Recruitment Privacy Notice
Version 3 | Last updated: 18 November 2021
Malta International Airport plc (“we”, “us”, “our”) is committed to protecting and respecting your privacy. We consider that we have a legal duty to respect and protect any personal information you provide to us and we will abide by such duty. We take all safeguards necessary to prevent unauthorised access and we do not pass on your details to any to any third-party, other than as provided in this notice.
This Privacy Notice (together with any other documents referred to herein) sets out the basis on which the personal data that you provide to us, or that is collected from you, will be processed by us in connection with our recruitment processes.
Please read the following carefully to understand our views and practices regarding your personal data and how we will process and safeguard it.
Who is the data controller?
For the purpose of the General Data Protection Regulation (“GDPR”) the data controller is Malta International Airport plc, a company registered under the laws of Malta with registration number C12663 and having its registered address at Malta International Airport, Luqa, LQA 4000, Malta. This notice applies where we are acting as a data controller with respect to your personal data in connection with our recruitment processes.
We have appointed a Data Protection Officer (hereinafter referred to as the “DPO”) whose contact details can be retrieved via this link and who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including concerns about your personal data or our data collection practices, please contact our DPO via e-mail at firstname.lastname@example.org or via telephone on (+356) 2369 6268 during office hours.
Who supports in processing your information?
In order to facilitate the recruitment process, we entered into contractual relationships with certain partners. Nevertheless, if you apply for a job opening posted by us, the provisions in this Privacy Notice will apply to our processing of your personal information.
We use Workable, an online application provided by Workable Software Limited, to facilitate our recruitment process. We use Workable to process personal information as a data processor on our behalf. Workable is only entitled to process your personal data in accordance with our instructions.
We use Fenci Consulting Limited (Our “Partner”) to assist with our recruitment process from time to time. In so doing, our Partner may process personal data as a data processor on our behalf. The Partner is only entitled to process your personal data in accordance with our instructions. Where you apply for a job opening via the Partner, it shall provide to us, retain or process your personal data in relation to your application.
What information do we collect?
The provision of your personal data is not a statutory or contractual requirement. You are not required to provide any requested information to us but failing to do so may result in not being able to continue your candidacy for the job for which you have applied.
The terms “personal data” or “personal information” mean any information about an individual for which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect and process some or all of the following types of personal data from you:
- Information that you provide when you apply for a role. This includes information provided through our Partner, through the Workable Website, via email, in person at interviews and/or by any other method.
- In particular, we process personal details such as name, email address, address, date of birth, telephone number, mobile number, ID card, nationality, education, qualifications, experience, references, information relating to your employment history, skills and experience that you provide to us.
- If you contact us, we may keep a record of that correspondence.
- A record of your progress through any hiring process that we may conduct.
- Details of your visits to Workable’s website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to Workable’s website and the resources that you access.
Workable, the online application you may apply through, provides us with the facility to link the data you provide to us, with other publicly available information about you that you have published on the Internet – this may include sources such as LinkedIn and other social media profiles.
We may also receive your personal data from a third party who recommends you as a candidate for a specific job opening or for our business more generally.
How do we use your information?
We rely on our legitimate interest to use your personal information for the following purposes:
- To consider your application in respect of a role for which you have applied.
- To communicate with you in respect of the recruitment process.
- To enhance any information that we receive from you with information obtained from third-party data providers.
- For record-keeping in relation to recruiting and hiring.
- To ensure compliance with legal requirements.
- To protect our legal rights to the extent authorized or permitted by law.
We may use Workable’s technology to select appropriate candidates for us to consider based on criteria expressly identified by us, or typical in relation to the role for which you have applied. The process of finding suitable candidates is automatic, however, any decision as to who we will engage to fill the job opening will be made by our staff.
Additionally, we may ask you to provide us with your consent to retain your information to consider your application in respect of other roles and roles that may become available at the Company in future.
When will we share your information?
Any of your personal information gathered for the purposes of recruitment will only be shared with selected individuals within our company who have an operational need to retrieve it. We do not share any of your personal information with any third-party other than as provided in this notice.
We may disclose your personal data also to third parties to whom disclosure may be required as a result of legal obligations imposed on us.
As set out above, we may also pass your information to our third-party service providers, including Workable and the Partner, who use it only in accordance with our instructions and as otherwise required by law.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How do we protect your information?
We have adopted a variety of technical and organizational measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
Where do we store your information?
Where we store your personal data in our own systems, it is stored in the EU. The data that we collect from you and process using Workable’s services may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). By submitting your personal data, you agree to this transfer, storing or processing.
In particular, your data may be accessible to i) Workable’s staff in the USA or ii) may be stored by Workable’s hosting service provider on servers in the USA as well as in the EU. The USA does not have the same data protection laws as the EEA. A Data Processor Agreement has been signed between Workable Software Limited and its overseas group companies, and between Workable Software Limited and each of its data processors. These data processor agreements are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.
If you would like further information please contact us on email@example.com. We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
We shall ensure the lawful processing of your personal data by putting in place the appropriate safeguards in accordance with the applicable privacy laws, and/or any other applicable legislation. These appropriate safeguards include the EU Model Clauses entered into by us and our processors/controllers; or ensuring that our data processors located in the USA subscribe to the Privacy Shield. MIA shall provide you with a copy of these EU model clauses upon reasonable request which may be submitted on firstname.lastname@example.org.
How long do we retain your personal information?
If your application for employment is unsuccessful, we will hold your data on file for 12 months from the date of submission. In case you provided us with your consent, we may retain the personal data for 24 months following the date of submission. Your information will be removed and destroyed following such periods of time.
If your application for employment is successful, the personal data gathered during the recruitment process may be transferred to the Human Resources file (electronic and paper based) that we will create upon commencement of your employment with us and retain over the course of it. We will then provide you with a separate employment privacy notice that outlines our processing of your data as an employee of our Company, rather than an applicant.
You may have the right to:
- request access to the personal data that we have collected about you for the purposes of reviewing, modifying, or requesting deletion of the data;
- request a copy of the personal data we have collected about you and to have any inaccuracies about you corrected;
- request that we cease processing your personal data (e.g., if you choose to withdraw from our recruiting program), although note that we may need to retain certain personal data where required or permitted to under applicable law;
- port your personal data to other data controllers where technically feasible;
- object to the processing of your information in certain circumstances; and
- lodge a complaint with a supervisory authority responsible for data protection. In Malta the supervisory authority is the Information and Data Protection Commissioner.
You can access your personal data by filing a Data Subject Access Request Form on our website or downloading it and sending it to our Data Protection Officer. Both the online and offline form together with contact details can be accessed via this link.
To exercise other rights or if you consider that our processing of your personal information infringes data protection laws, you can contact our Data Protection Officer on email@example.com or via telephone on (+356) 2369 6268.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Your rights are not absolute, and the Company may not be able to entertain the above requests if it is prevented from doing so in terms of the applicable law.
All questions, comments and requests regarding this Privacy Notice should be addressed to our Data Protection Officer on firstname.lastname@example.org or via telephone on (+356) 2369 6268.
We will keep this privacy notice under regular review. If there are any changes, we will replace this page with an updated version. At the start of this page, we will tell you when it was last updated. We may also notify you of changes to this privacy notice by email or other means, where such data is available.