a supervisory authority (see contact information below).

CHANGES TO THE PRIVACY NOTICE

We may change this Privacy Notice from time to time and/or will update this Privacy Notice periodically.

CONTACT INFORMATION

If you have any questions regarding this Privacy Notice or regarding your rights as a data subject, or if you wish to exercise such rights, please contact us at:
E-mail address: ps@nisos.com
Phone: +1 7033828106
Address: Nisos, 2101 Wilson Blvd Suite 304, Arlington, VA 22201

CONTACT INFORMATION OF THE SUPERVISORY AUTHORITY

The Information Commissioner’s Office – Northern Ireland
3rd Floor
14 Cromac Place,
Belfast
BT7 2JB

Telephone: 0303 123 1114
Email: ni@ico.org.uk