1. Introduction

This Job Applicant Privacy Notice (“Notice”) describes the steps that Tecan Ltd, Tecan Way, Weymouth,  UK. DT4 1TU (“Company”), part of IDEX Corporation (“IDEX”), takes to protect the Personal Data that we Process about job applicants. The Company is committed to the protection of the Personal Data that we Process about you consistent with the data protection principles set out in all applicable Data  Protection Law. This Notice informs you how we Process your Personal Data if you apply for a position  with Tecan Ltd.

In regard to the Processing of Personal Data of website users, please see our Website Privacy Notice,  which you may access here: www.tecan.co.uk. Please note that in the course of the application process  data may also be processed by the respective operator of the network or platform through which you  came across one of our job postings, such as LinkedIn. For such Processing, the respective operator of  the network or platform is the Data Controller. Please consult the privacy policy of the respective  operator of the respective network or platform for details.

This Notice may be amended from time to time. We will post any change to this Notice a reasonable  period of time in advance of the effective date of the change.

  1.  Definitions

The following terms are used within this Notice and are defined as follows:

Term  Definition
Consent Any freely given, specific, informed and unambiguous indication of the  Data Subject’s wishes by which he/she, by a statement or by a clear  affirmative action, signifies agreement to the specific processing of  his/her Personal Data. It has to be a clear affirmative act (“Opt-In”).  Silence or inactivity are not sufficient. Consent may be withdrawn at any  time with effect for the future.
Data Controller The natural or legal person or other body which alone, or jointly with  others, determines the purposes and means of the Data Processing.
Data Processing Any operation, or set of operations, which is performed on Personal Data  or on sets of Personal Data, whether or not by automated means, such  as collection, recording, organization, structuring, storage, adaptation or  alteration, retrieval, consultation, use, disclosure by transmission,  dissemination or otherwise making available, alignment or combination,  restriction, erasure or destruction.
Data Processor A natural or legal person, public authority, agency or other body, which  processes Personal Data on behalf of the Data Controller

(Article 28 GDPR).

Data Protection Law All applicable state, local and federal/national laws related to data  protection including, but not limited to, GDPR.
Data Protection Officer The person which is appointed by the Company (only where required by  law) to protect the Data Subjects’ rights and to act as the point of contact

 

between the Company and you in order to ensure that the Company  complies with all applicable Data Protection Law.
Data Subject Any person to whom the respective Personal Data refers.
European Economic The Member States of the European Union, plus Norway, Iceland and  Lichtenstein.
GDPR the EU General Data Protection Regulation 2016/679.
Personal Data Any information relating to an identified or identifiable natural person  (Article 4 GDPR).
Sensitive Data Personal Data revealing racial or ethnic origin, political opinions,  religious or philosophical beliefs, or trade union membership, and the  processing of genetic data, biometric data for the purpose of uniquely  identifying a natural person, data concerning health or data concerning a  natural person’s sex life or sexual orientation (Article 9 GDPR).
Supervisory Authority An independent public authority, which is established by a European  Union Member State (Article 51 GDPR) or any other public authority  which is responsible for monitoring the application of Data Protection  Law.

 

  1.  Data Controller

The Company is responsible for Processing your Personal Data.

If you have any questions about this Notice, please contact us at

Tecan Ltd

Tecan Way, Weymouth, UK. DT4 9TU

privacy@IDEXcorp.com

  1.  Categories and Sources of Personal Data Processed

The Company Processes different categories of Personal Data that is provided to us through your  application and during your application process. These may include:

  • Contact and identity details, including name; marital status; gender; nationality; date of birth; home  address; and contact details.
  • Your application documents and any information contained therein, including your CV, cover letter and  certificates; other documentation about your previous work experience, education or similar; and pictures. • Information about your employment history and work related experiences and abilities, including hire  date; termination date and reason; employment status; current level of remuneration; any other  supporting data submitted by candidates or employees; information obtained during reference checks;  previous job applications; evidence of skills/qualifications; and relocation information.
  • Information relating to character and job interests, including work-related and personal interests;  knowledge or skills; and awards or memberships.

 

  • Other personal data you provide during the recruitment process, including our notes from interviews  with you or with other about you; and all correspondence you have with us or a recruitment agency during  the application process.
  • Information on your work authorization status. 
  • Sensitive Data, in certain circumstance, including your racial or ethnic origin; trade union membership;  religious beliefs; or information concerning your health, such as information about a disability for which  the Company needs to make reasonable adjustments during the recruitment process.

We may also obtain the above data about you from other sources, including recruitment agencies, the  references you provide, websites and other publicly available information on the Internet. This includes,  for example, Personal Data that you have made public in the context of an online profile. We may also  receive information that you submit to us through third-party websites, such as LinkedIn.

  1.  Purposes for Data Processing

The Company Processes Personal Data of job applicants for various business purposes that are  necessary:

  • For carrying out your recruitment process, including to process your application; to evaluate your  aptitude for the job opening in regard to capabilities and qualifications; to conduct reference checks as  allowed or demanded by local laws; to respond to your inquiries; and to communicate with you and to  structure the recruitment process based on your needs, e.g. in regard to possible health issues.
  • To carry out the employment relationship, including in regard to HR and performance management upon hire.
  • For the purposes of business process execution and internal management, including for equal  opportunity monitoring and ensuring a disabled-accessible workplace.
  • For IT security and data breach procedures;
  • For compliance with legal obligations including tax regulation; and in relation to obligations addressed  to employers in relation to the work relationship such as confirming the applicant´s eligibility to work in  the respective country of the Company;
  • For business process optimization, including to improve our application process or to optimize other  recruitment processes or diversity programs.
  • For the assertion and defense of legal claims.
  1.  Legal Basis for Processing Personal Data

The Company Processes Personal Data of its job applicants based on multiple different legal bases:

  • Once you have been informed about the intended Processing of your Personal Data and you have provided  your consent This may include foremost your consent to the Processing of your Personal Data by us for  future recruitment activities, such as your inclusion in our internal Talent Pool. The scope of Processing is  then determined by the content of the respective consent. You may withdraw your consent at any time.  The withdrawal of consent will not affect the lawfulness of processing based on your consent before the  withdrawal. Article 6 GDPR.
  • If the Processing of your Personal Data is necessary in order to carry out the contractual relationship between you and us, which might include a pre-contractual employment relationship. Article 6 GDPR. • If the Processing is necessary for the Company to comply with a legal obligation. E.g., court orders the  release of certain information for legal proceedings). Article 6 GDPR.
  • If the Processing is necessary for purposes of the legitimate interests pursued by the Company or by a third  party, except where overridden by your interests or fundamental rights and freedoms which require  protection of Personal Data. These legitimate interests can include:

Management of the recruitment process, including to enable the recruitment process; assessment and  confirmation of suitable candidates for employment; and towards the procurement of a suitable  recruitment strategy and corresponding implementation.

Administrative and management optimization purposes, including business process execution; internal  management optimization; aggregate management reporting or internal training; working climate and  equal opportunities monitoring.

The procurement of evidence for legal proceedings, including the defence against legal claims asserted  against us; the assertion of our legal claims; and prevention of compliance or other legal violations. • In accordance with Article 9 paragraphs 2 or 4 GDPR regarding Sensitive Data.

  1.  Your Rights

The GDPR provides you with rights relating to the Processing of your Personal Data. These rights  include:

  • Request access to Personal Data about you (commonly known as a “data subject access request”). This  enables you to receive information about the Personal Data we hold about you and to check that we are  lawfully Processing it.
  • Request rectification, correction, or updates to Personal Data that we hold about you. This enables you  to correct any incomplete or inaccurate information.
  • Request Personal Data to be transferred in machine-readable format (“data portability”) to the extent  this right is relevant in the employment context.
  • Request erasure of Personal Data. This enables you to request deletion or the removal of Personal Data  where there is no legitimate reason for us to continue to Process it. You also have the right to ask us to  delete or remove Personal Data where you have exercised your right to object to Processing (see below).
  • Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the  Processing of Personal Data about you if you want us to establish its accuracy or the reason for  Processing it.
  • Withdraw consent you have given at any time without affecting the lawfulness of processing based on  consent before its withdrawal.

Object to the Processing of your Personal Data in certain circumstances. 

This right may apply where the Processing of your Personal Data is based on the legitimate  interests of Company, as described in Annex 1, or where decisions about you are based  solely on automated processing, including profiling.  

Notwithstanding, you have the right to object at any time to Processing of your Personal  Data for direct marketing purposes.

These rights are not absolute and are subject to various conditions under Data Protection Law and any  other applicable laws and regulations.

You may exercise these rights by contacting your Privacy Lead (see Section 3). You also have the right to  lodge a complaint with The Information Commissioner’s Office.

  1.  Data Sharing and International Data Transfers: Intra-Group and External Third Parties Intra-group transfers 

As a member of a multinational enterprise operating under a decentralized management structure, the Company may share Personal Data of job applicants with other IDEX affiliates/BUs listed herefor the  purposes set out in this Notice. Please note that the Company only shares Personal Data of job  applicants with those companies where this is covered by a lawful basis for such Processing.  

These transfers are protected by the obligations set out in intra-group agreements that we have entered  into between the various IDEX legal entities. International transfers within the IDEX are governed by EU  Commission-approved Standard Contractual Clauses for Data Controllers and, where relevant, for Data

Processors. You may receive a copy of these Standard Contractual Clauses used in our intra-group  agreements by contacting and requesting same from the Company.

External Third Parties  

The Company may share Personal Data with external vendors whom we engage to perform services or  functions on our behalf and under our instructions. Where applicable, their Processing of your Personal  Data will be subject to the GDPR requirements. The Company will also ensure that its contracts with  these parties ensure they only Process Personal Data in accordance with our instructions and in order to  provide the agreed services and protect the integrity and confidentiality of the Personal Data entrusted  to them, in line with the GDPR requirements.

For the purposes set out in this Notice, we may also disclose your Personal Data to our IT service  providers, auditors, lawyers, consultants, law enforcement, courts and tribunals and other public  authorities, such as tax and social security bodies. Some of these recipients are themselves responsible  to determine the purposes and means of the Processing and for the lawfulness of the Processing on their  end. Where necessary, we will ensure that appropriate contractual measures are in place to ensure the  protection of your Personal Data.

Some of the third parties we engage to Process your Personal Data are located outside the European  Economic Area. We will ensure that these transfers are either:

  • To countries, which fall under an adequacy decision by the EU-Commission and is deemed to provide an  adequate level of protection, currently including Switzerland, Uruguay, Argentina, Japan, Israel, Isle of  Man, New Zealand, Guernsey, Canada, Andorra, Faroe Islands and Jersey; or are
  • Governed by one of the following safeguards: EU Commission-approved Standard Contractual Clauses,  GDPR-compliant Data Processor clauses where the US vendor is certified under the EU-US Privacy Shield  Framework or Binding Corporate Rules approved by an EU data protection authority. You may receive a  copy of these data protection safeguards by contacting us at the contact details given in Section 3above.
  1.  Retention of Personal Data

The Company will keep and Process your Personal Data only for as long as is necessary for the purposes  for which it was collected or for legal obligations. Such legal obligations may arise particularly under tax  and commercial law. If your data is no longer necessary for the fulfilment of contractual or legal  obligations, it will be deleted; unless it is needed to secure, assert or enforce legal claims. In this case, we  will retain the date in accordance with the regular limitation period. During this period, this data is  blocked and is no longer available for any other use.

In general, application data will be deleted six months after the application proceeding has ended at the  latest.

  1.  Statutory/Contractual Requirements

You may choose to not provide us with your Personal Data and/or provide incomplete Personal Data.  However, please be aware that, in certain cases, we may not be able to proceed with your application  process as your Personal Data may be required for administrative purposes and/or to fulfill statutory  requirements.

  1.  Automated Decision-Making and Profiling

Your Personal Data will not be used for automated decision-making and/or profiling.