Privacy Notice
Talent Outpost GmbH (“Talent Outpost”, “We”, “Us” or “Our”) is committed to safeguarding and respecting your privacy. This “Privacy Policy” (together with any other documents referred to herein) sets out the basis on which the personal data collected from you, or that you provide to Us, will be processed by Us in connection with Our recruitment and business processes. It also explains what rights you have to access or change your personal data.
Where you apply for a job opening posted by Us, these Privacy Notice provisions will apply to Our processing of your personal information in addition to Our Candidate Privacy Statement which has been provided to you separately or is available on Our Website.
Please read the following carefully to understand Our views and practices regarding your personal data and how We will treat it.
I. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws and regulations that determine the purposes and means of processing personal data is:
Talent Outpost GmbH
Neunbrunnenstrasse 38
8050 Zurich
Switzerland
II. General Information regarding the Processing of Personal Data
A. What data do We collect and process for you?
In particular, We process personal details, depending on the circumstances, such as:
Identity: title, name, the company you work for, your title or position and your relationship to a person;
Contact data: addresses, email addresses, phone numbers, and video or chat ID;
Information contained in correspondence: information contained in any correspondence by email or phone between you and Us. We will keep a record of that correspondence.
Employment and background data: if you are submitting a job application, you may also provide information about your academic and work history, qualifications, skills, projects and research that you are involved with, references, proof of your work authorization, passport or other identity document details, and any other such information that you may provide us;
Website usage and other technical data: information about your interactions to our website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to Talent Outpost’s Website and the resources that you access. This information may be collected by a third-party website analytics service provide on our behalf and may be collected using cookies or similar technologies.
B. How do We collect and process data from you?
We collect data that you provide to Us when you:
Submit correspondence to us by mail, email, or via our website
Submit a resume or CV or job application to a job vacancy. This includes information provided through an online job site, via email and phone, in person at interviews and/or by any other method.
Network with us (i.e industry events or meetings either hosted or attended by us)
Attend an interview including interview notes and records, including contact details (if provided).
Details of all actions that you carry out through the use of the Services.
In certain circumstances, we will receive information about you from third parties. For example:
Employers and referees: if you are an applicant, we may contact with your written consent your current and former employers and/or referees, who may be based inside or outside of the EU, to provide information about you and your application. The consent can be withdrawn at any time.
Service Providers: we may collect personal information from our third-party service providers, such as our email verification service provider, background check service providers, and other compliance providers as required by local law. Our recruitment database provider, Crelate, allows Us to search various databases, which may include your personal data, to find possible candidates to fill Our job openings. Where We find you in this way we will obtain your personal data from these sources.
Publicly available sources: we use publicly available sources to carry out identity and compliance checks.
C. How do we use the data We collect/Purposes of data processing
We use information held about you in the following ways:
To consider your application in respect of a role for which you have applied.
To consider your application in respect of other roles.
To communicate with you in respect of the recruitment opportunities and process.
To enhance any information that we receive from you with information obtained from third-party data providers.
To find appropriate candidates to fill Our job openings.
To help Us improve our services.
To share your information with third parties to the extent they provide Us with services which involves the process of data. These recipients include Crelate, who provides Our recruiting software and Google Workspace, who hosts Our administrative software and data.
D. Legal basis for data processing
Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 para. 1 let. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the data subject is a party, art. 6 para. 1 let. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, art. 6 para. 1 let. c GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first interest, art. 6 para. 1 let. f GDPR serves as the legal basis for processing. Our legitimate interest in data processing pursuant to art. 6 para. 1 let. f GDPR lies in the purposes.
E. How We Store Your Personal Data
We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect your personal data, We cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
F. Duration of storage
We will hold all the data for recruitment purposes only for as long as necessary to provide services to you and to comply with our legal obligations.
G. Where We store your personal data
Where we store your personal data in our own systems, it is stored on secure servers by Talent Outpost or by a third-party hosting infrastructure company located in within Switzerland and the EEA.
The data that We collect from you and process using Crelate and/or Google’s Services may be transferred to, and stored at, a destination outside the Switzerland and the EEA. It may also be processed by staff operating outside the Switzerland who work for Us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
In particular, your data may be accessible to i) Crelate and/or Google’s staff in the USA or ii) may be stored and hosted by Crelate and/or Google’s in accordance to the EU GDPR compliant US Privacy Shield Framework. A Data Processor Agreement has been signed between Crelate, Inc and its overseas group companies, and between Crelate, Inc and each of its data processors. These data processor agreements are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.
If you would like further information, please contact Us (see ‘Contact Us’ below).
III. Provision of the website and creation of log files
A. General Remarks
We use Squarespace.com as a host for our website. In the following we explain what and how data and information is collected when you visit our website. For further information please visit the privacy policy of Squarespace.
B. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. For further information please visit the Data Processing Addendum of Squarespace.
The data is also stored in the log files of our system but is not stored together with other personal data concerning you.
C. Legal basis for data processing
The legal basis for the temporary storage of personal data and log files is art. 6 (1) (f) GDPR.
D. Purpose of data processing
The temporary storage of your IP address by the system is necessary to enable the web-site to be delivered to your computer. For this the IP address must remain stored for the duration of the session.
The personal data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
Our legitimate interest in data processing pursuant to art. 6 (1) (f) GDPR also lies in these purposes.
E. Period of storage
Your personal data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, the data will be deleted when the respective session has ended.
F. Possibility of objection and erasure
The collection of personal data for the provision of our website and the storage of personal data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection.
IV. Use of cookies
A cookie is a string of information that a Site stores on your computer, and you’re your browser provides to the Site each time you return. Pixel tags (also called web beacons) are small blocks of code placed on Sites. SquareSpace, our Website host, uses cookies and other technologies like pixel tags to help identify and track visitors and Site usage. For more information about our use of cookies and other technologies for tracking, including how you can control the use of cookies, please see SquareSpace’s Cookie Policy.
V. Contact form
A. Description and scope of processing of personal data
There is a contact form on our website which can be used for electronic contact. If you take advantage of this possibility, the following data entered in the contact form will be transmitted to us and will be stored:
Name
E-Mail
E-Mail Subject
Portfolio or Demo Reel Link
Your Message
Your consent is obtained for the processing of the personal data within the scope of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the e-mail address provided. In this case, your personal data transmitted by e-mail will be stored.
In this context, the personal data will not be transmitted to third parties. The data is used exclusively for processing the conversation.
B. Legal basis for processing
The legal basis for the processing of data is art. 6 (1) (a) GDPR.
The legal basis for the processing of personal data transmitted in the course of sending an e-mail is art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is art. 6 (1) (b) GDPR.
C. Purpose of data processing
The processing of personal data from the contact form and the e-mail sent to us serves us only for the treatment of the establishment of contact. The personal data collected in the course of sending an e-mail represent also our legitimate interest in processing of personal data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
D. Period of storage
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
To offer a good user experience and to safeguard our ability to comply with our contractual obligations, we need to have access to all user communication. Consequently, the personal data from the contact form or the personal data that is sent by e-mail will be erased not earlier than after 10 years.
E. Possibility of objection and erasure
You have the possibility to withdraw your consent to the processing of personal data concerning you at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In this case, the conversation cannot be continued.
VII. Payments
A. General Remarks
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (“payment processors”).
We will not store or collect your payment card details. This information is provided directly to Our third-party payment processors whose use of your personal information is governed by their privacy policy. Our third party payment processors adhere to the PCI-DSS standards as managed by the PCI Security Standards Council to help ensure the secure handling of payment information.
For further information please visit the privacy policy of Stripe or the privacy policy of PayPal.
VII. Your rights
A. Right of access
You can ask us to confirm whether personal data concerning you is being processed by us.
Is that the case, you can request the following information from us:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data has been or will be disclosed;
the envisaged period for which the personal data will be stored, or, if specific information on this is not possible, the criteria used to determine that period;
the existence of the right to request from us rectification or erasure of personal data, or restriction of processing of personal data concerning you or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data is not collected from you, any available information as to their source;
the existence of automated decision-making, including profiling, in accordance with art. 22 (1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to art. 46 GDPR relating to the transfer.
B. Right to rectification
You have the right to obtain from us the rectification and/or completion of incorrect or in-complete personal data concerning you.
C. Right to restriction of processing
Under the following conditions, you have the right to request the restriction of processing of your personal data:
the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
the processing is unlawful and you refuse the erasure of the personal data and request the restriction of their use instead;
we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; or
you have objected to processing pursuant to art. 21 (1) GDPR and it has not yet been determined whether our legitimate grounds override those of you.
Where processing of personal data concerning you has been restricted, such personal data may only be processed – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
D. Right to erasure
You have the right to obtain from us the erasure of your personal data and we are obliged to erase personal data without undue delay where one of the following grounds applies:
the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
you withdraw consent on which the processing is based pursuant to art. 6 (1) (a) or art. 9 (2) (a) GDPR, and where there is no other legal basis for the processing;
you file an objection to the processing pursuant to art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant to art. 21 (2) GDPR ;
the personal data concerning you has been unlawfully processed ;
the deletion of personal data concerning you is necessary to fulfil a legal obligation to which we are subject ;
the personal data concerning you was collected in relation to the offer of information society services referred to in art. 8 (1) GDPR.
Where we have made your personal data public and where we are obliged pursuant to art. 17 (1) GDPR to erase your personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, the personal data.
The right to erasure shall not apply to the extent that processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by applicable law or for the performance of a task carried out in the public interest or in the exercise of official authority assigned to us ;
for reasons of public interest in the area of public health in accordance with art. 9 (2) (h) and (i) and art. 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with art. 89 (1) GDPR, insofar as the right referred to in para. IX.1 is likely to render it impossible or seriously impair the achievement of the objectives of that processing ; or
for the establishment, exercise or defence of legal claims.
E. Right to data portability
You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. In addition, you have the right to transmit the data to another controller without hindrance from us to which the personal data have been provided, where:
the processing is based on consent pursuant to art. 6 (1) (a) GDPR or art. 9 (2) (a) GDPR or on a contract pursuant to art. 6 (1) (b) GDPR ; and
the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be affected by this.
The right to data portability shall not apply to processing necessary for the performance of a task carried out of a public interest or in the exercise of official authority assigned to us.
F. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
We no longer process the personal data concerning you, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related with such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right of object in the context with the use of in-formation society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
G. Right to withdraw the consent to process personal data
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
H. Automated decision making/profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
is necessary for the conclusion or performance of a contract between us,
is authorised by applicable law and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to art. 9 (1) GDPR, unless art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
In the cases referred to in points a) and c), we implement suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
We may use Crelate’s technology to select appropriate candidates for Us to consider based on criteria we have identified. The process of finding suitable candidates is automatic, however, any decision as to who We will engage to fill the job opening will be made by Our team.
I. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
CONTACT US
Please contact us at support@talent-outpost.com or Talent Outpost GmbH, Postfach 615, 8050 Zurich, Switzerland to exercise any of your rights under section “Your Rights” or if you have any questions in respect of this policy.
Changes to the Privacy Notice and your duty to inform us of changes
We reserve our right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations. We will tell you about any changes by posting an updated privacy policy on our website. Any change we make applies from the date we post it on the website. If you have any questions about our privacy policy, please email us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us via the contact details at the top of this Privacy Notice.