Privacy Notice for TailorMed Candidates

Last Modified: March 2024

TailorMed and its affiliated companies (“Company”, “we”, “our”, or “us”) are committed to protecting and respecting your privacy as a candidate ("you" or "candidate"). This privacy notice (the "Notice") sets out the basis on which any personal data (“Personal Data" means any data that can or may be used whether alone or in combination with other information in order to identify you) that you provide to us, or that we otherwise collect, will be processed. 

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Data about you, so that you are aware of how and why we are using such information. Further information about how we process personal data can be found in our general privacy policy, which is available here.

We are committed to ensure that the Personal Data we process about you will be:

• Used lawfully, fairly and in a transparent way.
• Collected for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with those purposes. 
• Adequate, relevant and limited to what is necessary in relation to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for those purposes.

We collect, store and process Personal Data about you for the following purposes: 

• Your candidacy evaluation. 
• To the extent applicable, your recruitment as a Company employee.
• Complying with legal requirements to which we are subject.

We receive, collect, store, use and process all or some of the following categories of Personal Data about you as a candidate:

• Personal details - such as: your name, title, address, telephone number and personal email address. Information collected for the purposes of your recruitment - Curriculum Vitae (resumé) information (including information such as skills, work experience, education), email correspondences between you and the Company about your candidacy, your responses to questionnaires sent to you by us, materials
• you or other parties (such as recruiting agencies or background check providers) submitted in relation to your candidacy.

• Publicly available online information - such as your LinkedIn profile URL or other similar social network.
• We may also collect, store, use and process the following “special categories” or Personal Data which might be regarded as sensitive under certain jurisdictions – such as information about criminal convictions and offences (only where we are legally allowed to do so).

We collect Personal Data about candidates through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may also collect additional information from third parties including former employers, credit reference agencies or other background check agencies or publicly available resources (such as social networks).

Most commonly, we will use your Personal Data in the following circumstances:

• To evaluate and consider you as a candidate for open positions 

• Where it is necessary for our, or yours, legitimate interests (or those of a third party) as long as your fundamental rights do not override those interests – for example:

• • Business management and planning (including for example to conduct internal studies and improve our recruitment practices).
  • To ensure information security, including preventing unauthorised access to our offices, computers and electronic communications systems, and preventing unauthorised use or malicious software distribution.
  • To document and exercise our legal rights, or defend from potential claims.

1. We may share your personal data with our service providers and vendors who assist us to collect, process and store your personal data in the context of your candidacy, including, Comeet (who provides us with a recruitment platform. Comeet’s privacy policy is available here). These companies are authorized to use your personal data only as necessary to provide these services or as otherwise authorized by us.
2. Personal data may be shared with, or transferred to, our affiliated corporate group entities (entities controlled by, under common control with, or controlling us, directly or indirectly).
3. We may share your general recruitment status with third parties who submitted your candidacy to us. If your details are submitted to the Company by a third-party (such as an employee of the Company or a recruiting agency), the Company can also give the third-party access to your name, photo and some of the general recruitment status.
4. If you apply to a job opening using a unique referral link that was provided to you by an employee of the Company to which you are applying, the Company may share some of your general recruitment status, without identifying you by name, with the person that provided you the referral link.
5. If we are required to disclose your information by a judicial, governmental or regulatory authority to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws) and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order, or with private litigants in response to valid law enforcement process (warrant, subpoena, or court order). 
6. In the event that we sell, transfer, are acquired by, or merged with, or consider any of the foregoing, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your personal data in connection with the foregoing events, including, in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company.
7. We may also share your data internally, as needed, with relevant internal personnel – for example:

1. 1. The Company management and HR teams, consisting of a limited number of individuals.
   2. Individuals performing administrative and IT support functions.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your Personal Data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may need to transfer the Personal Data we collect about you to third parties outside the EEA, in order to perform our contract with you. In order to ensure that your Personal Data does receive an adequate level of protection we transfer data outside of the EEA by using Standard Contractual Clauses approved by the European Commission or other approved data transfer mechanisms, as applicable, which give personal data the same protection it has in Europe. 

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your Personal Data are available in our Data Retention Policy. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee of the Company we will retain and securely destroy your Personal Data in accordance with our data retention policy.

If you have any questions about this privacy notice or how we handle your Personal Data, please contact our appointed Data Protection Officer (DPO):

Eric Weisman 

ericw@tailormed.co

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your candidacy period with us.

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.

If you have any questions about this privacy notice, please contact ericw@tailormed.co.

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your Personal Data are available in our Data Retention Policy. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.