AviLabs Employment Application Privacy Policy
Are you applying for a job with AviLabs? That means you will be untrusting us with your personal data. Your personal privacy is very important to us and this policy applies to the personal data that we at AviLabs collect and process when you apply for a role with us. This Policy explains what personal data we collect about you, how and why we use it, who we disclose it to and how we protect your privacy.
Unfortunately, the policy is rather long as law requires it to be detailed. If you’re in a hurry, the TL;DR version of the policy is: We require your CV and quite a bit of your personal data to evaluate your application for a role with AviLabs. The personal data that we collect about you throughout our application process depends on the role for which you apply to. During our application process, we may share your data to companies that provide services to us (e.g. recruitment agencies). If you are successful, your personal data will be transferred into our HR system to the extent this is necessary for our ongoing employment relationship with you. If you are unsuccessful, we will automatically delete your data when we no longer need it, in accordance with applicable laws. And throughout all this, we will keep your personal data safe.
Any references in this Employment Application Privacy Policy (the “Policy”) to “AviLabs” “we”, “us” or “our” means AviLabs ehf., a company registered in Iceland with registration number no. 5208192150 and registered office at Nóatún 17, 105 Reykjavik, Iceland. When it comes to personal data collected under this policy, AviLabs is the “data controller” for the purposes of the Icelandic Data Protection Act and other data protection laws that apply to us, like the EU General Data Protection regulation (the “GDPR”).
When we use the term “personal data” in this Policy, we mean any information relating to you and through which you can be identified, directly or indirectly, or in combination with other information that we may hold. This could for example be your name, information in your CV or your qualifications. We only collect your personal data where it is necessary for the purposes described in this Policy and in accordance with data protection laws.
We will mainly collect your personal data directly from you, and this will include all the information you provide us with in your CV, your application and your cover letter. If we meet you for an interview, we will also collect the information you provide us with about you in the interview. If you proceed further in our selection process following the interview, we will ask you to send us a copy of your criminal record. We’ll examine your criminal record for the purposes of taking a decision whether to offer you a job – and then we will delete it. We do not keep copies of criminal records. We do believe that we have a legitmate interest in reviewing the criminal records who are offered a job with us both for security reasons and due to the fact that we are operating in accordance with ISO and SOC certifications, that require us to do this.
In addition to all of the above, you will probably be communicating with us throughout your application process. We will collect your communications with us, for example emails or letters that you exchange with us.
We will mainly collect your personal data directly from you. However, in some cases we might collect information about you from third parties:
We don’t really collect personal data that is considered “special categories of personal data” that is subject to additional protection under the GDPR (for example, information revealing your racial or ethnic origin, physical or mental health, religious beliefs or trade union membership). However, it may happen that you send us such information without us asking in your CV or your communications with us. In such instances, we do recognize our legal obligations under article 9 of GDPR.
We will process your personal data in order to assess your application and decide whether you are eligible and suitable for the role for which you have applied, prior to us taking a decision on whether to enter into an employment contract with you. However, to be more detailed, we have identified the following purposes for which we process your data and the lawful basis on which each of these purposes relies:
Purpose | Lawful Basis |
Recruitment and selection. Assessing whether you are a suitable candidate for us. | It is necessary for fulfilling our legitimate interests:
|
Communications. To communicate with you during our application process. | It is necessary for fulfilling our legitimate interests:
|
Reference checks. Perform reference checks to ensure your eligibility for the role (where releveant). | It is necessary for fulfilling our legitimate interests:
|
Criminal checks. Conducting criminal record checks (which you provide to us) and processing information relating to criminal convictions and offences. | This processing is necessary to fulfil our legitimate interest to ensure the safety, security, and integrity of our business operations. This will only take place where it is permitted or required by law. |
If you become an AviLabs employee, we will transfer your data into our HR systems, to the extent it is necessary for our ongoing employment relationship. Following that, our employee privacy policy will take over and govern your personal data. Other information that we do not need will be deleted.
If you are unsuccessful in your application, we will retain your data for 9 months after our selection process is complete. This will be for us to be able to respond to enquiries, complaints or claims and to demonstrate that the selection process was carried our properly. Following that we will delete your data. There may be a possibility that AviLabs would like to retain your information for a longer period of time, e.g. for future employment opportunities with the company. In such instances we will contact you and ask for your permission to retain your information for a longer period.
We are committed to protecting the personal data we hold and we have implemented appropriate technical and organisational measures against unauthorised, accidental or unlawful access, loss, destruction or damage of such data.
In addition, we only allow access to your data to our employees, agents, contractors or other parties who have a business need to know. When we trust third parties to process your data on our behalf, we require that they will protect your data the same way we do and that they comply with appropriate security standards.
We have procedures and policies in place in the event of a security breach related to personal data. Where relevant, we will notify you or our supervisory authority of a security breach when we are under the duty to do so under the GDPR.
In order to fulfil the purposes we have set out above, we may need to disclose part of your data to the following categories of other parties, as appropriate;
You have specific rights under the GDPR that allow you to understand and, to certain extent, control the way we process your personal data:
You can exercise your above rights by contacting our Data Protection Officer. For more information, see section 11 below.
We will modify this Policy when there is a change to the way we process your data and when we need to ensure that the information we provide to you is up to date and in accordance with the relevant data protection laws. Any new version of this Policy will be published on this website.
Questions or comments in relation to this Policy, and/or requests concerning your rights under GDPR, should all be directed to our Data Protection Officer in writing to the following email: dpo@avilabs.is, or to our address: AviLabs ehf., Nóatúni 17, 105 Reykjavík, Iceland.